Analysis

Category Package Started Completed Duration Options Log
URL ie 2019-10-09 17:16:07 2019-10-09 17:19:55 228 seconds Show Options Show Log
route = internet
procdump = 1
2019-10-09 18:16:07,015 [root] INFO: Date set to: 10-09-19, time set to: 17:16:07, timeout set to: 200
2019-10-09 18:16:07,030 [root] DEBUG: Starting analyzer from: C:\sjazhvuj
2019-10-09 18:16:07,030 [root] DEBUG: Storing results at: C:\jBcdvE
2019-10-09 18:16:07,030 [root] DEBUG: Pipe server name: \\.\PIPE\GwdKVcG
2019-10-09 18:16:07,030 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2019-10-09 18:16:07,030 [root] INFO: Automatically selected analysis package "ie"
2019-10-09 18:16:07,638 [root] DEBUG: Started auxiliary module Browser
2019-10-09 18:16:07,638 [root] DEBUG: Started auxiliary module Curtain
2019-10-09 18:16:07,638 [modules.auxiliary.digisig] DEBUG: Skipping authenticode validation, analysis is not a file.
2019-10-09 18:16:07,638 [root] DEBUG: Started auxiliary module DigiSig
2019-10-09 18:16:07,638 [root] DEBUG: Started auxiliary module Disguise
2019-10-09 18:16:07,638 [root] DEBUG: Started auxiliary module Human
2019-10-09 18:16:07,638 [root] DEBUG: Started auxiliary module Screenshots
2019-10-09 18:16:07,638 [root] DEBUG: Started auxiliary module Sysmon
2019-10-09 18:16:07,654 [root] DEBUG: Started auxiliary module Usage
2019-10-09 18:16:07,654 [root] INFO: Analyzer: Package modules.packages.ie does not specify a DLL option
2019-10-09 18:16:07,654 [root] INFO: Analyzer: Package modules.packages.ie does not specify a DLL_64 option
2019-10-09 18:16:07,872 [lib.api.process] INFO: Successfully executed process from path "C:\Program Files (x86)\Internet Explorer\iexplore.exe" with arguments ""https://www.dropbox.com/s/xz9tpfakqrqf56x/PDF%21One_%281%29%20%281%29.pdf?dl=0"" with pid 1876
2019-10-09 18:16:10,884 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-10-09 18:16:10,884 [lib.api.process] INFO: 32-bit DLL to inject is C:\sjazhvuj\dll\bkFHWq.dll, loader C:\sjazhvuj\bin\AaxLWpu.exe
2019-10-09 18:16:10,946 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\GwdKVcG.
2019-10-09 18:16:10,946 [root] DEBUG: Loader: Injecting process 1876 (thread 2040) with C:\sjazhvuj\dll\bkFHWq.dll.
2019-10-09 18:16:10,946 [root] DEBUG: Process image base: 0x00380000
2019-10-09 18:16:10,946 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\sjazhvuj\dll\bkFHWq.dll.
2019-10-09 18:16:10,946 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x00426000 - 0x77110000
2019-10-09 18:16:10,946 [root] DEBUG: InjectDllViaIAT: Allocated 0x214 bytes for new import table at 0x00430000.
2019-10-09 18:16:10,946 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-10-09 18:16:10,946 [root] DEBUG: Successfully injected DLL C:\sjazhvuj\dll\bkFHWq.dll.
2019-10-09 18:16:10,946 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1876
2019-10-09 18:16:12,959 [lib.api.process] INFO: Successfully resumed process with pid 1876
2019-10-09 18:16:13,348 [root] INFO: Added new process to list with pid: 1876
2019-10-09 18:16:13,505 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-10-09 18:16:13,505 [root] DEBUG: Process dumps enabled.
2019-10-09 18:16:13,691 [root] INFO: Disabling sleep skipping.
2019-10-09 18:16:13,691 [root] INFO: Disabling sleep skipping.
2019-10-09 18:16:13,691 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-10-09 18:16:13,691 [root] INFO: Disabling sleep skipping.
2019-10-09 18:16:13,691 [root] INFO: Disabling sleep skipping.
2019-10-09 18:16:13,691 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 1876 at 0x747e0000, image base 0x380000, stack from 0x202000-0x210000
2019-10-09 18:16:13,691 [root] DEBUG: Commandline: C:\Users\user\AppData\Local\Temp\"C:\Program Files (x86)\Internet Explorer\iexplore.exe" "https:\www.dropbox.com\s\xz9tpfakqrqf56x\PDF-- UNKNOWN FORMAT STRING -- 1One_-- UNKNOWN FORMAT STRING -- 81-- UNKNOWN FORMAT STRING -- 9-- UNKNOWN FORMAT STRING -- 0-- UNKNOWN FORMAT STRING -- 81-- UNKNOWN FORMAT STRING -- 9.pdf?dl=0".
2019-10-09 18:16:13,691 [root] INFO: Monitor successfully loaded in process with pid 1876.
2019-10-09 18:16:13,739 [root] DEBUG: DLL unloaded from 0x754F0000.
2019-10-09 18:16:13,816 [root] DEBUG: DLL loaded at 0x72F70000: C:\Windows\system32\IEFRAME (0xa80000 bytes).
2019-10-09 18:16:13,848 [root] DEBUG: DLL loaded at 0x74990000: C:\Windows\system32\OLEACC (0x3c000 bytes).
2019-10-09 18:16:13,864 [root] DEBUG: DLL loaded at 0x743A0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32 (0x19e000 bytes).
2019-10-09 18:16:13,941 [root] DEBUG: DLL loaded at 0x74980000: C:\Windows\system32\profapi (0xb000 bytes).
2019-10-09 18:16:13,957 [root] DEBUG: DLL loaded at 0x75D00000: C:\Windows\syswow64\ws2_32 (0x35000 bytes).
2019-10-09 18:16:13,957 [root] DEBUG: DLL loaded at 0x75130000: C:\Windows\syswow64\NSI (0x6000 bytes).
2019-10-09 18:16:13,973 [root] DEBUG: DLL loaded at 0x74B50000: C:\Windows\system32\dnsapi (0x44000 bytes).
2019-10-09 18:16:13,973 [root] DEBUG: DLL loaded at 0x74960000: C:\Windows\system32\iphlpapi (0x1c000 bytes).
2019-10-09 18:16:13,973 [root] DEBUG: DLL loaded at 0x74950000: C:\Windows\system32\WINNSI (0x7000 bytes).
2019-10-09 18:16:13,973 [root] DEBUG: DLL loaded at 0x74EB0000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2019-10-09 18:16:14,003 [root] DEBUG: DLL loaded at 0x74340000: C:\Windows\System32\netprofm (0x5a000 bytes).
2019-10-09 18:16:14,003 [root] DEBUG: DLL loaded at 0x74BD0000: C:\Windows\System32\nlaapi (0x10000 bytes).
2019-10-09 18:16:14,019 [root] DEBUG: DLL loaded at 0x74C70000: C:\Windows\system32\CRYPTSP (0x16000 bytes).
2019-10-09 18:16:14,035 [root] DEBUG: DLL loaded at 0x74C30000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2019-10-09 18:16:14,035 [root] DEBUG: DLL loaded at 0x74940000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2019-10-09 18:16:14,035 [root] DEBUG: DLL unloaded from 0x74340000.
2019-10-09 18:16:14,051 [root] DEBUG: DLL loaded at 0x750B0000: C:\Windows\syswow64\comdlg32 (0x7b000 bytes).
2019-10-09 18:16:14,112 [root] DEBUG: DLL loaded at 0x74360000: C:\Program Files (x86)\Internet Explorer\sqmapi (0x33000 bytes).
2019-10-09 18:16:14,128 [root] DEBUG: DLL unloaded from 0x76C00000.
2019-10-09 18:16:14,128 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-10-09 18:16:14,144 [root] DEBUG: DLL unloaded from 0x74360000.
2019-10-09 18:16:14,144 [root] DEBUG: DLL loaded at 0x749D0000: C:\Windows\system32\ntmarta (0x21000 bytes).
2019-10-09 18:16:14,144 [root] DEBUG: DLL loaded at 0x76EA0000: C:\Windows\syswow64\WLDAP32 (0x45000 bytes).
2019-10-09 18:16:14,160 [root] DEBUG: DLL unloaded from 0x772F0000.
2019-10-09 18:16:14,160 [root] DEBUG: DLL loaded at 0x74930000: C:\Windows\system32\VERSION (0x9000 bytes).
2019-10-09 18:16:14,269 [root] DEBUG: DLL unloaded from 0x74F40000.
2019-10-09 18:16:14,269 [root] DEBUG: DLL loaded at 0x74AF0000: C:\Windows\system32\apphelp (0x4c000 bytes).
2019-10-09 18:16:14,285 [root] INFO: Announced 32-bit process name: iexplore.exe pid: 3040
2019-10-09 18:16:14,285 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-10-09 18:16:14,285 [lib.api.process] INFO: 32-bit DLL to inject is C:\sjazhvuj\dll\bkFHWq.dll, loader C:\sjazhvuj\bin\AaxLWpu.exe
2019-10-09 18:16:14,299 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\GwdKVcG.
2019-10-09 18:16:14,299 [root] DEBUG: Loader: Injecting process 3040 (thread 3036) with C:\sjazhvuj\dll\bkFHWq.dll.
2019-10-09 18:16:14,299 [root] DEBUG: Process image base: 0x00380000
2019-10-09 18:16:14,299 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\sjazhvuj\dll\bkFHWq.dll.
2019-10-09 18:16:14,299 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x00426000 - 0x00430000
2019-10-09 18:16:14,299 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x00530000 - 0x77110000
2019-10-09 18:16:14,299 [root] DEBUG: InjectDllViaIAT: Allocated 0x214 bytes for new import table at 0x00530000.
2019-10-09 18:16:14,299 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-10-09 18:16:14,299 [root] DEBUG: Successfully injected DLL C:\sjazhvuj\dll\bkFHWq.dll.
2019-10-09 18:16:14,299 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3040
2019-10-09 18:16:14,299 [root] DEBUG: DLL unloaded from 0x00380000.
2019-10-09 18:16:14,299 [root] INFO: Announced 32-bit process name: iexplore.exe pid: 3040
2019-10-09 18:16:14,299 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-10-09 18:16:14,299 [lib.api.process] INFO: 32-bit DLL to inject is C:\sjazhvuj\dll\bkFHWq.dll, loader C:\sjazhvuj\bin\AaxLWpu.exe
2019-10-09 18:16:14,299 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\GwdKVcG.
2019-10-09 18:16:14,299 [root] DEBUG: Loader: Injecting process 3040 (thread 3036) with C:\sjazhvuj\dll\bkFHWq.dll.
2019-10-09 18:16:14,299 [root] DEBUG: Process image base: 0x00380000
2019-10-09 18:16:14,299 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\sjazhvuj\dll\bkFHWq.dll.
2019-10-09 18:16:14,299 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2019-10-09 18:16:14,299 [root] DEBUG: Successfully injected DLL C:\sjazhvuj\dll\bkFHWq.dll.
2019-10-09 18:16:14,299 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3040
2019-10-09 18:16:14,299 [root] DEBUG: DLL loaded at 0x74340000: C:\Windows\system32\RASAPI32 (0x52000 bytes).
2019-10-09 18:16:14,299 [root] DEBUG: DLL loaded at 0x74320000: C:\Windows\system32\rasman (0x15000 bytes).
2019-10-09 18:16:14,299 [root] DEBUG: DLL unloaded from 0x74340000.
2019-10-09 18:16:14,315 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-10-09 18:16:14,315 [root] DEBUG: Process dumps enabled.
2019-10-09 18:16:14,315 [root] INFO: Disabling sleep skipping.
2019-10-09 18:16:14,315 [root] DEBUG: DLL loaded at 0x747D0000: C:\Windows\system32\rtutils (0xd000 bytes).
2019-10-09 18:16:14,315 [root] DEBUG: DLL unloaded from 0x747D0000.
2019-10-09 18:16:14,315 [root] DEBUG: DLL unloaded from 0x74320000.
2019-10-09 18:16:14,315 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-10-09 18:16:14,315 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 3040 at 0x747e0000, image base 0x380000, stack from 0x522000-0x530000
2019-10-09 18:16:14,315 [root] DEBUG: Commandline: C:\Users\user\Desktop\"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1876 CREDAT:79873.
2019-10-09 18:16:14,315 [root] INFO: Added new process to list with pid: 3040
2019-10-09 18:16:14,315 [root] INFO: Monitor successfully loaded in process with pid 3040.
2019-10-09 18:16:14,315 [root] DEBUG: DLL unloaded from 0x754F0000.
2019-10-09 18:16:14,315 [root] DEBUG: DLL unloaded from 0x75600000.
2019-10-09 18:16:14,315 [root] DEBUG: DLL loaded at 0x72F70000: C:\Windows\system32\IEFRAME (0xa80000 bytes).
2019-10-09 18:16:14,315 [root] DEBUG: DLL loaded at 0x74310000: C:\Windows\system32\sensapi (0x6000 bytes).
2019-10-09 18:16:14,315 [root] DEBUG: DLL loaded at 0x74990000: C:\Windows\system32\OLEACC (0x3c000 bytes).
2019-10-09 18:16:14,315 [root] DEBUG: DLL loaded at 0x743A0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32 (0x19e000 bytes).
2019-10-09 18:16:14,315 [root] DEBUG: DLL loaded at 0x750B0000: C:\Windows\syswow64\comdlg32 (0x7b000 bytes).
2019-10-09 18:16:14,332 [root] DEBUG: DLL loaded at 0x74BD0000: C:\Windows\system32\NLAapi (0x10000 bytes).
