malwr.ee
Open in
urlscan Pro
217.146.75.137
Public Scan
URL:
https://malwr.ee/analysis/5160245/summary
Submission: On December 08 via api from US — Scanned from US
Submission: On December 08 via api from US — Scanned from US
Form analysis 1 forms found in the DOM
<form class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<h4><i class="fa fa-bug"></i> Feedback</h4>
</div>
<p class="modal-section arrow">Expecting different results? Share this analysis report with us and we’ll investigate it. Please include a brief message of what you had expected to see and what you got instead.</p>
<div class="modal-section modal-form arrow">
<div class="form-col">
<fieldset>
<input type="text" name="name" id="feedback-name" required="">
<label for="feedback-name">Your name</label>
</fieldset>
<fieldset>
<input type="text" name="email" id="feedback-email" required="">
<label for="feedback-email">Your email</label>
</fieldset>
</div>
<div class="form-col">
<fieldset>
<input type="text" name="company" id="feedback-company" required="">
<label for="feedback-company">Your company</label>
</fieldset>
</div>
</div>
<div class="modal-section modal-form arrow">
<textarea name="message" id="feedback-message" placeholder="Describe to us what does not seem to work properly."></textarea>
</div>
<div class="modal-section modal-form arrow arrow-center" id="feedback-includes">
<div class="modal-form__checkbox">
<input type="checkbox" name="include_analysis" id="feedback-analysis" disabled="">
<label for="feedback-analysis"><span></span> Include analysis</label>
</div>
<div class="modal-form__checkbox">
<input type="checkbox" name="include_memdump" id="feedback-memdump" disabled="">
<label for="feedback-memdump"><span></span> Include memory dump</label>
</div>
</div>
<div class="modal-section modal-form no-flex center">
<p id="feedback-size">Estimated report size: <strong class="file-estimation">estimating...</strong></p>
<button class="modal-submit" type="submit" formnovalidate="">Send feedback report</button>
<p>or <a href="modal:cancel">cancel</a></p>
</div>
<div class="modal-section modal-footer center"></div>
</div>
</form>Text Content
* Dashboard
* Recent
* Pending
* Search
* Submit
* Import
* SELECT THEME
* Default
* Cyborg
* Night
BROWSER RECOMMENDATION
Hello, we noticed that you are using . For the best performance of this
application, we recommend to use Chrome, Firefox or any browser that supports
WebKit.
Dismiss Don't show again
* Summary
* Static Analysis
* Extracted Artifacts
* Behavioral Analysis 2
* Network Analysis
* Dropped Files 2
* Dropped Buffers
* IntelMQ 10
* Process Memory
* Compare Analysis
* Export Analysis
* Reboot Analysis
* Options
* Feedback
*
SUMMARY
CC440_Full_Patch.exe
FILE CC440_FULL_PATCH.EXE
SUMMARY
DOWNLOAD RESUBMIT SAMPLE
Size 204.1MB Type PE32 executable (GUI) Intel 80386, for MS Windows MD5
bb516048444773c8126a27d53d8d1f86 SHA1 646393a8aef32dd75d56badf1762a7eb33d1aa8a
SHA256 3da51cf8f00ea03e526125c09e005fdf1de8b19a1e9feebf1118dc5c427511f9 SHA512
Show SHA512
3996c4e863d76516313a0f1a3e07bc5c61d728918c10263c1ec37acb4087830fbc278c72a82fcfd98f1215fc83b6c4ff251bdd08b9f38b9fcec7bdf4f3864972
CRC32 4E16148D ssdeep None PDB Path C:\CodeBases\isdev\redist\Language
Independent\i386\ISP\setup.pdb Yara
* DebuggerCheck__QueryInfo - (no description)
* ThreadControl__Context - (no description)
* anti_dbg - Checks if being debugged
* network_http - Communications over HTTP
* network_dga - Communication using dga
* escalate_priv - Escalade priviledges
* screenshot - Take screenshot
* win_mutex - Create or check mutex
* win_registry - Affect system registries
* win_token - Affect system token
SCORE
This file shows some signs of potential malicious behavior.
The score of this file is 1.6 out of 10.
