Analysis

Category Package Started Completed Duration Options Log
URL ie 2019-10-09 12:55:54 2019-10-09 12:59:46 232 seconds Show Options Show Log
route = internet
procdump = 1
2019-10-09 13:55:54,000 [root] INFO: Date set to: 10-09-19, time set to: 12:55:54, timeout set to: 200
2019-10-09 13:55:54,062 [root] DEBUG: Starting analyzer from: C:\jvurd
2019-10-09 13:55:54,062 [root] DEBUG: Storing results at: C:\gERjfXFxt
2019-10-09 13:55:54,062 [root] DEBUG: Pipe server name: \\.\PIPE\vgazUrK
2019-10-09 13:55:54,062 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2019-10-09 13:55:54,062 [root] INFO: Automatically selected analysis package "ie"
2019-10-09 13:55:54,967 [root] DEBUG: Started auxiliary module Browser
2019-10-09 13:55:54,982 [root] DEBUG: Started auxiliary module Curtain
2019-10-09 13:55:54,982 [modules.auxiliary.digisig] DEBUG: Skipping authenticode validation, analysis is not a file.
2019-10-09 13:55:54,982 [root] DEBUG: Started auxiliary module DigiSig
2019-10-09 13:55:54,982 [root] DEBUG: Started auxiliary module Disguise
2019-10-09 13:55:55,013 [root] DEBUG: Started auxiliary module Human
2019-10-09 13:55:55,029 [root] DEBUG: Started auxiliary module Screenshots
2019-10-09 13:55:55,029 [root] DEBUG: Started auxiliary module Sysmon
2019-10-09 13:55:55,029 [root] DEBUG: Started auxiliary module Usage
2019-10-09 13:55:55,029 [root] INFO: Analyzer: Package modules.packages.ie does not specify a DLL option
2019-10-09 13:55:55,029 [root] INFO: Analyzer: Package modules.packages.ie does not specify a DLL_64 option
2019-10-09 13:55:55,263 [lib.api.process] INFO: Successfully executed process from path "C:\Program Files (x86)\Internet Explorer\iexplore.exe" with arguments ""www405.sakura.ne.jp"" with pid 1940
2019-10-09 13:55:58,273 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-10-09 13:55:58,273 [lib.api.process] INFO: 32-bit DLL to inject is C:\jvurd\dll\HaLAseSJ.dll, loader C:\jvurd\bin\FoVaYZI.exe
2019-10-09 13:55:58,335 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\vgazUrK.
2019-10-09 13:55:58,335 [root] DEBUG: Loader: Injecting process 1940 (thread 1728) with C:\jvurd\dll\HaLAseSJ.dll.
2019-10-09 13:55:58,335 [root] DEBUG: Process image base: 0x00840000
2019-10-09 13:55:58,335 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\jvurd\dll\HaLAseSJ.dll.
2019-10-09 13:55:58,335 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x008E6000 - 0x77680000
2019-10-09 13:55:58,335 [root] DEBUG: InjectDllViaIAT: Allocated 0x214 bytes for new import table at 0x008F0000.
2019-10-09 13:55:58,335 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-10-09 13:55:58,335 [root] DEBUG: Successfully injected DLL C:\jvurd\dll\HaLAseSJ.dll.
2019-10-09 13:55:58,335 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1940
2019-10-09 13:56:00,348 [lib.api.process] INFO: Successfully resumed process with pid 1940
2019-10-09 13:56:00,348 [root] INFO: Added new process to list with pid: 1940
2019-10-09 13:56:00,427 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-10-09 13:56:00,427 [root] DEBUG: Process dumps enabled.
2019-10-09 13:56:00,473 [root] INFO: Disabling sleep skipping.
2019-10-09 13:56:00,473 [root] INFO: Disabling sleep skipping.
2019-10-09 13:56:00,473 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-10-09 13:56:00,473 [root] INFO: Disabling sleep skipping.
2019-10-09 13:56:00,473 [root] INFO: Disabling sleep skipping.
2019-10-09 13:56:00,489 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 1940 at 0x74b50000, image base 0x840000, stack from 0x3e2000-0x3f0000
2019-10-09 13:56:00,489 [root] DEBUG: Commandline: C:\Users\user\AppData\Local\Temp\"C:\Program Files (x86)\Internet Explorer\iexplore.exe" "www405.sakura.ne.jp".
2019-10-09 13:56:00,489 [root] INFO: Monitor successfully loaded in process with pid 1940.
2019-10-09 13:56:00,505 [root] DEBUG: DLL unloaded from 0x75A30000.
2019-10-09 13:56:00,536 [root] DEBUG: DLL loaded at 0x740D0000: C:\Windows\system32\IEFRAME (0xa80000 bytes).
2019-10-09 13:56:00,566 [root] DEBUG: DLL loaded at 0x74090000: C:\Windows\system32\OLEACC (0x3c000 bytes).
2019-10-09 13:56:00,582 [root] DEBUG: DLL loaded at 0x73DC0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32 (0x19e000 bytes).
2019-10-09 13:56:00,614 [root] DEBUG: DLL loaded at 0x74080000: C:\Windows\system32\profapi (0xb000 bytes).
2019-10-09 13:56:00,630 [root] DEBUG: DLL loaded at 0x76090000: C:\Windows\syswow64\ws2_32 (0x35000 bytes).
2019-10-09 13:56:00,630 [root] DEBUG: DLL loaded at 0x77830000: C:\Windows\syswow64\NSI (0x6000 bytes).
2019-10-09 13:56:00,644 [root] DEBUG: DLL loaded at 0x74E20000: C:\Windows\system32\dnsapi (0x44000 bytes).
2019-10-09 13:56:00,644 [root] DEBUG: DLL loaded at 0x74060000: C:\Windows\system32\iphlpapi (0x1c000 bytes).
2019-10-09 13:56:00,644 [root] DEBUG: DLL loaded at 0x74050000: C:\Windows\system32\WINNSI (0x7000 bytes).
2019-10-09 13:56:00,644 [root] DEBUG: DLL loaded at 0x75B30000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2019-10-09 13:56:00,661 [root] DEBUG: DLL loaded at 0x73D60000: C:\Windows\System32\netprofm (0x5a000 bytes).
2019-10-09 13:56:00,676 [root] DEBUG: DLL loaded at 0x75130000: C:\Windows\System32\nlaapi (0x10000 bytes).
2019-10-09 13:56:00,691 [root] DEBUG: DLL loaded at 0x751D0000: C:\Windows\system32\CRYPTSP (0x16000 bytes).
2019-10-09 13:56:00,691 [root] DEBUG: DLL loaded at 0x75190000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2019-10-09 13:56:00,691 [root] DEBUG: DLL loaded at 0x74040000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2019-10-09 13:56:00,691 [root] DEBUG: DLL unloaded from 0x73D60000.
2019-10-09 13:56:00,707 [root] DEBUG: DLL loaded at 0x770B0000: C:\Windows\syswow64\comdlg32 (0x7b000 bytes).
2019-10-09 13:56:00,769 [root] DEBUG: DLL loaded at 0x73D80000: C:\Program Files (x86)\Internet Explorer\sqmapi (0x33000 bytes).
2019-10-09 13:56:00,769 [root] DEBUG: DLL unloaded from 0x75C50000.
2019-10-09 13:56:00,769 [root] DEBUG: DLL unloaded from 0x77230000.
2019-10-09 13:56:00,769 [root] DEBUG: DLL unloaded from 0x73D80000.
2019-10-09 13:56:00,769 [root] DEBUG: DLL loaded at 0x74C10000: C:\Windows\system32\ntmarta (0x21000 bytes).
2019-10-09 13:56:00,769 [root] DEBUG: DLL loaded at 0x76240000: C:\Windows\syswow64\WLDAP32 (0x45000 bytes).
2019-10-09 13:56:00,786 [root] DEBUG: DLL unloaded from 0x77860000.
2019-10-09 13:56:00,786 [root] DEBUG: DLL loaded at 0x74030000: C:\Windows\system32\VERSION (0x9000 bytes).
2019-10-09 13:56:00,878 [root] DEBUG: DLL unloaded from 0x760D0000.
2019-10-09 13:56:00,910 [root] DEBUG: DLL loaded at 0x74DC0000: C:\Windows\system32\apphelp (0x4c000 bytes).
2019-10-09 13:56:00,926 [root] INFO: Announced 32-bit process name: iexplore.exe pid: 1964
2019-10-09 13:56:00,926 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-10-09 13:56:00,926 [lib.api.process] INFO: 32-bit DLL to inject is C:\jvurd\dll\HaLAseSJ.dll, loader C:\jvurd\bin\FoVaYZI.exe
2019-10-09 13:56:00,926 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\vgazUrK.
2019-10-09 13:56:00,926 [root] DEBUG: Loader: Injecting process 1964 (thread 1304) with C:\jvurd\dll\HaLAseSJ.dll.
2019-10-09 13:56:00,926 [root] DEBUG: Process image base: 0x00840000
2019-10-09 13:56:00,926 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\jvurd\dll\HaLAseSJ.dll.
2019-10-09 13:56:00,926 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x008E6000 - 0x77680000
2019-10-09 13:56:00,926 [root] DEBUG: InjectDllViaIAT: Allocated 0x214 bytes for new import table at 0x008F0000.
2019-10-09 13:56:00,926 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-10-09 13:56:00,926 [root] DEBUG: Successfully injected DLL C:\jvurd\dll\HaLAseSJ.dll.
2019-10-09 13:56:00,926 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1964
2019-10-09 13:56:00,926 [root] DEBUG: DLL unloaded from 0x00840000.
2019-10-09 13:56:00,926 [root] INFO: Announced 32-bit process name: iexplore.exe pid: 1964
2019-10-09 13:56:00,926 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-10-09 13:56:00,926 [lib.api.process] INFO: 32-bit DLL to inject is C:\jvurd\dll\HaLAseSJ.dll, loader C:\jvurd\bin\FoVaYZI.exe
2019-10-09 13:56:00,941 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\vgazUrK.
2019-10-09 13:56:00,941 [root] DEBUG: Loader: Injecting process 1964 (thread 1304) with C:\jvurd\dll\HaLAseSJ.dll.
2019-10-09 13:56:00,941 [root] DEBUG: Process image base: 0x00840000
2019-10-09 13:56:00,941 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\jvurd\dll\HaLAseSJ.dll.
2019-10-09 13:56:00,941 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2019-10-09 13:56:00,941 [root] DEBUG: Successfully injected DLL C:\jvurd\dll\HaLAseSJ.dll.
2019-10-09 13:56:00,941 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1964
2019-10-09 13:56:00,941 [root] DEBUG: DLL loaded at 0x73D60000: C:\Windows\system32\RASAPI32 (0x52000 bytes).
2019-10-09 13:56:00,941 [root] DEBUG: DLL loaded at 0x73D40000: C:\Windows\system32\rasman (0x15000 bytes).
2019-10-09 13:56:00,941 [root] DEBUG: DLL unloaded from 0x73D60000.
2019-10-09 13:56:00,941 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-10-09 13:56:00,941 [root] DEBUG: Process dumps enabled.
2019-10-09 13:56:00,941 [root] INFO: Disabling sleep skipping.
2019-10-09 13:56:00,941 [root] DEBUG: DLL loaded at 0x73D30000: C:\Windows\system32\rtutils (0xd000 bytes).
2019-10-09 13:56:00,941 [root] DEBUG: DLL unloaded from 0x73D30000.
2019-10-09 13:56:00,941 [root] DEBUG: DLL unloaded from 0x73D40000.
2019-10-09 13:56:00,941 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-10-09 13:56:00,941 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 1964 at 0x74b50000, image base 0x840000, stack from 0x202000-0x210000
2019-10-09 13:56:00,957 [root] DEBUG: Commandline: C:\Users\user\Desktop\"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1940 CREDAT:79873.
2019-10-09 13:56:00,957 [root] INFO: Added new process to list with pid: 1964
2019-10-09 13:56:00,957 [root] INFO: Monitor successfully loaded in process with pid 1964.
2019-10-09 13:56:00,957 [root] DEBUG: DLL unloaded from 0x75A30000.
2019-10-09 13:56:00,957 [root] DEBUG: DLL loaded at 0x740D0000: C:\Windows\system32\IEFRAME (0xa80000 bytes).
2019-10-09 13:56:00,957 [root] DEBUG: DLL loaded at 0x74090000: C:\Windows\system32\OLEACC (0x3c000 bytes).
2019-10-09 13:56:00,957 [root] DEBUG: DLL loaded at 0x73DC0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32 (0x19e000 bytes).
2019-10-09 13:56:00,957 [root] DEBUG: DLL loaded at 0x770B0000: C:\Windows\syswow64\comdlg32 (0x7b000 bytes).
2019-10-09 13:56:00,957 [root] DEBUG: DLL unloaded from 0x77130000.
2019-10-09 13:56:00,957 [root] DEBUG: DLL loaded at 0x73D20000: C:\Windows\system32\sensapi (0x6000 bytes).
2019-10-09 13:56:00,957 [root] DEBUG: DLL loaded at 0x75130000: C:\Windows\system32\NLAapi (0x10000 bytes).
2019-10-09 13:56:00,957 [root] DEBUG: DLL loaded at 0x74E90000: C:\Windows\system32\napinsp (0x10000 bytes).
2019-10-09 13:56:00,957 [root] DEBUG: DLL loaded at 0x74E70000: C:\Windows\system32\pnrpnsp (0x12000 bytes).
2019-10-09 13:56:00,973 [root] DEBUG: DLL loaded at 0x75150000: C:\Windows\System32\mswsock (0x3c000 bytes).
2019-10-09 13:56:00,973 [root] DEBUG: DLL loaded at 0x74E10000: C:\Windows\System32\winrnr (0x8000 bytes).
2019-10-09 13:56:00,973 [root] DEBUG: DLL loaded at 0x75140000: C:\Windows\System32\wshtcpip (0x5000 bytes).
2019-10-09 13:56:00,973 [root] DEBUG: DLL loaded at 0x73CD0000: C:\Windows\System32\wship6 (0x6000 bytes).
2019-10-09 13:56:00,973 [root] DEBUG: DLL loaded at 0x73CC0000: C:\Windows\system32\rasadhlp (0x6000 bytes).
2019-10-09 13:56:00,973 [root] DEBUG: DLL loaded at 0x73C80000: C:\Windows\System32\fwpuclnt (0x38000 bytes).
2019-10-09 13:56:00,973 [root] DEBUG: DLL loaded at 0x73CE0000: C:\Program Files (x86)\Internet Explorer\IEShims (0x35000 bytes).
2019-10-09 13:56:00,987 [root] DEBUG: DLL loaded at 0x73C20000: C:\Windows\System32\netprofm (0x5a000 bytes).
2019-10-09 13:56:00,987 [root] DEBUG: DLL loaded at 0x73C00000: C:\Windows\system32\DHCPCSVC (0x12000 bytes).
2019-10-09 13:56:00,987 [root] DEBUG: DLL loaded at 0x73BF0000: C:\Windows\system32\dhcpcsvc6 (0xd000 bytes).
2019-10-09 13:56:00,987 [root] DEBUG: DLL unloaded from 0x74060000.
2019-10-09 13:56:00,987 [root] DEBUG: DLL unloaded from 0x73C00000.
2019-10-09 13:56:00,987 [root] INFO: Announced 64-bit process name: explorer.exe pid: 1676
2019-10-09 13:56:01,003 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-10-09 13:56:01,003 [lib.api.process] INFO: 64-bit DLL to inject is C:\jvurd\dll\TPCYYaJo.dll, loader C:\jvurd\bin\qqqjbSkh.exe
2019-10-09 13:56:01,003 [root] DEBUG: DLL loaded at 0x74040000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2019-10-09 13:56:01,003 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\vgazUrK.
2019-10-09 13:56:01,003 [root] DEBUG: Loader: Injecting process 1676 (thread 0) with C:\jvurd\dll\TPCYYaJo.dll.
2019-10-09 13:56:01,003 [root] DEBUG: InjectDll: No thread ID supplied. Initial thread ID 1680, handle 0x84
2019-10-09 13:56:01,003 [root] DEBUG: Process image base: 0x00000000FF270000
2019-10-09 13:56:01,003 [root] DEBUG: InjectDllViaIAT: Not a new process, aborting IAT patch
2019-10-09 13:56:01,003 [root] DEBUG: DLL loaded at 0x73BB0000: C:\Program Files (x86)\Internet Explorer\sqmapi (0x33000 bytes).
2019-10-09 13:56:01,003 [root] DEBUG: InjectDll: IAT patching failed, falling back to thread injection.
2019-10-09 13:56:01,003 [root] DEBUG: DLL unloaded from 0x75C50000.
2019-10-09 13:56:01,003 [root] DEBUG: DLL unloaded from 0x77230000.
2019-10-09 13:56:01,003 [root] DEBUG: DLL unloaded from 0x73BB0000.
2019-10-09 13:56:01,003 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-10-09 13:56:01,003 [root] DEBUG: Process dumps enabled.
2019-10-09 13:56:01,003 [root] INFO: Disabling sleep skipping.
2019-10-09 13:56:01,003 [root] DEBUG: DLL loaded at 0x75B30000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2019-10-09 13:56:01,019 [root] DEBUG: DLL loaded at 0x75420000: C:\Windows\syswow64\SETUPAPI (0x19d000 bytes).
