popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

HDggVMlF.exe

  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 March 12, 2021, 4:24 p.m. March 12, 2021, 4:25 p.m.
Size 112.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 6980f0a8333b9ebe6718c7142fc1b963
SHA256 3631857b05872e653e961bf5f6313b091860b76448c555cefa67741de18eaedc
CRC32 B55742C9
ssdeep 3072:KExRaQ6raoCoCyz6/mqv1JR+yBtGOeaeWgioq:faO1tme++wiX
Yara
  • PE_Header_Zero - PE File Signature Zero
  • network_http - Communications over HTTP
  • network_tcp_socket - Communications over RAW socket
  • network_dns - Communications use DNS
  • screenshot - Take screenshot
  • keylogger - Run a keylogger
  • win_mutex - Create or check mutex
  • win_registry - Affect system registries
  • win_files_operation - Affect private profile
  • Str_Win32_Winsock2_Library - Match Winsock 2 API library declaration
  • Str_Win32_Wininet_Library - Match Windows Inet API library declaration
  • Str_Win32_Internet_API - Match Windows Inet API call
  • Str_Win32_Http_API - Match Windows Http API call
  • IsPE32 - (no description)
  • IsWindowsGUI - (no description)
  • borland_delphi - Borland Delphi 2.0 - 7.0 / 2005 - 2007

Name Response Post-Analysis Lookup
validation.wootraining.certificacion.cl
A 200.73.113.241
200.73.113.241
IP Address Status Action
164.124.101.2 Active Moloch
200.73.113.241 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 200.73.113.241:80 -> 192.168.56.101:49198 2029138 ET MALWARE AZORult v3.3 Server Response M3 Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
registry HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section CODE
section DATA
section BSS
packer BobSoft Mini Delphi -> BoB / BobSoft
suspicious_features POST method with no referer header suspicious_request POST http://validation.wootraining.certificacion.cl/BvCu/index.php
request POST http://validation.wootraining.certificacion.cl/BvCu/index.php
request POST http://validation.wootraining.certificacion.cl/BvCu/index.php
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\et
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\_locales\pt_PT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma~RF3a15fe.TMP\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pl
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\da
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\FileTypePolicies\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\fil
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\fil
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\de
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\da
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Storage
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sl
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ta
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\te
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\th
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\nl
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sv
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\nb
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ko
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsRecentClosed
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7619.603.0.2_0\_locales\ru
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Download Service
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7619.603.0.2_0\_locales\ro
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\SwReporter\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\_locales\zh_CN
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ms
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ko
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\kn
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\km
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\lt
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ka
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\lv
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7619.603.0.2_0
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\pnacl\0.57.44.2492\_platform_specific\x86_64
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\_locales\hi
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\WidevineCdm
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\_locales\hu
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-localization-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-file-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-convert-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-synch-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-locale-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\nss3.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-heap-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-conio-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-utility-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-libraryloader-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-errorhandling-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-timezone-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\ucrtbase.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-datetime-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-stdio-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-synch-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\softokn3.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-multibyte-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-interlocked-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-runtime-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-util-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-string-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-file-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-memory-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-rtlsupport-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-string-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-environment-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-time-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\mozglue.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\freebl3.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-processthreads-l1-1-1.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-private-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-console-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-file-l2-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-heap-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\nssdbm3.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-processenvironment-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-filesystem-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-math-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-processthreads-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-sysinfo-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\vcruntime140.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-debug-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-profile-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-process-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\msvcp140.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-namedpipe-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-handle-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-synch-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-file-l2-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-locale-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-private-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-debug-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\nss3.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-namedpipe-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-libraryloader-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\freebl3.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\vcruntime140.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-environment-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-heap-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-time-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\mozglue.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-math-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-string-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-memory-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-sysinfo-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-util-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-localization-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-processthreads-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-filesystem-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\msvcp140.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-stdio-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\nssdbm3.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-errorhandling-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-utility-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-console-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-processthreads-l1-1-1.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-heap-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-file-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\ucrtbase.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-processenvironment-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-datetime-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-handle-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-timezone-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-synch-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-conio-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-file-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\softokn3.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-interlocked-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-profile-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-multibyte-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-rtlsupport-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-string-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-convert-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-runtime-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-process-l1-1-0.dll
Time & API Arguments Status Return Repeated

