VMRay Analyzer Report
Involved Hosts

HostResolved toCountryCityProtocol
www.msn.com204.79.197.203USRedmondHTTP
go.microsoft.com104.84.181.107USCambridgeHTTP
Monitored Processes
Process Graph
Behavior Information - Sequential View
Process #1: 9c0ce809c87b54cbd8aa589a2644a74f7f656462.malware.exe
(Host: 190, Network: 2505)
+
InformationValue
ID / OS PID#1 / 0x5f0
OS Parent PID0x7fc (c:\windows\explorer.exe)
Initial Working DirectoryC:\Users\WI2yhmtI onvScY7Pe\Desktop
File Namec:\users\wi2yhmti onvscy7pe\desktop\9c0ce809c87b54cbd8aa589a2644a74f7f656462.malware.exe
Command Line"C:\Users\WI2yhmtI onvScY7Pe\Desktop\9c0ce809c87b54cbd8aa589a2644a74f7f656462.malware.exe"
MonitorStart Time: 00:00:34, Reason: Analysis Target
UnmonitorEnd Time: 00:02:04, Reason: Terminated
Monitor Duration00:01:30
OS Thread IDs
#1
0x49C
#2
0x82C
#3
0x500
#4
0x3D8
#5
0x768
#6
0xF0
#7
0xBF4
#8
0x3A0
#9
0x4C4
Region
+
NameStart VAEnd VATypePermissionsMonitoredDumpYARA MatchActions
private_0x00000000000100000x000100000x0002ffffPrivate MemoryReadable, WritableTrueFalseFalse
pagefile_0x00000000000100000x000100000x0001ffffPagefile Backed MemoryReadable, WritableTrueFalseFalse
private_0x00000000000200000x000200000x00023fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000000300000x000300000x00031fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000000300000x000300000x00030fffPrivate MemoryReadable, WritableTrueFalseFalse
pagefile_0x00000000000400000x000400000x00053fffPagefile Backed MemoryReadableTrueFalseFalse
private_0x00000000000600000x000600000x0009ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000000a00000x000a00000x0019ffffPrivate MemoryReadable, WritableTrueFalseFalse
pagefile_0x00000000001a00000x001a00000x001a3fffPagefile Backed MemoryReadableTrueFalseFalse
pagefile_0x00000000001b00000x001b00000x001b0fffPagefile Backed MemoryReadableTrueFalseFalse
private_0x00000000001c00000x001c00000x001c1fffPrivate MemoryReadable, WritableTrueFalseFalse
locale.nls0x001d00000x0028dfffMemory Mapped FileReadableFalseFalseFalse
private_0x00000000002900000x002900000x002cffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000002900000x002900000x00290fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000002900000x002900000x00290fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000002900000x002900000x002cffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000002d00000x002d00000x0030ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000002d00000x002d00000x002dffffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000002e00000x002e00000x002edfffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000002f00000x002f00000x0032ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000003100000x003100000x0034ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000003300000x003300000x00330fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000003300000x003300000x00342fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000003500000x003500000x00350fffPrivate MemoryReadable, WritableTrueFalseFalse
msvfw32.dll.mui0x003600000x00361fffMemory Mapped FileReadableFalseFalseFalse
private_0x00000000003700000x003700000x0037ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000003800000x003800000x00383fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000003900000x003900000x00390fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000003a00000x003a00000x003affffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000003b00000x003b00000x003b0fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000003c00000x003c00000x003c0fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000003d00000x003d00000x003d0fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000003e00000x003e00000x003e0fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000003f00000x003f00000x003f0fffPrivate MemoryReadable, WritableTrueFalseFalse
9c0ce809c87b54cbd8aa589a2644a74f7f656462.malware.exe0x004000000x005d9fffMemory Mapped FileReadable, Writable, ExecutableTrueTrueFalse
private_0x00000000005e00000x005e00000x006dffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000005e00000x005e00000x006dffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000006e00000x006e00000x006e0fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000006f00000x006f00000x006f0fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000007000000x007000000x00700fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000007100000x007100000x00710fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000007200000x007200000x00720fffPrivate MemoryReadable, WritableTrueFalseFalse
pagefile_0x00000000007300000x007300000x00730fffPagefile Backed MemoryReadable, WritableTrueFalseFalse
private_0x00000000007400000x007400000x0077ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000007800000x007800000x0087ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000008800000x008800000x0097ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000008800000x008800000x0097ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000009800000x009800000x00a7ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000009800000x009800000x009bffffPrivate MemoryReadable, WritableTrueFalseFalse
pagefile_0x0000000000a800000x00a800000x00c07fffPagefile Backed MemoryReadableTrueFalseFalse
pagefile_0x0000000000c100000x00c100000x00c10fffPagefile Backed MemoryReadable, WritableTrueFalseFalse
private_0x0000000000c200000x00c200000x00cb7fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000cc00000x00cc00000x00cfffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x0000000000d000000x00d000000x00d0ffffPrivate MemoryReadable, WritableTrueFalseFalse
pagefile_0x0000000000d100000x00d100000x00d10fffPagefile Backed MemoryReadableTrueFalseFalse
private_0x0000000000d100000x00d100000x00d10fffPrivate MemoryReadable, WritableTrueFalseFalse
