Analysis

Category Package Started Completed Duration Options Log
URL ie 2019-10-09 14:44:13 2019-10-09 14:48:04 231 seconds Show Options Show Log
route = internet
procdump = 1
2019-10-09 15:44:14,015 [root] INFO: Date set to: 10-09-19, time set to: 14:44:14, timeout set to: 200
2019-10-09 15:44:14,249 [root] DEBUG: Starting analyzer from: C:\wqapzg
2019-10-09 15:44:14,249 [root] DEBUG: Storing results at: C:\rbLtmAmYf
2019-10-09 15:44:14,249 [root] DEBUG: Pipe server name: \\.\PIPE\PhRtHWYuAv
2019-10-09 15:44:14,249 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2019-10-09 15:44:14,249 [root] INFO: Automatically selected analysis package "ie"
2019-10-09 15:44:22,111 [root] DEBUG: Started auxiliary module Browser
2019-10-09 15:44:22,111 [root] DEBUG: Started auxiliary module Curtain
2019-10-09 15:44:22,111 [modules.auxiliary.digisig] DEBUG: Skipping authenticode validation, analysis is not a file.
2019-10-09 15:44:22,111 [root] DEBUG: Started auxiliary module DigiSig
2019-10-09 15:44:22,111 [root] DEBUG: Started auxiliary module Disguise
2019-10-09 15:44:22,111 [root] DEBUG: Started auxiliary module Human
2019-10-09 15:44:22,111 [root] DEBUG: Started auxiliary module Screenshots
2019-10-09 15:44:22,111 [root] DEBUG: Started auxiliary module Sysmon
2019-10-09 15:44:22,111 [root] DEBUG: Started auxiliary module Usage
2019-10-09 15:44:22,111 [root] INFO: Analyzer: Package modules.packages.ie does not specify a DLL option
2019-10-09 15:44:22,111 [root] INFO: Analyzer: Package modules.packages.ie does not specify a DLL_64 option
2019-10-09 15:44:22,252 [lib.api.process] INFO: Successfully executed process from path "C:\Program Files (x86)\Internet Explorer\iexplore.exe" with arguments ""http://cvasajhsjkls00pro.co.uk/please.exe"" with pid 1900
2019-10-09 15:44:22,252 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-10-09 15:44:22,252 [lib.api.process] INFO: 32-bit DLL to inject is C:\wqapzg\dll\zEdEkv.dll, loader C:\wqapzg\bin\qYmWqYP.exe
2019-10-09 15:44:22,891 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\PhRtHWYuAv.
2019-10-09 15:44:22,891 [root] DEBUG: Loader: Injecting process 1900 (thread 1052) with C:\wqapzg\dll\zEdEkv.dll.
2019-10-09 15:44:22,907 [root] DEBUG: Process image base: 0x01330000
2019-10-09 15:44:22,907 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\wqapzg\dll\zEdEkv.dll.
2019-10-09 15:44:22,907 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x013D6000 - 0x77380000
2019-10-09 15:44:22,907 [root] DEBUG: InjectDllViaIAT: Allocated 0x214 bytes for new import table at 0x013E0000.
2019-10-09 15:44:22,907 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-10-09 15:44:22,907 [root] DEBUG: Successfully injected DLL C:\wqapzg\dll\zEdEkv.dll.
2019-10-09 15:44:22,907 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1900
2019-10-09 15:44:24,966 [lib.api.process] INFO: Successfully resumed process with pid 1900
2019-10-09 15:44:25,013 [root] INFO: Added new process to list with pid: 1900
2019-10-09 15:44:25,684 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-10-09 15:44:25,684 [root] DEBUG: Process dumps enabled.
2019-10-09 15:44:26,338 [root] INFO: Disabling sleep skipping.
2019-10-09 15:44:26,338 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-10-09 15:44:26,338 [root] INFO: Disabling sleep skipping.
2019-10-09 15:44:26,338 [root] INFO: Disabling sleep skipping.
2019-10-09 15:44:26,338 [root] INFO: Disabling sleep skipping.
2019-10-09 15:44:26,338 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 1900 at 0x74af0000, image base 0x1330000, stack from 0x362000-0x370000
2019-10-09 15:44:26,338 [root] DEBUG: Commandline: C:\Users\user\AppData\Local\Temp\"C:\Program Files (x86)\Internet Explorer\iexplore.exe" "http:\cvasajhsjkls00pro.co.uk\please.exe".
2019-10-09 15:44:26,338 [root] INFO: Monitor successfully loaded in process with pid 1900.
2019-10-09 15:44:26,604 [root] DEBUG: DLL unloaded from 0x76940000.
2019-10-09 15:44:27,056 [root] DEBUG: DLL loaded at 0x73DD0000: C:\Windows\system32\IEFRAME (0xa80000 bytes).
2019-10-09 15:44:27,227 [root] DEBUG: DLL loaded at 0x73D90000: C:\Windows\system32\OLEACC (0x3c000 bytes).
2019-10-09 15:44:27,430 [root] DEBUG: DLL loaded at 0x73AC0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32 (0x19e000 bytes).
2019-10-09 15:44:27,868 [root] DEBUG: DLL loaded at 0x73D80000: C:\Windows\system32\profapi (0xb000 bytes).
2019-10-09 15:44:27,946 [root] DEBUG: DLL loaded at 0x752D0000: C:\Windows\syswow64\ws2_32 (0x35000 bytes).
2019-10-09 15:44:27,946 [root] DEBUG: DLL loaded at 0x75850000: C:\Windows\syswow64\NSI (0x6000 bytes).
2019-10-09 15:44:27,976 [root] DEBUG: DLL loaded at 0x74DB0000: C:\Windows\system32\dnsapi (0x44000 bytes).
2019-10-09 15:44:27,976 [root] DEBUG: DLL loaded at 0x73D60000: C:\Windows\system32\iphlpapi (0x1c000 bytes).
2019-10-09 15:44:27,976 [root] DEBUG: DLL loaded at 0x73D50000: C:\Windows\system32\WINNSI (0x7000 bytes).
2019-10-09 15:44:28,476 [root] DEBUG: DLL loaded at 0x75670000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2019-10-09 15:44:29,085 [root] DEBUG: DLL loaded at 0x73A60000: C:\Windows\System32\netprofm (0x5a000 bytes).
2019-10-09 15:44:29,411 [root] DEBUG: DLL loaded at 0x74E30000: C:\Windows\System32\nlaapi (0x10000 bytes).
2019-10-09 15:44:29,474 [root] DEBUG: DLL loaded at 0x74F80000: C:\Windows\system32\CRYPTSP (0x16000 bytes).
2019-10-09 15:44:29,474 [root] DEBUG: DLL loaded at 0x74F40000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2019-10-09 15:44:29,490 [root] DEBUG: DLL loaded at 0x73D40000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2019-10-09 15:44:29,506 [root] DEBUG: DLL unloaded from 0x73A60000.
2019-10-09 15:44:29,723 [root] DEBUG: DLL loaded at 0x768C0000: C:\Windows\syswow64\comdlg32 (0x7b000 bytes).
2019-10-09 15:44:30,785 [root] DEBUG: DLL loaded at 0x73A80000: C:\Program Files (x86)\Internet Explorer\sqmapi (0x33000 bytes).
2019-10-09 15:44:30,926 [root] DEBUG: DLL unloaded from 0x75760000.
2019-10-09 15:44:30,926 [root] DEBUG: DLL unloaded from 0x77050000.
2019-10-09 15:44:30,987 [root] DEBUG: DLL unloaded from 0x73A80000.
2019-10-09 15:44:30,987 [root] DEBUG: DLL loaded at 0x74BB0000: C:\Windows\system32\ntmarta (0x21000 bytes).
2019-10-09 15:44:30,987 [root] DEBUG: DLL loaded at 0x75860000: C:\Windows\syswow64\WLDAP32 (0x45000 bytes).
2019-10-09 15:44:31,049 [root] DEBUG: DLL unloaded from 0x77560000.
2019-10-09 15:44:31,269 [root] DEBUG: DLL loaded at 0x73D30000: C:\Windows\system32\VERSION (0x9000 bytes).
2019-10-09 15:44:32,063 [root] DEBUG: DLL unloaded from 0x75530000.
2019-10-09 15:44:32,236 [root] DEBUG: DLL loaded at 0x74CB0000: C:\Windows\system32\apphelp (0x4c000 bytes).
2019-10-09 15:44:32,375 [root] INFO: Announced 32-bit process name: iexplore.exe pid: 1408
2019-10-09 15:44:32,375 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-10-09 15:44:32,375 [lib.api.process] INFO: 32-bit DLL to inject is C:\wqapzg\dll\zEdEkv.dll, loader C:\wqapzg\bin\qYmWqYP.exe
2019-10-09 15:44:32,391 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\PhRtHWYuAv.
2019-10-09 15:44:32,391 [root] DEBUG: Loader: Injecting process 1408 (thread 608) with C:\wqapzg\dll\zEdEkv.dll.
2019-10-09 15:44:32,391 [root] DEBUG: Process image base: 0x01330000
2019-10-09 15:44:32,391 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\wqapzg\dll\zEdEkv.dll.
2019-10-09 15:44:32,391 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x013D6000 - 0x77380000
2019-10-09 15:44:32,391 [root] DEBUG: InjectDllViaIAT: Allocated 0x214 bytes for new import table at 0x013E0000.
2019-10-09 15:44:32,391 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-10-09 15:44:32,391 [root] DEBUG: Successfully injected DLL C:\wqapzg\dll\zEdEkv.dll.
2019-10-09 15:44:32,391 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1408
2019-10-09 15:44:32,391 [root] DEBUG: DLL unloaded from 0x01330000.
2019-10-09 15:44:32,391 [root] INFO: Announced 32-bit process name: iexplore.exe pid: 1408
2019-10-09 15:44:32,391 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-10-09 15:44:32,391 [lib.api.process] INFO: 32-bit DLL to inject is C:\wqapzg\dll\zEdEkv.dll, loader C:\wqapzg\bin\qYmWqYP.exe
2019-10-09 15:44:32,391 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\PhRtHWYuAv.
2019-10-09 15:44:32,391 [root] DEBUG: Loader: Injecting process 1408 (thread 608) with C:\wqapzg\dll\zEdEkv.dll.
2019-10-09 15:44:32,391 [root] DEBUG: Process image base: 0x01330000
