Summary | ZeroBOX

Expiry Notification July 21 2021.msg

DGA HTTP ScreenShot Escalate priviledges KeyLogger Internet API Http API MSOffice File AntiVM AntiDebug
Category Machine Started Completed
FILE s1_win7_x6403_us July 22, 2021, 3:58 a.m. July 22, 2021, 4 a.m.
Size 411.0KB
Type CDFV2 Microsoft Outlook Message
MD5 7d8b845525ad8e4f8450065bb2a606f7
SHA256 49b031c35834fb4f592c55ef9403fb449159c3ab14d5b9971f12196b00317ea9
CRC32 64855CD6
ssdeep 6144:NGbif8oZvDIGrY0Y2zuTvvo63EkVKwlu7xIQCuQYbY:NAoZ1r5YrvVEkV9lAnCuQY
Yara
  • Microsoft_Office_File_Zero - Microsoft Office File

Name Response Post-Analysis Lookup
outlook.linkedinlabs.com
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0
Time & API Arguments Status Return Repeated

CryptGenKey

crypto_handle: 0x0a6d0c88
algorithm_identifier: 0x00006610 ()
flags: 1
key: f þ”Œ/áœ/ÖѶºCO¨OdÂd@X7gBA^+ýÊZæˆ
provider_handle: 0x0a779fe0
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0a6d0c88
flags: 0
crypto_export_handle: 0x0a8b89a8
blob_type: 1
1 1 0

CryptExportKey

buffer: f¤f¢Å+Ãڈ¥“ Ѳ ŠyHÌb:Þ¬jg­Aw@X¼Ó¨}.?'ÿ+½"˜ï‰Hë×°k.Î+M-[ºítºÂvI5H.¿y ™íž‡ OCÄ44ß+©N‘Ž>k ù;ö>%ÒÃp%‹ÇÉ õ¾±¦XÎs(9Y¨ ?U9ûÜ­¿;†;ÉïÂ`jUáۜmù«ÏIŸÀЋ²,b€3*µ?•ôÿ{·Ü:¡Eq›}¯»÷VPŒWí¨ÌR9–ž/&ˆÐØâå9í‹êÕG¾®«§¢ûÀ-i_Ûú¿îb冏' PÁëžùu8(¤H,Rl
crypto_handle: 0x0a6d0c88
flags: 0
crypto_export_handle: 0x0a8b89a8
blob_type: 1
1 1 0
registry HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\15.0\Registration\{91150000-0011-0000-0000-0000000FF1CE}\DigitalProductID
registry HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

process_identifier: 1628
region_size: 40960
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00290000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 1628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x71fdf000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 1628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x76e38000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 1628
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x369f0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 1628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x769f0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 1628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 65536
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x369f0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 1628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x769e9000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 1628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 65536
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x369f0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 1628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x769f1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 1628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x769f7000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 1628
region_size: 2293760
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03ae0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 1628
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03cd0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 1628
region_size: 1245184
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03ae0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 1628
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03bd0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 1628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x6d094000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 1628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x6cd75000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 1628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x6cb51000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 1628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x6a542000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 1628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x6a438000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 1628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x6a343000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 1628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x69fda000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 1628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x689a1000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

process_identifier: 1628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x7ef70000
process_handle: 0xffffffff
1 0 0
description Communication using DGA rule Network_DGA
description Escalate priviledges rule Escalate_priviledges
description Run a KeyLogger rule KeyLogger
description Communications over HTTP rule Network_HTTP
description Match Windows Inet API call rule Str_Win32_Internet_API
description Take ScreenShot rule ScreenShot
description Match Windows Http API call rule Str_Win32_Http_API
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
description Affect hook table rule win_hook
Time & API Arguments Status Return Repeated

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x0002001f
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall
2 0

RegOpenKeyExW

regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall
base_handle: 0x80000002
key_handle: 0x00000224
options: 0
access: 0x0002001f
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
1 0 0

RegOpenKeyExW

regkey_r: 7-Zip
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
1 0 0

RegOpenKeyExW

regkey_r: AddressBook
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
1 0 0

RegOpenKeyExW

regkey_r: Adobe AIR
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR
1 0 0

RegOpenKeyExW

regkey_r: Connection Manager
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
1 0 0

RegOpenKeyExW

regkey_r: DirectDrawEx
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
1 0 0

RegOpenKeyExW

regkey_r: EditPlus
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus
1 0 0

RegOpenKeyExW

regkey_r: Fontcore
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
1 0 0

RegOpenKeyExW

regkey_r: Google Chrome
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
1 0 0