pagefile_0x0000000000d200000x00d200000x00d20fffPagefile Backed MemoryReadableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d300000x00d300000x00d30fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x0000000000d600000x00d600000x00d6ffffPrivate MemoryReadable, WritableTrueFalseFalse
pagefile_0x0000000000d700000x00d700000x00ef0fffPagefile Backed MemoryReadableTrueFalseFalse
pagefile_0x0000000000f000000x00f000000x022fffffPagefile Backed MemoryReadableTrueFalseFalse
private_0x00000000023f00000x023f00000x023fffffPrivate MemoryReadable, WritableTrueFalseFalse
SortDefault.nls0x024000000x02736fffMemory Mapped FileReadableFalseFalseFalse
private_0x00000000027400000x027400000x0283ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000028400000x028400000x0293ffffPrivate MemoryReadable, WritableTrueFalseFalse
pagefile_0x00000000029400000x029400000x02e31fffPagefile Backed MemoryReadable, WritableTrueFalseFalse
private_0x0000000002e400000x02e400000x02f3ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x0000000002f400000x02f400000x0313ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000031400000x031400000x0323ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000032400000x032400000x03616fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
pagefile_0x00000000036200000x036200000x039f6fffPagefile Backed MemoryReadable, Writable, ExecutableTrueFalseFalse
wow64.dll0x53cc00000x53d0efffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
wow64cpu.dll0x53d100000x53d17fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
wow64win.dll0x53d200000x53d92fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
winhttp.dll0x742100000x742b6fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
rsaenh.dll0x742c00000x742eefffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
bcrypt.dll0x742f00000x7430afffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
cryptsp.dll0x743100000x74322fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
asycfilt.dll0x743300000x74346fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
iertutil.dll0x743500000x74610fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
urlmon.dll0x746200000x7477ffffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
propsys.dll0x747800000x748c1fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
uxtheme.dll0x748d00000x74944fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
dciman32.dll0x749500000x74956fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
ddraw.dll0x749600000x74a4afffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
devobj.dll0x74a500000x74a70fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
winmmbase.dll0x74a800000x74aa2fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
winnsi.dll0x74ab00000x74ab7fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
msvfw32.dll0x74ac00000x74ae2fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
winmm.dll0x74af00000x74b13fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
msacm32.dll0x74b200000x74b37fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
wlanapi.dll0x74b400000x74b8afffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
glu32.dll0x74b900000x74bb4fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
IPHLPAPI.DLL0x74bc00000x74beffffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
WinSCard.dll0x74bf00000x74c1cfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
opengl32.dll0x74c200000x74cfffffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
avifil32.dll0x74d000000x74d1bfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
comctl32.dll0x74d200000x74db1fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
apphelp.dll0x74dc00000x74e50fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
bcryptprimitives.dll0x74e600000x74eb8fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
cryptbase.dll0x74ec00000x74ec9fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
sspicli.dll0x74ed00000x74eedfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
msvcrt.dll0x74ef00000x74fadfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
advapi32.dll0x74fb00000x7502afffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
oleaut32.dll0x750300000x750c1fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
setupapi.dll0x750d00000x75274fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
powrprof.dll0x752800000x752c3fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
KernelBase.dll0x752e00000x75455fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
imm32.dll0x754600000x7548afffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
combase.dll0x754900000x75649fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
kernel32.dll0x756500000x7573ffffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
wintrust.dll0x757400000x75781fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
gdi32.dll0x757900000x758dcfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
cfgmgr32.dll0x75a600000x75a95fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
SHCore.dll0x75aa00000x75b2cfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
ws2_32.dll0x75b900000x75bebfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
crypt32.dll0x75bf00000x75d64fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
profapi.dll0x75d700000x75d7efffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
msasn1.dll0x75d800000x75d8dfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
msctf.dll0x75d900000x75eaffffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
sechost.dll0x75eb00000x75ef2fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
user32.dll0x75f100000x7604ffffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
nsi.dll0x760500000x76056fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