2019-10-09 18:16:14,346 [root] DEBUG: DLL loaded at 0x74BC0000: C:\Windows\system32\napinsp (0x10000 bytes).
2019-10-09 18:16:14,346 [root] DEBUG: DLL loaded at 0x74BA0000: C:\Windows\system32\pnrpnsp (0x12000 bytes).
2019-10-09 18:16:14,362 [root] DEBUG: DLL loaded at 0x742D0000: C:\Program Files (x86)\Internet Explorer\IEShims (0x35000 bytes).
2019-10-09 18:16:14,378 [root] DEBUG: DLL loaded at 0x74940000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2019-10-09 18:16:14,378 [root] DEBUG: DLL loaded at 0x74BF0000: C:\Windows\System32\mswsock (0x3c000 bytes).
2019-10-09 18:16:14,378 [root] DEBUG: DLL loaded at 0x74290000: C:\Program Files (x86)\Internet Explorer\sqmapi (0x33000 bytes).
2019-10-09 18:16:14,378 [root] DEBUG: DLL unloaded from 0x76C00000.
2019-10-09 18:16:14,378 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-10-09 18:16:14,378 [root] DEBUG: DLL unloaded from 0x74290000.
2019-10-09 18:16:14,378 [root] DEBUG: DLL loaded at 0x74B40000: C:\Windows\System32\winrnr (0x8000 bytes).
2019-10-09 18:16:14,394 [root] DEBUG: DLL loaded at 0x74BE0000: C:\Windows\System32\wshtcpip (0x5000 bytes).
2019-10-09 18:16:14,394 [root] DEBUG: DLL loaded at 0x742C0000: C:\Windows\System32\wship6 (0x6000 bytes).
2019-10-09 18:16:14,394 [root] DEBUG: DLL loaded at 0x742B0000: C:\Windows\system32\rasadhlp (0x6000 bytes).
2019-10-09 18:16:14,394 [root] DEBUG: DLL loaded at 0x74270000: C:\Windows\System32\fwpuclnt (0x38000 bytes).
2019-10-09 18:16:14,410 [root] DEBUG: DLL loaded at 0x75A70000: C:\Windows\syswow64\SETUPAPI (0x19d000 bytes).
2019-10-09 18:16:14,410 [root] DEBUG: DLL loaded at 0x75A10000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2019-10-09 18:16:14,410 [root] DEBUG: DLL loaded at 0x75D40000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2019-10-09 18:16:14,410 [root] DEBUG: DLL loaded at 0x74210000: C:\Windows\System32\netprofm (0x5a000 bytes).
2019-10-09 18:16:14,410 [root] INFO: Announced 64-bit process name: explorer.exe pid: 1632
2019-10-09 18:16:14,410 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-10-09 18:16:14,410 [root] DEBUG: DLL loaded at 0x741F0000: C:\Windows\system32\DHCPCSVC (0x12000 bytes).
2019-10-09 18:16:14,410 [lib.api.process] INFO: 64-bit DLL to inject is C:\sjazhvuj\dll\heFjPQ.dll, loader C:\sjazhvuj\bin\namhqxVT.exe
2019-10-09 18:16:14,424 [root] DEBUG: DLL loaded at 0x741E0000: C:\Windows\system32\dhcpcsvc6 (0xd000 bytes).
2019-10-09 18:16:14,424 [root] DEBUG: DLL unloaded from 0x74960000.
2019-10-09 18:16:14,424 [root] DEBUG: DLL unloaded from 0x741F0000.
2019-10-09 18:16:14,424 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\GwdKVcG.
2019-10-09 18:16:14,424 [root] DEBUG: Loader: Injecting process 1632 (thread 0) with C:\sjazhvuj\dll\heFjPQ.dll.
2019-10-09 18:16:14,424 [root] DEBUG: InjectDll: No thread ID supplied. Initial thread ID 1636, handle 0x84
2019-10-09 18:16:14,424 [root] DEBUG: DLL unloaded from 0x75E70000.
2019-10-09 18:16:14,424 [root] DEBUG: Process image base: 0x00000000FF900000
2019-10-09 18:16:14,424 [root] DEBUG: InjectDllViaIAT: Not a new process, aborting IAT patch
2019-10-09 18:16:14,424 [root] DEBUG: InjectDll: IAT patching failed, falling back to thread injection.
2019-10-09 18:16:14,440 [root] DEBUG: DLL loaded at 0x74EB0000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2019-10-09 18:16:14,440 [root] DEBUG: DLL loaded at 0x74000000: C:\Windows\system32\propsys (0xf5000 bytes).
2019-10-09 18:16:14,456 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-10-09 18:16:14,456 [root] DEBUG: Process dumps enabled.
2019-10-09 18:16:14,456 [root] INFO: Disabling sleep skipping.
2019-10-09 18:16:14,456 [root] DEBUG: DLL loaded at 0x749D0000: C:\Windows\system32\ntmarta (0x21000 bytes).
2019-10-09 18:16:14,456 [root] DEBUG: DLL loaded at 0x76EA0000: C:\Windows\syswow64\WLDAP32 (0x45000 bytes).
2019-10-09 18:16:14,487 [root] DEBUG: DLL loaded at 0x74980000: C:\Windows\system32\profapi (0xb000 bytes).
2019-10-09 18:16:14,503 [root] WARNING: Unable to place hook on LockResource
2019-10-09 18:16:14,503 [root] WARNING: Unable to hook LockResource
2019-10-09 18:16:14,581 [root] DEBUG: CAPE initialised: 64-bit base package loaded in process 1632 at 0x0000000074100000, image base 0x00000000FF900000, stack from 0x00000000072A2000-0x00000000072B0000
2019-10-09 18:16:14,581 [root] DEBUG: Commandline: C:\Windows\explorer.exe.
2019-10-09 18:16:14,581 [root] INFO: Added new process to list with pid: 1632
2019-10-09 18:16:14,581 [root] INFO: Monitor successfully loaded in process with pid 1632.
2019-10-09 18:16:14,581 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2019-10-09 18:16:14,581 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2019-10-09 18:16:14,581 [root] DEBUG: Successfully injected DLL C:\sjazhvuj\dll\heFjPQ.dll.
2019-10-09 18:16:14,611 [root] DEBUG: DLL loaded at 0x73FD0000: C:\Windows\system32\IEUI (0x2d000 bytes).
2019-10-09 18:16:14,628 [root] DEBUG: DLL loaded at 0x73FC0000: C:\Windows\system32\MSIMG32 (0x5000 bytes).
2019-10-09 18:16:14,658 [root] DEBUG: DLL loaded at 0x73F90000: C:\Program Files (x86)\Internet Explorer\ieproxy (0x2b000 bytes).
2019-10-09 18:16:14,658 [root] DEBUG: DLL loaded at 0x74000000: C:\Windows\system32\propsys (0xf5000 bytes).
2019-10-09 18:16:14,674 [root] DEBUG: DLL unloaded from 0x74000000.
2019-10-09 18:16:14,690 [root] DEBUG: DLL loaded at 0x73F80000: C:\Windows\system32\mssprxy (0xc000 bytes).
2019-10-09 18:16:14,706 [root] DEBUG: DLL loaded at 0x73F00000: C:\Windows\system32\UxTheme (0x80000 bytes).
2019-10-09 18:16:14,892 [root] DEBUG: DLL loaded at 0x75A70000: C:\Windows\syswow64\SETUPAPI (0x19d000 bytes).
2019-10-09 18:16:14,892 [root] DEBUG: DLL loaded at 0x75A10000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2019-10-09 18:16:14,892 [root] DEBUG: DLL loaded at 0x75D40000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2019-10-09 18:16:14,892 [root] DEBUG: DLL unloaded from 0x75E70000.
2019-10-09 18:16:14,924 [root] DEBUG: DLL loaded at 0x73ED0000: C:\Windows\system32\xmllite (0x2f000 bytes).
2019-10-09 18:16:15,033 [root] DEBUG: DLL loaded at 0x73D60000: C:\Windows\system32\explorerframe (0x16f000 bytes).
2019-10-09 18:16:15,049 [root] DEBUG: DLL loaded at 0x73D30000: C:\Windows\system32\DUser (0x2f000 bytes).
2019-10-09 18:16:15,065 [root] DEBUG: DLL loaded at 0x73C70000: C:\Windows\system32\DUI70 (0xb2000 bytes).
2019-10-09 18:16:15,190 [root] DEBUG: DLL loaded at 0x75D00000: C:\Windows\syswow64\ws2_32 (0x35000 bytes).
2019-10-09 18:16:15,190 [root] DEBUG: DLL loaded at 0x75130000: C:\Windows\syswow64\NSI (0x6000 bytes).
2019-10-09 18:16:15,190 [root] DEBUG: DLL loaded at 0x74B50000: C:\Windows\system32\dnsapi (0x44000 bytes).
2019-10-09 18:16:15,190 [root] DEBUG: DLL loaded at 0x74960000: C:\Windows\system32\iphlpapi (0x1c000 bytes).
2019-10-09 18:16:15,190 [root] DEBUG: DLL loaded at 0x74950000: C:\Windows\system32\WINNSI (0x7000 bytes).
2019-10-09 18:16:15,204 [root] DEBUG: DLL loaded at 0x74C70000: C:\Windows\system32\CRYPTSP (0x16000 bytes).
2019-10-09 18:16:15,204 [root] DEBUG: DLL loaded at 0x74C30000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2019-10-09 18:16:15,204 [root] DEBUG: DLL loaded at 0x73F90000: C:\Program Files (x86)\Internet Explorer\ieproxy (0x2b000 bytes).
2019-10-09 18:16:15,220 [root] DEBUG: DLL loaded at 0x73BD0000: C:\Windows\system32\msfeeds (0x96000 bytes).
2019-10-09 18:16:15,299 [root] DEBUG: DLL loaded at 0x73BA0000: C:\Windows\system32\MLANG (0x2e000 bytes).
2019-10-09 18:16:15,299 [root] DEBUG: DLL loaded at 0x751A0000: C:\Windows\syswow64\Normaliz (0x3000 bytes).
2019-10-09 18:16:15,329 [root] DEBUG: DLL loaded at 0x74AF0000: C:\Windows\system32\apphelp (0x4c000 bytes).
2019-10-09 18:16:15,329 [root] DEBUG: DLL loaded at 0x73BA0000: C:\Windows\system32\MLANG (0x2e000 bytes).
2019-10-09 18:16:15,345 [root] DEBUG: DLL loaded at 0x73F00000: C:\Windows\system32\UxTheme (0x80000 bytes).
2019-10-09 18:16:15,361 [root] DEBUG: DLL loaded at 0x73B80000: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim (0x11000 bytes).
2019-10-09 18:16:15,361 [root] DEBUG: DLL loaded at 0x73AE0000: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCR80 (0x9b000 bytes).
2019-10-09 18:16:15,377 [root] DEBUG: DLL loaded at 0x72EE0000: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCP80 (0x87000 bytes).
2019-10-09 18:16:15,391 [root] DEBUG: DLL loaded at 0x73AD0000: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper (0x10000 bytes).
2019-10-09 18:16:15,688 [root] DEBUG: DLL loaded at 0x72DA0000: C:\PROGRA~2\MICROS~1\Office14\URLREDIR (0x91000 bytes).
2019-10-09 18:16:15,688 [root] DEBUG: DLL loaded at 0x74930000: C:\Windows\system32\VERSION (0x9000 bytes).
2019-10-09 18:16:15,703 [root] DEBUG: DLL loaded at 0x72ED0000: C:\Windows\system32\Secur32 (0x8000 bytes).
2019-10-09 18:16:15,703 [root] DEBUG: DLL loaded at 0x74D80000: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90 (0xa3000 bytes).
2019-10-09 18:16:15,703 [root] DEBUG: DLL loaded at 0x72EB0000: C:\PROGRA~2\MICROS~1\Office14\MSOHEV (0x14000 bytes).
2019-10-09 18:16:15,736 [root] DEBUG: DLL loaded at 0x72EA0000: C:\Program Files (x86)\Java\jre7\bin\jp2ssv (0xf000 bytes).
2019-10-09 18:16:15,750 [root] DEBUG: DLL loaded at 0x72CE0000: C:\Program Files (x86)\Java\jre7\bin\MSVCR100 (0xbe000 bytes).
2019-10-09 18:16:15,766 [root] DEBUG: set_caller_info: Adding region at 0x04660000 to caller regions list (ntdll::LdrLoadDll).
2019-10-09 18:16:15,798 [root] DEBUG: set_caller_info: Adding region at 0x02030000 to caller regions list (advapi32::RegOpenKeyExA).
2019-10-09 18:16:15,798 [root] DEBUG: DLL unloaded from 0x74F40000.
2019-10-09 18:16:15,813 [root] DEBUG: DLL loaded at 0x72E40000: C:\Windows\system32\SXS (0x5f000 bytes).
2019-10-09 18:16:15,875 [root] DEBUG: DLL loaded at 0x74340000: C:\Windows\system32\RASAPI32 (0x52000 bytes).
2019-10-09 18:16:15,875 [root] DEBUG: DLL loaded at 0x74320000: C:\Windows\system32\rasman (0x15000 bytes).
2019-10-09 18:16:15,875 [root] DEBUG: DLL unloaded from 0x74340000.
2019-10-09 18:16:15,875 [root] DEBUG: DLL loaded at 0x747D0000: C:\Windows\system32\rtutils (0xd000 bytes).
2019-10-09 18:16:15,891 [root] DEBUG: DLL unloaded from 0x74320000.
2019-10-09 18:16:15,891 [root] DEBUG: DLL unloaded from 0x75600000.
2019-10-09 18:16:15,891 [root] DEBUG: DLL loaded at 0x74310000: C:\Windows\system32\sensapi (0x6000 bytes).
2019-10-09 18:16:15,891 [root] DEBUG: DLL loaded at 0x74BD0000: C:\Windows\system32\NLAapi (0x10000 bytes).
2019-10-09 18:16:15,891 [root] DEBUG: DLL loaded at 0x74BC0000: C:\Windows\system32\napinsp (0x10000 bytes).
2019-10-09 18:16:15,891 [root] DEBUG: DLL loaded at 0x74BA0000: C:\Windows\system32\pnrpnsp (0x12000 bytes).
2019-10-09 18:16:15,891 [root] DEBUG: DLL loaded at 0x74BF0000: C:\Windows\System32\mswsock (0x3c000 bytes).
2019-10-09 18:16:15,891 [root] DEBUG: DLL loaded at 0x74B40000: C:\Windows\System32\winrnr (0x8000 bytes).
2019-10-09 18:16:15,891 [root] DEBUG: DLL loaded at 0x74BE0000: C:\Windows\System32\wshtcpip (0x5000 bytes).
2019-10-09 18:16:15,891 [root] DEBUG: DLL loaded at 0x742C0000: C:\Windows\System32\wship6 (0x6000 bytes).
