Cuckoo Sandbox

File CC440_Full_Patch.exe

Summary
Download Resubmit sample

Size	204.1MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`bb516048444773c8126a27d53d8d1f86`
SHA1	`646393a8aef32dd75d56badf1762a7eb33d1aa8a`
SHA256	`3da51cf8f00ea03e526125c09e005fdf1de8b19a1e9feebf1118dc5c427511f9`
SHA512	`3996c4e863d76516313a0f1a3e07bc5c61d728918c10263c1ec37acb4087830fbc278c72a82fcfd98f1215fc83b6c4ff251bdd08b9f38b9fcec7bdf4f3864972`
CRC32	`4E16148D`
ssdeep	`None`
PDB Path	C:\CodeBases\isdev\redist\Language Independent\i386\ISP\setup.pdb
Yara	DebuggerCheck__QueryInfo - (no description) ThreadControl__Context - (no description) anti_dbg - Checks if being debugged network_http - Communications over HTTP network_dga - Communication using dga escalate_priv - Escalade priviledges screenshot - Take screenshot win_mutex - Create or check mutex win_registry - Affect system registries win_token - Affect system token

Score

This file shows some signs of potential malicious behavior.

The score of this file is 1.6 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Autosubmit

5160252

5160253

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	Aug. 31, 2024, 6:07 p.m.	Aug. 31, 2024, 6:09 p.m.	147 seconds	internet	Show Analyzer Log Show Cuckoo Log

