What is pmls64.dll?
pmls64.dll is part of PremierOpinion and developed by VoiceFive, Inc. according to the pmls64.dll version information.
pmls64.dll's description is "PremierOpinion"
pmls64.dll is digitally signed by VoiceFive, Inc..
pmls64.dll is usually located in the 'c:\users\%USERNAME%\appdata\local\temp\~osc5f1.tmp\' folder.
Some of the anti-virus scanners at VirusTotal detected pmls64.dll.
If you have additional information about the file, please share it with the FreeFixer users by posting a comment at the bottom of this page.
Vendor and version information [?]
The following is the available information on pmls64.dll:
| Property | Value |
|---|---|
| Product name | PremierOpinion |
| Company name | VoiceFive, Inc. |
| File description | PremierOpinion |
| Legal copyright | Copyright © 2001-2019 |
| Product version | 4.0.21.20 (Build 21.20) |
| File version | 4.0.21.20 (Build 21.20) |
Here's a screenshot of the file properties when displayed by Windows Explorer:
| Product name | PremierOpinion |
| Company name | VoiceFive, Inc. |
| File description | PremierOpinion |
| Legal copyright | Copyright © 2001-2019 |
| Product version | 4.0.21.20 (Build 21.20) |
| File version | 4.0.21.20 (Build 21.20) |
Digital signatures [?]
pmls64.dll has a valid digital signature.
| Property | Value |
|---|---|
| Signer name | VoiceFive, Inc. |
| Certificate issuer name | Sectigo RSA Code Signing CA |
| Certificate serial number | 00ce9eb2574eec227f7340f5dde24784d3 |
VirusTotal report
37 of the 72 anti-virus programs at VirusTotal detected the pmls64.dll file. That's a 51% detection rate.
| Scanner | Detection Name |
|---|---|
| Ad-Aware | Gen:Variant.Ulise.104992 |
| AegisLab | Adware.Win32.Relevant.2!c |
| ALYac | Gen:Variant.Ulise.104992 |
| Antiy-AVL | GrayWare[AdWare]/Win32.Relevant |
| APEX | Malicious |
| Arcabit | Trojan.Ulise.D19A20 |
| Avast | Win64:Adware-gen [Adw] |
| AVG | Win64:Adware-gen [Adw] |
| BitDefender | Gen:Variant.Ulise.104992 |
| Cylance | Unsafe |
| Cyren | W64/Application.DRWB-1130 |
| Emsisoft | Application.Generic (A) |
| Endgame | malicious (high confidence) |
| ESET-NOD32 | a variant of Win64/Adware.RK.A |
| FireEye | Generic.mg.5bd46b434dd8a589 |
| Fortinet | Adware/RK |
| GData | Gen:Variant.Ulise.104992 |
| Ikarus | PUA.RelevantKnowledge |
| Invincea | heuristic |
| Jiangmin | Adware.Relevant.ai |
| K7AntiVirus | Adware ( 004f6c831 ) |
| K7GW | Adware ( 004f6c831 ) |
| Malwarebytes | Adware.PremierOpinion |
| MAX | malware (ai score=86) |
| MaxSecure | Trojan.Malware.77180554.susgen |
| Microsoft | PUA:Win32/Presenoker |
| MicroWorld-eScan | Gen:Variant.Ulise.104992 |
| Paloalto | generic.ml |
| Panda | PUP/Adware |
| Rising | PUA.RelevantKnowledge!8.F609 (TFE:dGZlOgWdzq9m0I9CTw) |
| SentinelOne | DFI - Malicious PE |
| Sophos | Generic PUA CI (PUA) |
| SUPERAntiSpyware | PUP.Bundler/Variant |
| VIPRE | Win64.Adware |
| Webroot | Pua.Premier.Opinion |
| Yandex | PUA.Relevant! |
| Zillya | Adware.Relevant.Win32.134 |
Sandbox Report
The following information was gathered by executing the file inside Cuckoo Sandbox.
Summary
Successfully executed process in sandbox.