2019-10-09 18:16:15,891 [root] DEBUG: DLL loaded at 0x742B0000: C:\Windows\system32\rasadhlp (0x6000 bytes).
2019-10-09 18:16:15,891 [root] DEBUG: DLL loaded at 0x74270000: C:\Windows\System32\fwpuclnt (0x38000 bytes).
2019-10-09 18:16:15,891 [root] DEBUG: DLL loaded at 0x74210000: C:\Windows\System32\netprofm (0x5a000 bytes).
2019-10-09 18:16:15,891 [root] DEBUG: DLL loaded at 0x741F0000: C:\Windows\system32\DHCPCSVC (0x12000 bytes).
2019-10-09 18:16:15,907 [root] DEBUG: DLL loaded at 0x741E0000: C:\Windows\system32\dhcpcsvc6 (0xd000 bytes).
2019-10-09 18:16:15,907 [root] DEBUG: DLL unloaded from 0x74960000.
2019-10-09 18:16:15,907 [root] DEBUG: DLL unloaded from 0x741F0000.
2019-10-09 18:16:15,984 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-10-09 18:16:16,000 [root] DEBUG: DLL loaded at 0x751A0000: C:\Windows\syswow64\Normaliz (0x3000 bytes).
2019-10-09 18:16:16,016 [root] DEBUG: DLL loaded at 0x72CC0000: C:\Windows\system32\USERENV (0x17000 bytes).
2019-10-09 18:16:16,016 [root] DEBUG: DLL loaded at 0x75470000: C:\Windows\syswow64\wintrust (0x2d000 bytes).
2019-10-09 18:16:16,032 [root] DEBUG: DLL loaded at 0x72C80000: C:\Windows\system32\schannel (0x3a000 bytes).
2019-10-09 18:16:16,062 [root] DEBUG: DLL loaded at 0x72C60000: C:\Windows\system32\DWMAPI (0x13000 bytes).
2019-10-09 18:16:16,078 [root] DEBUG: DLL loaded at 0x72E40000: C:\Windows\system32\SXS (0x5f000 bytes).
2019-10-09 18:16:16,094 [root] DEBUG: DLL unloaded from 0x72F70000.
2019-10-09 18:16:16,141 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-10-09 18:16:16,703 [root] DEBUG: DLL unloaded from 0x75600000.
2019-10-09 18:16:17,062 [root] WARNING: File at path "C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\favicon[1].ico" does not exist, skip.
2019-10-09 18:16:18,184 [root] DEBUG: DLL unloaded from 0x75600000.
2019-10-09 18:16:18,466 [root] DEBUG: DLL loaded at 0x72C50000: C:\Windows\system32\credssp (0x8000 bytes).
2019-10-09 18:16:18,466 [root] DEBUG: DLL unloaded from 0x74C70000.
2019-10-09 18:16:19,026 [root] DEBUG: DLL loaded at 0x72C10000: C:\Windows\system32\ncrypt (0x38000 bytes).
2019-10-09 18:16:19,026 [root] DEBUG: DLL loaded at 0x72BF0000: C:\Windows\system32\bcrypt (0x17000 bytes).
2019-10-09 18:16:19,026 [root] DEBUG: DLL loaded at 0x72BB0000: C:\Windows\SysWOW64\bcryptprimitives (0x3d000 bytes).
2019-10-09 18:16:19,073 [root] DEBUG: DLL loaded at 0x72B90000: C:\Windows\system32\GPAPI (0x16000 bytes).
2019-10-09 18:16:19,089 [root] DEBUG: DLL loaded at 0x72B70000: C:\Windows\system32\cryptnet (0x1c000 bytes).
2019-10-09 18:16:19,183 [root] DEBUG: DLL loaded at 0x72B50000: C:\Windows\system32\Cabinet (0x15000 bytes).
2019-10-09 18:16:19,198 [root] DEBUG: DLL loaded at 0x72B40000: C:\Windows\system32\DEVRTL (0xe000 bytes).
2019-10-09 18:16:19,198 [root] DEBUG: DLL unloaded from 0x75A70000.
2019-10-09 18:16:19,230 [root] DEBUG: DLL loaded at 0x72AE0000: C:\Windows\system32\WINHTTP (0x58000 bytes).
2019-10-09 18:16:19,230 [root] DEBUG: DLL loaded at 0x72A90000: C:\Windows\system32\webio (0x4f000 bytes).
2019-10-09 18:16:19,246 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-10-09 18:16:19,246 [root] DEBUG: DLL unloaded from 0x772F0000.
2019-10-09 18:16:19,246 [root] DEBUG: DLL unloaded from 0x72AE0000.
2019-10-09 18:16:19,246 [root] DEBUG: DLL unloaded from 0x772F0000.
2019-10-09 18:16:19,246 [root] DEBUG: DLL unloaded from 0x72AE0000.
2019-10-09 18:16:19,604 [root] DEBUG: DLL unloaded from 0x72B70000.
2019-10-09 18:16:19,604 [root] DEBUG: DLL unloaded from 0x75A70000.
2019-10-09 18:16:19,759 [root] DEBUG: DLL unloaded from 0x772F0000.
2019-10-09 18:16:19,759 [root] DEBUG: DLL unloaded from 0x72AE0000.
2019-10-09 18:16:19,759 [root] DEBUG: DLL unloaded from 0x772F0000.
2019-10-09 18:16:19,759 [root] DEBUG: DLL unloaded from 0x72AE0000.
2019-10-09 18:16:20,118 [root] DEBUG: DLL unloaded from 0x72B70000.
2019-10-09 18:16:20,134 [root] DEBUG: DLL unloaded from 0x772F0000.
2019-10-09 18:16:20,134 [root] DEBUG: DLL unloaded from 0x72AE0000.
2019-10-09 18:16:20,134 [root] DEBUG: DLL unloaded from 0x772F0000.
2019-10-09 18:16:20,134 [root] DEBUG: DLL unloaded from 0x72AE0000.
2019-10-09 18:16:20,197 [root] DEBUG: DLL unloaded from 0x72B70000.
2019-10-09 18:16:21,132 [root] DEBUG: DLL unloaded from 0x74F40000.
2019-10-09 18:16:21,210 [root] DEBUG: DLL loaded at 0x724D0000: C:\Windows\SysWOW64\mshtml (0x5b7000 bytes).
2019-10-09 18:16:21,226 [root] DEBUG: DLL loaded at 0x724A0000: C:\Windows\SysWOW64\msls31 (0x2a000 bytes).
2019-10-09 18:16:21,319 [root] DEBUG: DLL loaded at 0x72490000: C:\Windows\system32\msimtf (0xb000 bytes).
2019-10-09 18:16:21,351 [root] DEBUG: DLL loaded at 0x723D0000: C:\Windows\SysWOW64\jscript (0xb2000 bytes).
2019-10-09 18:16:21,367 [root] DEBUG: DLL loaded at 0x723A0000: C:\Windows\SysWOW64\iepeers (0x30000 bytes).
2019-10-09 18:16:21,398 [root] DEBUG: DLL loaded at 0x72340000: C:\Windows\SysWOW64\WINSPOOL.DRV (0x51000 bytes).
2019-10-09 18:16:21,414 [root] DEBUG: DLL unloaded from 0x72F70000.
2019-10-09 18:16:21,414 [root] DEBUG: DLL unloaded from 0x75600000.
2019-10-09 18:16:21,492 [root] DEBUG: DLL unloaded from 0x72F70000.
2019-10-09 18:16:21,523 [root] WARNING: File at path "C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\PDF!One_(1)%20(1)[1].pdf" does not exist, skip.
2019-10-09 18:16:21,539 [root] DEBUG: DLL unloaded from 0x74F40000.
2019-10-09 18:16:21,553 [root] DEBUG: DLL unloaded from 0x72F70000.
2019-10-09 18:16:21,553 [root] DEBUG: DLL unloaded from 0x72F70000.
2019-10-09 18:16:21,601 [root] DEBUG: DLL loaded at 0x72330000: C:\Windows\system32\ImgUtil (0xb000 bytes).
2019-10-09 18:16:21,631 [root] DEBUG: DLL loaded at 0x72320000: C:\Windows\SysWOW64\pngfilt (0xe000 bytes).
2019-10-09 18:16:21,678 [root] DEBUG: DLL loaded at 0x73FC0000: C:\Windows\system32\msimg32 (0x5000 bytes).
2019-10-09 18:16:21,678 [root] DEBUG: set_caller_info: Adding region at 0x73FC0000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-10-09 18:16:24,940 [root] DEBUG: DLL loaded at 0x721E0000: C:\Windows\System32\msxml3 (0x133000 bytes).
2019-10-09 18:16:26,483 [root] DEBUG: DLL unloaded from 0x75600000.
2019-10-09 18:16:26,483 [root] DEBUG: DLL unloaded from 0x75600000.
2019-10-09 18:16:26,483 [root] DEBUG: DLL unloaded from 0x75600000.
2019-10-09 18:16:26,701 [root] INFO: Announced 32-bit process name:  pid: 1
2019-10-09 18:16:26,701 [lib.api.process] WARNING: The process with pid 1 is not alive, injection aborted
2019-10-09 18:16:26,701 [root] DEBUG: DLL unloaded from 0x72F70000.
2019-10-09 18:16:26,779 [root] DEBUG: DLL unloaded from 0x000007FEFB9C0000.
2019-10-09 18:16:31,615 [root] DEBUG: DLL unloaded from 0x724D0000.
2019-10-09 18:16:44,674 [root] DEBUG: DLL unloaded from 0x751B0000.
2019-10-09 18:16:46,140 [root] DEBUG: DLL unloaded from 0x000007FEFE8C0000.
2019-10-09 18:16:50,134 [root] DEBUG: DLL unloaded from 0x72B70000.
2019-10-09 18:16:50,134 [root] DEBUG: DLL unloaded from 0x75790000.
2019-10-09 18:17:15,296 [root] DEBUG: DLL unloaded from 0x751B0000.
2019-10-09 18:17:17,089 [root] DEBUG: DLL unloaded from 0x75600000.
2019-10-09 18:17:19,618 [root] DEBUG: DLL unloaded from 0x72AE0000.
2019-10-09 18:18:27,680 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF8390000 to caller regions list (ntdll::NtDuplicateObject).
2019-10-09 18:18:27,711 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF45C0000 to caller regions list (ntdll::NtDuplicateObject).
2019-10-09 18:18:42,609 [root] DEBUG: DLL unloaded from 0x000007FEFD560000.
2019-10-09 18:18:44,075 [root] DEBUG: DLL unloaded from 0x751B0000.
2019-10-09 18:19:35,134 [root] INFO: Analysis timeout hit (200 seconds), terminating analysis.
2019-10-09 18:19:35,134 [root] INFO: Created shutdown mutex.
2019-10-09 18:19:36,148 [lib.api.process] INFO: Successfully received reply to terminate_event, pid 1876
2019-10-09 18:19:36,148 [root] INFO: Terminate event set for process 1876.
2019-10-09 18:19:36,148 [root] INFO: Terminating process 1876 before shutdown.
2019-10-09 18:19:36,148 [root] INFO: Waiting for process 1876 to exit.
2019-10-09 18:19:36,148 [root] DEBUG: Terminate Event: Attempting to dump process 1876
2019-10-09 18:19:36,148 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00380000.
2019-10-09 18:19:36,148 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump virtual PE image.
2019-10-09 18:19:36,148 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x00380000.
2019-10-09 18:19:36,148 [root] DEBUG: DumpProcess: Module entry point VA is 0x00001C9A.
2019-10-09 18:19:36,196 [root] INFO: Added new CAPE file to list with path: C:\jBcdvE\CAPE\1876_111376872036191793102019
2019-10-09 18:19:36,196 [root] DEBUG: DumpProcess: Module image dump success - dump size 0xa1e00.
2019-10-09 18:19:36,196 [root] DEBUG: Terminate Event: Skipping dump of process 1876
2019-10-09 18:19:36,196 [root] WARNING: Unable to access file at path "C:\Users\user\AppData\Local\Temp\~DFA1340603E968924E.TMP": [Errno 13] Permission denied: u'C:\\Users\\user\\AppData\\Local\\Temp\\~DFA1340603E968924E.TMP'
2019-10-09 18:19:36,196 [root] WARNING: Unable to access file at path "C:\Users\user\AppData\Local\Temp\~DF2DAB10E02E9D9418.TMP": [Errno 13] Permission denied: u'C:\\Users\\user\\AppData\\Local\\Temp\\~DF2DAB10E02E9D9418.TMP'
2019-10-09 18:19:36,210 [root] DEBUG: Terminate Event: Shutdown complete for process 1876 but failed to inform analyzer.
2019-10-09 18:19:37,163 [root] INFO: Terminating process 3040 before shutdown.
2019-10-09 18:19:37,163 [lib.api.process] INFO: Successfully received reply to terminate_event, pid 1632
2019-10-09 18:19:37,163 [root] DEBUG: Terminate Event: Attempting to dump process 1632
2019-10-09 18:19:37,163 [root] INFO: Terminate event set for process 1632.
2019-10-09 18:19:37,163 [root] INFO: Terminating process 1632 before shutdown.
2019-10-09 18:19:37,163 [root] INFO: Waiting for process 1632 to exit.
2019-10-09 18:19:37,163 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00000000FF900000.
2019-10-09 18:19:37,163 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump virtual PE image.
2019-10-09 18:19:37,163 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x00000000FF900000.
2019-10-09 18:19:37,163 [root] DEBUG: DumpProcess: Module entry point VA is 0x000000000002B790.
2019-10-09 18:19:37,256 [root] INFO: Added new CAPE file to list with path: C:\jBcdvE\CAPE\1632_27247358337191793102019
2019-10-09 18:19:37,272 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x2bac00.
2019-10-09 18:19:37,272 [root] DEBUG: Terminate Event: Skipping dump of process 1632
2019-10-09 18:19:37,272 [root] DEBUG: Terminate Event: Shutdown complete for process 1632 but failed to inform analyzer.
2019-10-09 18:19:38,164 [root] INFO: Shutting down package.
2019-10-09 18:19:38,164 [root] INFO: Stopping auxiliary modules.
2019-10-09 18:19:38,164 [root] INFO: Finishing auxiliary modules.
2019-10-09 18:19:38,164 [root] INFO: Shutting down pipe server and dumping dropped files.
2019-10-09 18:19:38,164 [root] WARNING: File at path "C:\jBcdvE\debugger" does not exist, skip.
2019-10-09 18:19:38,164 [root] WARNING: Monitor injection attempted but failed for process 1.
2019-10-09 18:19:38,164 [root] INFO: Analysis completed.

