URL Details

URL
http://yjnsyjulbvpo.com/

Score

This url shows some signs of potential malicious behavior.

The score of this url is 1.8 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Information on Execution

Analysis
Compare analysis to ... Export analysis Reboot analysis

Category Started Completed Duration Logs
URL Jan. 20, 2019, 2:45 p.m. Jan. 20, 2019, 2:49 p.m. 256 seconds

Machine

Name Label Started On Shutdown On
winxpsp3x86 winxpsp3x86 2019-01-20 14:45:36 2019-01-20 14:49:52

Analyzer Log

2019-01-20 22:45:35,000 [analyzer] DEBUG: Starting analyzer from: C:\wmnfl
2019-01-20 22:45:35,062 [analyzer] DEBUG: Pipe server name: \\.\PIPE\JdMnIsVwoPHdhscrDnNxRrLOb
2019-01-20 22:45:35,062 [analyzer] DEBUG: Log pipe server name: \\.\PIPE\bcWUdBbdpDesNOCyZ
2019-01-20 22:45:37,625 [analyzer] DEBUG: Started auxiliary module Disguise
2019-01-20 22:45:37,765 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x4802a12c)
2019-01-20 22:45:37,765 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x4802a12c)
2019-01-20 22:45:37,828 [analyzer] DEBUG: Loaded monitor into process with pid 700
2019-01-20 22:45:37,828 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2019-01-20 22:45:37,828 [analyzer] DEBUG: Started auxiliary module Human
2019-01-20 22:45:37,828 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2019-01-20 22:45:37,828 [analyzer] DEBUG: Started auxiliary module Reboot
2019-01-20 22:45:38,062 [analyzer] DEBUG: Started auxiliary module RecentFiles
2019-01-20 22:45:38,062 [analyzer] DEBUG: Started auxiliary module Screenshots
2019-01-20 22:45:38,233 [lib.api.process] INFO: Successfully executed process from path 'C:\\WINDOWS\\System32\\cmd.exe' with arguments ['/c', 'start', '/wait', '"LjsoIkmjLHOgdY"', 'http://yjnsyjulbvpo.com/'] and pid 1492
2019-01-20 22:45:38,405 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x4802a12c)
2019-01-20 22:45:38,405 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x4802a12c)
2019-01-20 22:45:38,515 [analyzer] DEBUG: Loaded monitor into process with pid 1492
2019-01-20 22:45:38,858 [analyzer] INFO: Injected into process with pid 1728 and name u'firefox.exe'
2019-01-20 22:45:38,953 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x4802a12c)
2019-01-20 22:45:38,953 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x4802a12c)
2019-01-20 22:45:39,046 [analyzer] DEBUG: Loaded monitor into process with pid 1728
2019-01-20 22:45:39,437 [analyzer] INFO: Added new file to list with pid 1728 and path C:\Documents and Settings\zamen\Application Data\Mozilla\Firefox\Crash Reports\UserID
2019-01-20 22:45:39,437 [analyzer] INFO: Added new file to list with pid 1728 and path C:\Documents and Settings\zamen\Application Data\Mozilla\Firefox\Crash Reports\InstallTime2008052906
2019-01-20 22:45:39,640 [analyzer] INFO: Added new file to list with pid 1728 and path C:\Program Files\Mozilla Firefox\components\xpti.dat.tmp
2019-01-20 22:45:40,687 [analyzer] DEBUG: Received request to inject pid=1728, but we are already injected there.
2019-01-20 22:45:41,171 [analyzer] INFO: Added new file to list with pid 1728 and path C:\Program Files\Mozilla Firefox\components\compreg.dat.tmp
2019-01-20 22:45:42,467 [analyzer] INFO: Added new file to list with pid 1728 and path C:\Documents and Settings\zamen\Application Data\Mozilla\Firefox\profiles.ini
2019-01-20 22:45:42,546 [analyzer] INFO: Injected into process with pid 1996 and name u'firefox.exe'
2019-01-20 22:45:42,655 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x4802a12c)
2019-01-20 22:45:42,655 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x4802a12c)
2019-01-20 22:45:42,750 [analyzer] DEBUG: Loaded monitor into process with pid 1996
2019-01-20 22:45:42,983 [analyzer] INFO: Added new file to list with pid 1996 and path C:\Documents and Settings\zamen\Application Data\Mozilla\Firefox\Profiles\dvnj3pro.default\compatibility.ini
2019-01-20 22:45:43,062 [analyzer] INFO: Added new file to list with pid 1996 and path C:\Documents and Settings\zamen\Application Data\Mozilla\Firefox\Profiles\dvnj3pro.default\xpti.dat.tmp
2019-01-20 22:45:43,203 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:45:44,921 [analyzer] DEBUG: Received request to inject pid=1996, but we are already injected there.
2019-01-20 22:45:44,953 [analyzer] INFO: Added new file to list with pid 1996 and path C:\Documents and Settings\zamen\Local Settings\Application Data\Mozilla\Firefox\Profiles\dvnj3pro.default\XPC.mfl
2019-01-20 22:45:45,265 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:45:45,358 [analyzer] INFO: Added new file to list with pid 1996 and path C:\Documents and Settings\zamen\Application Data\Mozilla\Firefox\Profiles\dvnj3pro.default\compreg.dat.tmp
2019-01-20 22:45:46,483 [lib.api.process] INFO: Memory dump of process with pid 1728 completed
2019-01-20 22:45:47,250 [analyzer] INFO: Process with pid 1728 has terminated
2019-01-20 22:45:47,405 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:45:49,467 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:45:49,640 [analyzer] INFO: Added new file to list with pid 1996 and path C:\Documents and Settings\zamen\Local Settings\Application Data\Mozilla\Firefox\Profiles\dvnj3pro.default\XUL.mfl
2019-01-20 22:45:51,530 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:45:53,592 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:45:55,655 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:45:57,750 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:45:59,812 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:46:01,875 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:46:03,937 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:46:06,000 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:46:08,062 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:46:10,125 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:46:12,187 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:46:14,250 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:46:16,312 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:46:18,375 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:46:20,437 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:46:22,500 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:46:24,562 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:46:26,625 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:46:28,687 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:46:30,750 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:46:32,812 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:46:34,875 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:46:36,937 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:46:39,030 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:46:41,092 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:46:43,187 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:46:45,250 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:46:47,342 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:46:49,405 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:46:51,500 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:46:53,562 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:46:55,655 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:46:57,717 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:46:59,812 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:47:01,875 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:47:03,967 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:47:06,030 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:47:08,125 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:47:10,187 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:47:12,280 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:47:14,342 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:47:16,437 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:47:18,500 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:47:20,592 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:47:22,655 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:47:24,750 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:47:26,812 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:47:28,905 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:47:30,967 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:47:33,062 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:47:35,125 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:47:37,217 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:47:39,280 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:47:41,375 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:47:43,437 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:47:45,530 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:47:47,592 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:47:49,671 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:47:51,750 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:47:53,828 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:47:55,905 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:47:57,983 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:48:00,062 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:48:02,155 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:48:04,250 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:48:06,342 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:48:08,405 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:48:10,467 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:48:12,578 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:48:14,655 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:48:16,717 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:48:18,796 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:48:20,875 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:48:22,967 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:48:25,046 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:48:27,140 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:48:29,203 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:48:31,265 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:48:33,358 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:48:35,421 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:48:37,515 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:48:39,578 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:48:41,671 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:48:43,733 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:48:45,828 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:48:47,890 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:48:49,983 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:48:52,046 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:48:54,125 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:48:56,203 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:48:58,296 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:49:00,358 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:49:02,453 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:49:04,515 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:49:06,608 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:49:08,671 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:49:10,765 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:49:12,828 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:49:14,921 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:49:16,983 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:49:19,078 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:49:21,140 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:49:23,233 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:49:25,296 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:49:27,390 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:49:29,453 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:49:31,546 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:49:33,608 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:49:35,703 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:49:37,390 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2019-01-20 22:49:37,765 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:49:39,890 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:49:40,375 [lib.api.process] INFO: Memory dump of process with pid 1492 completed
2019-01-20 22:49:42,000 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2019-01-20 22:49:43,796 [lib.api.process] INFO: Memory dump of process with pid 1996 completed
2019-01-20 22:49:43,796 [analyzer] INFO: Terminating remaining processes before shutdown.
2019-01-20 22:49:43,796 [lib.api.process] INFO: Successfully terminated process with pid 1492.
2019-01-20 22:49:43,812 [lib.api.process] INFO: Successfully terminated process with pid 1996.
2019-01-20 22:49:43,828 [analyzer] WARNING: File at path "u'c:\\documents and settings\\zamen\\application data\\mozilla\\firefox\\profiles\\dvnj3pro.default\\xpti.dat.tmp'" does not exist, skip.
2019-01-20 22:49:43,921 [analyzer] WARNING: File at path "u'c:\\documents and settings\\zamen\\application data\\mozilla\\firefox\\profiles\\dvnj3pro.default\\compreg.dat.tmp'" does not exist, skip.
2019-01-20 22:49:43,937 [analyzer] INFO: Analysis completed.

Cuckoo Log

2019-01-20 14:45:36,004 [lib.cuckoo.core.scheduler] INFO: Task #1180: acquired machine winxpsp3x86 (label=winxpsp3x86)
2019-01-20 14:45:36,025 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 5274 (interface=eth2, host=192.168.128.101, pcap=/opt/cuckoo/storage/analyses/1180/dump.pcap)
2019-01-20 14:45:38,899 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=winxpsp3x86, ip=192.168.128.101)
2019-01-20 14:49:51,383 [lib.cuckoo.core.guest] INFO: winxpsp3x86: analysis completed successfully
2019-01-20 14:53:44,974 [lib.cuckoo.core.plugins] WARNING: The processing module "Suricata" returned the following error: Unable to locate Suricata binary
2019-01-20 14:53:47,107 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f937c19a990>: Failed to establish a new connection: [Errno 111] Connection refused
2019-01-20 14:53:47,108 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f937c19af90>: Failed to establish a new connection: [Errno 111] Connection refused
2019-01-20 14:53:47,109 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f937c19ae10>: Failed to establish a new connection: [Errno 111] Connection refused
2019-01-20 14:53:47,110 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
    response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
    raise six.reraise(type(error), error, _stacktrace)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/lib/python2.7/httplib.py", line 1017, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
    self.endheaders(body)
  File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
    self._send_output(message_body)
  File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
    self.send(msg)
  File "/usr/lib/python2.7/httplib.py", line 826, in send
    self.connect()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f937c19af50>: Failed to establish a new connection: [Errno 111] Connection refused
2019-01-20 14:53:47,110 [lib.cuckoo.core.plugins] ERROR: Failed to run the reporting module "ElasticSearch":
Traceback (most recent call last):
  File "/opt/cuckoo/lib/cuckoo/core/plugins.py", line 533, in process
    current.run(self.results)
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 196, in run
    self.connect()
  File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 79, in connect
    if not self.es.indices.exists_template("cuckoo_template"):
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/utils.py", line 69, in _wrapped
    return func(*args, params=params, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/indices.py", line 491, in exists_template
    name), params=params)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/transport.py", line 327, in perform_request
    status, headers, data = connection.perform_request(method, url, params, body, ignore=ignore, timeout=timeout)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 105, in perform_request
    raise ConnectionError('N/A', str(e), e)
ConnectionError: ConnectionError(<urllib3.connection.HTTPConnection object at 0x7f937c19af50>: Failed to establish a new connection: [Errno 111] Connection refused) caused by: NewConnectionError(<urllib3.connection.HTTPConnection object at 0x7f937c19af50>: Failed to establish a new connection: [Errno 111] Connection refused)

Signatures

Queries for the computername (2 events)
Time & API Arguments Status Return Repeated
Jan. 20, 2019, 9:45 a.m.
GetComputerNameW
computer_name: ZAMEN-E701CCF64
success 1 0
Jan. 20, 2019, 9:45 a.m.
GetComputerNameA
computer_name: ZAMEN-E701CCF64
success 1 0
Tries to locate where the browsers are installed (1 event)
file C:\Program Files\Mozilla Firefox\chrome\classic.manifest
Starts servers listening on {0} (9 events)
Time & API Arguments Status Return Repeated
Jan. 20, 2019, 9:45 a.m.
bind
ip_address: 127.0.0.1
socket: 424
port: 0
success 0 0
Jan. 20, 2019, 9:45 a.m.
listen
socket: 424
backlog: 5
success 0 0
Jan. 20, 2019, 9:45 a.m.
accept
ip_address: 127.0.0.1
socket: 424
port: 1044
success 452 0
Jan. 20, 2019, 9:45 a.m.
bind
ip_address: 127.0.0.1
socket: 428
port: 0
success 0 0
Jan. 20, 2019, 9:45 a.m.
listen
socket: 428
backlog: 5
success 0 0
Jan. 20, 2019, 9:45 a.m.
accept
ip_address: 127.0.0.1
socket: 428
port: 1050
success 452 0
Jan. 20, 2019, 9:45 a.m.
bind
ip_address: 127.0.0.1
socket: 604
port: 0
success 0 0
Jan. 20, 2019, 9:45 a.m.
listen
socket: 604
backlog: 5
success 0 0
Jan. 20, 2019, 9:45 a.m.
accept
ip_address: 127.0.0.1
socket: 604
port: 1056
success 624 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 event)
dead_host 192.158.197.132:3460

Screenshots

Network

DNS

Name Response Post-Analysis Lookup
time.windows.com

Hosts

IP
192.158.197.132

Summary

Process firefox.exe (1728)

  • Opened files

    • C:\Program Files\Mozilla Firefox\components\nsSidebar.js
    • C:\Program Files\Mozilla Firefox\components\aboutRobots.js
    • C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js
    • C:\Program Files\Mozilla Firefox\application.ini
    • C:\Program Files\Mozilla Firefox\defaults\pref\firefox-l10n.js
    • C:\Program Files\Mozilla Firefox\components\nsAddonRepository.js
    • C:\Program Files\Mozilla Firefox\components\nsURLFormatter.js
    • C:\Program Files\Mozilla Firefox\components\nsWebHandlerApp.js
    • C:\Program Files\Mozilla Firefox\components\nsSessionStartup.js
    • C:\Program Files\Mozilla Firefox\components\nsBlocklistService.js
    • C:\Program Files\Mozilla Firefox\components\nsSessionStore.js
    • C:\Program Files\Mozilla Firefox\components\nsHelperAppDlg.js
    • C:\Program Files\Mozilla Firefox\components\nsBrowserContentHandler.js
    • C:\Program Files\Mozilla Firefox\components\nsDownloadManagerUI.js
    • C:\Program Files\Mozilla Firefox\components\nsLoginInfo.js
    • C:\Program Files\Mozilla Firefox\components\browser.xpt
    • C:\Program Files\Mozilla Firefox\components\nsHandlerService.js
    • C:\Program Files\Mozilla Firefox\components\txEXSLTRegExFunctions.js
    • C:\Program Files\Mozilla Firefox\modules\JSON.jsm
    • C:\Program Files\Mozilla Firefox\components\fuelApplication.js
    • C:\Program Files\Mozilla Firefox\modules\ISO8601DateUtils.jsm
    • C:\Program Files\Mozilla Firefox\platform.ini
    • C:\Program Files\Mozilla Firefox\defaults\pref\reporter.js
    • C:\Program Files\Mozilla Firefox\components\nsUrlClassifierLib.js
    • C:\Program Files\Mozilla Firefox\components\nsLoginManager.js
    • C:\Program Files\Mozilla Firefox\components\nsDefaultCLH.js
    • C:\Program Files\Mozilla Firefox\components\jsconsole-clhandler.js
    • C:\Program Files\Mozilla Firefox\components\nsLivemarkService.js
    • C:\Program Files\Mozilla Firefox\components\nsExtensionManager.js
    • C:\Program Files\Mozilla Firefox\modules\XPCOMUtils.jsm
    • C:\Program Files\Mozilla Firefox\greprefs\xpinstall.js
    • C:\Program Files\Mozilla Firefox\components\nsSetDefaultBrowser.js
    • C:\Program Files\Mozilla Firefox\modules\distribution.js
    • C:\Program Files\Mozilla Firefox\components\nsSearchService.js
    • C:\Program Files\Mozilla Firefox\components\nsLoginManagerPrompter.js
    • C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js
    • C:\Program Files\Mozilla Firefox\components\nsPlacesTransactionsService.js
    • C:\Program Files\Mozilla Firefox\components\nsPostUpdateWin.js
    • C:\Program Files\Mozilla Firefox\components\nsProxyAutoConfig.js
    • C:\Program Files\Mozilla Firefox\components\nsSafebrowsingApplication.js
    • C:\Program Files\Mozilla Firefox\components\nsTaggingService.js
    • C:\Program Files\Mozilla Firefox\greprefs\all.js
    • C:\Program Files\Mozilla Firefox\components\WebContentConverter.js
    • C:\Program Files\Mozilla Firefox\components\nsSearchSuggestions.js
    • C:\Program Files\Mozilla Firefox\components\FeedConverter.js
    • C:\Program Files\Mozilla Firefox\components\pluginGlue.js
    • C:\Program Files\Mozilla Firefox\components\nsTryToClose.js
    • C:\Program Files\Mozilla Firefox\components\nsUrlClassifierListManager.js
    • C:\Program Files\Mozilla Firefox\components\nsMicrosummaryService.js
    • C:\Program Files\Mozilla Firefox\components\FeedProcessor.js
    • C:\Program Files\Mozilla Firefox\components\FeedWriter.js
    • C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js
    • C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js
    • C:\Program Files\Mozilla Firefox\components\xpti.dat
    • C:\Program Files\Mozilla Firefox\components\nsUpdateService.js
    • C:\Program Files\Mozilla Firefox\components\storage-Legacy.js
    • C:\Program Files\Mozilla Firefox\components\nsContentPrefService.js
    • C:\Program Files\Mozilla Firefox\components\nsContentDispatchChooser.js
    • C:\Program Files\Mozilla Firefox\components\nsBrowserGlue.js

  • Written files

    • C:\Program Files\Mozilla Firefox\components\xpti.dat.tmp
    • C:\Program Files\Mozilla Firefox\components\compreg.dat.tmp
    • C:\Documents and Settings\zamen\Application Data\Mozilla\Firefox\profiles.ini
    • C:\Documents and Settings\zamen\Application Data\Mozilla\Firefox\Crash Reports\UserID
    • C:\Documents and Settings\zamen\Application Data\Mozilla\Firefox\Crash Reports\InstallTime2008052906

  • Files Read

    • C:\Program Files\Mozilla Firefox\greprefs\xpinstall.js
    • C:\Program Files\Mozilla Firefox\components\browser.xpt
    • C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js
    • C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js
    • C:\Program Files\Mozilla Firefox\components\xpti.dat
    • C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js
    • C:\Program Files\Mozilla Firefox\application.ini
    • C:\Program Files\Mozilla Firefox\defaults\pref\firefox-l10n.js
    • C:\Program Files\Mozilla Firefox\platform.ini
    • C:\Program Files\Mozilla Firefox\defaults\pref\reporter.js
    • C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js
    • C:\Program Files\Mozilla Firefox\greprefs\all.js

Process cmd.exe (1492)

Process firefox.exe (1996)

  • Opened files

    • C:\Program Files\Mozilla Firefox\chrome\classic.manifest
    • C:\Program Files\Mozilla Firefox\components\nsSessionStartup.js
    • C:\Program Files\Mozilla Firefox\components\FeedConverter.js
    • C:\
    • C:\Program Files\Mozilla Firefox\components\fuelApplication.js
    • C:\Documents and Settings\zamen\Local Settings\Application Data\Mozilla\Firefox\Profiles\dvnj3pro.default\XPC.mfl
    • C:\Program Files\Mozilla Firefox\chrome\toolkit.manifest
    • C:\Program Files\Mozilla Firefox\components\nsLoginManager.js
    • C:\Program Files\Mozilla Firefox\components\nsExtensionManager.js
    • C:\Program Files\Mozilla Firefox\components\nsSetDefaultBrowser.js
    • C:\Documents and Settings\zamen\Application Data\Mozilla\Firefox\Crash Reports\UserID
    • C:\Program Files\Mozilla Firefox\components\pluginGlue.js
    • C:\Program Files\Mozilla Firefox\chrome\browser.jar
    • C:\Program Files\Mozilla Firefox\components\nsMicrosummaryService.js
    • C:\Program Files\Mozilla Firefox\components\nsBrowserContentHandler.js
    • C:\WINDOWS\system32\aaaamon.dll
    • C:\Program Files\Mozilla Firefox\components\nsSearchSuggestions.js
    • C:\Program Files\Mozilla Firefox\res\html.css
    • C:\WINDOWS\system32\12520437.cpx
    • C:\Program Files\Mozilla Firefox\components\nsUpdateService.js
    • C:\Documents and Settings\zamen\Local Settings\Application Data\Mozilla\Firefox\Profiles\dvnj3pro.default\XUL.mfl
    • C:\Program Files\Mozilla Firefox\res\forms.css
    • C:\Program Files\Mozilla Firefox\chrome\reporter.manifest
    • C:\Program Files\Mozilla Firefox\res\charsetData.properties
    • C:\Program Files\Mozilla Firefox\components\aboutRobots.js
    • C:\WINDOWS\system32\acledit.dll
    • C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js
    • C:\Program Files\Mozilla Firefox\chrome\en-US.jar
    • C:\Program Files\Mozilla Firefox\components\nsURLFormatter.js
    • C:\Documents and Settings\zamen\Application Data\Mozilla\Firefox\Crash Reports\InstallTime2008052906
    • C:\Program Files\Mozilla Firefox\components\nsHelperAppDlg.js
    • C:\WINDOWS\system32\accwiz.exe
    • C:\Program Files\Mozilla Firefox\chrome\toolkit.jar
    • C:\Documents and Settings\zamen\Application Data\Mozilla\Firefox\profiles.ini
    • C:\Program Files\Mozilla Firefox\components\jsconsole-clhandler.js
    • C:\Program Files\Mozilla Firefox\components\nsLivemarkService.js
    • C:\Program Files\Mozilla Firefox\components\nsLoginManagerPrompter.js
    • C:\Program Files\Mozilla Firefox\components\nsPostUpdateWin.js
    • C:\WINDOWS\system32\snmpapi.dll
    • C:\WINDOWS\system32\12520850.cpx
    • C:\Program Files\Mozilla Firefox\greprefs\all.js
    • C:\WINDOWS\system32\msdtc.exe
    • C:\Program Files\Mozilla Firefox\components\nsTryToClose.js
    • C:\WINDOWS\system32\kbdycc.dll
    • C:\Program Files\Mozilla Firefox\components\nsUrlClassifierListManager.js
    • C:\Program Files\Mozilla Firefox\components\FeedWriter.js
    • C:\Program Files\Mozilla Firefox\components\nsContentDispatchChooser.js
    • C:\WINDOWS\system32\dplay.dll
    • C:\Program Files\Mozilla Firefox\components\storage-Legacy.js
    • C:\Program Files\Mozilla Firefox\components\nsAddonRepository.js
    • C:\Program Files\Mozilla Firefox\chrome\comm.manifest
    • C:\WINDOWS\system32\aaclient.dll
    • C:\Program Files\Mozilla Firefox\res\ua.css
    • C:\WINDOWS\system32\$winnt$.inf
    • C:\Program Files\Mozilla Firefox\components\nsLoginInfo.js
    • C:\Program Files\Mozilla Firefox\components\nsUrlClassifierLib.js
    • C:\Program Files\Mozilla Firefox\components\nsSearchService.js
    • C:\Program Files\Mozilla Firefox\chrome\classic.jar
    • C:\WINDOWS\system32\6to4svc.dll
    • C:\Program Files\Mozilla Firefox\modules\XPCOMUtils.jsm
    • C:\Program Files\Mozilla Firefox\modules\distribution.js
    • C:\WINDOWS\system32\acctres.dll
    • C:\Program Files\Mozilla Firefox\components\nsPlacesTransactionsService.js
    • C:\Program Files\Mozilla Firefox\components\nsSafebrowsingApplication.js
    • C:\Program Files\Mozilla Firefox\components\nsTaggingService.js
    • C:\WINDOWS\system32\zipfldr.dll
    • C:\Program Files\Mozilla Firefox\chrome\pippki.manifest
    • C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js
    • C:\WINDOWS\system32\ntdos404.sys
    • C:\Program Files\Mozilla Firefox\chrome\browser.manifest
    • C:\Program Files\Mozilla Firefox\components\nsBrowserGlue.js
    • C:\Program Files\Mozilla Firefox\chrome\en-US.manifest
    • C:\Program Files\Mozilla Firefox\components\nsSidebar.js
    • C:\Program Files\Mozilla Firefox\application.ini
    • C:\Program Files\Mozilla Firefox\defaults\pref\firefox-l10n.js
    • C:\Program Files\Mozilla Firefox\components\nsBlocklistService.js
    • C:\Program Files\Mozilla Firefox\components\nsSessionStore.js
    • C:\Program Files\Mozilla Firefox\components\nsDownloadManagerUI.js
    • C:\Program Files\Mozilla Firefox\components\browser.xpt
    • C:\WINDOWS\system32\comuid.dll
    • C:\WINDOWS\system32\access.cpl
    • C:\Program Files\Mozilla Firefox\components\nsHandlerService.js
    • C:\Program Files\Mozilla Firefox\components\txEXSLTRegExFunctions.js
    • C:\Program Files\Mozilla Firefox\modules\JSON.jsm
    • C:\Program Files\Mozilla Firefox\modules\ISO8601DateUtils.jsm
    • C:\Program Files\Mozilla Firefox\platform.ini
    • C:\Program Files\Mozilla Firefox\defaults\pref\reporter.js
    • C:\Program Files\Mozilla Firefox\components\nsDefaultCLH.js
    • C:\WINDOWS\system32\acelpdec.ax
    • C:\Program Files\Mozilla Firefox\greprefs\xpinstall.js
    • C:\Documents and Settings\zamen\Application Data\Mozilla\Firefox\Profiles\dvnj3pro.default\xpti.dat
    • C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js
    • C:\Program Files\Mozilla Firefox\components\nsProxyAutoConfig.js
    • C:\Program Files\Mozilla Firefox\components\WebContentConverter.js
    • C:\WINDOWS\system32\ver.dll
    • C:\WINDOWS\system32\icaapi.dll
    • C:\WINDOWS\system32\qutil.dll
    • C:\Program Files\Mozilla Firefox\components\nsWebHandlerApp.js
    • C:\Program Files\Mozilla Firefox\components\FeedProcessor.js
    • C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js
    • C:\Program Files\Mozilla Firefox\res\quirk.css
    • C:\Program Files\Mozilla Firefox\components\nsContentPrefService.js

  • Written files

    • C:\Documents and Settings\zamen\Application Data\Mozilla\Firefox\Profiles\dvnj3pro.default\xpti.dat.tmp
    • C:\Documents and Settings\zamen\Local Settings\Application Data\Mozilla\Firefox\Profiles\dvnj3pro.default\XPC.mfl
    • C:\Documents and Settings\zamen\Application Data\Mozilla\Firefox\Profiles\dvnj3pro.default\compatibility.ini
    • C:\Documents and Settings\zamen\Application Data\Mozilla\Firefox\Profiles\dvnj3pro.default\compreg.dat.tmp
    • C:\Documents and Settings\zamen\Application Data\Mozilla\Firefox\profiles.ini
    • C:\Documents and Settings\zamen\Local Settings\Application Data\Mozilla\Firefox\Profiles\dvnj3pro.default\XUL.mfl

  • Files Read

    • C:\Program Files\Mozilla Firefox\chrome\reporter.manifest
    • C:\WINDOWS\system32\dplay.dll
    • C:\Program Files\Mozilla Firefox\chrome\en-US.manifest
    • C:\Program Files\Mozilla Firefox\res\charsetData.properties
    • C:\Program Files\Mozilla Firefox\chrome\classic.manifest
    • C:\WINDOWS\system32\acledit.dll
    • C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js
    • C:\Program Files\Mozilla Firefox\application.ini
    • C:\Program Files\Mozilla Firefox\defaults\pref\firefox-l10n.js
    • C:\Program Files\Mozilla Firefox\chrome\en-US.jar
    • C:\Program Files\Mozilla Firefox\chrome\comm.manifest
    • C:\Documents and Settings\zamen\Application Data\Mozilla\Firefox\Crash Reports\InstallTime2008052906
    • C:\WINDOWS\system32\kbdycc.dll
    • C:\WINDOWS\system32\aaclient.dll
    • C:\Program Files\Mozilla Firefox\res\ua.css
    • C:\Program Files\Mozilla Firefox\components\browser.xpt
    • C:\WINDOWS\system32\comuid.dll
    • C:\WINDOWS\system32\access.cpl
    • C:\WINDOWS\system32\$winnt$.inf
    • C:\WINDOWS\system32\ntdos404.sys
    • C:\Program Files\Mozilla Firefox\chrome\browser.jar
    • C:\WINDOWS\system32\accwiz.exe
    • C:\Program Files\Mozilla Firefox\chrome\toolkit.manifest
    • C:\Program Files\Mozilla Firefox\chrome\toolkit.jar
    • C:\Program Files\Mozilla Firefox\platform.ini
    • C:\Program Files\Mozilla Firefox\defaults\pref\reporter.js
    • C:\WINDOWS\system32\acctres.dll
    • C:\Documents and Settings\zamen\Application Data\Mozilla\Firefox\profiles.ini
    • C:\Program Files\Mozilla Firefox\chrome\classic.jar
    • C:\Program Files\Mozilla Firefox\res\html.css
    • C:\WINDOWS\system32\6to4svc.dll
    • C:\Program Files\Mozilla Firefox\greprefs\xpinstall.js
    • C:\WINDOWS\system32\aaaamon.dll
    • C:\Documents and Settings\zamen\Application Data\Mozilla\Firefox\Profiles\dvnj3pro.default\xpti.dat
    • C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js
    • C:\WINDOWS\system32\msdtc.exe
    • C:\Documents and Settings\zamen\Application Data\Mozilla\Firefox\Crash Reports\UserID
    • C:\WINDOWS\system32\snmpapi.dll
    • C:\WINDOWS\system32\12520850.cpx
    • C:\Program Files\Mozilla Firefox\greprefs\all.js
    • C:\WINDOWS\system32\ver.dll
    • C:\WINDOWS\system32\icaapi.dll
    • C:\WINDOWS\system32\qutil.dll
    • C:\Program Files\Mozilla Firefox\chrome\pippki.manifest
    • C:\Documents and Settings\zamen\Local Settings\Application Data\Mozilla\Firefox\Profiles\dvnj3pro.default\XPC.mfl
    • C:\WINDOWS\system32\acelpdec.ax
    • C:\WINDOWS\system32\zipfldr.dll
    • C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js
    • C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js
    • C:\WINDOWS\system32\12520437.cpx
    • C:\Program Files\Mozilla Firefox\res\quirk.css
    • C:\Program Files\Mozilla Firefox\chrome\browser.manifest
    • C:\Documents and Settings\zamen\Local Settings\Application Data\Mozilla\Firefox\Profiles\dvnj3pro.default\XUL.mfl
    • C:\Program Files\Mozilla Firefox\res\forms.css

Process firefox.exe (1728)

  • Registry keys opened

    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

  • Registry keys read

    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutodial
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\NoNetAutodial
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Process cmd.exe (1492)

  • Registry keys opened

    • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
    • HKEY_CURRENT_USER\Software\Microsoft\Command Processor
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
    • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\12.0\Groove\Development

  • Registry keys read

    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\DelayedExpansion
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\PathCompletionChar
    • HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
    • HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
    • HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
    • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Time Zones\TimeZoneKeyName
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\DefaultColor
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Australia Standard Time\Tzi
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\AutoRun
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\CompletionChar
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Australia Standard Time\Std
    • HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\DisableUNCCheck
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\EnableExtensions
    • HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
    • HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Australia Standard Time\Dlt
    • HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun

Process firefox.exe (1996)

  • Registry keys opened

    • HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions
    • HKEY_CURRENT_USER\Keyboard Layout\Toggle
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces
    • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DnsClient
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HTTP\shell\open\command
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\
    • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LDAP
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
    • HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\LangBarAddIn\
    • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DnsCache\Parameters
    • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSClient
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\LangBarAddIn\
    • HKEY_LOCAL_MACHINE\System\Setup
    • HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions

  • Registry keys read

    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\UseDomainNameDevolution
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ServerPriorityTimeLimit
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Times New Roman CE,238
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Courier New TUR,162
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Arial CE,238
    • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\WaitForNameErrorOnAll
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DnsQuickQueryTimeouts
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DefaultRegistrationRefreshInterval
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\NoNetAutodial
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Arial TUR,162
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegisterWanAdapters
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\AppendToMultiLabelName
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableAdapterDomainName
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegisterPrimaryName
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\EnableAdapterDomainNameRegistration
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Times New Roman CYR,204
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UpdateTopLevelDomainZones
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\FilterClusterIp
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DnsTest
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ScreenUnreachableServers
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MulticastListenLevel
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Arial Greek,161
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Tms Rmn
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\QueryAdapterName
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\PrioritizeRecordData
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutodial
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Courier New CYR,204
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableReverseAddressRegistrations
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MaxCacheTtl
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UpdateSecurityLevel
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Arial Baltic,186
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MaxCachedSockets
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Times New Roman TUR,162
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegistrationEnabled
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegisterAdapterName
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\AdapterTimeoutLimit
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg 2
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HTTP\shell\open\command\(Default)
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Times New Roman Greek,161
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\UpdateSecurityLevel
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegistrationMaxAddressCount
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DefaultRegistrationTTL
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Times
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableDynamicUpdate
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Hostname
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Helvetica
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\AllowUnqualifiedQuery
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UpdateZoneExcludeFile
    • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\PrioritizeRecordData
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegistrationTtl
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Helv
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UseHostsFile
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\AllowUnqualifiedQuery
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegistrationRefreshInterval
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Courier New Baltic,186
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DnsQueryTimeouts
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Courier New Greek,161
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\QueryIpMatching
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DnsNbtLookupOrder
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MaxCacheSize
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UseDomainNameDevolution
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UseEdns
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Domain
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ldap\LdapClientIntegrity
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableWanDynamicUpdate
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DnsMulticastQueryTimeouts
    • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ScreenBadTlds
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Courier New CE,238
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegisterReverseLookup
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\MaxNumberOfAddressesToRegister
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Times New Roman Baltic,186
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MulticastSendLevel
    • HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Arial CYR,204
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MaxNegativeCacheTtl

Process firefox.exe (1728)

  • Mutexes accessed

    • Local\FirefoxStartupMutex

Process cmd.exe (1492)

Process firefox.exe (1996)

  • Mutexes accessed

    • MSCTF.Shared.MUTEX.MMG
    • Local\FirefoxStartupMutex

Process firefox.exe (1728)

  • Directories created

    • C:\Documents and Settings
    • C:\Documents and Settings\zamen\Local Settings\Application Data
    • C:\Documents and Settings\zamen\Local Settings\Application Data\Mozilla
    • C:\Documents and Settings\zamen\Application Data\Mozilla\Firefox\Crash Reports
    • C:\Documents and Settings\zamen\Application Data\Mozilla\Firefox
    • C:\Documents and Settings\zamen\Application Data\Mozilla
    • C:\Documents and Settings\zamen\Local Settings\Application Data\Mozilla\Firefox
    • C:\Documents and Settings\zamen\Local Settings
    • C:\Documents and Settings\zamen
    • C:\Documents and Settings\zamen\Application Data

  • Directories enumerated

    • C:\Program Files\Mozilla Firefox\components\*
    • C:\Program Files\Mozilla Firefox\greprefs\*
    • C:\Program Files\Mozilla Firefox\defaults\pref\*
    • C:\Documents and Settings\zamen\Application Data\Firefox\registry.dat
    • C:\Program Files\Mozilla Firefox\plugins\*

Process cmd.exe (1492)

  • Directories enumerated

    • C:\Documents and Settings
    • C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
    • C:\Documents and Settings\zamen\Local Settings\Temp
    • C:\WINDOWS
    • C:\WINDOWS\WinSxS
    • C:\Documents and Settings\zamen\Local Settings
    • C:\Documents and Settings\zamen
    • C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

Process firefox.exe (1996)

  • Directories created

    • C:\Documents and Settings
    • C:\Documents and Settings\zamen\Local Settings\Application Data
    • C:\Documents and Settings\zamen\Application Data\Mozilla\Firefox\Profiles\dvnj3pro.default
    • C:\Documents and Settings\zamen\Application Data\Mozilla\Firefox\Profiles\dvnj3pro.default\chrome
    • C:\Documents and Settings\zamen\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
    • C:\Documents and Settings\zamen\Local Settings\Application Data\Mozilla
    • C:\Documents and Settings\zamen\Local Settings\Application Data\Mozilla\Firefox\Profiles\dvnj3pro.default
    • C:\Documents and Settings\zamen\Application Data\Mozilla\Firefox
    • C:\Documents and Settings\zamen\Application Data\Mozilla
    • C:\Documents and Settings\zamen\Local Settings\Application Data\Mozilla\Firefox
    • C:\Documents and Settings\zamen\Application Data\Mozilla\Extensions
    • C:\Documents and Settings\zamen\Application Data\Mozilla\Firefox\Profiles\dvnj3pro.default\extensions
    • C:\Documents and Settings\zamen\Application Data\Mozilla\Firefox\Profiles
    • C:\Documents and Settings\zamen\Local Settings\Application Data\Mozilla\Firefox\Profiles
    • C:\Documents and Settings\zamen\Local Settings
    • C:\Documents and Settings\zamen
    • C:\Documents and Settings\zamen\Application Data\Mozilla\Firefox\Profiles\dvnj3pro.default\minidumps
    • C:\Documents and Settings\zamen\Application Data

  • Directories enumerated

    • C:\WINDOWS\system32\1054
    • C:\WINDOWS\system32\dplay.dll
    • C:\Program Files\Mozilla Firefox\plugins\*
    • C:\Program Files\Mozilla Firefox\greprefs\*
    • C:\WINDOWS\system32\1037
    • C:\WINDOWS\system32\aaaamon.dll
    • C:\WINDOWS\system32\msdtc.exe
    • C:\WINDOWS\system32\1033
    • C:\WINDOWS\system32\1031
    • C:\WINDOWS\system32\aaclient.dll
    • C:\Program Files\Mozilla Firefox\defaults\profile\*
    • C:\Program Files\Mozilla Firefox\defaults\profile\chrome\*
    • C:\WINDOWS\system32\access.cpl
    • C:\WINDOWS\system32\2052
    • C:\WINDOWS\system32\$winnt$.inf
    • C:\WINDOWS\system32\ntdos404.sys
    • C:\Program Files\Mozilla Firefox\defaults\pref\*
    • C:\WINDOWS\system32\accwiz.exe
    • C:\Program Files\Mozilla Firefox\chrome\*
    • C:\WINDOWS\system32\3076
    • C:\WINDOWS
    • C:\WINDOWS\system32\acledit.dll
    • C:\WINDOWS\system32\3com_dmi
    • C:\WINDOWS\system32\acelpdec.ax
    • C:\WINDOWS\system32\6to4svc.dll
    • C:\WINDOWS\system32
    • C:\WINDOWS\system32\1025
    • C:\WINDOWS\system32\1042
    • C:\WINDOWS\system32\1041
    • C:\WINDOWS\system32\acctres.dll
    • C:\WINDOWS\system32\1028
    • C:\WINDOWS\system32\snmpapi.dll
    • C:\WINDOWS\system32\12520850.cpx
    • C:\WINDOWS\system32\comuid.dll
    • C:\WINDOWS\system32\ver.dll
    • C:\WINDOWS\system32\icaapi.dll
    • C:\Program Files\Mozilla Firefox\components\*
    • C:\WINDOWS\system32\qutil.dll
    • C:\WINDOWS\system32\kbdycc.dll
    • C:\WINDOWS\system32\zipfldr.dll
    • C:\WINDOWS\system32\*.*
    • C:\WINDOWS\system32\12520437.cpx
    • C:\WINDOWS\nsreg.dat

Process firefox.exe (1728)

  • Processes created

    • "C:\Program Files\Mozilla Firefox\firefox.exe" "-requestPending" "-osint" "-url" "http://yjnsyjulbvpo.com/"

  • DLLs Loaded

    • dbghelp.dll
    • C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
    • iphlpapi.dll
    • C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
    • Shell32.dll
    • rpcrt4.dll

Process cmd.exe (1492)

  • Processes created

    • "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "http://yjnsyjulbvpo.com/"

  • DLLs Loaded

    • SHELL32.dll
    • Kernel32.DLL
    • UXTHEME.DLL
    • oleaut32.dll
    • ADVAPI32.dll
    • MSImg32.dll
    • user32.dll
    • Comctl32.dll

Process firefox.exe (1996)

  • DLLs Loaded

    • dbghelp.dll
    • C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
    • C:\Program Files\Mozilla Firefox\freebl3.dll
    • iphlpapi.dll
    • C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
    • DNSAPI.dll
    • advapi32.dll
    • uxtheme.dll
    • OLE32
    • msimg32
    • C:\WINDOWS\System32\mswsock.dll
    • Shell32.dll
    • rpcrt4.dll
    • OLE32.DLL
    • C:\WINDOWS\System32\winrnr.dll
    • C:\Program Files\Mozilla Firefox\nssckbi.dll
    • C:\Program Files\Mozilla Firefox\softokn3.dll
No static analysis available.
No antivirus signatures available.

Process Tree

cmd.exe, PID: 1492, Parent PID: 1456

default registry file network process services synchronisation iexplore office pdf

firefox.exe, PID: 1728, Parent PID: 1492

default registry file network process services synchronisation iexplore office pdf

firefox.exe, PID: 1996, Parent PID: 1728

default registry file network process services synchronisation iexplore office pdf

Deprecation note: While processing this analysis you did not have the httpreplay Python library installed. Installing this library (i.e., pip install httpreplay) will allow Cuckoo to do more proper PCAP analysis including but not limited to showing full HTTP and HTTPS (!) requests and responses. It is recommended that you install this library and possibly reprocess any interesting analysis tasks.

DNS

Name Response Post-Analysis Lookup
time.windows.com

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.128.101 1025 192.168.128.111 53
192.168.128.101 137 192.168.128.255 137
192.168.128.101 138 192.168.128.255 138
192.168.128.101 1037 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Name 49480b1dceb1467b_compreg.dat
Download Submit file
Filepath c:\program files\mozilla firefox\components\compreg.dat
Size 139.3KB
Processes 1728 (firefox.exe)
Type ASCII text
MD5 2e8de2e5c2f36010c70c6a4a47b4d72d
SHA1 08b82460f59e79bf55b5e41d2c1138821e664947
SHA256 49480b1dceb1467b87c829762d0f2c81e67932da51c771ac1b22d3f084af6719
CRC32 9B0DF1E2
ssdeep 3072:o47eS5VbguPWp2PuoHUzmUiHGZTj26cONiBahlVZeE:x7MmWNjvV9
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name bbff096f00cd6b60_installtime2008052906
Download Submit file
Filepath C:\Documents and Settings\zamen\Application Data\Mozilla\Firefox\Crash Reports\InstallTime2008052906
Size 10.0B
Processes 1728 (firefox.exe)
Type ASCII text, with no line terminators
MD5 feb0a62bfe5190a505979950c58ba57a
SHA1 60dc0166947b2d32a80d4ede608851fac2945f30
SHA256 bbff096f00cd6b60def770166c5b6cf14927506800dba0df1d4b9bccd4589f8d
CRC32 0E32BD1B
ssdeep 3:JGz:sz
Yara None matched
VirusTotal Search for analysis
Name 922947a67d0550f5_userid
Download Submit file
Filepath C:\Documents and Settings\zamen\Application Data\Mozilla\Firefox\Crash Reports\UserID
Size 36.0B
Processes 1728 (firefox.exe)
Type ASCII text, with no line terminators
MD5 55ba6d7d894b4f4d22046b38b28c8a84
SHA1 7dca413b9be180a6cd38c46a4a7b561ec8b94fce
SHA256 922947a67d0550f5ca45fd03f77ff2c3f30f1cdb69ea54db7c48d6ddcd4236ab
CRC32 923CA02F
ssdeep 3:zVz2Ic9ASIuEUn:zVz2j9ASIu9
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name e86b118de4857b52_profiles.ini
Download Submit file
Filepath C:\Documents and Settings\zamen\Application Data\Mozilla\Firefox\profiles.ini
Size 111.0B
Processes 1728 (firefox.exe) 1996 (firefox.exe)
Type ASCII text, with CRLF line terminators
MD5 3c91867cdd51119f2f59bc93c853ebc0
SHA1 d479ac977708eb30269c90dc2d7c835e11a8ed4f
SHA256 e86b118de4857b52eeb2288550815b7fcaa4222cbed53e61d1270af64f729e7b
CRC32 EAADE76F
ssdeep 3:1EmuRzTIIXov++IN4EI89fyHAKMj+uI8Xfyyn:1ETgv3IG8uAKMdI8XD
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 2bdd80bf77860c97_xpti.dat
Download Submit file
Filepath c:\program files\mozilla firefox\components\xpti.dat
Size 93.7KB
Processes 1728 (firefox.exe)
Type ASCII text
MD5 21ea86340d5037257b5eec0ae6b79c3f
SHA1 ce6952256f12146b5242c4b12d7eb0443ae94c91
SHA256 2bdd80bf77860c97c2aeb97c78075d0d449e0c8a9e975c0c1a650fb1ef1687b7
CRC32 48093FBC
ssdeep 1536:XrZ4orMucoti+EeYRgO8sdvqs030yhLu9+trwrdQdlAz0BJX4kIPIxok3p:XrZ4orMuccxYRgObCs0kyhLugt+dQdln
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 103acd070b56360c_xpc.mfl
Download Submit file
Filepath C:\Documents and Settings\zamen\Local Settings\Application Data\Mozilla\Firefox\Profiles\dvnj3pro.default\XPC.mfl
Size 1.8MB
Processes 1996 (firefox.exe)
Type Mozilla XUL fastload data
MD5 6cb02890ac239e0e6cb55a4275b57093
SHA1 e54f745721fafd122abc37482199185b06789bd5
SHA256 103acd070b56360c3f5d788ce8a3d7d2b48e55aa7aa921b64380531e449d891e
CRC32 7E86430A
ssdeep 12288:hLh0ne0JGAv3iJnhgycZRwXf5K+Esn76Aaea+3uKZgJGCm0T+FQ6MPGgk4cw+J5+:UifRuLG/9JshvTkq
Yara
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • PEiD_02152_StarForce_V3_X_DLL____StarForce_Copy_Protection_System_ - [StarForce V3.X DLL -> StarForce Copy Protection System]
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name 505e6c3196aeb9b1_compatibility.ini
Download Submit file
Filepath C:\Documents and Settings\zamen\Application Data\Mozilla\Firefox\Profiles\dvnj3pro.default\compatibility.ini
Size 177.0B
Processes 1996 (firefox.exe)
Type ASCII text, with CRLF line terminators
MD5 59bd03f23354b0173407878ac9fef4f2
SHA1 dfe4384b7f086070af24abec45c3df0fb0e8e7f0
SHA256 505e6c3196aeb9b1e73bd21e0634660793f9ca39a8138c586441185ec0a81777
CRC32 DFA788D9
ssdeep 3:tZAQW2V36TVADj2NEhWT/P4WX1rDZjrEFwHQ3ZjrEFw6:VKTVADimqN1rDVEFycVEFf
Yara
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Name f15b0b996c57fdea_xul.mfl
Download Submit file
Filepath C:\Documents and Settings\zamen\Local Settings\Application Data\Mozilla\Firefox\Profiles\dvnj3pro.default\XUL.mfl
Size 29.0KB
Processes 1996 (firefox.exe)
Type Mozilla XUL fastload data
MD5 4df725f7c12960a0c736952d93660c21
SHA1 f033084294c7986c0e56fc033faf051cfb742c65
SHA256 f15b0b996c57fdea97d345fd1cddceeffa15759573f1e73404cbdc835dd06283
CRC32 1BC0942A
ssdeep 768:RXcMalINlt7B15tyP/PaiSKTtXBMQPnNRO1KVs2vjQRWEL:RXc7INlt7B15tyniiSKTtXBMQlRO1KVW
Yara
  • PEiD_01686_Petite_v2_2____www_un4seen_com_petite_ - [Petite v2.2 -> www.un4seen.com/petite]
  • contentis_base64 - This rule finds for base64 strings
VirusTotal Search for analysis
Sorry! No dropped buffers.
Task ID 1180
Mongo ID 5c44d1d111d30812ab71ec37
Cuckoo release 2.0-dev