Analysis Report

Monitored Processes

Behavior Information - Grouped by Category

Process #1: explorer pro.exe

(Host: 234, Network: 0)

Information	Value
ID / OS PID	#1 / 0x514
OS Parent PID	0x470 (c:\windows\explorer.exe)
Initial Working Directory	C:\Users\DSsDPMx042\Desktop
File Name	c:\users\dssdpmx042\desktop\explorer pro.exe
Command Line	"C:\Users\DSsDPMx042\Desktop\Explorer Pro.exe"
Monitor	Start Time: 00:00:12, Reason: Analysis Target
Unmonitor	End Time: 00:00:23, Reason: Terminated
Monitor Duration	00:00:11
OS Thread IDs	#1 0x5D4 #2 0x4F4 #3 0x510 #4 0x494 #5 0x5EC #6 0x60C #7 0x3BC #8 0x3C4 #9 0x16C #10 0x718 #11 0x704 #12 0x4C4 #13 0x394 #14 0x118 #15 0x180 #16 0x4CC #17 0x7A8 #18 0x5A0 #19 0x5E4 #20 0x698 #21 0x634 #22 0x614 #23 0x658 #24 0x65C #25 0x498 #26 0x5C4

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000010000	0x00010000	0x0002ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000000020000	0x00020000	0x00020fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000030000	0x00030000	0x0012ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000130000	0x00130000	0x00133fff	Pagefile Backed Memory	Readable	Region Actions
locale.nls	0x00140000	0x001a6fff	Memory Mapped File	Readable	Region Actions
pagefile_0x00000000001b0000	0x001b0000	0x00277fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000280000	0x00280000	0x00280fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000290000	0x00290000	0x00291fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000002a0000	0x002a0000	0x002affff	Private Memory	Readable, Writable	Region Actions
private_0x00000000002b0000	0x002b0000	0x002b0fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000002c0000	0x002c0000	0x002c0fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000002d0000	0x002d0000	0x003cffff	Private Memory	Readable, Writable	Region Actions
private_0x00000000003d0000	0x003d0000	0x003d0fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000003e0000	0x003e0000	0x003e0fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000003f0000	0x003f0000	0x003f0fff	Private Memory	Readable, Writable	Region Actions
Explorer Pro.exe	0x00400000	0x007aafff	Memory Mapped File	Readable, Writable, Executable	Region Actions Download
pagefile_0x00000000007b0000	0x007b0000	0x008b0fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x00000000008c0000	0x008c0000	0x014bffff	Pagefile Backed Memory	Readable	Region Actions
private_0x00000000014c0000	0x014c0000	0x015b8fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000015c0000	0x015c0000	0x015cffff	Private Memory	Readable, Writable	Region Actions
private_0x00000000015c0000	0x015c0000	0x015cffff	Private Memory	Readable, Writable	Region Actions
private_0x00000000015c0000	0x015c0000	0x015c0fff	Private Memory	Readable, Writable	Region Actions
pagefile_0x00000000015d0000	0x015d0000	0x015d6fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x00000000015e0000	0x015e0000	0x015e1fff	Pagefile Backed Memory	Readable, Writable	Region Actions
msvfw32.dll.mui	0x015f0000	0x015f1fff	Memory Mapped File	Readable, Writable	Region Actions
avicap32.dll.mui	0x01600000	0x01601fff	Memory Mapped File	Readable, Writable	Region Actions
private_0x0000000001610000	0x01610000	0x01640fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001610000	0x01610000	0x01610fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000001650000	0x01650000	0x01650fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001660000	0x01660000	0x0166ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001660000	0x01660000	0x01660fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001670000	0x01670000	0x0167ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001680000	0x01680000	0x0177ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001780000	0x01780000	0x0187ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001880000	0x01880000	0x0197ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001980000	0x01980000	0x01a7ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001a80000	0x01a80000	0x01b7ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001b80000	0x01b80000	0x01c7ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001c80000	0x01c80000	0x01d7ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001d80000	0x01d80000	0x01e7ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001e80000	0x01e80000	0x01f7ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000001f80000	0x01f80000	0x0207ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002080000	0x02080000	0x0217ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002180000	0x02180000	0x0227ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002280000	0x02280000	0x0237ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002380000	0x02380000	0x0247ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002480000	0x02480000	0x0257ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002580000	0x02580000	0x0267ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002680000	0x02680000	0x0277ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002780000	0x02780000	0x0287ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002880000	0x02880000	0x0297ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002980000	0x02980000	0x02a7ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002a80000	0x02a80000	0x02b7ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002b80000	0x02b80000	0x02c7ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002c80000	0x02c80000	0x02d7ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002d80000	0x02d80000	0x02e7ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000002e80000	0x02e80000	0x02f7ffff	Private Memory	Readable, Writable	Region Actions
SortDefault.nls	0x02f80000	0x0324efff	Memory Mapped File	Readable	Region Actions
pagefile_0x0000000003250000	0x03250000	0x0365ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000003250000	0x03250000	0x0326afff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003270000	0x03270000	0x03271fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003280000	0x03280000	0x0328ffff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003290000	0x03290000	0x03290fff	Private Memory	Readable, Writable	Region Actions
