popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

eli.exe

Gen1 Malicious Library UPX Malicious Packer PE File OS Processor Check PE32 DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Aug. 21, 2021, 8:50 a.m. Aug. 21, 2021, 8:59 a.m.
Size 112.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 70ded05d874a95b1b3027c1e97b16287
SHA256 aca7a7d812ac2192255aa3d47477f13b05963da0383e459d6b09d1630cd11aae
CRC32 C76E33EE
ssdeep 3072:KExRaQ6raoCoCyz6/mqv1JR+yBtGOeaeWgibq:faO1tme++wi2
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • Malicious_Packer_Zero - Malicious Packer

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch
212.192.246.242 Active Moloch

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
registry HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section CODE
section DATA
section BSS
packer BobSoft Mini Delphi -> BoB / BobSoft
suspicious_features POST method with no referer header, Connection to IP address suspicious_request POST http://212.192.246.242/rut/index.php
request POST http://212.192.246.242/rut/index.php
request POST http://212.192.246.242/rut/index.php
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Module Info Cache\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\WidevineCdm\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\FileTypePolicies\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\FileTypePolicies\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\SwReporter\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Floc\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\TLSDeprecationConfig\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\PepperFlash\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\RecoveryImproved\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\FontLookupTableCache\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\WidevineCdm\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\RecoveryImproved\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\PnaclTranslationCache\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\GrShaderCache\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\SafetyTips\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\ZxcvbnData\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Channel IDs-journal\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\SwReporter\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\First Run\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Last Browser\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\MEIPreload\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crowd Deny\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Last Version\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Channel IDs\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Channel IDs-journal\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\TLSDeprecationConfig\Cookies
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-localization-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-file-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-convert-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-synch-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-locale-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\nss3.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-heap-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-conio-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-utility-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-libraryloader-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-errorhandling-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-timezone-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\ucrtbase.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-datetime-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-stdio-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-synch-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\softokn3.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-multibyte-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-interlocked-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-runtime-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-util-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-string-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-file-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-memory-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-rtlsupport-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-string-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-environment-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-time-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\mozglue.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\freebl3.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-processthreads-l1-1-1.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-private-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-console-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-file-l2-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-heap-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\nssdbm3.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-processenvironment-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-filesystem-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-math-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-processthreads-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-sysinfo-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\vcruntime140.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-debug-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-profile-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-process-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\msvcp140.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-namedpipe-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-handle-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-synch-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-file-l2-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-locale-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-private-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-debug-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\nss3.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-namedpipe-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-libraryloader-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\freebl3.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\vcruntime140.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-environment-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-heap-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-time-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\mozglue.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-math-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-string-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-memory-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-sysinfo-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-util-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-localization-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-processthreads-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-filesystem-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\msvcp140.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-stdio-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\nssdbm3.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-errorhandling-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-utility-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-console-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-processthreads-l1-1-1.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-heap-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-file-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\ucrtbase.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-processenvironment-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-datetime-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-handle-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-timezone-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-synch-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-conio-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-file-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\softokn3.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-interlocked-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-profile-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-multibyte-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-rtlsupport-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-string-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-convert-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-runtime-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-process-l1-1-0.dll
Time & API Arguments Status Return Repeated

Process32NextW

 snapshot_handle: 0x00000314
process_name: smss.exe
process_identifier: 228
1 1 0

Process32NextW

 snapshot_handle: 0x00000314
process_name: csrss.exe
process_identifier: 308
1 1 0

Process32NextW

 snapshot_handle: 0x00000314
process_name: csrss.exe
process_identifier: 368
1 1 0

Process32NextW

 snapshot_handle: 0x00000314
process_name: winlogon.exe
process_identifier: 412
1 1 0

Process32NextW

 snapshot_handle: 0x00000314
process_name: services.exe
process_identifier: 448
1 1 0

Process32NextW

 snapshot_handle: 0x00000314
process_name: lsm.exe
process_identifier: 472
1 1 0

Process32NextW

 snapshot_handle: 0x00000314
process_name: svchost.exe
process_identifier: 584
1 1 0

Process32NextW

 snapshot_handle: 0x00000314
process_name: svchost.exe
process_identifier: 660
1 1 0

