VMRay Analyzer Report
Monitored Processes
Process Graph
Behavior Information - Sequential View
Process #1: explorer pro.exe
(Host: 234, Network: 0)
+
InformationValue
ID / OS PID#1 / 0x514
OS Parent PID0x470 (c:\windows\explorer.exe)
Initial Working DirectoryC:\Users\DSsDPMx042\Desktop
File Namec:\users\dssdpmx042\desktop\explorer pro.exe
Command Line"C:\Users\DSsDPMx042\Desktop\Explorer Pro.exe"
MonitorStart Time: 00:00:12, Reason: Analysis Target
UnmonitorEnd Time: 00:00:23, Reason: Terminated
Monitor Duration00:00:11
OS Thread IDs
#1
0x5D4
#2
0x4F4
#3
0x510
#4
0x494
#5
0x5EC
#6
0x60C
#7
0x3BC
#8
0x3C4
#9
0x16C
#10
0x718
#11
0x704
#12
0x4C4
#13
0x394
#14
0x118
#15
0x180
#16
0x4CC
#17
0x7A8
#18
0x5A0
#19
0x5E4
#20
0x698
#21
0x634
#22
0x614
#23
0x658
#24
0x65C
#25
0x498
#26
0x5C4
Region
+
NameStart VAEnd VATypePermissionsMonitoredDumpYARA MatchActions
private_0x00000000000100000x000100000x0002ffffPrivate MemoryReadable, WritableTrueFalseFalse
pagefile_0x00000000000100000x000100000x0001ffffPagefile Backed MemoryReadable, WritableTrueFalseFalse
private_0x00000000000200000x000200000x00020fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000000300000x000300000x0012ffffPrivate MemoryReadable, WritableTrueFalseFalse
pagefile_0x00000000001300000x001300000x00133fffPagefile Backed MemoryReadableTrueFalseFalse
locale.nls0x001400000x001a6fffMemory Mapped FileReadableFalseFalseFalse
pagefile_0x00000000001b00000x001b00000x00277fffPagefile Backed MemoryReadableTrueFalseFalse
private_0x00000000002800000x002800000x00280fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000002900000x002900000x00291fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000002a00000x002a00000x002affffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000002b00000x002b00000x002b0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000002c00000x002c00000x002c0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000002d00000x002d00000x003cffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000003d00000x003d00000x003d0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000003e00000x003e00000x003e0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000003f00000x003f00000x003f0fffPrivate MemoryReadable, WritableTrueFalseFalse
Explorer Pro.exe0x004000000x007aafffMemory Mapped FileReadable, Writable, ExecutableTrueTrueFalse
pagefile_0x00000000007b00000x007b00000x008b0fffPagefile Backed MemoryReadableTrueFalseFalse
pagefile_0x00000000008c00000x008c00000x014bffffPagefile Backed MemoryReadableTrueFalseFalse
private_0x00000000014c00000x014c00000x015b8fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000015c00000x015c00000x015cffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000015c00000x015c00000x015cffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000015c00000x015c00000x015c0fffPrivate MemoryReadable, WritableTrueFalseFalse
pagefile_0x00000000015d00000x015d00000x015d6fffPagefile Backed MemoryReadableTrueFalseFalse
pagefile_0x00000000015e00000x015e00000x015e1fffPagefile Backed MemoryReadable, WritableTrueFalseFalse
msvfw32.dll.mui0x015f00000x015f1fffMemory Mapped FileReadable, WritableFalseFalseFalse
avicap32.dll.mui0x016000000x01601fffMemory Mapped FileReadable, WritableFalseFalseFalse
private_0x00000000016100000x016100000x01640fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000016100000x016100000x01610fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000016500000x016500000x01650fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000016600000x016600000x0166ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000016600000x016600000x01660fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000016700000x016700000x0167ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000016800000x016800000x0177ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000017800000x017800000x0187ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000018800000x018800000x0197ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000019800000x019800000x01a7ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x0000000001a800000x01a800000x01b7ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x0000000001b800000x01b800000x01c7ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x0000000001c800000x01c800000x01d7ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x0000000001d800000x01d800000x01e7ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x0000000001e800000x01e800000x01f7ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x0000000001f800000x01f800000x0207ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000020800000x020800000x0217ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000021800000x021800000x0227ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000022800000x022800000x0237ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000023800000x023800000x0247ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000024800000x024800000x0257ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000025800000x025800000x0267ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000026800000x026800000x0277ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000027800000x027800000x0287ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000028800000x028800000x0297ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000029800000x029800000x02a7ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x0000000002a800000x02a800000x02b7ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x0000000002b800000x02b800000x02c7ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x0000000002c800000x02c800000x02d7ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x0000000002d800000x02d800000x02e7ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x0000000002e800000x02e800000x02f7ffffPrivate MemoryReadable, WritableTrueFalseFalse
SortDefault.nls0x02f800000x0324efffMemory Mapped FileReadableFalseFalseFalse
pagefile_0x00000000032500000x032500000x0365ffffPagefile Backed MemoryReadable, WritableTrueFalseFalse
private_0x00000000032500000x032500000x0326afffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000032700000x032700000x03271fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000032800000x032800000x0328ffffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000032900000x032900000x03290fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000032a00000x032a00000x032a0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000032b00000x032b00000x032b0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000032c00000x032c00000x032c1fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000032d00000x032d00000x032d1fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000032e00000x032e00000x032e1fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000032f00000x032f00000x032f0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000033000000x033000000x03300fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000033100000x033100000x03310fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000033200000x033200000x03320fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000033300000x033300000x0336ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000033700000x033700000x0346ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000034700000x034700000x03470fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000034800000x034800000x03480fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000034900000x034900000x03490fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000034a00000x034a00000x034a0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000034b00000x034b00000x034b0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000034c00000x034c00000x034c0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000034d00000x034d00000x034d0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000034e00000x034e00000x034e0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000034f00000x034f00000x034f1fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000035000000x035000000x03500fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000035100000x035100000x03510fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000035200000x035200000x03520fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000035300000x035300000x03531fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000035400000x035400000x03540fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000035500000x035500000x03550fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000035600000x035600000x03560fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000035700000x035700000x03570fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000035800000x035800000x03580fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000035900000x035900000x03590fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000035a00000x035a00000x035a0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000035b00000x035b00000x035b0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000035c00000x035c00000x035c0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000035d00000x035d00000x035d0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000035e00000x035e00000x035e0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000035f00000x035f00000x035f0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000036000000x036000000x03600fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000036100000x036100000x03610fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000036200000x036200000x03620fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000036300000x036300000x03630fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000036400000x036400000x03640fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000036500000x036500000x03650fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