Please notice: The scoring system is currently still in development and should
be considered an alpha feature.
--------------------------------------------------------------------------------
AUTOSUBMIT
5160252
5160253
FEEDBACK
Expecting different results? Send us this analysis and we will inspect it. Click
here
INFORMATION ON EXECUTION
Analysis
Category Started Completed Duration Routing Logs FILE Aug. 31, 2024, 6:07 p.m.
Aug. 31, 2024, 6:09 p.m. 147 seconds internet Show Analyzer Log
Show Cuckoo Log
ANALYZER LOG
2024-08-31 18:04:42,015 [analyzer] DEBUG: Starting analyzer from: C:\tmp1xmcit
2024-08-31 18:04:42,015 [analyzer] DEBUG: Pipe server name: \??\PIPE\YpLiPngfquQqAuNBpqGDXlqzY
2024-08-31 18:04:42,015 [analyzer] DEBUG: Log pipe server name: \??\PIPE\LMNKqzAqqIqExalv
2024-08-31 18:04:42,233 [analyzer] DEBUG: Started auxiliary module Curtain
2024-08-31 18:04:42,233 [analyzer] DEBUG: Started auxiliary module DbgView
2024-08-31 18:04:42,717 [analyzer] DEBUG: Started auxiliary module Disguise
2024-08-31 18:04:42,905 [analyzer] DEBUG: Loaded monitor into process with pid 508
2024-08-31 18:04:42,905 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2024-08-31 18:04:42,905 [analyzer] DEBUG: Started auxiliary module Human
2024-08-31 18:04:42,905 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2024-08-31 18:04:42,905 [analyzer] DEBUG: Started auxiliary module Reboot
2024-08-31 18:04:42,967 [analyzer] DEBUG: Started auxiliary module RecentFiles
2024-08-31 18:04:42,967 [analyzer] DEBUG: Started auxiliary module Screenshots
2024-08-31 18:04:42,967 [analyzer] DEBUG: Started auxiliary module Sysmon
2024-08-31 18:04:42,967 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2024-08-31 18:04:45,187 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\CC440_Full_Patch.exe' with arguments '' and pid 2880
2024-08-31 18:04:45,375 [analyzer] DEBUG: Loaded monitor into process with pid 2880
2024-08-31 18:04:45,421 [analyzer] INFO: Added new file to list with pid 2880 and path C:\Users\Administrator\AppData\Local\Temp\{59D04536-ECB1-41ED-88FB-C8C7784FB92A}\Disk1\0x0409.ini
2024-08-31 18:04:45,437 [analyzer] INFO: Added new file to list with pid 2880 and path C:\Users\Administrator\AppData\Local\Temp\{59D04536-ECB1-41ED-88FB-C8C7784FB92A}\Disk1\data1.cab
2024-08-31 18:04:45,812 [analyzer] INFO: Added new file to list with pid 2880 and path C:\Users\Administrator\AppData\Local\Temp\{59D04536-ECB1-41ED-88FB-C8C7784FB92A}\Disk1\data1.hdr
2024-08-31 18:04:45,842 [analyzer] INFO: Added new file to list with pid 2880 and path C:\Users\Administrator\AppData\Local\Temp\{59D04536-ECB1-41ED-88FB-C8C7784FB92A}\Disk1\ISSetup.dll
2024-08-31 18:04:46,000 [analyzer] INFO: Added new file to list with pid 2880 and path C:\Users\Administrator\AppData\Local\Temp\{59D04536-ECB1-41ED-88FB-C8C7784FB92A}\Disk1\layout.bin
2024-08-31 18:04:46,000 [analyzer] INFO: Added new file to list with pid 2880 and path C:\Users\Administrator\AppData\Local\Temp\{59D04536-ECB1-41ED-88FB-C8C7784FB92A}\Disk1\setup.exe
2024-08-31 18:04:46,140 [analyzer] INFO: Added new file to list with pid 2880 and path C:\Users\Administrator\AppData\Local\Temp\{59D04536-ECB1-41ED-88FB-C8C7784FB92A}\Disk1\setup.ini
2024-08-31 18:04:46,155 [analyzer] INFO: Added new file to list with pid 2880 and path C:\Users\Administrator\AppData\Local\Temp\{59D04536-ECB1-41ED-88FB-C8C7784FB92A}\setup.ini
2024-08-31 18:04:46,187 [analyzer] INFO: Added new file to list with pid 2880 and path C:\Users\Administrator\AppData\Local\Temp\{59D04536-ECB1-41ED-88FB-C8C7784FB92A}\setup.exe
2024-08-31 18:04:46,500 [analyzer] INFO: Injected into process with pid 788 and name ''
2024-08-31 18:04:46,812 [analyzer] DEBUG: Loaded monitor into process with pid 788
2024-08-31 18:04:46,875 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{59D04536-ECB1-41ED-88FB-C8C7784FB92A}\0x0409.ini
2024-08-31 18:04:46,890 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{59D04536-ECB1-41ED-88FB-C8C7784FB92A}\ISSetup.dll