RegOpenKeyExW

regkey_r: Haansoft HWord 80 Korean
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean
1 0 0

RegOpenKeyExW

regkey_r: IE40
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40
1 0 0

RegOpenKeyExW

regkey_r: IE4Data
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
1 0 0

RegOpenKeyExW

regkey_r: IE5BAKEX
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
1 0 0

RegOpenKeyExW

regkey_r: IEData
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData
1 0 0

RegOpenKeyExW

regkey_r: MobileOptionPack
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
1 0 0

RegOpenKeyExW

regkey_r: Mozilla Thunderbird 78.4.0 (x86 ko)
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko)
1 0 0

RegOpenKeyExW

regkey_r: Office15.PROPLUSR
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office15.PROPLUSR
1 0 0

RegOpenKeyExW

regkey_r: Managed
base_handle: 0x0000077c
key_handle: 0x00000000
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office15.PROPLUSR\Managed
2 0

RegOpenKeyExW

regkey_r: SchedulingAgent
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
1 0 0

RegOpenKeyExW

regkey_r: WIC
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC
1 0 0

RegOpenKeyExW

regkey_r: {00203668-8170-44A0-BE44-B632FA4D780F}
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}
1 0 0

RegOpenKeyExW

regkey_r: {01B845D4-B73E-4CF7-A377-94BC7BB4F77B}
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}
1 0 0

RegOpenKeyExW

regkey_r: {1D91F7DA-F517-4727-9E62-B7EA978BE980}
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}
1 0 0

RegOpenKeyExW

regkey_r: {26A24AE4-039D-4CA4-87B4-2F32180131F0}
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180131F0}
1 0 0

RegOpenKeyExW

regkey_r: {4A03706F-666A-4037-7777-5F2748764D10}
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
1 0 0

RegOpenKeyExW

regkey_r: {60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-0015-0409-0000-0000000FF1CE}
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0015-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-0016-0409-0000-0000000FF1CE}
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0016-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-0018-0409-0000-0000000FF1CE}
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0018-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-0019-0409-0000-0000000FF1CE}
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0019-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-001A-0409-0000-0000000FF1CE}
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001A-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-001B-0409-0000-0000000FF1CE}
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001B-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-001F-0409-0000-0000000FF1CE}
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-001F-040C-0000-0000000FF1CE}
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-040C-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-001F-0C0A-0000-0000000FF1CE}
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-0C0A-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-002C-0409-0000-0000000FF1CE}
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-002C-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-0044-0409-0000-0000000FF1CE}
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0044-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-006E-0409-0000-0000000FF1CE}
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-006E-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-0090-0409-0000-0000000FF1CE}
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0090-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-00A1-0409-0000-0000000FF1CE}
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00A1-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-00BA-0409-0000-0000000FF1CE}
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00BA-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-00E1-0409-0000-0000000FF1CE}
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00E1-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-00E2-0409-0000-0000000FF1CE}
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00E2-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-0115-0409-0000-0000000FF1CE}
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0115-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-0117-0409-0000-0000000FF1CE}
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0117-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-012B-0409-0000-0000000FF1CE}
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-012B-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {91150000-0011-0000-0000-0000000FF1CE}
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{91150000-0011-0000-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {939659F3-71D2-461F-B24D-91D05A4389B4}
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}
1 0 0

RegOpenKeyExW

regkey_r: {9B84A461-3B4C-40E2-B44F-CE22E215EE40}
base_handle: 0x00000224
key_handle: 0x0000077c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}
1 0 0
description OUTLOOK.EXE tried to sleep 19097262 seconds, actually delayed analysis time by 19097262 seconds
file C:\Users\test22\Documents\Outlook 파일\Outlook.pst
registry HKEY_LOCAL_MACHINE\Software\Clients\Mail
registry HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\895ec115e2316441863d8a4effbd8f5b\001e3001
Time & API Arguments Status Return Repeated

InternetCrackUrlW

url: https://outlook.linkedinlabs.com/osc/capabilities
flags: 0
1 1 0

HttpOpenRequestW

connect_handle: 0x00cc0008
http_version: HTTP/1.1
flags: 8388608
http_method: GET
referer:
path: /osc/capabilities?lang=en-US&ver=15.4420
1 13369356 0
file C:\Program Files (x86)\Internet Explorer\iexplore.exe
file c:\program files\internet explorer\iexplore.exe