Summary
{
"dll_loaded": [
"dbghelp.dll",
"ntmarta.dll",
"Kernel32.dll",
"kernelbase.dll",
"C:\\Windows\\system32\\symsrv.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\e2359d57970bc501e42a5b4986ab5b638882def3354711bffbbe1f254adca985.bin.dll",
"wininet.dll",
"Kernel32.DLL",
"ADVAPI32.dll",
"kernel32.dll",
"Shell32.dll",
"Advapi32",
"Schannel.dll",
"WS2_32.DLL"
],
"file_opened": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\e2359d57970bc501e42a5b4986ab5b638882def3354711bffbbe1f254adca985.bin.dll"
],
"command_line": [
"\"C:\\Windows\\System32\\rundll32.exe\" C:\\Users\\cuck\\AppData\\Local\\Temp\\e2359d57970bc501e42a5b4986ab5b638882def3354711bffbbe1f254adca985.bin.dll,DllMain"
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{eb89b364-cf98-4d30-9b22-789ebee1f6b1}",
"\\Config\\OSMIM",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{f50bc8dc-2ee0-46d3-bcd4-247fa737e62a}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2358a6dd-dfcc-4519-90a8-63ad28847171}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{5e34aab5-c68c-450b-b135-c0280d7dcad8}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2d90094b-3e3e-43e6-89ba-c6cdf84a8eed}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{471d551a-f5a7-4430-8973-743efd95229d}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{9cf77345-ac1f-46e5-83ff-79676bee4d6b}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{02cf1d86-3ded-457c-beef-17f69673438f}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{6ac4c165-4857-48cf-9877-65e283dde598}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{db7dea22-e231-4a21-b42a-bb516846c0d9}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{58e5d5a3-4112-4e73-9c29-8f8efb70920c}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{fb41dea8-8966-4579-b330-d2cd9a015a41}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{caa9f3c8-4f91-45c1-8487-2219c26219e9}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{7bdea6ce-a04d-4e40-b656-15d87dad37d7}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{f5866320-5059-43d6-9e29-7789332a0d17}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{d76e0199-482b-44f9-9378-f8e28a381113}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{a1edb681-9002-4e83-9074-98848f56baaf}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{0d55996c-a60c-459d-a3d3-562e95ca7083}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{f84d74b5-b250-456a-8073-cdadc5d48361}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{d08d9f98-1c78-4704-87e6-368b0023d831}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1b3c34b7-5d93-41e4-a18e-51b930458852}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{bfb84c8a-f53c-4cdc-a9c7-6e79ebd9bd9d}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{ddd7448d-b411-42af-85cb-cc51958b0f6f}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{3b9d6392-d0bd-4d9b-91f5-d8f092969fc7}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1a8b4ccf-4f49-4210-89e3-4b31141493b0}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{4092b7bc-4bf7-4ea7-9424-259a0e7dc7f6}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{233cabe3-7257-4122-b48b-a5b1b16b26d4}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{bff31cbb-0666-451f-b963-0156ae13f9a6}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{15d612df-d417-4cda-b8b5-94f47ba21313}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{e0d14efd-5ce1-42c9-97dd-a782d4cf3f07}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{62f41b6d-3dbd-4b7a-81c4-2990cdc7248e}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{a71b1608-0de3-445d-afc1-16cc74422a9e}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{f9c693c2-e135-40f9-905d-7081a92a6ea4}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{16deb351-9f67-482f-a05c-faa9bf84ab90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{ded643d8-9233-49f6-8c4a-57c71907965c}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{8beb81ad-bd55-4107-a862-90514f8ba539}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{9628510f-b692-4d05-b126-6092de4e6b8e}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{614c7e53-96ab-4bc9-a1cd-cb7ea8e3e105}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{ba11561e-f0c3-4e6b-9548-79ef48cc4087}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{759ac2c0-ae8a-4407-8118-3c6d1caf5734}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{8aa55f28-ed54-4de4-8954-30cf1b0be72c}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32f66531-e188-4d2d-bb57-f36725963fd7}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2b089a27-107b-4e0f-aad3-49eb1ec4cc9b}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2cbd1bb3-9ac7-4d7f-9023-8a3e8dfb841a}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{ec5b1160-4918-4d15-8e27-f27a1f1f6042}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{d1f0f240-b69a-4fba-80a1-83ac2a18a68f}",