comdlg32.dll0x761d00000x7628dfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
kernel.appcore.dll0x762900000x7629bfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
shlwapi.dll0x762a00000x762e3fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
clbcatq.dll0x762f00000x76371fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
windows.storage.dll0x763800000x7685cfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
rpcrt4.dll0x768600000x7690bfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
shell32.dll0x769100000x77ccefffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
ole32.dll0x77cd00000x77db9fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
ntdll.dll0x77dc00000x77f38fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
private_0x000000007fe400000x7fe400000x7fe9ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007fea70000x7fea70000x7fea9fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007feaa0000x7feaa0000x7feacfffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007fead0000x7fead0000x7feaffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007fead0000x7fead0000x7feaffffPrivate MemoryReadable, WritableTrueFalseFalse
pagefile_0x000000007feb00000x7feb00000x7ffaffffPagefile Backed MemoryReadableTrueFalseFalse
pagefile_0x000000007ffb00000x7ffb00000x7ffd2fffPagefile Backed MemoryReadableTrueFalseFalse
private_0x000000007ffd50000x7ffd50000x7ffd7fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ffd50000x7ffd50000x7ffd7fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ffd80000x7ffd80000x7ffdafffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ffd80000x7ffd80000x7ffdafffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ffdb0000x7ffdb0000x7ffddfffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ffde0000x7ffde0000x7ffdefffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ffdf0000x7ffdf0000x7ffdffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ffe00000x7ffe00000x7ffeffffPrivate MemoryReadableTrueFalseFalse
private_0x000000007fff00000x7fff00000x7ffb1ddcffffPrivate MemoryReadableTrueFalseFalse
ntdll.dll0x7ffb1ddd00000x7ffb1df91fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
private_0x00007ffb1df920000x7ffb1df920000x7ffffffeffffPrivate MemoryReadableTrueFalseFalse
Threads
Thread 0x49c
(Host: 64, Network: 2505)
+
CategoryOperationInformationSuccessCountLogfile
MODGET_HANDLEmodule_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address = 0x7566a330True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address = 0x75667580True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address = 0x75669910True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address = 0x7566f400True1
Fn
MODGET_HANDLEmodule_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address = 0x77e1f190True1
Fn
MODGET_HANDLEmodule_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address = 0x77e1f190True1
Fn
MODGET_HANDLEmodule_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address = 0x77e1f190True1
Fn
MODGET_HANDLEmodule_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address = 0x77e1f190True1
Fn
MODGET_HANDLEmodule_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address = 0x77e1f190True1
Fn
MODGET_HANDLEmodule_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address = 0x77e1f190True1
Fn
MODGET_HANDLEmodule_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address = 0x77e1f190True1
Fn
MODGET_HANDLEmodule_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address = 0x77e1a200True1
Fn
MODGET_HANDLEmodule_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address = 0x77e1a200True1
Fn
MODGET_HANDLEmodule_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address = 0x77e1f190True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address = 0x77e1a200True1
Fn
FILEOPENfile_name = STD_INPUT_HANDLETrue1
Fn
FILEOPENfile_name = STD_OUTPUT_HANDLETrue1
Fn
FILEOPENfile_name = STD_ERROR_HANDLETrue1
Fn
MODGET_FILENAMEfile_name = C:\Users\WI2yhmtI onvScY7Pe\Desktop\9c0ce809c87b54cbd8aa589a2644a74f7f656462.malware.exeTrue1
Fn
MODGET_HANDLEmodule_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\syswow64\kernel32.dll, function = IsProcessorFeaturePresent, address = 0x75669680True1
Fn
SCKBINDlocal_address = 0.0.0.0, local_port = 0False1
Fn
SCKLISTENqueue_length = 0x2False1
Fn
FILECREATEfile_name = c:\users\wi2yhmti onvscy7pe\desktop\, share_mode = FILE_SHARE_READ, FILE_SHARE_DELETE, create_disposition = OPEN_EXISTINGFalse1
Fn
FILEOPENfile_name = STD_OUTPUT_HANDLETrue1
Fn
MODLOADmodule_name = kernel32, base_address = 0x75650000True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address = 0x75669950True1
Fn
MODLOADmodule_name = user32.dll, base_address = 0x75f10000True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\syswow64\user32.dll, function = SetLayeredWindowAttributes, address = 0x75f48fc0True1
Fn
WNDFINDclass_name = NotepadFalse1
Fn
COMMETHODinterface = IMalloc, method = FreeTrue1
Fn
COMMETHODinterface = IMalloc, method = AddRefFalse1
Fn
FILECREATEfile_name = c:\users\wi2yhmti onvscy7pe\desktop\.jpg, desired_access = GENERIC_READ, create_disposition = OPEN_EXISTINGFalse12
Fn
REGOPEN_KEYreg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\ParametersTrue1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters, value_name = HostName, data_ident_out = 1702260False1
Fn
SCKRECVsize = 0, flags = NO_FLAG_SET, remote_port = , size_out = 18446744073709551615False2503
Fn
WNDCREATEwindow_name = mess, class_name = , x_coordinate = 18446744071562067968, y_coordinate = 18446744071562067968, width = 18446744071562067968, height = 18446744071562067968, class_name = Notepad, window_parameter = 0False1
Fn
REGOPEN_KEYreg_name = HKEY_CURRENT_USERTrue1
Fn
REGOPEN_KEYreg_name = HKEY_CURRENT_USER\4194304False1
Fn
