Advanced File Analysis System

File Name: KHYnZx4nz.zk

File Type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

SHA1: f8b5c98e21b2a05fd83ba772091a2ed8bbf1bc12

MD5: a88491a1e76fd8e433adad53bd330d31

Download Kill Chain Report

Accessed Files

C:\Users\user\AppData\Local\Temp\f8b5c98e21b2a05fd83ba772091a2ed8bbf1bc12.dll
C:\Users\user\AppData\Local\Temp\f8b5c98e21b2a05fd83ba772091a2ed8bbf1bc12.dll.123.Manifest
C:\Users\user\AppData\Local\Temp\f8b5c98e21b2a05fd83ba772091a2ed8bbf1bc12.dll.124.Manifest
C:\Users\user\AppData\Local\Temp\f8b5c98e21b2a05fd83ba772091a2ed8bbf1bc12.dll.2.Manifest
C:\Windows\SysWOW64\rundll32.exe
- C:\Users\user\AppData\Local\Temp\msi.dll
- C:\Windows\System32\msi.dll
Show More 2

Read Registry Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\FileSystem\Win31FileSystem

Resolved APIs

kernel32.dll.GetNativeSystemInfo
kernel32.dll.VirtualAlloc
kernel32.dll.VirtualFree
kernel32.dll.VirtualProtect
kernel32.dll.UnmapViewOfFile
- ntdll.dll.RtlCompressBuffer
- ntdll.dll.RtlDecompressBuffer
- ntdll.dll.RtlZeroMemory
- kernel32.dll.FlsFree
- kernel32.dll.GetEnvironmentVariableA
- kernel32.dll.GetVolumeNameForVolumeMountPointA
- kernel32.dll.GetCurrentProcess
- kernel32.dll.CreateProcessW
- kernel32.dll.InitializeCriticalSection
- kernel32.dll.DeleteCriticalSection
- kernel32.dll.EnterCriticalSection
- kernel32.dll.LeaveCriticalSection
- kernel32.dll.GetCurrentThread
- kernel32.dll.FindNextFileW
- kernel32.dll.GetDiskFreeSpaceExW
- kernel32.dll.GetVolumeInformationW
- kernel32.dll.GetLogicalDrives
- kernel32.dll.GetWindowsDirectoryA
- kernel32.dll.InterlockedDecrement
- kernel32.dll.GetTickCount
- kernel32.dll.LoadLibraryA
- kernel32.dll.FreeLibrary
- kernel32.dll.GetSystemDirectoryW
- kernel32.dll.lstrlenA
- kernel32.dll.LoadLibraryW
- kernel32.dll.GetLocaleInfoA
- kernel32.dll.SetUnhandledExceptionFilter
- kernel32.dll.FindClose
- kernel32.dll.FindFirstFileW
- kernel32.dll.MultiByteToWideChar
- kernel32.dll.WideCharToMultiByte
- kernel32.dll.DisableThreadLibraryCalls
- kernel32.dll.WaitForSingleObject
- kernel32.dll.CreateThread
- kernel32.dll.Sleep
- kernel32.dll.GetUserDefaultLangID
- kernel32.dll.GetSystemDefaultLangID
- kernel32.dll.SetErrorMode
- kernel32.dll.GlobalAddAtomA
- kernel32.dll.AddAtomA
- kernel32.dll.FindAtomA
- kernel32.dll.GlobalFindAtomA
- kernel32.dll.OpenMutexA
- kernel32.dll.LocalFree
- kernel32.dll.CreateEventA
- kernel32.dll.MulDiv
- kernel32.dll.GetUserDefaultUILanguage
- kernel32.dll.GetVersionExA
- kernel32.dll.ExitProcess
- kernel32.dll.GetModuleFileNameW
- kernel32.dll.FlushFileBuffers
- kernel32.dll.SetFileTime
- kernel32.dll.GetSystemTimeAsFileTime
- kernel32.dll.SetFilePointer
- kernel32.dll.ReadFile
- kernel32.dll.SetFileAttributesW
- kernel32.dll.GetLastError
- kernel32.dll.GetFileAttributesExW
- kernel32.dll.DeleteFileW
- kernel32.dll.MoveFileExW
- kernel32.dll.WriteFile
- kernel32.dll.GetFileSizeEx
- kernel32.dll.CreateFileW
- kernel32.dll.CloseHandle
- kernel32.dll.GetModuleHandleA
- kernel32.dll.GetProcAddress
- kernel32.dll.GetDriveTypeW
- kernel32.dll.RtlUnwind
- kernel32.dll.GetCurrentProcessId
- kernel32.dll.QueryPerformanceCounter
- kernel32.dll.GetEnvironmentStringsW
- kernel32.dll.FreeEnvironmentStringsW
- kernel32.dll.GetModuleFileNameA
- kernel32.dll.GetStartupInfoW
- kernel32.dll.GetFileType
- kernel32.dll.InitializeCriticalSectionAndSpinCount
- kernel32.dll.SetHandleCount
- kernel32.dll.GetStringTypeW
- kernel32.dll.LCMapStringW
- kernel32.dll.HeapDestroy
- kernel32.dll.HeapCreate
- kernel32.dll.SetLastError
- kernel32.dll.TlsFree