Process32FirstW

 snapshot_handle: 0x0000032c
process_name: [System Process]
process_identifier: 0
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: System
process_identifier: 4
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: smss.exe
process_identifier: 224
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: csrss.exe
process_identifier: 300
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: wininit.exe
process_identifier: 348
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: csrss.exe
process_identifier: 364
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: winlogon.exe
process_identifier: 396
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: services.exe
process_identifier: 440
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: lsass.exe
process_identifier: 456
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: lsm.exe
process_identifier: 464
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: svchost.exe
process_identifier: 568
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: svchost.exe
process_identifier: 640
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: svchost.exe
process_identifier: 700
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: svchost.exe
process_identifier: 776
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: svchost.exe
process_identifier: 824
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: audiodg.exe
process_identifier: 892
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: svchost.exe
process_identifier: 968
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: svchost.exe
process_identifier: 264
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: spoolsv.exe
process_identifier: 820
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: svchost.exe
process_identifier: 292
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: svchost.exe
process_identifier: 1192
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: srvany.exe
process_identifier: 1244
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: taskhost.exe
process_identifier: 1284
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: KMService.exe
process_identifier: 1324
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: conhost.exe
process_identifier: 1376
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: sppsvc.exe
process_identifier: 1800
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: svchost.exe
process_identifier: 1876
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: dwm.exe
process_identifier: 1496
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: explorer.exe
process_identifier: 1848
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: WmiPrvSE.exe
process_identifier: 1916
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: pw.exe
process_identifier: 2816
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: SearchIndexer.exe
process_identifier: 2940
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: SearchProtocolHost.exe
process_identifier: 1480
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: SearchFilterHost.exe
process_identifier: 3040
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: SearchProtocolHost.exe
process_identifier: 2120
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: mobsync.exe
process_identifier: 2064
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: pw.exe
process_identifier: 3060
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: taskhost.exe
process_identifier: 2764
1 1 0