MODGET_HANDLEmodule_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77dc0000True1
Fn
MODGET_HANDLEmodule_name = c:\windows\syswow64\advapi32.dll, base_address = 0x74fb0000True1
Fn
MODGET_HANDLEmodule_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77dc0000True1
Fn
MODGET_HANDLEmodule_name = c:\windows\syswow64\advapi32.dll, base_address = 0x74fb0000True1
Fn
MODGET_HANDLEmodule_name = c:\users\wi2yhmti onvscy7pe\desktop\9c0ce809c87b54cbd8aa589a2644a74f7f656462.malware.exe, base_address = 0x400000True1
Fn
SYSSLEEPduration = -1 (infinite)True1
Fn
Thread 0xbf4
(Host: 126, Network: 0)
+
CategoryOperationInformationSuccessCountLogfile
MODGET_HANDLEmodule_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000True1
Fn
MODLOADmodule_name = user32, base_address = 0x75f10000True1
Fn
MODLOADmodule_name = shell32, base_address = 0x76910000True1
Fn
MODLOADmodule_name = advapi32, base_address = 0x74fb0000True1
Fn
MODLOADmodule_name = urlmon, base_address = 0x74620000True1
Fn
MODLOADmodule_name = ole32, base_address = 0x77cd0000True1
Fn
MODLOADmodule_name = winhttp, base_address = 0x74210000True1
Fn
PROCOPEN_TOKENprocess_name = c:\users\wi2yhmti onvscy7pe\desktop\9c0ce809c87b54cbd8aa589a2644a74f7f656462.malware.exe, os_pid = 0x5f0, desired_access = PROCESS_VM_OPERATION, desired_access = PROCESS_VM_OPERATIONTrue1
Fn
PROCOPENprocess_name = c:\users\wi2yhmti onvscy7pe\desktop\9c0ce809c87b54cbd8aa589a2644a74f7f656462.malware.exe, os_pid = 0x5f0, desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_SET_SESSIONID, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_CREATE_PROCESS, PROCESS_SET_QUOTA, PROCESS_SET_INFORMATION, PROCESS_QUERY_INFORMATION, PROCESS_SUSPEND_RESUME, DELETE, READ_CONTROL, WRITE_DAC, WRITE_OWNER, SYNCHRONIZETrue1
Fn
MODGET_FILENAMEfile_name = C:\Users\WI2yhmtI onvScY7Pe\Desktop\9c0ce809c87b54cbd8aa589a2644a74f7f656462.malware.exeTrue1
Fn
SYSSLEEPduration = 100 milliseconds (0.100 seconds)True100
Fn
MODGET_FILENAMEfile_name = C:\Users\WI2yhmtI onvScY7Pe\Desktop\9c0ce809c87b54cbd8aa589a2644a74f7f656462.malware.exeTrue1
Fn
MODGET_HANDLEmodule_name = sbiedll, base_address = 0x0False1
Fn
MODGET_HANDLEmodule_name = dbghelp, base_address = 0x0False1
Fn
REGOPEN_KEYreg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Disk\EnumTrue1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Disk\Enum, value_name = 0, data_ident_out = 83True1
Fn
REGOPEN_KEYreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\UninstallTrue1
Fn
PROCCREATEprocess_name = explorer.exe, os_tid = 0x358, os_pid = 0x208, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDETrue1
Fn
PROCGET_INFOprocess_name = explorer.exe, os_pid = 0x208True1
Fn
MEMREADaddress = 0x7ef7a008, process_name = explorer.exe, os_pid = 0x208, size = 4True1
Fn
Data
MEMREADaddress = 0xcb0000, process_name = explorer.exe, os_pid = 0x208, size = 400True1
Fn
Data
MEMREADaddress = 0xcb0000, process_name = explorer.exe, os_pid = 0x208, size = 4026368True1
Fn
MODCREATE_MAPPINGmodule_name = Nameless FileMapping, maximum_size = 7208732, protection = PAGE_EXECUTE_READWRITETrue1
Fn
MODMAPprocess_name = c:\users\wi2yhmti onvscy7pe\desktop\9c0ce809c87b54cbd8aa589a2644a74f7f656462.malware.exe, os_pid = 0x5f0, address = 0x3620000True1
Fn
MODUNMAPprocess_name = explorer.exe, os_pid = 0x208, base_address = 0xcb0000True1
Fn
MODMAPprocess_name = explorer.exe, os_pid = 0x208, address = 0xcb0000True1
Fn
THREADRESUMEprocess_name = c:\windows\syswow64\explorer.exe, os_tid = 0x358, os_pid = 0x208True1
Fn
Process #2: explorer.exe
(Host: 221, Network: 65)
+
InformationValue
ID / OS PID#2 / 0x208
OS Parent PID0x5f0 (c:\users\wi2yhmti onvscy7pe\desktop\9c0ce809c87b54cbd8aa589a2644a74f7f656462.malware.exe)
Initial Working DirectoryC:\Users\WI2yhmtI onvScY7Pe\Desktop
File Namec:\windows\syswow64\explorer.exe
Command Lineexplorer.exe
MonitorStart Time: 00:02:02, Reason: Child Process
UnmonitorEnd Time: 00:02:34, Reason: Terminated by Timeout
Monitor Duration00:00:32
OS Thread IDs
#10
0x358
#11
0x86C
#12
0x540
#13
0x658
#14
0x630
#15
0xA70
#16
0x5CC
#17
0x9F0
Region
+
NameStart VAEnd VATypePermissionsMonitoredDumpYARA MatchActions
private_0x0000000000c500000x00c500000x00c6ffffPrivate MemoryReadable, WritableTrueFalseFalse
pagefile_0x0000000000c500000x00c500000x00c5ffffPagefile Backed MemoryReadable, WritableTrueFalseFalse
private_0x0000000000c600000x00c600000x00c63fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x0000000000c700000x00c700000x00c70fffPrivate MemoryReadable, WritableTrueFalseFalse
explorer.exe.mui0x00c700000x00c77fffMemory Mapped FileReadableFalseFalseFalse
pagefile_0x0000000000c800000x00c800000x00c93fffPagefile Backed MemoryReadableTrueFalseFalse
pagefile_0x0000000000ca00000x00ca00000x00ca3fffPagefile Backed MemoryReadableTrueFalseFalse
explorer.exe0x00cb00000x01086fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
pagefile_0x0000000000cb00000x00cb00000x01086fffPagefile Backed MemoryReadable, Writable, ExecutableTrueFalseFalse
pagefile_0x00000000010900000x010900000x0508ffffPagefile Backed Memory-TrueFalseFalse
private_0x00000000050900000x050900000x050cffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000050d00000x050d00000x0510ffffPrivate MemoryReadable, WritableTrueFalseFalse
pagefile_0x00000000051100000x051100000x05112fffPagefile Backed MemoryReadableTrueFalseFalse
private_0x00000000051200000x051200000x05121fffPrivate MemoryReadable, WritableTrueFalseFalse
locale.nls0x051300000x051edfffMemory Mapped FileReadableFalseFalseFalse