2019-10-09 13:56:01,019 [root] DEBUG: DLL loaded at 0x75670000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2019-10-09 13:56:01,019 [root] DEBUG: DLL loaded at 0x756A0000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2019-10-09 13:56:01,019 [root] DEBUG: DLL loaded at 0x739D0000: C:\Windows\system32\propsys (0xf5000 bytes).
2019-10-09 13:56:01,035 [root] DEBUG: DLL unloaded from 0x76430000.
2019-10-09 13:56:01,035 [root] DEBUG: DLL loaded at 0x74C10000: C:\Windows\system32\ntmarta (0x21000 bytes).
2019-10-09 13:56:01,035 [root] DEBUG: DLL loaded at 0x76240000: C:\Windows\syswow64\WLDAP32 (0x45000 bytes).
2019-10-09 13:56:01,051 [root] DEBUG: DLL loaded at 0x74080000: C:\Windows\system32\profapi (0xb000 bytes).
2019-10-09 13:56:01,065 [root] WARNING: Unable to place hook on LockResource
2019-10-09 13:56:01,065 [root] WARNING: Unable to hook LockResource
2019-10-09 13:56:01,098 [root] DEBUG: CAPE initialised: 64-bit base package loaded in process 1676 at 0x0000000073AD0000, image base 0x00000000FF270000, stack from 0x0000000003BB2000-0x0000000003BC0000
2019-10-09 13:56:01,098 [root] DEBUG: Commandline: C:\Windows\explorer.exe.
2019-10-09 13:56:01,098 [root] INFO: Added new process to list with pid: 1676
2019-10-09 13:56:01,098 [root] INFO: Monitor successfully loaded in process with pid 1676.
2019-10-09 13:56:01,098 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2019-10-09 13:56:01,098 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2019-10-09 13:56:01,098 [root] DEBUG: Successfully injected DLL C:\jvurd\dll\TPCYYaJo.dll.
2019-10-09 13:56:01,128 [root] DEBUG: DLL loaded at 0x73BC0000: C:\Windows\system32\IEUI (0x2d000 bytes).
2019-10-09 13:56:01,144 [root] DEBUG: DLL loaded at 0x73BB0000: C:\Windows\system32\MSIMG32 (0x5000 bytes).
2019-10-09 13:56:01,176 [root] DEBUG: DLL loaded at 0x739A0000: C:\Program Files (x86)\Internet Explorer\ieproxy (0x2b000 bytes).
2019-10-09 13:56:01,190 [root] DEBUG: DLL loaded at 0x739D0000: C:\Windows\system32\propsys (0xf5000 bytes).
2019-10-09 13:56:01,207 [root] DEBUG: DLL unloaded from 0x739D0000.
2019-10-09 13:56:01,221 [root] DEBUG: DLL loaded at 0x73990000: C:\Windows\system32\mssprxy (0xc000 bytes).
2019-10-09 13:56:01,237 [root] DEBUG: DLL loaded at 0x73910000: C:\Windows\system32\UxTheme (0x80000 bytes).
2019-10-09 13:56:01,378 [root] DEBUG: DLL loaded at 0x75420000: C:\Windows\syswow64\SETUPAPI (0x19d000 bytes).
2019-10-09 13:56:01,378 [root] DEBUG: DLL loaded at 0x75670000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2019-10-09 13:56:01,378 [root] DEBUG: DLL loaded at 0x756A0000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2019-10-09 13:56:01,394 [root] DEBUG: DLL unloaded from 0x76430000.
2019-10-09 13:56:01,424 [root] DEBUG: DLL loaded at 0x738E0000: C:\Windows\system32\xmllite (0x2f000 bytes).
2019-10-09 13:56:01,533 [root] DEBUG: DLL loaded at 0x73770000: C:\Windows\system32\explorerframe (0x16f000 bytes).
2019-10-09 13:56:01,565 [root] DEBUG: DLL loaded at 0x73740000: C:\Windows\system32\DUser (0x2f000 bytes).
2019-10-09 13:56:01,581 [root] DEBUG: DLL loaded at 0x73680000: C:\Windows\system32\DUI70 (0xb2000 bytes).
2019-10-09 13:56:01,767 [root] DEBUG: DLL loaded at 0x76090000: C:\Windows\syswow64\ws2_32 (0x35000 bytes).
2019-10-09 13:56:01,783 [root] DEBUG: DLL loaded at 0x77830000: C:\Windows\syswow64\NSI (0x6000 bytes).
2019-10-09 13:56:01,783 [root] DEBUG: DLL loaded at 0x74E20000: C:\Windows\system32\dnsapi (0x44000 bytes).
2019-10-09 13:56:01,783 [root] DEBUG: DLL loaded at 0x74060000: C:\Windows\system32\iphlpapi (0x1c000 bytes).
2019-10-09 13:56:01,783 [root] DEBUG: DLL loaded at 0x74050000: C:\Windows\system32\WINNSI (0x7000 bytes).
2019-10-09 13:56:01,783 [root] DEBUG: DLL loaded at 0x751D0000: C:\Windows\system32\CRYPTSP (0x16000 bytes).
2019-10-09 13:56:01,799 [root] DEBUG: DLL loaded at 0x75190000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2019-10-09 13:56:01,799 [root] DEBUG: DLL loaded at 0x739A0000: C:\Program Files (x86)\Internet Explorer\ieproxy (0x2b000 bytes).
2019-10-09 13:56:01,831 [root] DEBUG: DLL loaded at 0x735E0000: C:\Windows\system32\msfeeds (0x96000 bytes).
2019-10-09 13:56:01,878 [root] DEBUG: DLL loaded at 0x74DC0000: C:\Windows\system32\apphelp (0x4c000 bytes).
2019-10-09 13:56:01,892 [root] DEBUG: DLL loaded at 0x74030000: C:\Windows\system32\VERSION (0x9000 bytes).
2019-10-09 13:56:01,892 [root] DEBUG: DLL unloaded from 0x760D0000.
2019-10-09 13:56:01,908 [root] DEBUG: DLL loaded at 0x735B0000: C:\Windows\system32\MLANG (0x2e000 bytes).
2019-10-09 13:56:01,924 [root] DEBUG: DLL loaded at 0x76080000: C:\Windows\syswow64\Normaliz (0x3000 bytes).
2019-10-09 13:56:01,924 [root] DEBUG: DLL loaded at 0x73D60000: C:\Windows\system32\RASAPI32 (0x52000 bytes).
2019-10-09 13:56:01,924 [root] DEBUG: DLL loaded at 0x73D40000: C:\Windows\system32\rasman (0x15000 bytes).
2019-10-09 13:56:01,924 [root] DEBUG: DLL unloaded from 0x73D60000.
2019-10-09 13:56:01,924 [root] DEBUG: DLL loaded at 0x73D30000: C:\Windows\system32\rtutils (0xd000 bytes).
2019-10-09 13:56:01,924 [root] DEBUG: DLL unloaded from 0x77130000.
2019-10-09 13:56:01,924 [root] DEBUG: DLL loaded at 0x73D20000: C:\Windows\system32\sensapi (0x6000 bytes).
2019-10-09 13:56:01,940 [root] DEBUG: DLL unloaded from 0x73D40000.
2019-10-09 13:56:01,940 [root] DEBUG: DLL unloaded from 0x77230000.
2019-10-09 13:56:01,940 [root] DEBUG: DLL unloaded from 0x73D40000.
2019-10-09 13:56:01,940 [root] DEBUG: DLL loaded at 0x75150000: C:\Windows\system32\mswsock (0x3c000 bytes).
2019-10-09 13:56:01,940 [root] DEBUG: DLL loaded at 0x75140000: C:\Windows\System32\wshtcpip (0x5000 bytes).
2019-10-09 13:56:01,940 [root] DEBUG: DLL loaded at 0x76080000: C:\Windows\syswow64\Normaliz (0x3000 bytes).
2019-10-09 13:56:01,956 [root] DEBUG: DLL loaded at 0x75130000: C:\Windows\system32\NLAapi (0x10000 bytes).
2019-10-09 13:56:01,956 [root] DEBUG: DLL loaded at 0x74E90000: C:\Windows\system32\napinsp (0x10000 bytes).
2019-10-09 13:56:01,956 [root] DEBUG: DLL loaded at 0x74E70000: C:\Windows\system32\pnrpnsp (0x12000 bytes).
2019-10-09 13:56:01,956 [root] DEBUG: DLL loaded at 0x74E10000: C:\Windows\System32\winrnr (0x8000 bytes).
2019-10-09 13:56:01,956 [root] DEBUG: DLL loaded at 0x73CD0000: C:\Windows\System32\wship6 (0x6000 bytes).
2019-10-09 13:56:01,956 [root] DEBUG: DLL loaded at 0x73CC0000: C:\Windows\system32\rasadhlp (0x6000 bytes).
2019-10-09 13:56:01,956 [root] DEBUG: DLL loaded at 0x73C80000: C:\Windows\System32\fwpuclnt (0x38000 bytes).
2019-10-09 13:56:01,956 [root] DEBUG: DLL loaded at 0x73C20000: C:\Windows\System32\netprofm (0x5a000 bytes).
2019-10-09 13:56:01,956 [root] DEBUG: DLL loaded at 0x735B0000: C:\Windows\system32\MLANG (0x2e000 bytes).
2019-10-09 13:56:01,956 [root] DEBUG: DLL loaded at 0x73C00000: C:\Windows\system32\DHCPCSVC (0x12000 bytes).
2019-10-09 13:56:01,970 [root] DEBUG: DLL loaded at 0x73BF0000: C:\Windows\system32\dhcpcsvc6 (0xd000 bytes).
2019-10-09 13:56:01,970 [root] DEBUG: DLL unloaded from 0x74060000.
2019-10-09 13:56:01,970 [root] DEBUG: DLL unloaded from 0x73C00000.
2019-10-09 13:56:01,986 [root] DEBUG: DLL loaded at 0x73910000: C:\Windows\system32\UxTheme (0x80000 bytes).
2019-10-09 13:56:02,002 [root] DEBUG: DLL loaded at 0x73590000: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim (0x11000 bytes).
2019-10-09 13:56:02,002 [root] DEBUG: DLL loaded at 0x734F0000: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCR80 (0x9b000 bytes).
2019-10-09 13:56:02,017 [root] DEBUG: DLL loaded at 0x73460000: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCP80 (0x87000 bytes).
2019-10-09 13:56:02,065 [root] DEBUG: DLL loaded at 0x73450000: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper (0x10000 bytes).
2019-10-09 13:56:02,313 [root] DEBUG: DLL loaded at 0x73310000: C:\PROGRA~2\MICROS~1\Office14\URLREDIR (0x91000 bytes).
2019-10-09 13:56:02,313 [root] DEBUG: DLL loaded at 0x73440000: C:\Windows\system32\Secur32 (0x8000 bytes).
2019-10-09 13:56:02,313 [root] DEBUG: DLL loaded at 0x752E0000: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90 (0xa3000 bytes).
2019-10-09 13:56:02,329 [root] DEBUG: DLL loaded at 0x73420000: C:\PROGRA~2\MICROS~1\Office14\MSOHEV (0x14000 bytes).
2019-10-09 13:56:02,377 [root] DEBUG: DLL loaded at 0x73410000: C:\Program Files (x86)\Java\jre7\bin\jp2ssv (0xf000 bytes).
2019-10-09 13:56:02,407 [root] DEBUG: DLL loaded at 0x73250000: C:\Program Files (x86)\Java\jre7\bin\MSVCR100 (0xbe000 bytes).
2019-10-09 13:56:02,424 [root] DEBUG: set_caller_info: Adding region at 0x04330000 to caller regions list (ntdll::LdrLoadDll).
2019-10-09 13:56:02,454 [root] DEBUG: set_caller_info: Adding region at 0x01DB0000 to caller regions list (advapi32::RegOpenKeyExA).
2019-10-09 13:56:02,470 [root] DEBUG: DLL loaded at 0x733B0000: C:\Windows\system32\SXS (0x5f000 bytes).
2019-10-09 13:56:02,579 [root] DEBUG: DLL loaded at 0x73230000: C:\Windows\system32\DWMAPI (0x13000 bytes).
2019-10-09 13:56:02,579 [root] DEBUG: DLL loaded at 0x733B0000: C:\Windows\system32\SXS (0x5f000 bytes).
2019-10-09 13:56:02,611 [root] DEBUG: DLL unloaded from 0x740D0000.
2019-10-09 13:56:02,673 [root] DEBUG: DLL unloaded from 0x77230000.
2019-10-09 13:56:03,282 [root] DEBUG: DLL unloaded from 0x77130000.
2019-10-09 13:56:03,405 [root] WARNING: File at path "C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\favicon[1].ico" does not exist, skip.
2019-10-09 13:56:04,249 [root] DEBUG: DLL unloaded from 0x77130000.
2019-10-09 13:56:05,043 [root] DEBUG: DLL loaded at 0x72C70000: C:\Windows\SysWOW64\mshtml (0x5b7000 bytes).
2019-10-09 13:56:05,059 [root] DEBUG: DLL loaded at 0x72C40000: C:\Windows\SysWOW64\msls31 (0x2a000 bytes).
2019-10-09 13:56:05,121 [root] DEBUG: DLL loaded at 0x72C30000: C:\Windows\system32\msimtf (0xb000 bytes).
2019-10-09 13:56:05,154 [root] DEBUG: RtlDispatchException: Unhandled exception! Address 0x0000000073AE8639, code 0xc0000005, flags 0x0, parameters 0x0 and 0x8.
2019-10-09 13:56:05,168 [root] DEBUG: DLL unloaded from 0x740D0000.
2019-10-09 13:56:05,216 [root] DEBUG: DLL loaded at 0x72C20000: C:\Windows\system32\ImgUtil (0xb000 bytes).
2019-10-09 13:56:05,232 [root] DEBUG: DLL loaded at 0x72C10000: C:\Windows\SysWOW64\pngfilt (0xe000 bytes).
2019-10-09 13:56:05,418 [root] DEBUG: DLL unloaded from 0x760D0000.
2019-10-09 13:56:05,855 [root] DEBUG: DLL unloaded from 0x76430000.
2019-10-09 13:56:05,996 [root] DEBUG: DLL loaded at 0x72A80000: C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus (0x190000 bytes).
2019-10-09 13:56:06,338 [root] DEBUG: DLL unloaded from 0x740D0000.
2019-10-09 13:56:10,910 [root] INFO: Announced 32-bit process name:  pid: 1
2019-10-09 13:56:10,910 [lib.api.process] WARNING: The process with pid 1 is not alive, injection aborted
2019-10-09 13:56:10,910 [root] DEBUG: DLL unloaded from 0x740D0000.
2019-10-09 13:56:11,440 [root] DEBUG: DLL loaded at 0x72940000: C:\Windows\System32\msxml3 (0x133000 bytes).
2019-10-09 13:56:14,263 [root] DEBUG: DLL unloaded from 0x77130000.
2019-10-09 13:56:15,200 [root] DEBUG: DLL unloaded from 0x72C70000.
2019-10-09 13:56:16,354 [root] DEBUG: DLL unloaded from 0x77130000.
2019-10-09 13:56:31,206 [root] DEBUG: DLL unloaded from 0x758D0000.
2019-10-09 13:57:01,891 [root] DEBUG: DLL unloaded from 0x758D0000.
2019-10-09 13:57:03,466 [root] DEBUG: DLL unloaded from 0x77130000.
2019-10-09 13:58:30,733 [root] DEBUG: DLL unloaded from 0x758D0000.
2019-10-09 13:59:22,151 [root] INFO: Analysis timeout hit (200 seconds), terminating analysis.
2019-10-09 13:59:22,151 [root] INFO: Created shutdown mutex.
2019-10-09 13:59:23,164 [lib.api.process] INFO: Successfully received reply to terminate_event, pid 1940
2019-10-09 13:59:23,164 [root] DEBUG: Terminate Event: Attempting to dump process 1940
2019-10-09 13:59:23,164 [root] INFO: Terminate event set for process 1940.
2019-10-09 13:59:23,164 [root] INFO: Terminating process 1940 before shutdown.
2019-10-09 13:59:23,164 [root] INFO: Waiting for process 1940 to exit.
2019-10-09 13:59:23,164 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00840000.
2019-10-09 13:59:23,164 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x00840000.
2019-10-09 13:59:23,164 [root] DEBUG: DumpProcess: Module entry point VA is 0x00001C9A.
2019-10-09 13:59:23,196 [root] INFO: Added new CAPE file to list with path: C:\gERjfXFxt\CAPE\1940_79239138023591293102019
2019-10-09 13:59:23,196 [root] DEBUG: DumpProcess: Module image dump success - dump size 0xa1e00.
2019-10-09 13:59:23,196 [root] WARNING: Unable to access file at path "C:\Users\user\AppData\Local\Temp\~DF69D34181ACB1C5B3.TMP": [Errno 13] Permission denied: u'C:\\Users\\user\\AppData\\Local\\Temp\\~DF69D34181ACB1C5B3.TMP'
2019-10-09 13:59:23,196 [root] WARNING: Unable to access file at path "C:\Users\user\AppData\Local\Temp\~DF773C31D598CB4B02.TMP": [Errno 13] Permission denied: u'C:\\Users\\user\\AppData\\Local\\Temp\\~DF773C31D598CB4B02.TMP'
2019-10-09 13:59:23,226 [root] DEBUG: Terminate Event: CAPE shutdown complete for process 1940
2019-10-09 13:59:24,178 [root] INFO: Terminating process 1964 before shutdown.
2019-10-09 13:59:24,178 [lib.api.process] INFO: Successfully received reply to terminate_event, pid 1676
2019-10-09 13:59:24,178 [root] INFO: Terminate event set for process 1676.
2019-10-09 13:59:24,178 [root] INFO: Terminating process 1676 before shutdown.
2019-10-09 13:59:24,178 [root] INFO: Waiting for process 1676 to exit.
2019-10-09 13:59:25,193 [root] INFO: Waiting for process 1676 to exit.
2019-10-09 13:59:26,207 [root] INFO: Waiting for process 1676 to exit.
2019-10-09 13:59:27,220 [root] INFO: Waiting for process 1676 to exit.
2019-10-09 13:59:28,234 [lib.api.process] INFO: Successfully terminated process with pid 1676.
2019-10-09 13:59:28,234 [root] INFO: Waiting for process 1676 to exit.
2019-10-09 13:59:29,249 [root] INFO: Shutting down package.
2019-10-09 13:59:29,249 [root] INFO: Stopping auxiliary modules.
2019-10-09 13:59:29,249 [root] INFO: Finishing auxiliary modules.
2019-10-09 13:59:29,249 [root] INFO: Shutting down pipe server and dumping dropped files.
2019-10-09 13:59:29,249 [root] WARNING: File at path "C:\gERjfXFxt\debugger" does not exist, skip.
2019-10-09 13:59:29,249 [root] WARNING: Monitor injection attempted but failed for process 1.
2019-10-09 13:59:29,249 [root] INFO: Analysis completed.