2024-08-31 18:04:47,592 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\setECCB.tmp
2024-08-31 18:04:47,640 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\ProED49.tmp
2024-08-31 18:04:47,655 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\RemED59.tmp
2024-08-31 18:04:47,671 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\RLGED6A.tmp
2024-08-31 18:04:47,703 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\EndED7B.tmp
2024-08-31 18:04:47,703 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\RLIED8B.tmp
2024-08-31 18:04:47,812 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\DelEDFA.tmp
2024-08-31 18:04:47,828 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\msvEE0A.tmp
2024-08-31 18:04:47,875 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\vcrEE2B.tmp
2024-08-31 18:04:47,890 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\RLSEE3B.tmp
2024-08-31 18:04:48,000 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\DelEEB9.tmp
2024-08-31 18:04:48,015 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\RLPEEBA.tmp
2024-08-31 18:04:48,030 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\PhyEECB.tmp
2024-08-31 18:04:48,030 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\FilEEDB.tmp
2024-08-31 18:04:48,046 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\sheEEEC.tmp
2024-08-31 18:04:48,062 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\FonEEED.tmp
2024-08-31 18:04:48,062 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\DIFEEFE.tmp
2024-08-31 18:04:48,078 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\corEF0E.tmp
2024-08-31 18:04:48,092 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\dotEF0F.tmp
2024-08-31 18:04:48,092 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\dotEF20.tmp
2024-08-31 18:04:48,108 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\ISBEF31.tmp
2024-08-31 18:04:48,125 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\StrEF41.tmp
2024-08-31 18:04:48,155 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\isrEF52.tmp
2024-08-31 18:04:48,187 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\defEF72.tmp
2024-08-31 18:04:48,203 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\_isEF92.tmp
2024-08-31 18:04:48,280 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\_isEFE1.tmp
2024-08-31 17:09:20,871 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2024-08-31 17:09:21,105 [lib.api.process] ERROR: Failed to dump memory of 32-bit process with pid 2880.
2024-08-31 17:09:21,213 [lib.api.process] ERROR: Failed to dump memory of 32-bit process with pid 788.
2024-08-31 17:09:21,480 [analyzer] INFO: Terminating remaining processes before shutdown.
2024-08-31 17:09:21,480 [lib.api.process] INFO: Successfully terminated process with pid 2880.
2024-08-31 17:09:21,480 [lib.api.process] INFO: Successfully terminated process with pid 788.
2024-08-31 17:09:22,010 [analyzer] INFO: Analysis completed.
CUCKOO LOG
2024-08-31 18:07:17,628 [cuckoo.core.scheduler] INFO: Task #5160245: acquired machine win7x6414 (label=win7x6414)
2024-08-31 18:07:17,629 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.214 for task #5160245
2024-08-31 18:07:18,331 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 1361307 (interface=vboxnet0, host=192.168.168.214)
2024-08-31 18:08:18,261 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6414
2024-08-31 18:08:19,471 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6414 to vmcloak
2024-08-31 18:08:31,056 [cuckoo.core.guest] INFO: Starting analysis #5160245 on guest (id=win7x6414, ip=192.168.168.214)
2024-08-31 18:08:32,062 [cuckoo.core.guest] DEBUG: win7x6414: not ready yet
2024-08-31 18:08:37,085 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6414, ip=192.168.168.214)
2024-08-31 18:08:37,172 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6414, ip=192.168.168.214, monitor=latest, size=6660546)
2024-08-31 18:08:48,642 [cuckoo.core.resultserver] DEBUG: Task #5160245: live log analysis.log initialized.