pagefile_0x00000000036600000x036600000x03a6ffffPagefile Backed MemoryReadable, WritableTrueFalseFalse
private_0x00000000036600000x036600000x03660fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000036700000x036700000x03670fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000036800000x036800000x03680fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000036900000x036900000x03690fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000036a00000x036a00000x036a0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000036b00000x036b00000x036b0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000036c00000x036c00000x036c0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000036d00000x036d00000x036d0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000036e00000x036e00000x036e0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000036f00000x036f00000x036f0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000037000000x037000000x03700fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000037100000x037100000x03710fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000037200000x037200000x03720fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000037300000x037300000x03730fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000037400000x037400000x03740fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000037500000x037500000x03750fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000037600000x037600000x03760fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000037700000x037700000x03771fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000037800000x037800000x03780fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000037900000x037900000x03790fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000037a00000x037a00000x037a0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000037b00000x037b00000x037b0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000037c00000x037c00000x037c0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000037d00000x037d00000x037d0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000037e00000x037e00000x037e0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000037f00000x037f00000x038effffPrivate Memory-TrueFalseFalse
pagefile_0x00000000038f00000x038f00000x039cefffPagefile Backed MemoryReadableTrueFalseFalse
private_0x0000000003a200000x03a200000x03a5ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x0000000003ae00000x03ae00000x03b1ffffPrivate MemoryReadable, WritableTrueFalseFalse
comctl32.dll0x6fb400000x6fbc3fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
winmm.dll0x70d500000x70d81fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
mpr.dll0x724900000x724a1fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
msvfw32.dll0x726500000x72670fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
avicap32.dll0x727100000x72722fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
wsock32.dll0x727300000x72736fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
wkscli.dll0x73b500000x73b5efffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
netutils.dll0x73b600000x73b68fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
netapi32.dll0x73b700000x73b80fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
dwmapi.dll0x73dc00000x73dd2fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
uxtheme.dll0x741300000x7416ffffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
version.dll0x74ae00000x74ae8fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
srvcli.dll0x754300000x75448fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
msasn1.dll0x756000000x7560bfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
KernelBase.dll0x756d00000x75719fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
crypt32.dll0x757700000x7588cfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
shlwapi.dll0x759a00000x759f6fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
rpcrt4.dll0x75a000000x75aa0fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
sechost.dll0x75ad00000x75ae8fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
shell32.dll0x75af00000x76739fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
oleaut32.dll0x767400000x767cefffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
urlmon.dll0x768300000x76965fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
gdi32.dll0x76b100000x76b5dfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
msvcrt.dll0x76b600000x76c0bfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