MalScore

3.0

Suspicious

Machine

Name Label Manager Started On Shutdown On
target-03 target-03 ESX 2019-10-09 12:55:54 2019-10-09 12:59:43

URL Details

URL
www405.sakura.ne.jp

Signatures

Behavioural detection: Executable code extraction
SetUnhandledExceptionFilter detected (possible anti-debug)
Attempts to connect to a dead IP:Port (2 unique times)
IP: 204.79.197.200:80 (United States)
IP: 59.106.13.35:80 (Japan)
Guard pages use detected - possible anti-debugging.
Dynamic (imported) function loading detected
DynamicLoader: iphlpapi.DLL/GetAdaptersAddresses
DynamicLoader: DHCPCSVC.DLL/DhcpRequestParams
DynamicLoader: comctl32.dll/LoadIconWithScaleDown
DynamicLoader: IEUI.dll/InitGadgets
DynamicLoader: ieproxy.dll/DllGetClassObject
DynamicLoader: ieproxy.dll/DllCanUnloadNow
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: propsys.dll/PSGetPropertyKeyFromName
DynamicLoader: UxTheme.dll/OpenThemeData
DynamicLoader: comctl32.dll/
DynamicLoader: UxTheme.dll/IsAppThemed
DynamicLoader: USER32.dll/MsgWaitForMultipleObjectsEx
DynamicLoader: comctl32.dll/ImageList_LoadImageW
DynamicLoader: comctl32.dll/ImageList_GetIconSize
DynamicLoader: UxTheme.dll/IsCompositionActive
DynamicLoader: UxTheme.dll/SetWindowTheme
DynamicLoader: UxTheme.dll/OpenThemeData
DynamicLoader: comctl32.dll/ImageList_Create
DynamicLoader: comctl32.dll/ImageList_ReplaceIcon
DynamicLoader: OLEAUT32.dll/
DynamicLoader: comctl32.dll/ImageList_AddMasked
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: IMM32.DLL/ImmIsIME
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager
DynamicLoader: MSCTF.dll/SetInputScopes2
DynamicLoader: UxTheme.dll/EnableThemeDialogTexture
DynamicLoader: urlmon.dll/
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CreateBindCtx
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: UxTheme.dll/IsThemeActive
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_Size_ExW
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_ExW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ADVAPI32.dll/InitializeSecurityDescriptor
DynamicLoader: ADVAPI32.dll/SetEntriesInAclW
DynamicLoader: ADVAPI32.dll/SetSecurityDescriptorDacl
DynamicLoader: comctl32.dll/
DynamicLoader: ADVAPI32.dll/IsTextUnicode
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: IEUI.dll/CreateGadget
DynamicLoader: IEUI.dll/SetGadgetMessageFilter
DynamicLoader: IEUI.dll/SetGadgetStyle
DynamicLoader: SHELL32.dll/
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: propsys.dll/PSCreateMemoryPropertyStore
DynamicLoader: propsys.dll/PSPropertyBag_WriteStr
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/PropVariantClear
DynamicLoader: OLEAUT32.dll/
DynamicLoader: propsys.dll/PSPropertyBag_WriteGUID
DynamicLoader: propsys.dll/PSPropertyBag_ReadGUID
DynamicLoader: IEUI.dll/SetGadgetRootInfo
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: xmllite.dll/CreateXmlReader
DynamicLoader: comctl32.dll/
DynamicLoader: xmllite.dll/CreateXmlReaderInputWithEncodingName
DynamicLoader: IEUI.dll/FindStdColor
DynamicLoader: IEUI.dll/InvalidateGadget
DynamicLoader: IEUI.dll/SetGadgetParent
DynamicLoader: IEUI.dll/GetGadgetTicket
DynamicLoader: IEUI.dll/SetGadgetRect
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: kernel32.dll/GetThreadUILanguage
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: SHELL32.dll/SHGetInstanceExplorer
DynamicLoader: WININET.dll/InternetSetOptionW
DynamicLoader: USER32.dll/PostMessageW
DynamicLoader: USER32.dll/PeekMessageW
DynamicLoader: USER32.dll/TranslateMessage
DynamicLoader: USER32.dll/DispatchMessageW
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: RPCRT4.dll/RpcBindingToStringBindingW
DynamicLoader: RPCRT4.dll/RpcStringBindingParseW
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/I_RpcBindingInqLocalClientPID
DynamicLoader: RPCRT4.dll/RpcServerInqCallAttributesW
DynamicLoader: RPCRT4.dll/RpcImpersonateClient
DynamicLoader: RPCRT4.dll/RpcRevertToSelf
DynamicLoader: RPCRT4.dll/NdrServerCall2
DynamicLoader: RPCRT4.dll/RpcBindingInqObject
DynamicLoader: IEUI.dll/PeekMessageExW
DynamicLoader: ole32.dll/CoInitialize
DynamicLoader: ole32.dll/RegisterDragDrop
DynamicLoader: msfeeds.dll/MsfeedsCreateInstance
DynamicLoader: SHELL32.dll/SHGetSpecialFolderPathW
DynamicLoader: SHELL32.dll/
DynamicLoader: SHELL32.dll/SHGetFolderPathW
DynamicLoader: SHELL32.dll/SHCreateDirectoryExW
DynamicLoader: WININET.dll/FindFirstUrlCacheContainerW
DynamicLoader: WININET.dll/FindNextUrlCacheContainerW
DynamicLoader: WININET.dll/FindCloseUrlCache
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: MSIMG32.dll/GradientFill
DynamicLoader: GDI32.dll/GetTextExtentExPointWPri
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcBindingSetAuthInfoExW
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: USER32.dll/GetWindowLongW
DynamicLoader: USER32.dll/IsWindow
DynamicLoader: USER32.dll/SendMessageW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: IEUI.dll/WaitMessageEx
DynamicLoader: OLEAUT32.dll/DllGetClassObject
DynamicLoader: OLEAUT32.dll/DllCanUnloadNow
DynamicLoader: SXS.DLL/SxsOleAut32MapIIDToProxyStubCLSID
DynamicLoader: ADVAPI32.dll/RegQueryValueW
DynamicLoader: SXS.DLL/SxsOleAut32MapIIDToTLBPath
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: ADVAPI32.dll/RegOpenKeyW
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: SXS.DLL/SxsOleAut32MapConfiguredClsidToReferenceClsid
DynamicLoader: SXS.DLL/SxsOleAut32RedirectTypeLibrary
DynamicLoader: propsys.dll/PSStringFromPropertyKey
DynamicLoader: propsys.dll/PSGetPropertyDescription
DynamicLoader: ole32.dll/PropVariantClear
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: propsys.dll/PropVariantToString
DynamicLoader: propsys.dll/InitPropVariantFromStringAsVector
DynamicLoader: propsys.dll/PSCoerceToCanonicalValue
DynamicLoader: USP10.dll/ScriptIsComplex
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: SHELL32.dll/SHGetKnownFolderPath
DynamicLoader: urlmon.dll/URLDownloadToFileW
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager
DynamicLoader: urlmon.dll/CoInternetCreateZoneManager
DynamicLoader: urlmon.dll/CoInternetIsFeatureEnabledForUrl
DynamicLoader: MSIMG32.dll/AlphaBlend
DynamicLoader: USER32.dll/CharLowerW
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptCreateHash
DynamicLoader: CRYPTSP.dll/CryptHashData
DynamicLoader: CRYPTSP.dll/CryptGetHashParam
DynamicLoader: CRYPTSP.dll/CryptDestroyHash
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: CRYPT32.dll/CryptUnprotectData
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: CRYPTBASE.dll/SystemFunction041
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: urlmon.dll/CreateUri
DynamicLoader: OLEAUT32.dll/
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoW
DynamicLoader: ole32.dll/PropVariantClear
DynamicLoader: RPCRT4.dll/UuidCreateSequential
DynamicLoader: ole32.dll/StgOpenStorageEx
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ADVAPI32.dll/EventWrite
DynamicLoader: ADVAPI32.dll/EventRegister
DynamicLoader: ADVAPI32.dll/EventUnregister
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/SetProcessDEPPolicy
DynamicLoader: USER32.dll/SetProcessDPIAware
DynamicLoader: SHELL32.dll/SetCurrentProcessExplicitAppUserModelID
DynamicLoader: USER32.dll/GetShellWindow
DynamicLoader: USER32.dll/GetWindowThreadProcessId
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: IEFRAME.dll/
DynamicLoader: kernel32.dll/WerSetFlags
DynamicLoader: comctl32.dll/PropertySheetW
DynamicLoader: comctl32.dll/PropertySheetA
DynamicLoader: comdlg32.dll/PageSetupDlgW
DynamicLoader: comdlg32.dll/PrintDlgW
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: IEShims.dll/IEShims_Initialize
DynamicLoader: kernel32.dll/VirtualProtect
DynamicLoader: USER32.dll/SetWindowsHookExW
DynamicLoader: USER32.dll/FindWindowExA
DynamicLoader: kernel32.dll/WaitForSingleObject
DynamicLoader: USER32.dll/GetWindowThreadProcessId
DynamicLoader: kernel32.dll/CreateProcessW
DynamicLoader: kernel32.dll/CreateProcessA
DynamicLoader: ADVAPI32.dll/RegQueryValueA
DynamicLoader: ntdll.dll/LdrRegisterDllNotification
DynamicLoader: ole32.dll/CoGetApartmentType
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: comctl32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoGetMalloc
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: kernel32.dll/WerRegisterMemoryBlock
DynamicLoader: kernel32.dll/WerUnregisterMemoryBlock
DynamicLoader: USER32.dll/RegisterWindowMessageW
DynamicLoader: RPCRT4.dll/RpcServerUseProtseqW
DynamicLoader: RPCRT4.dll/RpcServerRegisterIfEx
DynamicLoader: RpcRtRemote.dll/I_RpcExtInitializeExtensionPoint
DynamicLoader: RPCRT4.dll/RpcServerInqBindings
DynamicLoader: RPCRT4.dll/RpcEpRegisterW
DynamicLoader: RPCRT4.dll/RpcServerListen
DynamicLoader: SHELL32.dll/SHGetInstanceExplorer
DynamicLoader: USER32.dll/RegisterClassExW
DynamicLoader: USER32.dll/CreateWindowExW
DynamicLoader: USER32.dll/DefWindowProcW
DynamicLoader: USER32.dll/SetWindowLongW
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: USER32.dll/MsgWaitForMultipleObjectsEx
DynamicLoader: urlmon.dll/
DynamicLoader: SHELL32.dll/SHGetFolderPathW
DynamicLoader: ADVAPI32.dll/TraceMessage
DynamicLoader: ADVAPI32.dll/TraceMessageVa
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: sqmapi.dll/SqmGetSession
DynamicLoader: sqmapi.dll/SqmEndSession
DynamicLoader: sqmapi.dll/SqmStartSession
DynamicLoader: sqmapi.dll/SqmStartUpload
DynamicLoader: sqmapi.dll/SqmWaitForUploadComplete
DynamicLoader: sqmapi.dll/SqmSet
DynamicLoader: sqmapi.dll/SqmSetBool
DynamicLoader: sqmapi.dll/SqmSetBits
DynamicLoader: sqmapi.dll/SqmSetString
DynamicLoader: sqmapi.dll/SqmIncrement
DynamicLoader: sqmapi.dll/SqmSetIfMax
DynamicLoader: sqmapi.dll/SqmSetIfMin
DynamicLoader: sqmapi.dll/SqmAddToAverage
DynamicLoader: sqmapi.dll/SqmAddToStreamDWord
DynamicLoader: sqmapi.dll/SqmAddToStreamString
DynamicLoader: sqmapi.dll/SqmSetAppId
DynamicLoader: sqmapi.dll/SqmSetAppVersion
DynamicLoader: sqmapi.dll/SqmSetMachineId
DynamicLoader: sqmapi.dll/SqmSetUserId
DynamicLoader: sqmapi.dll/SqmCreateNewId
DynamicLoader: sqmapi.dll/SqmReadSharedMachineId
DynamicLoader: sqmapi.dll/SqmReadSharedUserId
DynamicLoader: sqmapi.dll/SqmWriteSharedMachineId
DynamicLoader: sqmapi.dll/SqmWriteSharedUserId