Analyzer Log

2024-08-31 18:04:42,015 [analyzer] DEBUG: Starting analyzer from: C:\tmp1xmcit
2024-08-31 18:04:42,015 [analyzer] DEBUG: Pipe server name: \??\PIPE\YpLiPngfquQqAuNBpqGDXlqzY
2024-08-31 18:04:42,015 [analyzer] DEBUG: Log pipe server name: \??\PIPE\LMNKqzAqqIqExalv
2024-08-31 18:04:42,233 [analyzer] DEBUG: Started auxiliary module Curtain
2024-08-31 18:04:42,233 [analyzer] DEBUG: Started auxiliary module DbgView
2024-08-31 18:04:42,717 [analyzer] DEBUG: Started auxiliary module Disguise
2024-08-31 18:04:42,905 [analyzer] DEBUG: Loaded monitor into process with pid 508
2024-08-31 18:04:42,905 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2024-08-31 18:04:42,905 [analyzer] DEBUG: Started auxiliary module Human
2024-08-31 18:04:42,905 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2024-08-31 18:04:42,905 [analyzer] DEBUG: Started auxiliary module Reboot
2024-08-31 18:04:42,967 [analyzer] DEBUG: Started auxiliary module RecentFiles
2024-08-31 18:04:42,967 [analyzer] DEBUG: Started auxiliary module Screenshots
2024-08-31 18:04:42,967 [analyzer] DEBUG: Started auxiliary module Sysmon
2024-08-31 18:04:42,967 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2024-08-31 18:04:45,187 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\CC440_Full_Patch.exe' with arguments '' and pid 2880
2024-08-31 18:04:45,375 [analyzer] DEBUG: Loaded monitor into process with pid 2880
2024-08-31 18:04:45,421 [analyzer] INFO: Added new file to list with pid 2880 and path C:\Users\Administrator\AppData\Local\Temp\{59D04536-ECB1-41ED-88FB-C8C7784FB92A}\Disk1\0x0409.ini
2024-08-31 18:04:45,437 [analyzer] INFO: Added new file to list with pid 2880 and path C:\Users\Administrator\AppData\Local\Temp\{59D04536-ECB1-41ED-88FB-C8C7784FB92A}\Disk1\data1.cab
2024-08-31 18:04:45,812 [analyzer] INFO: Added new file to list with pid 2880 and path C:\Users\Administrator\AppData\Local\Temp\{59D04536-ECB1-41ED-88FB-C8C7784FB92A}\Disk1\data1.hdr
2024-08-31 18:04:45,842 [analyzer] INFO: Added new file to list with pid 2880 and path C:\Users\Administrator\AppData\Local\Temp\{59D04536-ECB1-41ED-88FB-C8C7784FB92A}\Disk1\ISSetup.dll
2024-08-31 18:04:46,000 [analyzer] INFO: Added new file to list with pid 2880 and path C:\Users\Administrator\AppData\Local\Temp\{59D04536-ECB1-41ED-88FB-C8C7784FB92A}\Disk1\layout.bin
2024-08-31 18:04:46,000 [analyzer] INFO: Added new file to list with pid 2880 and path C:\Users\Administrator\AppData\Local\Temp\{59D04536-ECB1-41ED-88FB-C8C7784FB92A}\Disk1\setup.exe
2024-08-31 18:04:46,140 [analyzer] INFO: Added new file to list with pid 2880 and path C:\Users\Administrator\AppData\Local\Temp\{59D04536-ECB1-41ED-88FB-C8C7784FB92A}\Disk1\setup.ini
2024-08-31 18:04:46,155 [analyzer] INFO: Added new file to list with pid 2880 and path C:\Users\Administrator\AppData\Local\Temp\{59D04536-ECB1-41ED-88FB-C8C7784FB92A}\setup.ini
2024-08-31 18:04:46,187 [analyzer] INFO: Added new file to list with pid 2880 and path C:\Users\Administrator\AppData\Local\Temp\{59D04536-ECB1-41ED-88FB-C8C7784FB92A}\setup.exe
2024-08-31 18:04:46,500 [analyzer] INFO: Injected into process with pid 788 and name ''
2024-08-31 18:04:46,812 [analyzer] DEBUG: Loaded monitor into process with pid 788
2024-08-31 18:04:46,875 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{59D04536-ECB1-41ED-88FB-C8C7784FB92A}\0x0409.ini
2024-08-31 18:04:46,890 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{59D04536-ECB1-41ED-88FB-C8C7784FB92A}\ISSetup.dll
2024-08-31 18:04:47,592 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\setECCB.tmp
2024-08-31 18:04:47,640 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\ProED49.tmp
2024-08-31 18:04:47,655 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\RemED59.tmp
2024-08-31 18:04:47,671 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\RLGED6A.tmp
2024-08-31 18:04:47,703 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\EndED7B.tmp
2024-08-31 18:04:47,703 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\RLIED8B.tmp
2024-08-31 18:04:47,812 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\DelEDFA.tmp
2024-08-31 18:04:47,828 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\msvEE0A.tmp
2024-08-31 18:04:47,875 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\vcrEE2B.tmp
2024-08-31 18:04:47,890 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\RLSEE3B.tmp
2024-08-31 18:04:48,000 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\DelEEB9.tmp
2024-08-31 18:04:48,015 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\RLPEEBA.tmp
2024-08-31 18:04:48,030 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\PhyEECB.tmp
2024-08-31 18:04:48,030 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\FilEEDB.tmp
2024-08-31 18:04:48,046 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\sheEEEC.tmp
2024-08-31 18:04:48,062 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\FonEEED.tmp
2024-08-31 18:04:48,062 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\DIFEEFE.tmp
2024-08-31 18:04:48,078 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\corEF0E.tmp
2024-08-31 18:04:48,092 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\dotEF0F.tmp
2024-08-31 18:04:48,092 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\dotEF20.tmp
2024-08-31 18:04:48,108 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\ISBEF31.tmp
2024-08-31 18:04:48,125 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\StrEF41.tmp
2024-08-31 18:04:48,155 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\isrEF52.tmp
2024-08-31 18:04:48,187 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\defEF72.tmp
2024-08-31 18:04:48,203 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\_isEF92.tmp
2024-08-31 18:04:48,280 [analyzer] INFO: Added new file to list with pid 788 and path C:\Users\Administrator\AppData\Local\Temp\{96A6060E-0B51-462F-BF52-1415C49D23CB}\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}\_isEFE1.tmp
2024-08-31 17:09:20,871 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2024-08-31 17:09:21,105 [lib.api.process] ERROR: Failed to dump memory of 32-bit process with pid 2880.
2024-08-31 17:09:21,213 [lib.api.process] ERROR: Failed to dump memory of 32-bit process with pid 788.
2024-08-31 17:09:21,480 [analyzer] INFO: Terminating remaining processes before shutdown.
2024-08-31 17:09:21,480 [lib.api.process] INFO: Successfully terminated process with pid 2880.
2024-08-31 17:09:21,480 [lib.api.process] INFO: Successfully terminated process with pid 788.
2024-08-31 17:09:22,010 [analyzer] INFO: Analysis completed.