ole32.dll0x76c100000x76d6bfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
nsi.dll0x76d700000x76d75fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
lpk.dll0x76d800000x76d89fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
kernel32.dll0x76d900000x76e63fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
wininet.dll0x76e700000x76f64fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
msctf.dll0x76f700000x7703bfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
ws2_32.dll0x770700000x770a4fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
iertutil.dll0x770b00000x772aafffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
usp10.dll0x772b00000x7734cfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
advapi32.dll0x773500000x773effffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
ntdll.dll0x774400000x7757bfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
imm32.dll0x775800000x7759efffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
user32.dll0x775a00000x77668fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
apisetschema.dll0x776800000x77680fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
pagefile_0x000000007f6f00000x7f6f00000x7f7effffPagefile Backed MemoryReadableTrueFalseFalse
private_0x000000007ffa20000x7ffa20000x7ffa2fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ffa30000x7ffa30000x7ffa3fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ffa40000x7ffa40000x7ffa4fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ffa50000x7ffa50000x7ffa5fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ffa60000x7ffa60000x7ffa6fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ffa70000x7ffa70000x7ffa7fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ffa80000x7ffa80000x7ffa8fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ffa90000x7ffa90000x7ffa9fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ffaa0000x7ffaa0000x7ffaafffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ffab0000x7ffab0000x7ffabfffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ffac0000x7ffac0000x7ffacfffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ffad0000x7ffad0000x7ffadfffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ffae0000x7ffae0000x7ffaefffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ffaf0000x7ffaf0000x7ffaffffPrivate MemoryReadable, WritableTrueFalseFalse
pagefile_0x000000007ffb00000x7ffb00000x7ffd2fffPagefile Backed MemoryReadableTrueFalseFalse
private_0x000000007ffd30000x7ffd30000x7ffd3fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ffd40000x7ffd40000x7ffd4fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ffd50000x7ffd50000x7ffd5fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ffd60000x7ffd60000x7ffd6fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ffd70000x7ffd70000x7ffd7fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ffd80000x7ffd80000x7ffd8fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ffd90000x7ffd90000x7ffd9fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ffda0000x7ffda0000x7ffdafffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ffdb0000x7ffdb0000x7ffdbfffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ffdc0000x7ffdc0000x7ffdcfffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ffdd0000x7ffdd0000x7ffddfffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ffde0000x7ffde0000x7ffdefffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ffdf0000x7ffdf0000x7ffdffffPrivate MemoryReadable, WritableTrueFalseFalse
Threads
Thread 0x5d4
(Host: 176, Network: 0)
+
CategoryOperationInformationSuccessCountLogfile
MODLOADmodule_name = USER32.dll, base_address = 0x775a0000True1
Fn
MODLOADmodule_name = ADVAPI32.dll, base_address = 0x77350000True1
Fn
MODLOADmodule_name = NTDLL.dll, base_address = 0x77440000True1
Fn
FILECREATEfile_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMALFalse1
Fn
FILECREATEfile_name = siwvid, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMALFalse1
Fn
FILECREATEfile_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMALFalse1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\system32\kernel32.dll, function = GetNativeSystemInfo, address = 0x76dcbe77True1
Fn
MODLOADmodule_name = ADVAPI32.DLL, base_address = 0x77350000True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\system32\advapi32.dll, function = OpenSCManagerA, address = 0x77362bd8True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\system32\advapi32.dll, function = ControlService, address = 0x77377144True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\system32\advapi32.dll, function = DeleteService, address = 0x7737715cTrue1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\system32\advapi32.dll, function = OpenServiceA, address = 0x77362bf0True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\system32\advapi32.dll, function = CloseServiceHandle, address = 0x7736369cTrue1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\system32\advapi32.dll, function = CreateServiceA, address = 0x77393158True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\system32\advapi32.dll, function = StartServiceA, address = 0x77393543True1