Process32NextW

 snapshot_handle: 0x0000032c
process_name: HDggVMlF.exe
process_identifier: 2220
1 1 0
url https://ssl.pstatic.net/tveta/libs/1287/1287046/6df1cc02334922baa2d4_20200806172035021.jpg
url https://ssl.pstatic.net/static/pwe/common/img_use_mobile_version.png
url http://uk.ask.com/favicon.ico
url https://fonts.gstatic.com/s/lato/v16/S6uyw4BMUTPHjx4wWA.woff
url http://www.cnet.com/favicon.ico
url https://castbox.shopping.naver.com/js/lazyload.js
url https://s.pstatic.net/shopping.phinf/20200729_1/2931dd60-1842-4048-a39c-1e3389db4a0e.jpg
url https://ssl.pstatic.net/tveta/libs/1188/1188212/9cdbcc9ac7fa60c50050_20180131133417705.png
url http://search.hanafos.com/favicon.ico
url https://ssl.pstatic.net/tveta/libs/1298/1298853/743c01d46e807a376d99_20200730182507675.png
url https://s.pstatic.net/static/newsstand/2020/logo/light/0604/820.png
url https://file-examples-com.github.io/uploads/2017/02/file-sample_1MB.doc
url http://blogimgs.naver.com/nblog/skins/happybean/bg-head.gif
url http://www.amazon.co.jp/
url http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
url http://yellowpages.superpages.com/
url https://www.naver.com
url https://s.pstatic.net/shopping.phinf/20200806_26/3cad46ab-3fa4-4756-9e01-d61372890bd0.jpg
url https://s.pstatic.net/dthumb.phinf/?src=%22http%3A%2F%2Fstatic.naver.net%2Fwww%2Fmobile%2Fedit%2F2020%2F0804%2Fmobile_212629657646c.jpg%22
url https://my.sendinblue.com/public/theme/version4/assets/images/loader_sblue.gif
url https://ssl.pstatic.net/static/pwe/nm/sp_mail_setup_140716.png
url https://s.pstatic.net/shopping.phinf/20180206_26/7e09abe6-c90b-4dc0-b6ef-e8ab8e8c4967.jpg
url https://mail.naver.com/pv/sendresult.jsp?attachID=undefined
url https://s.pstatic.net/static/newsstand/2020/logo/light/0604/410.png
url http://search.msn.com/results.aspx?q=
url https://s.pstatic.net/shopping.phinf/20200731_21/4628ed28-27dc-4586-871c-f7f22524da89.jpg?type=f214_292
url https://s.pstatic.net/imgshopping/static/sb/js/sb/nclktagS01_v1.js?v=2020080314
url https://ssl.pstatic.net/tveta/libs/1299/1299024/c033376e145702a0a471_20200806171156016.jpg
url https://fonts.googleapis.com/css?family=Open
url https://s.pstatic.net/shopping.phinf/20180207_23/05fc533c-1c95-44ee-9dc3-bc32922cf0bb.jpg
url http://si.wikipedia.org/w/api.php?action=opensearch
url http://www.signatur.rtr.at/de/directory/cps.html0
url http://search.ebay.fr/
url https://s.pstatic.net/static/newsstand/2020/logo/light/0604/921.png
url https://file-examples.com/wp-content/themes/file-examples/vendor/font-awesome/fonts/fontawesome-webfont.eot?
url http://www.certplus.com/CRL/class3TS.crl0
url https://s.pstatic.net/shopping.phinf/20200603_16/34b72b79-bb6a-40b2-b35d-ae82e0ee5115.jpg
url http://it.wikipedia.org/favicon.ico
url http://uk.ask.com/
url https://fonts.gstatic.com/s/muli/v22/7Aulp_0qiz-aVz7u3PJLcUMYOFnOkEk30e4.woff
url https://s.pstatic.net/static/www/img/uit/2020/sp_shop.4e0461.png
url http://blogimgs.naver.com/blog20/blog/layout_photo/viewer2/btn_right.gif
url https://s.pstatic.net/static/www/mobile/edit/2018/0205/cropImg_166x108_118265607913773049.png
url http://search.ebay.co.uk/
url https://nid.naver.com/login/ext/deviceConfirm.nhn?svctype=1
url http://www.weather.com/
url https://fonts.gstatic.com/s/catamaran/v7/o-0bIpQoyXQa2RxT7-5B6Ryxs2E_6n1iPCbd5a7dvQ.woff
url http://www.news.com.au/favicon.ico
url http://blogimgs.naver.net/blog20/blog/layout_photo/viewer2/btn_right.gif
url https://s.pstatic.net/static/www/mobile/edit/2020/0806/cropImg_196x196_38636284969421088.jpeg
description Code injection with CreateRemoteThread in a remote process rule inject_thread
description Hijack network configuration rule hijack_network
description Create a windows service rule create_service
description Create a COM server rule create_com_service
description Communications over UDP network rule network_udp_sock
description Listen for incoming communication rule network_tcp_listen
description Communications over Toredo network rule network_toredo
description Communications over P2P network rule network_p2p_win
description Communications over HTTP rule network_http
description File downloader/dropper rule network_dropper
description Communications over FTP rule network_ftp
description Communications over RAW socket rule network_tcp_socket
description Communications use DNS rule network_dns
description Communication using dga rule network_dga
description Escalade priviledges rule escalate_priv
description Take screenshot rule screenshot
description Run a keylogger rule keylogger
description Steal credential rule cred_local
description Record Audio rule sniff_audio
description APC queue tasks migration rule migrate_apc
description Malware can spread east-west file rule spreading_file
description Malware can spread east-west using share drive rule spreading_share
description Create or check mutex rule win_mutex
description Affect system registries rule win_registry
description Affect system token rule win_token
description Affect private profile rule win_private_profile
description Affect private profile rule win_files_operation
description Match Winsock 2 API library declaration rule Str_Win32_Winsock2_Library
description Match Windows Inet API library declaration rule Str_Win32_Wininet_Library
description Match Windows Inet API call rule Str_Win32_Internet_API
description Match Windows Http API call rule Str_Win32_Http_API
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerCheck__RemoteAPI
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule DebuggerException__ConsoleCtrl
description (no description) rule DebuggerException__SetConsoleCtrl
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description (no description) rule Check_Dlls
description Checks if being debugged rule anti_dbg
description Anti-Sandbox checks for ThreatExpert rule antisb_threatExpert
description Bypass DEP rule disable_dep
description Affect hook table rule win_hook
Time & API Arguments Status Return Repeated