2019-10-09 15:44:32,391 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\wqapzg\dll\zEdEkv.dll.
2019-10-09 15:44:32,391 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2019-10-09 15:44:32,391 [root] DEBUG: Successfully injected DLL C:\wqapzg\dll\zEdEkv.dll.
2019-10-09 15:44:32,391 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1408
2019-10-09 15:44:32,391 [root] DEBUG: DLL loaded at 0x73A60000: C:\Windows\system32\RASAPI32 (0x52000 bytes).
2019-10-09 15:44:32,391 [root] DEBUG: DLL loaded at 0x73A40000: C:\Windows\system32\rasman (0x15000 bytes).
2019-10-09 15:44:32,391 [root] DEBUG: DLL unloaded from 0x73A60000.
2019-10-09 15:44:32,407 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-10-09 15:44:32,407 [root] DEBUG: Process dumps enabled.
2019-10-09 15:44:32,407 [root] INFO: Disabling sleep skipping.
2019-10-09 15:44:32,407 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-10-09 15:44:32,407 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 1408 at 0x74af0000, image base 0x1330000, stack from 0x1f2000-0x200000
2019-10-09 15:44:32,407 [root] DEBUG: Commandline: C:\Users\user\Desktop\"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1900 CREDAT:79873.
2019-10-09 15:44:32,407 [root] INFO: Added new process to list with pid: 1408
2019-10-09 15:44:32,407 [root] INFO: Monitor successfully loaded in process with pid 1408.
2019-10-09 15:44:32,407 [root] DEBUG: DLL unloaded from 0x76940000.
2019-10-09 15:44:32,407 [root] DEBUG: DLL loaded at 0x73DD0000: C:\Windows\system32\IEFRAME (0xa80000 bytes).
2019-10-09 15:44:32,407 [root] DEBUG: DLL loaded at 0x73D90000: C:\Windows\system32\OLEACC (0x3c000 bytes).
2019-10-09 15:44:32,407 [root] DEBUG: DLL loaded at 0x73AC0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32 (0x19e000 bytes).
2019-10-09 15:44:32,423 [root] DEBUG: DLL loaded at 0x768C0000: C:\Windows\syswow64\comdlg32 (0x7b000 bytes).
2019-10-09 15:44:32,500 [root] DEBUG: DLL loaded at 0x73A30000: C:\Windows\system32\rtutils (0xd000 bytes).
2019-10-09 15:44:32,563 [root] DEBUG: DLL loaded at 0x739F0000: C:\Program Files (x86)\Internet Explorer\IEShims (0x35000 bytes).
2019-10-09 15:44:32,609 [root] DEBUG: DLL unloaded from 0x73A30000.
2019-10-09 15:44:32,609 [root] DEBUG: DLL unloaded from 0x73A40000.
2019-10-09 15:44:32,625 [root] DEBUG: DLL unloaded from 0x75370000.
2019-10-09 15:44:32,625 [root] DEBUG: DLL loaded at 0x739E0000: C:\Windows\system32\sensapi (0x6000 bytes).
2019-10-09 15:44:32,641 [root] DEBUG: DLL loaded at 0x74E30000: C:\Windows\system32\NLAapi (0x10000 bytes).
2019-10-09 15:44:32,641 [root] DEBUG: DLL loaded at 0x74E20000: C:\Windows\system32\napinsp (0x10000 bytes).
2019-10-09 15:44:32,641 [root] DEBUG: DLL loaded at 0x74E00000: C:\Windows\system32\pnrpnsp (0x12000 bytes).
2019-10-09 15:44:32,641 [root] DEBUG: DLL loaded at 0x74F00000: C:\Windows\System32\mswsock (0x3c000 bytes).
2019-10-09 15:44:32,641 [root] DEBUG: DLL loaded at 0x74DA0000: C:\Windows\System32\winrnr (0x8000 bytes).
2019-10-09 15:44:32,641 [root] DEBUG: DLL loaded at 0x74EF0000: C:\Windows\System32\wshtcpip (0x5000 bytes).
2019-10-09 15:44:32,641 [root] DEBUG: DLL loaded at 0x739D0000: C:\Windows\System32\wship6 (0x6000 bytes).
2019-10-09 15:44:32,641 [root] DEBUG: DLL loaded at 0x739C0000: C:\Windows\system32\rasadhlp (0x6000 bytes).
2019-10-09 15:44:32,657 [root] DEBUG: DLL loaded at 0x73D40000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2019-10-09 15:44:32,657 [root] DEBUG: DLL loaded at 0x73980000: C:\Windows\System32\fwpuclnt (0x38000 bytes).
2019-10-09 15:44:32,720 [root] DEBUG: DLL loaded at 0x73940000: C:\Program Files (x86)\Internet Explorer\sqmapi (0x33000 bytes).
2019-10-09 15:44:32,720 [root] DEBUG: DLL unloaded from 0x75760000.
2019-10-09 15:44:32,720 [root] DEBUG: DLL unloaded from 0x77050000.
2019-10-09 15:44:32,720 [root] DEBUG: DLL unloaded from 0x73940000.
2019-10-09 15:44:32,766 [root] DEBUG: DLL loaded at 0x73920000: C:\Windows\System32\netprofm (0x5a000 bytes).
2019-10-09 15:44:32,766 [root] DEBUG: DLL loaded at 0x73900000: C:\Windows\system32\DHCPCSVC (0x12000 bytes).
2019-10-09 15:44:32,766 [root] DEBUG: DLL loaded at 0x738F0000: C:\Windows\system32\dhcpcsvc6 (0xd000 bytes).
2019-10-09 15:44:32,782 [root] DEBUG: DLL unloaded from 0x73D60000.
2019-10-09 15:44:32,782 [root] DEBUG: DLL unloaded from 0x73900000.
2019-10-09 15:44:32,828 [root] DEBUG: DLL loaded at 0x758B0000: C:\Windows\syswow64\SETUPAPI (0x19d000 bytes).
2019-10-09 15:44:32,828 [root] DEBUG: DLL loaded at 0x76A40000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2019-10-09 15:44:32,828 [root] DEBUG: DLL loaded at 0x76770000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2019-10-09 15:44:32,828 [root] DEBUG: DLL loaded at 0x75670000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2019-10-09 15:44:32,828 [root] DEBUG: DLL loaded at 0x737F0000: C:\Windows\system32\propsys (0xf5000 bytes).
2019-10-09 15:44:32,828 [root] DEBUG: DLL unloaded from 0x75B20000.
2019-10-09 15:44:32,907 [root] DEBUG: DLL loaded at 0x74BB0000: C:\Windows\system32\ntmarta (0x21000 bytes).
2019-10-09 15:44:32,907 [root] DEBUG: DLL loaded at 0x75860000: C:\Windows\syswow64\WLDAP32 (0x45000 bytes).
2019-10-09 15:44:33,000 [root] INFO: Announced 64-bit process name: explorer.exe pid: 1708
2019-10-09 15:44:33,000 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-10-09 15:44:33,000 [lib.api.process] INFO: 64-bit DLL to inject is C:\wqapzg\dll\nPTpTe.dll, loader C:\wqapzg\bin\uuigRmhR.exe
2019-10-09 15:44:33,046 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\PhRtHWYuAv.
2019-10-09 15:44:33,046 [root] DEBUG: DLL loaded at 0x73D80000: C:\Windows\system32\profapi (0xb000 bytes).
2019-10-09 15:44:33,046 [root] DEBUG: Loader: Injecting process 1708 (thread 0) with C:\wqapzg\dll\nPTpTe.dll.
2019-10-09 15:44:33,046 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed.
2019-10-09 15:44:33,062 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-10-09 15:44:33,062 [root] DEBUG: Process dumps enabled.
2019-10-09 15:44:33,062 [root] INFO: Disabling sleep skipping.
2019-10-09 15:44:33,233 [root] WARNING: Unable to place hook on LockResource
2019-10-09 15:44:33,233 [root] WARNING: Unable to hook LockResource
2019-10-09 15:44:33,562 [root] DEBUG: CAPE initialised: 64-bit base package loaded in process 1708 at 0x0000000073710000, image base 0x00000000FFA80000, stack from 0x0000000004542000-0x0000000004550000
2019-10-09 15:44:33,687 [root] DEBUG: Commandline: C:\Windows\explorer.exe.
2019-10-09 15:44:33,687 [root] INFO: Added new process to list with pid: 1708
2019-10-09 15:44:33,687 [root] INFO: Monitor successfully loaded in process with pid 1708.
2019-10-09 15:44:33,687 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2019-10-09 15:44:33,687 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2019-10-09 15:44:33,687 [root] DEBUG: Successfully injected DLL C:\wqapzg\dll\nPTpTe.dll.
2019-10-09 15:44:33,983 [root] DEBUG: DLL loaded at 0x736E0000: C:\Windows\system32\IEUI (0x2d000 bytes).
2019-10-09 15:44:34,186 [root] DEBUG: DLL loaded at 0x736D0000: C:\Windows\system32\MSIMG32 (0x5000 bytes).
2019-10-09 15:44:34,684 [root] DEBUG: DLL loaded at 0x736A0000: C:\Program Files (x86)\Internet Explorer\ieproxy (0x2b000 bytes).
2019-10-09 15:44:34,888 [root] DEBUG: DLL loaded at 0x737F0000: C:\Windows\system32\propsys (0xf5000 bytes).
2019-10-09 15:44:34,918 [root] DEBUG: DLL unloaded from 0x737F0000.
2019-10-09 15:44:35,059 [root] DEBUG: DLL unloaded from 0x75370000.
2019-10-09 15:44:35,121 [root] DEBUG: DLL loaded at 0x73690000: C:\Windows\system32\mssprxy (0xc000 bytes).
2019-10-09 15:44:35,589 [root] DEBUG: DLL loaded at 0x73610000: C:\Windows\system32\UxTheme (0x80000 bytes).
2019-10-09 15:44:37,743 [root] DEBUG: DLL loaded at 0x758B0000: C:\Windows\syswow64\SETUPAPI (0x19d000 bytes).
2019-10-09 15:44:37,743 [root] DEBUG: DLL loaded at 0x76A40000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2019-10-09 15:44:37,743 [root] DEBUG: DLL loaded at 0x76770000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2019-10-09 15:44:37,757 [root] DEBUG: DLL unloaded from 0x75B20000.
2019-10-09 15:44:38,194 [root] DEBUG: DLL loaded at 0x735E0000: C:\Windows\system32\xmllite (0x2f000 bytes).
2019-10-09 15:44:39,381 [root] DEBUG: DLL loaded at 0x73470000: C:\Windows\system32\explorerframe (0x16f000 bytes).
2019-10-09 15:44:39,536 [root] DEBUG: DLL loaded at 0x73440000: C:\Windows\system32\DUser (0x2f000 bytes).