"\\Config\\aol",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{af3a4f65-267f-4774-a676-8204722d2456}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2a0da165-889b-4900-a115-08cf0140ef7b}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{42cd067f-d483-428d-83bc-437211349927}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{d1218f58-84be-4190-b636-19845f02986c}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{e1337a80-c2c5-4d1e-a7d4-63ba8f3a8ce2}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{3579c468-f59f-4726-8460-0aeb416e3086}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{019ca07c-bd0d-47c0-b634-d75122f7b021}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{a660c7ae-a5d9-4cbc-af6f-535045af22be}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{295eeab0-ad85-44f5-b985-dc96e62c23e7}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{6de36a52-6197-4e69-9f7a-4ba26d337fc1}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{7c4b369f-e660-40df-9329-289886054297}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1aa5a604-4a87-4e82-bf39-84868deedbd3}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{ac76930b-8c77-4a64-991c-b2ac308a8425}",
"\\Config\\OSSProxy\\Settings",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{c6fdaf89-7622-41cf-bff9-ff22bf31f207}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{63d905c0-5721-440c-84e2-a7e08abce6d1}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{c476da41-4b0d-4cf7-a3b5-37c375da358b}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{f76f85ec-c350-441b-a77f-938d5ae7d50a}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{b9a87164-61a5-466b-b34c-e1cb9de00a4b}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{b58783bc-ea15-4926-aa30-61e4a4cf458a}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{ee088979-9f28-4018-ad3e-844f14b6c5f2}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{62b7d2aa-fd89-4a0f-aa7f-b5c61833b791}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{d6a666b8-3dfc-480c-9180-b5d3799edd92}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1aebcc44-7a6c-43b9-ae5a-a6ee651d67ce}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{8edf80b6-2926-4737-981f-5fd7ec9bf662}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{0541a37a-f396-4b41-ac58-e76b37a4b318}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2ebfcbce-855b-4275-bb14-b1389bbb23a1}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{13800ee5-d499-4b30-8d91-e0f7a45d59ce}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{c1600b9a-7879-4c37-84bb-7ae3095d2e2f}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1213de8e-90f1-4241-8cb2-3144e29bea25}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{309a6371-94e6-44e4-afbf-df56403a63b1}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{362b5d37-5278-4714-94e0-00ba0cfc371a}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{66ed044a-0e4f-40ba-bee2-ae9314a85dfa}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{e88db089-ec39-485c-86c0-984f216adb7c}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{acd16646-870d-46fe-b0af-b444d17e6ccb}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{7f7849f8-c998-4ddc-b199-776afd5d1bb9}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{9617031d-0585-414a-bfac-a31c3d2be037}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{f3056526-65fe-47ee-921c-8e9b8e7ca90c}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{f1a9b85f-e717-442b-92e2-c1ebb180089e}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{e03d8272-a1c3-474a-a605-6770456fb491}",
"HKEY_LOCAL_MACHINE\\Software\\Netsetter\\aol",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{6a347828-bbc8-4344-b2a3-37b3b920dc62}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{b144a578-63b8-4365-a90e-5d205450d74b}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{5eafdf74-1830-41e8-8aaa-6babd746c193}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{114912a3-69fa-4b4d-a77b-1d74d959cce4}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{3d1fd035-db90-47ef-b1ef-eb05b51680a3}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2dd5aede-3a56-4b0b-be92-574af29faa45}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1c7efc54-1525-4f7a-aff5-45f6856daf38}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1c2be269-40e4-429f-8fb9-f0d5290bcace}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{775953c1-3a9f-4611-bc00-dfc5467f0c54}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{5b35d2f8-2082-4cfa-a9df-f6e28464bd40}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{f4a143bf-f9d8-40f8-8567-a84d638162cd}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{0730f573-ec62-4935-8427-06ffafaa1980}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{4074ce24-9a24-4378-ae40-b45061183e82}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{464f37a9-d4c2-407a-b197-f1066bcbcfad}"
],
"file_exists": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\e2359d57970bc501e42a5b4986ab5b638882def3354711bffbbe1f254adca985.bin.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\e2359d57970bc501e42a5b4986ab5b638882def3354711bffbbe1f254adca985.bin.dll.manifest"
],
"mutex": [
"OSMIM_PQ_PQMutex",
"M_OSSMemRoute",
"OSMIM_SQ_PQMutex",
"OSMIM_FLS_FLSMutex64",
"OSMIM_CFS_CFSMutex64",