private_0x00000000032a0000	0x032a0000	0x032a0fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000032b0000	0x032b0000	0x032b0fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000032c0000	0x032c0000	0x032c1fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000032d0000	0x032d0000	0x032d1fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000032e0000	0x032e0000	0x032e1fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000032f0000	0x032f0000	0x032f0fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003300000	0x03300000	0x03300fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003310000	0x03310000	0x03310fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003320000	0x03320000	0x03320fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003330000	0x03330000	0x0336ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003370000	0x03370000	0x0346ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003470000	0x03470000	0x03470fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003480000	0x03480000	0x03480fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003490000	0x03490000	0x03490fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000034a0000	0x034a0000	0x034a0fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000034b0000	0x034b0000	0x034b0fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000034c0000	0x034c0000	0x034c0fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000034d0000	0x034d0000	0x034d0fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000034e0000	0x034e0000	0x034e0fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000034f0000	0x034f0000	0x034f1fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003500000	0x03500000	0x03500fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003510000	0x03510000	0x03510fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003520000	0x03520000	0x03520fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003530000	0x03530000	0x03531fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003540000	0x03540000	0x03540fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003550000	0x03550000	0x03550fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003560000	0x03560000	0x03560fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003570000	0x03570000	0x03570fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003580000	0x03580000	0x03580fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003590000	0x03590000	0x03590fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000035a0000	0x035a0000	0x035a0fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000035b0000	0x035b0000	0x035b0fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000035c0000	0x035c0000	0x035c0fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000035d0000	0x035d0000	0x035d0fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000035e0000	0x035e0000	0x035e0fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000035f0000	0x035f0000	0x035f0fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003600000	0x03600000	0x03600fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003610000	0x03610000	0x03610fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003620000	0x03620000	0x03620fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003630000	0x03630000	0x03630fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003640000	0x03640000	0x03640fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003650000	0x03650000	0x03650fff	Private Memory	Readable, Writable, Executable	Region Actions
pagefile_0x0000000003660000	0x03660000	0x03a6ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000003660000	0x03660000	0x03660fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003670000	0x03670000	0x03670fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003680000	0x03680000	0x03680fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003690000	0x03690000	0x03690fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000036a0000	0x036a0000	0x036a0fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000036b0000	0x036b0000	0x036b0fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000036c0000	0x036c0000	0x036c0fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000036d0000	0x036d0000	0x036d0fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000036e0000	0x036e0000	0x036e0fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000036f0000	0x036f0000	0x036f0fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003700000	0x03700000	0x03700fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003710000	0x03710000	0x03710fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003720000	0x03720000	0x03720fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003730000	0x03730000	0x03730fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003740000	0x03740000	0x03740fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003750000	0x03750000	0x03750fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003760000	0x03760000	0x03760fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003770000	0x03770000	0x03771fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003780000	0x03780000	0x03780fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000003790000	0x03790000	0x03790fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000037a0000	0x037a0000	0x037a0fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000037b0000	0x037b0000	0x037b0fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000037c0000	0x037c0000	0x037c0fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000037d0000	0x037d0000	0x037d0fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000037e0000	0x037e0000	0x037e0fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000037f0000	0x037f0000	0x038effff	Private Memory	-	Region Actions
pagefile_0x00000000038f0000	0x038f0000	0x039cefff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000003a20000	0x03a20000	0x03a5ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000003ae0000	0x03ae0000	0x03b1ffff	Private Memory	Readable, Writable	Region Actions
