Analysis Report · CAPE Sandbox

Analysis Details

Category	Package	Started	Completed	Duration	Options	Logs
FILE	exe	2026-06-29 10:43:20	2026-06-29 10:44:09	49s
Reports	JSON

Options

vnc_port=5900

Analysis Log

2026-06-28 14:55:57,610 [root] INFO: Date set to: 20260629T10:43:25, timeout set to: 20
2026-06-29 10:43:25,263 [root] DEBUG: Starting analyzer from: C:\2_6me6uj
2026-06-29 10:43:25,264 [root] DEBUG: Storing results at: C:\ACkZhSvQBI
2026-06-29 10:43:25,264 [root] DEBUG: Pipe server name: \\.\PIPE\hWpGIVU
2026-06-29 10:43:25,265 [root] DEBUG: Python path: C:\Users\Rajesh\AppData\Local\Programs\Python\Python314
2026-06-29 10:43:25,265 [root] INFO: analysis running as an admin
2026-06-29 10:43:25,266 [root] INFO: analysis package specified: "exe"
2026-06-29 10:43:25,267 [root] DEBUG: importing analysis package module: "modules.packages.exe"...
2026-06-29 10:43:25,274 [root] DEBUG: imported analysis package "exe"
2026-06-29 10:43:25,275 [root] DEBUG: initializing analysis package "exe"...
2026-06-29 10:43:25,275 [lib.common.common] INFO: no wrapping
2026-06-29 10:43:25,276 [lib.core.compound] INFO: C:\Users\Rajesh\AppData\Local\Temp already exists, skipping creation
2026-06-29 10:43:25,277 [root] DEBUG: New location of moved file: C:\Users\Rajesh\AppData\Local\Temp\iexplore.exe
2026-06-29 10:43:25,278 [root] INFO: Analyzer: Package modules.packages.exe does not specify a dll option
2026-06-29 10:43:25,278 [root] INFO: Analyzer: Package modules.packages.exe does not specify a dll_64 option
2026-06-29 10:43:25,279 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option
2026-06-29 10:43:25,279 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option
2026-06-29 10:43:25,368 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser"
2026-06-29 10:43:25,381 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig"
2026-06-29 10:43:25,431 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise"
2026-06-29 10:43:25,475 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human"
2026-06-29 10:43:25,489 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'
2026-06-29 10:43:25,490 [lib.api.screenshot] ERROR: No module named 'PIL'
2026-06-29 10:43:25,491 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots"
2026-06-29 10:43:25,494 [root] DEBUG: Imported auxiliary module "modules.auxiliary.tlsdump"
2026-06-29 10:43:25,495 [root] DEBUG: Initialized auxiliary module "Browser"
2026-06-29 10:43:25,495 [root] DEBUG: attempting to configure 'Browser' from data
2026-06-29 10:43:25,496 [root] DEBUG: module Browser does not support data configuration, ignoring
2026-06-29 10:43:25,496 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.browser"...
2026-06-29 10:43:26,535 [root] DEBUG: Started auxiliary module modules.auxiliary.browser
2026-06-29 10:43:26,536 [root] DEBUG: Initialized auxiliary module "DigiSig"
2026-06-29 10:43:26,536 [root] DEBUG: attempting to configure 'DigiSig' from data
2026-06-29 10:43:26,536 [root] DEBUG: module DigiSig does not support data configuration, ignoring
2026-06-29 10:43:26,536 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.digisig"...
2026-06-29 10:43:26,536 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature
2026-06-28 14:56:01,779 [modules.auxiliary.digisig] DEBUG: File has an invalid signature
2026-06-28 14:56:01,780 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2026-06-28 14:56:01,782 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig
2026-06-28 14:56:01,783 [root] DEBUG: Initialized auxiliary module "Disguise"
2026-06-28 14:56:01,783 [root] DEBUG: attempting to configure 'Disguise' from data
2026-06-28 14:56:01,784 [root] DEBUG: module Disguise does not support data configuration, ignoring
2026-06-28 14:56:01,784 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.disguise"...
2026-06-28 14:56:01,795 [modules.auxiliary.disguise] INFO: Launched background process notepad.exe hidden (PID: 3604)
2026-06-28 14:56:01,800 [modules.auxiliary.disguise] INFO: Disguising GUID to 842c770e-8d4c-479e-81ce-001439b61ed1
2026-06-28 14:56:01,800 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise
2026-06-28 14:56:01,801 [root] DEBUG: Initialized auxiliary module "Human"
2026-06-28 14:56:01,801 [root] DEBUG: attempting to configure 'Human' from data
2026-06-28 14:56:01,802 [root] DEBUG: module Human does not support data configuration, ignoring
2026-06-28 14:56:01,802 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.human"...
2026-06-28 14:56:01,829 [root] DEBUG: Started auxiliary module modules.auxiliary.human
2026-06-28 14:56:01,832 [root] DEBUG: Initialized auxiliary module "Screenshots"
2026-06-28 14:56:01,833 [root] DEBUG: attempting to configure 'Screenshots' from data
2026-06-28 14:56:01,833 [root] DEBUG: module Screenshots does not support data configuration, ignoring
2026-06-28 14:56:01,834 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.screenshots"...
2026-06-28 14:56:01,836 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled
2026-06-28 14:56:01,836 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots
2026-06-28 14:56:01,836 [root] DEBUG: Initialized auxiliary module "TLSDumpMasterSecrets"
2026-06-28 14:56:01,836 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data
2026-06-28 14:56:01,836 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring
2026-06-28 14:56:01,837 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.tlsdump"...
2026-06-28 14:56:01,842 [modules.auxiliary.tlsdump] WARNING: Unable to find lsass.exe process
2026-06-28 14:56:01,842 [root] DEBUG: Started auxiliary module modules.auxiliary.tlsdump
2026-06-28 14:56:08,317 [root] INFO: Restarting WMI Service
2026-06-28 14:56:10,547 [root] DEBUG: package modules.packages.exe does not support configure, ignoring
2026-06-28 14:56:10,548 [root] WARNING: configuration error for package modules.packages.exe: error importing data.packages.exe: No module named 'data.packages'
2026-06-28 14:56:10,549 [lib.core.compound] INFO: C:\Users\Rajesh\AppData\Local\Temp already exists, skipping creation
2026-06-28 14:56:10,557 [lib.api.process] INFO: Successfully executed process from path "C:\Users\Rajesh\AppData\Local\Temp\iexplore.exe" with arguments "" with pid 4444
2026-06-28 14:56:10,789 [lib.api.process] INFO: Monitor config for process 4444: C:\2_6me6uj\dll\4444.ini
2026-06-28 14:56:10,802 [lib.api.process] INFO: 64-bit DLL to inject is C:\2_6me6uj\dll\VUYJWNos.dll, loader C:\2_6me6uj\bin\OGrOjvpd.exe
2026-06-28 14:56:10,821 [root] DEBUG: Loader: Injecting process 4444 (thread 3412) with C:\2_6me6uj\dll\VUYJWNos.dll.
2026-06-28 14:56:10,822 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2026-06-28 14:56:10,823 [root] DEBUG: Successfully injected DLL C:\2_6me6uj\dll\VUYJWNos.dll.
2026-06-28 14:56:10,826 [lib.api.process] INFO: Injected into 64-bit <Process 4444 iexplore.exe>
2026-06-28 14:56:12,839 [lib.api.process] INFO: Successfully resumed process with pid 4444
2026-06-28 14:56:12,865 [root] DEBUG: 4444: Python path set to 'C:\Users\Rajesh\AppData\Local\Programs\Python\Python314'.
2026-06-28 14:56:12,869 [root] DEBUG: 4444: Disabling sleep skipping.
2026-06-28 14:56:12,870 [root] DEBUG: 4444: Dropped file limit defaulting to 100.
2026-06-28 14:56:12,886 [root] DEBUG: 4444: YaraInit: Compiled 44 rule files
2026-06-28 14:56:12,889 [root] DEBUG: 4444: YaraInit: Compiled rules saved to file C:\2_6me6uj\data\yara\capemon.yac
2026-06-28 14:56:12,945 [root] DEBUG: 4444: RtlInsertInvertedFunctionTable 0x00007FF9AAA0090E, LdrpInvertedFunctionTableSRWLock 0x00007FF9AAB5B4F0
2026-06-28 14:56:12,946 [root] DEBUG: 4444: YaraScan: Scanning 0x00007FF7C1930000, size 0xcb0bb
2026-06-28 14:56:12,960 [root] DEBUG: 4444: Monitor initialised: 64-bit capemon loaded in process 4444 at 0x00007FF986960000, thread 3412, image base 0x00007FF7C1930000, stack from 0x00000047CCF61000-0x00000047CCF70000
2026-06-28 14:56:12,963 [root] DEBUG: 4444: Commandline: "C:\Users\Rajesh\AppData\Local\Temp\iexplore.exe"
2026-06-28 14:56:12,978 [root] DEBUG: 4444: hook_api: LdrpCallInitRoutine export address 0x00007FF9AAA099BC obtained via GetFunctionAddress
2026-06-28 14:56:13,033 [root] WARNING: b'Unable to create trampoline for LockResource, hook type 2'
2026-06-28 14:56:13,034 [root] DEBUG: 4444: set_hooks: Unable to hook LockResource
2026-06-28 14:56:13,051 [root] DEBUG: 4444: Hooked 630 out of 631 functions
2026-06-28 14:56:13,060 [root] DEBUG: 4444: Syscall hook installed, syscall logging level 1
2026-06-28 14:56:13,076 [root] DEBUG: 4444: RestoreHeaders: Restored original import table.
2026-06-28 14:56:13,079 [root] INFO: Loaded monitor into process with pid 4444
2026-06-28 14:56:13,084 [root] DEBUG: 4444: caller_dispatch: Added region at 0x00007FF7C1930000 to tracked regions list (kernel32::SetUnhandledExceptionFilter returns to 0x00007FF7C1931DF1, thread 3412).
2026-06-28 14:56:13,086 [root] DEBUG: 4444: YaraScan: Scanning 0x00007FF7C1930000, size 0xcb0bb
2026-06-28 14:56:13,100 [root] DEBUG: 4444: ProcessImageBase: Main module image at 0x00007FF7C1930000 unmodified (entropy change 0.000000e+00)
2026-06-28 14:56:13,104 [root] DEBUG: 4444: DLL loaded at 0x00007FF9A8700000: C:\Windows\System32\bcryptPrimitives (0x83000 bytes).
2026-06-28 14:56:13,112 [root] DEBUG: 4444: DLL loaded at 0x00007FF99E3A0000: C:\Windows\SYSTEM32\msIso (0x54000 bytes).
2026-06-28 14:56:13,119 [root] DEBUG: 4444: DLL loaded at 0x00007FF9A6030000: C:\Windows\SYSTEM32\kernel.appcore (0x12000 bytes).
2026-06-28 14:56:13,161 [root] DEBUG: 4444: DLL loaded at 0x00007FF99E260000: C:\Windows\SYSTEM32\NETAPI32 (0x18000 bytes).
2026-06-28 14:56:13,163 [root] DEBUG: 4444: DLL loaded at 0x00007FF9A3240000: C:\Windows\SYSTEM32\VERSION (0xa000 bytes).
2026-06-28 14:56:13,165 [root] DEBUG: 4444: DLL loaded at 0x00007FF9A7F80000: C:\Windows\SYSTEM32\USERENV (0x2e000 bytes).
2026-06-28 14:56:13,171 [root] DEBUG: 4444: DLL loaded at 0x00007FF9A1C10000: C:\Windows\SYSTEM32\WINHTTP (0x108000 bytes).
2026-06-28 14:56:13,172 [root] DEBUG: 4444: DLL loaded at 0x00007FF9A7290000: C:\Windows\SYSTEM32\WKSCLI (0x17000 bytes).
2026-06-28 14:56:13,174 [root] DEBUG: 4444: DLL loaded at 0x00007FF9A75F0000: C:\Windows\SYSTEM32\NETUTILS (0xc000 bytes).
2026-06-28 14:56:13,175 [root] DEBUG: 4444: DLL loaded at 0x00007FF986D30000: C:\Windows\SYSTEM32\IEFRAME (0x757000 bytes).
2026-06-28 14:56:13,193 [root] DEBUG: 4444: DLL loaded at 0x00007FF994050000: C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\comctl32 (0x29a000 bytes).
2026-06-28 14:56:13,212 [root] DEBUG: 4444: DLL loaded at 0x00007FF9A5B50000: C:\Windows\system32\uxtheme (0x9e000 bytes).
2026-06-28 14:56:13,243 [root] DEBUG: 4444: DLL loaded at 0x00007FF9A9600000: C:\Windows\System32\clbcatq (0xa9000 bytes).
2026-06-28 14:56:13,288 [root] DEBUG: 4444: DLL loaded at 0x00007FF9A7A90000: C:\Windows\SYSTEM32\Wldp (0x2c000 bytes).
2026-06-28 14:56:13,290 [root] DEBUG: 4444: DLL loaded at 0x00007FF9A6230000: C:\Windows\SYSTEM32\windows.storage (0x790000 bytes).
2026-06-28 14:56:13,300 [root] DEBUG: 4444: CreateProcessHandler: Injection info set for new process 4112: C:\Windows\system32\WerFault.exe, ImageBase: 0x00007FF711CB0000
2026-06-28 14:56:13,302 [root] INFO: Announced 64-bit process name: WerFault.exe pid: 4112
2026-06-28 14:56:13,302 [lib.api.process] INFO: Monitor config for process 4112: C:\2_6me6uj\dll\4112.ini
2026-06-28 14:56:13,306 [lib.api.process] INFO: 64-bit DLL to inject is C:\2_6me6uj\dll\VUYJWNos.dll, loader C:\2_6me6uj\bin\OGrOjvpd.exe
2026-06-28 14:56:13,320 [root] DEBUG: Loader: Injecting process 4112 (thread 4428) with C:\2_6me6uj\dll\VUYJWNos.dll.
2026-06-28 14:56:13,321 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2026-06-28 14:56:13,322 [root] DEBUG: Successfully injected DLL C:\2_6me6uj\dll\VUYJWNos.dll.
2026-06-28 14:56:13,326 [lib.api.process] INFO: Injected into 64-bit <Process 4112 WerFault.exe>
2026-06-28 14:56:13,332 [root] INFO: Announced 64-bit process name: WerFault.exe pid: 4112
2026-06-28 14:56:13,332 [lib.api.process] INFO: Monitor config for process 4112: C:\2_6me6uj\dll\4112.ini
2026-06-28 14:56:13,334 [lib.api.process] INFO: 64-bit DLL to inject is C:\2_6me6uj\dll\VUYJWNos.dll, loader C:\2_6me6uj\bin\OGrOjvpd.exe
2026-06-28 14:56:13,345 [root] DEBUG: Loader: Injecting process 4112 (thread 4428) with C:\2_6me6uj\dll\VUYJWNos.dll.
2026-06-28 14:56:13,346 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2026-06-28 14:56:13,346 [root] DEBUG: Successfully injected DLL C:\2_6me6uj\dll\VUYJWNos.dll.
2026-06-28 14:56:13,349 [lib.api.process] INFO: Injected into 64-bit <Process 4112 WerFault.exe>
2026-06-28 14:56:13,391 [root] DEBUG: 4112: Python path set to 'C:\Users\Rajesh\AppData\Local\Programs\Python\Python314'.
2026-06-28 14:56:13,392 [root] DEBUG: 4112: Dropped file limit defaulting to 100.
2026-06-28 14:56:13,399 [root] DEBUG: 4112: Disabling sleep skipping.
2026-06-28 14:56:13,407 [root] DEBUG: 4112: YaraInit: Compiled rules loaded from existing file C:\2_6me6uj\data\yara\capemon.yac
2026-06-28 14:56:13,429 [root] DEBUG: 4112: RtlInsertInvertedFunctionTable 0x00007FF9AAA0090E, LdrpInvertedFunctionTableSRWLock 0x00007FF9AAB5B4F0
2026-06-28 14:56:13,430 [root] DEBUG: 4112: YaraScan: Scanning 0x00007FF711CB0000, size 0x8d440
2026-06-28 14:56:13,441 [root] DEBUG: 4112: Monitor initialised: 64-bit capemon loaded in process 4112 at 0x00007FF986960000, thread 4428, image base 0x00007FF711CB0000, stack from 0x000000CE49A74000-0x000000CE49A80000
2026-06-28 14:56:13,442 [root] DEBUG: 4112: Commandline: C:\Windows\system32\WerFault.exe -u -p 4444 -s 748
2026-06-28 14:56:13,458 [root] DEBUG: 4112: hook_api: LdrpCallInitRoutine export address 0x00007FF9AAA099BC obtained via GetFunctionAddress
2026-06-28 14:56:13,513 [root] WARNING: b'Unable to create trampoline for LockResource, hook type 2'
2026-06-28 14:56:13,514 [root] DEBUG: 4112: set_hooks: Unable to hook LockResource
2026-06-28 14:56:13,527 [root] DEBUG: 4112: Hooked 630 out of 631 functions
2026-06-28 14:56:13,541 [root] DEBUG: 4112: Syscall hook installed, syscall logging level 1
2026-06-28 14:56:13,549 [root] DEBUG: 4112: RestoreHeaders: Restored original import table.
2026-06-28 14:56:13,551 [root] INFO: Loaded monitor into process with pid 4112
2026-06-28 14:56:13,571 [root] DEBUG: 4112: DLL loaded at 0x00007FF9A7F60000: C:\Windows\system32\UMPDC (0x12000 bytes).
2026-06-28 14:56:13,575 [root] DEBUG: 4112: caller_dispatch: Added region at 0x00007FF711CB0000 to tracked regions list (kernel32::SetUnhandledExceptionFilter returns to 0x00007FF711D02881, thread 4428).
2026-06-28 14:56:13,576 [root] DEBUG: 4112: YaraScan: Scanning 0x00007FF711CB0000, size 0x8d440
2026-06-28 14:56:13,591 [root] DEBUG: 4112: ProcessImageBase: Main module image at 0x00007FF711CB0000 unmodified (entropy change 0.000000e+00)
2026-06-28 14:56:13,597 [root] DEBUG: 4112: DLL loaded at 0x00007FF994050000: C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\Comctl32 (0x29a000 bytes).
2026-06-28 14:56:13,601 [root] DEBUG: 4112: DLL loaded at 0x00007FF9A5B50000: C:\Windows\system32\uxtheme (0x9e000 bytes).
2026-06-28 14:56:13,606 [root] DEBUG: 4112: DLL loaded at 0x00007FF9A9A10000: C:\Windows\System32\MSCTF (0x115000 bytes).
2026-06-28 14:56:13,638 [root] DEBUG: 4112: DLL loaded at 0x00007FF9A7200000: C:\Windows\SYSTEM32\msvcp110_win (0x8a000 bytes).
2026-06-28 14:56:13,639 [root] DEBUG: 4112: DLL loaded at 0x00007FF9A35E0000: C:\Windows\SYSTEM32\policymanager (0xa0000 bytes).
2026-06-28 14:56:13,651 [root] DEBUG: 4112: DLL loaded at 0x00007FF9A7200000: C:\Windows\SYSTEM32\msvcp110_win (0x8a000 bytes).
2026-06-28 14:56:13,652 [root] DEBUG: 4112: DLL loaded at 0x00007FF9A35E0000: C:\Windows\SYSTEM32\policymanager (0xa0000 bytes).
2026-06-28 14:56:13,661 [root] DEBUG: 4112: DLL loaded at 0x00007FF9A7200000: C:\Windows\SYSTEM32\msvcp110_win (0x8a000 bytes).
2026-06-28 14:56:13,662 [root] DEBUG: 4112: DLL loaded at 0x00007FF9A35E0000: C:\Windows\SYSTEM32\policymanager (0xa0000 bytes).
2026-06-28 14:56:13,687 [root] DEBUG: 4112: DLL loaded at 0x00007FF9A8700000: C:\Windows\System32\bcryptPrimitives (0x83000 bytes).
2026-06-28 14:56:13,697 [root] DEBUG: 4112: NtTerminateProcess hook: Attempting to dump process 4112
2026-06-28 14:56:13,699 [root] DEBUG: 4112: DoProcessDump: Skipping process dump as code is identical on disk.
2026-06-28 14:56:13,737 [root] INFO: Process with pid 4112 has terminated
2026-06-29 03:43:47,816 [modules.auxiliary.human] INFO: Found button "ok", clicking it
2026-06-29 03:43:48,848 [root] INFO: Process with pid 4444 has terminated
2026-06-29 03:43:48,851 [root] DEBUG: 4444: NtTerminateProcess hook: Attempting to dump process 4444
2026-06-29 03:43:48,853 [root] DEBUG: 4444: DoProcessDump: Skipping process dump as code is identical on disk.
2026-06-29 03:44:03,060 [root] INFO: Analysis timeout hit, terminating analysis
2026-06-29 03:44:03,063 [root] INFO: Created shutdown mutex
2026-06-29 03:44:04,075 [root] INFO: Shutting down package
2026-06-29 03:44:04,076 [root] INFO: Stopping auxiliary modules
2026-06-29 03:44:04,076 [root] INFO: Stopping auxiliary module: Browser
2026-06-29 03:44:04,078 [root] INFO: Stopping auxiliary module: Human
2026-06-29 03:44:08,200 [root] INFO: Stopping auxiliary module: Screenshots
2026-06-29 03:44:08,201 [root] INFO: Finishing auxiliary modules
2026-06-29 03:44:08,202 [root] INFO: Shutting down pipe server and dumping dropped files
2026-06-29 03:44:08,202 [root] WARNING: Folder at path "C:\ACkZhSvQBI\debugger" does not exist, skipping
2026-06-29 03:44:08,203 [root] WARNING: Folder at path "C:\ACkZhSvQBI\tlsdump" does not exist, skipping
2026-06-29 03:44:08,208 [root] INFO: Analysis completed

Process Log

Pre-Script Log

During-Script Log

Machine Information

Name	Label	Manager	Started On	Shutdown On	Route
win10	win10	KVM	2026-06-29 10:43:20	2026-06-29 10:44:09	`internet`

File Details

File Information

File Name	iexplore.exe
File Type	PE32+ executable (GUI) x86-64, for MS Windows
File Size	846280 bytes
MD5	0b47a43e68bfadc9106acd3e46e85c56
SHA1	9824880edc41fae722c51314265ef99fd886094f
SHA256	43f7fa5e22fa1a00989114e7d9b58cf1fb6dadf009bff45e70f1a48d06d9eb35 VT MWDB Bazaar
SHA3-384	4a99e5698b2ca4c828ed52a3c05f9b5dd2b371ec0e9447a7bb51f63040e7363215148678aaf16ea59754a262c6a30816
CRC32	DB73743F
TLSH	T113056C42F7C8D455E0B706314933CA644662FD659F2086EF319A771E2E723C36AB2E1B
Ssdeep	24576:bT4lGLbMMHMMMvMMZMMMKzb6XmMMMiMMMz8JMMHMMM6MMZMMMeXNMMzMMMUMMVMl:bhMMHMMMvMMZMMMlmMMMiMMMYJMMHMMs

Tools: PE Strings Extract: BinGraph Extract: overlay

Strings

`X"8|N
Browseui_HangUI_ShowNotificationBar
hpzzzz
nnqqqqqzqqqojiUR:
Find_FindFirstHit
NewVisibleState
EUPP_HandleAsyncOperationResult_Perftrack
oB!:6
CIMContextMenuBar_Hide_Perftrack
AFR#@.2#$
EmptyTab_Timer_Timeout
*00>V
.CRT$XCA
EmptyTab_Reuse_ReuseTabThread_Failed
Browseui_TabBand_Activity
_ppppppppppppppppppnppn_
r<st=
FirstRunDialog_Show
UnifiedListView_Displayed_Complete_Perftrack
HQ7+`
g~vzw
771/00
TravelLogScreenshotNav
.text$di
}gwVq{uE
`0^0\
&L8O"
.didat$4
IDATp
Imaging_SendIconicLivePreviewBitmap
EmptyTab_Reuse_ReinitializeBrowserTab_Failed
r[0/#
Browseui_OnPrepareVisibleComplete
IDATo
/;.`D
.pdata
x\3.N,:
t$ WH
px||dlvv
nnnnnnnnnn
QI!!w
/8U[SA
kxD6 N
SelectTabAsyncFlags
Bing_Suggestions_ServiceRequest
^^]\NF
X0V0T
<r@H{
Immersive_Travellog_NavigationComplete_TimeOut
Y4SROO5H
300930183225Z0|1
~~~~{{{yt
-DT l
0v0_1
            <!--This Id value indicates the application supports Windows 7/Server 2008 R2 functionality-->
r4A\p
Browseui_Favs_ItemsChanged
S[OLN
ElementId
NotificationBar_Hide
8888888888888
j[//G
R]LYr
9^"VE
Bing_Suggestions_ServiceResponse
DDDDO
(1AH-
Pl$#l
        </windowsSettings>
ButtonText
^H)'I2g
Y3{?q
jijFmkm
ImageType
bf_^`
KNJF3&
OC_tA
HistoryBrokerStartup
NewTabPageData_Build
TerminateProcess
LogHr
X[jenab
ContextName
DependentPID
OnlineHistoryAdd
DataModel_Provider_WorkerThread
nh4GZ
D,/V%~
XWVONc}
 N''T 
FindBar_TermChange
FFFBFB?B?333201
01111111111111111111111
qnh,"
Microsoft-IEFRAME
Microsoft.Windows.App.Browser
w\3+M*7
p>80G
 http://www.microsoft.com/windows0
d7z'l
DLM_Security_Malware
z;=??<5b-
WS_ExecuteQuery
!!!   
Thumbnail_RemoveGutters
IDAT9#
tabhydration
NotificationBar_OverrideHide
IsWindowEnabled
Find_FindHits
?&"k0
QGPPQUUc
DataModel_Provider_Query
BFCache
hwndNext
5<_`O
EmptyTab_Conversion_CleanUpBrowserTab_Begin
:DKWWKFB$
Shdocvw_BaseBrowser_FireEvent_NewWindow
DIConfidence
%!-ae^'
Title
Z?"%9
TabRoaming_KeepTabInDirtyList
i=uSg
om7Lm
Microsoft Corporation100.
Browseui_HangUI_CreateCoverWindow
ImageStore_Activity_SingleImage
fA9>u
                    uiAccess="false"/>
RDQT(
!Jht~{{{{{p[3
QSA_UpdateGroup_Perftrack
.didat$5
OnlineHistoryDelete
|l|gp
\__gahss
Fd?B(
Immersive_Travellog_SwipeStartThresholdMet
UnifiedListView_Populate
D$@E3
_ppppppppppppppppp[pf[L
CreateSemaphoreExW
V~l#a
,28hQ
oL$0f
333~kO
1F$A"w
ReturnHr
sharecharm
txuscUU
c#b&*|||
.text$mn
D2J1"
'fhimmmhf+%
Shdocvw_VirtualTab_NavigateInWebBrowser_Navigate2Call
hppii
hET">
`fothk
A=biy
jjjnnpp
:fZ30L
Yhttp://www.microsoft.com/pkiops/crl/Microsoft%20Windows%20Code%20Signing%20PCA%202024.crl0w
LA>H5
CIMNavBar_Hide_Perftrack
ResumeReason
Browseui_HangUI_AttachThreadInputHelper
IEFRAME.dll
.((%$ 
.rdata$zETW2
}F*Lj
|yu~z
HcA<H
K SVWH
RegGetValueW
dF7vv
/?TGd
0!l8$
LCIEDownloader_CreateIsoComponent
dbba`^^]]F
3[2"?
ppnpnppnnp
UTCReplace_AppSessionGuid
.($  
y)Pp2
N0L0J
bqnA%>g
wwwww
TabRoaming_WriteProcessInfo
Browseui_SelectTabTimerTriggered
Microsoft Time-Stamp Service0
subsystem
Browseui_HungTabHeartBeat_Timer_Invisible
GetModuleHandleW
*,315
onecore\internal\sdk\inc\wil\opensource\wil\safecast.h
{T kv
__set_app_type
IMDownloadWindow_Show_Perftrack
'->]7
2111111111111111111110
wininet
ploEwoq
DominantImageUrl2
48r;"
9Hi]j
Oj1E /
Reason
tz5@*
UserInitiated
1YYYY1YY7=6,,,,$VVVVUW 
CloseHandle
1YYYY1YYYYYYYYYYYYYYWWWVVV0
j(#)3
Find_HighlightHitsStatus
ExtensionCreate
YLD|y1
LcA<E3
HMLKFFFFFFc
tRljCzII}kh;
wwxwwwxwxxp
DLM_Security_AntiVirus
Uint32Val
(caller: %p) 
g+nMI
CreateThumbnail
AllowSetForegroundWindow
TravelLogScreenshotNav_OldTab_CancelingSwitch
TEMP4
$<kzh
controlpanel
_XcptFilter
L$XzKH
iIDAT
uuuttrrrrrrrrz
{]A}(N44
ImageDimY
.rsrc$02
unifiedlistview
IntelliForms_Evaluate_AutoStuff
1YYYY1YY9GEAA=77YRNNNW:.VT1
Browseui_FeedViewer_PreviewStream
Y.hilkRROMLK=C,
DLM_DownloadWindow_Hide
KERNEL32.dll
Suspending
A.#UU
p]7@~
BE})$
FlipAhead_RulesFileUpdate
Browseui_Tabs_WaitMessage
pageloadbreakdown
HistorySwitchView
TEMP|
memset
4W~:P
Frame_OnCreate
(e;9_R]
Status On Request
q\Q17
DownloadWindow_HistoryPopulate_Perftrack
BrowserFrame_AddTab_WaitForActivationKind
1YYVV1YY
tgti/
t{{{{{{tttp
!QHD`
.didat$3
)4{d.l
dddKffgK
BrowserRoamedSettingChange_TypedUrls
_commode
rsusEt
Frame_TabBandMove
W~7t~
7WP!?|
TEMP(
USER32.dll
{T|}U?
M>8Hcp
OC~r<
immersive
uckhl
Bing_Suggestions_ParseXmlResponse
DownloadWindow_Items_Removed
IEApplicationStart
.00cfg
Z,[iqe
Recovery_ReadRecoveryStore
?flew
L9{Hu
Shdocvw_VirtualTab_RedirectUrlWithBindInfo
Browseui_Tabs_Move
SetLastError
\-0XH1*
hluv{
SetHung
tLB,"
TabRoaming_Delete
%FAW1
=0w8X
/I}6&
}s(-RihiPROKI:<&
CreateHTMLPreview_ShowWindow
reason
Shdocvw_BaseBrowser_DocumentComplete
NotificationManager_NotificationBarReady
~;EmQ
;;<wnmj
QueryHistory
CommandID
onecore\internal\sdk\inc\wil\opensource\wil\resource.h
~~~~{~{yttn
IWL=Eevm
wwwwwwwwwwp
''''##'
Microsoft Corporation0
IDATF
11.00.26100.8115 (WinBuild.160101.0800)
xSu$W
.CRT$XIA
b}k!kB
Microsoft Time-Stamp Service
1w8y!
MMMM9
c4Z'Ej[ 5"
\F= &
SelectTabAsyncTabID
;4=Y/
/cfff
UnifiedListView_Query_Favorites_Perftrack
Find_ActivateBar
EmptyTab_Conversion_CleanupRecoveryData_Failed
Browseui_Tabs_Tearoff_BetweenWindows
__C_specific_handler
**(%)444?HNN
(#'(+(''''!'!
A_A^_^]
MessageCount
A_A^A\_]
IEApplicationExit
[xVXQ
Imaging_SendIconicThumbnail
-fFx6
CDC_E
1OOOOOOOOOOOOOOOONPPP1
EmptyTab_Timer_Start
_PG:-%%-
@o9t,
en-US
UnifiedListView_DefaultAction
LEVLh
5t}?3
?1%SGf
MaxBlockingTime
"B^^]PE
~iSRR
IsDebuggerPresent
extended
Vq~Y=
QSA_CalculateTilesInView_Perftrack
TmU&F
TEMP`
.CRT$XLZ
BrowserRoamedSettingChange_TrackingProtection
6G" b
NotificationManager_NotificationBarButtonClick
!#4VBc9
NewTabPage_SearchBox_Hide
kernelbase.dll
.text$x
:s_`[
D$xE3
CLSID
.lPV)
Application
{28fb17e0-d393-439d-9a21-9474a070473a} 
IE_Wer_Report_Hang
n,@r_
Frame_SearchBandCreate
Tnnnnnnnnnj
tabID
                <requestedExecutionLevel
Reading Mode Content
Iw %n
RaiseFailFastException
E>NI6
HistorySearchSwitchView
TabRoaming_Update
_0Oio=NA
-newtab
s/Z7z
Frame_CommandBandCreate
]bolSTQML=<;-)s
:<OSSQ
1YYYYM111111111111111111112
y?4/ 
CaWNN
e$t}F
.CRT$XIY
8fD]@
'Kn)yvDstbW
Browseui_Tabs_NavToDroppedLink
_pppppppppppppppnppp_[RQ
LogNt
`.rdata
4Mx~Q
[.<wc
fg:SM
20260321095147.076Z0
>NGdx
FavCenterClose
SCODEF:
;NRlI
888777777
BrowserThreadProc_StartFrame
Browseui_Tabs_OnNavigateComplete2
|$8E3
.CRT$XIAA
?terminate@@YAXXZ
1YYYY0QQQRQQQRQQQRQQ
WaitingTaskCount
XW_(P
Find_HighlightHits
BrowserThreadProc_Next
&S|9a
Frame_CommandBarCreate
geeVU
V%%(((
Browseui_TabSuspension_Suspend
TravelLogScreenshotNav_NewTab_IsNotReadyToSwitch
WAVAWH
-embedding
Microsoft Corporation1&0$
Browseui_ActivationRegistrar_OnCleanup
Z\ojhkSTMMM<=C&
+?@(IJ
8#8v"
14FF@E
;p+3KK
_ji6W
CHANp
7!}O"
`A>e_
\zq5%`
HcT$ HcL$$H
SendMessageTimeoutW
3g033
SetUnhandledExceptionFilter
TASKl
.ApX/
 N*;]a`G3'W 
9_'LJ
"A_Rb
Disable
"HMtcX
IDATx
 A_A^_
@D24E3C1D09E874225DAC529867B92629B3B8D6810A8BBC36F2510D361522927F0Z
Ou5}?Y7
ZWZZXXXVVZ
[%hs]
EventUnregister
WCVB64''!
WilError_03
wwwwwwwwwwww
wwwwwwwww
DF443333130
`v$J6
g Sk?eY
            </requestedPrivileges>
Find_FindFirstHit_Perftrack
<MHMI8*
.CRT$XCZ
bingsuggestions
df||tg
wtP<W
TGEtwzyqz
Terminate_Browser_Tab_Process
_PURUUUU
wwwwwwwwwwwww
;33;33;0N
.rdata$voltmd
api-ms-win-downlevel-shlwapi-l1-1-0.dll
Browseui_Tabs_Activity_Show
wwwwp
02rWed
^[ONN
O?zKN
LCIE_ForeignProcessMessageQueueEnqueue
DE4/4////////---
DataModel_Query
<"dzNZ
'?tBRp
/%=2=2[
uPH9i
NotificationBar_OverrideShow
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
NewTabPage_SearchBox_Show
TravelLogScreenshotNav_NewTab_IsReadyToSwitch
Attach
b > -
DNnh<t)
lihhil
RUSQQQQQ
WEVT|
SetCurrentProcessExplicitAppUserModelID
eZzjU
M#mvDF
win:Stop
J>f;O
Find_HighlightHits_Perftrack
MHMM7)
kW)/Z0
E}II}-$%#'TuSM
LayerValue
_vsnwprintf
EmptyTab_Conversion_CleanUpBrowserTab_Failed
(%&'00443445?
wsL>W
Browseui_BringBrowserTabAlternateOwnerForward
UVWATAUAVAWH
Hf iC
1YYYY1YY ####%# VVVVVT
+T]K(
T$@E3
261113184817Z0
ihimzy{
gdMkS7
00.,,,4(
!This program cannot be run in DOS mode.
W1U!F@<0
QRNNN
(=Xen
@@@@@@@@@@
CreateThumbnail_Immersive_Perftrack
Browseui_CBrowserFrame_CreateInstance
Fsccspc
Event Type
DLM_Security_AppRep
Frame_AddFirstTab
VarFileInfo
tccg|
IdleManager_AddIdleTask
ImageKey
 A_A^A\
AddonName
1Y444V444VVVSVSVSSSSS1
.didat$7
);IQJ1+
Immersive_Travellog_NavigationStart_TimeOut
RRRRRRRRR
.CRT$XIZ
['/FWL
1YYYY1YY+$$+%%%%VRNNNT
jVUU@@7
wwwwwwww
_xssx
(2Wt[9pd
\.I=Y
Browseui_PrepareResizeAsync
OPnb^
PinnedSites_OfferedImagesComplete
BrowserRoamedSettingChange_TrackingProtectionLists
gDDh9
//////////////
wwwwww
ProductVersion
IsWindowVisible
GetWindowThreadProcessId
Shdocvw_BaseBrowser_FireEvent_WindowStateChanged
_initterm
Window_Maximized
y|U3a
DominantImageClassifier
C?&f{fp
QSA_OpenUnfilteredView_Perftrack
uvv,opp
<MMIM8
ReturnNt
f9,^u
~)EQ 
pnnpnnnnnn
XX\jb_`
win:Start
}t{}~~~zzo777kkxx
|`p0YU
-di".
OpType
3....(.''$ 
IE_API_Timer
.CRT$XCU
DLVA_Animation_Perftrack
b@IKg
SupportedDataMask
_fmode
QSA_PopulateTiles_Perftrack
    <description>Internet Explorer</description>
]_gmmqq
}}5"n
w=(>?
988r+++,
llgwp
ZUGa4
HeapFree
Browseui_Tabs_Tearoff_BetweenWindows_TabProc
RtlDllShutdownInProgress
T:E6m2A
cPJ>:-*Gx`*>
pv)[?
AnimationType
UnifiedListView_Cancelled_Perftrack
%>D7-
# O,;[J;'W 
=/M;I
/eokSSUQVL=E;9);
FailFast
vtl|e
k0i0g
EUPP_HPNavigationTriggerProtection_Perftrack
CRIMh
w2<<L
TriggerProtectionHResult
    </trustInfo>
wwwwwwwwwx
#-de^'
nsr@2zGGzcxm
HistoryBrokerShutdown
pnpnnnnnnn
Browseui_HangUI_ScriptRecoveryTimeout
[jejfbe
,--SHGG
H>O-jb*
t|\c$
0020..9(
TabRoaming_PLMSuspendWithOutstandingTimer
,37AAA52+#
Description
.rdata$zETW1
wwwwwwwwwwx
ResolveDelayLoadedAPI
TASK m
TEMP 
UJ_Pbp
HistoryByDateSwitchView
%,--A
Hfff0
Shdocvw_BaseBrowser_FireEvent_BeforeScriptExecute
p`YT+(
B!EYQ
rqokzzz
Search_ImageProcessing
        <security>
 N';]aa`[C4'W 
\/48718
um/a~
Find_FindHits_Perftrack
~t7bbbb77777.7-...-R
TabRoaming_FindRoamedMachines
o\$PH
CurrentVisibleState
3$zBPs
UnifiedListView_Query_Feeds_Perftrack
f?[I/f
tr&2bvfd|||l
D$0E3
oD$ f
zwwwp
AddToHistory
IdleManager_RemoveExpiredRunningTask
Browseui_TabSuspension_Check_Suspendable
PopulateOptions
v#if#
Browseui_Tabs_CloseOtherTabs
@j[U0
InputPanelShow
            <!--This Id value indicates the application supports Windows 8/Server 2012 functionality-->
 dK [
IdleManager_TaskCount
T$8H!|$8
IDATk
{ AVH
History_Journal_Write_Command
't{N'
kwE*PPB_
;X;y'+
Shdocvw_BaseBrowser_FireEvent_DownloadBegin
OPCOT
vN8@/
"VU6U
\__aac
nShield TSS ESN:3605-05E0-D9471%0#
"F.+7/
Window_Restored
%ip=?GJG^=
}6Ju[`|
Browseui_Tabs_DropOnFavorites
32;;=C
000.,,9(
Tab_ShellBrowser_OnBeforeUnload
EmptyTab_Conversion_FinalNavigation_Failed
}KK}}}}}}}}}}}}}}KKKKRKKKRKKKRKKKK
UnifiedListView_MultipleCharacterQuery
Z*imN
DLM_DownloadBar_Close
TabRoaming_ReadProcessInfo
IMDownloadWindow_Hide_Perftrack
t;fD99t5
@.%'`
O}IK}P98:[_^`w]\Q}KK}
`pp*E
Rp$RCJ
 (?D=1
t:LLLp
6wi g"
|gl|ep
favicon
Shdocvw_BaseBrowser_Navigate
as.,k{n?,
LEVL@
zzzqqiiPE
1&lk66
win:ResponseTime
6L[}j
DRSR9
Tab_InitializeBrowserState
rFl}\
sessionID
.rsrc
z4 $v
cvListVersion
h]|#e
"Microsoft Window
7HGGD
37>>7$ 
V9fB0,
'!!  
ADVAPI32.dll
GGHI3)
OpenSemaphoreW
            <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
pnpnpnnnpn
|Fb#c
Count
k/bzb
P""ivx
Iso_Dependencies_RemoveDependency
hjjnjL
@TsR8
RunningTaskCount
A!pf*
    <application xmlns="urn:schemas-microsoft-com:asm.v3">
Browseui_Tabs_Tearoff_NewWindow
        </security>
LegacyHistoryAdd
Shdocvw_BaseBrowser_FireEvent_BeforeNavigate
#Dacc
Menuband_PopulateShellFolderToolbar
ox\AS
/[z`X[
L97sGI
MenuExpand
\$ UH
003200;(
IDLETASK_PRIORITY
fA9Z*v#A
GetLastError
__setusermatherr
>ZgS#
D}GI}a" !
n+dOY
Washington1
<44GZ
Shdocvw_BaseBrowser_FireEvent_Quit
~~?>}
tc@8=
Object
primarynav
+@~=#
Znv%)
Browseui_Tabs_AddTabAPI
0g^34QU
XY[]Boqr
*D1Y0
DLM_Security_Hash
Browseui_SelectTabTimerCreated
exitCode
ZYr(3
DLM_DownloadWindow_Show
InputPanelHide
XWWWXXZ
SetSearchPathMode
D$HE3
CFaviconHolder_UpdateReal
[xo,!
<71/48
IMTravelLogMVC_Info
Shdocvw_PanningTool_GetPanningProperties
1YYYW1YY
Z^:4x3s
'Microsoft Windows Code Signing PCA 2024
Frame_LinksBandCreate
aUYd#
Search_SuggestionsProcessing_Perftrack
            <requestedPrivileges>
TEMP<
Microsoft Corporation1
TabRoaming_SessionTimerFired
8888888888
CreateThumbnail_Superbar_Perftrack
_wcmdln
.gehcont
1YYYYYYYYYYYYYYYYWWVV1
.rdata$zETW0
cs_a\
IntelliForms_Do_AutoStuff
EventSetInformation
(Hup+
BrowserRoamedSettingChange_WinInet
TEMPt
^]O3+
CHAN8
IdleManager_RunExpiredIdleTask
wBDrDC@M#
2k!eD
!9@9!
wwwwwwx
}lK4v
#&WV9
Microsoft-PerfTrack-IEFRAME
4CEHH90
t{{{{{tnjhSSE
'#$!   
lNO t
}yD=+
hwndPrev
Eu0!P
Addressbar_InlineAutocomplete
ProductName
Shdocvw_VirtualTab_GetWebOCWindow
gG(L>^"
Disconnect
8N)V@
GetCurrentProcessId
1YYYYVVVVVSVSTTSSSSSS1
Browseui_Tabs_AddTabButton
SetErrorMode
xzxtpps
}~~,vvw
Internet Explorer
Browseui_Tabs_MakeBlockingCallToTab
.CRT$XLA
n09%1
7DDF)YYYY
Frame_URLEntered
CReadingModeContentProvider
Command Type
 8iG!
.xdata
 "?iV
Microsoft Corporation1200
pdvggp
FavoritesSwitchView
vQ]<B
Print_Dialog_Perftrack
.tls$ZZZ
TimespanInMs
FavoritesBar_PopulateFeedsMenu_Perftrack
Iso_Dependencies_AddDependency
userInputID
v<p`r
DominantImageUrl1
}HL9}@t
FileVersion
WPdWh
TEMPD
leG&g
[Pm A
TravelLogScreenshotNav_NewTab_SetAsHiddenTab
WebStorage_Platform
 Microsoft Corporation. All rights reserved.
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
HangUIShowing
wPdM:
240808213623Z
QueryPerformanceCounter
.tls$
?Kmt~sm]G
.5|M@
ExtensionCloseDW
IDAT /
}}}}}}}}|||||||||
3111111111111111111112
D$0H;
TabRoaming_LoadRoamedTab
@8=1b
cdfge|z/Z>;&
tbmooookooknRRR/.-M
pxvd|x
y{{tnj
(t$pI
:Nq8|
Tab_ShellBrowserOnCreate
KKK8s
            <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
State
Lcx'^
xh.JW^
HhA)ux
Browseui_HangUI
w?2wz7
DeleteCriticalSection
1Q_KP
XWX_b\_
.data
`ppPi
TravelLogScreenshotNav_OldTab_WantsToCancelSwitch
WilFailureNotifyWatchers
InternalName
Shdocvw_BaseBrowser_FireEvent_NewWindow2
Msg:[%ws] 
TabRoaming_DeleteInvalidOrExpiredTabFile
g"&#&6vl|v
Message
~_|}_
ahA:0
GetStartupInfoW
ExtensionSetSite
Y&&"$*(88+)+BCVVVB64'''%!
DD:n 
msvcrt.dll
GetProcessHeap
1YYYY1OOOOOOOOOOOOOONONNNN1
IEXPLORE.EXE
ISO_HANDLE
win:Informational
EmptyTab_CreateNewTab
EmptyTab_Reuse
so=Qs
GetCurrentProcess
P(P~m
EmptyTab_Timer_Cancel
!!!!!!!
.ENNNG.
WaitForSingleObject
G=/QVD
.idata$2
z~qB 2
OnCloseButton
F> "#
Nj)+g
ddFtQ
wr]x"
DownloadWindow
Z`*@#
_amsg_exit
FileName
Browseui_TabWindow_CommitRoamingState_Perftrack
]4kSTTLKK+-
jjk,eef
2|md'
onecoreuap\inetcore\lib\tracelogging\legacydll.cpp
P`!AX
0DMU\]]]]\QNH
[[f4h6PRTKIL:;&
?fMz?k
Redmond1
250814184817Z
EmptyTab_Conversion_Begin
TabRoaming_FindRoamedTabs
_ppppppppppppppppaRM
IsActive
CREDAT:
Tab_Fast_Shutdown_Perftrack
vll|h
Tlg$F
f9H\u
CreateHTMLPreview_Perftrack
(++++++
u!Ug4X}
wO]~!
TEMP0
CloseFrame
cF_l:
ZdpnkSTTVQL<<C,w
AttachTID
Translation
u)DF(%
RowCount
LinkCount
UWATAVAWH
7Cxaf
Enable
rss,jkk
gNX>X
_cexit
TEMP,
Browseui_HangUI_DisparentAndDetachBrowserTab
IQRRMS
Find_MatchAndHighlightHits
CAsyncStorage_WorkPending
VVVUN@@
UnifiedListView_SwitchMode
}At;"
f94Ku
GenerateThumbnail
f9,Vu
Microsoft-IEFRAME/Diagnostic
Browseui_CBrowserFrame_OnClose
qH/uF
^^^\PF
Browseui_SelectTabTimerCancelled
E}#,&
_a_a_a_a_a_a_a___[N
iswspace
LeftButtonAction
1Igjzu
*km?o
G ">3
QSA_PopulateTile_Perftrack
ComponentType
OL8GW
Microsoft-PerfTrack-IEFRAME/Diagnostic
            <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
EDPPERMISSIVEAPPINFOID
TabSwitch
<hgh}
]__7N
eeHHHHHHc
mshtml
Phttp://www.microsoft.com/pkiops/certs/Microsoft%20Time-Stamp%20PCA%202010(1).crt0
PRVAX
=%nD_GF
enefjjn
_exit
||wxxx
f94Cu
Immersive_Travellog_BeforeUnload_Fired
HRESULT
TravelLogScreenshotNav_NewTab_ShowingAllScreenshotsOnSwitch
ResetDestinationList
UnifiedListView_Typed_Perftrack
.idata$5
6pvex
EventRegister
wwwwwwwwww
fjjjbej
StrStrIW
iK/ =
PerformWhenBrowserResponds
ImageUrl
f<g~~
_'_gL
CallContext:[%hs] 
7kb[`
=DNbfjnnjojutrR;
GetProcAddress
Immersive_Travellog_ScrollComplete_Fired
FavoritesBar_PopulateLinksMonitor
!]_0t
Browseui_Tabs_CloseTab_Perftrack
dwTabScenarioFlags
        <application> 
Shdocvw_BaseBrowser_FireEvent_DocumentComplete
ppnppnppnp
ReleaseSemaphore
350623220401Z0_1
Browseui_Tabs_TabReadyForNavigate
U0S0Q
SetUserObjectInformationW
vYZ^D
R_as/%%! 
2wC*y
NewTabPageData_RoamedEntry
roaming
.rdata$T$brc
-ResetDestinationList
210930182225Z
FailureReason
 N';aaa][LEC1'T 
HistoryByMostVisSwitchView
Tab_NavigateToPidl
fC|_t@;1
|k&SZ
Status
F25*-
FU*l?`
AttachToTID
PrerenderURL
Browseui_BringBrowserTabAlternateOwnerForward_Hung
P2}_nA
Shdocvw_VirtualTab_NavigateThreadProc_NavigateEx2Call
I?VX^m3)
$eO&iK
WWWXXZ\
UseWER
IMTravelLogMVC_StateChange
@:@:::@@@9M
Immersive_Travellog_Perftrack
M[p_=
X1`=8
2[[AP
TravelLogScreenshotNav_OldTab_CannotCancelSwitch
%!NPj{{{{{{{{td/
DominantImageUrl4
GJNSsmh
CloseTab
Shdocvw_VirtualTab_NavigateDeferredNewTab
L)40A
7s377
f\Us':AP
b[P,kG
TabRoaming_LoadRoamedMachine
hwndAlternateOwner
>(B}=(-}=(o|<(
TaskID
Search_SuggestionsDownload
h)u{%
GetCommandLineW
       processorArchitecture="amd64"
l>(UuSI
TASKl 
LocalAlloc
Tab_Terminate_Process
Browseui_Tabs_Tearoff_Complete_TabProc
8Y(9k
h`2[C
?Kvc9
]GLTQ}
IsTabSwitch
\j.~C
.giats
$DkynC&
UnifiedListView_Displayed_Perftrack
>C|i+
ReleaseMutex
MaxWaitingTime
Microsoft.InternetExplorer.Preview
FindWindowExW
e%<???=o
bba_^]NNLKF
</assembly>
appppppppppppppppjRXL
n@?Ju5!
-:2JJW
msIso.dll
230865+5045810
Sq]}#
Shdocvw_VirtualTab_NavigateInWebBrowser
t{{{yytttQ2
3.2...((((%
Result
;r"?@p
win:Verbose
iexplore
EmptyTab_Closing
RtlCaptureContext
$JA 3*b
wwwwwwwwx
Frame_NavBarCreate
JournalEncryption_Init_Perftrack
Tab_Recover_Complete
wfV~td
o<5I'
RL--I
NotificationBar_Animate
oT$@f
    <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
.idata$6
BoolVal
Frame_LoadFrameState
M2fB4
    <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
*6zN*
'GG9G'
/y&6N51
ActivityType
fD9<Wu
.Mq#A
TEMPh
AutoSuggest_DropDown_Hide
ULQRUccs
ltI{"
ProcessId
m066^$
m7Xh*
{u}WYZ
ubjn~
TravelLogScreenshotNav_NewTab_NowReadyToSwitch
Snippet_MetaExtraction_Perftrack
            <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
ImageDimX
EmptyTab_Reuse_ReinitializeBrowserTab_Begin
&]D =
kernel32.dll
99999
9[HPr
.)3?664'''''0&//3
KqLa*
]w,<x
"''9'
X }A,-
%hs(%d) tid(%x) %08X %ws
OutputDebugStringW
F)bn)K#
5]1LrT
.97777"7" " " !    
Tab_BFCache_Resume
T'>J<
PRVA8
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
_pppppppppppppppppONNNNR
)DNTp
ppN!f
e05?D
\$ VWAVH
IMTravelLogMVC_NavigationReceived
Imaging_CreateWebPagePreview_Perftrack
DOW^^
<GHIM4)
    </compatibility>
PRVAL
@.data
 A_A^A]A\_
A@>>7%
20260321050310Z
0c0904E4
bTT@7
TTBL0
CoCreateGuid
ImageLastRetrievedTime
IEShortLivedProcess
Microsoft Time-Stamp PCA 20100
_unlock
3P_ptxP
C71/48
Local\SM0:%lu:%lu:%hs
DLM_Resume_Time
@.didat
isDebuggerPresent
`,"\q
Browseui_CIMBrowserFrame_CreateInstance_Perftrack
&_\~e
1YYYVVVSVSVTRNNNTTSSS1
\q=AP\
CHAN\
Shdocvw_BaseBrowser_FireEvent_NewWindow3
DownloadWindow_Item_Added
nonPerfTrack
Z2`_Ot 
OPCOx
HistoryJournal
FormatMessageW
Mj&@:_
fpxdQ
wa*,a
cQL:-$%%
HcQ<H
UserAction
4/-6888
@&0&_g
"=\,9
zf^'I
u L97t
IEFrame
ImageStore_Activity_ImageTotal
1/0-0
FeedsSwitchView
SyncTimeout
InitializeCriticalSection
ImageLastUpdatedTime
ExtensionRelease
&!#")
apppppppppppppppppXnneRK
OriginalFilename
Browseui_DestroyDetachedBrowserTabUI
m^w$@
..('$$$ 
dEJJJD_
GetModuleHandleExW
_ppppppppppppppnppnpnpnp
u*9Q<|%
OS=NLLLH
/QQQRQQQRQQQRQQ
TabID
BrowseUI_CStorage
NotifyFrame
AicL(
memcpy_s
IdleManager_AddRunningTask
AAAAAAAAAAAAAAAAAyyyyyyyyyyyyyyAAy/0.*+,1<gipdyAGzhf
Browseui_CBrowserFrame_CreateInstance_Perftrack
fg1??
Bind Context
Shdocvw_VirtualTab_NavigateImmediateTab
UnifiedListView_Query_History_Perftrack
CompanyName
Version
)/NSKC"
-[TGC>=[
Bing_Suggestions_CancelRequest
-eval
jscript
0a?_n
1YYYYYYYYYYYYYYYYYWVW1
211111YY
Browseui_Tabs_CloseTab
SP>05
yyz,rss
V9^=2(
oKPW@
Frame_TravelBandCreate
ZaZ|W
UnifiedListView_Dropdown_Perftrack
_*%GSSehhZ??>>?B>
qjj?[
OnlineHistoryCollectData
%s!FK
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
Qco0+
%F0[U
TabVisibleIndex
saPz?i
IdleTask_Execution_Time
|$ UH
EnumHistoryRecords
            <!-- This Id value indicates the application supports Windows Threshold functionality-->            
:20/48
Shdocvw_VirtualTab_NavigateThreadProc
[0>:!
        </application>
x>CCA@9G+J
^^]PD
Microsoft.InternetExplorer.Default
*1ATA
L$0H3
Microsoft Time-Stamp PCA 2010
zB=_h
Snippet_BOLLExtraction_Perftrack
UnifiedListView_Query_DomainSuggestion_Perftrack
$0daK
Find_DeactivateBar
;~zQ{
Shdocvw_VirtualTab_NavigateTabManager
3....+))+
+++++++***
7wwwwp
TabCreate
<!y.q
4?%)cH
O[86?
Dependent
VBXP9
gl||deg
        <windowsSettings>
4wNOu{
lHT[G
.rdata
-agggeD[0
;BDDNRRGE;
x"nc(
zsttcUPC
[%hs(%hs)]
+#_g^#
}g#;~
qYFnrm
di033
Browseui_CBrowserFrame_Close
__dllonexit
| <g5
Shdocvw_VirtualTab_GetIWB2
appppppppppppppppnppnpnp
:20/4
BrowserThreadProc_Prior
DataModel_Provider_CreateDataList
FavoritesBar_WriteLinksCache
ttsc_UP
Tab_ShellBrowser_OnUnload
\I9<q
99ph(
Frame_ControlBandCreate
By}H&C'
(P/x\
9IIMMMMMM9999
FoundSuspendable
;Ye/(u&
MenuShrink
K\|7_i
TEMPd
<hghd
`Av+&
BrowserRoamedSettingChange_ExcludedUrls
qkCUk
ThreadID
Immersive_Travellog_PageAvailable_Fired
api-ms-win-downlevel-shell32-l1-1-0.dll
1YYYYYYYYYYYYYYYYYVVT1
EventWriteEx
Window_Minimized
LCIEDownloader
FHIMMMHF
VVVVVTVSTT1
StringFileInfo
Z<Taj
WATAUAVAWH
lX:p"r
xwwwxww
bbbbb
Flags
3;2 ?
CompressThumbnail
h&+-dd^#
IESessionIDInvalidated
{x;yw
pnppnnpnnn
Shdocvw_VirtualTab_NavigateThreadProc_Navigate2Call
NewTabPageData_Refresh
fDestroyingHangUI
|v&""c&
ImageCleaningScheme
u-D9}
RtlDisownModuleHeapAllocation
IHMI7
7*W]{
Sleep
Browseui_VirtualTab_PreNewFrameTabCreate
+RB+R
Browseui_TabSuspension_Unuspend
pnnnnnnnnn
Search_SuggestionsProcessing
CreateThumbnail_Perftrack
AutoSuggest_DropDown_Show
~hRQQ
~bMkd`!
totalTabCount
TabState
:#Hj{
.text
.idata$3
Find_ChangeSelectedHit
CIMContextMenuBar_Show_Perftrack
O'mm?
QueryID
(xk0ql
+{F~x
DownloadWindow_HistoryQuery_Perftrack
.CRT$XCAA
CreateAndSelectTab
TerminateOnShutdown
IDLEMANAGER_TASKTYPE
Browseui_Prerender_Closing_Prerendered_Page
@U@E@
CreateHTMLPreview
pC{yu5
Browseui_HangUI_SetVisible
TEMPl
onh||i|
IMTravelLogMVC_TravelURL
SetDllDirectoryW
Browseui_VirtualTab_PostNewFrameTabCreate
L(}^$A>#
SharedMemoryHandle
VRNNNTTTTS1
H.ZAf
NewTabPage_SearchLogo_Show
[http://www.microsoft.com/pkiops/certs/Microsoft%20Windows%20Code%20Signing%20PCA%202024.crt0
(-=qL
1(0&0
VS_VERSION_INFO
$Microsoft Ireland Operations Limited1'0%
HeapSetInformation
..(((($$  
c0a0_
ox2mC
EventWriteTransfer
    <assemblyIdentity version="5.1.0.0"
Browseui_PrepareVisibleAsync
J*m6v'
HiddenTabCookie
@SUVWATAUAVAW
EmptyTab_Conversion_Cancel
BackNaviagation_Requested
'Microsoft Windows Code Signing PCA 20240
-FFFFBFBBBB???008
#C$"F
wwwwwx
/cpokSTQVVV<E9,F
'Kn)x
IMDownloadWindow_ActionBar_Animation
{liihhmn
UjDM5
StateString
ImageUniqueID
UnifiedListView_GroupPopulated
OIR<r
Browseui_CIMTabView_CloseTab_Perftrack
            <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/> 
Window_Resized
OnlineHistoryClear
Snippet_UserSelExtraction_Perftrack
s AWH
Cookie
fef|yxz
11.00.26100.8115
+DKKKF-#
.idata$4
lRwSjH4_?
@MMHMIMMM@H9E
Frame_AddressBandCreate
:MIMMMMIMB9E
O0M0K
1NWWX
Z5&s&7
???n*+*+
<ah!1
D l8m
_wRB?Q
Frame_Show
\$ UVWAVAWH
FavCenterOpen
TileSize
-][GGC=[
[n?rhf
\$ UVW
Lb m6X
TWZTTWZT
zwj[G
)Microsoft Root Certificate Authority 20100
Browseui_Tabs_SwitchTabs
TimeElapsed
<71/4
<!-- Note: This manifest needs to be kept in sync with iexplore.exe.appcompat.manifest -->
x AVH
LaunchFrame
Browseui_Tabs_BrowserTabRespondsNow_TabHung
EmptyTab_Conversion_CleanupRecoveryData_Begin
m"Nc=`
CreateMutexExW
 P,;;%W 
-Bass
Immersive_Travellog_ScrollComplete_TimeOut
WinMain
vV~wg
)i3&Wr
LAWac
ScaleThumbnail
J?EZ#
2F@"(
AllowRecovery
1|ne$
GetCurrentThreadId
H[a_^]NMLKKJF
HeapAlloc
defunct
GRRRRR
DLM_Security_WVT
(>?q=zGGzbo
}=)G}=(
.didat$2
DebugBreak
_onexit
.rdata$zETW9
OgyBI
*Og{U
<HMGI5
D$8E3
.rdata$brc
`4Wn8q
wcsncmp
:GUUUP-x:
1Ywfcp
@JMMU"/
EVNTp
_ppppppppppppppppp[eXL
Qw`[L+W
.rdata$zzzdbg
Shdocvw_PanningTool_ScrollElementBy
       name="Microsoft.InternetExplorer"
Courier_FunctionalTest
lLCrN
SO@"T
-startmanager
FJcr%
Microsoft Corporation
TEMP8
Frame_Fast_Shutdown_Perftrack
.gfids
}G/-4X
LegalCopyright
I,{5:
tpt&mfh
`Whxo
EmptyTab_Conversion_FinalNavigation_Begin
MICROSOFTEDPPERMISSIVEAPPINFO
1YYYY1YY7IGDA==7VRNNNV((VS1
H2)%5
TabWindowManager_UnDehydrateTabsOnResume_Perftrack
N9x/:
F4"!3
Shdocvw_BaseBrowser_FireEvent_NavigateComplete
Browseui_Tabs_ShowHungTabBar
DIType
N];2^
040904B0
A20/4
RtlVirtualUnwind
SelfRecovered
%hs!%p: 
LocalFree
fjjefjj
>5LDT
URXF;
fogrp
61(!P
Find_MatchAndHighlightHits_Perftrack
3http://www.microsoft.com/pkiops/Docs/Repository.htm0
}F9;7
HistoryBySiteSwitchView
p pt@
3w2!_a|
NotificationBar_Show
]sU&Q
n{{{{{yyyyn[
 55323222...
IMTravelLogMVC_ScreenShotInfo
H"vo9
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
TotalNumber
.data$brc
                    level="asInvoker"
y).=I
TabSwitch_NotAccountingForInputDelay
Device_Info_Util
LegacyHistoryEnum
FileDescription
NotificationBar_Flash
*B 8W]
WEVT_TEMPLATE
gn|vlpl~nw
TravelLogScreenshotNav_OldTab_ReadyToClose
W*,[5H
x;O?rha
R2j:S\
Recovery_WriteInitialStore
Frame_MinIETabBandCreate
W]3yl
OldTID
FavoritesBar_PopulateFeedsMenu
:8887 g_
DataModel_QueryEntry
@~!>7
Browseui_TabWindow_SetVisible
}^[t{
WWV6&(
:MMMMMJMMMCC9
J-"0'''''030433H
Uoh_z
1.=7C
DelayLoadFailureHook
halfTabCount
ExtensionSetSiteNull
Tppnpnnnpnn
C#v2H
EUPP_DoAsyncOperation_Perftrack
rCstG
GetSystemTimeAsFileTime
GetHalfTabData
D$$I;
WVV'*
dptf@
e'>EQ1
-nowait
       type="win32"/>
NewTabPage_Show
UnhandledExceptionFilter
 *#k*~#
a.ry.v
6hynd
Search_ImageProcessing_Perftrack
dW9/+=
=^r</
Browseui_Tabs_Activity_Hide
0-ZZW$
pIDAT7
`In_u
GuVgeeVeUWUW
 *g}DL3^
68*RZa
0PU"r
GetModuleFileNameA
Tnnpnnnnnnn
Pq<(0
Y9" 7B
____gmx>N
;7ww8
DLM_DownloadBar_Show
t!D8="q
Imaging_CreateWebPagePreview
W%:Z%
244444444444444444444442
]7lF8
xnk^z
[[[S+
+???NNX
I?(((()(((
ULV_AggregateItems_Perftrack
BarText
<!-- Copyright (c) Microsoft Corporation -->
>~?7J
Application-Addon-Event-Provider
CIMNavBar_Show_Perftrack
NewTID
HistoryByOrderSwitchView
            <!-- This Id value indicates the application supports Windows Blue/Server 2012 R2 functionality-->            
WaitForSingleObjectEx
;{{{{{{0
l.igM4
EmptyTab_Conversion_Succeeded
notification
CIMFindBar_Show_Perftrack
PinnedSites_OfferedImage
CIMFindBar_Hide_Perftrack
TabRoaming_TabMarkedDirty
IdleManager_RunNextIdleTask
MenuItemPop
InputPanelResize
Index
(7A@@>'
9OSJD-
@@@@@@@@@@@@@
K51ddd
RtlLookupFunctionEntry
_lock
:'IR&
U J Qn^
VVVVVTTTSS1
BrowserRoamedSettingChange_FlipAhead
MICROSOFTEDPENLIGHTENEDAPPINFO
z00'#|D
TravelLogScreenshotNav_NewTab_GetReadyToSwitch
Browseui_ActivationRegistrar_CreateComponent
            <!--This Id value indicates the application supports Windows Vista/Server 2008 functionality -->
.i5Sz
GetTickCount
alv?6
EYe09
Shdocvw_Feed_Search
Y[ONN
LCIE_ForeignProcessMessageQueueDequeueAll
r+K+}q
_PPUUUcs
__wgetmainargs
,2HSK 
mnn,hhi
Publisher
1Dcq?
qc^^ih]i
verbose
EventData
CtrlLeftButtonAction
Locale
_PLG:**:
Browseui_Tabs_Tearoff_ShowVisual
Nhttp://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010(1).crl0l
YZT%]j
LegacyHistoryQuery
x ATAVAWH
B"-*9
)@@>-
ZWWYVPPPMMMN[o
TravelLogScreenshotNav_NewTab_ShowingScreenshotBeforeSwitch
 33.2....(,'
ptytytnc
BrowserThreadProc_Return
@.reloc
kdSEI
npnnnnnnnn
Browseui_Tabs_Tearoff_NewWindow_TabProc
iertutil.dll
VB$h&
333333
@A_A^A]A\_^]
1YYYY1YY7LKIHEB=WVVVVW-'VV1
SHTN^
v#>Ey
IdleManager_RemoveTask
;IIG:
.text$mn$00
Shdocvw_BaseBrowser_FireEvent_NavigateError
28Hsv
Nm\"l):
!U@d5cZ
fD9$Nu
(_(1=
wwwwwwwx
>4F7C)
Shdocvw_BaseBrowser_FireEvent_DownloadComplete
1$`_@
3...((((%  
imagestore
R$fA;Z*
)ag^#
!1$<x
Browseui_Tabs_MarkTabAsHung
VRNNNV
!TkjE
IMTravelLogMVC_WaitForPageTimeout
=;<0wwx
)t$pH
20260322050310Z0w0=
pnnpnpnnnn
Browseui_Tabs_MarkTabAsNotHung
e&V"%JA
@$/t"T
sW%%e
XRNLN
260506182454Z0t1
JyJ@~
K:vd~PF
Microsoft Corporation1-0+
RehydrateTab
ntdll.dll
ptV7n
String
=O?4j
x|iI6
DominantImageUrl3
- &$$
H^]NMLKKJJIF
xr4>D
3s337p
ExtensionShowDW
njejnnp
WWCV6''#odd
yiO<W
QpSh1
TargetPID
Xc$3F
ynf$79:C
250508182454Z
ProcessID
iexplore.pdb
.rsrc$01
@ Sjb?
api-ms-win-downlevel-advapi32-l1-1-0.dll
shell
Q Gt.9
;=5HD
VVVVVTTTTT1
wwrhmmy|
%JVzI5)
Target
q1"hifge],
%hs(%u)\%hs!%p: 
x7qJs
api-ms-win-downlevel-ole32-l1-1-0.dll
7sw7sw
A_A^A]A\_^][
,LIKOIL:)
ggh,bbcxggh
TabWindowManager_DehydrateTabsOnSuspend_Perftrack
EDPENLIGHTENEDAPPINFOID
    </application>
I-[VO
*9988777777
.text$yd
-``[GGC[
HungWindowText
Tab_BFCache_Suspend
'xS[mG~
wwwwwwwwwwwwwwwx
Snippet_Aggregate_Perftrack
33p3337330
[D2PI
Exception
IsHung
NotificationBar_Update
XT51>
`bbi}
NotificationManager_SendResponse
win:Info
.4ON@
Fy_Bc=
TabId
_aaelm

Archive: overlay

File Information

File Name	1726cc74af856711b3f8fa868a8dfc20f20478285b5931d798977d186b3149e4
File Type	data
Associated Filenames	overlay
File Size	10696 bytes
MD5	555813b9c3e1a16ad64591261a986460
SHA1	047cd23ab9a3d67468a6b490c4984c8e3eebc96d
SHA256	1726cc74af856711b3f8fa868a8dfc20f20478285b5931d798977d186b3149e4 VT MWDB Bazaar
SHA3-384	277663ca23ed7be821f9313b82af8772ec0602345b5d38d6c68913c35972532fd689d1c22ab60b24314578bbb68dfa80
CRC32	DCAF0826
TLSH	T121224CE68B7CD042DE8AAD506398E9533C3C93CB2D80989222E9F9541CE37D9D70447F
Ssdeep	192:ugca8LxydkeR+ImIvXbV46X01k9z3ADUU5o3E+l:ugcaGALZvXFR9zcS3Z

Tools: Extract: Strings Extract: BinGraph

PE Information

Image Base

0x140000000

Entry Point

0x00001cb0

Min OS

10.0

Compile Time

2016-04-29 12:31:17

Import Hash

444e14d89c0c88fc100a108d54fd339f

Icon Hash

9afc87754e29bafb0903e08398ce1745

PDB Path

iexplore.pdb

CompanyName	Microsoft Corporation
FileDescription	Internet Explorer
FileVersion	11.00.26100.8115 (WinBuild.160101.0800)
InternalName	iexplore
LegalCopyright	Â© Microsoft Corporation. All rights reserved.
OriginalFilename	IEXPLORE.EXE
ProductName	Internet Explorer
ProductVersion	11.00.26100.8115
CompanyName	Microsoft Corporation
FileDescription	Internet Explorer
FileVersion	11.00.26100.8115
InternalName	iexplore
LegalCopyright	Â© Microsoft Corporation. All rights reserved.
OriginalFilename	IEXPLORE.EXE
ProductName	Internet Explorer
ProductVersion	11.00.26100.8115
Translation	0x0409 0x04b0

Name	RAW Addr	Virt Addr	Virt Size	Raw Size	Characteristics	Entropy
.text	0x00001000	0x00001000	0x00004dfc	0x00005000	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	5.93
fothk	0x00006000	0x00006000	0x00001000	0x00001000	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	0.02
.rdata	0x00007000	0x00007000	0x0000270e	0x00003000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	3.84
.data	0x0000a000	0x0000a000	0x000009e0	0x00001000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	0.13
.pdata	0x0000b000	0x0000b000	0x000005a0	0x00001000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	1.86
.didat	0x0000c000	0x0000c000	0x00000038	0x00001000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	0.06
.rsrc	0x0000d000	0x0000d000	0x000bd5a0	0x000be000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	6.45
.reloc	0x000cb000	0x000cb000	0x000000c8	0x00001000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	0.30

Name	Offset	Size	Language	Entropy	Type
EDPENLIGHTENEDAPPINFOID	0x000294a0	0x00000002	LANG_ENGLISH	1.00	None
EDPPERMISSIVEAPPINFOID	0x000294a8	0x00000002	LANG_ENGLISH	1.00	None
MUI	0x000ca448	0x00000158	LANG_ENGLISH	3.12	None
WEVT_TEMPLATE	0x00010130	0x0001936a	LANG_ENGLISH	4.34	None
RT_ICON	0x000294b0	0x00000668	LANG_ENGLISH	2.95	None
RT_ICON	0x00029b18	0x000002e8	LANG_ENGLISH	3.39	None
RT_ICON	0x00029e00	0x000001e8	LANG_ENGLISH	3.43	None
RT_ICON	0x00029fe8	0x00000128	LANG_ENGLISH	3.38	None
RT_ICON	0x0002a110	0x00000ea8	LANG_ENGLISH	5.21	None
RT_ICON	0x0002afb8	0x000008a8	LANG_ENGLISH	5.88	None
RT_ICON	0x0002b860	0x000006c8	LANG_ENGLISH	5.93	None
RT_ICON	0x0002bf28	0x00000568	LANG_ENGLISH	4.43	None
RT_ICON	0x0002c490	0x0000cbf1	LANG_ENGLISH	7.97	None
RT_ICON	0x00039088	0x000025a8	LANG_ENGLISH	4.96	None
RT_ICON	0x0003b630	0x000010a8	LANG_ENGLISH	5.45	None
RT_ICON	0x0003c6d8	0x00000988	LANG_ENGLISH	5.62	None
RT_ICON	0x0003d060	0x00000468	LANG_ENGLISH	6.36	None
RT_ICON	0x0003d588	0x00000668	LANG_ENGLISH	3.07	None
RT_ICON	0x0003dbf0	0x000002e8	LANG_ENGLISH	3.70	None
RT_ICON	0x0003ded8	0x000001e8	LANG_ENGLISH	3.57	None
RT_ICON	0x0003e0c0	0x00000128	LANG_ENGLISH	3.11	None
RT_ICON	0x0003e1e8	0x00000ea8	LANG_ENGLISH	5.08	None
RT_ICON	0x0003f090	0x000008a8	LANG_ENGLISH	5.87	None
RT_ICON	0x0003f938	0x000006c8	LANG_ENGLISH	5.22	None
RT_ICON	0x00040000	0x00000568	LANG_ENGLISH	3.45	None
RT_ICON	0x00040568	0x000097d2	LANG_ENGLISH	7.98	None
RT_ICON	0x00049d40	0x000025a8	LANG_ENGLISH	4.46	None
RT_ICON	0x0004c2e8	0x000010a8	LANG_ENGLISH	4.94	None
RT_ICON	0x0004d390	0x00000988	LANG_ENGLISH	4.95	None
RT_ICON	0x0004dd18	0x00000468	LANG_ENGLISH	4.91	None
RT_ICON	0x0004e240	0x000002e8	LANG_ENGLISH	3.12	None
RT_ICON	0x0004e528	0x000008a8	LANG_ENGLISH	3.64	None
RT_ICON	0x0004edd0	0x000010a8	LANG_ENGLISH	4.13	None
RT_ICON	0x0004fea8	0x000002e8	LANG_ENGLISH	2.88	None
RT_ICON	0x000501a8	0x000002e8	LANG_ENGLISH	3.69	None
RT_ICON	0x00050490	0x00000128	LANG_ENGLISH	2.98	None
RT_ICON	0x000505b8	0x000008a8	LANG_ENGLISH	6.00	None
RT_ICON	0x00050e60	0x00000568	LANG_ENGLISH	3.69	None
RT_ICON	0x000513c8	0x000010a8	LANG_ENGLISH	5.13	None
RT_ICON	0x00052470	0x00000468	LANG_ENGLISH	5.01	None
RT_ICON	0x00052938	0x000002e8	LANG_ENGLISH	3.90	None
RT_ICON	0x00052c20	0x00000128	LANG_ENGLISH	3.68	None
RT_ICON	0x00052d48	0x000008a8	LANG_ENGLISH	5.99	None
RT_ICON	0x000535f0	0x00000568	LANG_ENGLISH	3.84	None
RT_ICON	0x00053b58	0x000010a8	LANG_ENGLISH	5.33	None
RT_ICON	0x00054c00	0x00000468	LANG_ENGLISH	5.42	None
RT_ICON	0x000550c8	0x000002e8	LANG_ENGLISH	2.75	None
RT_ICON	0x000553b0	0x000008a8	LANG_ENGLISH	3.37	None
RT_ICON	0x00055c58	0x000010a8	LANG_ENGLISH	4.28	None
RT_ICON	0x00056d30	0x000002e8	LANG_ENGLISH	3.80	None
RT_ICON	0x00057018	0x000008a8	LANG_ENGLISH	5.75	None
RT_ICON	0x000578c0	0x000010a8	LANG_ENGLISH	5.35	None
RT_ICON	0x00058998	0x000002e8	LANG_ENGLISH	3.97	None
RT_ICON	0x00058c80	0x00000128	LANG_ENGLISH	3.24	None
RT_ICON	0x00058da8	0x000008a8	LANG_ENGLISH	5.91	None
RT_ICON	0x00059650	0x00000568	LANG_ENGLISH	4.13	None
RT_ICON	0x00059bb8	0x000010a8	LANG_ENGLISH	4.89	None
RT_ICON	0x0005ac60	0x00000468	LANG_ENGLISH	4.84	None
RT_ICON	0x0005b128	0x000002e8	LANG_ENGLISH	3.18	None
RT_ICON	0x0005b410	0x00000128	LANG_ENGLISH	3.31	None
RT_ICON	0x0005b560	0x00000128	LANG_ENGLISH	3.20	None
RT_ICON	0x0005b688	0x00000568	LANG_ENGLISH	2.19	None
RT_ICON	0x0005bbf0	0x00000468	LANG_ENGLISH	4.48	None
RT_ICON	0x0005c088	0x00000128	LANG_ENGLISH	3.40	None
RT_ICON	0x0005c1b0	0x00000568	LANG_ENGLISH	2.74	None
RT_ICON	0x0005c718	0x00000468	LANG_ENGLISH	5.27	None
RT_ICON	0x0005cbb0	0x00000128	LANG_ENGLISH	3.11	None
RT_ICON	0x0005ccd8	0x00000568	LANG_ENGLISH	3.45	None
RT_ICON	0x0005d240	0x00000468	LANG_ENGLISH	4.91	None
RT_ICON	0x0005d6d8	0x00000668	LANG_ENGLISH	3.07	None
RT_ICON	0x0005dd40	0x000002e8	LANG_ENGLISH	3.70	None
RT_ICON	0x0005e028	0x00000128	LANG_ENGLISH	3.11	None
RT_ICON	0x0005e150	0x00000ea8	LANG_ENGLISH	5.08	None
RT_ICON	0x0005eff8	0x000008a8	LANG_ENGLISH	5.87	None
RT_ICON	0x0005f8a0	0x00000568	LANG_ENGLISH	3.45	None
RT_ICON	0x0005fe08	0x000025a8	LANG_ENGLISH	4.46	None
RT_ICON	0x000623b0	0x000010a8	LANG_ENGLISH	4.94	None
RT_ICON	0x00063458	0x00000468	LANG_ENGLISH	4.91	None
RT_ICON	0x00063948	0x000002e8	LANG_ENGLISH	2.75	None
RT_ICON	0x00063c30	0x00000128	LANG_ENGLISH	2.63	None
RT_ICON	0x00063d58	0x000008a8	LANG_ENGLISH	3.37	None
RT_ICON	0x00064600	0x00000568	LANG_ENGLISH	2.37	None
RT_ICON	0x00064b68	0x000010a8	LANG_ENGLISH	4.28	None
RT_ICON	0x00065c10	0x00000468	LANG_ENGLISH	4.37	None
RT_ICON	0x000660d8	0x000002e8	LANG_ENGLISH	3.86	None
RT_ICON	0x000663c0	0x00000128	LANG_ENGLISH	3.30	None
RT_ICON	0x000664e8	0x000008a8	LANG_ENGLISH	6.02	None
RT_ICON	0x00066d90	0x00000568	LANG_ENGLISH	3.82	None
RT_ICON	0x000672f8	0x000010a8	LANG_ENGLISH	5.12	None
RT_ICON	0x000683a0	0x00000468	LANG_ENGLISH	5.25	None
RT_ICON	0x00068868	0x000002e8	LANG_ENGLISH	3.86	None
RT_ICON	0x00068b50	0x00000128	LANG_ENGLISH	3.30	None
RT_ICON	0x00068c78	0x000008a8	LANG_ENGLISH	6.02	None
RT_ICON	0x00069520	0x00000568	LANG_ENGLISH	3.82	None
RT_ICON	0x00069a88	0x000010a8	LANG_ENGLISH	5.12	None
RT_ICON	0x0006ab30	0x00000468	LANG_ENGLISH	5.25	None
RT_ICON	0x0006aff8	0x000002e8	LANG_ENGLISH	3.86	None
RT_ICON	0x0006b2e0	0x00000128	LANG_ENGLISH	3.30	None
RT_ICON	0x0006b408	0x000008a8	LANG_ENGLISH	6.02	None
RT_ICON	0x0006bcb0	0x00000568	LANG_ENGLISH	3.82	None
RT_ICON	0x0006c218	0x000010a8	LANG_ENGLISH	5.12	None
RT_ICON	0x0006d2c0	0x00000468	LANG_ENGLISH	5.25	None
RT_ICON	0x0006d788	0x000002e8	LANG_ENGLISH	4.52	None
RT_ICON	0x0006da70	0x00000128	LANG_ENGLISH	3.69	None
RT_ICON	0x0006db98	0x000008a8	LANG_ENGLISH	6.26	None
RT_ICON	0x0006e440	0x00000568	LANG_ENGLISH	4.99	None
RT_ICON	0x0006e9a8	0x000010a8	LANG_ENGLISH	5.73	None
RT_ICON	0x0006fa50	0x00000468	LANG_ENGLISH	6.04	None
RT_ICON	0x0006ff18	0x000002e8	LANG_ENGLISH	3.58	None
RT_ICON	0x00070200	0x00000128	LANG_ENGLISH	3.46	None
RT_ICON	0x00070328	0x000008a8	LANG_ENGLISH	4.54	None
RT_ICON	0x00070bd0	0x00000568	LANG_ENGLISH	2.70	None
RT_ICON	0x00071138	0x000010a8	LANG_ENGLISH	4.37	None
RT_ICON	0x000721e0	0x00000468	LANG_ENGLISH	4.55	None
RT_ICON	0x000726a8	0x000002e8	LANG_ENGLISH	3.04	None
RT_ICON	0x00072990	0x000008a8	LANG_ENGLISH	5.36	None
RT_ICON	0x00073238	0x000010a8	LANG_ENGLISH	4.19	None
RT_ICON	0x00074310	0x000002e8	LANG_ENGLISH	4.23	None
RT_ICON	0x000745f8	0x000008a8	LANG_ENGLISH	4.90	None
RT_ICON	0x00074ea0	0x000010a8	LANG_ENGLISH	5.00	None
RT_ICON	0x00075f78	0x00000668	LANG_ENGLISH	3.21	None
RT_ICON	0x000765e0	0x000002e8	LANG_ENGLISH	3.81	None
RT_ICON	0x000768c8	0x00000128	LANG_ENGLISH	3.32	None
RT_ICON	0x000769f0	0x00000ea8	LANG_ENGLISH	4.78	None
RT_ICON	0x00077898	0x000008a8	LANG_ENGLISH	4.39	None
RT_ICON	0x00078140	0x00000568	LANG_ENGLISH	3.26	None
RT_ICON	0x000786a8	0x0000414c	LANG_ENGLISH	7.92	None
RT_ICON	0x0007c7f8	0x000025a8	LANG_ENGLISH	4.44	None
RT_ICON	0x0007eda0	0x000010a8	LANG_ENGLISH	5.16	None
RT_ICON	0x0007fe48	0x00000468	LANG_ENGLISH	5.29	None
RT_ICON	0x00080348	0x00000668	LANG_ENGLISH	2.95	None
RT_ICON	0x000809b0	0x000002e8	LANG_ENGLISH	3.39	None
RT_ICON	0x00080c98	0x000001e8	LANG_ENGLISH	3.43	None
RT_ICON	0x00080e80	0x00000128	LANG_ENGLISH	3.38	None
RT_ICON	0x00080fa8	0x00000ea8	LANG_ENGLISH	5.21	None
RT_ICON	0x00081e50	0x000008a8	LANG_ENGLISH	5.88	None
RT_ICON	0x000826f8	0x000006c8	LANG_ENGLISH	5.93	None
RT_ICON	0x00082dc0	0x00000568	LANG_ENGLISH	4.43	None
RT_ICON	0x00083328	0x0000cbf1	LANG_ENGLISH	7.97	None
RT_ICON	0x0008ff20	0x000025a8	LANG_ENGLISH	4.96	None
RT_ICON	0x000924c8	0x000010a8	LANG_ENGLISH	5.45	None
RT_ICON	0x00093570	0x00000988	LANG_ENGLISH	5.62	None
RT_ICON	0x00093ef8	0x00000468	LANG_ENGLISH	6.36	None
RT_ICON	0x00094420	0x00000668	LANG_ENGLISH	3.07	None
RT_ICON	0x00094a88	0x000002e8	LANG_ENGLISH	3.70	None
RT_ICON	0x00094d70	0x000001e8	LANG_ENGLISH	3.57	None
RT_ICON	0x00094f58	0x00000128	LANG_ENGLISH	3.11	None
RT_ICON	0x00095080	0x00000ea8	LANG_ENGLISH	5.08	None
RT_ICON	0x00095f28	0x000008a8	LANG_ENGLISH	5.87	None
RT_ICON	0x000967d0	0x000006c8	LANG_ENGLISH	5.22	None
RT_ICON	0x00096e98	0x00000568	LANG_ENGLISH	3.45	None
RT_ICON	0x00097400	0x000097d2	LANG_ENGLISH	7.98	None
RT_ICON	0x000a0bd8	0x000025a8	LANG_ENGLISH	4.46	None
RT_ICON	0x000a3180	0x000010a8	LANG_ENGLISH	4.94	None
RT_ICON	0x000a4228	0x00000988	LANG_ENGLISH	4.95	None
RT_ICON	0x000a4bb0	0x00000468	LANG_ENGLISH	4.91	None
RT_ICON	0x000a50d8	0x00000668	LANG_ENGLISH	2.95	None
RT_ICON	0x000a5740	0x000002e8	LANG_ENGLISH	3.39	None
RT_ICON	0x000a5a28	0x000001e8	LANG_ENGLISH	3.43	None
RT_ICON	0x000a5c10	0x00000128	LANG_ENGLISH	3.38	None
RT_ICON	0x000a5d38	0x00000ea8	LANG_ENGLISH	5.21	None
RT_ICON	0x000a6be0	0x000008a8	LANG_ENGLISH	5.88	None
RT_ICON	0x000a7488	0x000006c8	LANG_ENGLISH	5.93	None
RT_ICON	0x000a7b50	0x00000568	LANG_ENGLISH	4.43	None
RT_ICON	0x000a80b8	0x0000cbf1	LANG_ENGLISH	7.97	None
RT_ICON	0x000b4cb0	0x000025a8	LANG_ENGLISH	4.96	None
RT_ICON	0x000b7258	0x000010a8	LANG_ENGLISH	5.45	None
RT_ICON	0x000b8300	0x00000988	LANG_ENGLISH	5.62	None
RT_ICON	0x000b8c88	0x00000468	LANG_ENGLISH	6.36	None
RT_ICON	0x000b91b0	0x00000668	LANG_ENGLISH	3.07	None
RT_ICON	0x000b9818	0x000002e8	LANG_ENGLISH	3.70	None
RT_ICON	0x000b9b00	0x000001e8	LANG_ENGLISH	3.57	None
RT_ICON	0x000b9ce8	0x00000128	LANG_ENGLISH	3.11	None
RT_ICON	0x000b9e10	0x00000ea8	LANG_ENGLISH	5.08	None
RT_ICON	0x000bacb8	0x000008a8	LANG_ENGLISH	5.87	None
RT_ICON	0x000bb560	0x000006c8	LANG_ENGLISH	5.22	None
RT_ICON	0x000bbc28	0x00000568	LANG_ENGLISH	3.45	None
RT_ICON	0x000bc190	0x000097d2	LANG_ENGLISH	7.98	None
RT_ICON	0x000c5968	0x000025a8	LANG_ENGLISH	4.46	None
RT_ICON	0x000c7f10	0x000010a8	LANG_ENGLISH	4.94	None
RT_ICON	0x000c8fb8	0x00000988	LANG_ENGLISH	4.95	None
RT_ICON	0x000c9940	0x00000468	LANG_ENGLISH	4.91	None
RT_GROUP_ICON	0x000b90f0	0x000000bc	LANG_ENGLISH	3.20	None
RT_GROUP_ICON	0x00094360	0x000000bc	LANG_ENGLISH	3.19	None
RT_GROUP_ICON	0x000c9da8	0x000000bc	LANG_ENGLISH	3.18	None
RT_GROUP_ICON	0x000a5018	0x000000bc	LANG_ENGLISH	3.19	None
RT_GROUP_ICON	0x0003d4c8	0x000000bc	LANG_ENGLISH	3.07	None
RT_GROUP_ICON	0x0004e180	0x000000bc	LANG_ENGLISH	3.14	None
RT_GROUP_ICON	0x0004fe78	0x00000030	LANG_ENGLISH	2.59	None
RT_GROUP_ICON	0x00050190	0x00000014	LANG_ENGLISH	2.32	None
RT_GROUP_ICON	0x00055068	0x0000005a	LANG_ENGLISH	2.80	None
RT_GROUP_ICON	0x000528d8	0x0000005a	LANG_ENGLISH	2.77	None
RT_GROUP_ICON	0x00056d00	0x00000030	LANG_ENGLISH	2.59	None
RT_GROUP_ICON	0x00058968	0x00000030	LANG_ENGLISH	2.59	None
RT_GROUP_ICON	0x0005b538	0x00000022	LANG_ENGLISH	2.56	None
RT_GROUP_ICON	0x0005b0c8	0x0000005a	LANG_ENGLISH	2.82	None
RT_GROUP_ICON	0x0006feb8	0x0000005a	LANG_ENGLISH	2.79	None
RT_GROUP_ICON	0x0005c058	0x00000030	LANG_ENGLISH	2.56	None
RT_GROUP_ICON	0x0005cb80	0x00000030	LANG_ENGLISH	2.56	None
RT_GROUP_ICON	0x0005d6a8	0x00000030	LANG_ENGLISH	2.56	None
RT_GROUP_ICON	0x00072648	0x0000005a	LANG_ENGLISH	2.82	None
RT_GROUP_ICON	0x000638c0	0x00000084	LANG_ENGLISH	3.04	None
RT_GROUP_ICON	0x00066078	0x0000005a	LANG_ENGLISH	2.82	None
RT_GROUP_ICON	0x00068808	0x0000005a	LANG_ENGLISH	2.82	None
RT_GROUP_ICON	0x0006af98	0x0000005a	LANG_ENGLISH	2.82	None
RT_GROUP_ICON	0x0006d728	0x0000005a	LANG_ENGLISH	2.82	None
RT_GROUP_ICON	0x000742e0	0x00000030	LANG_ENGLISH	2.59	None
RT_GROUP_ICON	0x00075f48	0x00000030	LANG_ENGLISH	2.59	None
RT_GROUP_ICON	0x000802b0	0x00000092	LANG_ENGLISH	3.04	None
RT_VERSION	0x000c9e68	0x000005e0	LANG_ENGLISH	3.46	None
RT_MANIFEST	0x0000f960	0x000007c9	LANG_ENGLISH	4.91	None

Address	Name
0x140007310	GetWindowThreadProcessId
0x140007318	AllowSetForegroundWindow
0x140007320	FindWindowExW
0x140007328	SendMessageTimeoutW
0x140007330	IsWindowVisible
0x140007338	SetUserObjectInformationW
0x140007340	IsWindowEnabled

Address	Name
0x140007408	memcpy_s
0x140007410	iswspace
0x140007418	_vsnwprintf
0x140007420	__C_specific_handler
0x140007428	wcsncmp
0x140007430	free
0x140007438	_XcptFilter
0x140007440	_amsg_exit
0x140007448	__wgetmainargs
0x140007450	__set_app_type
0x140007458	exit
0x140007460	_exit
0x140007468	_cexit
0x140007470	__setusermatherr
0x140007478	_initterm
0x140007480	memset
0x140007488	_wcmdln
0x140007490	_fmode
0x140007498	_commode
0x1400074a0	_lock
0x1400074a8	_unlock
0x1400074b0	__dllonexit
0x1400074b8	_onexit
0x1400074c0	?terminate@@YAXXZ

Address	Name
0x1400071a0	CloseHandle
0x1400071a8	OpenSemaphoreW
0x1400071b0	WaitForSingleObjectEx
0x1400071b8	OutputDebugStringW
0x1400071c0	HeapSetInformation
0x1400071c8	FormatMessageW
0x1400071d0	DelayLoadFailureHook
0x1400071d8	ResolveDelayLoadedAPI
0x1400071e0	GetProcAddress
0x1400071e8	HeapAlloc
0x1400071f0	GetLastError
0x1400071f8	GetSystemTimeAsFileTime
0x140007200	ReleaseMutex
0x140007208	UnhandledExceptionFilter
0x140007210	RtlVirtualUnwind
0x140007218	RtlLookupFunctionEntry
0x140007220	RtlCaptureContext
0x140007228	GetTickCount
0x140007230	GetCurrentThreadId
0x140007238	QueryPerformanceCounter
0x140007240	SetUnhandledExceptionFilter
0x140007248	GetStartupInfoW
0x140007250	Sleep
0x140007258	IsDebuggerPresent
0x140007260	SetDllDirectoryW
0x140007268	DebugBreak
0x140007270	GetModuleHandleW
0x140007278	GetProcessHeap
0x140007280	GetCurrentProcessId
0x140007288	DeleteCriticalSection
0x140007290	LocalFree
0x140007298	GetModuleFileNameA
0x1400072a0	CreateSemaphoreExW
0x1400072a8	HeapFree
0x1400072b0	SetLastError
0x1400072b8	GetCommandLineW
0x1400072c0	GetCurrentProcess
0x1400072c8	ReleaseSemaphore
0x1400072d0	GetModuleHandleExW
0x1400072d8	TerminateProcess
0x1400072e0	InitializeCriticalSection
0x1400072e8	SetErrorMode
0x1400072f0	WaitForSingleObject
0x1400072f8	LocalAlloc
0x140007300	CreateMutexExW

Address	Name
0x140007350	RegGetValueW
0x140007358	EventRegister
0x140007360	EventWriteTransfer
0x140007368	EventWriteEx
0x140007370	EventUnregister

Address	Name
0x140007390	SetCurrentProcessExplicitAppUserModelID

Address	Name
0x140007190	EventSetInformation

Address	Name

Address	Name
0x1400073a0	StrStrIW

Address	Name
0x140007380	CoCreateGuid

Processing 2.18s

2.054s CAPE
0.066s BehaviorAnalysis
0.033s AnalysisInfo
0.026s NetworkAnalysis
0.002s Debug

Signatures 0.17s

0.054s antiav_detectreg
0.019s infostealer_ftp
0.019s territorial_disputes_sigs
0.011s antianalysis_detectreg
0.011s infostealer_im
0.006s antivm_vbox_keys
0.006s ransomware_files
0.004s antiav_detectfile
0.004s antivm_vmware_keys
0.004s infostealer_mail
0.004s ransomware_extensions_known
0.003s antivm_parallels_keys
0.003s antivm_xen_keys
0.002s antianalysis_detectfile
0.002s antivm_generic_diskreg
0.002s antivm_vpc_keys
0.002s infostealer_bitcoin
0.002s masquerade_process_name
0.001s network_open_proxy
0.001s antidebug_devices
0.001s antivm_bochs_keys
0.001s antivm_generic_bios
0.001s antivm_hyperv_keys
0.001s antivm_vbox_files
0.001s ketrican_regkeys
0.001s browser_security
0.001s suspicious_browser_arguments
0.001s bypass_firewall
0.001s disables_backups
0.001s disables_browser_warn
0.001s disables_power_options
0.001s recon_fingerprint
0.001s suspicious_command_tools
0.001s uses_windows_utilities

Reporting 0.00s

0.004s JsonDump

Signatures

Network activity detected but not expressed in monitor API logs

ip: 173.194.76.94

ip: 108.177.15.139

ip: 40.126.31.131

ip: 108.177.15.94

ip: 74.125.206.84

ip: 66.102.1.138

ip: 74.125.206.138

ip: 74.125.133.95

ip: 142.251.150.119

ip: 142.251.168.139

ip: 142.251.168.100

ip: 74.125.206.101

ip: 74.125.71.94

ip: 142.251.16.94

Checks available memory

A possible heap spray exploit has been detected

The PE file contains a PDB path

pdbpath: iexplore.pdb

SetUnhandledExceptionFilter detected (possible anti-debug)

Possible date expiration check, exits too soon after checking local time

process: iexplore.exe, PID 4444

Checks system language via registry key (possible geofencing)

regkey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US

regkey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US

Queries process token information to check for Administrator privileges or UAC elevation status

Queried the FIPS cryptography policy, can be used to adapt C2 network encryption or by legitimate encryption software

behavioral_fips_reconnaissance: ["iexplore.exe (PID: 4444) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy'", "WerFault.exe (PID: 4112) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled'", "WerFault.exe (PID: 4112) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE'", "iexplore.exe (PID: 4444) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy'", "iexplore.exe (PID: 4444) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE'", "iexplore.exe (PID: 4444) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled'", "WerFault.exe (PID: 4112) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy'", "WerFault.exe (PID: 4112) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy'", "WerFault.exe (PID: 4112) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled'", "iexplore.exe (PID: 4444) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled'"]

The binary contains an unknown PE section name indicative of packing

unknown section: {'name': 'fothk', 'raw_address': '0x00006000', 'virtual_address': '0x00006000', 'virtual_size': '0x00001000', 'size_of_data': '0x00001000', 'characteristics': 'IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ', 'characteristics_raw': '0x60000020', 'entropy': '0.02'}

unknown section: {'name': '.didat', 'raw_address': '0x0000c000', 'virtual_address': '0x0000c000', 'virtual_size': '0x00000038', 'size_of_data': '0x00001000', 'characteristics': 'IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE', 'characteristics_raw': '0xc0000040', 'entropy': '0.06'}

The PE file contains an overlay

overlay: Contains overlay at offset 0x000cc000 with size: 10696 bytes

Screenshots

Hosts

Direct	IP	Country Name	ASN
Y	173.194.76.94 [VT]	unknown	-
Y	108.177.15.139 [VT]	unknown	-
Y	40.126.31.131 [VT]	unknown	-
Y	108.177.15.94 [VT]	unknown	-
Y	74.125.206.84 [VT]	unknown	-
Y	66.102.1.138 [VT]	unknown	-
Y	74.125.206.138 [VT]	unknown	-
Y	74.125.133.95 [VT]	unknown	-
Y	142.251.150.119 [VT]	unknown	-
Y	142.251.168.139 [VT]	unknown	-
Y	142.251.168.100 [VT]	unknown	-
Y	74.125.206.101 [VT]	unknown	-
Y	74.125.71.94 [VT]	unknown	-
Y	142.251.16.94 [VT]	unknown	-

Summary

Accessed Files Modified Files Registry Keys Read Registry Keys Modified Registry Keys Deleted Registry Keys Executed Commands Mutexes

\Device\CNG
C:\Users\Rajesh\AppData\Local\Temp\msIso.dll
C:\Windows\System32\msIso.dll
C:\Windows\System32\kernel.appcore.dll
C:\Windows\system32
C:\Windows
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\Rajesh\AppData\Local\Temp\IEFRAME.dll
C:\Windows\System32\ieframe.dll
C:\Users\Rajesh\AppData\Local\Temp\NETAPI32.dll
C:\Windows\System32\netapi32.dll
C:\Users\Rajesh\AppData\Local\Temp\VERSION.dll
C:\Windows\System32\version.dll
C:\Users\Rajesh\AppData\Local\Temp\USERENV.dll
C:\Windows\System32\userenv.dll
C:\Users\Rajesh\AppData\Local\Temp\WINHTTP.dll
C:\Windows\System32\winhttp.dll
C:\Users\Rajesh\AppData\Local\Temp\WKSCLI.DLL
C:\Windows\System32\wkscli.dll
C:\Users\Rajesh\AppData\Local\Temp\NETUTILS.DLL
C:\Windows\System32\netutils.dll
C:\Windows\System32\umpdc.dll
C:\Windows\System32\wer.dll.3.Manifest
C:\ProgramData\Microsoft\Windows\WER
\??\MountPointManager
C:\ProgramData\Microsoft\Windows\WER\ReportQueue
C:\ProgramData\Microsoft\Windows\WER\Temp
C:\ProgramData\Microsoft\Windows\WER\Temp\5e529681-15ec-4457-b87b-a2ba4e8575ff

C:\ProgramData\Microsoft\Windows\WER\Temp
C:\ProgramData\Microsoft\Windows\WER\Temp\5e529681-15ec-4457-b87b-a2ba4e8575ff

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLESAFESEARCHPATH_KB963027
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Security\RunBinaryControlHostProcessInSeparateAppContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Security\RunBinaryControlHostProcessInSeparateAppContainer
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_LOCAL_MACHINE\Software\Policies
HKEY_CURRENT_USER\Software\Policies
HKEY_CURRENT_USER\Software
HKEY_LOCAL_MACHINE\Software
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Sorting\Ids
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Low Rights
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ProtectedModeOffForAllZones
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\OperationalData
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Isolation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Isolation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Isolation64Bit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Isolation64Bit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\AppV
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\WMITelemetry
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\WMITelemetry
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\WMITelemetry
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\WMITelemetry
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\HangRecovery
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\HangRecovery
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Safety\PrivacIE
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Safety\PrivacIE
HKEY_CURRENT_USER
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\StateSeparation\RedirectionMap\Keys
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx\AllowDevelopmentWithoutDevLicense
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock\AllowDevelopmentWithoutDevLicense
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseActivationAuthenticationLevel
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_CURRENT_USER\Software\Classes\Interface\{F686878F-7B42-4CC4-96FB-F4F3B6E3D24D}
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled
HKEY_LOCAL_MACHINE\Software\Classes\PackagedCom
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\TSEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\TSEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SYSTEM_DPI_AWARE
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Error Reporting
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\TraceFlags
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TraceFlags
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MiniNT
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\Consent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\NewUserDefaultConsent
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\DontSendAdditionalData
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Disabled
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent\DefaultConsent
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent\DefaultOverrideBehavior
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\LoggingDisabled
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\DontShowUI
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\QueuePesterInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\DebugApplications
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\BypassDataThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\ForceUserModeCabCollection
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\BypassPowerThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\BypassNetworkCostThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\QueueNoPesterInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\AutoApproveOSDumps
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\LiveReportFlushInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\DefaultConsent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\DefaultOverrideBehavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\QueuePesterInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DebugApplications
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\BypassDataThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ForceUserModeCabCollection
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\BypassPowerThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\BypassNetworkCostThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\QueueNoPesterInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LiveReportFlushInterval
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Windows Error Reporting
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Windows Error Reporting\QueuePesterInterval
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DebugApplications
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Windows Error Reporting\BypassDataThrottling
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ForceUserModeCabCollection
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Windows Error Reporting\BypassPowerThrottling
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Windows Error Reporting\BypassNetworkCostThrottling
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Windows Error Reporting\QueueNoPesterInterval
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LiveReportFlushInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\ForceQueue
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\MaxQueueCount
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\MaxArchiveCount
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\ConfigureArchive
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\DisableArchive
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\CorporateWerServer
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\CorporateWerUseSSL
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\CorporateWerPortNumber
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\CorporateWerUseAuthentication
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\MinFreeDiskSpace
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\CabArchiveFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\ForceHeapDump
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\ForceMetadata
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Source
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\User
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\StorePath
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\ForceEtw
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\CorporateWerUploadOnFreeNetworksOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\UploadOnFreeNetworksOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\CabArchiveSeparate
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\CabArchiveCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\LocalCompression
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\DisableWerUpload
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\DisableEnterpriseAuthProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\ArchiveFolderCountLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\QueueSizeMaxPercentFreeDisk
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\MinQueueSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\MaxRetriesForSasRenewal
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\NoHeapDumpOnQueue
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\DeferCabUpload
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ForceQueue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MaxQueueCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MaxArchiveCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ConfigureArchive
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DisableArchive
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerUseSSL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerPortNumber
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerUseAuthentication
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MinFreeDiskSpace
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CabArchiveFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ForceHeapDump
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ForceMetadata
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Source
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\StorePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ForceEtw
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerUploadOnFreeNetworksOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\UploadOnFreeNetworksOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CabArchiveSeparate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CabArchiveCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalCompression
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DisableWerUpload
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DisableEnterpriseAuthProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ArchiveFolderCountLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\QueueSizeMaxPercentFreeDisk
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MinQueueSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MaxRetriesForSasRenewal
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\NoHeapDumpOnQueue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DeferCabUpload
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DataCollection
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection\AllowTelemetry
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection\Users
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection\Users\S-1-5-21-3262678163-160926255-2192883574-1002
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection\Users\S-1-5-21-3262678163-160926255-2192883574-1002\AllowTelemetry
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\System\ConfigureTelemetryOptInSettingsUx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\System\ConfigureTelemetryOptInSettingsUx\PolicyType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\System\ConfigureTelemetryOptInSettingsUx\Behavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\System\ConfigureTelemetryOptInSettingsUx\MergeAlgorithm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\System\ConfigureTelemetryOptInSettingsUx\RegKeyPathRedirectMapped
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\System\ConfigureTelemetryOptInSettingsUx\RegKeyPathRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\System\ConfigureTelemetryOptInSettingsUx\grouppolicyname
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\System\ConfigureTelemetryOptInSettingsUx\grouppolicypath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\System\ConfigureTelemetryOptInSettingsUx\grouppolicyismultisz
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\System\ConfigureTelemetryOptInSettingsUx\grouppolicymultiszSeparatorChar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\System\ConfigureTelemetryOptInSettingsUx\ADMXMetadataUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\System\ConfigureTelemetryOptInSettingsUx\ADMXMetadataDevice
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\System\ConfigureTelemetryOptInSettingsUx\ADMXMetadataBoth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\System\ConfigureTelemetryOptInSettingsUx\Value
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection\DisableTelemetryOptInSettingsUx
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\current\Device\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\System\ConfigureTelemetryOptInSettingsUx_ProviderSet
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\MSFTInternal
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\MSFTInternal
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\IsTest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\IsTest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\Debug
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Security\RunBinaryControlHostProcessInSeparateAppContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Security\RunBinaryControlHostProcessInSeparateAppContainer
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ProtectedModeOffForAllZones
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\OperationalData
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Isolation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Isolation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Isolation64Bit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Isolation64Bit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\AppV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\HangRecovery
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\HangRecovery
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx\AllowDevelopmentWithoutDevLicense
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock\AllowDevelopmentWithoutDevLicense
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseActivationAuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\TSEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\TSEnable
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\TraceFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TraceFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\NewUserDefaultConsent
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\DontSendAdditionalData
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Disabled
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent\DefaultConsent
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent\DefaultOverrideBehavior
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\LoggingDisabled
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\DontShowUI
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\QueuePesterInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\BypassDataThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\ForceUserModeCabCollection
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\BypassPowerThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\BypassNetworkCostThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\QueueNoPesterInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\AutoApproveOSDumps
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\LiveReportFlushInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\DefaultConsent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\DefaultOverrideBehavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\QueuePesterInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\BypassDataThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ForceUserModeCabCollection
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\BypassPowerThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\BypassNetworkCostThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\QueueNoPesterInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LiveReportFlushInterval
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Windows Error Reporting\QueuePesterInterval
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Windows Error Reporting\BypassDataThrottling
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ForceUserModeCabCollection
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Windows Error Reporting\BypassPowerThrottling
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Windows Error Reporting\BypassNetworkCostThrottling
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Windows Error Reporting\QueueNoPesterInterval
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LiveReportFlushInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\ForceQueue
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\MaxQueueCount
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\MaxArchiveCount
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\ConfigureArchive
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\DisableArchive
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\CorporateWerServer
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\CorporateWerUseSSL
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\CorporateWerPortNumber
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\CorporateWerUseAuthentication
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\MinFreeDiskSpace
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\CabArchiveFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\ForceHeapDump
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\ForceMetadata
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Source
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\User
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\StorePath
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\ForceEtw
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\CorporateWerUploadOnFreeNetworksOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\UploadOnFreeNetworksOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\CabArchiveSeparate
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\CabArchiveCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\LocalCompression
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\DisableWerUpload
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\DisableEnterpriseAuthProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\ArchiveFolderCountLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\QueueSizeMaxPercentFreeDisk
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\MinQueueSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\MaxRetriesForSasRenewal
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\NoHeapDumpOnQueue
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\DeferCabUpload
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ForceQueue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MaxQueueCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MaxArchiveCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ConfigureArchive
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DisableArchive
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerUseSSL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerPortNumber
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerUseAuthentication
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MinFreeDiskSpace
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CabArchiveFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ForceHeapDump
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ForceMetadata
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Source
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\StorePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ForceEtw
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerUploadOnFreeNetworksOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\UploadOnFreeNetworksOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CabArchiveSeparate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CabArchiveCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalCompression
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DisableWerUpload
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DisableEnterpriseAuthProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ArchiveFolderCountLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\QueueSizeMaxPercentFreeDisk
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MinQueueSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MaxRetriesForSasRenewal
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\NoHeapDumpOnQueue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DeferCabUpload
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection\AllowTelemetry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection\Users\S-1-5-21-3262678163-160926255-2192883574-1002\AllowTelemetry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\System\ConfigureTelemetryOptInSettingsUx\PolicyType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\System\ConfigureTelemetryOptInSettingsUx\Behavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\System\ConfigureTelemetryOptInSettingsUx\MergeAlgorithm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\System\ConfigureTelemetryOptInSettingsUx\RegKeyPathRedirectMapped
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\System\ConfigureTelemetryOptInSettingsUx\RegKeyPathRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\System\ConfigureTelemetryOptInSettingsUx\grouppolicyname
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\System\ConfigureTelemetryOptInSettingsUx\grouppolicypath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\System\ConfigureTelemetryOptInSettingsUx\grouppolicyismultisz
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\System\ConfigureTelemetryOptInSettingsUx\grouppolicymultiszSeparatorChar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\System\ConfigureTelemetryOptInSettingsUx\ADMXMetadataUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\System\ConfigureTelemetryOptInSettingsUx\ADMXMetadataDevice
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\System\ConfigureTelemetryOptInSettingsUx\ADMXMetadataBoth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\System\ConfigureTelemetryOptInSettingsUx\Value
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection\DisableTelemetryOptInSettingsUx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\System\ConfigureTelemetryOptInSettingsUx_ProviderSet
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\MSFTInternal
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\MSFTInternal
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\IsTest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\IsTest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\OperationalData

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Isolation

C:\Windows\system32\WerFault.exe -u -p 4444 -s 748

Local\SM0:4444:304:WilStaging_02
Local\SM0:4112:304:WilStaging_02
Local\SM0:4112:120:WilError_03

No results found.

No behavioral analysis data available.

Sorry! No strace.

Sorry! No tracee.

Hosts (0)
DNS (0)

Hosts

No hosts contacted.

TCP Connections

No TCP connections recorded.

UDP Connections

No UDP connections recorded.

DNS Requests

No domains contacted.

HTTP Requests

No HTTP(s) requests performed.

SMTP Traffic

No SMTP traffic performed.

IRC Traffic

No IRC requests performed.

ICMP Traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No Suricata Extracted files.

No dropped files found.

Sorry! No process dumps.

Analysis Details

Options

Analysis Log

Process Log

Pre-Script Log

During-Script Log

Machine Information

File Details

File Information

Strings

Archive: overlay

File Information

PE Information

Version Info

Sections

Resources

Imports

USER32

msvcrt

KERNEL32

api-ms-win-downlevel-advapi32-l1-1-0

api-ms-win-downlevel-shell32-l1-1-0

ADVAPI32

iertutil

api-ms-win-downlevel-shlwapi-l1-1-0

api-ms-win-downlevel-ole32-l1-1-0

Statistics 2.36s

Signatures

Screenshots

Hosts

Summary

Hosts

TCP Connections

UDP Connections

DNS Requests

HTTP Requests

SMTP Traffic

IRC Traffic

ICMP Traffic

CIF Results

Suricata Alerts

Suricata TLS

Suricata HTTP