Cuckoo Log

2024-08-31 18:07:17,628 [cuckoo.core.scheduler] INFO: Task #5160245: acquired machine win7x6414 (label=win7x6414)
2024-08-31 18:07:17,629 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.214 for task #5160245
2024-08-31 18:07:18,331 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 1361307 (interface=vboxnet0, host=192.168.168.214)
2024-08-31 18:08:18,261 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6414
2024-08-31 18:08:19,471 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6414 to vmcloak
2024-08-31 18:08:31,056 [cuckoo.core.guest] INFO: Starting analysis #5160245 on guest (id=win7x6414, ip=192.168.168.214)
2024-08-31 18:08:32,062 [cuckoo.core.guest] DEBUG: win7x6414: not ready yet
2024-08-31 18:08:37,085 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6414, ip=192.168.168.214)
2024-08-31 18:08:37,172 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6414, ip=192.168.168.214, monitor=latest, size=6660546)
2024-08-31 18:08:48,642 [cuckoo.core.resultserver] DEBUG: Task #5160245: live log analysis.log initialized.
2024-08-31 18:08:49,491 [cuckoo.core.resultserver] DEBUG: Task #5160245 is sending a BSON stream
2024-08-31 18:08:50,844 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'shots/0001.jpg'
2024-08-31 18:08:50,900 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 133474
2024-08-31 18:08:51,944 [cuckoo.core.resultserver] DEBUG: Task #5160245 is sending a BSON stream
2024-08-31 18:08:53,381 [cuckoo.core.resultserver] DEBUG: Task #5160245 is sending a BSON stream
2024-08-31 18:08:54,081 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'shots/0002.jpg'
2024-08-31 18:08:54,090 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/e3b0c44298fc1c14_EC4D.tmp'
2024-08-31 18:08:54,097 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 0
2024-08-31 18:08:54,137 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 129971
2024-08-31 18:08:55,251 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'shots/0003.jpg'
2024-08-31 18:08:55,297 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 131570
2024-08-31 18:08:56,431 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'shots/0004.jpg'
2024-08-31 18:08:56,465 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 131731
2024-08-31 18:09:03,146 [cuckoo.core.guest] DEBUG: win7x6414: analysis #5160245 still processing
2024-08-31 18:09:18,231 [cuckoo.core.guest] DEBUG: win7x6414: analysis #5160245 still processing
2024-08-31 18:09:21,352 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'curtain/1725116961.34.curtain.log'
2024-08-31 18:09:21,362 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 36
2024-08-31 18:09:21,475 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'sysmon/1725116961.46.sysmon.xml'
2024-08-31 18:09:21,480 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 125622
2024-08-31 18:09:21,492 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/1f0d8dfbd8b2b9c0_isbew64.exe'
2024-08-31 18:09:21,503 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/13756acb877074ab_setup.ini'
2024-08-31 18:09:21,506 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 182008
2024-08-31 18:09:21,508 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 2426
2024-08-31 18:09:21,514 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/f4d34f1a19685b3b_rlgenuuid.dll'
2024-08-31 18:09:21,517 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 111880
2024-08-31 18:09:21,520 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/8075162db275eb52_default.pal'
2024-08-31 18:09:21,526 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 1168
2024-08-31 18:09:21,527 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/76f1ea07e20c8682_setup.inx'
2024-08-31 18:09:21,533 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/6bc8b89088427859_difxdata.ini'
2024-08-31 18:09:21,535 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 336333
2024-08-31 18:09:21,538 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 84
2024-08-31 18:09:21,540 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/ae32d5bec3b67d26_stringtable_0x0409.ips'
2024-08-31 18:09:21,543 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 68436
2024-08-31 18:09:21,546 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/44ae0f64805658e0_deleteprogram.ini'
2024-08-31 18:09:21,548 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 3585
2024-08-31 18:09:21,558 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/3de4d957ec015242__isuser_0x0409.dll'
2024-08-31 18:09:21,568 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 995328
2024-08-31 18:09:21,573 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/edde33ee0060f6ab_layout.bin'
2024-08-31 18:09:21,575 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 522
2024-08-31 18:09:21,587 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/3c34401c88fbc788_rlinstallertool.dll'
2024-08-31 18:09:21,627 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 1609776
2024-08-31 18:09:21,634 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/4b565ff53ce9c94d_physicpassv2.dll'
2024-08-31 18:09:21,638 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 86792