MalScore

8.6

Malicious

Machine

Name Label Manager Started On Shutdown On
target-01 target-01 ESX 2019-10-09 17:16:07 2019-10-09 17:19:52

URL Details

URL
https://www.dropbox.com/s/xz9tpfakqrqf56x/PDF%21One_%281%29%20%281%29.pdf?dl=0

Signatures

Behavioural detection: Executable code extraction
SetUnhandledExceptionFilter detected (possible anti-debug)
Guard pages use detected - possible anti-debugging.
Attempts to connect to a dead IP:Port (5 unique times)
IP: 93.184.220.29:80 (Europe)
IP: 104.16.100.29:443 (United States)
IP: 204.79.197.200:80 (United States)
IP: 68.232.34.240:80 (United States)
IP: 162.125.81.1:443 (Singapore)
Dynamic (imported) function loading detected
DynamicLoader: iphlpapi.DLL/GetAdaptersAddresses
DynamicLoader: DHCPCSVC.DLL/DhcpRequestParams
DynamicLoader: comctl32.dll/LoadIconWithScaleDown
DynamicLoader: IEUI.dll/InitGadgets
DynamicLoader: ieproxy.dll/DllGetClassObject
DynamicLoader: ieproxy.dll/DllCanUnloadNow
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: propsys.dll/PSGetPropertyKeyFromName
DynamicLoader: USER32.dll/MsgWaitForMultipleObjectsEx
DynamicLoader: UxTheme.dll/OpenThemeData
DynamicLoader: comctl32.dll/
DynamicLoader: UxTheme.dll/IsAppThemed
DynamicLoader: comctl32.dll/ImageList_LoadImageW
DynamicLoader: comctl32.dll/ImageList_GetIconSize
DynamicLoader: UxTheme.dll/IsCompositionActive
DynamicLoader: UxTheme.dll/SetWindowTheme
DynamicLoader: UxTheme.dll/OpenThemeData
DynamicLoader: comctl32.dll/ImageList_Create
DynamicLoader: comctl32.dll/ImageList_ReplaceIcon
DynamicLoader: OLEAUT32.dll/
DynamicLoader: comctl32.dll/ImageList_AddMasked
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: IMM32.DLL/ImmIsIME
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager
DynamicLoader: MSCTF.dll/SetInputScopes2
DynamicLoader: UxTheme.dll/EnableThemeDialogTexture
DynamicLoader: urlmon.dll/
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CreateBindCtx
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: UxTheme.dll/IsThemeActive
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_Size_ExW
DynamicLoader: ADVAPI32.dll/InitializeSecurityDescriptor
DynamicLoader: ADVAPI32.dll/SetEntriesInAclW
DynamicLoader: ADVAPI32.dll/SetSecurityDescriptorDacl
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_ExW
DynamicLoader: ADVAPI32.dll/IsTextUnicode
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: SHELL32.dll/
DynamicLoader: IEUI.dll/CreateGadget
DynamicLoader: IEUI.dll/SetGadgetMessageFilter
DynamicLoader: IEUI.dll/SetGadgetStyle
DynamicLoader: IEUI.dll/SetGadgetRootInfo
DynamicLoader: xmllite.dll/CreateXmlReader
DynamicLoader: xmllite.dll/CreateXmlReaderInputWithEncodingName
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: propsys.dll/PSCreateMemoryPropertyStore
DynamicLoader: propsys.dll/PSPropertyBag_WriteStr
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/PropVariantClear
DynamicLoader: OLEAUT32.dll/
DynamicLoader: propsys.dll/PSPropertyBag_WriteGUID
DynamicLoader: propsys.dll/PSPropertyBag_ReadGUID
DynamicLoader: IEUI.dll/FindStdColor
DynamicLoader: IEUI.dll/InvalidateGadget
DynamicLoader: IEUI.dll/SetGadgetParent
DynamicLoader: IEUI.dll/GetGadgetTicket
DynamicLoader: IEUI.dll/SetGadgetRect
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: comctl32.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: kernel32.dll/GetThreadUILanguage
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: SHELL32.dll/SHGetInstanceExplorer
DynamicLoader: WININET.dll/InternetSetOptionW
DynamicLoader: USER32.dll/PostMessageW
DynamicLoader: USER32.dll/PeekMessageW
DynamicLoader: USER32.dll/TranslateMessage
DynamicLoader: USER32.dll/DispatchMessageW
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: RPCRT4.dll/RpcBindingToStringBindingW
DynamicLoader: RPCRT4.dll/RpcStringBindingParseW
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/I_RpcBindingInqLocalClientPID
DynamicLoader: RPCRT4.dll/RpcServerInqCallAttributesW
DynamicLoader: RPCRT4.dll/RpcImpersonateClient
DynamicLoader: RPCRT4.dll/RpcRevertToSelf
DynamicLoader: RPCRT4.dll/NdrServerCall2
DynamicLoader: RPCRT4.dll/RpcBindingInqObject
DynamicLoader: IEUI.dll/PeekMessageExW
DynamicLoader: ole32.dll/CoInitialize
DynamicLoader: ole32.dll/RegisterDragDrop
DynamicLoader: msfeeds.dll/MsfeedsCreateInstance
DynamicLoader: SHELL32.dll/SHGetSpecialFolderPathW
DynamicLoader: SHELL32.dll/
DynamicLoader: SHELL32.dll/SHGetFolderPathW
DynamicLoader: SHELL32.dll/SHCreateDirectoryExW
DynamicLoader: WININET.dll/FindFirstUrlCacheContainerW
DynamicLoader: WININET.dll/FindNextUrlCacheContainerW
DynamicLoader: WININET.dll/FindCloseUrlCache
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: MSIMG32.dll/GradientFill
DynamicLoader: GDI32.dll/GetTextExtentExPointWPri
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcBindingSetAuthInfoExW
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: USER32.dll/GetWindowLongW
DynamicLoader: USER32.dll/IsWindow
DynamicLoader: USER32.dll/SendMessageW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: IEUI.dll/WaitMessageEx
DynamicLoader: OLEAUT32.dll/DllGetClassObject
DynamicLoader: OLEAUT32.dll/DllCanUnloadNow
DynamicLoader: SXS.DLL/SxsOleAut32MapIIDToProxyStubCLSID
DynamicLoader: ADVAPI32.dll/RegQueryValueW
DynamicLoader: SXS.DLL/SxsOleAut32MapIIDToTLBPath
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: ADVAPI32.dll/RegOpenKeyW
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: SXS.DLL/SxsOleAut32MapConfiguredClsidToReferenceClsid
DynamicLoader: SXS.DLL/SxsOleAut32RedirectTypeLibrary
DynamicLoader: propsys.dll/PSStringFromPropertyKey
DynamicLoader: propsys.dll/PSGetPropertyDescription
DynamicLoader: ole32.dll/PropVariantClear
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: propsys.dll/PropVariantToString
DynamicLoader: propsys.dll/InitPropVariantFromStringAsVector
DynamicLoader: propsys.dll/PSCoerceToCanonicalValue
DynamicLoader: USP10.dll/ScriptIsComplex
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: SHELL32.dll/SHGetKnownFolderPath
DynamicLoader: urlmon.dll/URLDownloadToFileW
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager
DynamicLoader: urlmon.dll/CoInternetCreateZoneManager
DynamicLoader: urlmon.dll/CoInternetIsFeatureEnabledForUrl
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: MSIMG32.dll/AlphaBlend
DynamicLoader: urlmon.dll/CreateUri
DynamicLoader: OLEAUT32.dll/
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoW
DynamicLoader: ole32.dll/PropVariantClear
DynamicLoader: RPCRT4.dll/UuidCreateSequential
DynamicLoader: ole32.dll/StgOpenStorageEx
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: USER32.dll/CharLowerW
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptCreateHash
DynamicLoader: CRYPTSP.dll/CryptHashData
DynamicLoader: CRYPTSP.dll/CryptGetHashParam
DynamicLoader: CRYPTSP.dll/CryptDestroyHash
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: CRYPT32.dll/CryptUnprotectData
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: CRYPTBASE.dll/SystemFunction041
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: IEUI.dll/FindGadgetFromPoint
DynamicLoader: IEUI.dll/DUserSendEvent
DynamicLoader: IEUI.dll/GetGadgetRect
DynamicLoader: ADVAPI32.dll/EventWrite
DynamicLoader: ADVAPI32.dll/EventRegister
DynamicLoader: ADVAPI32.dll/EventUnregister
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/SetProcessDEPPolicy
DynamicLoader: USER32.dll/SetProcessDPIAware
DynamicLoader: SHELL32.dll/SetCurrentProcessExplicitAppUserModelID
DynamicLoader: USER32.dll/GetShellWindow
DynamicLoader: USER32.dll/GetWindowThreadProcessId
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: IEFRAME.dll/
DynamicLoader: kernel32.dll/WerSetFlags
DynamicLoader: comctl32.dll/PropertySheetW
DynamicLoader: comctl32.dll/PropertySheetA
DynamicLoader: comdlg32.dll/PageSetupDlgW
DynamicLoader: comdlg32.dll/PrintDlgW
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: IEShims.dll/IEShims_Initialize
DynamicLoader: kernel32.dll/VirtualProtect
DynamicLoader: USER32.dll/SetWindowsHookExW
DynamicLoader: USER32.dll/FindWindowExA
DynamicLoader: kernel32.dll/WaitForSingleObject
DynamicLoader: USER32.dll/GetWindowThreadProcessId
DynamicLoader: kernel32.dll/CreateProcessW
DynamicLoader: kernel32.dll/CreateProcessA
DynamicLoader: ADVAPI32.dll/RegQueryValueA
DynamicLoader: ntdll.dll/LdrRegisterDllNotification
DynamicLoader: ole32.dll/CoGetApartmentType
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: comctl32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoGetMalloc
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: kernel32.dll/WerRegisterMemoryBlock
DynamicLoader: kernel32.dll/WerUnregisterMemoryBlock
DynamicLoader: USER32.dll/RegisterWindowMessageW
DynamicLoader: RPCRT4.dll/RpcServerUseProtseqW
DynamicLoader: RPCRT4.dll/RpcServerRegisterIfEx
DynamicLoader: RpcRtRemote.dll/I_RpcExtInitializeExtensionPoint
DynamicLoader: RPCRT4.dll/RpcServerInqBindings
DynamicLoader: RPCRT4.dll/RpcEpRegisterW
DynamicLoader: RPCRT4.dll/RpcServerListen
DynamicLoader: SHELL32.dll/SHGetInstanceExplorer
DynamicLoader: USER32.dll/RegisterClassExW
DynamicLoader: USER32.dll/CreateWindowExW
DynamicLoader: USER32.dll/DefWindowProcW
DynamicLoader: USER32.dll/SetWindowLongW
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: USER32.dll/MsgWaitForMultipleObjectsEx
DynamicLoader: urlmon.dll/
DynamicLoader: SHELL32.dll/SHGetFolderPathW
DynamicLoader: ADVAPI32.dll/TraceMessage
DynamicLoader: ADVAPI32.dll/TraceMessageVa
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: sqmapi.dll/SqmGetSession
DynamicLoader: sqmapi.dll/SqmEndSession
DynamicLoader: sqmapi.dll/SqmStartSession
DynamicLoader: sqmapi.dll/SqmStartUpload
DynamicLoader: sqmapi.dll/SqmWaitForUploadComplete
DynamicLoader: sqmapi.dll/SqmSet
DynamicLoader: sqmapi.dll/SqmSetBool
DynamicLoader: sqmapi.dll/SqmSetBits
DynamicLoader: sqmapi.dll/SqmSetString
DynamicLoader: sqmapi.dll/SqmIncrement
DynamicLoader: sqmapi.dll/SqmSetIfMax
DynamicLoader: sqmapi.dll/SqmSetIfMin
DynamicLoader: sqmapi.dll/SqmAddToAverage
DynamicLoader: sqmapi.dll/SqmAddToStreamDWord
DynamicLoader: sqmapi.dll/SqmAddToStreamString
DynamicLoader: sqmapi.dll/SqmSetAppId
DynamicLoader: sqmapi.dll/SqmSetAppVersion
DynamicLoader: sqmapi.dll/SqmSetMachineId
DynamicLoader: sqmapi.dll/SqmSetUserId
DynamicLoader: sqmapi.dll/SqmCreateNewId
DynamicLoader: sqmapi.dll/SqmReadSharedMachineId
DynamicLoader: sqmapi.dll/SqmReadSharedUserId
DynamicLoader: sqmapi.dll/SqmWriteSharedMachineId
DynamicLoader: sqmapi.dll/SqmWriteSharedUserId
DynamicLoader: sqmapi.dll/SqmIsWindowsOptedIn
DynamicLoader: ADVAPI32.dll/OpenThreadToken
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CreateBindCtx
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_Size_ExW
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_ExW
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ADVAPI32.dll/InitializeSecurityDescriptor
DynamicLoader: ADVAPI32.dll/SetEntriesInAclW
DynamicLoader: ntmarta.dll/GetMartaExtensionInterface
DynamicLoader: ADVAPI32.dll/SetSecurityDescriptorDacl
DynamicLoader: ADVAPI32.dll/IsTextUnicode
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: SHELL32.dll/
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: sechost.dll/ConvertSidToStringSidW
DynamicLoader: profapi.dll/
DynamicLoader: propsys.dll/PSCreateMemoryPropertyStore
DynamicLoader: propsys.dll/PSPropertyBag_WriteStr
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/PropVariantClear
DynamicLoader: OLEAUT32.dll/
DynamicLoader: propsys.dll/PSPropertyBag_WriteGUID
DynamicLoader: propsys.dll/PSPropertyBag_ReadGUID
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcBindingSetAuthInfoExW
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: USER32.dll/PostMessageW
DynamicLoader: USER32.dll/PeekMessageW
DynamicLoader: USER32.dll/TranslateMessage
DynamicLoader: USER32.dll/DispatchMessageW
DynamicLoader: USER32.dll/GetWindowLongW
DynamicLoader: WININET.dll/InternetSetOptionW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: sechost.dll/LookupAccountNameLocalW
DynamicLoader: ADVAPI32.dll/LookupAccountSidW
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptGenRandom
DynamicLoader: ole32.dll/NdrOleInitializeExtension
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ieproxy.dll/DllGetClassObject
DynamicLoader: ieproxy.dll/DllCanUnloadNow
DynamicLoader: SHELL32.dll/SHChangeNotifyRegisterThread
DynamicLoader: comctl32.dll/
DynamicLoader: IEShims.dll/IEShims_SetRedirectRegistryForThread
DynamicLoader: RPCRT4.dll/RpcBindingToStringBindingW
DynamicLoader: RPCRT4.dll/RpcStringBindingParseW