Fn
REGCREATE_KEYreg_name = HKEY_LOCAL_MACHINE\Software\WinLicenseTrue1
Fn
REGWRITE_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\WinLicense, value_name = CheckIN, data = 1True1
Fn
DBGPRINTtype = DEBUG_STRING, text = %s------------------------------------------------ --- WinLicense Professional --- --- (c)2007 Oreans Technologies --- ------------------------------------------------ True1
Fn
MODLOADmodule_name = NTDLL, base_address = 0x77440000True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\system32\ntdll.dll, function = NtOpenThread, address = 0x77485e08True1
Fn
MODLOADmodule_name = winmm.dll, base_address = 0x70d50000True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\system32\winmm.dll, function = timeGetTime, address = 0x70d526e0True1
Fn
SYSSLEEPduration = 0 milliseconds (0.000 seconds)True9
Fn
MODGET_HANDLEmodule_name = c:\windows\system32\ntdll.dll, base_address = 0x77440000True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\system32\ntdll.dll, function = NtQuerySystemInformation, address = 0x774861f8True1
Fn
SYSGET_INFOtype = SYSTEM_MODULE_INFORMATIONTrue1
Fn
MODGET_HANDLEmodule_name = c:\windows\system32\ntdll.dll, base_address = 0x77440000True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\system32\ntdll.dll, function = NtQuerySystemInformation, address = 0x774861f8True1
Fn
SYSGET_INFOtype = SYSTEM_MODULE_INFORMATIONTrue1
Fn
WNDFINDclass_name = OLLYDBGFalse1
Fn
WNDFINDclass_name = GBDYLLOFalse1
Fn
WNDFINDclass_name = pediy06False1
Fn
SYSSLEEPduration = 0 milliseconds (0.000 seconds)True3
Fn
DBGCHECK_FOR_PRESENCEtype = DEBUGGER, process_name = c:\users\dssdpmx042\desktop\explorer pro.exe, os_pid = 0x514True1
Fn
SYSSLEEPduration = 0 milliseconds (0.000 seconds)True1
Fn
WNDFINDclass_name = FilemonClassFalse1
Fn
WNDFINDwindow_name = File Monitor - Sysinternals: www.sysinternals.comFalse1
Fn
WNDFINDclass_name = PROCMON_WINDOW_CLASSFalse1
Fn
WNDFINDwindow_name = Process Monitor - Sysinternals: www.sysinternals.comFalse1
Fn
MODGET_HANDLEmodule_name = c:\windows\system32\ntdll.dll, base_address = 0x77440000True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\system32\ntdll.dll, function = NtQuerySystemInformation, address = 0x774861f8True1
Fn
SYSGET_INFOtype = SYSTEM_MODULE_INFORMATIONTrue1
Fn
SYSSLEEPduration = 0 milliseconds (0.000 seconds)True1
Fn
DBGCHECK_FOR_PRESENCEtype = DEBUGGER, process_name = c:\users\dssdpmx042\desktop\explorer pro.exe, os_pid = 0x514True1
Fn
WNDFINDclass_name = RegmonClassFalse1
Fn
WNDFINDwindow_name = Registry Monitor - Sysinternals: www.sysinternals.comFalse1
Fn
WNDFINDclass_name = 18467-41False1
Fn
MODGET_HANDLEmodule_name = c:\windows\system32\ntdll.dll, base_address = 0x77440000True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\system32\ntdll.dll, function = NtQuerySystemInformation, address = 0x774861f8True1
Fn
SYSGET_INFOtype = SYSTEM_MODULE_INFORMATIONTrue1
Fn
MODGET_HANDLEmodule_name = c:\windows\system32\ntdll.dll, base_address = 0x77440000True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\system32\ntdll.dll, function = NtQuerySystemInformation, address = 0x774861f8True1
Fn
SYSGET_INFOtype = SYSTEM_MODULE_INFORMATIONTrue1
Fn
MODGET_HANDLEmodule_name = c:\windows\system32\ntdll.dll, base_address = 0x77440000True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\system32\ntdll.dll, function = NtQuerySystemInformation, address = 0x774861f8True1
Fn
SYSGET_INFOtype = SYSTEM_MODULE_INFORMATIONTrue1
Fn
SYSSLEEPduration = 0 milliseconds (0.000 seconds)True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\system32\ntdll.dll, function = RtlAllocateHeap, address = 0x77492dd6True1
Fn
MODGET_FILENAMEfile_name = C:\Users\DSsDPMx042\Desktop\Explorer Pro.exeTrue1
Fn
PROCSET_CURDIRprocess_name = c:\users\dssdpmx042\desktop\explorer pro.exe, os_pid = 0x514, new_path_name = c:\users\dssdpmx042\desktopTrue1
Fn
MODLOADmodule_name = kernel32.dll, base_address = 0x76d90000True1
Fn
MODLOADmodule_name = user32.dll, base_address = 0x775a0000True1
Fn
MODLOADmodule_name = advapi32.dll, base_address = 0x77350000True1
Fn
MODLOADmodule_name = oleaut32.dll, base_address = 0x76740000True1
Fn
MODLOADmodule_name = kernel32.dll, base_address = 0x76d90000True1
Fn
MODLOADmodule_name = advapi32.dll, base_address = 0x77350000True1
Fn
MODLOADmodule_name = kernel32.dll, base_address = 0x76d90000True1
Fn
MODLOADmodule_name = mpr.dll, base_address = 0x72490000True1