2024-08-31 18:09:21,642 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/a7e91b042ce33490_fontdata.ini'
2024-08-31 18:09:21,645 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 37
2024-08-31 18:09:21,650 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/f6d7bc8ca6550662_corecomp.ini'
2024-08-31 18:09:21,653 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 65503
2024-08-31 18:09:21,669 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/5c66505e6a91dd9d_setup.exe'
2024-08-31 18:09:21,687 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 1306888
2024-08-31 18:09:21,693 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/8b76df0ffc9a226b_0x0409.ini'
2024-08-31 18:09:21,695 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 22480
2024-08-31 18:09:21,698 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/52fd34835d8126a8_dotnetinstaller.exe'
2024-08-31 18:09:21,700 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 23816
2024-08-31 18:09:21,736 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/06e0b73201e0751c__isres_0x0409.dll'
2024-08-31 18:09:21,773 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 1863024
2024-08-31 18:09:21,780 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/7b5dd50792d07de9_shellex.ini'
2024-08-31 18:09:21,783 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 2954
2024-08-31 18:09:21,809 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/2ec0df10da10d8c1_data1.cab'
2024-08-31 18:09:21,851 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 3193970
2024-08-31 18:09:21,860 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/41754c80b64aa1ed_data1.hdr'
2024-08-31 18:09:21,864 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/44de8d0dc9994bff_vcruntime140.dll'
2024-08-31 18:09:21,867 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 76152
2024-08-31 18:09:21,869 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 152643
2024-08-31 18:09:21,871 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/5bc9a498ffccfc34_deleteprogram_trial2full.ini'
2024-08-31 18:09:21,872 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 109
2024-08-31 18:09:21,876 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/c7e5bdc4b79f7f8c_dotnetinstaller.exe.config'
2024-08-31 18:09:21,878 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 146
2024-08-31 18:09:21,886 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/4190f0a1306257ce_msvcp140.dll'
2024-08-31 18:09:21,892 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 436616
2024-08-31 18:09:21,894 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/124fdf2120a5a872_removecidlist.txt'
2024-08-31 18:09:21,896 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 64
2024-08-31 18:09:21,906 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/932e1155901e3eff_rlsetupvalidate.dll'
2024-08-31 18:09:21,924 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 1598416
2024-08-31 18:09:21,930 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/33bd128de55fdd95_end user license agreement.txt'
2024-08-31 18:09:21,932 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 7727
2024-08-31 18:09:21,943 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/b7c8ec591bb8c61c_issetup.dll'
2024-08-31 18:09:21,978 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 1628424
2024-08-31 18:09:21,984 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/2eaf09e8097478fa_productpasslite.dll'
2024-08-31 18:09:21,987 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 68048
2024-08-31 18:09:21,988 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/eefcb7fb1ce56e30_isrt.dll'
2024-08-31 18:09:21,992 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 432880
2024-08-31 18:09:22,004 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/f10f8e205cd56553_rlprotection.dll'
2024-08-31 18:09:22,006 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 95184
2024-08-31 18:09:22,010 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'files/0484337ab37f4aca_fileassociation.ini'
2024-08-31 18:09:22,012 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 12085
2024-08-31 18:09:22,323 [cuckoo.core.resultserver] DEBUG: Task #5160245: File upload for 'shots/0005.jpg'
2024-08-31 18:09:22,355 [cuckoo.core.resultserver] DEBUG: Task #5160245 uploaded file length: 133476
2024-08-31 18:09:22,373 [cuckoo.core.resultserver] DEBUG: Task #5160245 had connection reset for <Context for LOG>
2024-08-31 18:09:24,257 [cuckoo.core.guest] INFO: win7x6414: analysis completed successfully
2024-08-31 18:09:24,271 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2024-08-31 18:09:24,300 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2024-08-31 18:09:26,415 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6414 to path /srv/cuckoo/cwd/storage/analyses/5160245/memory.dmp
2024-08-31 18:09:26,417 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6414
2024-08-31 18:09:35,652 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.214 for task #5160245
2024-08-31 18:09:35,915 [cuckoo.core.scheduler] DEBUG: Released database task #5160245
2024-08-31 18:09:35,933 [cuckoo.core.scheduler] INFO: Task #5160245: analysis procedure completed