2019-10-09 15:44:39,677 [root] DEBUG: DLL loaded at 0x73380000: C:\Windows\system32\DUI70 (0xb2000 bytes).
2019-10-09 15:44:40,878 [root] DEBUG: DLL loaded at 0x752D0000: C:\Windows\syswow64\ws2_32 (0x35000 bytes).
2019-10-09 15:44:40,878 [root] DEBUG: DLL loaded at 0x75850000: C:\Windows\syswow64\NSI (0x6000 bytes).
2019-10-09 15:44:40,878 [root] DEBUG: DLL loaded at 0x74DB0000: C:\Windows\system32\dnsapi (0x44000 bytes).
2019-10-09 15:44:40,878 [root] DEBUG: DLL loaded at 0x73D60000: C:\Windows\system32\iphlpapi (0x1c000 bytes).
2019-10-09 15:44:40,878 [root] DEBUG: DLL loaded at 0x73D50000: C:\Windows\system32\WINNSI (0x7000 bytes).
2019-10-09 15:44:40,878 [root] DEBUG: DLL loaded at 0x74F80000: C:\Windows\system32\CRYPTSP (0x16000 bytes).
2019-10-09 15:44:40,894 [root] DEBUG: DLL loaded at 0x74F40000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2019-10-09 15:44:40,894 [root] DEBUG: DLL loaded at 0x736A0000: C:\Program Files (x86)\Internet Explorer\ieproxy (0x2b000 bytes).
2019-10-09 15:44:41,174 [root] DEBUG: DLL loaded at 0x732E0000: C:\Windows\system32\msfeeds (0x96000 bytes).
2019-10-09 15:44:41,595 [root] DEBUG: DLL loaded at 0x74CB0000: C:\Windows\system32\apphelp (0x4c000 bytes).
2019-10-09 15:44:41,595 [root] DEBUG: DLL loaded at 0x73D30000: C:\Windows\system32\VERSION (0x9000 bytes).
2019-10-09 15:44:41,595 [root] DEBUG: DLL unloaded from 0x75530000.
2019-10-09 15:44:41,799 [root] DEBUG: DLL loaded at 0x732B0000: C:\Windows\system32\MLANG (0x2e000 bytes).
2019-10-09 15:44:41,813 [root] DEBUG: DLL loaded at 0x73A60000: C:\Windows\system32\RASAPI32 (0x52000 bytes).
2019-10-09 15:44:41,813 [root] DEBUG: DLL loaded at 0x73A40000: C:\Windows\system32\rasman (0x15000 bytes).
2019-10-09 15:44:41,813 [root] DEBUG: DLL unloaded from 0x73A60000.
2019-10-09 15:44:41,813 [root] DEBUG: DLL loaded at 0x73A30000: C:\Windows\system32\rtutils (0xd000 bytes).
2019-10-09 15:44:41,813 [root] DEBUG: DLL unloaded from 0x75370000.
2019-10-09 15:44:41,813 [root] DEBUG: DLL loaded at 0x739E0000: C:\Windows\system32\sensapi (0x6000 bytes).
2019-10-09 15:44:41,813 [root] DEBUG: DLL unloaded from 0x73A40000.
2019-10-09 15:44:41,813 [root] DEBUG: DLL unloaded from 0x77050000.
2019-10-09 15:44:41,813 [root] DEBUG: DLL loaded at 0x74F00000: C:\Windows\system32\mswsock (0x3c000 bytes).
2019-10-09 15:44:41,813 [root] DEBUG: DLL loaded at 0x74EF0000: C:\Windows\System32\wshtcpip (0x5000 bytes).
2019-10-09 15:44:41,813 [root] DEBUG: DLL loaded at 0x75520000: C:\Windows\syswow64\Normaliz (0x3000 bytes).
2019-10-09 15:44:41,877 [root] DEBUG: DLL loaded at 0x75520000: C:\Windows\syswow64\Normaliz (0x3000 bytes).
2019-10-09 15:44:41,907 [root] DEBUG: DLL loaded at 0x74E30000: C:\Windows\system32\NLAapi (0x10000 bytes).
2019-10-09 15:44:41,907 [root] DEBUG: DLL loaded at 0x73920000: C:\Windows\System32\netprofm (0x5a000 bytes).
2019-10-09 15:44:41,907 [root] DEBUG: DLL loaded at 0x74E20000: C:\Windows\system32\napinsp (0x10000 bytes).
2019-10-09 15:44:41,907 [root] DEBUG: DLL loaded at 0x74E00000: C:\Windows\system32\pnrpnsp (0x12000 bytes).
2019-10-09 15:44:41,907 [root] DEBUG: DLL loaded at 0x74DA0000: C:\Windows\System32\winrnr (0x8000 bytes).
2019-10-09 15:44:41,907 [root] DEBUG: DLL loaded at 0x739D0000: C:\Windows\System32\wship6 (0x6000 bytes).
2019-10-09 15:44:41,907 [root] DEBUG: DLL loaded at 0x739C0000: C:\Windows\system32\rasadhlp (0x6000 bytes).
2019-10-09 15:44:41,907 [root] DEBUG: DLL loaded at 0x732B0000: C:\Windows\system32\MLANG (0x2e000 bytes).
2019-10-09 15:44:41,907 [root] DEBUG: DLL loaded at 0x73980000: C:\Windows\System32\fwpuclnt (0x38000 bytes).
2019-10-09 15:44:41,954 [root] DEBUG: DLL loaded at 0x73610000: C:\Windows\system32\UxTheme (0x80000 bytes).
2019-10-09 15:44:42,111 [root] DEBUG: DLL loaded at 0x73290000: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim (0x11000 bytes).
2019-10-09 15:44:42,188 [root] DEBUG: DLL loaded at 0x731F0000: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCR80 (0x9b000 bytes).
2019-10-09 15:44:42,250 [root] DEBUG: DLL loaded at 0x73160000: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCP80 (0x87000 bytes).
2019-10-09 15:44:42,578 [root] DEBUG: DLL loaded at 0x73150000: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper (0x10000 bytes).
2019-10-09 15:44:43,171 [root] DEBUG: DLL loaded at 0x73010000: C:\PROGRA~2\MICROS~1\Office14\URLREDIR (0x91000 bytes).
2019-10-09 15:44:43,280 [root] DEBUG: DLL loaded at 0x73140000: C:\Windows\system32\Secur32 (0x8000 bytes).
2019-10-09 15:44:43,280 [root] DEBUG: DLL loaded at 0x74E40000: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90 (0xa3000 bytes).
2019-10-09 15:44:43,437 [root] DEBUG: DLL loaded at 0x73120000: C:\PROGRA~2\MICROS~1\Office14\MSOHEV (0x14000 bytes).
2019-10-09 15:44:43,983 [root] DEBUG: DLL loaded at 0x73110000: C:\Program Files (x86)\Java\jre7\bin\jp2ssv (0xf000 bytes).
2019-10-09 15:44:44,075 [root] DEBUG: DLL loaded at 0x72F50000: C:\Program Files (x86)\Java\jre7\bin\MSVCR100 (0xbe000 bytes).
2019-10-09 15:44:44,247 [root] DEBUG: set_caller_info: Adding region at 0x044D0000 to caller regions list (ntdll::LdrLoadDll).
2019-10-09 15:44:44,388 [root] DEBUG: set_caller_info: Adding region at 0x00A60000 to caller regions list (advapi32::RegOpenKeyExA).
2019-10-09 15:44:44,420 [root] DEBUG: DLL loaded at 0x730B0000: C:\Windows\system32\SXS (0x5f000 bytes).
2019-10-09 15:44:45,230 [root] DEBUG: DLL loaded at 0x72F30000: C:\Windows\system32\DWMAPI (0x13000 bytes).
2019-10-09 15:44:45,246 [root] DEBUG: DLL unloaded from 0x73DD0000.
2019-10-09 15:44:45,246 [root] DEBUG: DLL loaded at 0x72EE0000: C:\Windows\system32\mscoree (0x4a000 bytes).
2019-10-09 15:44:45,246 [root] DEBUG: DLL loaded at 0x730B0000: C:\Windows\system32\SXS (0x5f000 bytes).
2019-10-09 15:44:45,246 [root] DEBUG: set_caller_info: Adding region at 0x004C0000 to caller regions list (kernel32::FindFirstFileExW).
2019-10-09 15:44:45,262 [root] DEBUG: DLL loaded at 0x72E60000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei (0x7b000 bytes).
2019-10-09 15:44:45,838 [root] DEBUG: DLL unloaded from 0x75760000.
2019-10-09 15:44:45,947 [root] DEBUG: DLL loaded at 0x72E10000: C:\Windows\System32\Wpc (0x4f000 bytes).
2019-10-09 15:44:46,026 [root] DEBUG: DLL loaded at 0x72DF0000: C:\Windows\System32\USERENV (0x17000 bytes).
2019-10-09 15:44:46,026 [root] DEBUG: DLL loaded at 0x72DA0000: C:\Windows\System32\wevtapi (0x42000 bytes).
2019-10-09 15:44:46,167 [root] DEBUG: DLL loaded at 0x72D90000: C:\Windows\system32\samcli (0xf000 bytes).
2019-10-09 15:44:46,322 [root] DEBUG: DLL loaded at 0x72D70000: C:\Windows\system32\SAMLIB (0x12000 bytes).
2019-10-09 15:44:46,401 [root] DEBUG: DLL loaded at 0x72D60000: C:\Windows\system32\netutils (0x9000 bytes).
2019-10-09 15:44:46,805 [root] DEBUG: DLL unloaded from 0x77050000.
2019-10-09 15:44:46,961 [root] DEBUG: DLL unloaded from 0x735E0000.
2019-10-09 15:44:46,961 [root] DEBUG: DLL unloaded from 0x73DD0000.
2019-10-09 15:44:46,993 [root] DEBUG: DLL loaded at 0x72DF0000: C:\Windows\system32\USERENV (0x17000 bytes).
2019-10-09 15:44:47,039 [root] DEBUG: DLL unloaded from 0x73DD0000.
2019-10-09 15:44:47,134 [root] DEBUG: DLL unloaded from 0x75B20000.
2019-10-09 15:44:47,150 [root] DEBUG: DLL loaded at 0x73600000: C:\Windows\system32\LINKINFO (0x9000 bytes).
2019-10-09 15:44:47,180 [root] WARNING: File at path "C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\favicon[1].ico" does not exist, skip.
2019-10-09 15:44:47,196 [root] DEBUG: DLL unloaded from 0x736E0000.
2019-10-09 15:44:47,196 [root] DEBUG: DLL unloaded from 0x73AC0000.
2019-10-09 15:44:47,196 [root] DEBUG: DLL unloaded from 0x73470000.
2019-10-09 15:44:47,351 [root] DEBUG: DLL loaded at 0x73500000: C:\Windows\system32\WindowsCodecs (0xfb000 bytes).
2019-10-09 15:44:47,539 [root] DEBUG: DLL unloaded from 0x73010000.
2019-10-09 15:44:47,571 [root] DEBUG: DLL unloaded from 0x73110000.
2019-10-09 15:44:47,632 [root] DEBUG: DLL unloaded from 0x73290000.
2019-10-09 15:44:47,805 [root] DEBUG: DLL loaded at 0x73480000: C:\Windows\system32\EhStorShell (0x31000 bytes).
2019-10-09 15:44:48,194 [root] DEBUG: DLL loaded at 0x733A0000: C:\Windows\system32\ntshrui (0x70000 bytes).
2019-10-09 15:44:48,256 [root] DEBUG: DLL loaded at 0x734E0000: C:\Windows\system32\srvcli (0x19000 bytes).
2019-10-09 15:44:48,398 [root] DEBUG: DLL loaded at 0x734D0000: C:\Windows\system32\cscapi (0xb000 bytes).