DynamicLoader: sqmapi.dll/SqmIsWindowsOptedIn
DynamicLoader: ADVAPI32.dll/OpenThreadToken
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CreateBindCtx
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_Size_ExW
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_ExW
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: ADVAPI32.dll/InitializeSecurityDescriptor
DynamicLoader: ADVAPI32.dll/SetEntriesInAclW
DynamicLoader: ntmarta.dll/GetMartaExtensionInterface
DynamicLoader: ADVAPI32.dll/SetSecurityDescriptorDacl
DynamicLoader: ADVAPI32.dll/IsTextUnicode
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: SHELL32.dll/
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: sechost.dll/ConvertSidToStringSidW
DynamicLoader: profapi.dll/
DynamicLoader: propsys.dll/PSCreateMemoryPropertyStore
DynamicLoader: propsys.dll/PSPropertyBag_WriteStr
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/PropVariantClear
DynamicLoader: OLEAUT32.dll/
DynamicLoader: propsys.dll/PSPropertyBag_WriteGUID
DynamicLoader: propsys.dll/PSPropertyBag_ReadGUID
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcBindingSetAuthInfoExW
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: USER32.dll/PostMessageW
DynamicLoader: USER32.dll/PeekMessageW
DynamicLoader: USER32.dll/TranslateMessage
DynamicLoader: USER32.dll/DispatchMessageW
DynamicLoader: USER32.dll/GetWindowLongW
DynamicLoader: WININET.dll/InternetSetOptionW
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: sechost.dll/LookupAccountNameLocalW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: ADVAPI32.dll/LookupAccountSidW
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptGenRandom
DynamicLoader: ole32.dll/NdrOleInitializeExtension
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ieproxy.dll/DllGetClassObject
DynamicLoader: ieproxy.dll/DllCanUnloadNow
DynamicLoader: SHELL32.dll/SHChangeNotifyRegisterThread
DynamicLoader: comctl32.dll/
DynamicLoader: IEShims.dll/IEShims_SetRedirectRegistryForThread
DynamicLoader: RPCRT4.dll/RpcBindingToStringBindingW
DynamicLoader: RPCRT4.dll/RpcStringBindingParseW
DynamicLoader: RPCRT4.dll/I_RpcBindingInqLocalClientPID
DynamicLoader: RPCRT4.dll/RpcServerInqCallAttributesW
DynamicLoader: RPCRT4.dll/RpcImpersonateClient
DynamicLoader: RPCRT4.dll/RpcRevertToSelf
DynamicLoader: RPCRT4.dll/NdrServerCall2
DynamicLoader: RPCRT4.dll/RpcBindingInqObject
DynamicLoader: apphelp.dll/ApphelpCheckShellObject
DynamicLoader: urlmon.dll/CreateUri
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: ADVAPI32.dll/AddMandatoryAce
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
DynamicLoader: VERSION.dll/GetFileVersionInfoW
DynamicLoader: VERSION.dll/VerQueryValueW
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoW
DynamicLoader: urlmon.dll/CreateURLMonikerEx
DynamicLoader: urlmon.dll/CreateAsyncBindCtxEx
DynamicLoader: urlmon.dll/RegisterBindStatusCallback
DynamicLoader: urlmon.dll/UrlMkGetSessionOption
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: RASAPI32.dll/RasConnectionNotificationW
DynamicLoader: sechost.dll/OpenServiceA
DynamicLoader: sechost.dll/NotifyServiceStatusChangeA
DynamicLoader: NLAapi.dll/NSPStartup
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: MLANG.dll/
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager
DynamicLoader: urlmon.dll/
DynamicLoader: iphlpapi.DLL/GetAdaptersAddresses
DynamicLoader: DHCPCSVC.DLL/DhcpRequestParams
DynamicLoader: urlmon.dll/
DynamicLoader: comctl32.dll/ImageList_Destroy
DynamicLoader: comctl32.dll/ImageList_LoadImageW
DynamicLoader: comctl32.dll/ImageList_Add
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoExW
DynamicLoader: MLANG.dll/
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoExA
DynamicLoader: UxTheme.dll/OpenThemeData
DynamicLoader: comctl32.dll/
DynamicLoader: UxTheme.dll/IsAppThemed
DynamicLoader: WININET.dll/InternetQueryOptionA
DynamicLoader: GDI32.dll/GetLayout
DynamicLoader: GDI32.dll/GdiRealizationInfo
DynamicLoader: GDI32.dll/FontIsLinked
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
DynamicLoader: GDI32.dll/GetTextFaceAliasW
DynamicLoader: ADVAPI32.dll/RegEnumValueW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: GDI32.dll/GetFontAssocStatus
DynamicLoader: ADVAPI32.dll/RegQueryValueExA
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
DynamicLoader: GDI32.dll/GetTextFaceAliasW
DynamicLoader: ole32.dll/CoInitialize
DynamicLoader: ole32.dll/RegisterDragDrop
DynamicLoader: UxTheme.dll/SetWindowTheme
DynamicLoader: UxTheme.dll/IsThemeActive
DynamicLoader: UxTheme.dll/OpenThemeData
DynamicLoader: GDI32.dll/GetTextExtentExPointWPri
DynamicLoader: urlmon.dll/
DynamicLoader: apphelp.dll/ApphelpCheckShellObject
DynamicLoader: kernel32.dll/FindActCtxSectionStringW
DynamicLoader: kernel32.dll/GetSystemWindowsDirectoryW
DynamicLoader: AcroIEHelper.dll/StubInit
DynamicLoader: AcroIEHelper.dll/StubSetSite
DynamicLoader: AcroIEHelper.dll/StubOnQuit
DynamicLoader: ADVAPI32.dll/RegOpenKeyExA
DynamicLoader: ADVAPI32.dll/RegEnumKeyA
DynamicLoader: ADVAPI32.dll/RegQueryValueExA
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegEnumKeyExA
DynamicLoader: ADVAPI32.dll/RegEnumKeyExA
DynamicLoader: SHLWAPI.dll/PathFileExistsA
DynamicLoader: SHLWAPI.dll/PathFileExistsA
DynamicLoader: SHLWAPI.dll/PathFileExistsA
DynamicLoader: ADVAPI32.dll/RegEnumKeyExA
DynamicLoader: ADVAPI32.dll/RegQueryValueA
DynamicLoader: SXS.DLL/SxsOleAut32RedirectTypeLibrary
DynamicLoader: ADVAPI32.dll/RegOpenKeyW
DynamicLoader: ADVAPI32.dll/RegQueryValueW
DynamicLoader: SXS.DLL/SxsOleAut32MapConfiguredClsidToReferenceClsid
DynamicLoader: comctl32.dll/ImageList_Create
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/ImageList_AddMasked
DynamicLoader: comctl32.dll/LoadIconWithScaleDown
DynamicLoader: comctl32.dll/ImageList_ReplaceIcon
DynamicLoader: urlmon.dll/RevokeBindStatusCallback
DynamicLoader: urlmon.dll/CreateFormatEnumerator
DynamicLoader: OLEAUT32.dll/DllGetClassObject
DynamicLoader: OLEAUT32.dll/DllCanUnloadNow
DynamicLoader: urlmon.dll/CreateIUriBuilder
DynamicLoader: urlmon.dll/IntlPercentEncodeNormalize
DynamicLoader: OLEAUT32.dll/
DynamicLoader: USER32.dll/ChangeWindowMessageFilter
DynamicLoader: DWMAPI.DLL/DwmSetWindowAttribute
DynamicLoader: USER32.dll/IsWindow
DynamicLoader: USER32.dll/SendMessageW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: UxTheme.dll/BufferedPaintInit
DynamicLoader: UxTheme.dll/BufferedPaintRenderAnimation
DynamicLoader: UxTheme.dll/BeginBufferedAnimation
DynamicLoader: UxTheme.dll/DrawThemeParentBackground
DynamicLoader: UxTheme.dll/EndBufferedAnimation
DynamicLoader: GDI32.dll/GdiIsMetaPrintDC
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: IMM32.DLL/ImmGetContext
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager
DynamicLoader: urlmon.dll/CoInternetCreateZoneManager
DynamicLoader: urlmon.dll/CoInternetIsFeatureEnabledForUrl
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoA
DynamicLoader: urlmon.dll/CoInternetQueryInfo
DynamicLoader: WININET.dll/CommitUrlCacheEntryA
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: IEFRAME.dll/
DynamicLoader: urlmon.dll/RegisterFormatEnumerator
DynamicLoader: urlmon.dll/CoInternetCreateZoneManager
DynamicLoader: urlmon.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/VariantClear
DynamicLoader: IEFRAME.dll/
DynamicLoader: WININET.dll/InternetUnlockRequestFile
DynamicLoader: WININET.dll/SetUrlCacheEntryInfoA
DynamicLoader: urlmon.dll/CoInternetIsFeatureEnabled
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: UxTheme.dll/IsAppThemed
DynamicLoader: OLEAUT32.dll/BSTR_UserSize
DynamicLoader: OLEAUT32.dll/BSTR_UserMarshal
DynamicLoader: OLEAUT32.dll/BSTR_UserUnmarshal
DynamicLoader: OLEAUT32.dll/BSTR_UserFree
DynamicLoader: OLEAUT32.dll/VARIANT_UserSize
DynamicLoader: OLEAUT32.dll/VARIANT_UserMarshal
DynamicLoader: OLEAUT32.dll/VARIANT_UserUnmarshal
DynamicLoader: OLEAUT32.dll/VARIANT_UserFree
DynamicLoader: OLEAUT32.dll/LPSAFEARRAY_UserSize
DynamicLoader: OLEAUT32.dll/LPSAFEARRAY_UserMarshal
DynamicLoader: OLEAUT32.dll/LPSAFEARRAY_UserUnmarshal
DynamicLoader: OLEAUT32.dll/LPSAFEARRAY_UserFree
DynamicLoader: CRYPT32.dll/CryptStringToBinaryW
DynamicLoader: SHELL32.dll/SHGetFolderPathW
DynamicLoader: ImgUtil.dll/DecodeImage
DynamicLoader: kernel32.dll/GetThreadUILanguage
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: propsys.dll/
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegGetValueW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: propsys.dll/InitPropVariantFromStringAsVector
DynamicLoader: propsys.dll/PSCoerceToCanonicalValue
DynamicLoader: propsys.dll/PropVariantToStringAlloc
DynamicLoader: urlmon.dll/
DynamicLoader: WININET.dll/FindFirstUrlCacheContainerA
DynamicLoader: WININET.dll/FindNextUrlCacheContainerA
DynamicLoader: WININET.dll/FindCloseUrlCache
DynamicLoader: WININET.dll/CreateUrlCacheContainerA
DynamicLoader: WININET.dll/CommitUrlCacheEntryW
DynamicLoader: WININET.dll/InternetGetConnectedState
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/URLDownloadToCacheFileW
DynamicLoader: urlmon.dll/
DynamicLoader: DWMAPI.DLL/DwmInvalidateIconicBitmaps
DynamicLoader: gdiplus.dll/GdiplusStartup
DynamicLoader: kernel32.dll/IsProcessorFeaturePresent
DynamicLoader: USER32.dll/GetWindowInfo
DynamicLoader: USER32.dll/GetAncestor
DynamicLoader: USER32.dll/GetMonitorInfoA
DynamicLoader: USER32.dll/EnumDisplayMonitors
DynamicLoader: USER32.dll/EnumDisplayDevicesA
DynamicLoader: GDI32.dll/ExtTextOutW
DynamicLoader: GDI32.dll/GdiIsMetaPrintDC
DynamicLoader: gdiplus.dll/GdipAlloc
DynamicLoader: gdiplus.dll/GdipCreateBitmapFromHBITMAP
DynamicLoader: gdiplus.dll/GdipCreateImageAttributes
DynamicLoader: gdiplus.dll/GdipSetImageAttributesWrapMode
DynamicLoader: gdiplus.dll/GdipCreateFromHDC
DynamicLoader: gdiplus.dll/GdipSetPageUnit
DynamicLoader: gdiplus.dll/GdipSetPixelOffsetMode
DynamicLoader: gdiplus.dll/GdipSetCompositingMode
DynamicLoader: gdiplus.dll/GdipSetCompositingQuality
DynamicLoader: gdiplus.dll/GdipSetInterpolationMode
DynamicLoader: gdiplus.dll/GdipSetClipRectI
DynamicLoader: gdiplus.dll/GdipDrawImageRectRect
DynamicLoader: gdiplus.dll/GdipDeleteGraphics
DynamicLoader: gdiplus.dll/GdipDisposeImageAttributes
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoUninitialize

Screenshots


Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States
N 59.106.13.35 [VT] Japan
N 204.79.197.200 [VT] United States

DNS

Name Response Post-Analysis Lookup
www.bing.com [VT] CNAME dual-a-0001.a-msedge.net [VT]
CNAME a-0001.a-afdentry.net.trafficmanager.net [VT]
A 204.79.197.200 [VT]
A 13.107.21.200 [VT]
www405.sakura.ne.jp [VT] A 59.106.13.35 [VT]

Summary

Process Tree


iexplore.exe, PID: 1940, Parent PID: 252
Full Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Command Line: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" "www405.sakura.ne.jp"
iexplore.exe, PID: 1964, Parent PID: 1940
Full Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Command Line: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1940 CREDAT:79873
explorer.exe, PID: 1676, Parent PID: 1632
Full Path: C:\Windows\explorer.exe
Command Line: C:\Windows\Explorer.EXE

Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States
N 59.106.13.35 [VT] Japan
N 204.79.197.200 [VT] United States

TCP

Source Source Port Destination Destination Port
192.168.35.23 49166 204.79.197.200 www.bing.com 80
192.168.35.23 49172 59.106.13.35 www405.sakura.ne.jp 80
192.168.35.23 49178 59.106.13.35 www405.sakura.ne.jp 80

UDP

Source Source Port Destination Destination Port
192.168.35.23 51242 8.8.8.8 53
192.168.35.23 56286 8.8.8.8 53

DNS

Name Response Post-Analysis Lookup
www.bing.com [VT] CNAME dual-a-0001.a-msedge.net [VT]
CNAME a-0001.a-afdentry.net.trafficmanager.net [VT]
A 204.79.197.200 [VT]
A 13.107.21.200 [VT]
www405.sakura.ne.jp [VT] A 59.106.13.35 [VT]

HTTP Requests

URI Data
http://www.bing.com/favicon.ico
GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.bing.com
Connection: Keep-Alive

http://www405.sakura.ne.jp/
GET / HTTP/1.1
Accept: */*
Accept-Language: en-gb
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www405.sakura.ne.jp
Connection: Keep-Alive

http://www405.sakura.ne.jp/favicon.ico
GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www405.sakura.ne.jp
Connection: Keep-Alive