Process32NextW

 snapshot_handle: 0x00000314
process_name: svchost.exe
process_identifier: 736
1 1 0

Process32NextW

 snapshot_handle: 0x00000314
process_name: svchost.exe
process_identifier: 852
1 1 0

Process32NextW

 snapshot_handle: 0x00000314
process_name: audiodg.exe
process_identifier: 912
1 1 0

Process32NextW

 snapshot_handle: 0x00000314
process_name: svchost.exe
process_identifier: 1004
1 1 0

Process32NextW

 snapshot_handle: 0x00000314
process_name: svchost.exe
process_identifier: 312
1 1 0

Process32NextW

 snapshot_handle: 0x00000314
process_name: spoolsv.exe
process_identifier: 1032
1 1 0

Process32NextW

 snapshot_handle: 0x00000314
process_name: svchost.exe
process_identifier: 1072
1 1 0

Process32NextW

 snapshot_handle: 0x00000314
process_name: taskhost.exe
process_identifier: 1140
1 1 0

Process32NextW

 snapshot_handle: 0x00000314
process_name: dwm.exe
process_identifier: 1204
1 1 0

Process32NextW

 snapshot_handle: 0x00000314
process_name: explorer.exe
process_identifier: 1236
1 1 0

Process32NextW

 snapshot_handle: 0x00000314
process_name: svchost.exe
process_identifier: 1432
1 1 0

Process32NextW

 snapshot_handle: 0x00000314
process_name: IMEDICTUPDATE.EXE
process_identifier: 1476
1 1 0

Process32NextW

 snapshot_handle: 0x00000314
process_name: svchost.exe
process_identifier: 1844
1 1 0

Process32NextW

 snapshot_handle: 0x00000314
process_name: pw.exe
process_identifier: 1996
1 1 0

Process32NextW

 snapshot_handle: 0x00000314
process_name: SearchIndexer.exe
process_identifier: 748
1 1 0

Process32NextW

 snapshot_handle: 0x00000314
process_name: taskeng.exe
process_identifier: 2932
1 1 0

Process32NextW

 snapshot_handle: 0x00000314
process_name: WmiPrvSE.exe
process_identifier: 2160
1 1 0

Process32NextW

 snapshot_handle: 0x00000314
process_name: svchost.exe
process_identifier: 2196
1 1 0

Process32NextW

 snapshot_handle: 0x00000314
process_name: mobsync.exe
process_identifier: 2112
1 1 0

Process32NextW

 snapshot_handle: 0x00000314
process_name: pw.exe
process_identifier: 2568
1 1 0

Process32NextW

 snapshot_handle: 0x00000314
process_name: taskhost.exe
process_identifier: 328
1 1 0

Process32NextW

 snapshot_handle: 0x00000314
process_name: SearchFilterHost.exe
process_identifier: 1052
1 1 0

Process32NextW

 snapshot_handle: 0x00000314
process_name: eli.exe
process_identifier: 2480
1 1 0
Time & API Arguments Status Return Repeated