Signatures

Yara rules detected for file (10 events)

description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	ThreadControl__Context
description	Checks if being debugged	rule	anti_dbg
description	Communications over HTTP	rule	network_http
description	Communication using dga	rule	network_dga
description	Escalade priviledges	rule	escalate_priv
description	Take screenshot	rule	screenshot
description	Create or check mutex	rule	win_mutex
description	Affect system registries	rule	win_registry
description	Affect system token	rule	win_token

Allocates read-write-execute memory (usually to unpack itself) (2 events)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Aug. 31, 2024, 7:04 p.m.	process_identifier: 788 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c80000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Aug. 31, 2024, 7:04 p.m.	process_identifier: 788 region_size: 1077248 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x044c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

This executable has a PDB path (1 event)

pdb_path

C:\CodeBases\isdev\redist\Language Independent\i386\ISP\setup.pdb

The file contains an unknown PE resource name possibly indicative of a packer (2 events)

resource name	GIF
resource name	PNG

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Aug. 31, 2024, 7:04 p.m.	stacktrace: LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d939 @ 0x76fcd939 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d7fc @ 0x76fcd7fc LdrLoadDll+0x7b _strcmpi-0x305 ntdll+0x3c558 @ 0x76fcc558 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7297d4cf LoadLibraryExW+0x1f1 LoadLibraryExA-0x37 kernelbase+0x12c95 @ 0x74a32c95 DllGetClassObject+0x1ef27 GetScriptEngine-0x58460 issetup+0x2c685 @ 0x7225c685 DllGetClassObject+0x5fbfb GetScriptEngine-0x1778c issetup+0x6d359 @ 0x7229d359 DllGetClassObject+0x554f1 GetScriptEngine-0x21e96 issetup+0x62c4f @ 0x72292c4f DllGetClassObject+0x5ecd2 GetScriptEngine-0x186b5 issetup+0x6c430 @ 0x7229c430 DllGetClassObject+0x5f86c GetScriptEngine-0x17b1b issetup+0x6cfca @ 0x7229cfca DllGetClassObject+0x5b7c7 GetScriptEngine-0x1bbc0 issetup+0x68f25 @ 0x72298f25 DllGetClassObject+0x28297 GetScriptEngine-0x4f0f0 issetup+0x359f5 @ 0x722659f5 DllGetClassObject+0x2866a GetScriptEngine-0x4ed1d issetup+0x35dc8 @ 0x72265dc8 DllGetClassObject+0x3acec GetScriptEngine-0x3c69b issetup+0x4844a @ 0x7227844a DllGetClassObject+0x3aa5b GetScriptEngine-0x3c92c issetup+0x481b9 @ 0x722781b9 DllGetClassObject+0x13646 GetScriptEngine-0x63d41 issetup+0x20da4 @ 0x72250da4 DllGetClassObject+0xb5e0 GetScriptEngine-0x6bda7 issetup+0x18d3e @ 0x72248d3e setup+0x164fc @ 0x13064fc setup+0x17922 @ 0x1307922 setup+0x1c71a @ 0x130c71a setup+0x20aeb @ 0x1310aeb setup+0x4164d @ 0x133164d BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76a933aa RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x76fc9f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x76fc9f45 exception.instruction_r: 89 08 50 45 43 6f 6d 70 61 63 74 32 00 00 00 00 exception.instruction: mov dword ptr [eax], ecx exception.exception_code: 0xc0000005 exception.symbol: _ComponentViewQueryInfo+0xbed5a isrt+0x10f9f0 exception.address: 0x1010f9f0 registers.esp: 4054660 registers.edi: 4054872 registers.eax: 0 registers.ebp: 4054696 registers.edx: 32 registers.ebx: 1 registers.esi: 4054684 registers.ecx: 4054836	1	0	0