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

File name search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Associated Filenames
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
File Size 237 bytes
File Type PNG image data, 16 x 16, 4-bit colormap, non-interlaced
MD5 9fb559a691078558e77d6848202f6541
SHA1 ea13848d33c2c7f4f4baa39348aeb1dbfad3df31
SHA256 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
CRC32 FC87942A
Ssdeep 6:6v/lhPIF6R/C+u1fXNg1XQ3yslRtNO+cKvAElRApGCp:6v/7b/C1fm1ZslRTvAElR47
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name index.dat
Associated Filenames
C:\Users\user\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
File Size 262144 bytes
File Type Internet Explorer cache file version Ver 5.2
MD5 ddbecc908f2912f29cbc33167cbc761c
SHA1 bd6802a9c64297c31c41ccb0e60eb51077fe30fd
SHA256 e69ea3946826728a51fc5ee78a9272d77514179310342224c6cc111267b6b49d
CRC32 1DF8D0A8
Ssdeep 768:pFFwZHofW9CFWNw3fcOIkim+GYZxWSDG:rFwZIfW9AWmvcOITm+GYZxWsG
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name index.dat
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Feeds Cache\index.dat
File Size 32768 bytes
File Type Internet Explorer cache file version Ver 5.2
MD5 077eb5d924c84ec41447ad7795b38734
SHA1 e3b4793862bb370db5ddd3cb5e607034172336e1
SHA256 06813b4ee292b191c05cb15febfba874e7f4caac47a8c3081041a20880708209
CRC32 E2F624C0
Ssdeep 48:q3xbTpYVfruSYufruXYsfAjYmeKZ6MYCI:qZTuVfrutufruIsfAc26Lv
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name www405_sakura_ne_jp[1].htm
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\www405_sakura_ne_jp[1].htm
File Size 22504 bytes
File Type HTML document, UTF-8 Unicode text
MD5 9465fe2277e565a23bbe1233487cc994
SHA1 ebdbec2595e06c30fe0137c494a404ef1650194f
SHA256 4e445c40f7a7bd5dec32d2737ec4c2d94b2efc8fe8b542674f59662215655b6a
CRC32 5A66D12A
Ssdeep 384:VB0Q8OZvGkvLkV0X2Qmm2VBFbkXzynnbe8Qf8H91t4aabbVEth6MI7u:ViQRvGkvL3xZqb4RPO1tuKtUy
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <html lang="ja">
  <head>
   <meta http-equiv="content-type" content="text/html; charset=utf-8">
   <meta http-equiv="Pragma" content="no-cache">
   <meta http-equiv="Expires" content="">
     <title>\xe3\x81\x95\xe3\x81\x8f\xe3\x82\x89\xe3\x81\xae\xe3\x83\xac\xe3\x83\xb3\xe3\x82\xbf\xe3\x83\xab\xe3\x82\xb5\xe3\x83\xbc\xe3\x83\x90</title>
      <style type=text/css>
	h4{
		color: #FF0000;
	}
	h5{
		color: #333333;
	}
	.sakurabody{
		width:450;
		height:50;
	}
	.bod{
		text-align:left;
		width:400;
		font-size: 12px;
		line-height: 140%;
		color: #555555;
	}
	.sig{
		font-size: 10px;
		line-height: 140%;
		color: #999999;
	}
      </style>
  </head>
  <body bgcolor="#ffffff" text="#000000">
    <div align="center">
    <div class="sakurabody">
    <p>
    <img src="data:image/png;base64,
iVBORw0KGgoAAAANSUhEUgAAAlgAAABsCAIAAAA5cFsZAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFn
ZVJlYWR5ccllPAAAO0VJREFUeNrsfed3HEeSZyW89x6EBwhHAgQJGpCipyhSdDKURJnRzM7c7ofb927/
hft29+7b3e7d3u3dvNXMiBIlipLoRBl6b0GC8N57jwYaHnlR1a6qMqu6qrobNMjfw3CgRldVVmZk/CIi
IyMRxph7dWGa4roHufY+bnCEG5/kJqa4hUXOC3FLmAsO5MKCuegILjGaS03kYiM4Xx+OgYGBgYFBileT
G/qGufJ6rqoRN3WjCRNPe8j2JxmtI+ETH28uJYHLS+fW53F5aZy/Hxt4BgYGBgYrUbxKHuH8Avesgbv+
hKts5GbmJFSHaCxo/6v4d/AO3yjmdpRwUeFs+BkYGBgYXh0ivPecu3CLa+qUE54SBcqIUPwLICKU27uZ
O1jGhQYzIWBgYGBgRPhyo6OPO/UL97hWTnvqvqCMCxGNPhNiuPf3cTvWMTlgYGBgYET4UgLa9tNd7ttf
uelZuYen4g6K1wuR6BdMi5QCdq7nfvc2FxbCpIGBgYGBEeHLBJOZ+/OPfESUpC6lgCcW/oeQgwiVfERO
6lmmJHL/8TiXmcwEgoGBgYER4cuBvmHun7/hGjsoVKfi8HGcouOonkcDv4aFon88zpXkMplgYGBgYET4
4lkQ/5cvUO+gCm9RPldZLJT9SelW/r7cfzrBbSxkYsHAwMCwcuD10rVocJT7rxpYkNw4iKWMaP8acpZK
Y//+3DzvhlY2MbFgYGBgYET4gmCe4f7lWw5YEBEspeTe2T9BNMrENBZU4kX4fGYO/49TXM8gkwwGBgYG
RoQvAv9+jqttpZAWlvKinR0RlhObuvPHES4jlnMqGp/k/vlbbnaeCQcDAwMDI8LlxQ/XuRvlDnKi7pSQ
URdGcqeQjItyHD3jRokX4T9bOrmTl5hwMDAwMDAiXEaU13Hf/ConPDGfYRqHkY4j5hQdSo7mCCJaY+BP
v9zjqluYfDAwMDAwIlwWdPbj/3WaW1qikxYndRCpbqIS2yEplepYL8Tcl5f46qYMDAwMDIwIPQvzDPc/
T6OJKStdkUFLTPhtMi4kI6JKbKcSDrV/bnc6mzu52xVMRBgYGBgYEXoS4Hj9n++51i6Jx0ZlPizlPCT6
HNM2V8g2TmDiQtl/cgT7Ai7cYlkzDAwMDIwIPYnvr1mLqGGp94alGS5i2iMJjyO+xtFWAcnlQ0TzDsXo
7OOe1jEpYWBgYGBE6BkABX77m/xD+QYJgtLUvUaSzzDNQVRiVo64+c1yJiUMDAwMjAg9gI4+7v/+wIdG
Ec2945QTW5DCVgqk8CAZ52FV2iPdx+oWbmiMCQoDAwMDI0K3YmKS+++nuMlpOvMhwuFDtMIxKvsfkPI2
DJmbyNFyc8QfzsxyzxqYoDAwMDAwInQflpa4f/uBX37TkuqJiYgopxzPlPl/SPkLMh9RZVsF/FLTzASF
gYGBgRGh+3DqV+5hNYWNOCIFVMZqyBn/IYVya1oOsucUlwxxUzc3O8dkhYGBgYERoTtw6xn343UJPyFt
JKdyvpL6J5w01kp6iirl2YRP0NAoNzLBZIWBgYGBEaHLaO7iD53naGWvlcpqk2Sm/gUVOsQKrIltf8YK
DuLiIn9QMAMDAwMDI0KXMGbi/uUbbnrGCSeRuS3U/RJY4UheTDuAkJoXijhJzioZYhX7iAOjTFYYGBgY
Xkv4LNNzwKn632e47kE1L83pGfRUesPKNyFJDivfREyz5O7+sUkmKwwMDAzMI3QBJ3/mz5fgCIrilCti
KxXXVvqOlr/Kd2sgiq+JaIS6yKpvMzAwMDAiNIyKRu7ibUWKUj8OiVNY+VNJsdH1IKVMHBk7jjOPkIGB
gYERoTFgzF26w//rFCplZVSKwjhvgPRfrOcOdpoM8GOywsDAwMCI0BAmpnBLj8SNk9EeUj4mV6n6msqG
CvKEJiWuVbondUExKIDJCgMDAwMjQoNEiMYmKCwly9JUcdcQ7csq3qT4cqxwBiGncJaFEqEG+DNZYWBg
YGBEaOwJiPP2pvMWIjYRKn3HTk5Os2aopdqQMh2SvEj9QmQ4kxUGBgYGRoSGEBGKI8PktEQthM3RimWT
Jys59eSoKalKVIcUSpKKvwCfxEcyWWFgYGBgRGgIwYGoMIN+HAQmDhFUP1CCkwZLqafyyk6ucFqem1Pd
ZYGsr8AlRjNZYWBgYGBEaBSHt3O+vooeGMlSWIHelHiRPIYXK/t5WNl3JJnS0pjUBC40mMkKAwMDAyNC
o0hL5P5whCcWaiEYlfKhmLaVEKk6izJ2pN4Z0dJzVFYZs1M4hJisMDAwMLyWWK4Sa/s2cQH++Kuf+ZMc
OOm6HclSWIHhqB4epxDbpNIhSauYeCh5t5JcJigMDAwMjAhdxhvFaG0Wd7+Kq21xFGqRrflhVVePU65H
KvsCUmA7gGmaGxjmzxfEyuQn8lxxQgzKSWGCwsDAwPC6AmEtNV9eJwAFAg1XtXJ3nnKVTXTeFfPou7u5
j99igsLAwMCwsogQPlxcXPTx8XnN3768Dn95CXX1K37B35f7b//EJcYwQWFgYGB4XUFPlunq6h4cHHr9
3359HvrPf89tLLC6g4iTB0m3rGUsyMDAwLDiiHBkZLSnp39qyrwiOiAshPunj7nSAtuioCh1J8CPe2cX
ExEGBgaGlUWEZvN0R0eXlxcCIpybm1sRfeDny/3jh3hVvHyvxcFtXHIcExEGBgaGFUSES0tL7e2d8/Pz
Xl5es7Nz4BqulG4IDkB/d8S6WdCSLJocz9xBBgYGhhVHhH19/SbTJLAg/wcv1N8/ODs7u1J6Ym02tz7f
6hF6e6P/cIwLZCdOMDAwMKwkIpyengHmA/6z/CdCaG5urrOzewXtr3ijxPrLif1cYSYTDgYGBoaVRYS9
vX0LCwtIVEsMXMPR0bH29s6VwoUF6Xx0tKyIO7aTSQYDAwPDCoF1p+DUlBk4zxIUlfCkl9fg4NDS0lJK
SrKvvXD264rQIO7oTu7odiYWDAwMDCsH1g31bW0dAwND3t70bYVAhAEBAYmJ8ZGREd7kKbuvDaArWHFt
BgYGhhVIhHNzczU19bK4KMERPAIDA8PDQ4ODgwMC/H18fNALog0gY9J5ZWBgYGBgMAA+NDo+PmHZMqFG
mAJmZmbM5mkvLwRflrIgVjhFSYUpyUN4sbOzCq3w8/MNDQ2Ni4sFPmZDyMDAwMDgKhGOjY3TqI9yzgOQ
n7c3sjuINGLjNHyo8gVNWTnT0zNTU+aRkdG0tJTIyAg2igwMDAwMhuG1sLAApEIJcrolUdQzoVOBj72h
5S0tbRMTE2wUGRgYGBiMEyGwoPrqoEvw5LYLaPPS0lJnZ/fi4iIbSAYGBgYGg0RoNk8DnbzUbVTmaC8v
vv300C4DAwMDA4MWIhSKqL3EewbUj6RH/JaHyckpNpAMDAwMDAaJcG5u3j1xUeSm78iAnf91YWGBDSQD
AwMDg0EiFBYI3Ud1rrCau57CwMDAwMCgnQjdlmny4sqRBgYGsoFkYGBgYDAGHx1EuDxUp/Mp3t5eERHh
bCAZGF4gRkZGq6vrhoaG/f39MjLSVq/Ofp1rMTK8fkRIXyBEL9LD0w5g8fj4uKAgt3mE8/PzZrN5enoW
fnH0kY8PTO/AwACPup7UTSwYY3g6E1MGuzyAzFPn7AsknvLyisuXr09Pz1j+89Gj8vT0tGPH3mYWKsOr
AlRZWT0zM2s8X+bFUebS0lJISLBbbM/u7t729o7Ozm4wbCcnp2BK2+rmWKu+BQT4AwsGBwdFRUWkpKxK
TIyPi4t143EcP/30a0dHF7FAyrehrGxTcfEaF+/f1NRSWVljq6LnKG4Hfbhjx9bo6CjDd25ubn1eWe2F
HHdeWsK+vj579uwkDZS+vv579x4JZ14icfeCci8tLUlNXeXKOz5/Xg2vaRMGDM2AIdu9+w1/f8U6fMPD
I7du3eOEPanSmn9YtfgfFor0LoGNItTdDYiMDI+MjIiJifYoG4Fxdvr0WaGChKy1fK34I0cOJCUlLv80
bGxs/uqr03xLHKqA75+0tJTf/e4j5hcyvBoeoauS+oJYEIjKz88PDE9X2j83N1dVVfvsWWVXV4+I+TiR
irEqGrAV4Gd0dAy++fx5DehNII/09NS8vByY8C46bcC+T55U0HZz8grl4cMna9cWuFhkvLe3H3iCvDn8
u359kWEi7O7uOXPm/PT0tJQt8P79e8CBJr8PHUg0w6E3XSTC9vZOIHvxJyAhb7yxRYUIJyZMFRVVqmKt
zUBEfNggMgKMpOT8/NUZGWmeIIDW1nZgHakp42Dop08rl58IYdbcvn1f1GeW9iDLcNTXNxYU5L080SPa
VjGMkBdVVhle0ZDJzIzFjZEPNJjFKv4ezF8fuEy3R/hCY6eWBqenp7giwbW19Tdu3OnvH5QSA9L2fG5o
aBh+Hj9+Ctrnww/fCQ8PM9yS6uo6KQtKRrGvb6Cnp3fVqmRXeox2wJaV6REySLHA31IWtLZ8167t4MVS
