popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

downfile.asp

JPEG Format PE32 PNG Format PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 June 24, 2021, 6:51 p.m. June 24, 2021, 6:58 p.m.
Size 40.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 fe5e690adf7c29a5d31a7025667d24a7
SHA256 2c91fb8098b50b0a5a66ae21a3815596f7c9d18aacacf6871c4ee11a9aa2b781
CRC32 433E7F99
ssdeep 384:/TiLYZ+IWA2ERFWaqXzykEP5+L0OTe8xuchL3SKxnkEDWaqXzXERNYZ+IWA:/4Y4AzWv2kEPzOhLi8nkEDWvUY4A
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
www.ysbaojia.com
A 120.77.146.229
120.77.146.229
ip.ws.126.net
CNAME ipservice.163.com
A 59.111.181.52
59.111.181.52
img.ysbaojia.com
A 120.77.146.229
120.77.146.229
yin51.oss-cn-shenzhen.aliyuncs.com
A 120.77.166.9
120.77.166.9
IP Address Status Action
120.77.146.229 Active Moloch
120.77.166.9 Active Moloch
164.124.101.2 Active Moloch
59.111.181.52 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49222 -> 120.77.166.9:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49224 -> 120.77.166.9:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49220 -> 120.77.166.9:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49221 -> 120.77.166.9:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49225 -> 120.77.166.9:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49231 -> 120.77.166.9:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49238 -> 120.77.166.9:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49226 -> 120.77.166.9:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49229 -> 120.77.166.9:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49233 -> 120.77.166.9:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49234 -> 120.77.166.9:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49237 -> 120.77.166.9:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49240 -> 120.77.166.9:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49241 -> 120.77.166.9:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49243 -> 120.77.166.9:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49242 -> 120.77.166.9:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49245 -> 120.77.166.9:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49247 -> 120.77.166.9:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49255 -> 120.77.166.9:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49248 -> 120.77.166.9:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49246 -> 120.77.166.9:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49230 -> 120.77.166.9:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49251 -> 120.77.166.9:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49252 -> 120.77.166.9:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49254 -> 120.77.166.9:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49227 -> 120.77.166.9:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49250 -> 120.77.166.9:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49256 -> 120.77.166.9:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.101:49222
120.77.166.9:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45
TLSv1
192.168.56.101:49224
120.77.166.9:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45
TLSv1
192.168.56.101:49220
120.77.166.9:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45
TLSv1
192.168.56.101:49225
120.77.166.9:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45
TLSv1
192.168.56.101:49231
120.77.166.9:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45
TLSv1
192.168.56.101:49221
120.77.166.9:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45
TLSv1
192.168.56.101:49238
120.77.166.9:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45
TLSv1
192.168.56.101:49226
120.77.166.9:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45
TLSv1
192.168.56.101:49229
120.77.166.9:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45
TLSv1
192.168.56.101:49233
120.77.166.9:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45
TLSv1
192.168.56.101:49234
120.77.166.9:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45
TLSv1
192.168.56.101:49237
120.77.166.9:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45
TLSv1
192.168.56.101:49240
120.77.166.9:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45
TLSv1
192.168.56.101:49241
120.77.166.9:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45
TLSv1
192.168.56.101:49243
120.77.166.9:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45
TLSv1
192.168.56.101:49242
120.77.166.9:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45
TLSv1
192.168.56.101:49245
120.77.166.9:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45
TLSv1
192.168.56.101:49247
120.77.166.9:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45
TLSv1
192.168.56.101:49255
120.77.166.9:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45
TLSv1
192.168.56.101:49248
120.77.166.9:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45
TLSv1
192.168.56.101:49246
120.77.166.9:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45
TLSv1
192.168.56.101:49230
120.77.166.9:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45
TLSv1
192.168.56.101:49251
120.77.166.9:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45
TLSv1
192.168.56.101:49252
120.77.166.9:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45
TLSv1
192.168.56.101:49254
120.77.166.9:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45
TLSv1
192.168.56.101:49227
120.77.166.9:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45
TLSv1
192.168.56.101:49250
120.77.166.9:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45
TLSv1
192.168.56.101:49256
120.77.166.9:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x76a7b727
registers.esp: 1635248
registers.edi: 4998784
registers.eax: 1635248
registers.ebp: 1635328
registers.edx: 0
registers.ebx: 4998784
registers.esi: 4998784
registers.ecx: 2
1 0 0