RegOpenKeyExA

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall
base_handle: 0x80000002
key_handle: 0x0000035c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
base_handle: 0x80000002
key_handle: 0x00000360
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
base_handle: 0x80000002
key_handle: 0x00000364
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
base_handle: 0x80000002
key_handle: 0x00000368
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
base_handle: 0x80000002
key_handle: 0x0000036c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
base_handle: 0x80000002
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
base_handle: 0x80000002
key_handle: 0x00000374
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus
base_handle: 0x80000002
key_handle: 0x00000378
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus
base_handle: 0x80000002
key_handle: 0x0000037c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE
base_handle: 0x80000002
key_handle: 0x00000380
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE
base_handle: 0x80000002
key_handle: 0x00000384
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
base_handle: 0x80000002
key_handle: 0x00000388
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
base_handle: 0x80000002
key_handle: 0x0000038c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
base_handle: 0x80000002
key_handle: 0x00000390
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
base_handle: 0x80000002
key_handle: 0x00000394
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean
base_handle: 0x80000002
key_handle: 0x00000398
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean
base_handle: 0x80000002
key_handle: 0x0000039c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\IE40
base_handle: 0x80000002
key_handle: 0x000003a0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE40
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\IE40
base_handle: 0x80000002
key_handle: 0x000003a4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE40
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
base_handle: 0x80000002
key_handle: 0x000003a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
base_handle: 0x80000002
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
base_handle: 0x80000002
key_handle: 0x000003b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
base_handle: 0x80000002
key_handle: 0x000003b4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\IEData
base_handle: 0x80000002
key_handle: 0x000003b8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IEData
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\IEData
base_handle: 0x80000002
key_handle: 0x000003bc
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IEData
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
base_handle: 0x80000002
key_handle: 0x000003c0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
base_handle: 0x80000002
key_handle: 0x000003c4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
base_handle: 0x80000002
key_handle: 0x000003c8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
base_handle: 0x80000002
key_handle: 0x000003cc
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\WIC
base_handle: 0x80000002
key_handle: 0x000003d0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WIC
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\WIC
base_handle: 0x80000002
key_handle: 0x000003d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WIC
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}
base_handle: 0x80000002
key_handle: 0x000003d8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}
base_handle: 0x80000002
key_handle: 0x000003dc
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}
base_handle: 0x80000002
key_handle: 0x000003e0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}
base_handle: 0x80000002
key_handle: 0x000003e4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
base_handle: 0x80000002
key_handle: 0x000003e8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
base_handle: 0x80000002
key_handle: 0x000003ec
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000003f0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000003f4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000003f8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000003fc
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000404
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000408
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x0000040c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000410
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000414
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000418
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x0000041c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000420
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000424
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}
1 0 0
registry HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString
file C:\Users\test22\AppData\Roaming\Adobe\wallets\wallet.dat
file C:\Users\test22\AppData\Roaming\EditPlus\wallets\wallet.dat
file C:\Users\test22\AppData\Roaming\EditPlus\wallet.dat
file C:\Users\test22\AppData\Roaming\Macromedia\wallet.dat
file C:\Users\test22\AppData\Roaming\Identities\wallets\wallet.dat
file C:\Users\test22\AppData\Roaming\Macromedia\wallets\wallet.dat
file C:\Users\test22\AppData\Roaming\wallets\wallet.dat
file C:\Users\test22\AppData\Roaming\HNC\wallet.dat
file C:\Users\test22\AppData\wallet.dat
file C:\Users\test22\AppData\Roaming\Microsoft\wallet.dat
file C:\Users\test22\AppData\Roaming\Microsoft\wallets\wallet.dat
file C:\Users\test22\AppData\Roaming\HNC\wallets\wallet.dat
file C:\Users\test22\AppData\Roaming\Identities\wallet.dat
file C:\Users\test22\AppData\wallets\wallet.dat
file C:\Users\test22\AppData\Roaming\wallet.dat
file C:\Users\test22\AppData\Roaming\Adobe\wallet.dat
file C:\Users\test22\AppData\Roaming\filezilla\recentservers.xml
registry HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions\
file C:\Users\test22\AppData\Roaming\.purple\accounts.xml
Time & API Arguments Status Return Repeated