L6HRufVlXWcOHx/5Hfz8fNXlmmiPnWCQvpLxmFuYXxgcHIKf8vKKxMSELVtKi4oK3Sv2FRXVNPfUCmCd
3bu3u3GZQAvAkugfGCTcZWvPdHR0vTxECCYsiCvZe+HhoZ999qGKtcTwCgEE8uTJ0+C0kBrm978/oWLx
+4DVrPUAejH5uYsFDREqNBiIITzc4AoEsM7ly9fv3XskVStIT6MdFwJLmc1mw0QIjZH6MeKJao1egg/q
IhEq0Y9hTE2Zv/vuLHh4Ms+ptHTdzp3bdEqA22MLBt6OFAOkrdkUAujt7fvhhws1NXUHD77pioUkneET
zc2t0leTvKbJNNnU1FxUtGY59c709AxYAErdsrDwEtU+nJ+fN5lMtK5bwq9CPgSDRr9/bHx8fm7eHvGy
D7R6WigfFtDqDnpCXLCRV42NjUlIiDNMPOfOXbp376GCRsOa24Tsjohhp4oT4l3gRqg/FIx9m+P1suiU
H89eBHUvG8K8vJwDB/YZHX7kPpEycCtkiJWxCjvW1zd9+eW3/f0Dbnmrqqo6IbJnf46MEbHIZVw+REaG
C1EZ+qwJCQ1+eYRWpOXETcVCKIIx4WsC/jwGL2/ajObUac4nKCjwFTrkdnFxKSwsNCXFuHt0+cp1flkI
OkVB+OPi4tLSUqKiIoKCgqDvwPUBvT8yMjowMAT/zszMuNdGqKqqJb1A2W0nTKampta1awvcKDCuXHzx
4q9N/GKVRNTAZ33nnUMaIpxYISHFE69meFyQr6+vn5/v0hImZhpf1W9hYUHIK3YSOx0aGj59+uznn58A
oXXllcB6q66ucbwdJjmb/8+2tg4wqsBMXLb56O/vX1CQ9/DhY7IrfHx8Cl+auKhyEALxI8qqeLxWMHIg
oE9gYCDM+bm5uRd13LyO98M4IMDflUyEtrb2+3xEFHMY0Sgwds+e7Tk5WUqWwejoWGdnd3V1XUtLG2hC
ERMY7DqTaRL8BueTFoOxX+VWIjSOy5cFS0L6ytHRUcePH9Wx0MIHLZBn5gAyFO6WY/PmDZs3lyrVo5+e
npmYmOjt7W9oaOru7qU9y/qfw8Mjly799tFH77nyViB1PT39oq4TGxOOd19aWqysrNmzZ8dyysPOndu6
unp6enpln8NUWk5KNi4wzBt87dxCA6Y/nzUaGhoCputLToT2BBnDy9pChtsDjOmdEh8f++mnH0JXqAaC
IuCnqKiwr6//0aOnoHTE2w0NwBbzpK/6iH9vb++EMYqJiXYTVRjE/fuP79x5IGOdkJAQYEHNi2F2nwa7
7psqm36uqrfAwICQEMXIHnh4IDBgM23fXtbU1HL16s2+PqUQKK6rawS+XL0623BjJKvIEgGWS0tNTd2O
HVuXc+9pUFDgJ58chx5obGyenJyCR8fERJWVbXpJ7DbPxUUYXgXXUOsQ8xMGVNjQ0MjLIplYica41NTk
sDDjqQeDg0PgyVG7CVzAN9/crc6CYiQkxB85cmDDhuJr1241NbUaO8cKiFnYS0CNi2Ii72ABtOHu3dtf
FAVyQnbrb79dk+kRX1+/d989DB3ycqght8RFeZBBUfrzEAI6XLUq+fvvzwMjip4rebuHD8sNE6HZPF1X
16BxiMEBBSF3hXQNIDg4CKaDyTQ5MWHy9fWJjo5i2wcZXij/afzQAS8LEQYE+OOXIXdKoQmLi4txcTFx
cbGu3LutrUP6jsi+yB8bG5ORkab3hklJiZ988gHQAPSegfb09PQJUTVZMq6inwQ85No5G0j21roALum5
c5dslI/tBgRowMzMdE8N/PKJnUsNAPcRxCAqKlLp/l1d3aIMW91hg6kps/Yhfv685oV0ItiRycmJMElf
ERbEL434MXjIGtZhavNECIIbGRmh0QRe/ijF4uJSeHi4KwkyNo9wmNj/YV3eCwkJNpYxBA5BUVGhsgZU
Q1VVDbF9kANSUfJ6h4eHm5vb3NTX+ratDAwMnjlzbm5uTjZa+/btdFMEDC2rSKk4ysigWgwKCty6dRPt
bnw6xuzsnGjHqj5ISxBY25aXt1qBb1BjYzM7qpoEES52TAE3lohieOGjLFriw6oCIL3Q8n8xMdGDg0OO
MoZIzyYCtxCowk2EQln+6ekprqe2ms1mpbpZy78+OjMzW1PTIG0Ggnfct2/Xw4flz549F6lyxxcqK2ty
c90V9dL6yiaT6fTpsybTpOxz0PtKG+d1EI9j7F+IHUak1WDjrAxDc/lygLCZF0nfjH/K4OBgXl6O3nv2
9w90dnaLmooE3yv04MG9o2OjPLkS3Qb2Sm1tQ1nZxuXpQbN5emhoSDaH4I2BXRIS4qgzS+ES7O3tA5fI
CH58fKK1td1S/hDzWPLz84evpaSsysxMU9du4IVPTJi8vOBByLbbRzruiF90gPv7+/tRlU9YWCg4Cdo1
THt758DAENjck5OT4oBBZGRkfHwsWPN6jWZ4fTBrhKqEkoYFBwdRMwagg+CtoQETExOgT4qL14i7CHoD
/iq7GwyWn59vfLx8sIaGhlta2nt6esfGxoSagnxxFuj59PTUtLQUF3UmjCaMKYj38DCfim+7GwbZhveK
i4tJS0vVWB1C1EUIXhAcJ5qeQfA44Qh3TI4yOELWPgoI8I+Ojurr69cd1sBu0sm0+whzwysjI80tdR+k
VCoZRehHmA/LmWLQ1NQsFI2UjFZCQmxiYkJhYd6zZ5VU2mhqaoFRd9cebS2rhrOzs999dxamhOxz8IPf
fHO3WwnYvbYIdu0YaCONCQkJAW3S3t5BFKbh/9NsnjFwz8rKWmEjsOR1V <truncated>
File name MSIMGSIZ.DAT
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
File Size 16384 bytes
File Type data
MD5 0cf9ea053bdfba12814049c64f7ab45a
SHA1 2c3dae6af5ed25316078f3d44519d387a5f0bb00
SHA256 bd6776afccf940809189767c68089f4dfbd18327c443de60443d42969338b8bb
CRC32 CB138BF2
Ssdeep 12:Oa6I/10s1KXPeNU/N6/aXAk6ylXPtDYNls6ss+wsLaSP/0otIltet+4bRsWdf8qY:xJHu9QqlC3LwAOMSoye7z2lzdG
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name index.dat
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019101020191011\index.dat
File Size 0 bytes
File Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
Ssdeep 3::
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name index.dat
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019101020191011\index.dat
File Size 32768 bytes
File Type Internet Explorer cache file version Ver 5.2
MD5 15f1793d145ef06def1cba376628eef7
SHA1 b267c307bdb05bc416fa9a058b804f13e27afa57
SHA256 fe25e0555372ef6dce5e8510446a4441ab2c289bfcca834e9afbd45601da2622
CRC32 7BD6EC3E
Ssdeep 3:qRFiJ2totWIltvlVl:qjyx
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name Web Slice Gallery~.feed-ms
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms
File Size 28672 bytes
File Type Composite Document File V2 Document, No summary info
MD5 d4cc7ce677b6ab7b521a1659aed301c8
SHA1 e1f036a56474983c11b5369dc6d46f158b0d4e0e
SHA256 3e23031a2b91f47683115473ce73964a196b68405153b815af14f7bde5032586
CRC32 E843F4D5
Ssdeep 12:Jw77mFQCb777777777777777777777777777777/FJl8vbf+8Gc7777777777777:Jsbf+8/2As4WYiit
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name {245200D9-EA94-11E9-BCA2-000C2999C965}.dat
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{245200D9-EA94-11E9-BCA2-000C2999C965}.dat
File Size 4608 bytes
File Type Composite Document File V2 Document, No summary info
MD5 3087e433a03d6bca1cbd9ff21e19a1ff
SHA1 e3e25e02b53047e4794e0f12098e218d33973c01
SHA256 c061d5f1529da670a03c348541391962e8fec5665c72376afe57598a0862d34f
CRC32 729E22BE
Ssdeep 12:rlfFgtrEgmfR16FxmrEgmfB1qjNlYfO1t3+/Nlz91tURW2:r0GymGUNlj1twNlh1tU
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name RecoveryStore.{245200D8-EA94-11E9-BCA2-000C2999C965}.dat
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{245200D8-EA94-11E9-BCA2-000C2999C965}.dat
File Size 3584 bytes
File Type Composite Document File V2 Document, No summary info
MD5 d04b4ba17ed036dc0ed72d8c6e968661
SHA1 8b2cd00818145b26715ff8b0fd501fc5ab620be6
SHA256 53f6985e7062279fafdccc52cac8c7a1944951c02fee9eb8ff499078acd049a4
CRC32 C89CA849
Ssdeep 12:rl0YmGF2UarEg5+IaCrI017+FPDrEgmf+IaCy8qgQNlTq1t+64T:rIUa5/sGv/TQNlW1t
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name index.dat
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
File Size 32768 bytes
File Type Internet Explorer cache file version Ver 5.2
MD5 15748b9072b134cac14b1b4c82c691bb
SHA1 f844e3dbb3268586fa723c125577b571fe240996
SHA256 98716f7ad2613a6fd827c630d0b3880570eeb12660203375fc5819920d0c815a
CRC32 138BA480
Ssdeep 6:qjyxXKk9MY3UXjK9Az0Q2Dni6nBrsLMP3qThtYxzGQ2Dni6nBtl3wtak6:qjRS3Uzd92e6BL3KhtYlL2e6BX3wt
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name index.dat
Associated Filenames
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
File Size 32768 bytes
File Type Internet Explorer cache file version Ver 5.2
MD5 e02b5c7b25280da487209bd48b4163f9
SHA1 7d440a9292567af8570c34e52d03aed14405ae00
SHA256 42bc5d24dab11bbeb8fd93b797b3c5b7e70fee667293a32691767580f1a01a73
CRC32 9703369D
Ssdeep 48:qsLf/ZJLH3ZxqT/mf7RCpwV+4igHDt/UwbmXhBgkBVGWYCIh:qsb/Zp/q0lV9Nbojbm
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name index.dat
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
File Size 65536 bytes
File Type Internet Explorer cache file version Ver 5.2
MD5 8ec8ccf1712007f3ff8d66e15c945888
SHA1 1bf376fea9323f41a18a4e1d1ba221c81e8d9d44
SHA256 22f20dceed3e249d74ded5765720614b11a96b37f0736b5178174e8c100bc9ea
CRC32 73BB2774
Ssdeep 384:GWISmjxBNPrNa73dg3skdVQnQeW+4fTJ16ziXrAsjCCtn/NJ03:RmBNaCdBr/CSl
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
Sorry! No CAPE files.
Process Name iexplore.exe
PID 1940
Dump Size 663040 bytes
Module Path C:\Program Files (x86)\Internet Explorer\iexplore.exe
Type PE imageexecutable
MD5 68bed37faa337d238c319a9b270ac993
SHA1 b0e6a0e5349a040be9f5d7bc29b67881152e7dc6
SHA256 81e41bd24ee4cb565e0c46c22310e8f38d92fc0169966784d4375d343f2c4c52
CRC32 F75AED02
Ssdeep 12288:yPX+pd167QhE0s7+jM+M6ugRfMMkIM7ovX+pd167QhE0u7+:OE6Ehg7mM+M6RkMkIM7gE6Eh67
ClamAV None
Yara None matched
CAPE Yara None matched
Dump Filename 81e41bd24ee4cb565e0c46c22310e8f38d92fc0169966784d4375d343f2c4c52
Download