- kernel32.dll.TlsSetValue
- kernel32.dll.TlsGetValue
- kernel32.dll.TlsAlloc
- kernel32.dll.IsValidCodePage
- kernel32.dll.GetOEMCP
- kernel32.dll.GetACP
- kernel32.dll.InterlockedIncrement
- kernel32.dll.GetCPInfo
- kernel32.dll.GetModuleHandleW
- kernel32.dll.IsProcessorFeaturePresent
- kernel32.dll.HeapReAlloc
- kernel32.dll.HeapSize
- kernel32.dll.TerminateProcess
- kernel32.dll.IsDebuggerPresent
- kernel32.dll.UnhandledExceptionFilter
- kernel32.dll.GetStdHandle
- kernel32.dll.RaiseException
- kernel32.dll.GetCommandLineA
- kernel32.dll.GetCurrentThreadId
- kernel32.dll.HeapFree
- kernel32.dll.HeapAlloc
- kernel32.dll.VirtualQuery
- user32.dll.SystemParametersInfoW
- user32.dll.FrameRect
- user32.dll.FillRect
- user32.dll.ReleaseDC
- user32.dll.GetDC
- user32.dll.GetSystemMetrics
- user32.dll.DrawTextW
- gdi32.dll.CreateCompatibleDC
- gdi32.dll.GetDIBits
- gdi32.dll.GetObjectA
- gdi32.dll.SetBkMode
- gdi32.dll.SetTextColor
- gdi32.dll.CreateSolidBrush
- gdi32.dll.CreateCompatibleBitmap
- gdi32.dll.SelectObject
- gdi32.dll.CreateFontA
- gdi32.dll.DeleteObject
- gdi32.dll.GetDeviceCaps
- gdi32.dll.DeleteDC
- advapi32.dll.OpenProcessToken
- advapi32.dll.AccessCheck
- advapi32.dll.MapGenericMask
- advapi32.dll.DuplicateToken
- advapi32.dll.OpenThreadToken
- advapi32.dll.GetFileSecurityW
- advapi32.dll.CryptGetKeyParam
- advapi32.dll.CryptSetHashParam
- advapi32.dll.CryptHashData
- advapi32.dll.SetTokenInformation
- advapi32.dll.CryptDestroyHash
- advapi32.dll.CryptCreateHash
- advapi32.dll.CryptGetHashParam
- advapi32.dll.RegSetValueExA
- advapi32.dll.FreeSid
- advapi32.dll.SetSecurityDescriptorDacl
- advapi32.dll.InitializeSecurityDescriptor
- advapi32.dll.SetEntriesInAclA
- advapi32.dll.AllocateAndInitializeSid
- advapi32.dll.RegCloseKey
- advapi32.dll.RegOpenKeyExA
- advapi32.dll.CryptAcquireContextA
- advapi32.dll.CryptGenRandom
- advapi32.dll.CryptReleaseContext
- advapi32.dll.CryptEncrypt
- advapi32.dll.CryptSetKeyParam
- advapi32.dll.CryptImportKey
- advapi32.dll.CryptDestroyKey
- shell32.dll.ShellExecuteW
- shell32.dll.SHGetFolderPathW
- ole32.dll.CoInitializeSecurity
- ole32.dll.CoUninitialize
- ole32.dll.CoInitializeEx
- ole32.dll.CoCreateInstance
- oleaut32.dll.#2
- oleaut32.dll.#150
- oleaut32.dll.#149
- oleaut32.dll.#6
- oleaut32.dll.#8
- oleaut32.dll.#9
- wininet.dll.HttpSendRequestA
- wininet.dll.HttpEndRequestA
- wininet.dll.HttpQueryInfoA
- wininet.dll.InternetWriteFile
- wininet.dll.HttpSendRequestExA
- wininet.dll.HttpAddRequestHeadersA
- wininet.dll.InternetQueryOptionA
- wininet.dll.HttpOpenRequestA
- wininet.dll.InternetCloseHandle
- wininet.dll.InternetCrackUrlA
- wininet.dll.InternetOpenA
- wininet.dll.InternetSetOptionA
- wininet.dll.InternetReadFile
- wininet.dll.InternetConnectA
- mpr.dll.WNetEnumResourceW
- mpr.dll.WNetAddConnection2W
- mpr.dll.WNetCloseEnum
- mpr.dll.WNetOpenEnumW
- netapi32.dll.DsRoleFreeMemory
- netapi32.dll.DsRoleGetPrimaryDomainInformation
- urlmon.dll.ObtainUserAgentString
- kernel32.dll.FlsAlloc
- kernel32.dll.FlsGetValue
- kernel32.dll.FlsSetValue
Show More 188

Registry Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\FileSystem\Win31FileSystem

Read Files

C:\Users\user\AppData\Local\Temp\f8b5c98e21b2a05fd83ba772091a2ed8bbf1bc12.dll
C:\Users\user\AppData\Local\Temp\f8b5c98e21b2a05fd83ba772091a2ed8bbf1bc12.dll.123.Manifest
C:\Users\user\AppData\Local\Temp\f8b5c98e21b2a05fd83ba772091a2ed8bbf1bc12.dll.124.Manifest
C:\Users\user\AppData\Local\Temp\f8b5c98e21b2a05fd83ba772091a2ed8bbf1bc12.dll.2.Manifest
C:\Windows\SysWOW64\rundll32.exe

Loading...