comctl32.dll	0x6fb40000	0x6fbc3fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
winmm.dll	0x70d50000	0x70d81fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
mpr.dll	0x72490000	0x724a1fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msvfw32.dll	0x72650000	0x72670fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
avicap32.dll	0x72710000	0x72722fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wsock32.dll	0x72730000	0x72736fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wkscli.dll	0x73b50000	0x73b5efff	Memory Mapped File	Readable, Writable, Executable	Region Actions
netutils.dll	0x73b60000	0x73b68fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
netapi32.dll	0x73b70000	0x73b80fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
dwmapi.dll	0x73dc0000	0x73dd2fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
uxtheme.dll	0x74130000	0x7416ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
version.dll	0x74ae0000	0x74ae8fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
srvcli.dll	0x75430000	0x75448fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msasn1.dll	0x75600000	0x7560bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
KernelBase.dll	0x756d0000	0x75719fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
crypt32.dll	0x75770000	0x7588cfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
shlwapi.dll	0x759a0000	0x759f6fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rpcrt4.dll	0x75a00000	0x75aa0fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sechost.dll	0x75ad0000	0x75ae8fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
shell32.dll	0x75af0000	0x76739fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
oleaut32.dll	0x76740000	0x767cefff	Memory Mapped File	Readable, Writable, Executable	Region Actions
urlmon.dll	0x76830000	0x76965fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
gdi32.dll	0x76b10000	0x76b5dfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msvcrt.dll	0x76b60000	0x76c0bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ole32.dll	0x76c10000	0x76d6bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
nsi.dll	0x76d70000	0x76d75fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
lpk.dll	0x76d80000	0x76d89fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernel32.dll	0x76d90000	0x76e63fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wininet.dll	0x76e70000	0x76f64fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msctf.dll	0x76f70000	0x7703bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ws2_32.dll	0x77070000	0x770a4fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
iertutil.dll	0x770b0000	0x772aafff	Memory Mapped File	Readable, Writable, Executable	Region Actions
usp10.dll	0x772b0000	0x7734cfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
advapi32.dll	0x77350000	0x773effff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ntdll.dll	0x77440000	0x7757bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
imm32.dll	0x77580000	0x7759efff	Memory Mapped File	Readable, Writable, Executable	Region Actions
user32.dll	0x775a0000	0x77668fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
apisetschema.dll	0x77680000	0x77680fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pagefile_0x000000007f6f0000	0x7f6f0000	0x7f7effff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007ffa2000	0x7ffa2000	0x7ffa2fff	Private Memory	Readable, Writable	Region Actions
private_0x000000007ffa3000	0x7ffa3000	0x7ffa3fff	Private Memory	Readable, Writable	Region Actions
private_0x000000007ffa4000	0x7ffa4000	0x7ffa4fff	Private Memory	Readable, Writable	Region Actions
private_0x000000007ffa5000	0x7ffa5000	0x7ffa5fff	Private Memory	Readable, Writable	Region Actions
private_0x000000007ffa6000	0x7ffa6000	0x7ffa6fff	Private Memory	Readable, Writable	Region Actions
private_0x000000007ffa7000	0x7ffa7000	0x7ffa7fff	Private Memory	Readable, Writable	Region Actions
private_0x000000007ffa8000	0x7ffa8000	0x7ffa8fff	Private Memory	Readable, Writable	Region Actions
private_0x000000007ffa9000	0x7ffa9000	0x7ffa9fff	Private Memory	Readable, Writable	Region Actions
private_0x000000007ffaa000	0x7ffaa000	0x7ffaafff	Private Memory	Readable, Writable	Region Actions
private_0x000000007ffab000	0x7ffab000	0x7ffabfff	Private Memory	Readable, Writable	Region Actions
private_0x000000007ffac000	0x7ffac000	0x7ffacfff	Private Memory	Readable, Writable	Region Actions
private_0x000000007ffad000	0x7ffad000	0x7ffadfff	Private Memory	Readable, Writable	Region Actions
private_0x000000007ffae000	0x7ffae000	0x7ffaefff	Private Memory	Readable, Writable	Region Actions
private_0x000000007ffaf000	0x7ffaf000	0x7ffaffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x000000007ffb0000	0x7ffb0000	0x7ffd2fff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007ffd3000	0x7ffd3000	0x7ffd3fff	Private Memory	Readable, Writable	Region Actions
private_0x000000007ffd4000	0x7ffd4000	0x7ffd4fff	Private Memory	Readable, Writable	Region Actions
private_0x000000007ffd5000	0x7ffd5000	0x7ffd5fff	Private Memory	Readable, Writable	Region Actions
private_0x000000007ffd6000	0x7ffd6000	0x7ffd6fff	Private Memory	Readable, Writable	Region Actions
private_0x000000007ffd7000	0x7ffd7000	0x7ffd7fff	Private Memory	Readable, Writable	Region Actions
private_0x000000007ffd8000	0x7ffd8000	0x7ffd8fff	Private Memory	Readable, Writable	Region Actions
private_0x000000007ffd9000	0x7ffd9000	0x7ffd9fff	Private Memory	Readable, Writable	Region Actions
private_0x000000007ffda000	0x7ffda000	0x7ffdafff	Private Memory	Readable, Writable	Region Actions
private_0x000000007ffdb000	0x7ffdb000	0x7ffdbfff	Private Memory	Readable, Writable	Region Actions
private_0x000000007ffdc000	0x7ffdc000	0x7ffdcfff	Private Memory	Readable, Writable	Region Actions
private_0x000000007ffdd000	0x7ffdd000	0x7ffddfff	Private Memory	Readable, Writable	Region Actions
private_0x000000007ffde000	0x7ffde000	0x7ffdefff	Private Memory	Readable, Writable	Region Actions
private_0x000000007ffdf000	0x7ffdf000	0x7ffdffff	Private Memory	Readable, Writable	Region Actions