Comments



No comments posted

Processing ( 12.876 seconds )

  • 10.241 Static
  • 1.602 BehaviorAnalysis
  • 0.402 ProcDump
  • 0.355 Dropped
  • 0.244 Deduplicate
  • 0.026 NetworkAnalysis
  • 0.005 AnalysisInfo
  • 0.001 Debug

Signatures ( 0.906 seconds )

  • 0.25 antidbg_windows
  • 0.109 antiav_detectreg
  • 0.069 stealth_timeout
  • 0.046 api_spamming
  • 0.04 infostealer_ftp
  • 0.027 antivm_generic_scsi
  • 0.023 antianalysis_detectreg
  • 0.023 infostealer_im
  • 0.014 antivm_generic_services
  • 0.014 infostealer_mail
  • 0.013 antivm_vbox_window
  • 0.013 mimics_filetime
  • 0.012 Doppelganging
  • 0.012 recon_programs
  • 0.011 antivm_vbox_keys
  • 0.01 antisandbox_script_timer
  • 0.01 ransomware_files
  • 0.009 antivm_generic_disk
  • 0.008 bootkit
  • 0.008 antivm_vmware_keys
  • 0.007 virus
  • 0.007 antiav_detectfile
  • 0.006 injection_createremotethread
  • 0.006 InjectionCreateRemoteThread
  • 0.006 kibex_behavior
  • 0.006 antivm_xen_keys
  • 0.005 uac_bypass_eventvwr
  • 0.005 betabot_behavior
  • 0.005 dynamic_function_loading
  • 0.005 antivm_parallels_keys
  • 0.005 geodo_banking_trojan
  • 0.005 darkcomet_regkeys
  • 0.005 infostealer_bitcoin
  • 0.005 recon_fingerprint
  • 0.004 malicious_dynamic_function_loading
  • 0.004 InjectionInterProcess
  • 0.004 antiemu_wine_func
  • 0.004 InjectionProcessHollowing
  • 0.004 infostealer_browser_password
  • 0.004 persistence_autorun
  • 0.004 injection_runpe
  • 0.004 hancitor_behavior
  • 0.004 ransomware_extensions
  • 0.003 stack_pivot
  • 0.003 exploit_getbasekerneladdress
  • 0.003 InjectionSetWindowLong
  • 0.003 vawtrak_behavior
  • 0.003 kovter_behavior
  • 0.003 antivm_generic_diskreg
  • 0.003 antivm_vbox_files
  • 0.003 antivm_vpc_keys
  • 0.002 antivm_vbox_libs
  • 0.002 antidebug_guardpages
  • 0.002 exploit_heapspray
  • 0.002 dridex_behavior
  • 0.002 exploit_gethaldispatchtable
  • 0.002 antianalysis_detectfile
  • 0.002 browser_security
  • 0.002 disables_browser_warn
  • 0.001 tinba_behavior
  • 0.001 andromeda_behavior
  • 0.001 hawkeye_behavior
  • 0.001 sets_autoconfig_url
  • 0.001 rat_nanocore
  • 0.001 antiav_avast_libs
  • 0.001 infostealer_browser
  • 0.001 injection_explorer
  • 0.001 modifies_desktop_wallpaper
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 antisandbox_sboxie_libs
  • 0.001 ipc_namedpipe
  • 0.001 EvilGrab
  • 0.001 shifu_behavior
  • 0.001 exec_crash
  • 0.001 PlugX
  • 0.001 cerber_behavior
  • 0.001 antiav_bitdefender_libs
  • 0.001 antidbg_devices
  • 0.001 antivm_xen_keys
  • 0.001 antivm_generic_bios
  • 0.001 antivm_generic_cpu
  • 0.001 antivm_generic_system
  • 0.001 antivm_hyperv_keys
  • 0.001 antivm_vmware_files
  • 0.001 bot_drive
  • 0.001 bypass_firewall
  • 0.001 ie_martian_children
  • 0.001 network_torgateway
  • 0.001 packer_armadillo_regkey
  • 0.001 remcos_regkeys

Reporting ( 0.023 seconds )

  • 0.023 CompressResults
Task ID 94300
Mongo ID 5d9dd9d800d6d59231d6fd6d
Cuckoo release 1.3-CAPE
Delete