DynamicLoader: RPCRT4.dll/I_RpcBindingInqLocalClientPID
DynamicLoader: RPCRT4.dll/RpcServerInqCallAttributesW
DynamicLoader: RPCRT4.dll/RpcImpersonateClient
DynamicLoader: RPCRT4.dll/RpcRevertToSelf
DynamicLoader: RPCRT4.dll/NdrServerCall2
DynamicLoader: RPCRT4.dll/RpcBindingInqObject
DynamicLoader: apphelp.dll/ApphelpCheckShellObject
DynamicLoader: comctl32.dll/ImageList_Destroy
DynamicLoader: comctl32.dll/ImageList_LoadImageW
DynamicLoader: comctl32.dll/ImageList_Add
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoExW
DynamicLoader: MLANG.dll/
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoExA
DynamicLoader: UxTheme.dll/OpenThemeData
DynamicLoader: comctl32.dll/
DynamicLoader: UxTheme.dll/IsAppThemed
DynamicLoader: WININET.dll/InternetQueryOptionA
DynamicLoader: GDI32.dll/GetLayout
DynamicLoader: GDI32.dll/GdiRealizationInfo
DynamicLoader: GDI32.dll/FontIsLinked
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
DynamicLoader: GDI32.dll/GetTextFaceAliasW
DynamicLoader: ADVAPI32.dll/RegEnumValueW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: GDI32.dll/GetFontAssocStatus
DynamicLoader: ADVAPI32.dll/RegQueryValueExA
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
DynamicLoader: GDI32.dll/GetTextFaceAliasW
DynamicLoader: ole32.dll/CoInitialize
DynamicLoader: ole32.dll/RegisterDragDrop
DynamicLoader: UxTheme.dll/SetWindowTheme
DynamicLoader: UxTheme.dll/IsThemeActive
DynamicLoader: UxTheme.dll/OpenThemeData
DynamicLoader: GDI32.dll/GetTextExtentExPointWPri
DynamicLoader: urlmon.dll/
DynamicLoader: apphelp.dll/ApphelpCheckShellObject
DynamicLoader: kernel32.dll/FindActCtxSectionStringW
DynamicLoader: kernel32.dll/GetSystemWindowsDirectoryW
DynamicLoader: AcroIEHelper.dll/StubInit
DynamicLoader: AcroIEHelper.dll/StubSetSite
DynamicLoader: AcroIEHelper.dll/StubOnQuit
DynamicLoader: ADVAPI32.dll/RegOpenKeyExA
DynamicLoader: ADVAPI32.dll/RegEnumKeyA
DynamicLoader: ADVAPI32.dll/RegQueryValueExA
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegEnumKeyExA
DynamicLoader: ADVAPI32.dll/RegEnumKeyExA
DynamicLoader: SHLWAPI.dll/PathFileExistsA
DynamicLoader: SHLWAPI.dll/PathFileExistsA
DynamicLoader: SHLWAPI.dll/PathFileExistsA
DynamicLoader: ADVAPI32.dll/RegEnumKeyExA
DynamicLoader: ADVAPI32.dll/RegQueryValueA
DynamicLoader: urlmon.dll/CreateUri
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: ADVAPI32.dll/AddMandatoryAce
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
DynamicLoader: VERSION.dll/GetFileVersionInfoW
DynamicLoader: VERSION.dll/VerQueryValueW
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoW
DynamicLoader: SXS.DLL/SxsOleAut32RedirectTypeLibrary
DynamicLoader: ADVAPI32.dll/RegOpenKeyW
DynamicLoader: ADVAPI32.dll/RegQueryValueW
DynamicLoader: SXS.DLL/SxsOleAut32MapConfiguredClsidToReferenceClsid
DynamicLoader: RASAPI32.dll/RasEnumEntriesW
DynamicLoader: RASAPI32.dll/RasConnectionNotificationW
DynamicLoader: rtutils.dll/TraceRegisterExA
DynamicLoader: rtutils.dll/TracePrintfExA
DynamicLoader: sechost.dll/ConvertSidToStringSidW
DynamicLoader: profapi.dll/
DynamicLoader: SHLWAPI.dll/PathCanonicalizeW
DynamicLoader: SHLWAPI.dll/PathRemoveFileSpecW
DynamicLoader: SHLWAPI.dll/PathFindFileNameW
DynamicLoader: sechost.dll/NotifyServiceStatusChangeA
DynamicLoader: sensapi.dll/IsNetworkAlive
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcBindingSetAuthInfoExW
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: NLAapi.dll/NSPStartup
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: comctl32.dll/ImageList_Create
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/ImageList_AddMasked
DynamicLoader: comctl32.dll/LoadIconWithScaleDown
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: iphlpapi.DLL/GetAdaptersAddresses
DynamicLoader: DHCPCSVC.DLL/DhcpRequestParams
DynamicLoader: comctl32.dll/ImageList_ReplaceIcon
DynamicLoader: urlmon.dll/CreateURLMonikerEx
DynamicLoader: urlmon.dll/CreateAsyncBindCtxEx
DynamicLoader: urlmon.dll/RegisterBindStatusCallback
DynamicLoader: urlmon.dll/CreateFormatEnumerator
DynamicLoader: urlmon.dll/UrlMkGetSessionOption
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: MLANG.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: OLEAUT32.dll/DllGetClassObject
DynamicLoader: OLEAUT32.dll/DllCanUnloadNow
DynamicLoader: urlmon.dll/CreateIUriBuilder
DynamicLoader: urlmon.dll/IntlPercentEncodeNormalize
DynamicLoader: OLEAUT32.dll/
DynamicLoader: USER32.dll/ChangeWindowMessageFilter
DynamicLoader: DWMAPI.DLL/DwmSetWindowAttribute
DynamicLoader: USER32.dll/IsWindow
DynamicLoader: USER32.dll/SendMessageW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: UxTheme.dll/BufferedPaintInit
DynamicLoader: UxTheme.dll/BufferedPaintRenderAnimation
DynamicLoader: UxTheme.dll/BeginBufferedAnimation
DynamicLoader: UxTheme.dll/DrawThemeParentBackground
DynamicLoader: UxTheme.dll/EndBufferedAnimation
DynamicLoader: GDI32.dll/GdiIsMetaPrintDC
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: IMM32.DLL/ImmGetContext
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager
DynamicLoader: urlmon.dll/CoInternetCreateZoneManager
DynamicLoader: urlmon.dll/CoInternetIsFeatureEnabledForUrl
DynamicLoader: CRYPTSP.dll/SystemFunction035
DynamicLoader: schannel.DLL/SpUserModeInitialize
DynamicLoader: ADVAPI32.dll/RegCreateKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: CRYPT32.dll/CertDuplicateStore
DynamicLoader: CRYPT32.dll/CertControlStore
DynamicLoader: CRYPT32.dll/CertCloseStore
DynamicLoader: Secur32.dll/FreeContextBuffer
DynamicLoader: ncrypt.dll/SslOpenProvider
DynamicLoader: ncrypt.dll/GetSChannelInterface
DynamicLoader: bcryptprimitives.dll/GetHashInterface
DynamicLoader: bcryptprimitives.dll/GetHashInterface
DynamicLoader: bcryptprimitives.dll/GetHashInterface
DynamicLoader: bcryptprimitives.dll/GetHashInterface
DynamicLoader: ncrypt.dll/SslIncrementProviderReferenceCount
DynamicLoader: ncrypt.dll/SslImportKey
DynamicLoader: bcryptprimitives.dll/GetCipherInterface
DynamicLoader: ncrypt.dll/SslLookupCipherSuiteInfo
DynamicLoader: CRYPT32.dll/CertDuplicateCertificateContext
DynamicLoader: wintrust.dll/HTTPSCertificateTrust
DynamicLoader: wintrust.dll/HTTPSFinalProv
DynamicLoader: wintrust.dll/SoftpubInitialize
DynamicLoader: wintrust.dll/SoftpubLoadMessage
DynamicLoader: wintrust.dll/SoftpubLoadSignature
DynamicLoader: wintrust.dll/SoftpubCheckCert
DynamicLoader: wintrust.dll/SoftpubCleanup
DynamicLoader: CRYPTSP.dll/CryptAcquireContextA
DynamicLoader: WINHTTP.dll/WinHttpOpen
DynamicLoader: WINHTTP.dll/WinHttpSetTimeouts
DynamicLoader: WINHTTP.dll/WinHttpSetOption
DynamicLoader: WINHTTP.dll/WinHttpCrackUrl
DynamicLoader: SHLWAPI.dll/StrCmpNW
DynamicLoader: WINHTTP.dll/WinHttpConnect
DynamicLoader: WINHTTP.dll/WinHttpOpenRequest
DynamicLoader: WINHTTP.dll/WinHttpGetDefaultProxyConfiguration
DynamicLoader: WINHTTP.dll/WinHttpGetIEProxyConfigForCurrentUser
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: NSI.dll/NsiAllocateAndGetTable
DynamicLoader: CFGMGR32.dll/CM_Open_Class_Key_ExW
DynamicLoader: iphlpapi.DLL/ConvertInterfaceGuidToLuid
DynamicLoader: iphlpapi.DLL/GetIfEntry2
DynamicLoader: iphlpapi.DLL/GetIpForwardTable2
DynamicLoader: iphlpapi.DLL/GetIpNetEntry2
DynamicLoader: iphlpapi.DLL/FreeMibTable
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: NSI.dll/NsiFreeTable
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: WINHTTP.dll/WinHttpGetProxyForUrl
DynamicLoader: WINHTTP.dll/WinHttpTimeFromSystemTime
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: WINHTTP.dll/WinHttpSendRequest
DynamicLoader: ws2_32.DLL/GetAddrInfoW
DynamicLoader: ws2_32.DLL/WSASocketW
DynamicLoader: ws2_32.DLL/
DynamicLoader: ws2_32.DLL/
DynamicLoader: ws2_32.DLL/
DynamicLoader: ws2_32.DLL/WSAIoctl
DynamicLoader: ws2_32.DLL/FreeAddrInfoW
DynamicLoader: ws2_32.DLL/
DynamicLoader: ws2_32.DLL/
DynamicLoader: ws2_32.DLL/WSARecv
DynamicLoader: ws2_32.DLL/WSASend
DynamicLoader: WINHTTP.dll/WinHttpReceiveResponse
DynamicLoader: WINHTTP.dll/WinHttpQueryHeaders
DynamicLoader: SHLWAPI.dll/StrStrIW
DynamicLoader: WINHTTP.dll/WinHttpQueryDataAvailable
DynamicLoader: WINHTTP.dll/WinHttpReadData
DynamicLoader: WINHTTP.dll/WinHttpCloseHandle
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: CRYPT32.dll/CertDuplicateCertificateChain
DynamicLoader: CRYPT32.dll/CertGetCertificateContextProperty
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: CRYPT32.dll/CertFreeCertificateChain
DynamicLoader: CRYPT32.dll/CertFreeCertificateContext
DynamicLoader: ncrypt.dll/SslEncryptPacket
DynamicLoader: ncrypt.dll/SslDecryptPacket
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
DynamicLoader: VERSION.dll/GetFileVersionInfoW
DynamicLoader: VERSION.dll/VerQueryValueW
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoA
DynamicLoader: urlmon.dll/CoInternetQueryInfo
DynamicLoader: WININET.dll/CommitUrlCacheEntryA
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: IEFRAME.dll/
DynamicLoader: urlmon.dll/RegisterFormatEnumerator
DynamicLoader: urlmon.dll/RevokeBindStatusCallback
DynamicLoader: urlmon.dll/CoInternetCreateZoneManager
DynamicLoader: urlmon.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: urlmon.dll/CoInternetIsFeatureEnabled
DynamicLoader: OLEAUT32.dll/VariantClear
DynamicLoader: urlmon.dll/
DynamicLoader: WININET.dll/InternetGetSecurityInfoByURLW
DynamicLoader: CRYPT32.dll/CertGetCertificateContextProperty
DynamicLoader: CRYPT32.dll/CryptDecodeObject
DynamicLoader: CRYPT32.dll/CryptDecodeObject
DynamicLoader: CRYPT32.dll/CertGetNameStringW
DynamicLoader: CRYPT32.dll/CertFreeCertificateChain
DynamicLoader: urlmon.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/BSTR_UserSize
DynamicLoader: OLEAUT32.dll/BSTR_UserMarshal
DynamicLoader: OLEAUT32.dll/BSTR_UserUnmarshal
DynamicLoader: OLEAUT32.dll/BSTR_UserFree
DynamicLoader: OLEAUT32.dll/VARIANT_UserSize
DynamicLoader: OLEAUT32.dll/VARIANT_UserMarshal
DynamicLoader: OLEAUT32.dll/VARIANT_UserUnmarshal
DynamicLoader: OLEAUT32.dll/VARIANT_UserFree
DynamicLoader: OLEAUT32.dll/LPSAFEARRAY_UserSize
DynamicLoader: OLEAUT32.dll/LPSAFEARRAY_UserMarshal
DynamicLoader: OLEAUT32.dll/LPSAFEARRAY_UserUnmarshal
DynamicLoader: OLEAUT32.dll/LPSAFEARRAY_UserFree
DynamicLoader: ADVAPI32.dll/RegQueryValueExA
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ole32.dll/CoGetObjectContext
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: OLEAUT32.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: SHELL32.dll/SHGetFolderPathW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: WININET.dll/CreateUrlCacheEntryA
DynamicLoader: WININET.dll/CommitUrlCacheEntryA
DynamicLoader: OLEAUT32.dll/
DynamicLoader: SHELL32.dll/
DynamicLoader: WININET.dll/CreateUrlCacheContainerW
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoA
DynamicLoader: IEFRAME.dll/
DynamicLoader: WININET.dll/InternetUnlockRequestFile
DynamicLoader: UxTheme.dll/IsAppThemed
DynamicLoader: ImgUtil.dll/DecodeImage
DynamicLoader: OLEAUT32.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: DWMAPI.DLL/DwmInvalidateIconicBitmaps
DynamicLoader: msimg32.dll/AlphaBlend
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ws2_32.DLL/
DynamicLoader: comctl32.dll/
Performs HTTP requests potentially not found in PCAP.
url: dropbox.com:443//hstsping
url: uc2bd5ba8a468b39b7a74dfc42de.previews.dropboxusercontent.com:443//p/thumb/AAlqd9zRLGFfuzOzcHL1gYzmAJqxID3a8QiAVUPJIGf-NpA_hHNQF8zcZFQyKDS7xEAe4lDJzE6nm3ewvmyV_nLisTysZDYZ7yj5SsT-bWar2yv_WVV-yIFHkZ9mpl6lMAyWcVtZSiZ_kpxLtNVkVOCWtGdpe6ItmVnL_bklkjVUXaaKjd4Y5Lf-saZCM0LsEHMR4xC1m3oFn6TQt4XGYhhnTEV9008R4I2W_LW9zY3OEgRq82V0_9vLuKvItTSdziPhOLG47UBml_tXEqrB_4AOSyy388CBgNNou-OSB5kH6Rr9ywbanf5xFxA5XElPaRhKMuvJgEMzf7tO82CFo-60yEf6UKvZfvyd3KwY5_DXyA/p.png?size=800x600&size_mode=3
url: www.dropbox.com:443//s/xz9tpfakqrqf56x/PDF%21One_%281%29%20%281%29.pdf?dl=0
url: www.dropbox.com:443//page_success/head?path=%2Fs%2Fxz9tpfakqrqf56x%2FPDF%21One_%281%29+%281%29.pdf&request_id=24290d25a49e39849c46edea9807ffb5&time=1570641395
url: www.dropbox.com:443//page_success/start?path=%2Fs%2Fxz9tpfakqrqf56x%2FPDF%21One_%281%29+%281%29.pdf&request_id=24290d25a49e39849c46edea9807ffb5&time=1570641395
url: cfl.dropboxstatic.com:80//static/compiled/js/alameda_bundle/alameda_bundle_polyfilled-vflpCtBtX.js
url: cfl.dropboxstatic.com:80//static/css/shared_link_file-vfle0P7yX.css
url: cfl.dropboxstatic.com:80//static/css/shared_link_page-vflStB6UA.css
Sniffs keystrokes
SetWindowsHookExW: Process: explorer.exe(1632)
Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
regkeyval: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2\ProgramsCache