2019-10-09 15:44:48,599 [root] DEBUG: DLL loaded at 0x734C0000: C:\Windows\system32\slc (0xa000 bytes).
2019-10-09 15:44:48,974 [modules.auxiliary.human] INFO: Found button "&Open", clicking it
2019-10-09 15:44:50,315 [root] DEBUG: DLL loaded at 0x73470000: C:\Program Files (x86)\Windows Defender\MpOav (0x10000 bytes).
2019-10-09 15:44:50,315 [root] DEBUG: DLL unloaded from 0x75760000.
2019-10-09 15:44:50,410 [root] DEBUG: DLL loaded at 0x73180000: C:\Program Files (x86)\Windows Defender\MPCLIENT (0x63000 bytes).
2019-10-09 15:44:50,503 [root] DEBUG: DLL loaded at 0x76DD0000: C:\Windows\syswow64\WINTRUST (0x2d000 bytes).
2019-10-09 15:44:50,690 [root] DEBUG: DLL unloaded from 0x76940000.
2019-10-09 15:44:50,690 [root] DEBUG: DLL unloaded from 0x73180000.
2019-10-09 15:44:51,923 [root] INFO: Announced 32-bit process name:  pid: 1
2019-10-09 15:44:51,923 [lib.api.process] WARNING: The process with pid 1 is not alive, injection aborted
2019-10-09 15:44:51,938 [root] DEBUG: DLL unloaded from 0x73DD0000.
2019-10-09 15:44:51,986 [root] DEBUG: DLL unloaded from 0x75370000.
2019-10-09 15:44:52,546 [root] DEBUG: DLL unloaded from 0x000007FEFBC70000.
2019-10-09 15:44:55,230 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF2C10000 to caller regions list (ntdll::NtDuplicateObject).
2019-10-09 15:44:55,246 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF86E0000 to caller regions list (ntdll::NtDuplicateObject).
2019-10-09 15:44:55,246 [root] DEBUG: DLL unloaded from 0x000007FEF59C0000.
2019-10-09 15:44:55,246 [root] DEBUG: DLL unloaded from 0x000007FEFA5F0000.
2019-10-09 15:44:55,246 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFA5F0000 to caller regions list (ntdll::NtClose).
2019-10-09 15:44:55,246 [root] DEBUG: DLL unloaded from 0x000007FEFBAB0000.
2019-10-09 15:44:55,246 [root] DEBUG: DLL unloaded from 0x000007FEF9740000.
2019-10-09 15:44:55,262 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF9740000 to caller regions list (ntdll::NtFreeVirtualMemory).
2019-10-09 15:44:55,262 [root] DEBUG: DLL unloaded from 0x000007FEF9C60000.
2019-10-09 15:44:55,276 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF9C60000 to caller regions list (ntdll::LdrGetProcedureAddress).
2019-10-09 15:44:55,276 [root] DEBUG: DLL unloaded from 0x000007FEF96B0000.
2019-10-09 15:44:55,276 [root] DEBUG: DLL unloaded from 0x000007FEFA1D0000.
2019-10-09 15:44:55,292 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFA1D0000 to caller regions list (ntdll::NtClose).
2019-10-09 15:44:55,292 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFA100000 to caller regions list (ntdll::LdrGetProcedureAddress).
2019-10-09 15:44:56,197 [root] INFO: Announced 32-bit process name:  pid: 4294962938
2019-10-09 15:44:56,197 [lib.api.process] WARNING: The process with pid 4294962938 is not alive, injection aborted
2019-10-09 15:44:58,210 [root] DEBUG: DLL unloaded from 0x73470000.
2019-10-09 15:44:58,210 [root] DEBUG: DLL unloaded from 0x733A0000.
2019-10-09 15:44:58,210 [root] DEBUG: DLL unloaded from 0x73480000.
2019-10-09 15:44:58,210 [root] DEBUG: DLL unloaded from 0x72E10000.
2019-10-09 15:44:58,226 [root] DEBUG: DLL unloaded from 0x72EE0000.
2019-10-09 15:44:58,226 [root] DEBUG: DLL unloaded from 0x77050000.
2019-10-09 15:44:58,226 [root] DEBUG: DLL unloaded from 0x72E60000.
2019-10-09 15:44:58,272 [root] DEBUG: DLL unloaded from 0x76EA0000.
2019-10-09 15:44:58,272 [root] DEBUG: DLL unloaded from 0x75530000.
2019-10-09 15:44:58,272 [root] DEBUG: DLL unloaded from 0x73150000.
2019-10-09 15:44:58,272 [root] DEBUG: DLL unloaded from 0x73920000.
2019-10-09 15:44:58,272 [root] DEBUG: DLL unloaded from 0x73DD0000.
2019-10-09 15:44:58,272 [root] DEBUG: DLL unloaded from 0x736A0000.
2019-10-09 15:44:58,272 [root] DEBUG: DLL unloaded from 0x737F0000.
2019-10-09 15:44:58,272 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 1408
2019-10-09 15:44:58,272 [root] DEBUG: GetHookCallerBase: thread 608 (handle 0x0), return address 0x0133129E, allocation base 0x01330000.
2019-10-09 15:44:58,272 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x01330000.
2019-10-09 15:44:58,288 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump virtual PE image.
2019-10-09 15:44:58,288 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x01330000.
2019-10-09 15:44:58,288 [root] DEBUG: DumpProcess: Module entry point VA is 0x00001C9A.
2019-10-09 15:44:58,522 [root] INFO: Added new CAPE file to list with path: C:\rbLtmAmYf\CAPE\1408_206562430048561693102019
2019-10-09 15:44:58,522 [root] DEBUG: DumpProcess: Module image dump success - dump size 0xa1e00.
2019-10-09 15:44:58,584 [root] DEBUG: DLL unloaded from 0x77050000.
2019-10-09 15:44:58,631 [root] DEBUG: DLL unloaded from 0x75700000.
2019-10-09 15:44:58,631 [root] DEBUG: DLL unloaded from 0x74BB0000.
2019-10-09 15:44:58,631 [root] INFO: Notified of termination of process with pid 1408.
2019-10-09 15:44:58,990 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 1900
2019-10-09 15:44:58,990 [root] DEBUG: GetHookCallerBase: thread 1052 (handle 0x0), return address 0x0133129E, allocation base 0x01330000.
2019-10-09 15:44:59,006 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x01330000.
2019-10-09 15:44:59,006 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump virtual PE image.
2019-10-09 15:44:59,006 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x01330000.
2019-10-09 15:44:59,006 [root] DEBUG: DumpProcess: Module entry point VA is 0x00001C9A.
2019-10-09 15:44:59,020 [root] INFO: Added new CAPE file to list with path: C:\rbLtmAmYf\CAPE\1900_209131202459241693102019
2019-10-09 15:44:59,020 [root] DEBUG: DumpProcess: Module image dump success - dump size 0xa1e00.
2019-10-09 15:44:59,302 [root] DEBUG: DLL unloaded from 0x737F0000.
2019-10-09 15:44:59,302 [root] DEBUG: DLL unloaded from 0x77050000.
2019-10-09 15:44:59,489 [root] DEBUG: DLL unloaded from 0x75700000.
2019-10-09 15:44:59,489 [root] INFO: Process with pid 1408 has terminated
2019-10-09 15:44:59,519 [root] DEBUG: DLL unloaded from 0x74BB0000.
2019-10-09 15:44:59,582 [root] INFO: Notified of termination of process with pid 1900.
2019-10-09 15:44:59,894 [root] DEBUG: DLL unloaded from 0x000007FEFE710000.
2019-10-09 15:45:00,519 [root] INFO: Process with pid 1900 has terminated
2019-10-09 15:45:25,292 [root] DEBUG: DLL unloaded from 0x000007FEFDF10000.
2019-10-09 15:45:59,549 [root] DEBUG: DLL unloaded from 0x000007FEFE710000.
2019-10-09 15:47:46,908 [root] INFO: Analysis timeout hit (200 seconds), terminating analysis.
2019-10-09 15:47:46,908 [root] INFO: Created shutdown mutex.
2019-10-09 15:47:47,923 [lib.api.process] INFO: Successfully received reply to terminate_event, pid 1708
2019-10-09 15:47:47,923 [root] INFO: Terminate event set for process 1708.
2019-10-09 15:47:47,923 [root] DEBUG: Terminate Event: Attempting to dump process 1708
2019-10-09 15:47:47,923 [root] INFO: Terminating process 1708 before shutdown.
2019-10-09 15:47:47,923 [root] INFO: Waiting for process 1708 to exit.
2019-10-09 15:47:47,923 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00000000FFA80000.
2019-10-09 15:47:47,923 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump virtual PE image.
2019-10-09 15:47:47,923 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x00000000FFA80000.
2019-10-09 15:47:47,923 [root] DEBUG: DumpProcess: Module entry point VA is 0x000000000002B790.
2019-10-09 15:47:48,016 [root] INFO: Added new CAPE file to list with path: C:\rbLtmAmYf\CAPE\1708_141511844647471493102019
2019-10-09 15:47:48,016 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x2baa00.
2019-10-09 15:47:48,016 [root] DEBUG: Terminate Event: Skipping dump of process 1708
2019-10-09 15:47:48,016 [root] DEBUG: Terminate Event: Shutdown complete for process 1708 but failed to inform analyzer.
2019-10-09 15:47:48,927 [root] INFO: Shutting down package.
2019-10-09 15:47:48,927 [root] INFO: Stopping auxiliary modules.
2019-10-09 15:47:48,927 [root] INFO: Finishing auxiliary modules.
2019-10-09 15:47:48,927 [root] INFO: Shutting down pipe server and dumping dropped files.
2019-10-09 15:47:48,927 [root] WARNING: File at path "C:\rbLtmAmYf\debugger" does not exist, skip.
2019-10-09 15:47:48,927 [root] WARNING: Monitor injection attempted but failed for process 1.
2019-10-09 15:47:48,927 [root] WARNING: Monitor injection attempted but failed for process 4294962938.
2019-10-09 15:47:48,927 [root] INFO: Analysis completed.

