Analysis
| Category | Package | Started | Completed | Duration | Options | Log(s) |
|---|---|---|---|---|---|---|
| FILE | exe | 2025-06-11 06:08:48 | 2025-06-11 06:13:08 | 260 seconds | Show Options | Show Analysis Log |
procmemdump=1
import_reconstruction=1
unpacker=2
norefer=1
no-iat=1
2024-11-25 13:37:15,100 [root] INFO: Date set to: 20250611T05:37:13, timeout set to: 200 2025-06-11 06:37:14,013 [root] DEBUG: Starting analyzer from: C:\tmp_gell1p8 2025-06-11 06:37:14,013 [root] DEBUG: Storing results at: C:\WodLRYuTH 2025-06-11 06:37:14,013 [root] DEBUG: Pipe server name: \\.\PIPE\hEUVZHP 2025-06-11 06:37:14,013 [root] DEBUG: Python path: C:\Users\Packager\AppData\Local\Programs\Python\Python310-32 2025-06-11 06:37:14,013 [root] INFO: analysis running as an admin 2025-06-11 06:37:14,013 [root] INFO: analysis package specified: "exe" 2025-06-11 06:37:14,013 [root] DEBUG: importing analysis package module: "modules.packages.exe"... 2025-06-11 06:37:14,325 [root] DEBUG: imported analysis package "exe" 2025-06-11 06:37:14,325 [root] DEBUG: initializing analysis package "exe"... 2025-06-11 06:37:14,325 [lib.common.common] INFO: wrapping 2025-06-11 06:37:14,325 [lib.core.compound] INFO: C:\Users\Packager\AppData\Local\Temp already exists, skipping creation 2025-06-11 06:37:14,325 [root] DEBUG: New location of moved file: C:\Users\Packager\AppData\Local\Temp\iexplore.exe 2025-06-11 06:37:14,325 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option 2025-06-11 06:37:14,325 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option 2025-06-11 06:37:14,325 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option 2025-06-11 06:37:14,325 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option 2025-06-11 06:37:14,638 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser" 2025-06-11 06:37:14,669 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig" 2025-06-11 06:37:14,685 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise" 2025-06-11 06:37:14,701 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human" 2025-06-11 06:37:14,716 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops' 2025-06-11 06:37:14,716 [lib.api.screenshot] ERROR: No module named 'PIL' 2025-06-11 06:37:14,716 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots" 2025-06-11 06:37:14,716 [root] DEBUG: Imported auxiliary module "modules.auxiliary.tlsdump" 2025-06-11 06:37:14,716 [root] DEBUG: Initialized auxiliary module "Browser" 2025-06-11 06:37:14,716 [root] DEBUG: attempting to configure 'Browser' from data 2025-06-11 06:37:14,716 [root] DEBUG: module Browser does not support data configuration, ignoring 2025-06-11 06:37:14,716 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.browser"... 2025-06-11 06:37:14,716 [root] DEBUG: Started auxiliary module modules.auxiliary.browser 2025-06-11 06:37:14,716 [root] DEBUG: Initialized auxiliary module "DigiSig" 2025-06-11 06:37:14,716 [root] DEBUG: attempting to configure 'DigiSig' from data 2025-06-11 06:37:14,716 [root] DEBUG: module DigiSig does not support data configuration, ignoring 2025-06-11 06:37:14,716 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.digisig"... 2025-06-11 06:37:14,716 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature 2025-06-11 06:37:25,982 [modules.auxiliary.digisig] DEBUG: File has a valid signature 2025-06-11 06:37:25,982 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json 2025-06-11 06:37:25,982 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig 2025-06-11 06:37:25,982 [root] DEBUG: Initialized auxiliary module "Disguise" 2025-06-11 06:37:25,998 [root] DEBUG: attempting to configure 'Disguise' from data 2025-06-11 06:37:25,998 [root] DEBUG: module Disguise does not support data configuration, ignoring 2025-06-11 06:37:25,998 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.disguise"... 2025-06-11 06:37:25,998 [modules.auxiliary.disguise] INFO: Disguising GUID to 3ce2e7d8-fbf7-4bb8-9102-ea325fa9ecd5 2025-06-11 06:37:25,998 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise 2025-06-11 06:37:25,998 [root] DEBUG: Initialized auxiliary module "Human" 2025-06-11 06:37:25,998 [root] DEBUG: attempting to configure 'Human' from data 2025-06-11 06:37:25,998 [root] DEBUG: module Human does not support data configuration, ignoring 2025-06-11 06:37:25,998 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.human"... 2025-06-11 06:37:25,998 [root] DEBUG: Started auxiliary module modules.auxiliary.human 2025-06-11 06:37:25,998 [root] DEBUG: Initialized auxiliary module "Screenshots" 2025-06-11 06:37:25,998 [root] DEBUG: attempting to configure 'Screenshots' from data 2025-06-11 06:37:25,998 [root] DEBUG: module Screenshots does not support data configuration, ignoring 2025-06-11 06:37:25,998 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.screenshots"... 2025-06-11 06:37:25,998 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled 2025-06-11 06:37:25,998 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots 2025-06-11 06:37:26,013 [root] DEBUG: Initialized auxiliary module "TLSDumpMasterSecrets" 2025-06-11 06:37:26,013 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data 2025-06-11 06:37:26,013 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring 2025-06-11 06:37:26,013 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.tlsdump"... 2025-06-11 06:37:26,013 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 696 2025-06-11 06:37:26,029 [lib.api.process] INFO: Monitor config for <Process 696 lsass.exe>: C:\tmp_gell1p8\dll\696.ini 2025-06-11 06:37:26,029 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor 2025-06-11 06:37:26,029 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor 2025-06-11 06:37:26,044 [lib.api.process] INFO: Option 'unpacker' with value '2' sent to monitor 2025-06-11 06:37:26,044 [lib.api.process] INFO: Option 'norefer' with value '1' sent to monitor 2025-06-11 06:37:26,044 [lib.api.process] INFO: Option 'no-iat' with value '1' sent to monitor 2025-06-11 06:37:26,044 [lib.api.process] INFO: Option 'tlsdump' with value '1' sent to monitor 2025-06-11 06:37:26,044 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmp_gell1p8\dll\LvlXCnF.dll, loader C:\tmp_gell1p8\bin\UsVZZmjI.exe 2025-06-11 06:37:26,107 [root] DEBUG: Loader: IAT patching disabled. 2025-06-11 06:37:26,107 [root] DEBUG: Loader: Injecting process 696 with C:\tmp_gell1p8\dll\LvlXCnF.dll. 2025-06-11 06:37:26,154 [root] DEBUG: 696: Python path set to 'C:\Users\Packager\AppData\Local\Programs\Python\Python310-32'. 2025-06-11 06:37:26,154 [root] INFO: Disabling sleep skipping. 2025-06-11 06:37:26,154 [root] DEBUG: 696: Full process memory dumps enabled. 2025-06-11 06:37:26,154 [root] DEBUG: 696: Import reconstruction of process dumps enabled. 2025-06-11 06:37:26,154 [root] DEBUG: 696: Active unpacking of payloads enabled 2025-06-11 06:37:26,154 [root] DEBUG: 696: CAPE debug - unrecognised key norefer. 2025-06-11 06:37:26,169 [root] DEBUG: 696: TLS secret dump mode enabled. 2025-06-11 06:37:26,169 [root] DEBUG: 696: InternalYaraScan: Scanning 0x00007FF84A790000, size 0x1f4542 2025-06-11 06:37:26,185 [root] DEBUG: 696: InternalYaraScan hit: RtlInsertInvertedFunctionTable 2025-06-11 06:37:26,185 [root] DEBUG: 696: RtlInsertInvertedFunctionTable 0x00007FF84A7A090E, LdrpInvertedFunctionTableSRWLock 0x00007FF84A8FB4F0 2025-06-11 06:37:26,185 [root] DEBUG: 696: Monitor initialised: 64-bit capemon loaded in process 696 at 0x00007FF8234D0000, thread 4728, image base 0x00007FF60D500000, stack from 0x0000008EFACF4000-0x0000008EFAD00000 2025-06-11 06:37:26,185 [root] DEBUG: 696: Commandline: C:\Windows\system32\lsass.exe 2025-06-11 06:37:26,216 [root] DEBUG: 696: Hooked 5 out of 5 functions 2025-06-11 06:37:26,216 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread. 2025-06-11 06:37:26,216 [root] DEBUG: Successfully injected DLL C:\tmp_gell1p8\dll\LvlXCnF.dll. 2025-06-11 06:37:26,216 [lib.api.process] INFO: Injected into 64-bit <Process 696 lsass.exe> 2025-06-11 06:37:26,216 <truncated>
Machine
| Name | Label | Manager | Started On | Shutdown On | Route |
|---|---|---|---|---|---|
| win10-2 | win10-2 | KVM | 2025-06-11 06:08:48 | 2025-06-11 06:12:48 | none |
File Details
| File Name |
iexplore.exe
|
|---|---|
| File Type | PE32+ executable (GUI) x86-64, for MS Windows |
| File Size | 826704 bytes |
| MD5 | eac888c884c5ae875b16e8c714b4d2e6 |
| SHA1 | 021415d73d02c6247001bad6e5c9bc6e220f34fc |
| SHA256 | faa971f17a142ebd5518e5b3c55af0f0c264adf43644d8ccf972440048620d07 [VT] [MWDB] [Bazaar] |
| SHA3-384 | d057c32c01013d30190043b64dbca9dc7e2b2909469cbacbfe0fcee2c6d2f76476fb5831efaf541a78d681ea94d1353e |
| CRC32 | 1E89EE9E |
| TLSH | T1C4058D42F7C8D455E0B706314933CB654673FC669E20866F319A771E2E723836AB2E1B |
| Ssdeep | 24576:D4lGLbMMHMMMvMMZMMMKzb6XmMMMiMMMz8JMMHMMM6MMZMMMeXNMMzMMMUMMVMMb:RMMHMMMvMMZMMMlmMMMiMMMYJMMHMMM8 |
| PE | File Strings BinGraph Vba2Graph |
Full Results
| Engine | Result | Engine | Result | Engine | Result |
|---|
\j.~C
|$8@2
F<1U.
@.data
CRIMh
QSA_PopulateTiles_Perftrack
EmptyTab_Conversion_Cancel
zwj[G
.rdata$zz
Znv%)
</trustInfo>
\zq5%`
%!NPj{{{{{{{{td/
ReleaseMutex
GetStartupInfoW
TGEtwzyqz
njejnnp
8888888888888
LCIEDownloader_CreateIsoComponent
f?[I/f
[Pm A
0a?_n
ButtonText
fD9<Ou
:DKWWKFB$
CreateSemaphoreExW
,37AAA52+#
_pppppppppppppppppONNNNR
KnILk
tz5@*
Frame_CommandBarCreate
u*9Q<|%
c4Z'Ej[ 5"
qnh,"
QueryID
CreateAndSelectTab
~_|}_
0c0904E4
TASKl
<MMIM8
_PLG:**:
Imaging_CreateWebPagePreview_Perftrack
<ah!1
bbbbb
=/M;I
33p3337330
Tab_Recover_Complete
IMTravelLogMVC_StateChange
notification
ahA:0
BrowserRoamedSettingChange_TypedUrls
t"@8-P\
Imaging_CreateWebPagePreview
fD9;t
CReadingModeContentProvider
$JA 3*b
191123202700Z0
CIMFindBar_Hide_Perftrack
Shdocvw_VirtualTab_NavigateTabManager
Recovery_WriteInitialStore
*#k*~#
O0M0K
o\$PH
Microsoft Corporation
h]|#e
/eokSSUQVL=E;9);
00.,,,4(
190808200751Z0t1
PrerenderURL
api-ms-win-downlevel-advapi32-l1-1-0.dll
wPdM:
Frame_ControlBandCreate
_XcptFilter
Browseui_Favs_ItemsChanged
MICROSOFTEDPENLIGHTENEDAPPINFO
wwwwwx
_lock
tbmooookooknRRR/.-M
>http://www.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt0
lRwSjH4_?
D9H(t
/y&6N51
#-de^'
180823202700Z
`,"\q
ULV_AggregateItems_Perftrack
\F= &
Browseui_CBrowserFrame_OnClose
RRRRRRRRR
mshtml
0DMU\]]]]\QNH
AutoSuggest_DropDown_Show
IMDownloadWindow_Show_Perftrack
Browseui_Tabs_NavToDroppedLink
IdleManager_AddRunningTask
_initterm
@@@@@@@@@@@@@
UnifiedListView_Query_DomainSuggestion_Perftrack
1+0)0
UnifiedListView_Populate
.idata$5
extended
[2:]\q
1YYYY1YY7=6,,,,$VVVVUW
wwwwwwwwwwww
SetUserObjectInformationW
PinnedSites_OfferedImagesComplete
gl||deg
*00>V
0g^34QU
ExtensionShowDW
.pdata
EmptyTab_Closing
Immersive_Travellog_ScrollComplete_Fired
20180915005723Z
wwwwww
(2Wt[9pd
unifiedlistview
lX:p"r
X }A,-
kdSEI
.didat$2
A20/4
`4Wn8q
Iw %n
Immersive_Travellog_SwipeStartThresholdMet
Application
H9{HsFH
uckhl
n{{{{{yyyyn[
kxD6 N
-eval
.4ON@
Browseui_Tabs_MakeBlockingCallToTab
DominantImageUrl3
% moa
LegacyHistoryAdd
01111111111111111111111
ComponentType
_exit
mnn,hhi
CHANp
IESessionIDInvalidated
;NRlI
pnpnnnnnnn
|l|gp
Shdocvw_BaseBrowser_FireEvent_Quit
EmptyTab_Conversion_CleanUpBrowserTab_Failed
IEApplicationExit
Shdocvw_BaseBrowser_FireEvent_NewWindow3
Legal_Policy_Statement
,2HSK
bqnA%>g
Application-Addon-Event-Provider
%hs!%p:
<!-- This Id value indicates the application supports Windows Threshold functionality-->
Tnnpnnnnnnn
-embedding
MessageCount
Thales TSS ESN:148C-C4B9-20661%0#
-fFx6
N];2^
Menuband_PopulateShellFolderToolbar
om7Lm
~t7bbbb77777.7-...-R
Browseui_HangUI
EUPP_HandleAsyncOperationResult_Perftrack
E}II}-$%#'TuSM
;BDDNRRGE;
J-"0'''''030433H
CREDAT:
Shdocvw_VirtualTab_NavigateImmediateTab
ppnpnppnnp
.tls$ZZZ
CloseFrame
<71/48
GetCommandLineW
TEMP(
?Kvc9
)ag^#
TabRoaming_TabMarkedDirty
.)3?664'''''0&//3
Microsoft Time-Stamp PCA 20100
e%<???=o
7Cxaf
EmptyTab_Reuse
hjjnjL
Shdocvw_BaseBrowser_FireEvent_DownloadBegin
tabID
"A_Rb
NewTabPageData_RoamedEntry
EmptyTab_Reuse_ReuseTabThread_Failed
L)40A
</compatibility>
I0G0E
.CRT$XIA
}t{}~~~zzo777kkxx
L(}^$A>#
cPJ>:-*Gx`*>
[xVXQ
[.<wc
wtP<W
IdleManager_AddIdleTask
hluv{
|$(E3
NewVisibleState
NewTabPageData_Build
O'mm?
MMMM9
IdleManager_RunExpiredIdleTask
1YYYY1OOOOOOOOOOOOOONONNNN1
230865+4409830
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
O}IK}P98:[_^`w]\Q}KK}
apppppppppppppppppXnneRK
FileDescription
roaming
!!!
TV,py
EmptyTab_Conversion_Begin
OPnb^
favicon
*km?o
Y3{?q
XX\jb_`
J?EZ#
=;<0wwx
%F0[U
Browseui_FeedViewer_PreviewStream
7HGGD
Title
Microsoft Corporation1
}}5"n
k/bzb
BrowserThreadProc_Return
;;<wnmj
^^]\NF
Microsoft Operations Puerto Rico1&0$
CtrlLeftButtonAction
250706205017Z0~1
b@IKg
.text$lp00iexplore.exe!30_clientonly
ntdll.dll
Browseui_Tabs_Move
7Z>@B1
MICROSOFTEDPPERMISSIVEAPPINFO
shell
TEMP8
2wC*y
iexplore.pdb
win:Informational
InitializeCriticalSection
Iso_Dependencies_RemoveDependency
6wi g"
Microsoft Time-Stamp PCA 2010
e'>EQ1
['/FWL
+???NNX
HcL$ HcD$$H
TmU&F
@MMHMIMMM@H9E
wwxwwwxwxxp
Terminate_Browser_Tab_Process
TargetPID
.($
Shdocvw_BaseBrowser_DocumentComplete
TerminateOnShutdown
CLSID
Tab_BFCache_Resume
x7qJs
Browseui_HangUI_SetVisible
<security>
e&V"%JA
Attach
Microsoft Corporation0
isDebuggerPresent
WebStorage_Platform
=DNbfjnnjojutrR;
T:E6m2A
SharedMemoryHandle
/;.`D
>http://www.microsoft.com/pki/certs/MicCodSigPCA_2010-07-06.crt0
.rdata$zETW9
CAsyncStorage_WorkPending
+@~=#
VVVUN@@
BrowserRoamedSettingChange_FlipAhead
pnnpnnnnnn
tpt&mfh
ZaZ|W
A@>>7%
Tppnpnnnpnn
N';]aa`[C4'W
1w8y!
CreateThumbnail_Superbar_Perftrack
I,{5:
wwwwwwwwwwp
SelfRecovered
100701213655Z
Find_HighlightHitsStatus
M[p_=
xzxtpps
FirstRunDialog_Show
IsTabSwitch
TerminateProcess
W1U!F@<0
|yu~z
HistoryByDateSwitchView
229803+4379510
fF9<cu
}s(-RihiPROKI:<&
ImageCleaningScheme
DNnh<t)
DownloadWindow_HistoryQuery_Perftrack
SetHung
_PPUUUcs
jijFmkm
Object
ynf$79:C
2F@"(
{liihhmn
dW9/+=
8fD]@
6hynd
"?iV
Y.hilkRROMLK=C,
IMTravelLogMVC_NavigationReceived
Microsoft.Windows.App.Browser
UJ_Pbp
`X"8|N
11.00.17763.1 (WinBuild.160101.0800)
]bolSTQML=<;-)s
?http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
K:vd~PF
fDestroyingHangUI
pageloadbreakdown
.text$x
333~kO
enefjjn
oKPW@
M2fB4
Browseui_Tabs_Tearoff_Complete_TabProc
DataModel_Provider_WorkerThread
''''##'
GetModuleHandleW
verbose
type="win32"/>
TabRoaming_LoadRoamedTab
<assemblyIdentity version="5.1.0.0"
p pt@
ImageDimX
CIMFindBar_Show_Perftrack
.CRT$XLZ
+T]K(
.giats
kernelbase.dll
SetDllDirectoryW
.rsrc
f<g~~
StateString
#Dacc
Microsoft-PerfTrack-IEFRAME
um/a~
;Ye/(u&
Browseui_SelectTabTimerCreated
0A_A^_
OriginalFilename
win:Start
6pvex
Tab_NavigateToPidl
DLM_Security_Hash
IMDownloadWindow_ActionBar_Animation
f\Us':AP
TileSize
TabId
Frame_AddressBandCreate
Mj&@:_
TravelLogScreenshotNav
UseWER
cs_a\
$Microsoft Ireland Operations Limited1
XWVONc}
VVVVVTTTSS1
Browseui_VirtualTab_PostNewFrameTabCreate
BrowserRoamedSettingChange_TrackingProtection
8888888888
Find_ChangeSelectedHit
<!--This Id value indicates the application supports Windows 7/Server 2008 R2 functionality-->
988r+++,
level="asInvoker"
TEMPt
rFl}\
(?D=1
UjDM5
halfTabCount
Tab_InitializeBrowserState
-FFFFBFBBBB???008
wwwwp
't{N'
c#b&*|||
yyz,rss
yiO<W
DependentPID
UVWATAUAVAWH
}g#;~
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
5t}?3
leG&g
QueryHistory
ProcessId
CloseHandle
L$8E3
I?VX^m3)
:MMMMMJMMMCC9
HhA)ux
@.reloc
KNJF3&
QRNNN
771/00
z.9Wv
D$Lt+
internal\sdk\inc\wil\safecast.h
GetSystemTimeAsFileTime
[D2PI
EmptyTab_Conversion_Succeeded
SCODEF:
TravelLogScreenshotNav_OldTab_CancelingSwitch
Browseui_ActivationRegistrar_OnCleanup
m^w$@
UnifiedListView_Typed_Perftrack
TravelLogScreenshotNav_NewTab_NowReadyToSwitch
190726201119Z0t1
Shdocvw_BaseBrowser_FireEvent_BeforeScriptExecute
TabRoaming_SessionTimerFired
Shdocvw_BaseBrowser_FireEvent_NavigateComplete
Internet Explorer
!#4VBc9
/8U[SA
CIMNavBar_Hide_Perftrack
<application>
SetUnhandledExceptionFilter
180712200751Z
JyJ@~
ImageUniqueID
{28fb17e0-d393-439d-9a21-9474a070473a}
33.2....(,'
H>O-jb*
IMTravelLogMVC_ScreenShotInfo
OS=NLLLH
.text
S[OLN
iK/ =
D@AFt
Thales TSS ESN:86DF-4BBC-93351%0#
Version
FeedsSwitchView
ubjn~
'xS[mG~
1OOOOOOOOOOOOOOOONPPP1
:20/48
Bing_Suggestions_ServiceRequest
.rdata$brc
TravelLogScreenshotNav_NewTab_ShowingScreenshotBeforeSwitch
1YYYYYYYYYYYYYYYYYWVW1
fF9<wu
dddKffgK
Immersive_Travellog_ScrollComplete_TimeOut
Shdocvw_BaseBrowser_FireEvent_DownloadComplete
/%=2=2[
O[86?
]7lF8
TEMP`
1YYYYVVVVVSVSTTSSSSSS1
<!--This Id value indicates the application supports Windows Vista/Server 2008 functionality -->
Microsoft.InternetExplorer.Preview
FailureReason
UnifiedListView_GroupPopulated
TWZTTWZT
;{{{{{{0
IDATo
@JMMU"/
Z`*@#
LocalAlloc
@U@E@
}~~,vvw
Shdocvw_VirtualTab_NavigateInWebBrowser_Navigate2Call
T'>J<
.idata$4
Ou5}?Y7
CIMNavBar_Show_Perftrack
:fZ30L
tabhydration
6L[}j
NotificationManager_SendResponse
.rdata$T$brc
TravelLogScreenshotNav_OldTab_ReadyToClose
dwTabScenarioFlags
1YYYY1YY7LKIHEB=WVVVVW-'VV1
CreateThumbnail_Immersive_Perftrack
userInputID
__dllonexit
Frame_TabBandMove
Browseui_TabSuspension_Check_Suspendable
WWV6&(
Browseui_Tabs_Tearoff_BetweenWindows
Microsoft Corporation1#0!
*1ATA
.text$zy
^[ONN
b > -
3....+))+
Search_SuggestionsProcessing
Snippet_UserSelExtraction_Perftrack
_a_a_a_a_a_a_a___[N
PinnedSites_OfferedImage
Microsoft Code Signing PCA0
TabSwitch
__C_specific_handler
Shdocvw_PanningTool_GetPanningProperties
]GLTQ}
y{{tnj
TabRoaming_FindRoamedTabs
Find_ActivateBar
EmptyTab_Timer_Cancel
Microsoft Corporation1-0+
UnifiedListView_Query_Favorites_Perftrack
ProcessID
IDLEMANAGER_TASKTYPE
TEMP0
gdMkS7
Browseui_HangUI_CreateCoverWindow
|$ AVH
g"&#&6vl|v
???n*+*+
1&lk66
win:Verbose
.text$mn$00
}G/-4X
}=)G}=(
Browseui_Tabs_TabReadyForNavigate
EmptyTab_Timer_Start
SetLastError
Tlg$F
WWWXXZ\
.rsrc$01
CallContext:[%hs]
DebugBreak
EmptyTab_Reuse_ReinitializeBrowserTab_Begin
BrowserThreadProc_Prior
Device_Info_Util
HistoryBrokerShutdown
D$pE3
@TsR8
ImageDimY
)/NSKC"
wa*,a
Nm\"l):
..('$$$
_ppppppppppppppppp[pf[L
Find_HighlightHits
L95\s
wwwwwwwwwwwww
pdvggp
VirtualAlloc
Hfff0
Shdocvw_VirtualTab_NavigateDeferredNewTab
`pp*E
EmptyTab_Conversion_FinalNavigation_Begin
#&WV9
Microsoft Code Signing PCA 2010
uiAccess="false"/>
alv?6
ISO_HANDLE
||wxxx
Shdocvw_BaseBrowser_FireEvent_DocumentComplete
NewTabPage_SearchBox_Hide
?Kmt~sm]G
28Hsv
@ Sjb?
OnlineHistoryCollectData
ExtensionCloseDW
Browseui_BringBrowserTabAlternateOwnerForward_Hung
DominantImageUrl1
Shdocvw_BaseBrowser_Navigate
4Mx~Q
:s_`[
g Sk?eY
l.igM4
`In_u
VVVVVTVSTT1
Microsoft Corporation1)0'
y|U3a
Microsoft Corporation. All rights reserved.
V~l#a
MenuShrink
2[[AP
FavoritesBar_WriteLinksCache
\-0XH1*
.text$yd
IsWindowVisible
dbba`^^]]F
{x;yw
s/Z7z
FindBar_TermChange
[jejfbe
(>?q=zGGzbo
Immersive_Travellog_Perftrack
ContextName
.97777"7" " " !
DDDDO
ExtensionRelease
LcA<E3
;X;y'+
^^^\PF
PRVA8
SO@"T
AllowSetForegroundWindow
?&"k0
Shdocvw_VirtualTab_GetWebOCWindow
TEMPD
wwrhmmy|
w=(>?
InputPanelResize
VB$h&
Browseui_Tabs_SwitchTabs
UnifiedListView_DefaultAction
QSA_OpenUnfilteredView_Perftrack
z~qB 2
CreateHTMLPreview
/I}6&
?flew
geeVU
</application>
Shdocvw_BaseBrowser_FireEvent_BeforeNavigate
8#8v"
RDQT(
.ApX/
uuuttrrrrrrrrz
CHAN\
:GUUUP-x:
EDPENLIGHTENEDAPPINFOID
LegalCopyright
(P/x\
SendMessageTimeoutW
PRVAX
pv)[?
1YYYY1YY ####%# VVVVVT
7*W]{
PopulateOptions
`bbi}
Find_FindHits_Perftrack
[xo,!
.5|M@
@o9t,
55323222...
@@@@@@@@@@
H^]NMLKKJJIF
D9|$P
x"nc(
OPCOx
H"vo9
t3PpS
InitOnceExecuteOnce
@A_A^A]A\_^]
EmptyTab_Conversion_CleanUpBrowserTab_Begin
FJcr%
.bss$zz
'GG9G'
l$ ATAVAWH
Browseui_TabSuspension_Unuspend
:8887 g_
.rdata$zzzdbg
Browseui_Tabs_Tearoff_NewWindow
/cfff
Command Type
hwndPrev
H[a_^]NMLKKJF
controlpanel
Bing_Suggestions_CancelRequest
T$hH+
.rdata
Find_HighlightHits_Perftrack
>C|i+
[[f4h6PRTKIL:;&
ppnppnppnp
HistoryBySiteSwitchView
o<5I'
@j[U0
.rdata$00
[0>:!
{]A}(N44
-nowait
_wRB?Q
Browseui_VirtualTab_PreNewFrameTabCreate
*9988777777
?1%SGf
bf_^`
4?%)cH
D$$I;
]__7N
Z5&s&7
ltI{"
h&+-dd^#
</windowsSettings>
Lb m6X
UnifiedListView_Cancelled_Perftrack
SelectTabAsyncFlags
BE})$
|Fb#c
WaitForSingleObject
Browseui_Tabs_AddTabButton
C71/48
appppppppppppppppjRXL
InputPanelHide
11.00.17763.1
Reading Mode Content
Cookie
Frame_NavBarCreate
GetModuleFileNameA
| <g5
>5LDT
IsHung
211111YY
HistoryBrokerStartup
3;2 ?
|v&""c&
F> "#
.idata$3
gDDh9
reason
7s377
History_Journal_Write_Command
1Igjzu
Browseui_CIMTabView_CloseTab_Perftrack
2|md'
OnlineHistoryAdd
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
Microsoft Time-Stamp service
IQRRMS
CreateHTMLPreview_ShowWindow
.didat$5
SetErrorMode
14FF@E
fpxdQ
20180915065546Z
RtlDllShutdownInProgress
TaskID
lHT[G
npnnnnnnnn
Browseui_TabSuspension_Suspend
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
Browseui_ActivationRegistrar_CreateComponent
Browseui_DestroyDetachedBrowserTabUI
+#_g^#
}lK4v
"Microsoft Window
LEVLh
Z2`_Ot
LayerValue
fF9|w
Tab_ShellBrowserOnCreate
dK [
:'IR&
=O?4j
QSA_UpdateGroup_Perftrack
C?&f{fp
api-ms-win-downlevel-ole32-l1-1-0.dll
TabSwitch_NotAccountingForInputDelay
LEVL@
iexplore
__setusermatherr
HeapFree
1http://www.microsoft.com/PKI/docs/CPS/default.htm0@
TabCreate
InputPanelShow
GetTickCount
TabRoaming_PLMSuspendWithOutstandingTimer
**(%)444?HNN
99999
____gmx>N
99ph(
_PURUUUU
.CRT$XIY
ppN!f
onh||i|
|k&SZ
L$@H3
<HMGI5
]va8+y
;IIG:
`Ge`@N
*g}DL3^
UnifiedListView_Query_History_Perftrack
u)DF(%
D$0fD98t
ImageUrl
WEVT_TEMPLATE
D8|$@
7wwwwp
Shdocvw_VirtualTab_GetIWB2
r<st=
nh4GZ
K51ddd
Tnnnnnnnnnj
Q7Uwa-9u
State
ptV7n
ZdpnkSTTVQL<<C,w
EventSetInformation
Ehttp://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z
wwwwwwwx
iswspace
/[z`X[
TravelLogScreenshotNav_NewTab_IsReadyToSwitch
Immersive_Travellog_BeforeUnload_Fired
FavoritesSwitchView
'!!
TriggerProtectionHResult
Ehttp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl0Z
_ppppppppppppppppp[eXL
OutputDebugStringW
20180915045508.048Z0
$eO&iK
# O,;[J;'W
wwwwwwwwx
1Dcq?
Microsoft.InternetExplorer.Default
<requestedPrivileges>
DLM_Resume_Time
ReturnHr
IWL=Eevm
1Q_KP
Event Type
TEMPl
~;EmQ
\__gahss
:#Hj{
p>80G
xr4>D
StrStrIW
-DT l
ZYr(3
Publisher
Microsoft Code Signing PCA 20100
Tab_ShellBrowser_OnUnload
.Mq#A
Frame_URLEntered
Frame_CommandBandCreate
}6Ju[`|
NewTabPage_SearchBox_Show
.data$00$brc
TEMP|
\.I=Y
t{{{{{{tttp
32;;=C
Immersive_Travellog_NavigationComplete_TimeOut
DLM_Security_AppRep
"HMtcX
Fd?B(
g~vzw
n09%1
TEMPd
DLM_Security_Malware
Uint32Val
000.,,9(
TravelLogScreenshotNav_NewTab_GetReadyToSwitch
$`2X`F
imagestore
EmptyTab_Timer_Timeout
-][GGC=[
1$`_@
V9^=2(
FFFBFB?B?333201
AddToHistory
IntelliForms_Do_AutoStuff
Browseui_TabWindow_SetVisible
.CRT$XCAA
q1"hifge],
N*;]a`G3'W
\$ UH
Frame_MinIETabBandCreate
ADVAPI32.dll
XT51>
E}#,&
\$Hu2H
.lPV)
@SWAVH
1NWWX
vll|h
.00cfg
Browseui_BringBrowserTabAlternateOwnerForward
Browseui_HungTabHeartBeat_Timer_Invisible
NewTabPage_Show
@SUVWH
AttachTID
FailFast
<hgh}
Q Gt.9
9IIMMMMMM9999
I?(((()(((
pnnnnnnnnn
<application xmlns="urn:schemas-microsoft-com:asm.v3">
http://www.microsoft.com/windows0
.bss$dk00
CompanyName
Window_Restored
lNO t
GetCurrentThreadId
vN8@/
bba_^]NNLKF
~~~~{{{yt
$Ku9H;
u HcA<H
zzzqqiiPE
NewTabPageData_Refresh
defunct
<!-- This Id value indicates the application supports Windows Blue/Server 2012 R2 functionality-->
GetProcessHeap
Sleep
P(P~m
AnimationType
x\3.N,:
DataModel_QueryEntry
N';aaa][LEC1'T
%ip=?GJG^=
N9x/:
pnpnpnnnpn
Result
FileName
Print_Dialog_Perftrack
_ji6W
#C$"F
fD9<_u
ImageType
Browseui_Tabs_Activity_Show
W*,[5H
UnifiedListView_Query_Feeds_Perftrack
TASKl
Snippet_BOLLExtraction_Perftrack
</security>
-:2JJW
ZWZZXXXVVZ
/cpokSTQVVV<E9,F
{T|}U?
oT$@f
n+dOY
)Microsoft Root Certificate Authority 20100
TabRoaming_ReadProcessInfo
IntelliForms_Evaluate_AutoStuff
ReleaseSemaphore
~~?>}
;r"?@p
eeHHHHHHc
_ppppppppppppppppaRM
CreateThumbnail_Perftrack
^H)'I2g
ggh,bbcxggh
x|iI6
^]O3+
ptytytnc
Microsoft Code Signing PCA
bTT@7
<MHMI8*
Browseui_TabWindow_CommitRoamingState_Perftrack
Pl$#l
Window_Maximized
TimespanInMs
TabID
wwwwwwwwwwx
1YYYYYYYYYYYYYYYYYVVT1
}yD=+
WCVB64''!
Z*imN
3g033
%>D7-
CDC_E
IdleManager_RemoveTask
|$8E3
ResolveDelayLoadedAPI
UnifiedListView_Dropdown_Perftrack
Microsoft-IEFRAME
tccg|
DLM_DownloadBar_Show
IEFrame
onecoreuap\inetcore\lib\tracelogging\legacydll.cpp
IdleManager_RemoveExpiredRunningTask
|hK,_
XRNLN
Browseui_HangUI_ShowNotificationBar
AAAAAAAAAAAAAAAAAyyyyyyyyyyyyyyAAy/0.*+,1<gipdyAGzhf
D$\E3
kW)/Z0
wO]~!
SupportedDataMask
EYe09
9[HPr
.didat$7
Ehttp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_2010-07-06.crl0Z
wwwwwwwww
TotalNumber
rand_s
ScaleThumbnail
(caller: %p)
MaxWaitingTime
AttachToTID
,gksX1jTXQevp3/jN3fzoJ/6XeWIKmvxqElIBc33LoEc=0Z
;=5HD
1YYYVVVSVSVTRNNNTTSSS1
ActivityType
250701214655Z0|1
DIType
7sw7sw
__set_app_type
HistoryJournal
lLCrN
#Vx"&6
GetVersionExA
TEMP
.data$zz
IDATx
tr&2bvfd|||l
0!l8$
040904B0
'->]7
CompressThumbnail
GGHI3)
IdleTask_Execution_Time
.rdata$zETW2
[[[S+
OnlineHistoryDelete
\__aac
4CEHH90
w~(cMx
Lcx'^
OIR<r
IDAT9#
ResetDestinationList
ihimzy{
FindWindowExW
R]LYr
PerformWhenBrowserResponds
wwwww
IMDownloadWindow_Hide_Perftrack
%,--A
HcA<H
Browseui_Tabs_Tearoff_NewWindow_TabProc
\/48718
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
O?zKN
3s337p
HistoryByMostVisSwitchView
ULQRUccs
F)bn)K#
HiddenTabCookie
!!!!!!!
DownloadWindow_HistoryPopulate_Perftrack
fg1??
]sU&Q
(%&'00443445?
Y9" 7B
Bing_Suggestions_ServiceResponse
Browseui_Tabs_CloseTab
Browseui_Tabs_CloseOtherTabs
Dependent
cF_l:
7P?O}
_u@PX
Uoh_z
a.ry.v
BarText
r+K+}q
:20/4
VarFileInfo
20180916005723Z0s09
TEMP4
NotificationBar_OverrideHide
Vq~Y=
_fmode
P,;;%W
HRESULT
ploEwoq
Browseui_SelectTabTimerTriggered
TabWindowManager_DehydrateTabsOnSuspend_Perftrack
name="Microsoft.InternetExplorer"
wwwwwwx
</requestedPrivileges>
H0F0D
);IQJ1+
b}k!kB
OpType
_vsnwprintf
IDATk
$<kzh
_ppppppppppppppppppnppn_
j(#)3
TabRoaming_FindRoamedMachines
WPdWh
HMLKFFFFFFc
ExtensionSetSiteNull
pIDAT7
rqokzzz
<requestedExecutionLevel
microsoft1-0+
@&0&_g
totalTabCount
Local\SM0:%d:%d:%hs
>ZgS#
RegGetValueW
@:@:::@@@9M
3$zBPs
Iso_Dependencies_AddDependency
E>NI6
YLD|y1
D}GI}a" !
FormatMessageW
Hf iC
Browseui_PrepareResizeAsync
A=biy
SelectTabAsyncTabID
DownloadWindow_Item_Added
jjk,eef
Pq<(0
fef|yxz
h`2[C
<!-- Copyright (c) Microsoft Corporation -->
VVVVVTTTTT1
AicL(
DOW^^
ImageLastRetrievedTime
Status On Request
'?tBRp
GetHalfTabData
DeleteCriticalSection
zwwwp
%s!FK
<windowsSettings>
Disconnect
primarynav
ImageStore_Activity_SingleImage
RtlCaptureContext
`Whxo
win:Info
FavCenterOpen
Browseui_Tabs_MarkTabAsNotHung
BrowserRoamedSettingChange_WinInet
RL--I
EDPPERMISSIVEAPPINFOID
BrowserFrame_AddTab_WaitForActivationKind
u!Ug4X}
.CRT$XLA
>~?7J
cdfge|z/Z>;&
CFaviconHolder_UpdateReal
pnppnnpnnn
v<p`r
win:ResponseTime
Bing_Suggestions_ParseXmlResponse
GetWindowThreadProcessId
LinkCount
H2)%5
Nj)+g
%JVzI5)
t:LLLp
Frame_SearchBandCreate
_xssx
1|ne$
WS_ExecuteQuery
NotificationManager_NotificationBarButtonClick
wwwwwwwwwx
Browseui_CBrowserFrame_CreateInstance
lihhil
A_A^_
qkCUk
appppppppppppppppnppnpnp
Microsoft Corporation1200
HistorySearchSwitchView
Washington1
.data$dk00$brc
&]D =
XW_(P
A_A^A\
GuVgeeVeUWUW
EmptyTab_Reuse_ReinitializeBrowserTab_Failed
DLM_Security_WVT
}}}}}}}}|||||||||
5<_`O
BrowserThreadProc_Next
Window_Resized
Status
//////////////
b[P,kG
Browseui_Tabs_WaitMessage
z;=??<5b-
CreateThumbnail
+DKKKF-#
Browseui_PrepareVisibleAsync
LeftButtonAction
AllowRecovery
ox2mC
CIMContextMenuBar_Hide_Perftrack
__wgetmainargs
8Y(9k
`v$J6
llgwp
e05?D
u$L97t
RtlLookupFunctionEntry
OC~r<
$DkynC&
internal\sdk\inc\wil\resource.h
{u}WYZ
[%hs(%hs)]
TabWindowManager_UnDehydrateTabsOnResume_Perftrack
QueryPerformanceCounter
6G" b
saPz?i
B!EYQ
Reason
\$ VH
)i3&Wr
1YYYW1YY
EventWriteEx
msvcrt.dll
StringFileInfo
~)EQ
oD$ f
t$ WAVAWH
LegacyHistoryEnum
qc^^ih]i
}KK}}}}}}}}}}}}}}KKKKRKKKRKKKRKKKK
*"4I/
*,315
m7Xh*
g+nMI
]4kSTTLKK+-
FU*l?`
msIso.dll
Eu0!P
ZUGa4
Microsoft Time-Stamp service0
NotificationBar_Update
FavoritesBar_PopulateFeedsMenu_Perftrack
.text$mn
ElementId
x>CCA@9G+J
<!-- Note: This manifest needs to be kept in sync with iexplore.exe.appcompat.manifest -->
>(B}=(-}=(o|<(
`A>e_
.text$zz
NotificationBar_Hide
FavoritesBar_PopulateFeedsMenu
dEJJJD_
tRljCzII}kh;
Browseui_Tabs_BrowserTabRespondsNow_TabHung
Shdocvw_VirtualTab_NavigateThreadProc
9^"VE
wwwwwwwwwwwwwwwx
</application>
]_gmmqq
_*%GSSehhZ??>>?B>
wfV~td
9Hi]j
Browseui_CBrowserFrame_Close
G ">3
Browseui_TabBand_Activity
VRNNNV
x;O?rha
EventWriteTransfer
SyncTimeout
ImageStore_Activity_ImageTotal
Browseui_Tabs_DropOnFavorites
Microsoft Operations Puerto Rico1'0%
Browseui_CIMBrowserFrame_CreateInstance_Perftrack
oL$0f
Find_FindFirstHit_Perftrack
XY[]Boqr
Rp$RCJ
HQ7+`
L$XzKH
8http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
rCstG
..(((($$
D$@E3
Browseui_Tabs_CloseTab_Perftrack
-[TGC>=[
BrowserRoamedSettingChange_TrackingProtectionLists
DF443333130
DRSR9
100831221932Z
VRNNNTTTTS1
Shdocvw_VirtualTab_NavigateThreadProc_NavigateEx2Call
L$ SWH
IsActive
UnifiedListView_Displayed_Complete_Perftrack
kwE*PPB_
Shdocvw_PanningTool_ScrollElementBy
333333
M>8Hcp
px||dlvv
BackNaviagation_Requested
QSA_CalculateTilesInView_Perftrack
%!-ae^'
7!}O"
~hRQQ
ZWWYVPPPMMMN[o
IsDebuggerPresent
TASK m
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
888777777
CaWNN
.rdata$zETW1
dF7vv
003200;(
!U@d5cZ
PRVAL
CoCreateGuid
CreateHTMLPreview_Perftrack
RtlVirtualUnwind
Addressbar_InlineAutocomplete
_wcmdln
3....(.''$
37>>7$
]w,<x
uvv,opp
!1$<x
ImageKey
RaiseFailFastException
vtl|e
1YYYYM111111111111111111112
.ENNNG.
<!y.q
Immersive_Travellog_PageAvailable_Fired
n@?Ju5!
100706204017Z
Browseui_HangUI_DisparentAndDetachBrowserTab
.CRT$XCA
FoundSuspendable
IHMI7
KERNEL32.dll
fjjefjj
HistoryByOrderSwitchView
BFCache
hpzzzz
processorArchitecture="amd64"
D,/V%~
U J Qn^
02rWed
OnCloseButton
so=Qs
IdleManager_TaskCount
UnhandledExceptionFilter
_'_gL
Tab_BFCache_Suspend
EventUnregister
(7A@@>'
Tab_ShellBrowser_OnBeforeUnload
Microsoft Time-Stamp Service0
Find_MatchAndHighlightHits_Perftrack
UnifiedListView_MultipleCharacterQuery
*D1Y0
Fsccspc
}F9;7
D$0L;
VS_VERSION_INFO
.i5Sz
}F*Lj
SetProcessDpiAwarenessContext
Browseui_Tabs_OnNavigateComplete2
rsusEt
|gl|ep
.CRT$XCZ
LCIEDownloader
&!#")
eZzjU
IDLETASK_PRIORITY
wininet
fA;R*
TabRoaming_DeleteInvalidOrExpiredTabFile
Exception
OnlineHistoryClear
(#'(+(''''!'!
Browseui_Tabs_Tearoff_BetweenWindows_TabProc
GJNSsmh
l$ VH
Shdocvw_BaseBrowser_FireEvent_NavigateError
y).=I
P`!AX
1Y444V444VVVSVSVSSSSS1
,LIKOIL:)
.data
nCipher NTS ESN:57F6-C1E0-554C1+0)
BrowserThreadProc_StartFrame
IEShortLivedProcess
Browseui_HangUI_AttachThreadInputHelper
R2j:S\
j[//G
180823202645Z
_PG:-%%-
9_'LJ
t{{{{{tnjhSSE
Browseui_Tabs_AddTabAPI
'fhimmmhf+%
GRRRRR
IE_API_Timer
_aaelm
LCIE_ForeignProcessMessageQueueDequeueAll
memset
H.ZAf
[%hs]
Frame_Fast_Shutdown_Perftrack
IDATp
ox\AS
Search_SuggestionsDownload
(++++++
SetSearchPathMode
GetProcAddress
180712201119Z
DLM_DownloadBar_Close
Browseui_OnPrepareVisibleComplete
j6`J%
IsWindowEnabled
ProductName
DownloadWindow
}At;"
IDAT /
Shdocvw_BaseBrowser_FireEvent_NewWindow
TabVisibleIndex
TabRoaming_KeepTabInDirtyList
<hghd
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
IEApplicationStart
.idata$6
(=Xen
$Microsoft Root Certificate Authority0
MHMM7)
Microsoft-IEFRAME/Diagnostic
3P_ptxP
Browseui_Prerender_Closing_Prerendered_Page
Frame_LinksBandCreate
Microsoft Time-Stamp Service
.((%$
:Nq8|
WinMain
TravelLogScreenshotNav_NewTab_ShowingAllScreenshotsOnSwitch
D$HE3
~bMkd`!
wBDrDC@M#
1YYYY1YY9GEAA=77YRNNNW:.VT1
IEFRAME.dll
<r@H{
*B 8W]
DataModel_Provider_Query
Browseui_Tabs_Tearoff_ShowVisual
r4A\p
EnumHistoryRecords
t{{{yytttQ2
subsystem
$0daK
FileVersion
>4F7C)
,28hQ
Find_DeactivateBar
nnqqqqqzqqqojiUR:
Microsoft Corporation1&0$
p AWH
1(0&0
BZ:!!
Locale
Tab_Terminate_Process
QGPPQUUc
Count
68*RZa
3...((((%
$Microsoft Ireland Operations Limited1&0$
Frame_OnCreate
0020..9(
_ppppppppppppppnppnpnpnp
1.=7C
memcpy_s
~iSRR
Y4SROO5H
`Av+&
jjjnnpp
^^]PD
AFR#@.2#$
zB=_h
v#>Ey
di033
Bind Context
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
Shdocvw_BaseBrowser_FireEvent_NewWindow2
pC{yu5
20180916065546Z0w0=
-agggeD[0
BrowseUI_CStorage
Y&&"$*(88+)+BCVVVB64'''%!
NewTID
OgyBI
<!--This Id value indicates the application supports Windows 8/Server 2012 functionality-->
3.2...((((%
r[0/#
OL8GW
CreateMutexExW
qH/uF
W~7t~
nonPerfTrack
EventRegister
1YYYY1YY+$$+%%%%VRNNNT
FavCenterClose
1YYYY0QQQRQQQRQQQRQQ
Shdocvw_VirtualTab_RedirectUrlWithBindInfo
Z\ojhkSTMMM<=C&
TabRoaming_Delete
EmptyTab_CreateNewTab
YZT%]j
e$t}F
*6zN*
F4"!3
NotificationBar_OverrideShow
;7ww8
HangUIShowing
vYZ^D
Frame_LoadFrameState
1F$A"w
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
EmptyTab_Conversion_CleanupRecoveryData_Failed
IdleManager_RunNextIdleTask
;p+3KK
9OSJD-
Suspending
HeapAlloc
DominantImageUrl4
2111111111111111111110
3111111111111111111112
y)Pp2
/QQQRQQQRQQQRQQ
.rdata$zz$brc
D2J1"
Description
I-[VO
F25*-
H3E H3E
InternalName
df||tg
TabRoaming_WriteProcessInfo
DownloadWindow_Items_Removed
Recovery_ReadRecoveryStore
w2<<L
_pppppppppppppppnppp_[RQ
TabState
-di".
DataModel_Query
Shdocvw_VirtualTab_NavigateThreadProc_Navigate2Call
AddonName
dptf@
G=/QVD
uI.[j,}fl
JournalEncryption_Init_Perftrack
.rsrc$02
"''9'
nnnnnnnnnn
%FAW1
ImageLastUpdatedTime
_unlock
hG~%{
By}H&C'
SP>05
vQ]<B
hwndAlternateOwner
nsr@2zGGzcxm
K\|7_i
gn|vlpl~nw
TimeElapsed
:MIMMMMIMB9E
IMTravelLogMVC_WaitForPageTimeout
!QHD`
en-US
XWWWXXZ
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
;~zQ{
String
LAWac
kernel32.dll
QpSh1
Microsoft Corporation1(0&
D$0f90t
.bss$00
TabRoaming_LoadRoamedMachine
EUPP_DoAsyncOperation_Perftrack
DLM_DownloadWindow_Hide
.text$di
3w2!_a|
ExtensionCreate
Z<Taj
CHAN8
4W~:P
w?2wz7
Imaging_SendIconicLivePreviewBitmap
-``[GGC[
)@@>-
Search_ImageProcessing_Perftrack
ResumeReason
"Microsoft Time Source Master Clock0
GetCurrentProcessId
Microsoft-PerfTrack-IEFRAME/Diagnostic
P2}_nA
"=\,9
\q=AP\
I0G1-0+
NotificationBar_Show
.rdata$zETW0
(Hup+
Snippet_Aggregate_Perftrack
Find_FindHits
DelayLoadFailureHook
WaitForSingleObjectEx
QSA_PopulateTile_Perftrack
DominantImageClassifier
A.#UU
UTCReplace_AppSessionGuid
w\3+M*7
Xc$3F
N''T
aUYd#
Browseui_HangUI_ScriptRecoveryTimeout
Message
xh.JW^
Browseui_SelectTabTimerCancelled
2k!eD
p`YT+(
immersive
Imaging_SendIconicThumbnail
[n?rhf
!9@9!
OldTID
(_(1=
hET">
EUPP_HPNavigationTriggerProtection_Perftrack
Shdocvw_VirtualTab_NavigateInWebBrowser
.data$00
Find_FindFirstHit
LaunchFrame
<description>Internet Explorer</description>
.CRT$XIZ
AutoSuggest_DropDown_Hide
qjj?[
RehydrateTab
'#$!
TravelLogScreenshotNav_OldTab_WantsToCancelSwitch
Z?"%9
IMTravelLogMVC_Info
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
IDATF
!Jht~{{{{{p[3
Immersive_Travellog_NavigationStart_TimeOut
!This program cannot be run in DOS mode.
1Ywfcp
WWCV6''#odd
Msg:[%ws]
Frame_Show
;4=Y/
DominantImageUrl2
xnk^z
;\$Lr
7kb[`
OPCOT
@.%'`
Disable
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
Sq]}#
3[2"?
wwwwwwww
fC|_t@;1
txuscUU
Redmond1
>http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0
FavoritesBar_PopulateLinksMonitor
EVNTp
D l8m
D$xE3
;33;33;0N
hwndNext
sharecharm
1YYVV1YY
USER32.dll
rss,jkk
Thumbnail_RemoveGutters
EmptyTab_Conversion_FinalNavigation_Failed
WEVT|
X[jenab
HungWindowText
200831222932Z0y1
RUSQQQQQ
OpenSemaphoreW
HistorySwitchView
l>(UuSI
CloseTab
p]7@~
r~akow
HeapSetInformation
sW%%e
f9H\u
?fMz?k
.CRT$XCU
=^r</
BoolVal
Oj1E /
vV~wg
VBXP9
(xk0ql
0-ZZW$
TravelLogScreenshotNav_NewTab_IsNotReadyToSwitch
<44GZ
P""ivx
N=|)H
UnifiedListView_Displayed_Perftrack
TTBL0
Target
:<OSSQ
jVUU@@7
%hs(%d) tid(%x) %08X %ws
oK0D$"<
-ResetDestinationList
i=uSg
WVV'*
GetCurrentProcess
DD:n
7DDF)YYYY
4g[S:+
WaitingTaskCount
win:Stop
Frame_AddFirstTab
Shdocvw_Feed_Search
8iG!
RunningTaskCount
pnnpnpnnnn
iertutil.dll
DLVA_Animation_Perftrack
,--SHGG
1YYYY1YYYYYYYYYYYYYYWWWVVV0
ThreadID
LocalFree
20180915045506.956Z0
-startmanager
TabRoaming_Update
D$8E3
y?4/
LA>H5
</assembly>
.didat$3
Enable
Courier_FunctionalTest
Translation
UserAction
xwwwxww
NotificationManager_NotificationBarReady
+++++++***
\I9<q
FlipAhead_RulesFileUpdate
qYFnrm
ddFtQ
gNX>X
WilError_02
URXF;
iIDAT
&_\~e
LegacyHistoryQuery
TEMP,
wcsncmp
4/-6888
wr]x"
ProductVersion
FHIMMMHF
ExtensionSetSite
CIMContextMenuBar_Show_Perftrack
Snippet_MetaExtraction_Perftrack
.stls
DLM_DownloadWindow_Show
Search_ImageProcessing
cQL:-$%%
t|\c$
CurrentVisibleState
SHTN^
Find_MatchAndHighlightHits
"VU6U
X1`=8
.didat$4
Search_SuggestionsProcessing_Perftrack
BrowserRoamedSettingChange_ExcludedUrls
TEMP<
DE4/4////////---
_onexit
`ppPi
.CRT$XIAA
Browseui_Tabs_Activity_Hide
4wNOu{
cvListVersion
191123202645Z0
5]1LrT
IMTravelLogMVC_TravelURL
z00'#|D
48r;"
@$/t"T
NotificationBar_Animate
IE_Wer_Report_Hang
'Kn)yvDstbW
D$0E3
z4 $v
NotificationBar_Flash
.idata$2
SetCurrentProcessExplicitAppUserModelID
1/0-0
)4{d.l
Tab_Fast_Shutdown_Perftrack
api-ms-win-downlevel-shlwapi-l1-1-0.dll
NewTabPage_SearchLogo_Show
TEMPh
XWX_b\_
"B^^]PE
IEXPLORE.EXE
El/SU
-newtab
=0w8X
sessionID
R_as/%%!
.xdata
244444444444444444444442
MaxBlockingTime
.gfids
ttsc_UP
+?@(IJ
v#if#
TravelLogScreenshotNav_OldTab_CannotCancelSwitch
zsttcUPC
MenuExpand
MenuItemPop
<"dzNZ
n,@r_
@~!>7
%hs(%d)\%hs!%p:
Browseui_Tabs_ShowHungTabBar
exitCode
N0L0J
@.didat
Browseui_CBrowserFrame_CreateInstance_Perftrack
GetModuleHandleExW
1YYYY1YY7IGDA==7VRNNNV((VS1
KKK8s
fjjjbej
~~~~{~{yttn
_cexit
d7z'l
m066^$
DLM_Security_AntiVirus
EventData
bingsuggestions
LCIE_ForeignProcessMessageQueueEnqueue
GetLastError
_commode
7WP!?|
- &$$
wsL>W
LogHr
wwwwwwwwww
_amsg_exit
NotifyFrame
KqLa*
?terminate@@YAXXZ
<71/4
B"-*9
-Bass
V9fB0,
pxvd|x
=%nD_GF
V%%(((
+{F~x
(1AH-
W]3yl
*Og{U
}^[t{
}|Rich
{T kv
0PU"r
Y[ONN
Flags
RowCount
zf^'I
Frame_TravelBandCreate
gG(L>^"
CommandID
UnifiedListView_SwitchMode
UserInitiated
'Kn)x
Fy_Bc=
Index
A!pf*
DIConfidence
GenerateThumbnail
Window_Minimized
Browseui_Tabs_MarkTabAsHung
<GHIM4)
hppii
1YYYYYYYYYYYYYYYYWWVV1
`.rdata
EmptyTab_Conversion_CleanupRecoveryData_Begin
&L8O"
Shdocvw_BaseBrowser_FireEvent_WindowStateChanged
jscript
TravelLogScreenshotNav_NewTab_SetAsHiddenTab
DataModel_Provider_CreateDataList
.bss$pr00
+RB+R
Qw`[L+W
61(!P
api-ms-win-downlevel-shell32-l1-1-0.dll
oB!:6
tLB,"
PE Information
| Image Base | Entry Point | Reported Checksum | Actual Checksum | Minimum OS Version | PDB Path | Compile Time | Import Hash | Icon | Icon Exact Hash | Icon Similarity Hash | Icon DHash |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 0x140000000 | 0x000024e0 | 0x000cff75 | 0x000cff75 | 10.0 | iexplore.pdb | 1995-12-11 04:18:31 | bf1b4238fcdbb117edf39418ca0d205c |  |
9afc87754e29bafb0903e08398ce1745 | af8f90e3b3853bbf98e9e4a582f8229a | c070cc9cfecde976 |
Version Infos
| CompanyName | Microsoft Corporation |
|---|---|
| FileDescription | Internet Explorer |
| FileVersion | 11.00.17763.1 (WinBuild.160101.0800) |
| InternalName | iexplore |
| LegalCopyright | รยฉ Microsoft Corporation. All rights reserved. |
| OriginalFilename | IEXPLORE.EXE |
| ProductName | Internet Explorer |
| ProductVersion | 11.00.17763.1 |
| CompanyName | Microsoft Corporation |
| FileDescription | Internet Explorer |
| FileVersion | 11.00.17763.1 |
| InternalName | iexplore |
| LegalCopyright | รยฉ Microsoft Corporation. All rights reserved. |
| OriginalFilename | IEXPLORE.EXE |
| ProductName | Internet Explorer |
| ProductVersion | 11.00.17763.1 |
| Translation | 0x0409 0x04b0 |
Sections
| Name | RAW Address | Virtual Address | Virtual Size | Size of Raw Data | Characteristics | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x00000400 | 0x00001000 | 0x00004871 | 0x00004a00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 5.99 |
| .rdata | 0x00004e00 | 0x00006000 | 0x000027a6 | 0x00002800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.56 |
| .data | 0x00007600 | 0x00009000 | 0x000009bc | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.90 |
| .pdata | 0x00007800 | 0x0000a000 | 0x0000069c | 0x00000800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 3.80 |
| .didat | 0x00008000 | 0x0000b000 | 0x00000038 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.35 |
| .rsrc | 0x00008200 | 0x0000c000 | 0x000bd588 | 0x000bd600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 6.47 |
| .reloc | 0x000c5800 | 0x000ca000 | 0x00000060 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 1.17 |
Overlay
| Offset | 0x000c5a00 |
| Size | 0x00004350 |
| Name | Offset | Size | Language | Sub-language | Entropy | File type |
|---|---|---|---|---|---|---|
| EDPENLIGHTENEDAPPINFOID | 0x000284a0 | 0x00000002 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 1.00 | None |
| EDPPERMISSIVEAPPINFOID | 0x000284a8 | 0x00000002 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 1.00 | None |
| MUI | 0x000c9430 | 0x00000158 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.12 | None |
| WEVT_TEMPLATE | 0x0000f130 | 0x0001936a | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.34 | None |
| RT_ICON | 0x000284b0 | 0x00000668 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.95 | None |
| RT_ICON | 0x00028b18 | 0x000002e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.39 | None |
| RT_ICON | 0x00028e00 | 0x000001e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.43 | None |
| RT_ICON | 0x00028fe8 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.38 | None |
| RT_ICON | 0x00029110 | 0x00000ea8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.21 | None |
| RT_ICON | 0x00029fb8 | 0x000008a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.88 | None |
| RT_ICON | 0x0002a860 | 0x000006c8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.93 | None |
| RT_ICON | 0x0002af28 | 0x00000568 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.43 | None |
| RT_ICON | 0x0002b490 | 0x0000cbf1 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.97 | None |
| RT_ICON | 0x00038088 | 0x000025a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.96 | None |
| RT_ICON | 0x0003a630 | 0x000010a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.45 | None |
| RT_ICON | 0x0003b6d8 | 0x00000988 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.62 | None |
| RT_ICON | 0x0003c060 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.36 | None |
| RT_ICON | 0x0003c588 | 0x00000668 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.07 | None |
| RT_ICON | 0x0003cbf0 | 0x000002e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.70 | None |
| RT_ICON | 0x0003ced8 | 0x000001e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.57 | None |
| RT_ICON | 0x0003d0c0 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.11 | None |
| RT_ICON | 0x0003d1e8 | 0x00000ea8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.08 | None |
| RT_ICON | 0x0003e090 | 0x000008a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.87 | None |
| RT_ICON | 0x0003e938 | 0x000006c8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.22 | None |
| RT_ICON | 0x0003f000 | 0x00000568 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.45 | None |
| RT_ICON | 0x0003f568 | 0x000097d2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.98 | None |
| RT_ICON | 0x00048d40 | 0x000025a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.46 | None |
| RT_ICON | 0x0004b2e8 | 0x000010a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.94 | None |
| RT_ICON | 0x0004c390 | 0x00000988 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.95 | None |
| RT_ICON | 0x0004cd18 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.91 | None |
| RT_ICON | 0x0004d240 | 0x000002e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.12 | None |
| RT_ICON | 0x0004d528 | 0x000008a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.64 | None |
| RT_ICON | 0x0004ddd0 | 0x000010a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.13 | None |
| RT_ICON | 0x0004eea8 | 0x000002e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.88 | None |
| RT_ICON | 0x0004f1a8 | 0x000002e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.69 | None |
| RT_ICON | 0x0004f490 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.98 | None |
| RT_ICON | 0x0004f5b8 | 0x000008a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.00 | None |
| RT_ICON | 0x0004fe60 | 0x00000568 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.69 | None |
| RT_ICON | 0x000503c8 | 0x000010a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.13 | None |
| RT_ICON | 0x00051470 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.01 | None |
| RT_ICON | 0x00051938 | 0x000002e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.90 | None |
| RT_ICON | 0x00051c20 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.68 | None |
| RT_ICON | 0x00051d48 | 0x000008a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.99 | None |
| RT_ICON | 0x000525f0 | 0x00000568 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.84 | None |
| RT_ICON | 0x00052b58 | 0x000010a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.33 | None |
| RT_ICON | 0x00053c00 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.42 | None |
| RT_ICON | 0x000540c8 | 0x000002e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.75 | None |
| RT_ICON | 0x000543b0 | 0x000008a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.37 | None |
| RT_ICON | 0x00054c58 | 0x000010a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.28 | None |
| RT_ICON | 0x00055d30 | 0x000002e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.80 | None |
| RT_ICON | 0x00056018 | 0x000008a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.75 | None |
| RT_ICON | 0x000568c0 | 0x000010a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.35 | None |
| RT_ICON | 0x00057998 | 0x000002e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.97 | None |
| RT_ICON | 0x00057c80 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.24 | None |
| RT_ICON | 0x00057da8 | 0x000008a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.91 | None |
| RT_ICON | 0x00058650 | 0x00000568 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.13 | None |
| RT_ICON | 0x00058bb8 | 0x000010a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.89 | None |
| RT_ICON | 0x00059c60 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.84 | None |
| RT_ICON | 0x0005a128 | 0x000002e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.18 | None |
| RT_ICON | 0x0005a410 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.31 | None |
| RT_ICON | 0x0005a560 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.20 | None |
| RT_ICON | 0x0005a688 | 0x00000568 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.19 | None |
| RT_ICON | 0x0005abf0 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.48 | None |
| RT_ICON | 0x0005b088 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.40 | None |
| RT_ICON | 0x0005b1b0 | 0x00000568 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.74 | None |
| RT_ICON | 0x0005b718 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.27 | None |
| RT_ICON | 0x0005bbb0 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.11 | None |
| RT_ICON | 0x0005bcd8 | 0x00000568 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.45 | None |
| RT_ICON | 0x0005c240 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.91 | None |
| RT_ICON | 0x0005c6d8 | 0x00000668 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.07 | None |
| RT_ICON | 0x0005cd40 | 0x000002e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.70 | None |
| RT_ICON | 0x0005d028 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.11 | None |
| RT_ICON | 0x0005d150 | 0x00000ea8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.08 | None |
| RT_ICON | 0x0005dff8 | 0x000008a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.87 | None |
| RT_ICON | 0x0005e8a0 | 0x00000568 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.45 | None |
| RT_ICON | 0x0005ee08 | 0x000025a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.46 | None |
| RT_ICON | 0x000613b0 | 0x000010a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.94 | None |
| RT_ICON | 0x00062458 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.91 | None |
| RT_ICON | 0x00062948 | 0x000002e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.75 | None |
| RT_ICON | 0x00062c30 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.63 | None |
| RT_ICON | 0x00062d58 | 0x000008a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.37 | None |
| RT_ICON | 0x00063600 | 0x00000568 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.37 | None |
| RT_ICON | 0x00063b68 | 0x000010a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.28 | None |
| RT_ICON | 0x00064c10 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.37 | None |
| RT_ICON | 0x000650d8 | 0x000002e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.86 | None |
| RT_ICON | 0x000653c0 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.30 | None |
| RT_ICON | 0x000654e8 | 0x000008a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.02 | None |
| RT_ICON | 0x00065d90 | 0x00000568 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.82 | None |
| RT_ICON | 0x000662f8 | 0x000010a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.12 | None |
| RT_ICON | 0x000673a0 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.25 | None |
| RT_ICON | 0x00067868 | 0x000002e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.86 | None |
| RT_ICON | 0x00067b50 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.30 | None |
| RT_ICON | 0x00067c78 | 0x000008a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.02 | None |
| RT_ICON | 0x00068520 | 0x00000568 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.82 | None |
| RT_ICON | 0x00068a88 | 0x000010a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.12 | None |
| RT_ICON | 0x00069b30 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.25 | None |
| RT_ICON | 0x00069ff8 | 0x000002e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.86 | None |
| RT_ICON | 0x0006a2e0 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.30 | None |
| RT_ICON | 0x0006a408 | 0x000008a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.02 | None |
| RT_ICON | 0x0006acb0 | 0x00000568 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.82 | None |
| RT_ICON | 0x0006b218 | 0x000010a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.12 | None |
| RT_ICON | 0x0006c2c0 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.25 | None |
| RT_ICON | 0x0006c788 | 0x000002e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.52 | None |
| RT_ICON | 0x0006ca70 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.69 | None |
| RT_ICON | 0x0006cb98 | 0x000008a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.26 | None |
| RT_ICON | 0x0006d440 | 0x00000568 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.99 | None |
| RT_ICON | 0x0006d9a8 | 0x000010a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.73 | None |
| RT_ICON | 0x0006ea50 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.04 | None |
| RT_ICON | 0x0006ef18 | 0x000002e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.58 | None |
| RT_ICON | 0x0006f200 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.46 | None |
| RT_ICON | 0x0006f328 | 0x000008a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.54 | None |
| RT_ICON | 0x0006fbd0 | 0x00000568 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.70 | None |
| RT_ICON | 0x00070138 | 0x000010a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.37 | None |
| RT_ICON | 0x000711e0 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.55 | None |
| RT_ICON | 0x000716a8 | 0x000002e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.04 | None |
| RT_ICON | 0x00071990 | 0x000008a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.36 | None |
| RT_ICON | 0x00072238 | 0x000010a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.19 | None |
| RT_ICON | 0x00073310 | 0x000002e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.23 | None |
| RT_ICON | 0x000735f8 | 0x000008a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.90 | None |
| RT_ICON | 0x00073ea0 | 0x000010a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.00 | None |
| RT_ICON | 0x00074f78 | 0x00000668 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.21 | None |
| RT_ICON | 0x000755e0 | 0x000002e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.81 | None |
| RT_ICON | 0x000758c8 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.32 | None |
| RT_ICON | 0x000759f0 | 0x00000ea8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.78 | None |
| RT_ICON | 0x00076898 | 0x000008a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.39 | None |
| RT_ICON | 0x00077140 | 0x00000568 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.26 | None |
| RT_ICON | 0x000776a8 | 0x0000414c | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.92 | None |
| RT_ICON | 0x0007b7f8 | 0x000025a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.44 | None |
| RT_ICON | 0x0007dda0 | 0x000010a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.16 | None |
| RT_ICON | 0x0007ee48 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.29 | None |
| RT_ICON | 0x0007f348 | 0x00000668 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.95 | None |
| RT_ICON | 0x0007f9b0 | 0x000002e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.39 | None |
| RT_ICON | 0x0007fc98 | 0x000001e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.43 | None |
| RT_ICON | 0x0007fe80 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.38 | None |
| RT_ICON | 0x0007ffa8 | 0x00000ea8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.21 | None |
| RT_ICON | 0x00080e50 | 0x000008a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.88 | None |
| RT_ICON | 0x000816f8 | 0x000006c8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.93 | None |
| RT_ICON | 0x00081dc0 | 0x00000568 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.43 | None |
| RT_ICON | 0x00082328 | 0x0000cbf1 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.97 | None |
| RT_ICON | 0x0008ef20 | 0x000025a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.96 | None |
| RT_ICON | 0x000914c8 | 0x000010a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.45 | None |
| RT_ICON | 0x00092570 | 0x00000988 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.62 | None |
| RT_ICON | 0x00092ef8 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.36 | None |
| RT_ICON | 0x00093420 | 0x00000668 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.07 | None |
| RT_ICON | 0x00093a88 | 0x000002e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.70 | None |
| RT_ICON | 0x00093d70 | 0x000001e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.57 | None |
| RT_ICON | 0x00093f58 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.11 | None |
| RT_ICON | 0x00094080 | 0x00000ea8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.08 | None |
| RT_ICON | 0x00094f28 | 0x000008a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.87 | None |
| RT_ICON | 0x000957d0 | 0x000006c8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.22 | None |
| RT_ICON | 0x00095e98 | 0x00000568 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.45 | None |
| RT_ICON | 0x00096400 | 0x000097d2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.98 | None |
| RT_ICON | 0x0009fbd8 | 0x000025a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.46 | None |
| RT_ICON | 0x000a2180 | 0x000010a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.94 | None |
| RT_ICON | 0x000a3228 | 0x00000988 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.95 | None |
| RT_ICON | 0x000a3bb0 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.91 | None |
| RT_ICON | 0x000a40d8 | 0x00000668 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.95 | None |
| RT_ICON | 0x000a4740 | 0x000002e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.39 | None |
| RT_ICON | 0x000a4a28 | 0x000001e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.43 | None |
| RT_ICON | 0x000a4c10 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.38 | None |
| RT_ICON | 0x000a4d38 | 0x00000ea8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.21 | None |
| RT_ICON | 0x000a5be0 | 0x000008a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.88 | None |
| RT_ICON | 0x000a6488 | 0x000006c8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.93 | None |
| RT_ICON | 0x000a6b50 | 0x00000568 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.43 | None |
| RT_ICON | 0x000a70b8 | 0x0000cbf1 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.97 | None |
| RT_ICON | 0x000b3cb0 | 0x000025a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.96 | None |
| RT_ICON | 0x000b6258 | 0x000010a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.45 | None |
| RT_ICON | 0x000b7300 | 0x00000988 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.62 | None |
| RT_ICON | 0x000b7c88 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.36 | None |
| RT_ICON | 0x000b81b0 | 0x00000668 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.07 | None |
| RT_ICON | 0x000b8818 | 0x000002e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.70 | None |
| RT_ICON | 0x000b8b00 | 0x000001e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.57 | None |
| RT_ICON | 0x000b8ce8 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.11 | None |
| RT_ICON | 0x000b8e10 | 0x00000ea8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.08 | None |
| RT_ICON | 0x000b9cb8 | 0x000008a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.87 | None |
| RT_ICON | 0x000ba560 | 0x000006c8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.22 | None |
| RT_ICON | 0x000bac28 | 0x00000568 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.45 | None |
| RT_ICON | 0x000bb190 | 0x000097d2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.98 | None |
| RT_ICON | 0x000c4968 | 0x000025a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.46 | None |
| RT_ICON | 0x000c6f10 | 0x000010a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.94 | None |
| RT_ICON | 0x000c7fb8 | 0x00000988 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.95 | None |
| RT_ICON | 0x000c8940 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.91 | None |
| RT_GROUP_ICON | 0x000b80f0 | 0x000000bc | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.20 | None |
| RT_GROUP_ICON | 0x00093360 | 0x000000bc | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.19 | None |
| RT_GROUP_ICON | 0x000c8da8 | 0x000000bc | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.18 | None |
| RT_GROUP_ICON | 0x000a4018 | 0x000000bc | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.19 | None |
| RT_GROUP_ICON | 0x0003c4c8 | 0x000000bc | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.07 | None |
| RT_GROUP_ICON | 0x0004d180 | 0x000000bc | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.14 | None |
| RT_GROUP_ICON | 0x0004ee78 | 0x00000030 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.59 | None |
| RT_GROUP_ICON | 0x0004f190 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.32 | None |
| RT_GROUP_ICON | 0x00054068 | 0x0000005a | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.80 | None |
| RT_GROUP_ICON | 0x000518d8 | 0x0000005a | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.77 | None |
| RT_GROUP_ICON | 0x00055d00 | 0x00000030 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.59 | None |
| RT_GROUP_ICON | 0x00057968 | 0x00000030 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.59 | None |
| RT_GROUP_ICON | 0x0005a538 | 0x00000022 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.56 | None |
| RT_GROUP_ICON | 0x0005a0c8 | 0x0000005a | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.82 | None |
| RT_GROUP_ICON | 0x0006eeb8 | 0x0000005a | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.79 | None |
| RT_GROUP_ICON | 0x0005b058 | 0x00000030 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.56 | None |
| RT_GROUP_ICON | 0x0005bb80 | 0x00000030 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.56 | None |
| RT_GROUP_ICON | 0x0005c6a8 | 0x00000030 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.56 | None |
| RT_GROUP_ICON | 0x00071648 | 0x0000005a | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.82 | None |
| RT_GROUP_ICON | 0x000628c0 | 0x00000084 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.04 | None |
| RT_GROUP_ICON | 0x00065078 | 0x0000005a | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.82 | None |
| RT_GROUP_ICON | 0x00067808 | 0x0000005a | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.82 | None |
| RT_GROUP_ICON | 0x00069f98 | 0x0000005a | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.82 | None |
| RT_GROUP_ICON | 0x0006c728 | 0x0000005a | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.82 | None |
| RT_GROUP_ICON | 0x000732e0 | 0x00000030 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.59 | None |
| RT_GROUP_ICON | 0x00074f48 | 0x00000030 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.59 | None |
| RT_GROUP_ICON | 0x0007f2b0 | 0x00000092 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.04 | None |
| RT_VERSION | 0x000c8e68 | 0x000005c4 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.45 | None |
| RT_MANIFEST | 0x0000e960 | 0x000007c9 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.91 | None |
Imports
| Name | Address |
|---|---|
| GetWindowThreadProcessId | 0x1400062f0 |
| AllowSetForegroundWindow | 0x1400062f8 |
| SetProcessDpiAwarenessContext | 0x140006300 |
| FindWindowExW | 0x140006308 |
| SendMessageTimeoutW | 0x140006310 |
| IsWindowVisible | 0x140006318 |
| SetUserObjectInformationW | 0x140006320 |
| IsWindowEnabled | 0x140006328 |
| Name | Address |
|---|---|
| exit | 0x1400063e8 |
| _exit | 0x1400063f0 |
| _cexit | 0x1400063f8 |
| rand_s | 0x140006400 |
| __setusermatherr | 0x140006408 |
| _initterm | 0x140006410 |
| __set_app_type | 0x140006418 |
| _wcmdln | 0x140006420 |
| _fmode | 0x140006428 |
| _commode | 0x140006430 |
| _lock | 0x140006438 |
| _unlock | 0x140006440 |
| __dllonexit | 0x140006448 |
| _onexit | 0x140006450 |
| ?terminate@@YAXXZ | 0x140006458 |
| __wgetmainargs | 0x140006460 |
| _amsg_exit | 0x140006468 |
| _XcptFilter | 0x140006470 |
| free | 0x140006478 |
| wcsncmp | 0x140006480 |
| iswspace | 0x140006488 |
| memcpy_s | 0x140006490 |
| _vsnwprintf | 0x140006498 |
| __C_specific_handler | 0x1400064a0 |
| memset | 0x1400064a8 |
| Name | Address |
|---|---|
| RegGetValueW | 0x140006338 |
| EventUnregister | 0x140006340 |
| EventWriteTransfer | 0x140006348 |
| EventRegister | 0x140006350 |
| Name | Address |
|---|---|
| SetCurrentProcessExplicitAppUserModelID | 0x140006370 |
| Name | Address |
|---|---|
| EventSetInformation | 0x140006150 |
| EventWriteEx | 0x140006158 |
| Name | Address |
|---|---|
| StrStrIW | 0x140006380 |
| Name | Address |
|---|---|
| CoCreateGuid | 0x140006360 |
Usage
Processing ( 11.83 seconds )
- 10.829 ProcessMemory
- 0.919 CAPE
- 0.061 BehaviorAnalysis
- 0.024 AnalysisInfo
- 0.001 Debug
Signatures ( 0.06 seconds )
- 0.008 ransomware_files
- 0.007 antiav_detectreg
- 0.005 antianalysis_detectfile
- 0.005 ransomware_extensions
- 0.003 antiav_detectfile
- 0.003 infostealer_ftp
- 0.003 territorial_disputes_sigs
- 0.003 ursnif_behavior
- 0.002 antianalysis_detectreg
- 0.002 infostealer_bitcoin
- 0.002 infostealer_im
- 0.002 infostealer_mail
- 0.002 poullight_files
- 0.001 bot_drive
- 0.001 antivm_vbox_files
- 0.001 antivm_vbox_keys
- 0.001 antivm_vmware_keys
- 0.001 geodo_banking_trojan
- 0.001 browser_security
- 0.001 disables_backups
- 0.001 disables_browser_warn
- 0.001 disables_power_options
- 0.001 azorult_mutexes
- 0.001 cryptbot_files
- 0.001 echelon_files
- 0.001 masquerade_process_name
- 0.001 revil_mutexes
- 0.001 modirat_behavior
Reporting ( 0.01 seconds )
- 0.012 CAPASummary
- 0.002 JsonDump
Signatures
Checks available memory
A possible heap spray exploit has been detected
The PE file contains a PDB path
pdbpath: iexplore.pdb
SetUnhandledExceptionFilter detected (possible anti-debug)
Possible date expiration check, exits too soon after checking local time
process: iexplore.exe, PID 5128
The binary contains an unknown PE section name indicative of packing
unknown section: {'name': '.didat', 'raw_address': '0x00008000', 'virtual_address': '0x0000b000', 'virtual_size': '0x00000038', 'size_of_data': '0x00000200', 'characteristics': 'IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE', 'characteristics_raw': '0xc0000040', 'entropy': '0.35'}
Yara detections observed in process dumps, payloads or dropped files
Hit: PID 5128 triggered the Yara rule 'shellcode_get_eip' with data '['{ E8 00 00 00 00 59 }']'
Anomalous binary characteristics
anomaly: Entrypoint of binary is located outside of any mapped sections
Screenshots
No screenshots available.Hosts
No hosts contacted.
DNS
No domains contacted.
Summary
\Device\CNG
C:\Users\Packager\AppData\Local\Temp\msIso.dll
C:\Windows\System32\msIso.dll
C:\Windows\System32\kernel.appcore.dll
C:\Windows\system32
C:\Windows
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\Packager\AppData\Local\Temp\IEFRAME.dll
C:\Windows\System32\ieframe.dll
C:\Users\Packager\AppData\Local\Temp\NETAPI32.dll
C:\Windows\System32\netapi32.dll
C:\Users\Packager\AppData\Local\Temp\VERSION.dll
C:\Windows\System32\version.dll
C:\Users\Packager\AppData\Local\Temp\USERENV.dll
C:\Windows\System32\userenv.dll
C:\Users\Packager\AppData\Local\Temp\WINHTTP.dll
C:\Windows\System32\winhttp.dll
C:\Users\Packager\AppData\Local\Temp\WKSCLI.DLL
C:\Windows\System32\wkscli.dll
C:\Users\Packager\AppData\Local\Temp\NETUTILS.DLL
C:\Windows\System32\netutils.dll
C:\Users\Packager\AppData\Local\Temp\msIso.dll
C:\Windows\System32\msIso.dll
C:\Windows\System32\kernel.appcore.dll
C:\Windows\system32
C:\Windows
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\Packager\AppData\Local\Temp\IEFRAME.dll
C:\Windows\System32\ieframe.dll
C:\Users\Packager\AppData\Local\Temp\NETAPI32.dll
C:\Windows\System32\netapi32.dll
C:\Users\Packager\AppData\Local\Temp\VERSION.dll
C:\Windows\System32\version.dll
C:\Users\Packager\AppData\Local\Temp\USERENV.dll
C:\Windows\System32\userenv.dll
C:\Users\Packager\AppData\Local\Temp\WINHTTP.dll
C:\Windows\System32\winhttp.dll
C:\Users\Packager\AppData\Local\Temp\WKSCLI.DLL
C:\Windows\System32\wkscli.dll
C:\Users\Packager\AppData\Local\Temp\NETUTILS.DLL
C:\Windows\System32\netutils.dll
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLESAFESEARCHPATH_KB963027
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLESAFESEARCHPATH_KB963027
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Security\RunBinaryControlHostProcessInSeparateAppContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Security\RunBinaryControlHostProcessInSeparateAppContainer
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_LOCAL_MACHINE\Software\Policies
HKEY_CURRENT_USER\Software\Policies
HKEY_CURRENT_USER\Software
HKEY_LOCAL_MACHINE\Software
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Sorting\Ids
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ProtectedModeOffForAllZones
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SYSTEM_DPI_AWARE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SYSTEM_DPI_AWARE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\OperationalData
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Isolation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Isolation64Bit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Isolation64Bit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\AppV
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\WMITelemetry
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\WMITelemetry
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\WMITelemetry
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\WMITelemetry
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\HangRecovery
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\HangRecovery
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Safety\PrivacIE
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Safety\PrivacIE
HKEY_CURRENT_USER
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\StateSeparation\RedirectionMap\Keys
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx\AllowDevelopmentWithoutDevLicense
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock\AllowDevelopmentWithoutDevLicense
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseActivationAuthenticationLevel
HKEY_LOCAL_MACHINE\Software\Classes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F686878F-7B42-4CC4-96FB-F4F3B6E3D24D}
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled
HKEY_LOCAL_MACHINE\Software\Classes\PackagedCom
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\TSEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\TSEnable
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLESAFESEARCHPATH_KB963027
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLESAFESEARCHPATH_KB963027
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Security\RunBinaryControlHostProcessInSeparateAppContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Security\RunBinaryControlHostProcessInSeparateAppContainer
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_LOCAL_MACHINE\Software\Policies
HKEY_CURRENT_USER\Software\Policies
HKEY_CURRENT_USER\Software
HKEY_LOCAL_MACHINE\Software
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Sorting\Ids
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ProtectedModeOffForAllZones
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SYSTEM_DPI_AWARE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SYSTEM_DPI_AWARE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\OperationalData
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Isolation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Isolation64Bit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Isolation64Bit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\AppV
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\WMITelemetry
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\WMITelemetry
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\WMITelemetry
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\WMITelemetry
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\HangRecovery
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\HangRecovery
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Safety\PrivacIE
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Safety\PrivacIE
HKEY_CURRENT_USER
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\StateSeparation\RedirectionMap\Keys
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx\AllowDevelopmentWithoutDevLicense
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock\AllowDevelopmentWithoutDevLicense
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseActivationAuthenticationLevel
HKEY_LOCAL_MACHINE\Software\Classes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F686878F-7B42-4CC4-96FB-F4F3B6E3D24D}
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled
HKEY_LOCAL_MACHINE\Software\Classes\PackagedCom
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\TSEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\TSEnable
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Security\RunBinaryControlHostProcessInSeparateAppContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Security\RunBinaryControlHostProcessInSeparateAppContainer
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ProtectedModeOffForAllZones
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\OperationalData
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Isolation64Bit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Isolation64Bit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\AppV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\HangRecovery
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\HangRecovery
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx\AllowDevelopmentWithoutDevLicense
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock\AllowDevelopmentWithoutDevLicense
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseActivationAuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\TSEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\TSEnable
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Security\RunBinaryControlHostProcessInSeparateAppContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Security\RunBinaryControlHostProcessInSeparateAppContainer
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ProtectedModeOffForAllZones
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\OperationalData
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Isolation64Bit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Isolation64Bit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\AppV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\HangRecovery
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\HangRecovery
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx\AllowDevelopmentWithoutDevLicense
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock\AllowDevelopmentWithoutDevLicense
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseActivationAuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\TSEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\TSEnable
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\OperationalData
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Isolation
Local\SM0:5128:304:WilStaging_02
Sorry! No behavior.
Sorry! No strace.
Sorry! No tracee.
No hosts contacted.
No TCP connections recorded.
No UDP connections recorded.
No domains contacted.
HTTP Requests
No HTTP(s) requests performed.
SMTP traffic
No SMTP traffic performed.
IRC traffic
No IRC requests performed.
No ICMP traffic performed.
CIF Results
No CIF Results
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Suricata HTTP
No Suricata HTTP
Sorry! No Suricata Extracted files.
Sorry! No dropped files.
Sorry! No process dumps.
Sorry! No process dumps.