Screenshots


Hosts

Direct IP Country Name
N 93.184.220.29 [VT] Europe
Y 8.8.8.8 [VT] United States
N 68.232.34.240 [VT] United States
N 204.79.197.200 [VT] United States
N 2.21.98.210 [VT] Austria
N 162.125.81.1 [VT] Singapore
N 104.16.100.29 [VT] United States

DNS

Name Response Post-Analysis Lookup
www.bing.com [VT] CNAME dual-a-0001.a-msedge.net [VT]
CNAME a-0001.a-afdentry.net.trafficmanager.net [VT]
A 204.79.197.200 [VT]
A 13.107.21.200 [VT]
www.dropbox.com [VT] A 162.125.81.1 [VT]
CNAME www.dropbox-dns.com [VT]
www.download.windowsupdate.com [VT] CNAME cs12.wpc.v0cdn.net [VT]
CNAME 2-01-3cf7-0009.cdx.cedexis.net [VT]
CNAME wu.ec.azureedge.net [VT]
CNAME hlb.apr-52dd2-0.edgecastdns.net [VT]
A 68.232.34.240 [VT]
CNAME wu.azureedge.net [VT]
CNAME wu.wpc.apr-52dd2.edgecastdns.net [VT]
ocsp.digicert.com [VT] A 93.184.220.29 [VT]
CNAME cs9.wac.phicdn.net [VT]
cfl.dropboxstatic.com [VT] A 104.16.100.29 [VT]
CNAME cfl.dropboxstatic.com.cdn.cloudflare.net [VT]
A 104.16.99.29 [VT]
uc2bd5ba8a468b39b7a74dfc42de.previews.dropboxusercontent.com [VT] CNAME edge-block-previews-video-live.dropbox-dns.com [VT]
A 162.125.81.5 [VT]
dropbox.com [VT] A 162.125.248.1 [VT]
crl.microsoft.com [VT] A 2.21.98.210 [VT]
A 2.21.98.203 [VT]
CNAME crl.www.ms.akadns.net [VT]
CNAME a1363.dscg.akamai.net [VT]

Summary

Process Tree


iexplore.exe, PID: 1876, Parent PID: 2480
Full Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Command Line: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" "https://www.dropbox.com/s/xz9tpfakqrqf56x/PDF%21One_%281%29%20%281%29.pdf?dl=0"
iexplore.exe, PID: 3040, Parent PID: 1876
Full Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Command Line: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1876 CREDAT:79873
explorer.exe, PID: 1632, Parent PID: 1496
Full Path: C:\Windows\explorer.exe
Command Line: C:\Windows\Explorer.EXE

Hosts

Direct IP Country Name
N 93.184.220.29 [VT] Europe
Y 8.8.8.8 [VT] United States
N 68.232.34.240 [VT] United States
N 204.79.197.200 [VT] United States
N 2.21.98.210 [VT] Austria
N 162.125.81.1 [VT] Singapore
N 104.16.100.29 [VT] United States

TCP

Source Source Port Destination Destination Port
192.168.35.21 49195 104.16.100.29 cfl.dropboxstatic.com 443
192.168.35.21 49196 104.16.100.29 cfl.dropboxstatic.com 443
192.168.35.21 49173 162.125.81.1 www.dropbox.com 443
192.168.35.21 49194 162.125.81.1 www.dropbox.com 443
192.168.35.21 49197 162.125.81.1 www.dropbox.com 443
192.168.35.21 49217 2.21.98.210 crl.microsoft.com 80
192.168.35.21 49168 204.79.197.200 www.bing.com 80
192.168.35.21 49174 68.232.34.240 www.download.windowsupdate.com 80
192.168.35.21 49177 93.184.220.29 ocsp.digicert.com 80

UDP

Source Source Port Destination Destination Port
192.168.35.21 53447 8.8.8.8 53
192.168.35.21 57255 8.8.8.8 53
192.168.35.21 57334 8.8.8.8 53
192.168.35.21 58094 8.8.8.8 53
192.168.35.21 59473 8.8.8.8 53
192.168.35.21 64235 8.8.8.8 53
192.168.35.21 65365 8.8.8.8 53
192.168.35.21 65426 8.8.8.8 53

DNS

Name Response Post-Analysis Lookup
www.bing.com [VT] CNAME dual-a-0001.a-msedge.net [VT]
CNAME a-0001.a-afdentry.net.trafficmanager.net [VT]
A 204.79.197.200 [VT]
A 13.107.21.200 [VT]
www.dropbox.com [VT] A 162.125.81.1 [VT]
CNAME www.dropbox-dns.com [VT]
www.download.windowsupdate.com [VT] CNAME cs12.wpc.v0cdn.net [VT]
CNAME 2-01-3cf7-0009.cdx.cedexis.net [VT]
CNAME wu.ec.azureedge.net [VT]
CNAME hlb.apr-52dd2-0.edgecastdns.net [VT]
A 68.232.34.240 [VT]
CNAME wu.azureedge.net [VT]
CNAME wu.wpc.apr-52dd2.edgecastdns.net [VT]
ocsp.digicert.com [VT] A 93.184.220.29 [VT]
CNAME cs9.wac.phicdn.net [VT]
cfl.dropboxstatic.com [VT] A 104.16.100.29 [VT]
CNAME cfl.dropboxstatic.com.cdn.cloudflare.net [VT]
A 104.16.99.29 [VT]
uc2bd5ba8a468b39b7a74dfc42de.previews.dropboxusercontent.com [VT] CNAME edge-block-previews-video-live.dropbox-dns.com [VT]
A 162.125.81.5 [VT]
dropbox.com [VT] A 162.125.248.1 [VT]
crl.microsoft.com [VT] A 2.21.98.210 [VT]
A 2.21.98.203 [VT]
CNAME crl.www.ms.akadns.net [VT]
CNAME a1363.dscg.akamai.net [VT]

HTTP Requests

URI Data
http://www.bing.com/favicon.ico
GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.bing.com
Connection: Keep-Alive

http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Cache-Control: max-age = 86400
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 19 Apr 2017 22:43:31 GMT
If-None-Match: "80ab755e5eb9d21:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.download.windowsupdate.com

http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com

http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJ9L2KGL92BpjF3kAtaDtxauTmhgQUPdNQpdagre7zSmAKZdMh1Pj41g8CEAU5fm3dSuY9dJCdoTinHgw%3D
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJ9L2KGL92BpjF3kAtaDtxauTmhgQUPdNQpdagre7zSmAKZdMh1Pj41g8CEAU5fm3dSuY9dJCdoTinHgw%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com

http://crl.microsoft.com/pki/crl/products/WinPCA.crl
GET /pki/crl/products/WinPCA.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 02 Dec 2015 18:30:06 GMT
If-None-Match: "0cb60772f2dd11:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

Source Source Port Destination Destination Port JA3 Hash JA3 Description
192.168.35.21 49173 162.125.81.1 www.dropbox.com 443 2201d8e006f8f005a6b415f61e677532 MSIE 10.0 Trident/6.0, Malware Test FP: blackhole-ek-traffic, sweet-orange-ek-post-infection-traffic, sweet-orange-ek-traffic, styx-ek-traffic
File name search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Associated Filenames
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
File Size 237 bytes
File Type PNG image data, 16 x 16, 4-bit colormap, non-interlaced
MD5 9fb559a691078558e77d6848202f6541
SHA1 ea13848d33c2c7f4f4baa39348aeb1dbfad3df31
SHA256 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
CRC32 FC87942A
Ssdeep 6:6v/lhPIF6R/C+u1fXNg1XQ3yslRtNO+cKvAElRApGCp:6v/7b/C1fm1ZslRTvAElR47
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name index.dat
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Feeds Cache\index.dat
File Size 32768 bytes
File Type Internet Explorer cache file version Ver 5.2
MD5 077eb5d924c84ec41447ad7795b38734
SHA1 e3b4793862bb370db5ddd3cb5e607034172336e1
SHA256 06813b4ee292b191c05cb15febfba874e7f4caac47a8c3081041a20880708209
CRC32 E2F624C0
Ssdeep 48:q3xbTpYVfruSYufruXYsfAjYmeKZ6MYCI:qZTuVfrutufruIsfAc26Lv
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name 94308059B57B3142E455B38A6EB92015
Associated Filenames
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
File Size 58373 bytes
File Type Microsoft Cabinet archive data, 58373 bytes, 1 file
MD5 93871e1433144c58cab0deddd1d46925
SHA1 8e587a3571eb8955887074d3eaf92b841fa76e71
SHA256 3193f3035a4f457d66bab3048880aac2eb8557027f6373e606d4621609af1068
CRC32 1ACBF958
Ssdeep 1536:R+E5BB8ZedGpm9ez1KZIpxvAa8iQ030GYTFDIC:Rx7B8uEhzZxvAajQ03DAF
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name 94308059B57B3142E455B38A6EB92015
Associated Filenames
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
File Size 344 bytes
File Type data
MD5 fb0e880a97f35725741f40e6f220a428
SHA1 9e718d51ecd4afd776729b43b723c58a14ad40bf
SHA256 76d54da8657f12ed8b4deb0bdd5e9e2fc5ec32859741a1930991d273843d8c2d
CRC32 C6F7C228
Ssdeep 6:kKNFn8W4Y+SkQlPlEGYRMY9z+4KlDA3RUej6aUt:FFn8WokPlE99SNxAhUe7Ut
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619
Associated Filenames
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619
File Size 471 bytes
File Type data
MD5 88f0a3f331dd304b59ff522b231debd7
SHA1 cb7c2049e2d5e91305f81626b9388f67de4c544c
SHA256 b73c34d3698d9a7cb9c6d427cff172e1c16704f7fe86ebac9c94f87a47c43d6a
CRC32 7D5E2348
Ssdeep 12:JY0H5FZJ9xUrnA4MNGU5KOUsdBeG88V5xI:JY0H3ZxUf0hBeG3I
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619
Associated Filenames
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619
File Size 430 bytes
File Type data
MD5 aedfc961116c478785a89fbe6048e551
SHA1 a0bd932b780c8d0fe745f33b5c38d25db3ef6b92
SHA256 2329daf28e5169eadd8b18242eac1aae8d43aabd0ac053c26ea47f4fb03cdc89
CRC32 7C568A23
Ssdeep 6:kK5FYu9XlRNfOAUMivhClroFn1cgvVJuIuAQbDUFwGQlhzksQQ+GJsvSlVrq6O3v:5bmxMiv8sF1JbqDkwJr0yrm/
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name 5887976EDAA817EEF5159B09F6FCD000_412A4FF40FF4AD12304C9961A39A02BE
Associated Filenames
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5887976EDAA817EEF5159B09F6FCD000_412A4FF40FF4AD12304C9961A39A02BE
File Size 471 bytes
File Type data
MD5 19b72f31f36c67e353f947b422f287f7
SHA1 9aedf9e3bbbd93761fbc6119a1e73c9171aaf4fc
SHA256 8600113377a6a533a0a168f9a393627934a389c4c9fd6b8890cad4a0d6f5517f
CRC32 5B4025A2
Ssdeep 6:J0MYSC2qu8uUH/5o7ij9gSL+2qu41QUHqDjEn1CnaNIGwqsEDiIWAL5zQzRNN5SO:JKtfB5BWm+fH2TQHL5EfNgw7qV1aT
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name 5887976EDAA817EEF5159B09F6FCD000_412A4FF40FF4AD12304C9961A39A02BE
Associated Filenames
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5887976EDAA817EEF5159B09F6FCD000_412A4FF40FF4AD12304C9961A39A02BE
File Size 426 bytes
File Type data
MD5 d712786039ab2003aed6ba62d699ca85
SHA1 59801e364098fecb450a392f1818abfc9ab01b21
SHA256 b061ed8c18abb48b31427ef97c2543ef12891fd5a3e5efdc81cc8e2eceb25b23
CRC32 33F0D7D0
Ssdeep 6:kK+6fZ7zXlRNfOAUMivhClroF4t3lCvUIKYeCnwU+lul9OQwNYBKMjCyrq6/lk:G6fZ5mxMiv8sFq3lCvM710twNtUdi
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name user@dropbox[1].txt
Associated Filenames
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@dropbox[1].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@www.dropbox[1].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@dropbox[2].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@www.dropbox[2].txt
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\dnserror[1]
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P0THEGK\httpErrorPagesScripts[1]
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4W7O9ARC\noConnect[1]
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\background_gradient[1]
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P0THEGK\down[2]
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4W7O9ARC\favcenter[2]
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\tools[2]
File Size 0 bytes
File Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
Ssdeep 3::
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name user@dropbox[1].txt
Associated Filenames
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@dropbox[1].txt
File Size 73 bytes
File Type ASCII text
MD5 9f75f5e099b7080ea00aca5d5650079b
SHA1 4a18bf02d50f79533f271bfbd44139b4c8ba5d75
SHA256 dc7d8e295b2ea21e3b9613a94605e94d476693a9cb9dabac6fa5fb5f51559b54
CRC32 3CBC7615
Ssdeep 3:4Am6i2GdUVX6NR6KDT5XZ9kl:o6IWVX6N88ql
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
locale
en_GB
dropbox.com/
1025
2840566656
31135964
1177435600
30768900
*
File name user@www.dropbox[1].txt
Associated Filenames
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@www.dropbox[1].txt
File Size 123 bytes
File Type ASCII text
MD5 1c76e24d10783479dad9c2861de5d641
SHA1 e6e30d82c90bb67f58abb9824d8cfbd65cee5246
SHA256 68b11749aa9726b3aafb7b7d737c4a7df68595038bee40a0861ce5a61c39ea86
CRC32 3E8B6E32
Ssdeep 3:TwfGpzc6sSWHLoYXzTMaVHGdcXbXd8KDT5XZ9kl:TwfGi6ljYnMdeXbN88ql
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
gvc
MzcxNDg1MDMwMzY4NzkzNjMzNjQxODM3MzY5NTUwMTQ1MjEzMzY%3D
www.dropbox.com/
9217
2840566656
31135964
1177435600
30768900
*
File name user@dropbox[2].txt
Associated Filenames
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@dropbox[2].txt
File Size 160 bytes
File Type ASCII text
MD5 0149b115b19965f085a74f5c0e30fd8c
SHA1 239a9a509fb4ed2d632cc7b09071ad7532e0ced6
SHA256 b4effcb80ac1688d246696916247814b1a5470d166ca2918fee3bebb9a026fef
CRC32 83B03043
Ssdeep 3:4Am6i2GdUVX6NR6KDT5XZ9kbUEQjcVdHQMVHdcXbW3MKhVOCkl:o6IWVX6N88qJ7RxeXbW3Mzl
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
locale
en_GB
dropbox.com/
1025
2840566656
31135964
1177435600
30768900
*
t
y9FocwW-p1iau7u9p8b5wZyQ
dropbox.com/
9217
3082951552
30989113
1177595600
30768900
*
File name user@www.dropbox[2].txt
Associated Filenames
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@www.dropbox[2].txt
File Size 227 bytes
File Type ASCII text
MD5 d3c83fcf3a5dd27a45948583b8f21828
SHA1 b56cc6b7a575954a44bf85cea5fac1d257a8a03d
SHA256 ff84e165a3b4449f663b0c8e09953559d10ffd4f3e0c808b4bc3dd56bae20ce9
CRC32 3A3F47C6
Ssdeep 6:TwfGi6ljYnMdeXbN88qDod7REdWVX6hzl:TwFjGeXb1qcIdW9gl
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
gvc
MzcxNDg1MDMwMzY4NzkzNjMzNjQxODM3MzY5NTUwMTQ1MjEzMzY%3D
www.dropbox.com/
9217
2840566656
31135964
1177435600
30768900
*
__Host-js_csrf
y9FocwW-p1iau7u9p8b5wZyQ
www.dropbox.com/
1025
3082951552
30989113
1177595600
30768900
*
File name MSIMGSIZ.DAT
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
File Size 16384 bytes
File Type data
MD5 0cf9ea053bdfba12814049c64f7ab45a
SHA1 2c3dae6af5ed25316078f3d44519d387a5f0bb00
SHA256 bd6776afccf940809189767c68089f4dfbd18327c443de60443d42969338b8bb
CRC32 CB138BF2
Ssdeep 12:Oa6I/10s1KXPeNU/N6/aXAk6ylXPtDYNls6ss+wsLaSP/0otIltet+4bRsWdf8qY:xJHu9QqlC3LwAOMSoye7z2lzdG
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name dnserror[1]
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\dnserror[1]
File Size 5947 bytes
File Type HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5 68e03ed57ec741a4afbbcd11fab1bdbe
SHA1 250c965d7f4eb882d2289706a6c66e2b8976c1a8
SHA256 1ff3334c3eb27033f8f37029fd72f648edd4551fce85fc1f5159feaea1439630
CRC32 D67C7CDA
Ssdeep 48:uqUPsV4VWBXvXS4nZ1a5TI7HW/Tu21kpd87KZA9f+upbthDb6XuzuvJA3I2Tt:uOpiEQKHT272axfnRzFRTt
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
\xef\xbb\xbf<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