private_0x00000000051f00000x051f00000x0522ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000052300000x052300000x05230fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000052400000x052400000x05240fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000052500000x052500000x05253fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000052600000x052600000x0526ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000052700000x052700000x052affffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000052b00000x052b00000x052bdfffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000052c00000x052c00000x052c6fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000052d00000x052d00000x052d0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000052e00000x052e00000x053dffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000053e00000x053e00000x0541ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000054200000x054200000x0545ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000054600000x054600000x0549ffffPrivate MemoryReadable, WritableTrueFalseFalse
winnlsres.dll0x054a00000x054a4fffMemory Mapped FileReadableFalseFalseFalse
private_0x00000000054b00000x054b00000x054bffffPrivate MemoryReadable, WritableTrueFalseFalse
pagefile_0x00000000054c00000x054c00000x05647fffPagefile Backed MemoryReadableTrueFalseFalse
pagefile_0x00000000056500000x056500000x057d0fffPagefile Backed MemoryReadableTrueFalseFalse
pagefile_0x00000000057e00000x057e00000x06bdffffPagefile Backed MemoryReadableTrueFalseFalse
private_0x0000000006be00000x06be00000x06c1ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x0000000006c200000x06c200000x06c5ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x0000000006c600000x06c600000x06c9ffffPrivate MemoryReadable, WritableTrueFalseFalse
winnlsres.dll.mui0x06ca00000x06caffffMemory Mapped FileReadableFalseFalseFalse
private_0x0000000006cb00000x06cb00000x06ceffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x0000000006cf00000x06cf00000x06d2ffffPrivate MemoryReadable, WritableTrueFalseFalse
mswsock.dll.mui0x06d300000x06d32fffMemory Mapped FileReadableFalseFalseFalse
private_0x0000000006d400000x06d400000x06d4ffffPrivate MemoryReadable, WritableTrueFalseFalse
SortDefault.nls0x06d500000x07086fffMemory Mapped FileReadableFalseFalseFalse
private_0x00000000070900000x070900000x0757bfffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000075800000x075800000x07580fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
pagefile_0x00000000075900000x075900000x07590fffPagefile Backed MemoryReadable, WritableTrueFalseFalse
private_0x00000000075a00000x075a00000x075a0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000075b00000x075b00000x075b0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000075c00000x075c00000x075c0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000075d00000x075d00000x075d0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000075e00000x075e00000x0761ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000076200000x076200000x0765ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000076600000x076600000x07660fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
crypt32.dll.mui0x076700000x07679fffMemory Mapped FileReadableFalseFalseFalse
private_0x00000000076800000x076800000x076bffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000076c00000x076c00000x076fffffPrivate MemoryReadable, WritableTrueFalseFalse
wow64.dll0x53cc00000x53d0efffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
wow64cpu.dll0x53d100000x53d17fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
wow64win.dll0x53d200000x53d92fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
dpapi.dll0x73f400000x73f47fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
gpapi.dll0x73f500000x73f6efffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
ncryptsslp.dll0x73f700000x73f89fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
ntasn1.dll0x73f900000x73fb7fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
ncrypt.dll0x73fc00000x73fdffffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
schannel.dll0x73fe00000x7403ffffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
ntmarta.dll0x740400000x74067fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
rsaenh.dll0x740700000x7409efffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
cryptsp.dll0x740a00000x740b2fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
bcrypt.dll0x740c00000x740dafffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
FWPUCLNT.DLL0x740e00000x74125fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
dnsapi.dll0x741300000x741b3fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
mswsock.dll0x741c00000x7420dfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
webio.dll0x742100000x74277fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
OnDemandConnRouteHelper.dll0x742800000x74290fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
winhttp.dll0x742a00000x74346fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
iertutil.dll0x743500000x74610fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
urlmon.dll0x746200000x7477ffffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
propsys.dll0x747800000x748c1fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
uxtheme.dll0x748d00000x74944fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
mskeyprotect.dll0x749500000x7495ffffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
dhcpcsvc.dll0x749600000x74973fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
d3d11.dll0x749800000x74b92fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
dwmapi.dll0x74ba00000x74bbcfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
rasadhlp.dll0x74bc00000x74bc7fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
dhcpcsvc6.dll0x74bd00000x74be2fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
winnsi.dll0x74bf00000x74bf7fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
dxgi.dll0x74c000000x74c7dfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
dcomp.dll0x74c800000x74d1bfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