Fn
MODLOADmodule_name = version.dll, base_address = 0x74ae0000True1
Fn
MODLOADmodule_name = gdi32.dll, base_address = 0x76b10000True1
Fn
MODLOADmodule_name = user32.dll, base_address = 0x775a0000True1
Fn
MODLOADmodule_name = kernel32.dll, base_address = 0x76d90000True1
Fn
MODLOADmodule_name = oleaut32.dll, base_address = 0x76740000True1
Fn
MODLOADmodule_name = comctl32.dll, base_address = 0x6fb40000True1
Fn
MODLOADmodule_name = shell32.dll, base_address = 0x75af0000True1
Fn
MODLOADmodule_name = wininet.dll, base_address = 0x76e70000True1
Fn
MODLOADmodule_name = advapi32.dll, base_address = 0x77350000True1
Fn
MODLOADmodule_name = winmm.dll, base_address = 0x70d50000True1
Fn
MODLOADmodule_name = netapi32.dll, base_address = 0x73b70000True1
Fn
MODLOADmodule_name = wsock32.dll, base_address = 0x72730000True1
Fn
MODLOADmodule_name = AVICAP32.dll, base_address = 0x72710000True1
Fn
MODLOADmodule_name = MSVFW32.DLL, base_address = 0x72650000True1
Fn
MODLOADmodule_name = URLMON.DLL, base_address = 0x76830000True1
Fn
MODLOADmodule_name = WS2_32.DLL, base_address = 0x77070000True1
Fn
MODLOADmodule_name = ADVAPI32.DLL, base_address = 0x77350000True1
Fn
PROCSET_CURDIRprocess_name = c:\users\dssdpmx042\desktop\explorer pro.exe, os_pid = 0x514, new_path_name = c:\users\dssdpmx042\desktopTrue1
Fn
SYSSLEEPduration = 0 milliseconds (0.000 seconds)True1
Fn
MODLOADmodule_name = NTDLL, base_address = 0x77440000True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\system32\ntdll.dll, function = ZwFlushKey, address = 0x77485988True1
Fn
FILECREATEdesired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMALFalse1
Fn
DRVCONTROLcontrol_code = 0x1a00False1
Fn
SYSSLEEPduration = 0 milliseconds (0.000 seconds)True4
Fn
DBGCHECK_FOR_PRESENCEtype = DEBUGGER, process_name = c:\users\dssdpmx042\desktop\explorer pro.exe, os_pid = 0x514True1
Fn
SYSSLEEPduration = 0 milliseconds (0.000 seconds)True18
Fn
WNDFINDclass_name = FilemonClassFalse1
Fn
WNDFINDwindow_name = File Monitor - Sysinternals: www.sysinternals.comFalse1
Fn
WNDFINDclass_name = PROCMON_WINDOW_CLASSFalse1
Fn
WNDFINDwindow_name = Process Monitor - Sysinternals: www.sysinternals.comFalse1
Fn
MODGET_HANDLEmodule_name = c:\windows\system32\ntdll.dll, base_address = 0x77440000True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\system32\ntdll.dll, function = NtQuerySystemInformation, address = 0x774861f8True1
Fn
SYSGET_INFOtype = SYSTEM_MODULE_INFORMATIONTrue1
Fn
SYSSLEEPduration = 0 milliseconds (0.000 seconds)True5
Fn
MODGET_HANDLEmodule_name = c:\windows\system32\ws2_32.dll, base_address = 0x77070000True26
Fn
SYSSLEEPduration = 0 milliseconds (0.000 seconds)True6
Fn
FILECREATEfile_name = c:\program files\common files\microsoft shared\msinfo\fieleway.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMALTrue1
Fn
FILECREATEfile_name = c:\users\dssdpmx042\desktop\explorer pro.exe, desired_access = GENERIC_READ, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMALTrue1
Fn
PROCCREATEprocess_name = "C:\program files\internet explorer\IEXPLORE.EXE", os_tid = 0x500, os_pid = 0x578, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDETrue1
Fn
THREADGET_CONTEXTos_tid = 0x500True1
Fn
MODUNMAPprocess_name = "C:\program files\internet explorer\IEXPLORE.EXE", os_pid = 0x578, base_address = 0x13d0000True1
Fn
MEMALLOCaddress = 0x400000, process_name = "C:\program files\internet explorer\IEXPLORE.EXE", os_pid = 0x578, size = 3846144, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITETrue1
Fn
THREADSET_CONTEXTprocess_name = c:\program files\internet explorer\iexplore.exe, os_tid = 0x500, os_pid = 0x578True1
Fn
SYSGET_CURSORx_out = 897, y_out = 336True1
Fn
Thread 0x4f4
(Host: 2, Network: 0)
+
CategoryOperationInformationSuccessCountLogfile
SYSSLEEPduration = 0 milliseconds (0.000 seconds)True2
Fn
Thread 0x510
(Host: 3, Network: 0)
+
CategoryOperationInformationSuccessCountLogfile
SYSSLEEPduration = 0 milliseconds (0.000 seconds)True3
Fn
Thread 0x494
(Host: 3, Network: 0)
+
CategoryOperationInformationSuccessCountLogfile
SYSSLEEPduration = 0 milliseconds (0.000 seconds)True3
Fn
Thread 0x5ec
(Host: 3, Network: 0)
+
CategoryOperationInformationSuccessCountLogfile
SYSSLEEPduration = 0 milliseconds (0.000 seconds)True3
Fn
Thread 0x60c
(Host: 2, Network: 0)
+
CategoryOperationInformationSuccessCountLogfile
SYSSLEEPduration = 0 milliseconds (0.000 seconds)True2
Fn
Thread 0x3bc
(Host: 4, Network: 0)
+
CategoryOperationInformationSuccessCountLogfile
SYSSLEEPduration = 0 milliseconds (0.000 seconds)True4
Fn
Thread 0x3c4
(Host: 3, Network: 0)
+
CategoryOperationInformationSuccessCountLogfile
SYSSLEEPduration = 0 milliseconds (0.000 seconds)True3
Fn
Thread 0x16c
(Host: 3, Network: 0)
+
CategoryOperationInformationSuccessCountLogfile