__exception__

 stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x76a7b727
registers.esp: 1635248
registers.edi: 4998784
registers.eax: 1635248
registers.ebp: 1635328
registers.edx: 0
registers.ebx: 4998784
registers.esi: 4998784
registers.ecx: 2
1 0 0

__exception__

 stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x76a7b727
registers.esp: 1635248
registers.edi: 4998784
registers.eax: 1635248
registers.ebp: 1635328
registers.edx: 0
registers.ebx: 4998784
registers.esi: 4998784
registers.ecx: 2
1 0 0

__exception__

 stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x76a7b727
registers.esp: 1635248
registers.edi: 4998784
registers.eax: 1635248
registers.ebp: 1635328
registers.edx: 0
registers.ebx: 4998784
registers.esi: 4998784
registers.ecx: 2
1 0 0

__exception__

 stacktrace: 
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x76a7b727
registers.esp: 1635248
registers.edi: 4998784
registers.eax: 1635248
registers.ebp: 1635328
registers.edx: 0
registers.ebx: 4998784
registers.esi: 4998784
registers.ecx: 2
1 0 0
request GET http://ip.ws.126.net/ipquery
request GET http://img.ysbaojia.com/UpLoadFile/ysbaojia/2021052741999825.gif
request GET http://img.ysbaojia.com/uploadfile/ysbaojia/2021060454206521.png
request GET http://img.ysbaojia.com/uploadfile/ysbaojia/2021060454196765.png
request GET http://img.ysbaojia.com/uploadfile/ysbaojia/2021060454181909.png
request GET https://yin51.oss-cn-shenzhen.aliyuncs.com/832d6e3ca1e34a2cad9ae1910d24ed76.jpg
request GET https://yin51.oss-cn-shenzhen.aliyuncs.com/ca778b9e1cfe4927bd9d9de55897f620.jpg
request GET https://yin51.oss-cn-shenzhen.aliyuncs.com/a0678d2a589e4685bb89be9a1ce975c4.jpg
request GET https://yin51.oss-cn-shenzhen.aliyuncs.com/ed7f3a4231fb4f4888396036205cf14e.jpg
request GET https://yin51.oss-cn-shenzhen.aliyuncs.com/5d83174b67144967a237e92ee3910810.jpg
request GET https://yin51.oss-cn-shenzhen.aliyuncs.com/689d2feb54fa47f6a061125f41aab12e.jpg
request GET https://yin51.oss-cn-shenzhen.aliyuncs.com/a45d95c5f4e44745ba4d7ffb2152b88c.jpg
request GET https://yin51.oss-cn-shenzhen.aliyuncs.com/240324371b76426e8986ec808464a8a4.jpg
request GET https://yin51.oss-cn-shenzhen.aliyuncs.com/6b1724da4e8647228aa218953b3e6222.jpg
request GET https://yin51.oss-cn-shenzhen.aliyuncs.com/35ce0701de5a4e5685581ec75d38f6fb.jpg
request GET https://yin51.oss-cn-shenzhen.aliyuncs.com/d8de106ce42b4905b5075ce01574539d.jpg
request GET https://yin51.oss-cn-shenzhen.aliyuncs.com/e7a83bd62d9e4454ba6c53c9fa3ecce3.jpg
request GET https://yin51.oss-cn-shenzhen.aliyuncs.com/ebd192f67de14245ae7b6c4578fb49ec.jpg
request GET https://yin51.oss-cn-shenzhen.aliyuncs.com/d7d79f93101a40a5a639630be244b2af.jpg
request GET https://yin51.oss-cn-shenzhen.aliyuncs.com/951cc2ff23854497a4a3f3133beae08a.jpg
request GET https://yin51.oss-cn-shenzhen.aliyuncs.com/41125b5de744479b998760ab19e248e4.jpg
request GET https://yin51.oss-cn-shenzhen.aliyuncs.com/33d81a234a0e4f968b76d040a3fd2a91.jpg
request GET https://yin51.oss-cn-shenzhen.aliyuncs.com/e07fe52ed1264289b9279bcc71097cad.jpg
request GET https://yin51.oss-cn-shenzhen.aliyuncs.com/728fe764b03246cfba234e71f9f6ae01.png
request GET https://yin51.oss-cn-shenzhen.aliyuncs.com/ef0e8e181ae341a695ebbae0e9b1c67e.jpg
request GET https://yin51.oss-cn-shenzhen.aliyuncs.com/8f6308a882c54d6aad154f13f1360c21.jpg
request GET https://yin51.oss-cn-shenzhen.aliyuncs.com/af8598f2344a400db7746d86f16d0ff3.jpg
request GET https://yin51.oss-cn-shenzhen.aliyuncs.com/3e378a3499f94e9dbcd96b23c2dd285a.jpg
request GET https://yin51.oss-cn-shenzhen.aliyuncs.com/e7ac3b1c390c47b09fac27e5a0b1ccb3.jpg
request GET https://yin51.oss-cn-shenzhen.aliyuncs.com/ec5510fca80a466c8ec927654950fcdb.jpg
request GET https://yin51.oss-cn-shenzhen.aliyuncs.com/43693738c5a2491095900a6bf3366c17.jpg
request GET https://yin51.oss-cn-shenzhen.aliyuncs.com/546b634539cf4b0da7c07f42b61e355c.jpg
request GET https://yin51.oss-cn-shenzhen.aliyuncs.com/8c25e9478c8d4ea29873a51cb4d73f42.jpg
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72d72000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d60000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d60000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d60000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d61000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d62000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d63000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d63000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d63000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d63000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d63000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d63000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d63000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d64000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d64000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d64000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d64000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d64000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d65000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d65000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d65000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d66000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d66000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d67000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d67000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d67000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d67000