MalScore

5.1

Suspicious

Machine

Name Label Manager Started On Shutdown On
target-02 target-02 ESX 2019-10-09 14:44:13 2019-10-09 14:48:04

URL Details

URL
http://cvasajhsjkls00pro.co.uk/please.exe

Signatures

Behavioural detection: Executable code extraction
SetUnhandledExceptionFilter detected (possible anti-debug)
Attempts to connect to a dead IP:Port (2 unique times)
IP: 204.79.197.200:80 (United States)
IP: 47.245.30.190:80 (United States)
Possible date expiration check, exits too soon after checking local time
process: iexplore.exe, PID 1900
Dynamic (imported) function loading detected
DynamicLoader: iphlpapi.DLL/GetAdaptersAddresses
DynamicLoader: DHCPCSVC.DLL/DhcpRequestParams
DynamicLoader: comctl32.dll/LoadIconWithScaleDown
DynamicLoader: IEUI.dll/InitGadgets
DynamicLoader: ieproxy.dll/DllGetClassObject
DynamicLoader: ieproxy.dll/DllCanUnloadNow
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: propsys.dll/PSGetPropertyKeyFromName
DynamicLoader: USER32.dll/MsgWaitForMultipleObjectsEx
DynamicLoader: UxTheme.dll/OpenThemeData
DynamicLoader: comctl32.dll/
DynamicLoader: UxTheme.dll/IsAppThemed
DynamicLoader: comctl32.dll/ImageList_LoadImageW
DynamicLoader: comctl32.dll/ImageList_GetIconSize
DynamicLoader: UxTheme.dll/IsCompositionActive
DynamicLoader: UxTheme.dll/SetWindowTheme
DynamicLoader: UxTheme.dll/OpenThemeData
DynamicLoader: comctl32.dll/ImageList_Create
DynamicLoader: comctl32.dll/ImageList_ReplaceIcon
DynamicLoader: OLEAUT32.dll/
DynamicLoader: comctl32.dll/ImageList_AddMasked
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: IMM32.DLL/ImmIsIME
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager
DynamicLoader: MSCTF.dll/SetInputScopes2
DynamicLoader: UxTheme.dll/EnableThemeDialogTexture
DynamicLoader: urlmon.dll/
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CreateBindCtx
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: comctl32.dll/
DynamicLoader: UxTheme.dll/IsThemeActive
DynamicLoader: comctl32.dll/
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_Size_ExW
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_ExW
DynamicLoader: ADVAPI32.dll/InitializeSecurityDescriptor
DynamicLoader: ADVAPI32.dll/SetEntriesInAclW
DynamicLoader: ADVAPI32.dll/SetSecurityDescriptorDacl
DynamicLoader: ADVAPI32.dll/IsTextUnicode
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: SHELL32.dll/
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: propsys.dll/PSCreateMemoryPropertyStore
DynamicLoader: propsys.dll/PSPropertyBag_WriteStr
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/PropVariantClear
DynamicLoader: OLEAUT32.dll/
DynamicLoader: propsys.dll/PSPropertyBag_WriteGUID
DynamicLoader: propsys.dll/PSPropertyBag_ReadGUID
DynamicLoader: IEUI.dll/CreateGadget
DynamicLoader: IEUI.dll/SetGadgetMessageFilter
DynamicLoader: IEUI.dll/SetGadgetStyle
DynamicLoader: IEUI.dll/SetGadgetRootInfo
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: comctl32.dll/
DynamicLoader: xmllite.dll/CreateXmlReader
DynamicLoader: xmllite.dll/CreateXmlReaderInputWithEncodingName
DynamicLoader: IEUI.dll/FindStdColor
DynamicLoader: IEUI.dll/InvalidateGadget
DynamicLoader: IEUI.dll/SetGadgetParent
DynamicLoader: IEUI.dll/GetGadgetTicket
DynamicLoader: IEUI.dll/SetGadgetRect
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: kernel32.dll/GetThreadUILanguage
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: SHELL32.dll/SHGetInstanceExplorer
DynamicLoader: WININET.dll/InternetSetOptionW
DynamicLoader: USER32.dll/PostMessageW
DynamicLoader: USER32.dll/PeekMessageW
DynamicLoader: USER32.dll/TranslateMessage
DynamicLoader: USER32.dll/DispatchMessageW
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: RPCRT4.dll/RpcBindingToStringBindingW
DynamicLoader: RPCRT4.dll/RpcStringBindingParseW
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/I_RpcBindingInqLocalClientPID
DynamicLoader: RPCRT4.dll/RpcServerInqCallAttributesW
DynamicLoader: RPCRT4.dll/RpcImpersonateClient
DynamicLoader: RPCRT4.dll/RpcRevertToSelf
DynamicLoader: RPCRT4.dll/NdrServerCall2
DynamicLoader: RPCRT4.dll/RpcBindingInqObject
DynamicLoader: IEUI.dll/PeekMessageExW
DynamicLoader: ole32.dll/CoInitialize
DynamicLoader: ole32.dll/RegisterDragDrop
DynamicLoader: msfeeds.dll/MsfeedsCreateInstance
DynamicLoader: SHELL32.dll/SHGetSpecialFolderPathW
DynamicLoader: SHELL32.dll/
DynamicLoader: SHELL32.dll/SHGetFolderPathW
DynamicLoader: SHELL32.dll/SHCreateDirectoryExW
DynamicLoader: WININET.dll/FindFirstUrlCacheContainerW
DynamicLoader: WININET.dll/FindNextUrlCacheContainerW
DynamicLoader: WININET.dll/FindCloseUrlCache
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: MSIMG32.dll/GradientFill
DynamicLoader: GDI32.dll/GetTextExtentExPointWPri
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcBindingSetAuthInfoExW
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: USER32.dll/GetWindowLongW
DynamicLoader: USER32.dll/IsWindow
DynamicLoader: USER32.dll/SendMessageW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: IEUI.dll/WaitMessageEx
DynamicLoader: OLEAUT32.dll/DllGetClassObject
DynamicLoader: OLEAUT32.dll/DllCanUnloadNow
DynamicLoader: SXS.DLL/SxsOleAut32MapIIDToProxyStubCLSID
DynamicLoader: ADVAPI32.dll/RegQueryValueW
DynamicLoader: SXS.DLL/SxsOleAut32MapIIDToTLBPath
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: ADVAPI32.dll/RegOpenKeyW
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: SXS.DLL/SxsOleAut32MapConfiguredClsidToReferenceClsid
DynamicLoader: SXS.DLL/SxsOleAut32RedirectTypeLibrary
DynamicLoader: propsys.dll/PSStringFromPropertyKey
DynamicLoader: propsys.dll/PSGetPropertyDescription
DynamicLoader: ole32.dll/PropVariantClear
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: propsys.dll/PropVariantToString
DynamicLoader: propsys.dll/InitPropVariantFromStringAsVector
DynamicLoader: propsys.dll/PSCoerceToCanonicalValue
DynamicLoader: USP10.dll/ScriptIsComplex
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: SHELL32.dll/SHGetKnownFolderPath
DynamicLoader: urlmon.dll/URLDownloadToFileW
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager
DynamicLoader: urlmon.dll/CoInternetCreateZoneManager
DynamicLoader: urlmon.dll/CoInternetIsFeatureEnabledForUrl
DynamicLoader: IEUI.dll/DUserPostEvent
DynamicLoader: IEUI.dll/DeleteHandle
DynamicLoader: comctl32.dll/
DynamicLoader: UxTheme.dll/BufferedPaintStopAllAnimations
DynamicLoader: UxTheme.dll/BufferedPaintUnInit
DynamicLoader: IEUI.dll/DUserFlushMessages
DynamicLoader: IEUI.dll/DUserFlushDeferredMessages
DynamicLoader: comctl32.dll/ImageList_Destroy
DynamicLoader: ole32.dll/RevokeDragDrop
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: IEUI.dll/DisableContainerHwnd
DynamicLoader: ole32.dll/CoWaitForMultipleHandles
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: ntdll.dll/RtlDllShutdownInProgress
DynamicLoader: comctl32.dll/
DynamicLoader: LINKINFO.dll/IsValidLinkInfo
DynamicLoader: propsys.dll/
DynamicLoader: propsys.dll/PSGetNameFromPropertyKey
DynamicLoader: propsys.dll/InitVariantFromBuffer
DynamicLoader: OLEAUT32.dll/
DynamicLoader: propsys.dll/PropVariantToGUID
DynamicLoader: comctl32.dll/ImageList_GetImageCount
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: comctl32.dll/ImageList_Write
DynamicLoader: USER32.dll/DestroyWindow
DynamicLoader: comctl32.dll/
DynamicLoader: USER32.dll/CharLowerW
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptCreateHash
DynamicLoader: CRYPTSP.dll/CryptHashData
DynamicLoader: CRYPTSP.dll/CryptGetHashParam
DynamicLoader: CRYPTSP.dll/CryptDestroyHash
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: CRYPT32.dll/CryptUnprotectData
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: CRYPTBASE.dll/SystemFunction041
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: USER32.dll/PostQuitMessage
DynamicLoader: comctl32.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: USER32.dll/UnregisterClassW
DynamicLoader: RPCRT4.dll/RpcEpUnregister
DynamicLoader: RPCRT4.dll/RpcBindingVectorFree
DynamicLoader: RPCRT4.dll/RpcServerUnregisterIf
DynamicLoader: urlmon.dll/
DynamicLoader: ADVAPI32.dll/UnregisterTraceGuids
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: OLEAUT32.dll/
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: ADVAPI32.dll/EventWrite
DynamicLoader: ADVAPI32.dll/EventRegister
DynamicLoader: ADVAPI32.dll/EventUnregister
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/SetProcessDEPPolicy
DynamicLoader: USER32.dll/SetProcessDPIAware
DynamicLoader: SHELL32.dll/SetCurrentProcessExplicitAppUserModelID
DynamicLoader: USER32.dll/GetShellWindow
DynamicLoader: USER32.dll/GetWindowThreadProcessId
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: IEFRAME.dll/
DynamicLoader: kernel32.dll/WerSetFlags
DynamicLoader: comctl32.dll/PropertySheetW
DynamicLoader: comctl32.dll/PropertySheetA
DynamicLoader: comdlg32.dll/PageSetupDlgW
DynamicLoader: comdlg32.dll/PrintDlgW
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: IEShims.dll/IEShims_Initialize
DynamicLoader: kernel32.dll/VirtualProtect
DynamicLoader: USER32.dll/SetWindowsHookExW
DynamicLoader: USER32.dll/FindWindowExA
DynamicLoader: kernel32.dll/WaitForSingleObject
DynamicLoader: USER32.dll/GetWindowThreadProcessId
DynamicLoader: kernel32.dll/CreateProcessW
DynamicLoader: kernel32.dll/CreateProcessA
DynamicLoader: ADVAPI32.dll/RegQueryValueA
DynamicLoader: ntdll.dll/LdrRegisterDllNotification
DynamicLoader: ole32.dll/CoGetApartmentType
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: comctl32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoGetMalloc
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: kernel32.dll/WerRegisterMemoryBlock
DynamicLoader: kernel32.dll/WerUnregisterMemoryBlock
DynamicLoader: USER32.dll/RegisterWindowMessageW
DynamicLoader: RPCRT4.dll/RpcServerUseProtseqW
DynamicLoader: RPCRT4.dll/RpcServerRegisterIfEx
DynamicLoader: RpcRtRemote.dll/I_RpcExtInitializeExtensionPoint
DynamicLoader: RPCRT4.dll/RpcServerInqBindings
DynamicLoader: RPCRT4.dll/RpcEpRegisterW
DynamicLoader: RPCRT4.dll/RpcServerListen
DynamicLoader: SHELL32.dll/SHGetInstanceExplorer
DynamicLoader: USER32.dll/RegisterClassExW
DynamicLoader: USER32.dll/CreateWindowExW
DynamicLoader: USER32.dll/DefWindowProcW
DynamicLoader: USER32.dll/SetWindowLongW
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: USER32.dll/MsgWaitForMultipleObjectsEx
DynamicLoader: urlmon.dll/
DynamicLoader: SHELL32.dll/SHGetFolderPathW
DynamicLoader: ADVAPI32.dll/TraceMessage
DynamicLoader: ADVAPI32.dll/TraceMessageVa
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: sqmapi.dll/SqmGetSession
DynamicLoader: sqmapi.dll/SqmEndSession
DynamicLoader: sqmapi.dll/SqmStartSession
DynamicLoader: sqmapi.dll/SqmStartUpload
DynamicLoader: sqmapi.dll/SqmWaitForUploadComplete
DynamicLoader: sqmapi.dll/SqmSet
DynamicLoader: sqmapi.dll/SqmSetBool
DynamicLoader: sqmapi.dll/SqmSetBits
DynamicLoader: sqmapi.dll/SqmSetString
DynamicLoader: sqmapi.dll/SqmIncrement
DynamicLoader: sqmapi.dll/SqmSetIfMax
DynamicLoader: sqmapi.dll/SqmSetIfMin
DynamicLoader: sqmapi.dll/SqmAddToAverage