2024-08-31 18:08:49,491 [cuckoo.core.resultserver] DEBUG: Task #5160245 is sending a BSON stream
2024-08-31 18:08:50,844 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'shots/0001.jpg'
2024-08-31 18:08:50,900 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 133474
2024-08-31 18:08:51,944 [cuckoo.core.resultserver] DEBUG: Task #5160245 is sending a BSON stream
2024-08-31 18:08:53,381 [cuckoo.core.resultserver] DEBUG: Task #5160245 is sending a BSON stream
2024-08-31 18:08:54,081 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'shots/0002.jpg'
2024-08-31 18:08:54,090 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/e3b0c44298fc1c14_EC4D.tmp'
2024-08-31 18:08:54,097 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 0
2024-08-31 18:08:54,137 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 129971
2024-08-31 18:08:55,251 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'shots/0003.jpg'
2024-08-31 18:08:55,297 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 131570
2024-08-31 18:08:56,431 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'shots/0004.jpg'
2024-08-31 18:08:56,465 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 131731
2024-08-31 18:09:03,146 [cuckoo.core.guest] DEBUG: win7x6414: analysis #5160245 still processing
2024-08-31 18:09:18,231 [cuckoo.core.guest] DEBUG: win7x6414: analysis #5160245 still processing
2024-08-31 18:09:21,352 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'curtain/1725116961.34.curtain.log'
2024-08-31 18:09:21,362 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 36
2024-08-31 18:09:21,475 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'sysmon/1725116961.46.sysmon.xml'
2024-08-31 18:09:21,480 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 125622
2024-08-31 18:09:21,492 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/1f0d8dfbd8b2b9c0_isbew64.exe'
2024-08-31 18:09:21,503 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/13756acb877074ab_setup.ini'
2024-08-31 18:09:21,506 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 182008
2024-08-31 18:09:21,508 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 2426
2024-08-31 18:09:21,514 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/f4d34f1a19685b3b_rlgenuuid.dll'
2024-08-31 18:09:21,517 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 111880
2024-08-31 18:09:21,520 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/8075162db275eb52_default.pal'
2024-08-31 18:09:21,526 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 1168
2024-08-31 18:09:21,527 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/76f1ea07e20c8682_setup.inx'
2024-08-31 18:09:21,533 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/6bc8b89088427859_difxdata.ini'
2024-08-31 18:09:21,535 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 336333
2024-08-31 18:09:21,538 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 84
2024-08-31 18:09:21,540 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/ae32d5bec3b67d26_stringtable_0x0409.ips'
2024-08-31 18:09:21,543 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 68436
2024-08-31 18:09:21,546 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/44ae0f64805658e0_deleteprogram.ini'
2024-08-31 18:09:21,548 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 3585
2024-08-31 18:09:21,558 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/3de4d957ec015242__isuser_0x0409.dll'
2024-08-31 18:09:21,568 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 995328
2024-08-31 18:09:21,573 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/edde33ee0060f6ab_layout.bin'
2024-08-31 18:09:21,575 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 522
2024-08-31 18:09:21,587 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/3c34401c88fbc788_rlinstallertool.dll'
2024-08-31 18:09:21,627 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 1609776
2024-08-31 18:09:21,634 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/4b565ff53ce9c94d_physicpassv2.dll'
2024-08-31 18:09:21,638 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 86792
2024-08-31 18:09:21,642 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/a7e91b042ce33490_fontdata.ini'
2024-08-31 18:09:21,645 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 37
2024-08-31 18:09:21,650 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/f6d7bc8ca6550662_corecomp.ini'
2024-08-31 18:09:21,653 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 65503
2024-08-31 18:09:21,669 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/5c66505e6a91dd9d_setup.exe'
2024-08-31 18:09:21,687 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 1306888