Created Files

Filename	File Size	Hash Values	YARA Match	Actions
c:\program files\common files\microsoft shared\msinfo\fieleway.txt	0.04 KB (46 bytes)	MD5: 5718f05d3bdebb944ec1c02d56ff3a63 SHA1: 035e87a09dad57fd972df857579fdb65f36a1395 SHA256: 444ea6025185bf690be65b937723cd74ec2cf1030fc42f7a8f191ff6a238a5d6		File Actions Show Properties Download

Host Behavior

File (6)

Operation	Filename	Additional Information	Count	Logfile
CREATE	sice	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
CREATE	siwvid	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
CREATE	ntice	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
CREATE		desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
CREATE	c:\program files\common files\microsoft shared\msinfo\fieleway.txt	desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
CREATE	c:\users\dssdpmx042\desktop\explorer pro.exe	desired_access = GENERIC_READ, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn

Process (3)

Operation	Process Name	Additional Information	Success	Count	Logfile
CREATE	"C:\program files\internet explorer\IEXPLORE.EXE"	os_tid = 0x500, os_pid = 0x578, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE		1	Fn
SET_CURDIR	c:\users\dssdpmx042\desktop\explorer pro.exe	os_pid = 0x514, new_path_name = c:\users\dssdpmx042\desktop		2	Fn

Memory (1)

Operation	Address	Additional Information	Success	Count	Logfile
ALLOC	0x400000	process_name = "C:\program files\internet explorer\IEXPLORE.EXE", os_pid = 0x578, size = 3846144, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE		1	Fn

Thread (2)

Operation	Process Name	Additional Information	Success	Count	Logfile
GET_CONTEXT	0x500			1	Fn
SET_CONTEXT	c:\program files\internet explorer\iexplore.exe	os_tid = 0x500, os_pid = 0x578		1	Fn

Module (86)