DynamicLoader: sqmapi.dll/SqmAddToStreamDWord
DynamicLoader: sqmapi.dll/SqmAddToStreamString
DynamicLoader: sqmapi.dll/SqmSetAppId
DynamicLoader: sqmapi.dll/SqmSetAppVersion
DynamicLoader: sqmapi.dll/SqmSetMachineId
DynamicLoader: sqmapi.dll/SqmSetUserId
DynamicLoader: sqmapi.dll/SqmCreateNewId
DynamicLoader: sqmapi.dll/SqmReadSharedMachineId
DynamicLoader: sqmapi.dll/SqmReadSharedUserId
DynamicLoader: sqmapi.dll/SqmWriteSharedMachineId
DynamicLoader: sqmapi.dll/SqmWriteSharedUserId
DynamicLoader: sqmapi.dll/SqmIsWindowsOptedIn
DynamicLoader: ADVAPI32.dll/OpenThreadToken
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CreateBindCtx
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_Size_ExW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_ExW
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: ADVAPI32.dll/InitializeSecurityDescriptor
DynamicLoader: ADVAPI32.dll/SetEntriesInAclW
DynamicLoader: ntmarta.dll/GetMartaExtensionInterface
DynamicLoader: ADVAPI32.dll/SetSecurityDescriptorDacl
DynamicLoader: ADVAPI32.dll/IsTextUnicode
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: SHELL32.dll/
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: sechost.dll/ConvertSidToStringSidW
DynamicLoader: profapi.dll/
DynamicLoader: propsys.dll/PSCreateMemoryPropertyStore
DynamicLoader: propsys.dll/PSPropertyBag_WriteStr
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/PropVariantClear
DynamicLoader: OLEAUT32.dll/
DynamicLoader: propsys.dll/PSPropertyBag_WriteGUID
DynamicLoader: propsys.dll/PSPropertyBag_ReadGUID
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcBindingSetAuthInfoExW
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: USER32.dll/PostMessageW
DynamicLoader: USER32.dll/PeekMessageW
DynamicLoader: USER32.dll/TranslateMessage
DynamicLoader: USER32.dll/DispatchMessageW
DynamicLoader: USER32.dll/GetWindowLongW
DynamicLoader: WININET.dll/InternetSetOptionW
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: sechost.dll/LookupAccountNameLocalW
DynamicLoader: ADVAPI32.dll/LookupAccountSidW
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptGenRandom
DynamicLoader: ole32.dll/NdrOleInitializeExtension
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ieproxy.dll/DllGetClassObject
DynamicLoader: ieproxy.dll/DllCanUnloadNow
DynamicLoader: SHELL32.dll/SHChangeNotifyRegisterThread
DynamicLoader: comctl32.dll/
DynamicLoader: IEShims.dll/IEShims_SetRedirectRegistryForThread
DynamicLoader: RPCRT4.dll/RpcBindingToStringBindingW
DynamicLoader: RPCRT4.dll/RpcStringBindingParseW
DynamicLoader: RPCRT4.dll/I_RpcBindingInqLocalClientPID
DynamicLoader: RPCRT4.dll/RpcServerInqCallAttributesW
DynamicLoader: RPCRT4.dll/RpcImpersonateClient
DynamicLoader: RPCRT4.dll/RpcRevertToSelf
DynamicLoader: RPCRT4.dll/NdrServerCall2
DynamicLoader: RPCRT4.dll/RpcBindingInqObject
DynamicLoader: apphelp.dll/ApphelpCheckShellObject
DynamicLoader: urlmon.dll/CreateUri
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: ADVAPI32.dll/AddMandatoryAce
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
DynamicLoader: VERSION.dll/GetFileVersionInfoW
DynamicLoader: VERSION.dll/VerQueryValueW
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoW
DynamicLoader: urlmon.dll/CreateURLMonikerEx
DynamicLoader: urlmon.dll/CreateAsyncBindCtxEx
DynamicLoader: urlmon.dll/RegisterBindStatusCallback
DynamicLoader: urlmon.dll/UrlMkGetSessionOption
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: RASAPI32.dll/RasConnectionNotificationW
DynamicLoader: sechost.dll/NotifyServiceStatusChangeA
DynamicLoader: NLAapi.dll/NSPStartup
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: MLANG.dll/
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager
DynamicLoader: urlmon.dll/CoInternetCreateZoneManager
DynamicLoader: urlmon.dll/CoInternetIsFeatureEnabledForUrl
DynamicLoader: comctl32.dll/ImageList_Destroy
DynamicLoader: comctl32.dll/ImageList_LoadImageW
DynamicLoader: comctl32.dll/ImageList_Add
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoExW
DynamicLoader: MLANG.dll/
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoExA
DynamicLoader: UxTheme.dll/OpenThemeData
DynamicLoader: comctl32.dll/
DynamicLoader: UxTheme.dll/IsAppThemed
DynamicLoader: WININET.dll/InternetQueryOptionA
DynamicLoader: GDI32.dll/GetLayout
DynamicLoader: GDI32.dll/GdiRealizationInfo
DynamicLoader: GDI32.dll/FontIsLinked
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
DynamicLoader: GDI32.dll/GetTextFaceAliasW
DynamicLoader: ADVAPI32.dll/RegEnumValueW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: GDI32.dll/GetFontAssocStatus
DynamicLoader: ADVAPI32.dll/RegQueryValueExA
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
DynamicLoader: GDI32.dll/GetTextFaceAliasW
DynamicLoader: ole32.dll/CoInitialize
DynamicLoader: ole32.dll/RegisterDragDrop
DynamicLoader: UxTheme.dll/SetWindowTheme
DynamicLoader: UxTheme.dll/IsThemeActive
DynamicLoader: UxTheme.dll/OpenThemeData
DynamicLoader: GDI32.dll/GetTextExtentExPointWPri
DynamicLoader: urlmon.dll/
DynamicLoader: apphelp.dll/ApphelpCheckShellObject
DynamicLoader: kernel32.dll/FindActCtxSectionStringW
DynamicLoader: kernel32.dll/GetSystemWindowsDirectoryW
DynamicLoader: AcroIEHelper.dll/StubInit
DynamicLoader: AcroIEHelper.dll/StubSetSite
DynamicLoader: AcroIEHelper.dll/StubOnQuit
DynamicLoader: ADVAPI32.dll/RegOpenKeyExA
DynamicLoader: ADVAPI32.dll/RegEnumKeyA
DynamicLoader: ADVAPI32.dll/RegQueryValueExA
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegEnumKeyExA
DynamicLoader: ADVAPI32.dll/RegEnumKeyExA
DynamicLoader: SHLWAPI.dll/PathFileExistsA
DynamicLoader: SHLWAPI.dll/PathFileExistsA
DynamicLoader: SHLWAPI.dll/PathFileExistsA
DynamicLoader: ADVAPI32.dll/RegEnumKeyExA
DynamicLoader: ADVAPI32.dll/RegQueryValueA
DynamicLoader: SXS.DLL/SxsOleAut32RedirectTypeLibrary
DynamicLoader: ADVAPI32.dll/RegOpenKeyW
DynamicLoader: ADVAPI32.dll/RegQueryValueW
DynamicLoader: SXS.DLL/SxsOleAut32MapConfiguredClsidToReferenceClsid
DynamicLoader: comctl32.dll/ImageList_Create
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/ImageList_AddMasked
DynamicLoader: comctl32.dll/LoadIconWithScaleDown
DynamicLoader: comctl32.dll/ImageList_ReplaceIcon
DynamicLoader: urlmon.dll/RevokeBindStatusCallback
DynamicLoader: urlmon.dll/CreateFormatEnumerator
DynamicLoader: OLEAUT32.dll/DllGetClassObject
DynamicLoader: OLEAUT32.dll/DllCanUnloadNow
DynamicLoader: urlmon.dll/CreateIUriBuilder
DynamicLoader: urlmon.dll/IntlPercentEncodeNormalize
DynamicLoader: OLEAUT32.dll/
DynamicLoader: USER32.dll/ChangeWindowMessageFilter
DynamicLoader: DWMAPI.DLL/DwmSetWindowAttribute
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
DynamicLoader: ADVAPI32.dll/RegEnumValueW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: mscoree.dll/
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: mscoreei.dll/RegisterShimImplCallback
DynamicLoader: mscoreei.dll/RegisterShimImplCleanupCallback
DynamicLoader: mscoreei.dll/SetShellShimInstance
DynamicLoader: mscoreei.dll/OnShimDllMainCalled
DynamicLoader: SHELL32.dll/SHCreateAssociationRegistration
DynamicLoader: urlmon.dll/CoInternetIsFeatureEnabled
DynamicLoader: urlmon.dll/QueryAssociations
DynamicLoader: ADVAPI32.dll/SaferiIsExecutableFileType
DynamicLoader: sechost.dll/ConvertStringSidToSidW
DynamicLoader: samcli.dll/NetUserGetLocalGroups
DynamicLoader: SAMLIB.dll/SamConnect
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: SAMLIB.dll/SamEnumerateDomainsInSamServer
DynamicLoader: SAMLIB.dll/SamLookupDomainInSamServer
DynamicLoader: SAMLIB.dll/SamFreeMemory
DynamicLoader: SAMLIB.dll/SamOpenDomain
DynamicLoader: ADVAPI32.dll/LsaOpenPolicy
DynamicLoader: ADVAPI32.dll/LsaLookupNames2
DynamicLoader: ADVAPI32.dll/LsaClose
DynamicLoader: ADVAPI32.dll/LsaFreeMemory
DynamicLoader: SAMLIB.dll/SamGetAliasMembership
DynamicLoader: SAMLIB.dll/SamLookupIdsInDomain
DynamicLoader: SAMLIB.dll/SamCloseHandle
DynamicLoader: netutils.dll/NetApiBufferFree
DynamicLoader: UxTheme.dll/BufferedPaintInit
DynamicLoader: UxTheme.dll/BufferedPaintRenderAnimation
DynamicLoader: UxTheme.dll/BeginBufferedAnimation
DynamicLoader: UxTheme.dll/DrawThemeParentBackground
DynamicLoader: UxTheme.dll/EndBufferedAnimation
DynamicLoader: GDI32.dll/GdiIsMetaPrintDC
DynamicLoader: UxTheme.dll/EnableThemeDialogTexture
DynamicLoader: comctl32.dll/RegisterClassNameW
DynamicLoader: urlmon.dll/
DynamicLoader: USER32.dll/IsWindow
DynamicLoader: USER32.dll/SendMessageW
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: propsys.dll/
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegGetValueW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: propsys.dll/InitPropVariantFromStringAsVector
DynamicLoader: propsys.dll/PSCoerceToCanonicalValue
DynamicLoader: propsys.dll/PropVariantToStringAlloc
DynamicLoader: ole32.dll/CoGetMalloc
DynamicLoader: comctl32.dll/
DynamicLoader: UxTheme.dll/BufferedPaintStopAllAnimations
DynamicLoader: UxTheme.dll/BufferedPaintUnInit
DynamicLoader: ole32.dll/RevokeDragDrop
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: comctl32.dll/
DynamicLoader: IEShims.dll/IEShims_GetOriginatingThreadId
DynamicLoader: comctl32.dll/
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: comctl32.dll/
DynamicLoader: mscoreei.dll/DllCanUnloadNow_RetAddr
DynamicLoader: mscoreei.dll/DllCanUnloadNow
DynamicLoader: USER32.dll/DestroyWindow
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: sechost.dll/ConvertSidToStringSidW
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: ADVAPI32.dll/TraceMessage
DynamicLoader: ADVAPI32.dll/TraceMessageVa
DynamicLoader: MPCLIENT.DLL/MpManagerOpen
DynamicLoader: MPCLIENT.DLL/MpHandleClose
DynamicLoader: MPCLIENT.DLL/MpFreeMemory
DynamicLoader: MPCLIENT.DLL/MpScanStart
DynamicLoader: MPCLIENT.DLL/MpScanResult
DynamicLoader: MPCLIENT.DLL/MpThreatOpen
DynamicLoader: MPCLIENT.DLL/MpThreatEnumerate
DynamicLoader: MPCLIENT.DLL/MpConfigOpen
DynamicLoader: MPCLIENT.DLL/MpConfigGetValue
DynamicLoader: MPCLIENT.DLL/MpConfigClose
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: USER32.dll/GetSystemMetrics
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: WININET.dll/SetUrlCacheEntryInfoW
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: WININET.dll/DeleteUrlCacheEntryW
DynamicLoader: USER32.dll/PostQuitMessage
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: USER32.dll/UnregisterClassW
DynamicLoader: RPCRT4.dll/RpcEpUnregister
DynamicLoader: RPCRT4.dll/RpcBindingVectorFree
DynamicLoader: RPCRT4.dll/RpcServerUnregisterIf
DynamicLoader: IEShims.dll/IEShims_Uninitialize
DynamicLoader: netutils.dll/NetApiBufferFree
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: ADVAPI32.dll/UnregisterTraceGuids
DynamicLoader: ntdll.dll/LdrUnregisterDllNotification
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: ntdll.dll/EtwUnregisterTraceGuids
DynamicLoader: ntdll.dll/EtwUnregisterTraceGuids
Performs HTTP requests potentially not found in PCAP.
url: cvasajhsjkls00pro.co.uk:80//please.exe
Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
regkeyval: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2\ProgramsCache