2024-08-31 18:09:21,693 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/8b76df0ffc9a226b_0x0409.ini'
2024-08-31 18:09:21,695 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 22480
2024-08-31 18:09:21,698 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/52fd34835d8126a8_dotnetinstaller.exe'
2024-08-31 18:09:21,700 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 23816
2024-08-31 18:09:21,736 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/06e0b73201e0751c__isres_0x0409.dll'
2024-08-31 18:09:21,773 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 1863024
2024-08-31 18:09:21,780 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/7b5dd50792d07de9_shellex.ini'
2024-08-31 18:09:21,783 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 2954
2024-08-31 18:09:21,809 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/2ec0df10da10d8c1_data1.cab'
2024-08-31 18:09:21,851 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 3193970
2024-08-31 18:09:21,860 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/41754c80b64aa1ed_data1.hdr'
2024-08-31 18:09:21,864 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/44de8d0dc9994bff_vcruntime140.dll'
2024-08-31 18:09:21,867 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 76152
2024-08-31 18:09:21,869 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 152643
2024-08-31 18:09:21,871 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/5bc9a498ffccfc34_deleteprogram_trial2full.ini'
2024-08-31 18:09:21,872 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 109
2024-08-31 18:09:21,876 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/c7e5bdc4b79f7f8c_dotnetinstaller.exe.config'
2024-08-31 18:09:21,878 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 146
2024-08-31 18:09:21,886 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/4190f0a1306257ce_msvcp140.dll'
2024-08-31 18:09:21,892 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 436616
2024-08-31 18:09:21,894 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/124fdf2120a5a872_removecidlist.txt'
2024-08-31 18:09:21,896 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 64
2024-08-31 18:09:21,906 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/932e1155901e3eff_rlsetupvalidate.dll'
2024-08-31 18:09:21,924 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 1598416
2024-08-31 18:09:21,930 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/33bd128de55fdd95_end user license agreement.txt'
2024-08-31 18:09:21,932 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 7727
2024-08-31 18:09:21,943 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/b7c8ec591bb8c61c_issetup.dll'
2024-08-31 18:09:21,978 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 1628424
2024-08-31 18:09:21,984 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/2eaf09e8097478fa_productpasslite.dll'
2024-08-31 18:09:21,987 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 68048
2024-08-31 18:09:21,988 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/eefcb7fb1ce56e30_isrt.dll'
2024-08-31 18:09:21,992 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 432880
2024-08-31 18:09:22,004 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/f10f8e205cd56553_rlprotection.dll'
2024-08-31 18:09:22,006 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 95184
2024-08-31 18:09:22,010 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/0484337ab37f4aca_fileassociation.ini'
2024-08-31 18:09:22,012 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 12085
2024-08-31 18:09:22,323 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'shots/0005.jpg'
2024-08-31 18:09:22,355 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 133476
2024-08-31 18:09:22,373 [cuckoo.core.resultserver] DEBUG: Task #5160245 had connection reset for <Context for LOG>
2024-08-31 18:09:24,257 [cuckoo.core.guest] INFO: win7x6414: analysis completed successfully
2024-08-31 18:09:24,271 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2024-08-31 18:09:24,300 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2024-08-31 18:09:26,415 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6414 to path /srv/cuckoo/cwd/storage/analyses/5160245/memory.dmp
2024-08-31 18:09:26,417 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6414
2024-08-31 18:09:35,652 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.214 for task #5160245
2024-08-31 18:09:35,915 [cuckoo.core.scheduler] DEBUG: Released database task #5160245
2024-08-31 18:09:35,933 [cuckoo.core.scheduler] INFO: Task #5160245: analysis procedure completed
SIGNATURES
Yara rules detected for file (10 events)
description (no description) rule DebuggerCheck__QueryInfo description (no
description) rule ThreadControl__Context description Checks if being debugged