Operation	Module	Additional Information	Count	Logfile
LOAD	USER32.dll	base_address = 0x775a0000	1	Fn
LOAD	ADVAPI32.dll	base_address = 0x77350000	1	Fn
LOAD	NTDLL.dll	base_address = 0x77440000	1	Fn
LOAD	ADVAPI32.DLL	base_address = 0x77350000	2	Fn
LOAD	NTDLL	base_address = 0x77440000	2	Fn
LOAD	winmm.dll	base_address = 0x70d50000	2	Fn
LOAD	kernel32.dll	base_address = 0x76d90000	4	Fn
LOAD	user32.dll	base_address = 0x775a0000	2	Fn
LOAD	advapi32.dll	base_address = 0x77350000	3	Fn
LOAD	oleaut32.dll	base_address = 0x76740000	2	Fn
LOAD	mpr.dll	base_address = 0x72490000	1	Fn
LOAD	version.dll	base_address = 0x74ae0000	1	Fn
LOAD	gdi32.dll	base_address = 0x76b10000	1	Fn
LOAD	comctl32.dll	base_address = 0x6fb40000	1	Fn
LOAD	shell32.dll	base_address = 0x75af0000	1	Fn
LOAD	wininet.dll	base_address = 0x76e70000	1	Fn
LOAD	netapi32.dll	base_address = 0x73b70000	1	Fn
LOAD	wsock32.dll	base_address = 0x72730000	1	Fn
LOAD	AVICAP32.dll	base_address = 0x72710000	1	Fn
LOAD	MSVFW32.DLL	base_address = 0x72650000	1	Fn
LOAD	URLMON.DLL	base_address = 0x76830000	1	Fn
LOAD	WS2_32.DLL	base_address = 0x77070000	1	Fn
GET_HANDLE	c:\windows\system32\ntdll.dll	base_address = 0x77440000	7	Fn
GET_HANDLE	c:\windows\system32\ws2_32.dll	base_address = 0x77070000	26	Fn
UNMAP	"C:\program files\internet explorer\IEXPLORE.EXE"	os_pid = 0x578, base_address = 0x13d0000	1	Fn
GET_FILENAME	C:\Users\DSsDPMx042\Desktop\Explorer Pro.exe		1	Fn
GET_PROC_ADDRESS	c:\windows\system32\kernel32.dll	function = GetNativeSystemInfo, address = 0x76dcbe77	1	Fn
GET_PROC_ADDRESS	c:\windows\system32\advapi32.dll	function = OpenSCManagerA, address = 0x77362bd8	1	Fn
GET_PROC_ADDRESS	c:\windows\system32\advapi32.dll	function = ControlService, address = 0x77377144	1	Fn
GET_PROC_ADDRESS	c:\windows\system32\advapi32.dll	function = DeleteService, address = 0x7737715c	1	Fn
GET_PROC_ADDRESS	c:\windows\system32\advapi32.dll	function = OpenServiceA, address = 0x77362bf0	1	Fn
GET_PROC_ADDRESS	c:\windows\system32\advapi32.dll	function = CloseServiceHandle, address = 0x7736369c	1	Fn
GET_PROC_ADDRESS	c:\windows\system32\advapi32.dll	function = CreateServiceA, address = 0x77393158	1	Fn
GET_PROC_ADDRESS	c:\windows\system32\advapi32.dll	function = StartServiceA, address = 0x77393543	1	Fn
GET_PROC_ADDRESS	c:\windows\system32\ntdll.dll	function = NtOpenThread, address = 0x77485e08	1	Fn
GET_PROC_ADDRESS	c:\windows\system32\winmm.dll	function = timeGetTime, address = 0x70d526e0	1	Fn
GET_PROC_ADDRESS	c:\windows\system32\ntdll.dll	function = NtQuerySystemInformation, address = 0x774861f8	7	Fn
GET_PROC_ADDRESS	c:\windows\system32\ntdll.dll	function = RtlAllocateHeap, address = 0x77492dd6	1	Fn
GET_PROC_ADDRESS	c:\windows\system32\ntdll.dll	function = ZwFlushKey, address = 0x77485988	1	Fn

Registry (2)

Operation	Key	Additional Information	Success	Count	Logfile
CREATE_KEY	HKEY_LOCAL_MACHINE\Software\WinLicense			1	Fn
WRITE_VALUE	HKEY_LOCAL_MACHINE\Software\WinLicense	value_name = CheckIN, data = 1		1	Fn

Driver (1)

Operation	Driver	Additional Information	Success	Count	Logfile
CONTROL		control_code = 0x1a00		1	Fn

Window (14)