    <head>
        <link rel="stylesheet" type="text/css" href="ErrorPageTemplate.css" >

        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>Internet Explorer cannot display the webpage</title>

        <script src="errorPageStrings.js" language="javascript" type="text/javascript">
        </script>
        <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">
        </script>
    </head>

    <body onLoad="javascript:initMoreInfo('infoBlockID');">

        <table width="730" cellpadding="0" cellspacing="0" border="0">

        <!-- Error title -->
            <tr>
                <td id="infoIconAlign" width="60" align="left" valign="top" rowspan="2">
                    <img src="noConnect.png" id="infoIcon" alt="Info icon" width="48" height="48">
                </td>
                <td id="mainTitleAlign" valign="middle" align="left" width="*">
                    <h1 id="mainTitle">Internet Explorer cannot display the webpage</h1>
                </td>
            </tr>

            <tr>
                <!-- This row is for HTTP status code, as well as the divider-->
                <td id="errorCodeAlign" class="errorCodeAndDivider" align="right">&nbsp;
                    <div class="divider"></div>
                </td>
            </tr>

        <!-- What you can do -->
            <tr>
                <td>
                    &nbsp;
                </td>
                <td id="whatToTryAlign" valign="top" align="left">
                    <h2 id="whatToTry">What you can try:</h2>
                </td>
            </tr>

        <!-- Check Connection -->
            <tr>
                <td >
                    &nbsp;
                </td>
                <td id="checkConnectionAlign" align="left" valign="middle">
                    <h4>
                        <table>
                            <tr>
                                <td valign="top">
                                </td>
                                <td valign="middle">
                                    <button onclick="javascript:diagnoseConnectionAndRefresh(); return false;" id="diagnose">Diagnose Connection Problems</button>
                                </td>
                            </tr>
                        </table>
                    </h4>
                </td>
            </tr>


        <!-- InfoBlock -->
            <tr>
                <td id="infoBlockAlign" align="right" valign="top">
                    &nbsp;
                </td>
                <td id="moreInformationAlign" align="left" valign="middle">
                    <h4>
                      <table>
                          <tr>
                              <td valign="top">
                                  <a href="#" onclick="javascript:expandCollapse('infoBlockID', true); return false;"><img src="down.png" id="infoBlockIDImage" border="0" class="actionIcon" alt="More information"></a>
                              </td>
                              <td valign="top">
                                  <span id="moreInfoContainer"></span>
                                  <noscript><ID id="moreInformation">More information</ID></noscript>
                              </td>
                          </tr>
                      </table>
                    </h4>
                    <div id="infoBlockID" class="infoBlock" style="display: none">
                        <p>
                            <ID id="errorExpl1">This problem can be caused by a variety of issues, including:</ID>
                            <ul>
                                <li id="errorExpl2">Internet connectivity has been lost.</li>
                                <li id="errorExpl3">The website is temporarily unavailable.</li>
                                <li id="errorExpl4">The Domain Name Server (DNS) is not reachable.</li>
                                <li id="errorExpl5">The Domain Name Server (DNS) does not have a listing for the website's domain.</li>
                                <li id="errorExpl7">There might be a typing error in the address.</li> 
                                <li id="errorExpl6">If this is an HTTPS (secure) address, click Tools, click Internet Options, click Advanced, and check to be sure the SSL and TLS protocols are enabled under the security section.</li>
                            </ul>
                        </p>
                        <p id="offlineUsers"><b>For offline users</b></p>                                     
                        <p id="viewSubscribedFeeds1">
                           You can still view subscribed feeds and some recently viewed webpages.<br/>
                           To view subscribed feeds
                           <ol>
                               <li id="viewSubscribedFeeds2">Click the Favorites Center button <img src="favcenter.png" border="0">, click Feeds, and then click the feed you want to view.</li>
                           </ol>
                        </p>
                        <p id="viewRecentWebpages1">To view recently visited webpages (might not work on all pages)
                           <ol>
                              <li id="viewRecentWebpages2">Click Tools <img src="tools.png" border="0">, and then click Work Offline.</li>
                              <li id="viewRecentWebpages3">Click the Favorites Center button <img src="favcenter.png" border="0">, click History, and then click the page you want to view.</li>
                           </ol>
                        </p>
                    </div>
                </td>
            </tr>

        </table>

    </body>
</html>
File name index.dat
Associated Filenames
C:\Users\user\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
File Size 49152 bytes
File Type Internet Explorer cache file version Ver 5.2
MD5 12a8e8162a78ad18d2ece5952093b93a
SHA1 2936b123989af6f327fb65acd555cf846c091972
SHA256 bef37bcdf412b9ff98a3478d49efaab3c14ea4b778c4b34ae8be50b80ec325c6
CRC32 7B5863A9
Ssdeep 12:qjZrmsgi6H6W4kCQJz8uvu9l79OJlLuAUGkLL6OSA6:qjZSzHaW4rcEyXuHjLL6OR6
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name httpErrorPagesScripts[1]
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P0THEGK\httpErrorPagesScripts[1]
File Size 8601 bytes
File Type UTF-8 Unicode (with BOM) text, with CRLF, CR line terminators
MD5 e7ca76a3c9ee0564471671d500e3f0f3
SHA1 fe815ae0f865ec4c26e421bf0bd21bb09bc6f410
SHA256 58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c
CRC32 A7C34EF3
Ssdeep 192:HMmjTiiKfi9Ii4UFjC9jo4oXdu7mjxAb3Y:smjTiiKfi9IiPj+k3Xdu7mjxAb3Y
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
\xef\xbb\xbf//Need to include errorPageStrings.js when you include this file

function isExternalUrlSafeForNavigation(urlStr)
{
    var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");
    return regEx.exec(urlStr);
}

function clickRefresh()
{
    var location = window.location.href;
    var poundIndex = location.indexOf('#');
    
    if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))
    {
        window.location.replace(location.substring(poundIndex+1));
    }
}

function navCancelInit()
{
    var location = window.location.href;
    var poundIndex = location.indexOf('#');
    
    if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))
    {
        var bElement = document.createElement("A");
        bElement.innerText = L_REFRESH_TEXT;
        bElement.href = 'javascript:clickRefresh()';
        navCancelContainer.appendChild(bElement);
    }
    else
    {
        var textNode = document.createTextNode(L_RELOAD_TEXT);
        navCancelContainer.appendChild(textNode);
    }
}

function expandCollapse(elem, changeImage)
{
    if (document.getElementById)
    {
        ecBlock = document.getElementById(elem);

        if (ecBlock != undefined && ecBlock != null)
        {
            if (changeImage)
            {
                //gets the image associated
                elemImage = document.getElementById(elem + "Image");
            }

            //make sure elemImage is good
            if (!changeImage || (elemImage != undefined && elemImage != null))
            {
                if (ecBlock.currentStyle.display == "none" || ecBlock.currentStyle.display == null || ecBlock.currentStyle.display == "")
                {
                    //shows the info.
                    ecBlock.style.display = "block";
                    if (changeImage)
                    {
                        //Just got in expanded mode. Thus, change image to "collapse"
                        elemImage.src = "up.png";
                    }
                }
                else if (ecBlock.currentStyle.display == "block")
                {
                    //hide info
                    ecBlock.style.display = "none";
                    if (changeImage)
                    {
                        //Just got in collapsed mode. Thus, change image to "expand"
                        elemImage.src = "down.png";
                    }
                }
                else
                {
                    //catch any weird circumstances.
                    ecBlock.style.display = "block";
                    if (changeImage)
                    {
                        elemImage.src = "up.png";
                    }
                }
            }//end check elemImage
        }//end check ecBlock
    }//end getElemById
}//end expandCollapse


function initHomepage()
{
    // in real bits, urls get returned to our script like this:
    // res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm

    //For testing use
    //DocURL = "res://shdocvw.dll/http_404.htm#http://www.microsoft.com/bar.htm"
    DocURL=document.location.href;

    var poundIndex = DocURL.indexOf('#');
    
    if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))
    {
   
       //this is where the http or https will be, as found by searching for :// but skipping the res://
       protocolIndex=DocURL.indexOf("://", 4);
   
       //this finds the ending slash for the domain server
       serverIndex=DocURL.indexOf("/", protocolIndex + 3);
   
       //for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
       //of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
       //urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
       BeginURL=DocURL.indexOf("#",1) + 1;
       urlresult=DocURL.substring(BeginURL, serverIndex);
       if (protocolIndex - BeginURL > 7)
           urlresult="";

        //for display, we need to skip after http://, and go to the next slash
       displayresult=DocURL.substring(protocolIndex + 3, serverIndex);
    } 
    else
    {
       displayresult = "";
       urlresult = "";
    }

    var aElement = document.createElement("A");

    aElement.innerText = displayresult;
    aElement.href = urlresult;

    homepageContainer.appendChild(aElement);
}


function initConnectionStatus()
{

    if (navigator.onLine) //the network connection is connected
    {
        checkConnection.innerText = L_CONNECTION_ON_TEXT;
    }
    else
    {
        checkConnection.innerText = L_CONNECTION_OFF_TEXT;
    }
}

function initGoBack()
{
    //fills in the span container for "back to previous page"
    //Basically, makes "back to previous page" a clickable item IF there's something in the navstack.

    if (history.length < 1)
    {
        //this page is the only thing. Nothing in history.
        var textNode = document.createTextNode(L_GOBACK_TEXT);
        goBackContainer.appendChild(textNode);
    }
    else
    {
        var bElement = document.createElement("A");
        bElement.innerText = L_GOBACK_TEXT ;
        bElement.href = "javascript:history.back();";
        goBackContainer.appendChild(bElement);
    }
}

function initMoreInfo(infoBlockID)
{
    var bElement = document.createElement("A");
    bElement.innerText = L_MOREINFO_TEXT;
    bElement.href = "javascript:expandCollapse(\'infoBlockID\', true);";
    moreInfoContainer.appendChild(bElement);				
}

function initOfflineUser(offlineUserID)
{
    var bElement = document.createElement("A");
    bElement.innerText = L_OFFLINE_USERS_TEXT;
    bElement.href = "javascript:expandCollapse('offlineUserID', true);";
    offlineUserContainer.appendChild(bElement);
}

function initUnframeContent()
{
    var location = window.location.href;
    var poundIndex = location.indexOf('#');
    
    if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))
    {
        document.all.whatToDoIntro.style.display="block";
        document.all.whatToDoBody.style.display="block";
    }
}

function makeNewWindow()
{
    var location = window.location.href;
    var poundIndex = location.indexOf('#');
    
    if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))
    {
        window.open(location.substring(poundIndex+1));
    }
}

function setTabInfo(tabInfoBlockID)
{
    //removes the previous tabInfo text
    var bPrevElement = document.getElementById("tabInfoTextID");
    var bPrevImage   = document.getElementById("tabInfoBlockIDImage");

    if (bPrevElement != null)
    {
        tabInfoContainer.removeChild(bPrevElement);
    }

    if (bPrevImage != null)
    {
        tabImageContainer.removeChild(bPrevImage);
    }

    var bElement = document.createElement("A");
    var bImageElement = document.createElement("IMG");

    var ecBlock = document.getElementById(tabInfoBlockID);