rule anti_dbg description Communications over HTTP rule network_http description
Communication using dga rule network_dga description Escalade priviledges rule
escalate_priv description Take screenshot rule screenshot description Create or
check mutex rule win_mutex description Affect system registries rule
win_registry description Affect system token rule win_token
Allocates read-write-execute memory (usually to unpack itself) (2 events)
Time & API Arguments Status Return Repeated
NtAllocateVirtualMemory
Aug. 31, 2024, 7:04 p.m. process_identifier: 788
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00c80000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
NtAllocateVirtualMemory
Aug. 31, 2024, 7:04 p.m. process_identifier: 788
region_size: 1077248
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x044c0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
This executable has a PDB path (1 event)
pdb_path C:\CodeBases\isdev\redist\Language Independent\i386\ISP\setup.pdb
The file contains an unknown PE resource name possibly indicative of a packer (2
events)
resource name GIF resource name PNG
One or more processes crashed (1 event)
Time & API Arguments Status Return Repeated
__exception__
Aug. 31, 2024, 7:04 p.m. stacktrace:
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d939 @ 0x76fcd939
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d7fc @ 0x76fcd7fc
LdrLoadDll+0x7b _strcmpi-0x305 ntdll+0x3c558 @ 0x76fcc558
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7297d4cf
LoadLibraryExW+0x1f1 LoadLibraryExA-0x37 kernelbase+0x12c95 @ 0x74a32c95
DllGetClassObject+0x1ef27 GetScriptEngine-0x58460 issetup+0x2c685 @ 0x7225c685
DllGetClassObject+0x5fbfb GetScriptEngine-0x1778c issetup+0x6d359 @ 0x7229d359
DllGetClassObject+0x554f1 GetScriptEngine-0x21e96 issetup+0x62c4f @ 0x72292c4f
DllGetClassObject+0x5ecd2 GetScriptEngine-0x186b5 issetup+0x6c430 @ 0x7229c430
DllGetClassObject+0x5f86c GetScriptEngine-0x17b1b issetup+0x6cfca @ 0x7229cfca
DllGetClassObject+0x5b7c7 GetScriptEngine-0x1bbc0 issetup+0x68f25 @ 0x72298f25
DllGetClassObject+0x28297 GetScriptEngine-0x4f0f0 issetup+0x359f5 @ 0x722659f5
DllGetClassObject+0x2866a GetScriptEngine-0x4ed1d issetup+0x35dc8 @ 0x72265dc8
DllGetClassObject+0x3acec GetScriptEngine-0x3c69b issetup+0x4844a @ 0x7227844a
DllGetClassObject+0x3aa5b GetScriptEngine-0x3c92c issetup+0x481b9 @ 0x722781b9
DllGetClassObject+0x13646 GetScriptEngine-0x63d41 issetup+0x20da4 @ 0x72250da4
DllGetClassObject+0xb5e0 GetScriptEngine-0x6bda7 issetup+0x18d3e @ 0x72248d3e
setup+0x164fc @ 0x13064fc
setup+0x17922 @ 0x1307922
setup+0x1c71a @ 0x130c71a
setup+0x20aeb @ 0x1310aeb
setup+0x4164d @ 0x133164d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76a933aa
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x76fc9f72
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x76fc9f45
exception.instruction_r: 89 08 50 45 43 6f 6d 70 61 63 74 32 00 00 00 00
exception.instruction: mov dword ptr [eax], ecx
exception.exception_code: 0xc0000005
exception.symbol: _ComponentViewQueryInfo+0xbed5a isrt+0x10f9f0
exception.address: 0x1010f9f0
registers.esp: 4054660
registers.edi: 4054872
registers.eax: 0
registers.ebp: 4054696
registers.edx: 32
registers.ebx: 1
registers.esi: 4054684
registers.ecx: 4054836
1 0 0
Queries the disk size which could be used to detect virtual machine with small
fixed size or dynamic allocation (13 events)
Time & API Arguments Status Return Repeated
GetDiskFreeSpaceW
Aug. 31, 2024, 7:04 p.m. number_of_free_clusters: 60035379
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 67031551
1 1 0
GetDiskFreeSpaceW
Aug. 31, 2024, 7:04 p.m. number_of_free_clusters: 60035379
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 67031551
1 1 0
GetDiskFreeSpaceW
Aug. 31, 2024, 7:04 p.m. number_of_free_clusters: 60035379
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: C:\
total_number_of_clusters: 67031551
1 1 0
GetDiskFreeSpaceW
Aug. 31, 2024, 7:04 p.m. number_of_free_clusters: 60035379
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: C:\
total_number_of_clusters: 67031551
1 1 0
GetDiskFreeSpaceW
Aug. 31, 2024, 7:04 p.m. number_of_free_clusters: 60035379
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: C:\
total_number_of_clusters: 67031551
1 1 0
GetDiskFreeSpaceW
Aug. 31, 2024, 7:04 p.m. number_of_free_clusters: 60035379
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: C:\
total_number_of_clusters: 67031551
1 1 0
GetDiskFreeSpaceW
Aug. 31, 2024, 7:04 p.m. number_of_free_clusters: 60035379
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: C:\
total_number_of_clusters: 67031551
1 1 0
GetDiskFreeSpaceW
Aug. 31, 2024, 7:04 p.m. number_of_free_clusters: 60035379
