Amnpardaz Sandbox - file Analyzer

File Summary
PE Header

Executable : Executable
Architecture : x86 32 bit
File Type : Exe
Size : 56320bytes
Packer Name(s) : None
MD5 : d09456a2166b8d90f8534b6ed80eb5e1

Dos Header
File Header
Import Header

Dos Header

OffSet	Member	Value
0x0	e_magic	0x5A4D
0x2	e_cblp	0x90
0x4	e_cp	0x3
0x6	e_crlc	0x0
0x8	e_cparhdr	0x4
0xA	e_minalloc	0x0
0xC	e_maxalloc	0xFFFF
0xE	e_ss	0x0
0x10	e_sp	0xB8
0x12	e_csum	0x0
0x14	e_ip	0x0
0x16	e_cs	0x0
0x18	e_lfarlc	0x40
0x1A	e_ovno	0x0
0x1C	e_res	0x0
0x24	e_oemid	0x0
0x26	e_oeminfo	0x0
0x28	e_res2	0x0
0x3C	e_lfanew	0xD8
0xD8	Signature	0x4550

File Header

OffSet	Member	Value
0xDC	Machine	0x14C
0xDE	NumberOfSections	0x5
0xE0	TimeDateStamp	0x5023CFB1 [Thu Aug
0xE4	PointerToSymbolTable	0x0
0xE8	NumberOfSymbols	0x0
0xEC	SizeOfOptionalHeader	0xE0
0xEE	Characteristics	0x102

Created Files

Action	Tid	Pid	Details	Time
OpenCreate	1004	992	d82791a7c79d04a.exe Path=\Device\HarddiskVolume1\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3b4a_appcompat.txt -/-FileAttribute: FILE_ATTRIBUTE_NORMAL FILE_SYNCHRONOUS_IO_NONALERT -/-CreateOption FILE_CREATE -/- ShareAccess:AccessDenied for read/write/delete	625
OpenCreate	1092	1044	dwwin.exe Path=\Device\HarddiskVolume1\DOCUME~1\ADMINI~1\LOCALS~1\Temp\23A6F.dmp -/-FileAttribute: FILE_ATTRIBUTE_TEMPORARY FILE_SYNCHRONOUS_IO_NONALERT -/-CreateOption FILE_CREATE -/- ShareAccess:AccessDenied for read/write/delete	1031

Modified Files

Action	Tid	Pid	Details	Time
OpenCreate	1004	992	d82791a7c79d04a.exe Path=\Device\HarddiskVolume1\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3b4a_appcompat.txt -/-FileAttribute: FILE_ATTRIBUTE_NORMAL FILE_SYNCHRONOUS_IO_NONALERT -/-CreateOption FILE_OVERWRITE_IF -/- ShareAccess:AccessDenied for read/write/delete	640
WriteFile	1004	992	d82791a7c79d04a.exe Path=\Device\HarddiskVolume1\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3b4a_appcompat.txt Length:2 ByteOffset:0 STATUS:0x00000000	640
WriteFile	1004	992	d82791a7c79d04a.exe Path=\Device\HarddiskVolume1\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3b4a_appcompat.txt Length:106 ByteOffset:2 STATUS:0x00000000	640
WriteFile	1004	992	d82791a7c79d04a.exe Path=\Device\HarddiskVolume1\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3b4a_appcompat.txt Length:130 ByteOffset:108 STATUS:0x00000000	656
WriteFile	1004	992	d82791a7c79d04a.exe Path=\Device\HarddiskVolume1\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3b4a_appcompat.txt Length:432 ByteOffset:238 STATUS:0x00000000	656
WriteFile	1004	992	d82791a7c79d04a.exe Path=\Device\HarddiskVolume1\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3b4a_appcompat.txt Length:126 ByteOffset:1594 STATUS:0x00000000	718
WriteFile	1092	1044	dwwin.exe Path=\Device\HarddiskVolume1\DOCUME~1\ADMINI~1\LOCALS~1\Temp\23A6F.dmp Length:32 ByteOffset:0 STATUS:0x00000000	1562
WriteFile	1092	1044	dwwin.exe Path=\Device\HarddiskVolume1\DOCUME~1\ADMINI~1\LOCALS~1\Temp\23A6F.dmp Length:4 ByteOffset:2976 STATUS:0x00000000	1562
WriteFile	1092	1044	dwwin.exe Path=\Device\HarddiskVolume1\DOCUME~1\ADMINI~1\LOCALS~1\Temp\23A6F.dmp Length:716 ByteOffset:4604 STATUS:0x00000000	1562
WriteFile	1092	1044	dwwin.exe Path=\Device\HarddiskVolume1\DOCUME~1\ADMINI~1\LOCALS~1\Temp\23A6F.dmp Length:8568 ByteOffset:7703 STATUS:0x00000000	1609
WriteFile	1092	1044	dwwin.exe Path=\Device\HarddiskVolume1\DOCUME~1\ADMINI~1\LOCALS~1\Temp\23A6F.dmp Length:11820 ByteOffset:16927 STATUS:0x00000000	1609

Manipulated Registry Keys

Action	Tid	Pid	Details	Time
DeleteValueKey	1004	992	d82791a7c79d04a.exe Path=\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW ValueName:DWFileTreeRoot KeyHandle:0x000000C4 STATUS:0x00000000	375
SetValueKey	1080	1044	dwwin.exe Path=\REGISTRY\USER\S-1-5-21-117609710-1708537768-839522115-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ValueName:AppData Data:C:\Documents and Settings\Administrator\Application Data KeyHandle:0x000006E8 TitleIndex:0x00000000 Type:0x00000001 DataSize:0x00000072 STATUS:0x00000000	968
SetValueKey	1080	1044	dwwin.exe Path=\REGISTRY\USER\S-1-5-21-117609710-1708537768-839522115-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ValueName:Personal Data:C:\Documents and Settings\Administrator\My Documents KeyHandle:0x000006E4 TitleIndex:0x00000000 Type:0x00000001 DataSize:0x0000006A STATUS:0x00000000	968
SetValueKey	1092	1044	dwwin.exe Path=\REGISTRY\USER\S-1-5-21-117609710-1708537768-839522115-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ValueName:Cache Data:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files KeyHandle:0x00000394 TitleIndex:0x00000000 Type:0x00000001 DataSize:0x000000A0 STATUS:0x00000000	1703
SetValueKey	1092	1044	dwwin.exe Path=\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths ValueName:Directory Data:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 KeyHandle:0x00000390 TitleIndex:0x00000000 Type:0x00000001 DataSize:0x000000B8 STATUS:0x00000000	1703
SetValueKey	1092	1044	dwwin.exe Path=\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths ValueName:Paths Data:(NULL) KeyHandle:0x00000390 TitleIndex:0x00000000 Type:0x00000004 DataSize:0x00000004 STATUS:0x00000000	1703
SetValueKey	1092	1044	dwwin.exe Path=\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1 ValueName:CachePath Data:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache1 KeyHandle:0x0000038C TitleIndex:0x00000000 Type:0x00000001 DataSize:0x000000C6 STATUS:0x00000000	1703
SetValueKey	1092	1044	dwwin.exe Path=\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2 ValueName:CachePath Data:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache2 KeyHandle:0x00000388 TitleIndex:0x00000000 Type:0x00000001 DataSize:0x000000C6 STATUS:0x00000000	1703
SetValueKey	1092	1044	dwwin.exe Path=\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3 ValueName:CachePath Data:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache3 KeyHandle:0x00000384 TitleIndex:0x00000000 Type:0x00000001 DataSize:0x000000C6 STATUS:0x00000000	1703
SetValueKey	1092	1044	dwwin.exe Path=\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4 ValueName:CachePath Data:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache4 KeyHandle:0x00000380 TitleIndex:0x00000000 Type:0x00000001 DataSize:0x000000C6 STATUS:0x00000000	1703
SetValueKey	1092	1044	dwwin.exe Path=\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1 ValueName:CacheLimit Data:(NULL) KeyHandle:0x0000038C TitleIndex:0x00000000 Type:0x00000004 DataSize:0x00000004 STATUS:0x00000000	1718
SetValueKey	1092	1044	dwwin.exe Path=\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2 ValueName:CacheLimit Data:(NULL) KeyHandle:0x00000388 TitleIndex:0x00000000 Type:0x00000004 DataSize:0x00000004 STATUS:0x00000000	1718
SetValueKey	1092	1044	dwwin.exe Path=\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3 ValueName:CacheLimit Data:(NULL) KeyHandle:0x00000384 TitleIndex:0x00000000 Type:0x00000004 DataSize:0x00000004 STATUS:0x00000000	1718
SetValueKey	1092	1044	dwwin.exe Path=\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4 ValueName:CacheLimit Data:(NULL) KeyHandle:0x00000380 TitleIndex:0x00000000 Type:0x00000004 DataSize:0x00000004 STATUS:0x00000000	1718
SetValueKey	1092	1044	dwwin.exe Path=\REGISTRY\USER\S-1-5-21-117609710-1708537768-839522115-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ValueName:Cookies Data:C:\Documents and Settings\Administrator\Cookies KeyHandle:0x00000394 TitleIndex:0x00000000 Type:0x00000001 DataSize:0x00000060 STATUS:0x00000000	1718
SetValueKey	1092	1044	dwwin.exe Path=\REGISTRY\USER\S-1-5-21-117609710-1708537768-839522115-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ValueName:History Data:C:\Documents and Settings\Administrator\Local Settings\History KeyHandle:0x00000394 TitleIndex:0x00000000 Type:0x00000001 DataSize:0x0000007E STATUS:0x00000000	1718
SetValueKey	1092	1044	dwwin.exe Path=\REGISTRY\USER\S-1-5-21-117609710-1708537768-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ValueName:ProxyBypass Data:(NULL) KeyHandle:0x00000364 TitleIndex:0x00000000 Type:0x00000004 DataSize:0x00000004 STATUS:0x00000000	1750
SetValueKey	1092	1044	dwwin.exe Path=\REGISTRY\USER\S-1-5-21-117609710-1708537768-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ValueName:IntranetName Data:(NULL) KeyHandle:0x00000364 TitleIndex:0x00000000 Type:0x00000004 DataSize:0x00000004 STATUS:0x00000000	1750
SetValueKey	1092	1044	dwwin.exe Path=\REGISTRY\USER\S-1-5-21-117609710-1708537768-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ValueName:UNCAsIntranet Data:(NULL) KeyHandle:0x00000364 TitleIndex:0x00000000 Type:0x00000004 DataSize:0x00000004 STATUS:0x00000000	1750
SetValueKey	1092	1044	dwwin.exe Path=\REGISTRY\USER\S-1-5-21-117609710-1708537768-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ValueName:ProxyBypass Data:(NULL) KeyHandle:0x00000364 TitleIndex:0x00000000 Type:0x00000004 DataSize:0x00000004 STATUS:0x00000000	1765
SetValueKey	1092	1044	dwwin.exe Path=\REGISTRY\USER\S-1-5-21-117609710-1708537768-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ValueName:IntranetName Data:(NULL) KeyHandle:0x00000364 TitleIndex:0x00000000 Type:0x00000004 DataSize:0x00000004 STATUS:0x00000000	1765
SetValueKey	1092	1044	dwwin.exe Path=\REGISTRY\USER\S-1-5-21-117609710-1708537768-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ValueName:UNCAsIntranet Data:(NULL) KeyHandle:0x00000364 TitleIndex:0x00000000 Type:0x00000004 DataSize:0x00000004 STATUS:0x00000000	1765
SetValueKey	1092	1044	dwwin.exe Path=\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ValueName:Common AppData Data:C:\Documents and Settings\All Users\Application Data KeyHandle:0x000002CC TitleIndex:0x00000000 Type:0x00000001 DataSize:0x0000006A STATUS:0x00000000	1921
SetValueKey	1092	1044	dwwin.exe Path=\REGISTRY\USER\S-1-5-21-117609710-1708537768-839522115-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ValueName:AppData Data:C:\Documents and Settings\Administrator\Application Data KeyHandle:0x00000278 TitleIndex:0x00000000 Type:0x00000001 DataSize:0x00000072 STATUS:0x00000000	1921
SetValueKey	1092	1044	dwwin.exe Path=\REGISTRY\USER\S-1-5-21-117609710-1708537768-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings ValueName:MigrateProxy Data:(NULL) KeyHandle:0x00000274 TitleIndex:0x00000000 Type:0x00000004 DataSize:0x00000004 STATUS:0x00000000	1921
SetValueKey	1092	1044	dwwin.exe Path=\REGISTRY\USER\S-1-5-21-117609710-1708537768-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings ValueName:ProxyEnable Data:(NULL) KeyHandle:0x00000274 TitleIndex:0x00000000 Type:0x00000004 DataSize:0x00000004 STATUS:0x00000000	1921
DeleteValueKey	1092	1044	dwwin.exe Path=\REGISTRY\USER\S-1-5-21-117609710-1708537768-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings ValueName:ProxyServer KeyHandle:0x00000274 STATUS:0x00000000	1921
DeleteValueKey	1092	1044	dwwin.exe Path=\REGISTRY\USER\S-1-5-21-117609710-1708537768-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings ValueName:ProxyOverride KeyHandle:0x00000274 STATUS:0x00000000	1921
DeleteValueKey	1092	1044	dwwin.exe Path=\REGISTRY\USER\S-1-5-21-117609710-1708537768-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings ValueName:AutoConfigURL KeyHandle:0x00000274 STATUS:0x00000000	1921
SetValueKey	1092	1044	dwwin.exe Path=\REGISTRY\MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings ValueName:ProxyEnable Data:(NULL) KeyHandle:0x00000264 TitleIndex:0x00000000 Type:0x00000004 DataSize:0x00000004 STATUS:0x00000000	1921
SetValueKey	1092	1044	dwwin.exe Path=\REGISTRY\USER\S-1-5-21-117609710-1708537768-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections ValueName:SavedLegacySettings Data:(NULL) KeyHandle:0x00000234 TitleIndex:0x00000000 Type:0x00000003 DataSize:0x00000038 STATUS:0x00000000	1921

All Processes
Malware Processes

All Processes

Process Name	PID	Registry	File	Memory
csrss.exe	620	100	416	66
svchost.exe	852	36	0	0
d82791a7c79d04a.exe	992	0	0	2
fltMc.exe	560	0	0	0
explorer.exe	1428	0	0	0
python.exe	1628	0	0	0
lsass.exe	700	0	0	0
System	4	0	0	0
wuauclt.exe	1820	0	0	0
sqlservr.exe	2000	0	0	0
winlogon.exe	644	0	0	0
dwwin.exe	1044	0	0	0
svchost.exe	932	0	0	0
svchost.exe	1016	0	0	0
lsass.exe	916	0	0	0
spoolsv.exe	1528	0	4	0
services.exe	688	0	0	0

Malware Processes

ProcessIDdest	ProcessNameDest	Action	Source	LinkID	Time
992	d82791a7c79d04a.exe			0	312
1044	dwwin.exe	WriteMemory	d82791a7c79d04a.exe[992]	547	828

Malware Behaviors

Tries to create a thread in another existing process

Action	Time	Pid	Tid	Details
ThreadCreate	828	992	1004	d82791a7c79d04a.exe TargetPid:1044 ThreadId:1080
ThreadCreate	828	992	1004	d82791a7c79d04a.exe TargetPid:1044 ThreadId:1088

Create Mutex

Action	Time	Pid	Tid	Details
CreateMutant	343	992	1004	d82791a7c79d04a.exe Path=Null pid:992 tid:1004 action:NtCreateMutant MutantHandle:0x0012EFA8 DesiredAccess:0x001F0001 ObjectAttributes->ObjectName:(NULL) InitialOwner:0 MutantHandle_before:0x0012EFC8 MutantHandle__out:0x0012EFC8 STATUS:0x00000000
CreateMutant	343	992	1004	d82791a7c79d04a.exe Path=Null pid:992 tid:1004 action:NtCreateMutant MutantHandle:0x0012EFA8 DesiredAccess:0x001F0001 ObjectAttributes->ObjectName:(NULL) InitialOwner:0 MutantHandle_before:0x0012EFC8 MutantHandle__out:0x0012EFC8 STATUS:0x00000000
CreateMutant	343	992	1004	d82791a7c79d04a.exe Path=Null pid:992 tid:1004 action:NtCreateMutant MutantHandle:0x0012EFA8 DesiredAccess:0x001F0001 ObjectAttributes->ObjectName:(NULL) InitialOwner:0 MutantHandle_before:0x0012EFC8 MutantHandle__out:0x0012EFC8 STATUS:0x00000000
CreateMutant	578	992	1004	d82791a7c79d04a.exe Path=Null pid:992 tid:1004 action:NtCreateMutant MutantHandle:0x0012DFB8 DesiredAccess:0x001F0001 ObjectAttributes->ObjectName:(NULL) InitialOwner:0 MutantHandle_before:0x7C81E4DF MutantHandle__out:0x7C81E4DF STATUS:0x00000000
CreateMutant	875	1044	1080	dwwin.exe Path=Null pid:1044 tid:1080 action:NtCreateMutant MutantHandle:0x0013E9C0 DesiredAccess:0x001F0001 ObjectAttributes->ObjectName:SHIMLIB_LOG_MUTEX InitialOwner:0 MutantHandle_before:0x00000000 MutantHandle__out:0x00000000 STATUS:0x00000000
CreateMutant	890	1044	1080	dwwin.exe Path=Null pid:1044 tid:1080 action:NtCreateMutant MutantHandle:0x0013F8D8 DesiredAccess:0x001F0001 ObjectAttributes->ObjectName:ZonesCounterMutex InitialOwner:0 MutantHandle_before:0x77260000 MutantHandle__out:0x77260000 STATUS:0x00000000
CreateMutant	890	1044	1080	dwwin.exe Path=Null pid:1044 tid:1080 action:NtCreateMutant MutantHandle:0x0013F8CC DesiredAccess:0x001F0001 ObjectAttributes->ObjectName:ZonesCacheCounterMutex InitialOwner:0 MutantHandle_before:0x77260000 MutantHandle__out:0x77260000 STATUS:0x00000000
CreateMutant	890	1044	1080	dwwin.exe Path=Null pid:1044 tid:1080 action:NtCreateMutant MutantHandle:0x0013F8CC DesiredAccess:0x001F0001 ObjectAttributes->ObjectName:ZonesLockedCacheCounterMutex InitialOwner:0 MutantHandle_before:0x77260000 MutantHandle__out:0x77260000 STATUS:0x00000000
CreateMutant	968	1044	1080	dwwin.exe Path=Null pid:1044 tid:1080 action:NtCreateMutant MutantHandle:0x0013FDC4 DesiredAccess:0x001F0001 ObjectAttributes->ObjectName:(NULL) InitialOwner:0 MutantHandle_before:0x0013FF60 MutantHandle__out:0x0013FF60 STATUS:0x00000000
CreateMutant	1765	1044	1092	dwwin.exe Path=Null pid:1044 tid:1092 action:NtCreateMutant MutantHandle:0x00C2E880 DesiredAccess:0x001F0001 ObjectAttributes->ObjectName:(NULL) InitialOwner:0 MutantHandle_before:0x00000368 MutantHandle__out:0x00000368 STATUS:0x00000000
CreateMutant	1765	1044	1092	dwwin.exe Path=Null pid:1044 tid:1092 action:NtCreateMutant MutantHandle:0x00C2D288 DesiredAccess:0x001F0001 ObjectAttributes->ObjectName:(NULL) InitialOwner:0 MutantHandle_before:0x76EB0000 MutantHandle__out:0x76EB0000 STATUS:0x00000000
CreateMutant	1765	1044	1092	dwwin.exe Path=Null pid:1044 tid:1092 action:NtCreateMutant MutantHandle:0x00C2D224 DesiredAccess:0x001F0001 ObjectAttributes->ObjectName:RasPbFile InitialOwner:0 MutantHandle_before:0x00000000 MutantHandle__out:0x00000000 STATUS:0x00000000

Tries to write to foreign memory regions

Action	Time	Pid	Tid	Details
WriteMemory	828	992	1004	d82791a7c79d04a.exe TargetPID:1044 TargetName:dwwin.exe BaseAddress:65536 STATUS:0x00000000 Buffer:[0000003D][00000000][0000003A][00000000][0000003A][00000000][0000003D][00000000][0000003A][00000000][0000003A][00000000][0000005C][00000000][00000000][00000000][0000003D][00000000][00000043][00000000][0000003A][00000000][0000003D][00000000][00000043][00000000][0000003A][00000000][0000005C][00000000][00000053][00000000][00000068][00000000][00000061][00000000][00000072][00000000][00000065][00000000][0000005C][00000000][0000006E][00000000][00000065][00000000][00000077][00000000][0000005F][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000]
WriteMemory	828	992	1004	d82791a7c79d04a.exe TargetPID:1044 TargetName:dwwin.exe BaseAddress:131072 STATUS:0x00000000 Buffer:[00000000][00000010][00000000][00000000][000000C4][00000006][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000001][00000000][00000032][00000000][00000000][00000000][00000000][00000000][00000003][00000000][00000000][00000000][00000007][00000000][00000000][00000000][0000000B][00000000][00000000][00000000][00000026][00000000][00000008][00000002][00000090][00000002][00000000][00000000][0000000E][00000000][00000000][00000000][0000003E][00000001][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000]
WriteMemory	828	992	1004	d82791a7c79d04a.exe TargetPID:1044 TargetName:dwwin.exe BaseAddress:2147336208 STATUS:0x00000000 Buffer:[00000000][00000000][00000002][00000000][00000000][00000000][00000000][00000000]
WriteMemory	828	992	1004	d82791a7c79d04a.exe TargetPID:1044 TargetName:dwwin.exe BaseAddress:196608 STATUS:0x00000000 Buffer:[00000053][00000000][00000068][00000000][00000069][00000000][0000006D][00000000][00000045][00000000][0000006E][00000000][00000067][00000000][0000002E][00000000][00000064][00000000][0000006C][00000000][0000006C][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000]
WriteMemory	828	992	1004	d82791a7c79d04a.exe TargetPID:1044 TargetName:dwwin.exe BaseAddress:2147336680 STATUS:0x00000000 Buffer:[00000000][00000000][00000003][00000000][00000000][00000000][00000000][00000000]
WriteMemory	828	992	1004	d82791a7c79d04a.exe TargetPID:1044 TargetName:dwwin.exe BaseAddress:1376256 STATUS:0x00000000 Buffer:[00000043][0000003A][0000005C][00000055][00000073][00000065][00000072][00000041][00000063][00000063][0000006F][00000075][0000006E][00000074][00000053][00000063][00000061][0000006E][0000006E][00000065][00000072][00000032][0000002E][00000064][0000006C][0000006C][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000][00000000]

Tries to spawn process

Action	Time	Pid	Tid	Details
ProcessCreate	828	992	1004	d82791a7c79d04a.exe TargetPid:1044 TargetName:dwwin.exe CommandLine:"C:\Share\new_sandBoxLog\d82791a7c79d04a.exe" DebugMode:0

Tries to create temporary file

Action	Time	Pid	Tid	Details
WriteFile	640	992	1004	d82791a7c79d04a.exe Path=\Device\HarddiskVolume1\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3b4a_appcompat.txt Length:2 ByteOffset:0 STATUS:0x00000000
WriteFile	640	992	1004	d82791a7c79d04a.exe Path=\Device\HarddiskVolume1\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3b4a_appcompat.txt Length:106 ByteOffset:2 STATUS:0x00000000
WriteFile	656	992	1004	d82791a7c79d04a.exe Path=\Device\HarddiskVolume1\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3b4a_appcompat.txt Length:130 ByteOffset:108 STATUS:0x00000000
WriteFile	656	992	1004	d82791a7c79d04a.exe Path=\Device\HarddiskVolume1\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3b4a_appcompat.txt Length:432 ByteOffset:238 STATUS:0x00000000
WriteFile	718	992	1004	d82791a7c79d04a.exe Path=\Device\HarddiskVolume1\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3b4a_appcompat.txt Length:126 ByteOffset:1594 STATUS:0x00000000
WriteFile	1562	1044	1092	dwwin.exe Path=\Device\HarddiskVolume1\DOCUME~1\ADMINI~1\LOCALS~1\Temp\23A6F.dmp Length:32 ByteOffset:0 STATUS:0x00000000
WriteFile	1562	1044	1092	dwwin.exe Path=\Device\HarddiskVolume1\DOCUME~1\ADMINI~1\LOCALS~1\Temp\23A6F.dmp Length:4 ByteOffset:2976 STATUS:0x00000000
WriteFile	1562	1044	1092	dwwin.exe Path=\Device\HarddiskVolume1\DOCUME~1\ADMINI~1\LOCALS~1\Temp\23A6F.dmp Length:716 ByteOffset:4604 STATUS:0x00000000
WriteFile	1609	1044	1092	dwwin.exe Path=\Device\HarddiskVolume1\DOCUME~1\ADMINI~1\LOCALS~1\Temp\23A6F.dmp Length:8568 ByteOffset:7703 STATUS:0x00000000
WriteFile	1609	1044	1092	dwwin.exe Path=\Device\HarddiskVolume1\DOCUME~1\ADMINI~1\LOCALS~1\Temp\23A6F.dmp Length:11820 ByteOffset:16927 STATUS:0x00000000

Reads an ini file

Action	Time	Pid	Tid	Details
ReadFile	2125	1044	1092	dwwin.exe Path=\Device\HarddiskVolume1\WINDOWS\win.ini Length:477 ByteOffset:0 STATUS:0x00000000

Screenshots