"HDR_REPLACEMENT_SHMemMutex"
],
"file_failed": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\kernelbase.pdb",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\kernelbase.pdb\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\dll\\kernelbase.pdb",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\symbols\\dll\\kernelbase.pdb"
],
"file_read": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\e2359d57970bc501e42a5b4986ab5b638882def3354711bffbbe1f254adca985.bin.dll"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\AccessProviders\\MartaExtension"
]
}Generic
[
{
"process_path": "C:\\Windows\\System32\\rundll32.exe",
"process_name": "rundll32.exe",
"pid": 2588,
"summary": {
"dll_loaded": [
"dbghelp.dll",
"ntmarta.dll",
"Kernel32.dll",
"kernelbase.dll",
"C:\\Windows\\system32\\symsrv.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\e2359d57970bc501e42a5b4986ab5b638882def3354711bffbbe1f254adca985.bin.dll",
"wininet.dll",
"Kernel32.DLL",
"ADVAPI32.dll",
"kernel32.dll",
"Shell32.dll",
"Advapi32",
"Schannel.dll",
"WS2_32.DLL"
],
"file_failed": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\kernelbase.pdb",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\kernelbase.pdb\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\dll\\kernelbase.pdb",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\symbols\\dll\\kernelbase.pdb"
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{eb89b364-cf98-4d30-9b22-789ebee1f6b1}",
"\\Config\\OSMIM",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{f50bc8dc-2ee0-46d3-bcd4-247fa737e62a}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2358a6dd-dfcc-4519-90a8-63ad28847171}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{5e34aab5-c68c-450b-b135-c0280d7dcad8}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2d90094b-3e3e-43e6-89ba-c6cdf84a8eed}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{471d551a-f5a7-4430-8973-743efd95229d}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{9cf77345-ac1f-46e5-83ff-79676bee4d6b}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{02cf1d86-3ded-457c-beef-17f69673438f}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{6ac4c165-4857-48cf-9877-65e283dde598}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{db7dea22-e231-4a21-b42a-bb516846c0d9}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{58e5d5a3-4112-4e73-9c29-8f8efb70920c}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{fb41dea8-8966-4579-b330-d2cd9a015a41}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{caa9f3c8-4f91-45c1-8487-2219c26219e9}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{7bdea6ce-a04d-4e40-b656-15d87dad37d7}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{f5866320-5059-43d6-9e29-7789332a0d17}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{d76e0199-482b-44f9-9378-f8e28a381113}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{a1edb681-9002-4e83-9074-98848f56baaf}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{0d55996c-a60c-459d-a3d3-562e95ca7083}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{f84d74b5-b250-456a-8073-cdadc5d48361}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{d08d9f98-1c78-4704-87e6-368b0023d831}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1b3c34b7-5d93-41e4-a18e-51b930458852}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{bfb84c8a-f53c-4cdc-a9c7-6e79ebd9bd9d}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{ddd7448d-b411-42af-85cb-cc51958b0f6f}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{3b9d6392-d0bd-4d9b-91f5-d8f092969fc7}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1a8b4ccf-4f49-4210-89e3-4b31141493b0}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{4092b7bc-4bf7-4ea7-9424-259a0e7dc7f6}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{233cabe3-7257-4122-b48b-a5b1b16b26d4}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{bff31cbb-0666-451f-b963-0156ae13f9a6}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{15d612df-d417-4cda-b8b5-94f47ba21313}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{e0d14efd-5ce1-42c9-97dd-a782d4cf3f07}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{62f41b6d-3dbd-4b7a-81c4-2990cdc7248e}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{a71b1608-0de3-445d-afc1-16cc74422a9e}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{f9c693c2-e135-40f9-905d-7081a92a6ea4}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{16deb351-9f67-482f-a05c-faa9bf84ab90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{ded643d8-9233-49f6-8c4a-57c71907965c}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{8beb81ad-bd55-4107-a862-90514f8ba539}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{9628510f-b692-4d05-b126-6092de4e6b8e}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{614c7e53-96ab-4bc9-a1cd-cb7ea8e3e105}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{ba11561e-f0c3-4e6b-9548-79ef48cc4087}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{759ac2c0-ae8a-4407-8118-3c6d1caf5734}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{8aa55f28-ed54-4de4-8954-30cf1b0be72c}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32f66531-e188-4d2d-bb57-f36725963fd7}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2b089a27-107b-4e0f-aad3-49eb1ec4cc9b}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2cbd1bb3-9ac7-4d7f-9023-8a3e8dfb841a}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{ec5b1160-4918-4d15-8e27-f27a1f1f6042}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{d1f0f240-b69a-4fba-80a1-83ac2a18a68f}",