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: C:\
total_number_of_clusters: 67031551
1 1 0
GetDiskFreeSpaceW
Aug. 31, 2024, 7:04 p.m. number_of_free_clusters: 60035379
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: C:\
total_number_of_clusters: 67031551
1 1 0
GetDiskFreeSpaceW
Aug. 31, 2024, 7:04 p.m. number_of_free_clusters: 60035379
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: C:\
total_number_of_clusters: 67031551
1 1 0
GetDiskFreeSpaceW
Aug. 31, 2024, 7:04 p.m. number_of_free_clusters: 60035379
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: C:\
total_number_of_clusters: 67031551
1 1 0
GetDiskFreeSpaceExW
Aug. 31, 2024, 7:04 p.m. total_number_of_free_bytes: 245904912384
free_bytes_available: 245904912384
root_path: C:\
total_number_of_bytes: 274561232896
1 1 0
GetDiskFreeSpaceW
Aug. 31, 2024, 7:04 p.m. number_of_free_clusters: 60035379
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: C:\
total_number_of_clusters: 67031551
1 1 0
Creates executable files on the filesystem (4 events)
file
C:\Users\Administrator\AppData\Local\Temp\{59D04536-ECB1-41ED-88FB-C8C7784FB92A}\setup.exe
file
C:\Users\Administrator\AppData\Local\Temp\{59D04536-ECB1-41ED-88FB-C8C7784FB92A}\Disk1\ISSetup.dll
file
C:\Users\Administrator\AppData\Local\Temp\{59D04536-ECB1-41ED-88FB-C8C7784FB92A}\ISSetup.dll
file
C:\Users\Administrator\AppData\Local\Temp\{59D04536-ECB1-41ED-88FB-C8C7784FB92A}\Disk1\setup.exe
Queries for potentially installed applications (50 out of 54 events)
Time & API Arguments Status Return Repeated
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
base_handle: 0x80000002
key_handle: 0x00000150
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
base_handle: 0x80000002
key_handle: 0x00000150
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR
base_handle: 0x80000002
key_handle: 0x00000150
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
base_handle: 0x80000002
key_handle: 0x00000150
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection
Manager
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
base_handle: 0x80000002
key_handle: 0x00000150
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
base_handle: 0x80000002
key_handle: 0x00000150
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
base_handle: 0x80000002
key_handle: 0x00000150
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
base_handle: 0x80000002
key_handle: 0x00000150
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
base_handle: 0x80000002
key_handle: 0x00000150
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
base_handle: 0x80000002
key_handle: 0x00000150
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
base_handle: 0x80000002
key_handle: 0x00000150
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 41.0.2 (x86
en-US)
base_handle: 0x80000002
key_handle: 0x00000150
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla
Firefox 41.0.2 (x86 en-US)
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService
base_handle: 0x80000002
key_handle: 0x00000150
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pillow-py2.7
base_handle: 0x80000002
key_handle: 0x00000150
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pillow-py2.7
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
base_handle: 0x80000002
key_handle: 0x00000150
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
base_handle: 0x80000002
key_handle: 0x00000150
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}
base_handle: 0x80000002
key_handle: 0x00000150
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A656C6C-D24A-473F-9747-3A8D00907A03}
base_handle: 0x80000002
key_handle: 0x00000150
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A656C6C-D24A-473F-9747-3A8D00907A03}
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89B9E358-75C6-4C6B-BD38-803FF156CC4B}
base_handle: 0x80000002
key_handle: 0x00000150
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89B9E358-75C6-4C6B-BD38-803FF156CC4B}
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{904CD3A3-7A9D-4932-8316-95A7A6D2FB4A}
base_handle: 0x80000002
key_handle: 0x00000150
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{904CD3A3-7A9D-4932-8316-95A7A6D2FB4A}
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A90000000001}
base_handle: 0x80000002
key_handle: 0x00000150
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A90000000001}
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}
base_handle: 0x80000002
key_handle: 0x00000150
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}
base_handle: 0x80000002
key_handle: 0x00000000
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}
2 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
base_handle: 0x80000002