SYSSLEEPduration = 0 milliseconds (0.000 seconds)True3
Fn
Thread 0x718
(Host: 1, Network: 0)
+
CategoryOperationInformationSuccessCountLogfile
SYSSLEEPduration = 0 milliseconds (0.000 seconds)True1
Fn
Thread 0x704
(Host: 6, Network: 0)
+
CategoryOperationInformationSuccessCountLogfile
SYSSLEEPduration = 0 milliseconds (0.000 seconds)True6
Fn
Thread 0x4c4
(Host: 2, Network: 0)
+
CategoryOperationInformationSuccessCountLogfile
SYSSLEEPduration = 0 milliseconds (0.000 seconds)True2
Fn
Thread 0x394
(Host: 4, Network: 0)
+
CategoryOperationInformationSuccessCountLogfile
SYSSLEEPduration = 0 milliseconds (0.000 seconds)True4
Fn
Thread 0x118
(Host: 5, Network: 0)
+
CategoryOperationInformationSuccessCountLogfile
SYSSLEEPduration = 0 milliseconds (0.000 seconds)True5
Fn
Thread 0x180
(Host: 4, Network: 0)
+
CategoryOperationInformationSuccessCountLogfile
SYSSLEEPduration = 0 milliseconds (0.000 seconds)True4
Fn
Thread 0x4cc
(Host: 1, Network: 0)
+
CategoryOperationInformationSuccessCountLogfile
SYSSLEEPduration = 0 milliseconds (0.000 seconds)True1
Fn
Thread 0x7a8
(Host: 3, Network: 0)
+
CategoryOperationInformationSuccessCountLogfile
SYSSLEEPduration = 0 milliseconds (0.000 seconds)True3
Fn
Thread 0x5a0
(Host: 1, Network: 0)
+
CategoryOperationInformationSuccessCountLogfile
SYSSLEEPduration = 2001 milliseconds (2.001 seconds)True1
Fn
Thread 0x5e4
(Host: 1, Network: 0)
+
CategoryOperationInformationSuccessCountLogfile
SYSSLEEPduration = 2001 milliseconds (2.001 seconds)True1
Fn
Thread 0x698
(Host: 1, Network: 0)
+
CategoryOperationInformationSuccessCountLogfile
SYSSLEEPduration = 2001 milliseconds (2.001 seconds)True1
Fn
Thread 0x634
(Host: 1, Network: 0)
+
CategoryOperationInformationSuccessCountLogfile
SYSSLEEPduration = 2001 milliseconds (2.001 seconds)True1
Fn
Thread 0x614
(Host: 1, Network: 0)
+
CategoryOperationInformationSuccessCountLogfile
SYSSLEEPduration = 2001 milliseconds (2.001 seconds)True1
Fn
Thread 0x658
(Host: 1, Network: 0)
+
CategoryOperationInformationSuccessCountLogfile
SYSSLEEPduration = 2001 milliseconds (2.001 seconds)True1
Fn
Thread 0x65c
(Host: 1, Network: 0)
+
CategoryOperationInformationSuccessCountLogfile
SYSSLEEPduration = 2001 milliseconds (2.001 seconds)True1
Fn
Thread 0x498
(Host: 1, Network: 0)
+
CategoryOperationInformationSuccessCountLogfile
SYSSLEEPduration = 2001 milliseconds (2.001 seconds)True1
Fn
Thread 0x5c4
(Host: 1, Network: 0)
+
CategoryOperationInformationSuccessCountLogfile
SYSSLEEPduration = 4000 milliseconds (4.000 seconds)True1
Fn
Process #2: iexplore.exe
(Host: 1023, Network: 0)
+
InformationValue
ID / OS PID#2 / 0x578
OS Parent PID0x514 (c:\users\dssdpmx042\desktop\explorer pro.exe)
Initial Working DirectoryC:\Users\DSsDPMx042\Desktop
File Namec:\program files\internet explorer\iexplore.exe
Command Line"C:\program files\internet explorer\IEXPLORE.EXE"
MonitorStart Time: 00:00:22, Reason: Child Process
UnmonitorEnd Time: 00:02:21, Reason: Terminated by Timeout
Monitor Duration00:01:59
OS Thread IDs
#27
0x500
Region
+
NameStart VAEnd VATypePermissionsMonitoredDumpYARA MatchActions
private_0x00000000000100000x000100000x0002ffffPrivate MemoryReadable, WritableTrueFalseFalse
pagefile_0x00000000000100000x000100000x0001ffffPagefile Backed MemoryReadable, WritableTrueFalseFalse
private_0x00000000000200000x000200000x00020fffPrivate MemoryReadable, WritableTrueFalseFalse
pagefile_0x00000000000300000x000300000x00033fffPagefile Backed MemoryReadableTrueFalseFalse
locale.nls0x000400000x000a6fffMemory Mapped FileReadableFalseFalseFalse
private_0x00000000000b00000x000b00000x000b0fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000000c00000x000c00000x000c1fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000000d00000x000d00000x000d0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000000e00000x000e00000x000e0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000000f00000x000f00000x000f0fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000001000000x001000000x00100fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000001100000x001100000x00110fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000001500000x001500000x0015ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000001700000x001700000x0026ffffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000002f00000x002f00000x003effffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x00000000004000000x004000000x007aafffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
pagefile_0x00000000007b00000x007b00000x00877fffPagefile Backed MemoryReadableTrueFalseFalse
private_0x00000000008800000x008800000x00978fffPrivate MemoryReadable, Writable, ExecutableTrueFalseFalse
private_0x00000000009800000x009800000x0098ffffPrivate MemoryReadable, WritableTrueFalseFalse