twinapi.dll0x74d200000x74db8fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
IPHLPAPI.DLL0x74dc00000x74deffffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
sppc.dll0x74df00000x74e0cfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
slc.dll0x74e100000x74e30fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
userenv.dll0x74e400000x74e58fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
bcryptprimitives.dll0x74e600000x74eb8fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
cryptbase.dll0x74ec00000x74ec9fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
sspicli.dll0x74ed00000x74eedfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
msvcrt.dll0x74ef00000x74fadfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
advapi32.dll0x74fb00000x7502afffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
oleaut32.dll0x750300000x750c1fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
powrprof.dll0x752800000x752c3fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
KernelBase.dll0x752e00000x75455fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
imm32.dll0x754600000x7548afffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
combase.dll0x754900000x75649fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
kernel32.dll0x756500000x7573ffffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
gdi32.dll0x757900000x758dcfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
SHCore.dll0x75aa00000x75b2cfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
ws2_32.dll0x75b900000x75bebfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
crypt32.dll0x75bf00000x75d64fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
profapi.dll0x75d700000x75d7efffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
msasn1.dll0x75d800000x75d8dfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
msctf.dll0x75d900000x75eaffffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
sechost.dll0x75eb00000x75ef2fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
user32.dll0x75f100000x7604ffffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
nsi.dll0x760500000x76056fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
kernel.appcore.dll0x762900000x7629bfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
shlwapi.dll0x762a00000x762e3fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
windows.storage.dll0x763800000x7685cfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
rpcrt4.dll0x768600000x7690bfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
shell32.dll0x769100000x77ccefffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
ole32.dll0x77cd00000x77db9fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
ntdll.dll0x77dc00000x77f38fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
private_0x000000007ee410000x7ee410000x7ee43fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ee440000x7ee440000x7ee46fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ee470000x7ee470000x7ee49fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ee4a0000x7ee4a0000x7ee4cfffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ee4d0000x7ee4d0000x7ee4ffffPrivate MemoryReadable, WritableTrueFalseFalse
pagefile_0x000000007ee500000x7ee500000x7ef4ffffPagefile Backed MemoryReadableTrueFalseFalse
pagefile_0x000000007ef500000x7ef500000x7ef72fffPagefile Backed MemoryReadableTrueFalseFalse
private_0x000000007ef740000x7ef740000x7ef76fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ef770000x7ef770000x7ef79fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ef7a0000x7ef7a0000x7ef7afffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ef7b0000x7ef7b0000x7ef7dfffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ef7e0000x7ef7e0000x7ef7efffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ffe00000x7ffe00000x7ffeffffPrivate MemoryReadableTrueFalseFalse
private_0x000000007fff00000x7fff00000x7dfb1ddcffffPrivate MemoryReadableTrueFalseFalse
pagefile_0x00007dfb1ddd00000x7dfb1ddd00000x7ffb1ddcffffPagefile Backed Memory-TrueFalseFalse
ntdll.dll0x7ffb1ddd00000x7ffb1df91fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
private_0x00007ffb1df920000x7ffb1df920000x7ffffffeffffPrivate MemoryReadableTrueFalseFalse
Injection Information
+
Injection TypeSource ProcessSource Os Thread IDInjection InfoSuccessCountLogfile
Modify Memoryc:\users\wi2yhmti onvscy7pe\desktop\9c0ce809c87b54cbd8aa589a2644a74f7f656462.malware.exe0xbf4address = 0xcb0000, size = 4026368True1
Fn
Data
Threads
Thread 0x358
(Host: 195, Network: 41)
+
CategoryOperationInformationSuccessCountLogfile
MODGET_HANDLEmodule_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75650000True1
Fn
MODLOADmodule_name = user32, base_address = 0x75f10000True1
Fn
MODLOADmodule_name = shell32, base_address = 0x76910000True1
Fn
MODLOADmodule_name = advapi32, base_address = 0x74fb0000True1
Fn
MODLOADmodule_name = urlmon, base_address = 0x74620000True1
Fn
MODLOADmodule_name = ole32, base_address = 0x77cd0000True1
Fn
MODLOADmodule_name = winhttp, base_address = 0x742a0000True1
Fn
PROCOPEN_TOKENprocess_name = c:\users\wi2yhmti onvscy7pe\desktop\9c0ce809c87b54cbd8aa589a2644a74f7f656462.malware.exe, os_pid = 0x5f0, desired_access = PROCESS_VM_OPERATION, desired_access = PROCESS_VM_OPERATIONTrue1
Fn
PROCOPENprocess_name = c:\windows\syswow64\explorer.exe, os_pid = 0x208, desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_SET_SESSIONID, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_CREATE_PROCESS, PROCESS_SET_QUOTA, PROCESS_SET_INFORMATION, PROCESS_QUERY_INFORMATION, PROCESS_SUSPEND_RESUME, DELETE, READ_CONTROL, WRITE_DAC, WRITE_OWNER, SYNCHRONIZETrue1
Fn
MODGET_FILENAMEfile_name = C:\Windows\SysWOW64\explorer.exeTrue1
Fn
SYSSLEEPduration = 100 milliseconds (0.100 seconds)True100