Time & API

Arguments

Status

Return

Repeated

__exception__

Aug. 31, 2024, 7:04 p.m.

stacktrace:

LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d939 @ 0x76fcd939
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d7fc @ 0x76fcd7fc
LdrLoadDll+0x7b _strcmpi-0x305 ntdll+0x3c558 @ 0x76fcc558
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7297d4cf
LoadLibraryExW+0x1f1 LoadLibraryExA-0x37 kernelbase+0x12c95 @ 0x74a32c95
DllGetClassObject+0x1ef27 GetScriptEngine-0x58460 issetup+0x2c685 @ 0x7225c685
DllGetClassObject+0x5fbfb GetScriptEngine-0x1778c issetup+0x6d359 @ 0x7229d359
DllGetClassObject+0x554f1 GetScriptEngine-0x21e96 issetup+0x62c4f @ 0x72292c4f
DllGetClassObject+0x5ecd2 GetScriptEngine-0x186b5 issetup+0x6c430 @ 0x7229c430
DllGetClassObject+0x5f86c GetScriptEngine-0x17b1b issetup+0x6cfca @ 0x7229cfca
DllGetClassObject+0x5b7c7 GetScriptEngine-0x1bbc0 issetup+0x68f25 @ 0x72298f25
DllGetClassObject+0x28297 GetScriptEngine-0x4f0f0 issetup+0x359f5 @ 0x722659f5
DllGetClassObject+0x2866a GetScriptEngine-0x4ed1d issetup+0x35dc8 @ 0x72265dc8
DllGetClassObject+0x3acec GetScriptEngine-0x3c69b issetup+0x4844a @ 0x7227844a
DllGetClassObject+0x3aa5b GetScriptEngine-0x3c92c issetup+0x481b9 @ 0x722781b9
DllGetClassObject+0x13646 GetScriptEngine-0x63d41 issetup+0x20da4 @ 0x72250da4
DllGetClassObject+0xb5e0 GetScriptEngine-0x6bda7 issetup+0x18d3e @ 0x72248d3e
setup+0x164fc @ 0x13064fc
setup+0x17922 @ 0x1307922
setup+0x1c71a @ 0x130c71a
setup+0x20aeb @ 0x1310aeb
setup+0x4164d @ 0x133164d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133aa @ 0x76a933aa
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x76fc9f72
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x76fc9f45

exception.instruction_r: 89 08 50 45 43 6f 6d 70 61 63 74 32 00 00 00 00
exception.instruction: mov dword ptr [eax], ecx
exception.exception_code: 0xc0000005
exception.symbol: _ComponentViewQueryInfo+0xbed5a isrt+0x10f9f0
exception.address: 0x1010f9f0
registers.esp: 4054660
registers.edi: 4054872
registers.eax: 0
registers.ebp: 4054696
registers.edx: 32
registers.ebx: 1
registers.esi: 4054684
registers.ecx: 4054836

Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (13 events)

Time & API	Arguments	Status	Return
GetDiskFreeSpaceW Aug. 31, 2024, 7:04 p.m.	number_of_free_clusters: 60035379 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 67031551	1	1
GetDiskFreeSpaceW Aug. 31, 2024, 7:04 p.m.	number_of_free_clusters: 60035379 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 67031551	1	1
GetDiskFreeSpaceW Aug. 31, 2024, 7:04 p.m.	number_of_free_clusters: 60035379 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 67031551	1	1
GetDiskFreeSpaceW Aug. 31, 2024, 7:04 p.m.	number_of_free_clusters: 60035379 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 67031551	1	1
GetDiskFreeSpaceW Aug. 31, 2024, 7:04 p.m.	number_of_free_clusters: 60035379 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 67031551	1	1
GetDiskFreeSpaceW Aug. 31, 2024, 7:04 p.m.	number_of_free_clusters: 60035379 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 67031551	1	1
GetDiskFreeSpaceW Aug. 31, 2024, 7:04 p.m.	number_of_free_clusters: 60035379 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 67031551	1	1
GetDiskFreeSpaceW Aug. 31, 2024, 7:04 p.m.	number_of_free_clusters: 60035379 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 67031551	1	1
GetDiskFreeSpaceW Aug. 31, 2024, 7:04 p.m.	number_of_free_clusters: 60035379 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 67031551	1	1
GetDiskFreeSpaceW Aug. 31, 2024, 7:04 p.m.	number_of_free_clusters: 60035379 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 67031551	1	1
GetDiskFreeSpaceW Aug. 31, 2024, 7:04 p.m.	number_of_free_clusters: 60035379 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 67031551	1	1
GetDiskFreeSpaceExW Aug. 31, 2024, 7:04 p.m.	total_number_of_free_bytes: 245904912384 free_bytes_available: 245904912384 root_path: C:\ total_number_of_bytes: 274561232896	1	1
GetDiskFreeSpaceW Aug. 31, 2024, 7:04 p.m.	number_of_free_clusters: 60035379 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 67031551	1	1

Creates executable files on the filesystem (4 events)

file	C:\Users\Administrator\AppData\Local\Temp\{59D04536-ECB1-41ED-88FB-C8C7784FB92A}\setup.exe
file	C:\Users\Administrator\AppData\Local\Temp\{59D04536-ECB1-41ED-88FB-C8C7784FB92A}\Disk1\ISSetup.dll
file	C:\Users\Administrator\AppData\Local\Temp\{59D04536-ECB1-41ED-88FB-C8C7784FB92A}\ISSetup.dll
file	C:\Users\Administrator\AppData\Local\Temp\{59D04536-ECB1-41ED-88FB-C8C7784FB92A}\Disk1\setup.exe

Queries for potentially installed applications (50 out of 54 events)

Time & API	Arguments	Status	Return
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ base_handle: 0x80000002 key_handle: 0x00000150 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook base_handle: 0x80000002 key_handle: 0x00000150 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR base_handle: 0x80000002 key_handle: 0x00000150 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager base_handle: 0x80000002 key_handle: 0x00000150 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx base_handle: 0x80000002 key_handle: 0x00000150 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore base_handle: 0x80000002 key_handle: 0x00000150 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40 base_handle: 0x80000002 key_handle: 0x00000150 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data base_handle: 0x80000002 key_handle: 0x00000150 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX base_handle: 0x80000002 key_handle: 0x00000150 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData base_handle: 0x80000002 key_handle: 0x00000150 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack base_handle: 0x80000002 key_handle: 0x00000150 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 41.0.2 (x86 en-US) base_handle: 0x80000002 key_handle: 0x00000150 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 41.0.2 (x86 en-US)	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService base_handle: 0x80000002 key_handle: 0x00000150 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pillow-py2.7 base_handle: 0x80000002 key_handle: 0x00000150 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pillow-py2.7	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent base_handle: 0x80000002 key_handle: 0x00000150 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC base_handle: 0x80000002 key_handle: 0x00000150 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F} base_handle: 0x80000002 key_handle: 0x00000150 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A656C6C-D24A-473F-9747-3A8D00907A03} base_handle: 0x80000002 key_handle: 0x00000150 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A656C6C-D24A-473F-9747-3A8D00907A03}	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89B9E358-75C6-4C6B-BD38-803FF156CC4B} base_handle: 0x80000002 key_handle: 0x00000150 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89B9E358-75C6-4C6B-BD38-803FF156CC4B}	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{904CD3A3-7A9D-4932-8316-95A7A6D2FB4A} base_handle: 0x80000002 key_handle: 0x00000150 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{904CD3A3-7A9D-4932-8316-95A7A6D2FB4A}	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A90000000001} base_handle: 0x80000002 key_handle: 0x00000150 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A90000000001}	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561} base_handle: 0x80000002 key_handle: 0x00000150 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{79AB0C22-B767-4A1B-AFEC-D72A902890B1} base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}		2
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ base_handle: 0x80000002 key_handle: 0x000001a4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook base_handle: 0x80000002 key_handle: 0x000001a4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR base_handle: 0x80000002 key_handle: 0x000001a4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager base_handle: 0x80000002 key_handle: 0x000001a4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx base_handle: 0x80000002 key_handle: 0x000001a4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore base_handle: 0x80000002 key_handle: 0x000001a4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40 base_handle: 0x80000002 key_handle: 0x000001a4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data base_handle: 0x80000002 key_handle: 0x000001a4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX base_handle: 0x80000002 key_handle: 0x000001a4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData base_handle: 0x80000002 key_handle: 0x000001a4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack base_handle: 0x80000002 key_handle: 0x000001a4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 41.0.2 (x86 en-US) base_handle: 0x80000002 key_handle: 0x000001a4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 41.0.2 (x86 en-US)	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService base_handle: 0x80000002 key_handle: 0x000001a4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pillow-py2.7 base_handle: 0x80000002 key_handle: 0x000001a4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pillow-py2.7	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent base_handle: 0x80000002 key_handle: 0x000001a4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC base_handle: 0x80000002 key_handle: 0x000001a4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F} base_handle: 0x80000002 key_handle: 0x000001a4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A656C6C-D24A-473F-9747-3A8D00907A03} base_handle: 0x80000002 key_handle: 0x000001a4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A656C6C-D24A-473F-9747-3A8D00907A03}	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89B9E358-75C6-4C6B-BD38-803FF156CC4B} base_handle: 0x80000002 key_handle: 0x000001a4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89B9E358-75C6-4C6B-BD38-803FF156CC4B}	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{904CD3A3-7A9D-4932-8316-95A7A6D2FB4A} base_handle: 0x80000002 key_handle: 0x000001a4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{904CD3A3-7A9D-4932-8316-95A7A6D2FB4A}	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A90000000001} base_handle: 0x80000002 key_handle: 0x000001a4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A90000000001}	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561} base_handle: 0x80000002 key_handle: 0x000001a4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{79AB0C22-B767-4A1B-AFEC-D72A902890B1} base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}		2
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x000001e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall	1	0
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall		2
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{79AB0C22-B767-4A1B-AFEC-D72A902890B1} base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}		2
RegOpenKeyExW Aug. 31, 2024, 7:04 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{79AB0C22-B767-4A1B-AFEC-D72A902890B1} base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{79AB0C22-B767-4A1B-AFEC-D72A902890B1}		2