pagefile_0x00000000009900000x009900000x00a90fffPagefile Backed MemoryReadableTrueFalseFalse
pagefile_0x0000000000aa00000x00aa00000x0169ffffPagefile Backed MemoryReadableTrueFalseFalse
comctl32.dll0x6fb400000x6fbc3fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
winmm.dll0x70d500000x70d81fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
KernelBase.dll0x756d00000x75719fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
rpcrt4.dll0x75a000000x75aa0fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
sechost.dll0x75ad00000x75ae8fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
gdi32.dll0x76b100000x76b5dfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
msvcrt.dll0x76b600000x76c0bfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
lpk.dll0x76d800000x76d89fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
kernel32.dll0x76d900000x76e63fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
msctf.dll0x76f700000x7703bfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
usp10.dll0x772b00000x7734cfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
advapi32.dll0x773500000x773effffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
ntdll.dll0x774400000x7757bfffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
imm32.dll0x775800000x7759efffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
user32.dll0x775a00000x77668fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
apisetschema.dll0x776800000x77680fffMemory Mapped FileReadable, Writable, ExecutableFalseFalseFalse
pagefile_0x000000007f6f00000x7f6f00000x7f7effffPagefile Backed MemoryReadableTrueFalseFalse
pagefile_0x000000007ffb00000x7ffb00000x7ffd2fffPagefile Backed MemoryReadableTrueFalseFalse
private_0x000000007ffd80000x7ffd80000x7ffd8fffPrivate MemoryReadable, WritableTrueFalseFalse
private_0x000000007ffdf0000x7ffdf0000x7ffdffffPrivate MemoryReadable, WritableTrueFalseFalse
Injection Information
+
Injection TypeSource ProcessSource Os Thread IDInjection InfoSuccessCountLogfile
Modify Control Flowc:\users\dssdpmx042\desktop\explorer pro.exe0x5d4os_thread_id = 0x500True1
Fn
Threads
Thread 0x500
(Host: 1023, Network: 0)
+
CategoryOperationInformationSuccessCountLogfile
MODLOADmodule_name = USER32.dll, base_address = 0x775a0000True1
Fn
MODLOADmodule_name = ADVAPI32.dll, base_address = 0x77350000True1
Fn
MODLOADmodule_name = NTDLL.dll, base_address = 0x77440000True1
Fn
FILECREATEfile_name = sice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMALFalse1
Fn
FILECREATEfile_name = siwvid, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMALFalse1
Fn
FILECREATEfile_name = ntice, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMALFalse1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\system32\kernel32.dll, function = GetNativeSystemInfo, address = 0x76dcbe77True1
Fn
MODLOADmodule_name = ADVAPI32.DLL, base_address = 0x77350000True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\system32\advapi32.dll, function = OpenSCManagerA, address = 0x77362bd8True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\system32\advapi32.dll, function = ControlService, address = 0x77377144True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\system32\advapi32.dll, function = DeleteService, address = 0x7737715cTrue1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\system32\advapi32.dll, function = OpenServiceA, address = 0x77362bf0True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\system32\advapi32.dll, function = CloseServiceHandle, address = 0x7736369cTrue1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\system32\advapi32.dll, function = CreateServiceA, address = 0x77393158True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\system32\advapi32.dll, function = StartServiceA, address = 0x77393543True1
Fn
REGCREATE_KEYreg_name = HKEY_LOCAL_MACHINE\Software\WinLicenseTrue1
Fn
REGWRITE_VALUEreg_name = HKEY_LOCAL_MACHINE\Software\WinLicense, value_name = CheckIN, data = 1True1
Fn
DBGPRINTtype = DEBUG_STRING, text = %s------------------------------------------------ --- WinLicense Professional --- --- (c)2007 Oreans Technologies --- ------------------------------------------------ True1
Fn
MODLOADmodule_name = NTDLL, base_address = 0x77440000True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\system32\ntdll.dll, function = NtOpenThread, address = 0x77485e08True1
Fn
MODLOADmodule_name = winmm.dll, base_address = 0x70d50000True1
Fn
MODGET_PROC_ADDRESSmodule_name = c:\windows\system32\winmm.dll, function = timeGetTime, address = 0x70d526e0True1
Fn
SYSSLEEPduration = 0 milliseconds (0.000 seconds)True1001
Fn
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefox with deactivated setting "security.fileuri.strict_origin_policy".


Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image