Fn
REGOPEN_KEYreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet ExplorerTrue1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer, value_name = svcVersion, data_ident_out = 49True1
Fn
INETOPEN_CONNECTIONTrue1
Fn
INETOPEN_CONNECTIONTrue1
Fn
INETOPEN_SESSIONTrue1
Fn
INETOPEN_HTTP_REQUESTTrue1
Fn
INETSEND_HTTP_REQUESTTrue1
Fn
INETREADTrue36
Fn
Data
MUTEXCREATEmutex_name = FCAA85F5B5437C4D7919D716988890AF30565E9E, initial_owner = 0True1
Fn
REGOPEN_KEYreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\UninstallTrue1
Fn
REGOPEN_KEYreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AddressBookTrue1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook, value_name = HelpLink, data_ident_out = 65False1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook, value_name = URLInfoAbout, data_ident_out = 65False1
Fn
REGOPEN_KEYreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Connection ManagerTrue1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager, value_name = HelpLink, data_ident_out = 67False1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager, value_name = URLInfoAbout, data_ident_out = 67False1
Fn
REGOPEN_KEYreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawExTrue1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx, value_name = HelpLink, data_ident_out = 68False1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx, value_name = URLInfoAbout, data_ident_out = 68False1
Fn
REGOPEN_KEYreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DXM_RuntimeTrue1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime, value_name = HelpLink, data_ident_out = 68False1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime, value_name = URLInfoAbout, data_ident_out = 68False1
Fn
REGOPEN_KEYreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\FontcoreTrue1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore, value_name = HelpLink, data_ident_out = 70False1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore, value_name = URLInfoAbout, data_ident_out = 70False1
Fn
REGOPEN_KEYreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE40True1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE40, value_name = HelpLink, data_ident_out = 73False1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE40, value_name = URLInfoAbout, data_ident_out = 73False1
Fn
REGOPEN_KEYreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE4DataTrue1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data, value_name = HelpLink, data_ident_out = 73False1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data, value_name = URLInfoAbout, data_ident_out = 73False1
Fn
REGOPEN_KEYreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEXTrue1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX, value_name = HelpLink, data_ident_out = 73False1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX, value_name = URLInfoAbout, data_ident_out = 73False1
Fn
REGOPEN_KEYreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IEDataTrue1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IEData, value_name = HelpLink, data_ident_out = 73False1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IEData, value_name = URLInfoAbout, data_ident_out = 73False1
Fn
REGOPEN_KEYreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPackTrue1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack, value_name = HelpLink, data_ident_out = 77False1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack, value_name = URLInfoAbout, data_ident_out = 77False1
Fn
REGOPEN_KEYreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2True1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2, value_name = HelpLink, data_ident_out = 77False1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2, value_name = URLInfoAbout, data_ident_out = 77False1
Fn
REGOPEN_KEYreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgentTrue1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent, value_name = HelpLink, data_ident_out = 83False1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent, value_name = URLInfoAbout, data_ident_out = 83False1
Fn
REGOPEN_KEYreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WICTrue1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WIC, value_name = HelpLink, data_ident_out = 87False1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WIC, value_name = URLInfoAbout, data_ident_out = 87False1
Fn
REGOPEN_KEYreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0D3E9E15-DE7A-300B-96F1-B4AF12B96488}True1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0D3E9E15-DE7A-300B-96F1-B4AF12B96488}, value_name = HelpLink, data_ident_out = 104True1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0D3E9E15-DE7A-300B-96F1-B4AF12B96488}, value_name = URLInfoAbout, data_ident_out = 0True1
Fn
REGOPEN_KEYreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}True1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}, value_name = HelpLink, data_ident_out = 104True1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}, value_name = URLInfoAbout, data_ident_out = 0True1
Fn
REGOPEN_KEYreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}True1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}, value_name = HelpLink, data_ident_out = 104True1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}, value_name = URLInfoAbout, data_ident_out = 0True1
Fn
REGOPEN_KEYreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}True1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}, value_name = HelpLink, data_ident_out = 0True1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}, value_name = URLInfoAbout, data_ident_out = 0True1
Fn
REGOPEN_KEYreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942}True1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942}, value_name = HelpLink, data_ident_out = 104True1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942}, value_name = URLInfoAbout, data_ident_out = 0True1
Fn
REGOPEN_KEYreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}True1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}, value_name = HelpLink, data_ident_out = 104True1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}, value_name = URLInfoAbout, data_ident_out = 0True1
Fn
REGOPEN_KEYreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}True1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}, value_name = HelpLink, data_ident_out = 0True1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}, value_name = URLInfoAbout, data_ident_out = 0True1
Fn
REGOPEN_KEYreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BC958BD2-5DAC-3862-BB1A-C1BE0790438D}True1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BC958BD2-5DAC-3862-BB1A-C1BE0790438D}, value_name = HelpLink, data_ident_out = 104True1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BC958BD2-5DAC-3862-BB1A-C1BE0790438D}, value_name = URLInfoAbout, data_ident_out = 0True1
Fn
REGOPEN_KEYreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}True1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}, value_name = HelpLink, data_ident_out = 104True1
Fn
REGREAD_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}, value_name = URLInfoAbout, data_ident_out = 0True1
Fn
FILECREATE_DIRfile_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\wtrrifwfTrue1
Fn
REGOPEN_KEYreg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RunFalse1
Fn
REGOPEN_KEYreg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunTrue1
Fn
REGOPEN_KEYreg_name = HKEY_CURRENT_USER\SoftwareTrue1
Fn
FILEDELETEfile_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\wtrrifwf\dafgfvjv.exeFalse1
Fn
FILECOPYdestination_file_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\wtrrifwf\dafgfvjv.exe, source_file_name = c:\users\wi2yhmti onvscy7pe\desktop\9c0ce809c87b54cbd8aa589a2644a74f7f656462.malware.exe, fail_if_exists = 0True1
Fn
FILEDELETEfile_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\wtrrifwf\dafgfvjv.exe:zone.identifierFalse1
Fn
FILEDELETEfile_name = c:\users\wi2yhmti onvscy7pe\desktop\9c0ce809c87b54cbd8aa589a2644a74f7f656462.malware.exeTrue1
Fn
FILECREATEfile_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\wtrrifwf\dafgfvjv.exe, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_FLAG_BACKUP_SEMANTICSTrue1
Fn
FILECREATEfile_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\wtrrifwf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_FLAG_BACKUP_SEMANTICSTrue1
Fn
REGCREATE_KEYreg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RunTrue1
Fn
REGWRITE_VALUEreg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, value_name = AppDataLow, data = C:\Users\WI2yhmtI onvScY7Pe\AppData\Roaming\wtrrifwf\dafgfvjv.exeTrue1
Fn
REGOPEN_KEYreg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RunTrue1
Fn
REGOPEN_KEYreg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunTrue1
Fn
FILECREATEfile_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\wtrrifwf\dafgfvjv.exe, desired_access = GENERIC_READ, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMALTrue1
Fn
Thread 0x5cc
(Host: 26, Network: 24)
+
CategoryOperationInformationSuccessCountLogfile
MODCREATE_MAPPINGmodule_name = FCAA85F5B5437C4D7919D716988890AF30565E9EFF, maximum_size = 1024000, protection = PAGE_READWRITE, SEC_COMMITTrue1
Fn
FILECREATEfile_name = c:\users\wi2yhmti onvscy7pe\appdata\roaming\wtrrifwf\wtrrifwf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMALFalse1
Fn
INETOPEN_CONNECTIONTrue1
Fn
INETOPEN_CONNECTIONTrue1
Fn
INETOPEN_SESSIONTrue1
Fn
INETOPEN_HTTP_REQUESTTrue1
Fn
INETSEND_HTTP_REQUESTTrue1
Fn
Data
INETREADTrue3
Fn
Data
SYSSLEEPduration = 284 milliseconds (0.284 seconds)True1
Fn
SYSSLEEPduration = 386 milliseconds (0.386 seconds)True1
Fn
SYSSLEEPduration = 403 milliseconds (0.403 seconds)True1
Fn
SYSSLEEPduration = 399 milliseconds (0.399 seconds)True1
Fn
SYSSLEEPduration = 306 milliseconds (0.306 seconds)True1
Fn
SYSSLEEPduration = 460 milliseconds (0.460 seconds)True1
Fn
SYSSLEEPduration = 330 milliseconds (0.330 seconds)True1
Fn
SYSSLEEPduration = 483 milliseconds (0.483 seconds)True1
Fn
SYSSLEEPduration = 334 milliseconds (0.334 seconds)True1
Fn
SYSSLEEPduration = 405 milliseconds (0.405 seconds)True1
Fn
INETOPEN_CONNECTIONTrue1
Fn
INETOPEN_CONNECTIONTrue1
Fn
INETOPEN_SESSIONTrue1
Fn
INETOPEN_HTTP_REQUESTTrue1
Fn
INETSEND_HTTP_REQUESTTrue1
Fn
Data
INETREADTrue3
Fn
Data
SYSSLEEPduration = 344 milliseconds (0.344 seconds)True1
Fn
SYSSLEEPduration = 411 milliseconds (0.411 seconds)True1
Fn
SYSSLEEPduration = 216 milliseconds (0.216 seconds)True1
Fn
SYSSLEEPduration = 296 milliseconds (0.296 seconds)True1
Fn
SYSSLEEPduration = 436 milliseconds (0.436 seconds)True1
Fn
SYSSLEEPduration = 228 milliseconds (0.228 seconds)True1
Fn
SYSSLEEPduration = 267 milliseconds (0.267 seconds)True1
Fn
SYSSLEEPduration = 413 milliseconds (0.413 seconds)True1
Fn
SYSSLEEPduration = 416 milliseconds (0.416 seconds)True1
Fn
SYSSLEEPduration = 477 milliseconds (0.477 seconds)True1
Fn
INETOPEN_CONNECTIONTrue1
Fn
INETOPEN_CONNECTIONTrue1
Fn
INETOPEN_SESSIONTrue1
Fn
INETOPEN_HTTP_REQUESTTrue1
Fn
INETSEND_HTTP_REQUESTTrue1
Fn
Data
INETREADTrue3
Fn
Data
SYSSLEEPduration = 468 milliseconds (0.468 seconds)True1
Fn
SYSSLEEPduration = 377 milliseconds (0.377 seconds)True1
Fn
SYSSLEEPduration = 287 milliseconds (0.287 seconds)True1
Fn
SYSSLEEPduration = 305 milliseconds (0.305 seconds)True1
Fn
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefox with deactivated setting "security.fileuri.strict_origin_policy".


Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image