Screenshots


Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States
N 47.245.30.190 [VT] United States
N 204.79.197.200 [VT] United States

DNS

Name Response Post-Analysis Lookup
cvasajhsjkls00pro.co.uk [VT] A 47.245.30.190 [VT]
www.bing.com [VT] CNAME dual-a-0001.a-msedge.net [VT]
CNAME a-0001.a-afdentry.net.trafficmanager.net [VT]
A 204.79.197.200 [VT]
A 13.107.21.200 [VT]

Summary

Process Tree


iexplore.exe, PID: 1900, Parent PID: 2592
Full Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Command Line: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" "http://cvasajhsjkls00pro.co.uk/please.exe"
iexplore.exe, PID: 1408, Parent PID: 1900
Full Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Command Line: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1900 CREDAT:79873
explorer.exe, PID: 1708, Parent PID: 1660
Full Path: C:\Windows\explorer.exe
Command Line: C:\Windows\Explorer.EXE

Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States
N 47.245.30.190 [VT] United States
N 204.79.197.200 [VT] United States

TCP

Source Source Port Destination Destination Port
192.168.35.22 49169 204.79.197.200 www.bing.com 80
192.168.35.22 49166 47.245.30.190 cvasajhsjkls00pro.co.uk 80

UDP

Source Source Port Destination Destination Port
192.168.35.22 58774 8.8.8.8 53
192.168.35.22 61809 8.8.8.8 53

DNS

Name Response Post-Analysis Lookup
cvasajhsjkls00pro.co.uk [VT] A 47.245.30.190 [VT]
www.bing.com [VT] CNAME dual-a-0001.a-msedge.net [VT]
CNAME a-0001.a-afdentry.net.trafficmanager.net [VT]
A 204.79.197.200 [VT]
A 13.107.21.200 [VT]

HTTP Requests

URI Data
http://cvasajhsjkls00pro.co.uk/please.exe
GET /please.exe HTTP/1.1
Accept: */*
Accept-Language: en-gb
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: cvasajhsjkls00pro.co.uk
Connection: Keep-Alive

http://www.bing.com/favicon.ico
GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.bing.com
Connection: Keep-Alive