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d67000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d67000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d67000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d68000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d68000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d68000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d68000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d68000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d68000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d68000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d68000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d68000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d68000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d68000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d68000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d69000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d69000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d69000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d69000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d69000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d69000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d69000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05d69000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13724745728
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13724745728
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13724626944
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13724626944
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13724520448
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13724520448
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13724409856
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13724409856
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13723836416
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13723836416
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13723656192
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13723656192
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13723340800
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13723340800
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13723340800
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13723189248
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13723189248
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13723037696
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13723037696
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13722959872
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13722959872
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13722841088
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13722841088
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13722734592
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13722734592
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13722603520
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13722603520
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13722603520
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13722484736
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13722484736
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 13723549696
free_bytes_available: 13723549696
root_path: C:\
total_number_of_bytes: 34252779520
1 1 0
name RT_VERSION language LANG_CHINESE filetype MS Windows COFF PowerPC object file sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00007180 size 0x000001f0
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\langSub[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\checklogin[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\myJSFrame[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\ad_right1[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\ad_right[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\main[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\public[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\leftitems[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\zDialog[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\Left1Index[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\initcity.v2[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\Toolbar[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\mainIndex[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\lang[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\index[1].js
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 24576
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x003e0000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

RegSetValueExA

 key_handle: 0x000002e8
regkey_r: ProxyEnable
reg_type: 4 (REG_DWORD)
value: 0
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
1 0 0
Time & API Arguments Status Return Repeated

SetWindowsHookExW

 thread_identifier: 0
callback_function: 0x00000000ffcdae10
hook_identifier: 13 (WH_KEYBOARD_LL)
module_address: 0x00000000ffc30000
1 2359847 0
Bkav W32.AIDetect.malware2
APEX Malicious
NANO-Antivirus Trojan.Win32.Dwn.hnzbqr
DrWeb Trojan.DownLoader28.2405
McAfee-GW-Edition BehavesLike.Win32.BadFile.pt
MaxSecure Trojan.Malware.8328286.susgen
Webroot W32.Trojan.Gen
Avira TR/Redcap.mzmhg
AegisLab Trojan.Win32.Generic.4!c
Cynet Malicious (score: 99)
VBA32 TScope.Trojan.VB
Malwarebytes Malware.AI.2058613972
Yandex Trojan.Redcap!spc//HP+Nts
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob