Analysis Date2017-11-06 22:27:41
MD5e2ddaf63e644fc6e3789701ae842f4cf
SHA139f47a3c3224eeba1617412870a3f2b3dc5091fc

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 856b32eb77dfd6fb67f21d6543272da5 sha1: 6597c511c2ee72f68f5246460f0683dae16dcade size: 24064
Section.data md5: dc77f8a1e6985a4361c55642680ddb4f sha1: 3d397ee25b2dd83ab741c67375880151cae94ed8 size: 5120
Section.xcpad md5: sha1: size:
Section.idata md5: sha1: size:
Section.reloc md5: sha1: size:
Section.rsrc md5: f71cc29127cd6e163ae11ad8ab76487b sha1: daf50c9a01b75585bf7eee62615ea0d97e8fe6e3 size: 28160
Timestamp
VersionLegalCopyright:
PackagerVersion:
InternalName:
FileVersion:
CompanyName:
Comments:
ProductName:
ProductVersion:
FileDescription:
Packager:
OriginalFilename:
Packer
PEhash
IMPhash7fa974366048f9c551ef45714595665e
AV360 SafeNo Virus
AVAd-AwareNo Virus
AVAlwil (avast)Downloader-VRF [Trj]
AVArcabit (arcavir)No Virus
AVAuthentiumNo Virus
AVAvira (antivir)No Virus
AVBitDefenderNo Virus
AVBullGuardNo Virus
AVCA (E-Trust Ino)No Virus
AVCAT (quickheal)No Virus
AVClamAVNo Virus
AVDr. WebTrojan.DownLoader11.31781
AVEmsisoftNo Virus
AVEset (nod32)NSIS/TrojanDownloader.Chindo.C
AVF-SecureNo Virus
AVFortinetW32/Chindo.B!tr.dldr
AVFrisk (f-prot)No Virus
AVGrisoft (avg)No Virus
AVIkarusNo Virus
AVK7Trojan-Downloader ( 004a98271 )
AVKasperskyTrojan-Downloader.NSIS.Chindo.b
AVMalwareBytesNo Virus
AVMcafeeNo Virus
AVMicroWorld (escan)No Virus
AVMicrosoft Security EssentialsSoftwareBundler:Win32/Chindo
AVNANOTrojan.Nsis.Feasu.djrzxc
AVNANOTrojan.Nsis.Chindo.dflbvf
AVNANOTrojan.Nsis.Dwn.dgyppb
AVPadvishNo Virus
AVRisingNo Virus
AVSUPERAntiSpywareNo Virus
AVSymantecDownloader
AVTrend MicroNo Virus
AVTwisterNo Virus
AVVirusBlokAda (vba32)No Virus
AVWindows DefenderSoftwareBundler:Win32/Chindo
AVZillya!No Virus

Runtime Details:

Screenshot

Process
↳ C:\Users\Admin\AppData\Local\Temp\nsx59F2.tmp\39f47a3c3224eeba1617412870a3f2b3dc5091fc.exe

Creates Mutex
Creates MutexJWBClient
Creates MutexLocal\_!MSFTHISTORY!_
Creates MutexLocal\c:!users!admin!appdata!local!microsoft!windows!temporary internet files!content.ie5!
Creates MutexLocal\c:!users!admin!appdata!roaming!microsoft!windows!cookies!
Creates MutexLocal\c:!users!admin!appdata!local!microsoft!windows!history!history.ie5!
Creates MutexLocal\WininetStartupMutex
Creates MutexLocal\WininetConnectionMutex
Creates MutexLocal\WininetProxyRegistryMutex
Creates MutexRasPbFile
Creates MutexIESQMMUTEX_0_208
Creates MutexLocal\ZonesCounterMutex
Creates MutexLocal\ZoneAttributeCacheCounterMutex
Creates MutexLocal\ZonesCacheCounterMutex
Creates MutexLocal\ZoneAttributeCacheCounterMutex
Creates MutexLocal\ZonesLockedCacheCounterMutex
Creates MutexLocal\!IETld!Mutex
Creates MutexLocal\c:!users!admin!appdata!roaming!microsoft!windows!ietldcache!
Creates MutexLocal\c:!users!admin!appdata!roaming!microsoft!windows!ietldcache!
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000005.db
Creates FileC:\Users\Admin\Desktop\desktop.ini
Creates FileC:\Users\Admin\AppData\Local\Temp\nsn8593.tmp
Creates FileC:\Users\Admin\AppData\Local\Temp\nsx59F2.tmp\39f47a3c3224eeba1617412870a3f2b3dc5091fc.exe
Creates FileC:\Users\Admin\AppData\Local\Temp\nsn8594.tmp
Creates FileC:\Users\Admin\AppData\Local\Temp\nsn8594.tmp\System.dll
Creates FileC:\Users\Admin\AppData\Local\Temp\nsn8594.tmp\Inetc.dll
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
Creates FileC:\Users\Admin\AppData\Local\Temp\nsn8594.tmp\i.rar
Creates FileNsi
Creates FileC:\Users\Admin\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJNI41R5\iplookup[1].htm
Creates FileC:\Users\Admin\AppData\Local\Temp\nsn8594.tmp\nsn8D33.tmp
Creates FileC:\Users\Admin\AppData\Local\Temp\nsn8594.tmp\nsn8D33.tmp
Creates FileC:\Users\Admin\AppData\Local\Temp\nsn8594.tmp\i.rar
Creates FileC:\Users\Admin\AppData\Local\Temp\nsn8594.tmp\nsProcess.dll
Creates FileC:\Users\desktop.ini
Creates FileC:\Program Files (x86)\desktop.ini
Creates FileC:\
Creates FileC:\Users\Admin\AppData\Local\Temp\nsx59F2.tmp\39f47a3c3224eeba1617412870a3f2b3dc5091fc.exe
Creates FileC:\Program Files (x86)\AppleMac\uninst.exe
Creates FileC:\Program Files (x86)\AppleMac\uninst.exe
Creates FileC:\Program Files (x86)\AppleMac\
Creates FileC:\Program Files (x86)\AppleMac\uninst.exe
Creates FileC:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppleMac\uninst.lnk
Creates FileC:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppleMac\uninst.lnk
Creates FileC:\Users\Admin\AppData\Local\Temp\nsn8594.tmp\2.jpg
Creates FileC:\Users\Admin\AppData\Local\Temp\nsn8594.tmp\nsProcess.dll
Creates FileC:\Users\Admin\AppData\Local\Temp\nsn8594.tmp\Inetc.dll
Creates FileBaiduPlayerNetSetup_461.exe
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZU815QXW\BaiduPlayerNetSetup_461[1].htm
Creates FileC:\Users\Admin\AppData\Local\Temp\nsn8594.tmp\Inetc.dll
Creates FileG0630_s_70886.exe
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22HCVP55\70886[1].htm
Creates FileC:\Users\Admin\AppData\Local\Temp\nsn8594.tmp\Inetc.dll
Creates Filesetup_3386.exe
Creates FileC:\Users\Admin\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F2W58M8U\setup_3386[1].htm
Creates File\SystemRoot\AppPatch\sysmain.sdb
Creates FileC:\Windows\SysWOW64\ieframe.dll
Creates FileC:\Windows\SysWOW64\ieframe.dll
Creates FileC:\Windows\SysWOW64\ieframe.dll
Creates FileC:\Program Files (x86)\Internet Explorer\iexplore.exe
Creates FileC:\Users\Admin\Desktop\Intrenet Explorer.lnk
Creates FileC:\Users\Admin\Desktop\Intrenet Explorer.lnk
Creates FileC:\Users\Admin\AppData\Local\Temp\nsn8594.tmp\Inetc.dll
Creates Fileyicir_30863.exe
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZU815QXW\30863[1].htm
Creates FileC:\Users\Admin\AppData\Local\Temp\nsn8594.tmp\Inetc.dll
Creates FileSoHuVA_4.3.0.1-c204900003-ng-nti-s-x.exe
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJNI41R5\SoHuVA_4.3.0.1-c204900003-ng-nti-s-x[1].htm
Creates FileC:\Users\Admin\AppData\Local\Temp\nsn8594.tmp\Inetc.dll
Creates File9377chiyue_Y_mgaz.exe
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22HCVP55\9377chiyue_Y_mgaz[1].htm
Creates FileC:\Users\Admin\AppData\Local\Temp\nsn8594.tmp\Inetc.dll
Creates File2345Explorer_329242_silence.exe
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F2W58M8U\2345Explorer_329242_silence[1].htm
Creates FileC:\Users\Admin\AppData\Local\Temp\nsn8594.tmp\Inetc.dll
Creates Fileins1256858.exe
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZU815QXW\ins1256858[1].htm
Creates FileC:\Users\Admin\AppData\Local\Temp\nsn8594.tmp\Inetc.dll
Creates Filesetup_001.exe
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\IExplore\WWW_OpenURL\ProcessName ➝
iexplore.exe\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\IExplore\WWW_OpenURL\WindowClassName ➝
DDEMLMom\\x00

Process
↳ C:\Windows\SysWOW64\ie4uinit.exe

Creates Mutex
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000005.db
Creates FileC:\Program Files (x86)\desktop.ini
Creates FileC:\Users\Admin\Desktop\desktop.ini
Creates FileC:\Program Files (x86)\Internet Explorer\iexplore.exe
Creates FileC:\Program Files (x86)\Internet Explorer\
Creates FileC:\Program Files (x86)\Internet Explorer\iexplore.exe
Creates FileC:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Creates FileC:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Creates FileC:\Users\desktop.ini
Creates FileC:\Users\Admin\AppData\Roaming\Microsoft\desktop.ini
Creates FileC:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
Creates FileC:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
Creates FileC:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Setup\HaveCreatedQuickLaunchItems ➝
1

Process
↳ C:\Program Files (x86)\Internet Explorer\iexplore.exe

Creates Mutex
Creates MutexLocal\!BrowserEmulation!SharedMemory!Mutex
Creates Mutex
Creates MutexLocal\ZoneAttributeCacheCounterMutex
Creates MutexLocal\ZonesCacheCounterMutex
Creates MutexLocal\ZonesLockedCacheCounterMutex
Creates MutexLocal\ZoneAttributeCacheCounterMutex
Creates MutexRasPbFile
Creates MutexIESQMMUTEX_0_208
Creates MutexConnHashTable<2664>_HashTable_Mutex
Creates MutexLocal\ZonesCounterMutex
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
Creates FileNsi
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\Admin\AppData\Local\Microsoft\
Creates FileC:\Users\Admin\AppData\Local\
Creates FileC:\Users\Admin\AppData\
Creates FileC:\Users\Admin\
Creates FileC:\Users\
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low
Creates FileC:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\
Creates FileC:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\
Creates FileC:\Users\Admin\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Admin\AppData\Roaming\Microsoft\
Creates FileC:\Users\Admin\AppData\Roaming\
Creates FileC:\Users\Admin\AppData\
Creates FileC:\Users\Admin\
Creates FileC:\Users\
Creates FileC:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\History\Low\
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\History\
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\Admin\AppData\Local\Microsoft\
Creates FileC:\Users\Admin\AppData\Local\
Creates FileC:\Users\Admin\AppData\
Creates FileC:\Users\Admin\
Creates FileC:\Users\
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\History\Low
Creates FileC:\Users\Admin\Favorites\
Creates FileC:\Users\Admin\
Creates FileC:\Users\
Creates FileC:\Users\Admin\Favorites
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\Admin\AppData\Local\Microsoft\
Creates FileC:\Users\Admin\AppData\Local\
Creates FileC:\Users\Admin\AppData\
Creates FileC:\Users\Admin\
Creates FileC:\Users\
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized
Creates FileC:\Users\Admin\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\
Creates FileC:\Users\Admin\AppData\Roaming\Microsoft\Windows\PrivacIE\
Creates FileC:\Users\Admin\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Admin\AppData\Roaming\Microsoft\
Creates FileC:\Users\Admin\AppData\Roaming\
Creates FileC:\Users\Admin\AppData\
Creates FileC:\Users\Admin\
Creates FileC:\Users\
Creates FileC:\Users\Admin\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
Creates FileC:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatCache\Low\
Creates FileC:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatCache\
Creates FileC:\Users\Admin\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Admin\AppData\Roaming\Microsoft\
Creates FileC:\Users\Admin\AppData\Roaming\
Creates FileC:\Users\Admin\AppData\
Creates FileC:\Users\Admin\
Creates FileC:\Users\
Creates FileC:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
Creates FileC:\Users\Admin\AppData\Roaming\Microsoft\Windows\IETldCache\Low\
Creates FileC:\Users\Admin\AppData\Roaming\Microsoft\Windows\IETldCache\
Creates FileC:\Users\Admin\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Admin\AppData\Roaming\Microsoft\
Creates FileC:\Users\Admin\AppData\Roaming\
Creates FileC:\Users\Admin\AppData\
Creates FileC:\Users\Admin\
Creates FileC:\Users\
Creates FileC:\Users\Admin\AppData\Roaming\Microsoft\Windows\IETldCache\Low
Creates FileC:\Users\Admin\AppData\Local\Temp\Low\
Creates FileC:\Users\Admin\AppData\Local\Temp\
Creates FileC:\Users\Admin\AppData\Local\
Creates FileC:\Users\Admin\AppData\
Creates FileC:\Users\Admin\
Creates FileC:\Users\
Creates FileC:\Users\Admin\AppData\Local\Temp\Low
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2EE84003-C342-11E7-BF3B-000ACD20E611}.dat
Creates FileC:\Windows\system32\url.dll
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000005.db
Creates FileC:\Users\desktop.ini
Creates FileC:\Users\Admin\Favorites\desktop.ini
Creates FileC:\Users\Admin\Desktop\desktop.ini
Creates FileC:\Users\Admin\Favorites\Links\desktop.ini
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\frameiconcache.dat
Creates FileC:\Users\Admin\Favorites\Links\Web Slice Gallery.url
Creates FileC:\Windows\system32\url.dll
Creates FileC:\Users\Admin\Favorites\Links\Web Slice Gallery.url
Creates FileC:\Users\Admin\Favorites\Links for United States\GobiernoUSA.gov.url
Creates FileC:\Users\Admin\Favorites\Links for United States\USA.gov.url
Creates FileC:\Users\Admin\Favorites\Microsoft Websites\IE Add-on site.url
Creates FileC:\Users\Admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url
Creates FileC:\Users\Admin\Favorites\Microsoft Websites\Microsoft At Home.url
Creates FileC:\Users\Admin\Favorites\Microsoft Websites\Microsoft At Work.url
Creates FileC:\Users\Admin\Favorites\Microsoft Websites\Microsoft Store.url
Creates FileC:\Users\Admin\Favorites\MSN Websites\MSN Autos.url
Creates FileC:\Users\Admin\Favorites\MSN Websites\MSN Entertainment.url
Creates FileC:\Users\Admin\Favorites\MSN Websites\MSN Money.url
Creates FileC:\Users\Admin\Favorites\MSN Websites\MSN Sports.url
Creates FileC:\Users\Admin\Favorites\MSN Websites\MSN.url
Creates FileC:\Users\Admin\Favorites\MSN Websites\MSNBC News.url
Creates FileC:\Users\Admin\Favorites\Windows Live\Get Windows Live.url
Creates FileC:\Users\Admin\Favorites\Windows Live\Windows Live Gallery.url
Creates FileC:\Users\Admin\Favorites\Windows Live\Windows Live Mail.url
Creates FileC:\Users\Admin\Favorites\Windows Live\Windows Live Spaces.url
Creates FileC:\Users\Admin\AppData\Local\Temp\~DF54840EDD3794E360.TMP
Creates FileC:\Windows\system32\url.dll
Creates FileC:\Windows\SysWOW64\ieframe.dll
Creates FileC:\Windows\SysWOW64\stdole2.tlb
Creates FileC:\Windows\System32\msxml3r.dll
RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\UnattendLoaded ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\TLDUpdates ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\SecuritySafe ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2EE84003-C342-11E7-BF3B-000ACD20E611} ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version ➝
6.1.7601.17514\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\SecuritySafe ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch\User Favorites Path ➝
file:///C:\Users\Admin\Favorites\\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope ➝
{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FullScreen ➝
no\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch\ConfiguredScopes ➝
5
RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version ➝
6.1.7601.17514\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\IE8RunOnceLastShown ➝
1

Process
↳ C:\Program Files (x86)\Internet Explorer\iexplore.exe

Creates Mutex
Creates Mutex
Creates MutexLocal\c:!users!admin!appdata!local!microsoft!feeds cache!
Creates MutexLocal\ZoneAttributeCacheCounterMutex
Creates MutexLocal\ZonesCacheCounterMutex
Creates MutexLocal\ZonesLockedCacheCounterMutex
Creates MutexLocal\ZoneAttributeCacheCounterMutex
Creates MutexLocal\ZonesCounterMutex
Creates MutexRasPbFile
Creates MutexIESQMMUTEX_0_208
Creates MutexLocal\!PrivacIE!SharedMemory!Mutex
Creates Mutex_!SHMSFTHISTORY!_
Creates MutexLocal\c:!users!admin!appdata!local!microsoft!windows!history!history.ie5!mshist012017110620171107!
Creates MutexLocal\c:!users!admin!appdata!local!microsoft!windows!history!history.ie5!mshist012017110620171107!
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000005.db
Creates FileC:\Users\desktop.ini
Creates FileC:\Users\Admin\Favorites\desktop.ini
Creates FileC:\Users\Admin\Desktop\desktop.ini
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
Creates FileC:\Windows\SysWOW64\ieframe.dll
Creates FileC:\Windows\SysWOW64\stdole2.tlb
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\index.dat
Creates FileNsi
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22HCVP55\40[1].htm
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22HCVP55\40[1].htm
Creates FileC:\Windows\SysWOW64\ieframe.dll
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017110620171107\index.dat
Creates FileC:\Windows\system32\shell32.dll
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017110620171107\index.dat
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F2W58M8U\favicon[1].htm
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017110620171107\CachePath ➝
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017110620171107\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017110620171107\CachePrefix ➝
:2017110620171107: \\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017110620171107\CacheLimit ➝
8192
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017110620171107\CacheOptions ➝
11
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017110620171107\CachePath ➝
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017110620171107\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017110620171107\CacheRepair ➝
0

Process
↳ C:\39f47a3c3224eeba1617412870a3f2b3dc5091fc.exe

Creates Mutex
Creates MutexJWBClient
Creates MutexLocal\_!MSFTHISTORY!_
Creates MutexLocal\c:!users!admin!appdata!local!microsoft!windows!temporary internet files!content.ie5!
Creates MutexLocal\c:!users!admin!appdata!roaming!microsoft!windows!cookies!
Creates MutexLocal\c:!users!admin!appdata!local!microsoft!windows!history!history.ie5!
Creates MutexLocal\WininetStartupMutex
Creates MutexLocal\WininetConnectionMutex
Creates MutexLocal\WininetProxyRegistryMutex
Creates MutexRasPbFile
Creates MutexIESQMMUTEX_0_208
Creates MutexLocal\ZonesCounterMutex
Creates MutexLocal\ZoneAttributeCacheCounterMutex
Creates MutexLocal\ZonesCacheCounterMutex
Creates MutexLocal\ZoneAttributeCacheCounterMutex
Creates MutexLocal\ZonesLockedCacheCounterMutex
Creates MutexLocal\!IETld!Mutex
Creates MutexLocal\c:!users!admin!appdata!roaming!microsoft!windows!ietldcache!
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000005.db
Creates FileC:\Users\Admin\Desktop\desktop.ini
Creates FileC:\Users\Admin\AppData\Local\Temp\nsx59F1.tmp
Creates FileC:\39f47a3c3224eeba1617412870a3f2b3dc5091fc.exe
Creates FileC:\Users\Admin\AppData\Local\Temp\nsx59F2.tmp
Creates FileC:\Users\Admin\AppData\Local\Temp\nsx59F2.tmp\System.dll
Creates FileC:\Users\Admin\AppData\Local\Temp\nsx59F2.tmp\Inetc.dll
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
Creates FileC:\Users\Admin\AppData\Local\Temp\nsx59F2.tmp\i.rar
Creates FileNsi
Creates FileC:\Users\Admin\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
Creates FileC:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZU815QXW\iplookup[1].htm
Creates FileC:\Users\Admin\AppData\Local\Temp\nsx59F2.tmp\nsz80A5.tmp
Creates FileC:\Users\Admin\AppData\Local\Temp\nsx59F2.tmp\nsz80A5.tmp
Creates FileC:\Users\Admin\AppData\Local\Temp\nsx59F2.tmp\i.rar
Creates FileC:\Users\Admin\AppData\Local\Temp\nsx59F2.tmp\nsProcess.dll
Creates FileC:\Program Files (x86)\desktop.ini
Creates FileC:\
Creates FileC:\39f47a3c3224eeba1617412870a3f2b3dc5091fc.exe
Creates FileC:\desktop.ini
Creates FileC:\Program Files (x86)\AppleMac\uninst.exe
Creates FileC:\Program Files (x86)\AppleMac\uninst.exe
Creates FileC:\Program Files (x86)\AppleMac\
Creates FileC:\Program Files (x86)\AppleMac\uninst.exe
Creates FileC:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppleMac\uninst.lnk
Creates FileC:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppleMac\uninst.lnk
Creates FileC:\Users\desktop.ini
Creates FileC:\
Creates FileC:\39f47a3c3224eeba1617412870a3f2b3dc5091fc.exe
Creates FileC:\Users\Admin\AppData\Local\Temp\nsx59F2.tmp\39f47a3c3224eeba1617412870a3f2b3dc5091fc.exe
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{68F639BA-B26A-4B52-8887-648F63B2587B}_{A0BFB7C8-5F0A-4ED7-AE8E-D02CAA2E4B1C}\WpadDecisionReason ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{68F639BA-B26A-4B52-8887-648F63B2587B}_{A0BFB7C8-5F0A-4ED7-AE8E-D02CAA2E4B1C}\WpadDecision ➝
3
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{68F639BA-B26A-4B52-8887-648F63B2587B}_{A0BFB7C8-5F0A-4ED7-AE8E-D02CAA2E4B1C}\WpadNetworkName ➝
Unidentified network\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork ➝
{68F639BA-B26A-4B52-8887-648F63B2587B}_{A0BFB7C8-5F0A-4ED7-AE8E-D02CAA2E4B1C}\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{68F639BA-B26A-4B52-8887-648F63B2587B}_{A0BFB7C8-5F0A-4ED7-AE8E-D02CAA2E4B1C}\WpadDecisionReason ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{68F639BA-B26A-4B52-8887-648F63B2587B}_{A0BFB7C8-5F0A-4ED7-AE8E-D02CAA2E4B1C}\WpadDecision ➝
0
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{68F639BA-B26A-4B52-8887-648F63B2587B}_{A0BFB7C8-5F0A-4ED7-AE8E-D02CAA2E4B1C}\WpadNetworkName ➝
Unidentified network\\x00

Network Details:


Raw Pcap

Strings
5Xp@
 s495
5`r@
tBj\V
uv9]
t	9]
tDH;
PShr
jHjZ
t=9]
t	j"
PSWV
SQSSSPW
VQSPW
QVPW
SQVPW
SQPh
u_9]
t@;u
t#9]
@_^[
PjdQ
v#Vh;+@
(SV3
Instu`
softuW
NulluN	E
YtS9]
j@Vh
tC+E
t?9E
t39u
tS9u
SUV3
D$4h`
8/u3@
8NCRCu
 /D=t
tMSW
> _?=t
t*Vh
t-SV
D$$Ph,
D$(SPS
SWSh
tT<"u
SPSj0
D$(+D$ SSP
D$0+D$(P
t$0h
_^][
SUVW
_^][
|$$3
UUUUW
D$,H
t$,VW
u49-
t$0h
t$0S
|$$;
5,r@
D$,t
t$ U
_^][
s8j#
5Dr@
5Dr@
u Pj
t+Pj
5Dr@
5Dr@
5,r@
5Dr@
PWhC
SPhQ
t	9E
uv9E
p\Wh
WWhG
WPhP
j [S
SWh
WQhN
5`r@
 u}h
uDSSh
5Dr@
@SVW
=,r@
5Dr@
PPh6
Ph|N@
5`r@
t&jx
SPQh
FFC;]
PPPPPP
th<.u
t^VS
tM9u
9\\t
;:\u
?\\u
^j\PN
Wjd_O
SUVWj
VUh4
PWVU
t[;|$
PPPU
PWVU
_^][
SVW3
@PWSh
$uhh
hHs@
_^[t	P
v"Ph<
Vu-3
HtVHtHH
hDt@
PhDt@
@AO;
} Z3
M 9D
;u v
M 9M
%pr@
%lr@
%hr@
RichEdit
RichEdit20A
RichEd32
RichEd20
.DEFAULT\Control Panel\International
Control Panel\Desktop\ResourceLocale
[Rename]
Software\Microsoft\Windows\CurrentVersion
\Microsoft\Internet Explorer\Quick Launch
MulDiv
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
SetFilePointer
ReadFile
WriteFile
GetPrivateProfileStringA
WritePrivateProfileStringA
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA
lstrcmpA
lstrcmpiA
CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
KERNEL32.dll
EndPaint
DrawTextA
FillRect
GetClientRect
BeginPaint
DefWindowProcA
SendMessageA
InvalidateRect
EnableWindow
GetDC
LoadImageA
SetWindowLongA
GetDlgItem
IsWindow
FindWindowExA
SendMessageTimeoutA
wsprintfA
ShowWindow
SetForegroundWindow
PostQuitMessage
SetWindowTextA
SetTimer
CreateDialogParamA
DestroyWindow
ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
USER32.dll
SelectObject
SetTextColor
SetBkMode
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor
GDI32.dll
SHFileOperationA
ShellExecuteA
SHGetFileInfoA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHELL32.dll
RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
ADVAPI32.dll
ImageList_Destroy
ImageList_AddMasked
ImageList_Create
COMCTL32.dll
CoCreateInstance
OleUninitialize
OleInitialize
CoTaskMemFree
ole32.dll
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VERSION.dll
verifying installer: %d%%
Installer integrity check has failed. Common causes include
incomplete download and damaged media. Contact the
installer's author to obtain a new copy.
More information at:
http://nsis.sf.net/NSIS_Error
Error launching installer
... %d%%
SeShutdownPrivilege
~nsu.tmp
\Temp
NSIS Error
Error writing temporary file. Make sure your temp folder is valid.
.exe
open
%u.%u%s%s
SHGetFolderPathA
SHFOLDER
SHAutoComplete
SHLWAPI
GetUserDefaultUILanguage
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegDeleteKeyExA
ADVAPI32
MoveFileExA
GetDiskFreeSpaceExA
KERNEL32
\*.*
%s=%s
*?|<>/":
""""""
""""""
""""""
""""""
""""""
""""""
$$$$
""""""
*#"!
$$&$&
""""""
)#"!
&&#&&))
""""""
!!!!!!!!"
""""""
""""""
""""""
!"""$
""""""
)$$$
######
))))))
******
X1CC
XXRss
XXRsx
XRRs
zz1111MMM
^zz1111MM
^zz1111M
^zz1111
^zz111
^zz11
^zz1
zzz^
ozR1ML
zR1M
oLLLLL
xxxp
wwwwwwwxp
wwwwp
DDDDDO
DDDDDO
wwwwwwww
wwww
wxtDDOp
tDDOp
wtDDOp
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.46</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency></assembly>