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

File name search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Associated Filenames
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
File Size 237 bytes
File Type PNG image data, 16 x 16, 4-bit colormap, non-interlaced
MD5 9fb559a691078558e77d6848202f6541
SHA1 ea13848d33c2c7f4f4baa39348aeb1dbfad3df31
SHA256 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
CRC32 FC87942A
Ssdeep 6:6v/lhPIF6R/C+u1fXNg1XQ3yslRtNO+cKvAElRApGCp:6v/7b/C1fm1ZslRTvAElR47
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name frameiconcache.dat
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\frameiconcache.dat
File Size 9016 bytes
File Type data
MD5 2c230508e5b2bca31093430340ef5cc3
SHA1 9c4165bfbbc842f6b728bc46c71bd27d8de89b7c
SHA256 e2e79e702015eb59948e70cbf55eb7229f93039b9f1f609b356bb2150be0864a
CRC32 BCA7CD1D
Ssdeep 24:V6T6EEW/O9Kpa8hranXRqKcUl849ajPaW9CW:V6T6vqGKLanXsKcUl84mj
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name {52A51E17-EAA3-11E9-A15D-000C29BA3DA7}.dat
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{52A51E17-EAA3-11E9-A15D-000C29BA3DA7}.dat
File Size 4096 bytes
File Type Composite Document File V2 Document, No summary info
MD5 a5f76341e67dec40f646d1dce3d4c5fe
SHA1 4151313c0573c2c304d2a035239b9dc2f7a6b1ae
SHA256 b129323adcf514806cd6431d3b6798b30ebe623e882ff6c1e26083fa3d777038
CRC32 CD4FBFBA
Ssdeep 12:rl0YmGFHrEgm8GL7KFR7rEgm8Gz7qPNlCgiNl26a1t:rFG8B7G8JNlLiNlI1t
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name index.dat
Associated Filenames
C:\Users\user\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
File Size 262144 bytes
File Type Internet Explorer cache file version Ver 5.2
MD5 ddbecc908f2912f29cbc33167cbc761c
SHA1 bd6802a9c64297c31c41ccb0e60eb51077fe30fd
SHA256 e69ea3946826728a51fc5ee78a9272d77514179310342224c6cc111267b6b49d
CRC32 1DF8D0A8
Ssdeep 768:pFFwZHofW9CFWNw3fcOIkim+GYZxWSDG:rFwZIfW9AWmvcOITm+GYZxWsG
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name please[1].exe
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\please[1].exe
File Size 224668 bytes
File Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 cbc63e62af2925e721649430cc5f137e
SHA1 fa59cfd5f1ed04e241cc126ceebaa6fa056627d2
SHA256 09ffc684e383c504484f1746168f0fa56ea634cb18740350e7ebe0149ddde0ac
CRC32 3B3059FF
Ssdeep 3072:TwveaRJPLvqSPAYAm3pLzahXA9CGJkYs5V+Zfac2PY2GgL/i0vvd3bC7quV:0ve20SPGqLawSfgZG7R/i0FpW
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name index.dat
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Feeds Cache\index.dat
File Size 32768 bytes
File Type Internet Explorer cache file version Ver 5.2
MD5 077eb5d924c84ec41447ad7795b38734
SHA1 e3b4793862bb370db5ddd3cb5e607034172336e1
SHA256 06813b4ee292b191c05cb15febfba874e7f4caac47a8c3081041a20880708209
CRC32 E2F624C0
Ssdeep 48:q3xbTpYVfruSYufruXYsfAjYmeKZ6MYCI:qZTuVfrutufruIsfAc26Lv
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name RecoveryStore.{4BE295B3-EAA3-11E9-A15D-000C29BA3DA7}.dat
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4BE295B3-EAA3-11E9-A15D-000C29BA3DA7}.dat
File Size 5120 bytes
File Type Composite Document File V2 Document, No summary info
MD5 c1efec1ef174fc4b092a27e7ffb41af3
SHA1 c433563d69a83655096aba51073f86cf77a6f2b9
SHA256 dd09c2430629546febb108b3f3740e679a3391150a764cbd30e1d1d50a677d7f
CRC32 3DEFDF04
Ssdeep 24:rLlTG5/k8yw5/OMkNlW1tbVFflQNlW1tbVFrL:r1G5cW5GEHbV7dHbV
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name index.dat
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
File Size 32768 bytes
File Type Internet Explorer cache file version Ver 5.2
MD5 15f1793d145ef06def1cba376628eef7
SHA1 b267c307bdb05bc416fa9a058b804f13e27afa57
SHA256 fe25e0555372ef6dce5e8510446a4441ab2c289bfcca834e9afbd45601da2622
CRC32 7BD6EC3E
Ssdeep 3:qRFiJ2totWIltvlVl:qjyx
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name index.dat
Associated Filenames
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
File Size 32768 bytes
File Type Internet Explorer cache file version Ver 5.2
MD5 e02b5c7b25280da487209bd48b4163f9
SHA1 7d440a9292567af8570c34e52d03aed14405ae00
SHA256 42bc5d24dab11bbeb8fd93b797b3c5b7e70fee667293a32691767580f1a01a73
CRC32 9703369D
Ssdeep 48:qsLf/ZJLH3ZxqT/mf7RCpwV+4igHDt/UwbmXhBgkBVGWYCIh:qsb/Zp/q0lV9Nbojbm
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name index.dat
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
File Size 65536 bytes
File Type Internet Explorer cache file version Ver 5.2
MD5 dc1951ea838e1674766788464ee82680
SHA1 49c65becc164b5bde02e5fe06a4a071fb3d6dcc8
SHA256 c49a0d2d92acdadb1e850d79b73f2856e2e4db15a2e5d56a2c4efb02af59cbac
CRC32 D7F538D2
Ssdeep 384:nWkjxBNPrNa73dg3skdVQnQeW+4fTJ16ziXrAsjCCtn/NJ03:jBNaCdBr/CSl
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
Sorry! No CAPE files.
Process Name iexplore.exe
PID 1408
Dump Size 663040 bytes
Module Path C:\Program Files (x86)\Internet Explorer\iexplore.exe
Type PE image: 32-bit executable
MD5 481921f104b75bedfc1c812ee1c7559c
SHA1 94c0676c09f71f30bc5849447cb1a63dca647b0f
SHA256 2a4396c73e8c75c82b050686d084e1b201b919df05b81921c3d25e4ec7db7302
CRC32 990B424E
Ssdeep 12288:3PX+pd167QhE0s7+jM+M6ugRfMMkIM7ovX+pd167QhE0u7+:fE6Ehg7mM+M6RkMkIM7gE6Eh67
ClamAV None
Yara None matched
CAPE Yara None matched
Dump Filename 2a4396c73e8c75c82b050686d084e1b201b919df05b81921c3d25e4ec7db7302
Download
Process Name iexplore.exe
PID 1900
Dump Size 663040 bytes
Module Path C:\Program Files (x86)\Internet Explorer\iexplore.exe
Type PE image: 32-bit executable
MD5 68014f7e302d9d0a5e47170f7b50bb47
SHA1 cf6798a912a665be2a519854f5c59c11d27475db
SHA256 909030acc3be0ca77a26427f0d82fcc6c57481540370d4cf59365d0393036a5c
CRC32 E74B9C62
Ssdeep 12288:0PX+pd167QhE0s7+jM+M6ugRfMMkIM7ovX+pd167QhE0u7+:wE6Ehg7mM+M6RkMkIM7gE6Eh67
ClamAV None
Yara None matched
CAPE Yara None matched
Dump Filename 909030acc3be0ca77a26427f0d82fcc6c57481540370d4cf59365d0393036a5c
Download
Process Name explorer.exe
PID 1708
Dump Size 2861568 bytes
Module Path C:\Windows\explorer.exe
Type PE image: 64-bit executable
MD5 7cca41c4979fb5254d1bc151f8a875dd
SHA1 82975eb17074f24e7f2906b0dfcd2db35b27d5dc
SHA256 d883d9fb999e38385fef41664977ed720505553af732f87c380a430f48d854c7
CRC32 EB3EA8B1
Ssdeep 49152:8xrceI/lIRYraisQhFCU4NqvYYYYYYYYYYYRYYYYYYYYYYE3iA7/eFUJN9ojosod:OrcPlIWykvYYYYYYYYYYYRYYYYYYYYYh
ClamAV None
Yara None matched
CAPE Yara None matched
Dump Filename d883d9fb999e38385fef41664977ed720505553af732f87c380a430f48d854c7
Download

Comments



No comments posted

Processing ( 17.65 seconds )

  • 10.022 Static
  • 4.131 BehaviorAnalysis
  • 2.44 ProcDump
  • 0.384 Dropped
  • 0.373 Deduplicate
  • 0.151 NetworkAnalysis
  • 0.147 AnalysisInfo
  • 0.002 Debug

Signatures ( 3.166 seconds )

  • 0.829 antidbg_windows
  • 0.624 antiav_detectreg
  • 0.213 infostealer_ftp
  • 0.13 antianalysis_detectreg
  • 0.124 NewtWire Behavior
  • 0.121 api_spamming
  • 0.118 infostealer_im
  • 0.094 antivm_generic_scsi
  • 0.079 infostealer_mail
  • 0.068 antivm_vbox_keys
  • 0.063 antivm_generic_services
  • 0.047 antivm_vbox_window
  • 0.046 antivm_vmware_keys
  • 0.037 antisandbox_script_timer
  • 0.034 antivm_parallels_keys
  • 0.033 kibex_behavior
  • 0.033 stealth_timeout
  • 0.033 antivm_xen_keys
  • 0.033 darkcomet_regkeys
  • 0.024 betabot_behavior
  • 0.023 geodo_banking_trojan
  • 0.022 antivm_generic_diskreg
  • 0.021 antivm_vpc_keys
  • 0.018 recon_programs
  • 0.018 mimics_filetime
  • 0.016 Doppelganging
  • 0.015 antivm_generic_disk
  • 0.011 bootkit
  • 0.011 virus
  • 0.011 antivm_xen_keys
  • 0.011 antivm_hyperv_keys
  • 0.011 bypass_firewall
  • 0.011 packer_armadillo_regkey
  • 0.011 remcos_regkeys
  • 0.009 uac_bypass_eventvwr
  • 0.009 ransomware_files
  • 0.009 recon_fingerprint
  • 0.008 antiav_detectfile
  • 0.007 injection_createremotethread
  • 0.007 InjectionCreateRemoteThread
  • 0.007 hancitor_behavior
  • 0.006 dynamic_function_loading
  • 0.005 malicious_dynamic_function_loading
  • 0.005 antiemu_wine_func
  • 0.005 InjectionProcessHollowing
  • 0.005 infostealer_browser_password
  • 0.005 injection_runpe
  • 0.005 infostealer_bitcoin
  • 0.004 InjectionInterProcess
  • 0.004 stack_pivot
  • 0.004 persistence_autorun
  • 0.004 kovter_behavior
  • 0.004 ransomware_extensions
  • 0.003 antivm_vbox_libs
  • 0.003 antidebug_guardpages
  • 0.003 exploit_heapspray
  • 0.003 exploit_getbasekerneladdress
  • 0.003 antivm_vbox_files
  • 0.002 antiav_avast_libs
  • 0.002 exploit_gethaldispatchtable
  • 0.002 InjectionSetWindowLong
  • 0.002 vawtrak_behavior
  • 0.002 antianalysis_detectfile
  • 0.002 antiemu_wine_reg
  • 0.002 antivm_generic_bios
  • 0.002 antivm_generic_cpu
  • 0.002 antivm_generic_system
  • 0.002 browser_security
  • 0.002 disables_browser_warn
  • 0.001 stack_pivot_file_created
  • 0.001 tinba_behavior
  • 0.001 hawkeye_behavior
  • 0.001 network_tor
  • 0.001 sets_autoconfig_url
  • 0.001 rat_nanocore
  • 0.001 infostealer_browser
  • 0.001 dridex_behavior
  • 0.001 injection_explorer
  • 0.001 modifies_desktop_wallpaper
  • 0.001 Vidar Behavior
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 antisandbox_sboxie_libs
  • 0.001 ipc_namedpipe
  • 0.001 EvilGrab
  • 0.001 exec_crash
  • 0.001 Raccoon Behavior
  • 0.001 neshta_files
  • 0.001 cerber_behavior
  • 0.001 antiav_bitdefender_libs
  • 0.001 antidbg_devices
  • 0.001 antivm_vmware_files
  • 0.001 ie_martian_children
  • 0.001 network_torgateway

Reporting ( 0.041 seconds )

  • 0.041 CompressResults
Task ID 94307
Mongo ID 5d9df344f69fab997c671828
Cuckoo release 1.3-CAPE
Delete