Operation	Window Name	Additional Information	Count	Logfile
FIND		class_name = OLLYDBG	1	Fn
FIND		class_name = GBDYLLO	1	Fn
FIND		class_name = pediy06	1	Fn
FIND		class_name = FilemonClass	2	Fn
FIND	File Monitor - Sysinternals: www.sysinternals.com		2	Fn
FIND		class_name = PROCMON_WINDOW_CLASS	2	Fn
FIND	Process Monitor - Sysinternals: www.sysinternals.com		2	Fn
FIND		class_name = RegmonClass	1	Fn
FIND	Registry Monitor - Sysinternals: www.sysinternals.com		1	Fn
FIND		class_name = 18467-41	1	Fn

System (115)

Operation	Information	Count	Logfile
GET_CURSOR	x_out = 897, y_out = 336	1	Fn
SLEEP	duration = 0 milliseconds (0.000 seconds)	98	Fn
SLEEP	duration = 2001 milliseconds (2.001 seconds)	8	Fn
SLEEP	duration = 4000 milliseconds (4.000 seconds)	1	Fn
GET_INFO	type = SYSTEM_MODULE_INFORMATION	7	Fn

Debug (4)

Operation	Type	Additional Information	Count	Logfile
PRINT	DEBUG_STRING	text = %s------------------------------------------------ --- WinLicense Professional --- --- (c)2007 Oreans Technologies --- ------------------------------------------------	1	Fn
CHECK_FOR_PRESENCE	DEBUGGER	process_name = c:\users\dssdpmx042\desktop\explorer pro.exe, os_pid = 0x514	1	Fn
CHECK_FOR_PRESENCE	DEBUGGER	process_name = c:\users\dssdpmx042\desktop\explorer pro.exe, os_pid = 0x514	1	Fn
CHECK_FOR_PRESENCE	DEBUGGER	process_name = c:\users\dssdpmx042\desktop\explorer pro.exe, os_pid = 0x514	1	Fn

Process #2: iexplore.exe

(Host: 1023, Network: 0)

Information	Value
ID / OS PID	#2 / 0x578
OS Parent PID	0x514 (c:\users\dssdpmx042\desktop\explorer pro.exe)
Initial Working Directory	C:\Users\DSsDPMx042\Desktop
File Name	c:\program files\internet explorer\iexplore.exe
Command Line	"C:\program files\internet explorer\IEXPLORE.EXE"
Monitor	Start Time: 00:00:22, Reason: Child Process
Unmonitor	End Time: 00:02:21, Reason: Terminated by Timeout
Monitor Duration	00:01:59
OS Thread IDs	#27 0x500

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000010000	0x00010000	0x0002ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000000020000	0x00020000	0x00020fff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000030000	0x00030000	0x00033fff	Pagefile Backed Memory	Readable	Region Actions
locale.nls	0x00040000	0x000a6fff	Memory Mapped File	Readable	Region Actions
private_0x00000000000b0000	0x000b0000	0x000b0fff	Private Memory	Readable, Writable	Region Actions
private_0x00000000000c0000	0x000c0000	0x000c1fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000000d0000	0x000d0000	0x000d0fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000000e0000	0x000e0000	0x000e0fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x00000000000f0000	0x000f0000	0x000f0fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000000100000	0x00100000	0x00100fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000000110000	0x00110000	0x00110fff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000150000	0x00150000	0x0015ffff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000170000	0x00170000	0x0026ffff	Private Memory	Readable, Writable	Region Actions
private_0x00000000002f0000	0x002f0000	0x003effff	Private Memory	Readable, Writable	Region Actions
private_0x0000000000400000	0x00400000	0x007aafff	Private Memory	Readable, Writable, Executable	Region Actions
pagefile_0x00000000007b0000	0x007b0000	0x00877fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000880000	0x00880000	0x00978fff	Private Memory	Readable, Writable, Executable	Region Actions
private_0x0000000000980000	0x00980000	0x0098ffff	Private Memory	Readable, Writable	Region Actions
pagefile_0x0000000000990000	0x00990000	0x00a90fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000aa0000	0x00aa0000	0x0169ffff	Pagefile Backed Memory	Readable	Region Actions
comctl32.dll	0x6fb40000	0x6fbc3fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
winmm.dll	0x70d50000	0x70d81fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
KernelBase.dll	0x756d0000	0x75719fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rpcrt4.dll	0x75a00000	0x75aa0fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sechost.dll	0x75ad0000	0x75ae8fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
gdi32.dll	0x76b10000	0x76b5dfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msvcrt.dll	0x76b60000	0x76c0bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
lpk.dll	0x76d80000	0x76d89fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernel32.dll	0x76d90000	0x76e63fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msctf.dll	0x76f70000	0x7703bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
usp10.dll	0x772b0000	0x7734cfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
advapi32.dll	0x77350000	0x773effff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ntdll.dll	0x77440000	0x7757bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
imm32.dll	0x77580000	0x7759efff	Memory Mapped File	Readable, Writable, Executable	Region Actions
user32.dll	0x775a0000	0x77668fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
apisetschema.dll	0x77680000	0x77680fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pagefile_0x000000007f6f0000	0x7f6f0000	0x7f7effff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x000000007ffb0000	0x7ffb0000	0x7ffd2fff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007ffd8000	0x7ffd8000	0x7ffd8fff	Private Memory	Readable, Writable	Region Actions
private_0x000000007ffdf000	0x7ffdf000	0x7ffdffff	Private Memory	Readable, Writable	Region Actions

Injection Information

Injection Type	Source Process	Source Os Thread ID	Injection Info	Success	Count	Logfile
Modify Control Flow	c:\users\dssdpmx042\desktop\explorer pro.exe	0x5d4	os_thread_id = 0x500		1	Fn

Host Behavior

File (3)

Operation	Filename	Additional Information	Count	Logfile
CREATE	sice	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
CREATE	siwvid	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn
CREATE	ntice	desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL	1	Fn

Module (16)

Operation	Module	Additional Information	Count	Logfile
LOAD	USER32.dll	base_address = 0x775a0000	1	Fn
LOAD	ADVAPI32.dll	base_address = 0x77350000	1	Fn
LOAD	NTDLL.dll	base_address = 0x77440000	1	Fn
LOAD	ADVAPI32.DLL	base_address = 0x77350000	1	Fn
LOAD	NTDLL	base_address = 0x77440000	1	Fn
LOAD	winmm.dll	base_address = 0x70d50000	1	Fn
GET_PROC_ADDRESS	c:\windows\system32\kernel32.dll	function = GetNativeSystemInfo, address = 0x76dcbe77	1	Fn
GET_PROC_ADDRESS	c:\windows\system32\advapi32.dll	function = OpenSCManagerA, address = 0x77362bd8	1	Fn
GET_PROC_ADDRESS	c:\windows\system32\advapi32.dll	function = ControlService, address = 0x77377144	1	Fn
GET_PROC_ADDRESS	c:\windows\system32\advapi32.dll	function = DeleteService, address = 0x7737715c	1	Fn
GET_PROC_ADDRESS	c:\windows\system32\advapi32.dll	function = OpenServiceA, address = 0x77362bf0	1	Fn
GET_PROC_ADDRESS	c:\windows\system32\advapi32.dll	function = CloseServiceHandle, address = 0x7736369c	1	Fn
GET_PROC_ADDRESS	c:\windows\system32\advapi32.dll	function = CreateServiceA, address = 0x77393158	1	Fn
GET_PROC_ADDRESS	c:\windows\system32\advapi32.dll	function = StartServiceA, address = 0x77393543	1	Fn
GET_PROC_ADDRESS	c:\windows\system32\ntdll.dll	function = NtOpenThread, address = 0x77485e08	1	Fn
GET_PROC_ADDRESS	c:\windows\system32\winmm.dll	function = timeGetTime, address = 0x70d526e0	1	Fn

Registry (2)

Operation	Key	Additional Information	Success	Count	Logfile
CREATE_KEY	HKEY_LOCAL_MACHINE\Software\WinLicense			1	Fn
WRITE_VALUE	HKEY_LOCAL_MACHINE\Software\WinLicense	value_name = CheckIN, data = 1		1	Fn

System (1001)

Operation	Information	Success	Count	Logfile
SLEEP	duration = 0 milliseconds (0.000 seconds)		1001	Fn

Debug (1)

Operation	Type	Additional Information	Success	Count	Logfile
PRINT	DEBUG_STRING	text = %s------------------------------------------------ --- WinLicense Professional --- --- (c)2007 Oreans Technologies --- ------------------------------------------------		1	Fn