    //determines if the block is closed
    if ((ecBlock != undefined && ecBlock != null) &&
        (ecBlock.currentStyle.display == "none" || ecBlock.currentStyle.display == null || ecBlock.currentStyle.display == ""))
    {
        bElement.innerText = L_SHOW_HOTKEYS_TEXT;
        bImageElement.alt = L_SHOW_HOTKEYS_TEXT;
        bImageElement.src="down.png";
    }
    else
    {
        bElement.innerText = L_HIDE_HOTKEYS_TEXT;
        bImageElement.alt = L_HIDE_HOTKEYS_TEXT;
        bImageElement.src="up.png";
    }

    bElement.id = "tabInfoTextID";
    bElement.href = "javascript:expandCollapse(\'tabInfoBlockID\', false); setTabInfo('tabInfoBlockID');";


    bImageElement.id="tabInfoBlockIDImage";
    bImageElement.border="0";
    bImag <truncated>
File name noConnect[1]
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4W7O9ARC\noConnect[1]
File Size 8230 bytes
File Type PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
MD5 3cb8faccd5de434d415ab75c17e8fd86
SHA1 098b04b7237860874db38b22830387937aeb5073
SHA256 6976c426e3ac66d66303c114b22b2b41109a7de648ba55ffc3e5a53bd0db09e7
CRC32 F9D26F41
Ssdeep 192:SSDS0tKg9E05TKPzo6BmMSpEJH8x07oLKsiF+2MxNdcNyVE:tJXE05g/uEJH8m7oLKLo2MxncUVE
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name background_gradient[1]
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\background_gradient[1]
File Size 453 bytes
File Type JPEG image data, JFIF standard 1.02
MD5 20f0110ed5e4e0d5384a496e4880139b
SHA1 51f5fc61d8bf19100df0f8aadaa57fcd9c086255
SHA256 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
CRC32 C2D0CE77
Ssdeep 6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name down[2]
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P0THEGK\down[2]
File Size 3414 bytes
File Type PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced
MD5 555e83ce7f5d280d7454af334571fb25
SHA1 47f78f68d72e3d9041acc9107a6b0d665f408385
SHA256 70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880
CRC32 9EA3279D
Ssdeep 96:/SDZ/I09Da01l+gmkyTt6Hk8nTjTnJw1Ne:/SDS0tKg9E05TPoNe
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name favcenter[2]
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4W7O9ARC\favcenter[2]
File Size 3366 bytes
File Type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
MD5 25d76ee5fb5b890f2cc022d94a42fe19
SHA1 62c180ec01ff2c30396fb1601004123f56b10d2f
SHA256 07d07a467e4988d3c377acd6dc9e53abca6b64e8fbf70f6be19d795a1619289b
CRC32 7FE3FBCC
Ssdeep 96:RZ/I09Da01l+gmkyTt6Hk8nT1ny5y3iw+BT:RS0tKg9E05T1yIyw6
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name tools[2]
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\tools[2]
File Size 3560 bytes
File Type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
MD5 6f20ba58551e13cfd87ec059327effd0
SHA1 b326a89ee587636bad7ad52aa944dc314fc6a6e2
SHA256 62a7038cc42c1482d70465192318f21fc1ce0f0c737cb8804137f38a1f9d680b
CRC32 6793DDC5
Ssdeep 96:CXHt+JcNgOSiS4XsAYNpf2ESNOSMpLvmlC:2oONgOLPXsAYnpSymlC
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name Web Slice Gallery~.feed-ms
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms
File Size 28672 bytes
File Type Composite Document File V2 Document, No summary info
MD5 d4cc7ce677b6ab7b521a1659aed301c8
SHA1 e1f036a56474983c11b5369dc6d46f158b0d4e0e
SHA256 3e23031a2b91f47683115473ce73964a196b68405153b815af14f7bde5032586
CRC32 E843F4D5
Ssdeep 12:Jw77mFQCb777777777777777777777777777777/FJl8vbf+8Gc7777777777777:Jsbf+8/2As4WYiit
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name {7E9B7D00-EAB8-11E9-8662-000C2940B9FB}.dat
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7E9B7D00-EAB8-11E9-8662-000C2940B9FB}.dat
File Size 5632 bytes
File Type Composite Document File V2 Document, No summary info
MD5 2f8cac0c9c2feac2ddffb9bb857b5a0c
SHA1 83a5449ab5a23d7c7170a5ddf0d2bdf29593d25d
SHA256 8db8059c3b207eabd86ac9f5dcc0544b2e392acb62bd98e2e22b8d11a12300f7
CRC32 BD08FB46
Ssdeep 96:zMLGs7LGIjYgB7LGwLDMLGs7LG0lzLGoLG:zMLGWLG1aLGwLDMLGWLGGzLGoLG
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name RecoveryStore.{7E9B7CFF-EAB8-11E9-8662-000C2940B9FB}.dat
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7E9B7CFF-EAB8-11E9-8662-000C2940B9FB}.dat
File Size 3584 bytes
File Type Composite Document File V2 Document, No summary info
MD5 dcb671b2f9ae4a50d2b874b2c5cfe9d9
SHA1 28e34ac43df0cd3c15d37a5e31515cc2d659ba13
SHA256 a1b0f52afb56e0ad77aa31cc4b2a467f3acdffc3ca21e66b40e3be879c56016d
CRC32 9218D7D4
Ssdeep 12:rl0YmGF2EUdrEg5+IaCrI017+FrllEDrEgmf+IaCy8qgQNlTq1tRmbwlt+lt:rIEUd5/0lWGv/TQNlW1tgbwe
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name index.dat
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
File Size 32768 bytes
File Type Internet Explorer cache file version Ver 5.2
MD5 970c79ead17c91ea8d23c82523007ec7
SHA1 0718347a451d7958fc3b67e6a41807c6b28225d3
SHA256 82d907df29d555baf9c3b096633a75631df35cbf13e58ebfa08e03ec376e0ccb
CRC32 83774B4F
Ssdeep 12:qjjtSb3ewoQW022ikg2V3ewoQWvlT22ikg2:qjjhYW0I57YWvBI5
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name index.dat
Associated Filenames
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
File Size 32768 bytes
File Type Internet Explorer cache file version Ver 5.2
MD5 7e2e42ecf13c2284d7d2ed260f6bbe9e
SHA1 d7f6db3fefa4036ab79c162d2addc95042f81064
SHA256 1daa74cf9b2e5c192fc2e07725ae873e7afc18aa1cee213a8b8703983ae1b7b9
CRC32 13E5948D
Ssdeep 48:qzwYf/ZJLSFdWq5OqT/mf7RCpwV+4igHDt/UwbmXhBgkBVGWYCIh:qzT/Zpvq0lV9Nbojbm
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name index.dat
Associated Filenames
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
File Size 65536 bytes
File Type Internet Explorer cache file version Ver 5.2
MD5 8a95d9cc4d85c2b69cc5b93c16fdb204
SHA1 0b7e1b7862aa5da22fefcf9aad055bda0ec2a645
SHA256 08b890c5aacde5a4e7cc96fac294cf89a6918a9b1cba24e9005736f2faa6cfc3
CRC32 39D2DD22
Ssdeep 384:Ct2ZjxBNP8NaZTXDdg3skdVQnQeW+4fTjziXrAsjCCtn/NJ03:ZyNa9ad0r/CSl
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
Sorry! No CAPE files.
Process Name iexplore.exe
PID 1876
Dump Size 663040 bytes
Module Path C:\Program Files (x86)\Internet Explorer\iexplore.exe
Type PE image: 32-bit executable
MD5 42ddb2a23ae9df7a5309c18e11020213
SHA1 0138df358a12fdcc09c535995259b0b058babf64
SHA256 95ed6b418eb26a7decfcb96a00c1309af6b3f244777ebdf7ced01984b3583803
CRC32 E30755D2
Ssdeep 12288:zPX+pd167QhE0s7+jM+M6ugRfMMkIM7ovX+pd167QhE0u7+:zE6Ehg7mM+M6RkMkIM7gE6Eh67
ClamAV None
Yara None matched
CAPE Yara None matched
Dump Filename 95ed6b418eb26a7decfcb96a00c1309af6b3f244777ebdf7ced01984b3583803
Download
Process Name explorer.exe
PID 1632
Dump Size 2862080 bytes
Module Path C:\Windows\explorer.exe
Type PE image: 64-bit executable
MD5 26bd5f318a318fc24301679ddef6d7d7
SHA1 2a82f13bce0965ebc130dcd8a8461b3d22b909ff
SHA256 fb69d06319197e6ff09a1a34b8e02f68fcd8ce89ee109c39e79ddafab95f2b74
CRC32 07EE7CAB
Ssdeep 49152:gxrceI/lIRYraisQhFCUubvYYYYYYYYYYYRYYYYYYYYYYE3iA7/eFUJN9ojoso2W:6rcPlIWWvYYYYYYYYYYYRYYYYYYYYYY4
ClamAV None
Yara None matched
CAPE Yara None matched
Dump Filename fb69d06319197e6ff09a1a34b8e02f68fcd8ce89ee109c39e79ddafab95f2b74
Download

Comments



No comments posted

Processing ( 14.798 seconds )

  • 10.063 Static
  • 2.04 ProcDump
  • 1.855 BehaviorAnalysis
  • 0.469 Dropped
  • 0.299 Deduplicate
  • 0.066 NetworkAnalysis
  • 0.005 AnalysisInfo
  • 0.001 Debug

Signatures ( 1.492 seconds )

  • 0.612 antidbg_windows
  • 0.116 antiav_detectreg
  • 0.092 stealth_timeout
  • 0.067 api_spamming
  • 0.066 NewtWire Behavior
  • 0.041 infostealer_ftp
  • 0.034 antivm_vbox_window
  • 0.027 antivm_generic_scsi
  • 0.026 antisandbox_script_timer
  • 0.024 antianalysis_detectreg
  • 0.023 infostealer_im
  • 0.019 mimics_filetime
  • 0.015 antivm_generic_disk
  • 0.015 infostealer_mail
  • 0.014 Doppelganging
  • 0.014 antivm_generic_services
  • 0.012 bootkit
  • 0.012 ransomware_files
  • 0.011 recon_programs
  • 0.011 virus
  • 0.011 antivm_vbox_keys
  • 0.01 antiav_detectfile
  • 0.008 antivm_vmware_keys
  • 0.007 infostealer_bitcoin
  • 0.006 injection_createremotethread
  • 0.006 betabot_behavior
  • 0.006 InjectionCreateRemoteThread
  • 0.006 kibex_behavior
  • 0.006 hancitor_behavior
  • 0.006 ransomware_extensions
  • 0.005 malicious_dynamic_function_loading
  • 0.005 uac_bypass_eventvwr
  • 0.005 antiemu_wine_func
  • 0.005 infostealer_browser_password
  • 0.005 dynamic_function_loading
  • 0.005 antivm_parallels_keys
  • 0.005 antivm_xen_keys
  • 0.005 geodo_banking_trojan
  • 0.005 darkcomet_regkeys
  • 0.005 recon_fingerprint
  • 0.004 virtualcheck_js
  • 0.004 InjectionProcessHollowing
  • 0.004 persistence_autorun
  • 0.004 injection_runpe
  • 0.004 kovter_behavior
  • 0.004 antivm_generic_diskreg
  • 0.004 antivm_vbox_files
  • 0.003 antivm_vbox_libs
  • 0.003 InjectionInterProcess
  • 0.003 stack_pivot
  • 0.003 exploit_getbasekerneladdress
  • 0.003 dridex_behavior
  • 0.003 heapspray_js
  • 0.003 ransomware_message
  • 0.003 InjectionSetWindowLong
  • 0.003 vawtrak_behavior
  • 0.003 antivm_vpc_keys
  • 0.002 antidebug_guardpages
  • 0.002 rat_nanocore
  • 0.002 antiav_avast_libs
  • 0.002 exploit_heapspray
  • 0.002 Vidar Behavior
  • 0.002 exploit_gethaldispatchtable
  • 0.002 ipc_namedpipe
  • 0.002 PlugX
  • 0.002 antianalysis_detectfile
  • 0.002 browser_security
  • 0.002 disables_browser_warn
  • 0.002 packer_armadillo_regkey
  • 0.001 stack_pivot_file_created
  • 0.001 tinba_behavior
  • 0.001 andromeda_behavior
  • 0.001 hawkeye_behavior
  • 0.001 network_tor
  • 0.001 sets_autoconfig_url
  • 0.001 js_phish
  • 0.001 rat_luminosity
  • 0.001 infostealer_browser
  • 0.001 network_anomaly
  • 0.001 injection_explorer
  • 0.001 stealth_network
  • 0.001 modifies_desktop_wallpaper
  • 0.001 kazybot_behavior
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 antisandbox_sboxie_libs
  • 0.001 EvilGrab
  • 0.001 shifu_behavior
  • 0.001 exec_crash
  • 0.001 Raccoon Behavior
  • 0.001 neshta_files
  • 0.001 cerber_behavior
  • 0.001 antiav_bitdefender_libs
  • 0.001 securityxploded_modules
  • 0.001 antidbg_devices
  • 0.001 antivm_xen_keys
  • 0.001 antivm_generic_bios
  • 0.001 antivm_generic_cpu
  • 0.001 antivm_generic_system
  • 0.001 antivm_hyperv_keys
  • 0.001 antivm_vmware_files
  • 0.001 bypass_firewall
  • 0.001 ie_martian_children
  • 0.001 network_torgateway
  • 0.001 rat_pcclient
  • 0.001 recon_checkip
  • 0.001 remcos_regkeys

Reporting ( 0.017 seconds )

  • 0.017 CompressResults
Task ID 94325
Mongo ID 5d9e16d7c3c009112d674f77
Cuckoo release 1.3-CAPE
Delete