RegOpenKeyExA

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall
base_handle: 0x80000002
key_handle: 0x00000358
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
base_handle: 0x80000002
key_handle: 0x0000035c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
base_handle: 0x80000002
key_handle: 0x00000360
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
base_handle: 0x80000002
key_handle: 0x00000364
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
base_handle: 0x80000002
key_handle: 0x00000368
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR
base_handle: 0x80000002
key_handle: 0x0000036c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR
base_handle: 0x80000002
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
base_handle: 0x80000002
key_handle: 0x00000374
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
base_handle: 0x80000002
key_handle: 0x00000378
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
base_handle: 0x80000002
key_handle: 0x0000037c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
base_handle: 0x80000002
key_handle: 0x00000380
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus
base_handle: 0x80000002
key_handle: 0x00000384
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus
base_handle: 0x80000002
key_handle: 0x00000388
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\ePageSafer
base_handle: 0x80000002
key_handle: 0x0000038c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ePageSafer
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\ePageSafer
base_handle: 0x80000002
key_handle: 0x00000390
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ePageSafer
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
base_handle: 0x80000002
key_handle: 0x00000394
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
base_handle: 0x80000002
key_handle: 0x00000398
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
base_handle: 0x80000002
key_handle: 0x0000039c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
base_handle: 0x80000002
key_handle: 0x000003a0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean
base_handle: 0x80000002
key_handle: 0x000003a4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean
base_handle: 0x80000002
key_handle: 0x000003a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\IE40
base_handle: 0x80000002
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE40
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\IE40
base_handle: 0x80000002
key_handle: 0x000003b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE40
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
base_handle: 0x80000002
key_handle: 0x000003b4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
base_handle: 0x80000002
key_handle: 0x000003b8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
base_handle: 0x80000002
key_handle: 0x000003bc
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
base_handle: 0x80000002
key_handle: 0x000003c0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\IEData
base_handle: 0x80000002
key_handle: 0x000003c4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IEData
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\IEData
base_handle: 0x80000002
key_handle: 0x000003c8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IEData
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
base_handle: 0x80000002
key_handle: 0x000003cc
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
base_handle: 0x80000002
key_handle: 0x000003d0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko)
base_handle: 0x80000002
key_handle: 0x000003d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko)
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko)
base_handle: 0x80000002
key_handle: 0x000003d8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko)
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUS
base_handle: 0x80000002
key_handle: 0x000003dc
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUS
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUS
base_handle: 0x80000002
key_handle: 0x000003e0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUS
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
base_handle: 0x80000002
key_handle: 0x000003e4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
base_handle: 0x80000002
key_handle: 0x000003e8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\TouchEn nxKey
base_handle: 0x80000002
key_handle: 0x000003ec
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\TouchEn nxKey
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\TouchEn nxKey
base_handle: 0x80000002
key_handle: 0x000003f0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\TouchEn nxKey
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\UnINISafeWeb
base_handle: 0x80000002
key_handle: 0x000003f4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnINISafeWeb
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\UnINISafeWeb
base_handle: 0x80000002
key_handle: 0x000003f8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnINISafeWeb
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\UnINISafeWeb6
base_handle: 0x80000002
key_handle: 0x000003fc
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnINISafeWeb6
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\UnINISafeWeb6
base_handle: 0x80000002
key_handle: 0x00000404
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnINISafeWeb6
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\WIC
base_handle: 0x80000002
key_handle: 0x00000408
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WIC
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\WIC
base_handle: 0x80000002
key_handle: 0x0000040c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WIC
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}
base_handle: 0x80000002
key_handle: 0x00000410
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}
base_handle: 0x80000002
key_handle: 0x00000414
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}
base_handle: 0x80000002
key_handle: 0x00000418
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}
base_handle: 0x80000002
key_handle: 0x0000041c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{1CBD185A-9CB3-4f30-B7E4-75CC551455F9}_is1
base_handle: 0x80000002
key_handle: 0x00000420
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1CBD185A-9CB3-4f30-B7E4-75CC551455F9}_is1
1 0 0
host 212.192.246.242
registry HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString
file C:\Users\test22\AppData\Roaming\filezilla\recentservers.xml
registry HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions\
file C:\Users\test22\AppData\Roaming\.purple\accounts.xml
Time & API Arguments Status Return Repeated