key_handle: 0x000001a4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
base_handle: 0x80000002
key_handle: 0x000001a4
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR
base_handle: 0x80000002
key_handle: 0x000001a4
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
base_handle: 0x80000002
key_handle: 0x000001a4
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection
Manager
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
base_handle: 0x80000002
key_handle: 0x000001a4
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
base_handle: 0x80000002
key_handle: 0x000001a4
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
base_handle: 0x80000002
key_handle: 0x000001a4
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
base_handle: 0x80000002
key_handle: 0x000001a4
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
base_handle: 0x80000002
key_handle: 0x000001a4
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
base_handle: 0x80000002
key_handle: 0x000001a4
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
base_handle: 0x80000002
key_handle: 0x000001a4
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 41.0.2 (x86
en-US)
base_handle: 0x80000002
key_handle: 0x000001a4
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla
Firefox 41.0.2 (x86 en-US)
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService
base_handle: 0x80000002
key_handle: 0x000001a4
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pillow-py2.7
base_handle: 0x80000002
key_handle: 0x000001a4
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pillow-py2.7
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
base_handle: 0x80000002
key_handle: 0x000001a4
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
base_handle: 0x80000002
key_handle: 0x000001a4
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}
base_handle: 0x80000002
key_handle: 0x000001a4
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A656C6C-D24A-473F-9747-3A8D00907A03}
base_handle: 0x80000002
key_handle: 0x000001a4
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A656C6C-D24A-473F-9747-3A8D00907A03}
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89B9E358-75C6-4C6B-BD38-803FF156CC4B}
base_handle: 0x80000002
key_handle: 0x000001a4
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89B9E358-75C6-4C6B-BD38-803FF156CC4B}
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{904CD3A3-7A9D-4932-8316-95A7A6D2FB4A}
base_handle: 0x80000002
key_handle: 0x000001a4
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{904CD3A3-7A9D-4932-8316-95A7A6D2FB4A}
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A90000000001}
base_handle: 0x80000002
key_handle: 0x000001a4
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A90000000001}
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}
base_handle: 0x80000002
key_handle: 0x000001a4
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}
base_handle: 0x80000002
key_handle: 0x00000000
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}
2 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
Software\Microsoft\Windows\CurrentVersion\Uninstall
base_handle: 0x80000002
key_handle: 0x000001e8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
1 0 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
Software\Microsoft\Windows\CurrentVersion\Uninstall
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020019
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall
2 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall
Information\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020019
regkey:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield
Uninstall Information\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}
2 0
RegOpenKeyExW
Aug. 31, 2024, 7:04 p.m. regkey_r:
Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall
Information\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}
base_handle: 0x80000002
key_handle: 0x00000000
options: 0
access: 0x00020019
regkey:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield
Uninstall Information\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}
2 0
Screenshots
Name Response Post-Analysis Lookup No hosts contacted.
IP Address Status Action VT Location No hosts contacted.
©2010-2018 Cuckoo Sandbox
Back to Top
Back to the top
©2010-2018 Cuckoo Sandbox
FEEDBACK
Expecting different results? Share this analysis report with us and we’ll
investigate it. Please include a brief message of what you had expected to see
and what you got instead.
Your name Your email
Your company
Include analysis
Include memory dump
Estimated report size: estimating...
Send feedback report
or cancel
We're processing your submission... This could take a few seconds.
Close