RegQueryValueExW

 key_handle: 0x00000378
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: EditPlus
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000380
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Enterprise 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000390
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Chrome
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000398
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: 한컴오피스 한글 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000003d8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: HttpWatch Professional 9.3.39
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000003e0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: 한컴오피스 한글 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000003e8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Google Update Helper
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000003f0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Access MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000003f8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Excel MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000404
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office PowerPoint MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x0000040c
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Publisher MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000414
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Outlook MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x0000041c
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Word MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000424
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proof (English) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x0000042c
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proof (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000434
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office IME (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x0000043c
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proofing (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000444
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Enterprise 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x0000044c
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office InfoPath MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000454
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Shared MUI (English) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x0000045c
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Shared MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000464
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office OneNote MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x0000046c
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Groove MUI (English) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000474
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Groove Setup Metadata MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x0000047c
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe Flash Player 13 ActiveX
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000484
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe Flash Player 13 NPAPI
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x0000048c
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\DisplayName
1 0 0
registry HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
registry HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook
file C:\Users\test22\AppData\Roaming\Identities\.wallet
file C:\Users\test22\AppData\Roaming\Microsoft\wallets\.wallet
file C:\Users\test22\AppData\Roaming\Macromedia\wallets\.wallet
file C:\Users\test22\AppData\Roaming\HNC\.wallet
file C:\Users\test22\AppData\.wallet
file C:\Users\test22\AppData\Roaming\Identities\wallets\.wallet
file C:\Users\test22\AppData\Roaming\.wallet
file C:\Users\test22\AppData\Roaming\Macromedia\.wallet
file C:\Users\test22\AppData\Roaming\Adobe\wallets\.wallet
file C:\Users\test22\AppData\Roaming\EditPlus\wallets\.wallet
file C:\Users\test22\AppData\Roaming\Adobe\.wallet
file C:\Users\test22\AppData\Roaming\wallets\.wallet
file C:\Users\test22\AppData\wallets\.wallet
file C:\Users\test22\AppData\Roaming\EditPlus\.wallet
file C:\Users\test22\AppData\Roaming\HNC\wallets\.wallet
file C:\Users\test22\AppData\Roaming\Microsoft\.wallet
Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.PWS.Delf.INS
FireEye Generic.mg.6980f0a8333b9ebe
McAfee Trojan-FSEP!6980F0A8333B
Cylance Unsafe
Zillya Trojan.Delf.Win32.116381
SUPERAntiSpyware Trojan.Agent/Gen-Downloader
Sangfor Trojan.Win32.Save.a
K7AntiVirus Password-Stealer ( 0052f96e1 )
K7GW Password-Stealer ( 0052f96e1 )
Cybereason malicious.8333b9
Cyren W32/Delf_Troj.D.gen!Eldorado
APEX Malicious
ClamAV Win.Malware.Delf-6957976-0
Kaspersky Trojan-PSW.Win32.Coins.nav
BitDefender Trojan.PWS.Delf.INS
NANO-Antivirus Trojan.Win32.Stealer.fitdqk
Avast Win32:PWSX-gen [Trj]
Tencent Malware.Win32.Gencirc.10b0cde2
Ad-Aware Trojan.PWS.Delf.INS
TACHYON Trojan-PWS/W32.Azorult.114688
DrWeb Trojan.PWS.Stealer.24943
TrendMicro TrojanSpy.Win32.COINSTEAL.SMPIS
Emsisoft Trojan.PWS.Delf.INS (B)
SentinelOne Static AI - Suspicious PE
ESET-NOD32 Win32/PSW.Delf.OSF
Avira TR/Crypt.XPACK.Gen
Gridinsoft Trojan.Win32.Agent.vb!s1
Microsoft Trojan:Win32/Stimilina
GData Win32.Trojan-Stealer.KBot.B
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Delf.R260844
Acronis suspicious
BitDefenderTheta AI:Packer.F1D56E081D
ALYac Trojan.PWS.Delf.INS
MAX malware (ai score=88)
VBA32 TrojanPSW.Stealer
Malwarebytes Trojan.PasswordStealer
TrendMicro-HouseCall TrojanSpy.Win32.COINSTEAL.SMPIS
Rising Stealer.AZORult!1.B7AE (RDMK:cmRtazrKjzlYWUrz4B64t0OUQ5zA)
Yandex Trojan.GenAsa!zpkWsvf3gpo
Ikarus Trojan-PSW.Delf
Fortinet W32/PSW.DELF.OSF!tr
MaxSecure Trojan.Malware.300983.susgen
AVG Win32:PWSX-gen [Trj]
Panda Trj/Genetic.gen
CrowdStrike win/malicious_confidence_100% (D)
Qihoo-360 HEUR/QVM05.1.CF82.Malware.Gen