RegQueryValueExW

 key_handle: 0x0000035c
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: 7-Zip 20.02 alpha
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x0000036c
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe AIR
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000384
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: EditPlus
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x0000038c
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: MarkAny Inc. e-PageSafer V2.5 NoAX ( Basic )_2.5.1.18
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ePageSafer\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x0000039c
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Chrome
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000003a4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: 한컴오피스 한글 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000003d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Mozilla Thunderbird 78.4.0 (x86 ko)
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko)\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000003dc
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Professional Plus 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUS\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000003ec
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: TouchEn nxKey with E2E for 32bit
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\TouchEn nxKey\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000003f4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: INISafeWeb 5.0
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\UnINISafeWeb\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000003fc
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: INISafeWeb 6.0
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\UnINISafeWeb6\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000410
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe AIR
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000418
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: HttpWatch Professional 9.3.39
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000420
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Delfino G3 (x86) version 3.6.6.5
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1CBD185A-9CB3-4f30-B7E4-75CC551455F9}_is1\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000428
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: 한컴오피스 한글 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000430
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000438
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Java 8 Update 131
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180131F0}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000440
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Java Auto Updater
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000448
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: G2BRUN
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5BEFEB79-2B4D-4EEE-9979-AFDE0A20FADE}_is1\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000450
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Google Update Helper
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000458
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: WIZVERA Process Manager 1,0,5,4
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8941A397-4065-4F41-92CE-0EB610846EED}_is1\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000460
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Professional Plus 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000468
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Access MUI (Korean) 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0015-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000470
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Excel MUI (Korean) 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0016-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000478
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office PowerPoint MUI (Korean) 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0018-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000480
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Publisher MUI (Korean) 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0019-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000488
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Outlook MUI (Korean) 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001A-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000490
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Word MUI (Korean) 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001B-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000498
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proof (English) 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000004a0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proof (Korean) 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000004a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office IME (Korean) 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0028-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000004b0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proofing (Korean) 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000004b8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office InfoPath MUI (Korean) 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0044-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000004c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Shared MUI (Korean) 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000004c8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office OneNote MUI (Korean) 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00A1-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000004d0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Groove MUI (Korean) 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00BA-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000004d8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe Flash Player 13 ActiveX
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000004e0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe Flash Player 13 NPAPI
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000004e8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe Acrobat Reader DC MUI
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000004f8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000500
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: iniLINE CrossEX Service
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\iniLINE_CrossEX\DisplayName
1 0 0
registry HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
registry HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook
Bkav W32.RultalinaTZ.Trojan
Lionic Trojan.Win32.Lmir.laiL
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
CAT-QuickHeal Trojan.GandcrabIH.S17569987
ALYac Trojan.GenericKD.36706914
Malwarebytes Spyware.AzorUlt
Zillya Trojan.Delf.Win32.116381
Sangfor Trojan.Win32.Save.a
K7AntiVirus Password-Stealer ( 0052f96e1 )
Alibaba TrojanPSW:Win32/Coins.078ffd84
K7GW Password-Stealer ( 0052f96e1 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.Generic.D2301A62
Cyren W32/Delf_Troj.D.gen!Eldorado
Symantec Infostealer.Rultazo
ESET-NOD32 Win32/PSW.Delf.OSF
APEX Malicious
Paloalto generic.ml
ClamAV Win.Malware.Delf-6957976-0
Kaspersky Trojan-PSW.Win32.Coins.nav
BitDefender Trojan.GenericKD.36706914
NANO-Antivirus Trojan.Win32.Stealer.fitdqk
MicroWorld-eScan Trojan.GenericKD.36706914
Avast Win32:PWSX-gen [Trj]
Tencent Malware.Win32.Gencirc.10b0cde2
Ad-Aware Trojan.GenericKD.36706914
Sophos Mal/Generic-S
DrWeb Trojan.PWS.Stealer.24943
TrendMicro TrojanSpy.Win32.COINSTEAL.SMPIS
McAfee-GW-Edition BehavesLike.Win32.Dropper.ch
FireEye Generic.mg.70ded05d874a95b1
Emsisoft Trojan-PSW.Delf (A)
Ikarus Win32.Outbreak
Jiangmin Trojan.PSW.Generic.crd
Avira TR/Crypt.XPACK.Gen
Kingsoft Win32.PSWTroj.Coins.n.(kcloud)
Gridinsoft Trojan.Win32.Agent.vb!s1
Microsoft Trojan:Win32/Stimilina
SUPERAntiSpyware Trojan.Agent/Gen-Downloader
GData Win32.Trojan-Stealer.KBot.B
TACHYON Trojan-PWS/W32.Azorult.114688
AhnLab-V3 Trojan/Win32.Delf.R260844
Acronis suspicious
McAfee Trojan-FSEP!70DED05D874A
MAX malware (ai score=100)
VBA32 TrojanPSW.Stealer
Cylance Unsafe
TrendMicro-HouseCall TrojanSpy.Win32.COINSTEAL.SMPIS
Rising Stealer.AZORult!1.B7AE (CLASSIC)