"\\Config\\aol",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{af3a4f65-267f-4774-a676-8204722d2456}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2a0da165-889b-4900-a115-08cf0140ef7b}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{42cd067f-d483-428d-83bc-437211349927}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{d1218f58-84be-4190-b636-19845f02986c}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{e1337a80-c2c5-4d1e-a7d4-63ba8f3a8ce2}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{3579c468-f59f-4726-8460-0aeb416e3086}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{019ca07c-bd0d-47c0-b634-d75122f7b021}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{a660c7ae-a5d9-4cbc-af6f-535045af22be}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{295eeab0-ad85-44f5-b985-dc96e62c23e7}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{6de36a52-6197-4e69-9f7a-4ba26d337fc1}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{7c4b369f-e660-40df-9329-289886054297}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1aa5a604-4a87-4e82-bf39-84868deedbd3}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{ac76930b-8c77-4a64-991c-b2ac308a8425}",
"\\Config\\OSSProxy\\Settings",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{c6fdaf89-7622-41cf-bff9-ff22bf31f207}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{63d905c0-5721-440c-84e2-a7e08abce6d1}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{c476da41-4b0d-4cf7-a3b5-37c375da358b}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{f76f85ec-c350-441b-a77f-938d5ae7d50a}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{b9a87164-61a5-466b-b34c-e1cb9de00a4b}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{b58783bc-ea15-4926-aa30-61e4a4cf458a}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{ee088979-9f28-4018-ad3e-844f14b6c5f2}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{62b7d2aa-fd89-4a0f-aa7f-b5c61833b791}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{d6a666b8-3dfc-480c-9180-b5d3799edd92}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1aebcc44-7a6c-43b9-ae5a-a6ee651d67ce}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{8edf80b6-2926-4737-981f-5fd7ec9bf662}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{0541a37a-f396-4b41-ac58-e76b37a4b318}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2ebfcbce-855b-4275-bb14-b1389bbb23a1}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{13800ee5-d499-4b30-8d91-e0f7a45d59ce}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{c1600b9a-7879-4c37-84bb-7ae3095d2e2f}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1213de8e-90f1-4241-8cb2-3144e29bea25}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{309a6371-94e6-44e4-afbf-df56403a63b1}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{362b5d37-5278-4714-94e0-00ba0cfc371a}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{66ed044a-0e4f-40ba-bee2-ae9314a85dfa}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{e88db089-ec39-485c-86c0-984f216adb7c}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{acd16646-870d-46fe-b0af-b444d17e6ccb}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{7f7849f8-c998-4ddc-b199-776afd5d1bb9}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{9617031d-0585-414a-bfac-a31c3d2be037}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{f3056526-65fe-47ee-921c-8e9b8e7ca90c}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{f1a9b85f-e717-442b-92e2-c1ebb180089e}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{e03d8272-a1c3-474a-a605-6770456fb491}",
"HKEY_LOCAL_MACHINE\\Software\\Netsetter\\aol",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{6a347828-bbc8-4344-b2a3-37b3b920dc62}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{b144a578-63b8-4365-a90e-5d205450d74b}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{5eafdf74-1830-41e8-8aaa-6babd746c193}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{114912a3-69fa-4b4d-a77b-1d74d959cce4}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{3d1fd035-db90-47ef-b1ef-eb05b51680a3}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2dd5aede-3a56-4b0b-be92-574af29faa45}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1c7efc54-1525-4f7a-aff5-45f6856daf38}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1c2be269-40e4-429f-8fb9-f0d5290bcace}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{775953c1-3a9f-4611-bc00-dfc5467f0c54}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{5b35d2f8-2082-4cfa-a9df-f6e28464bd40}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{f4a143bf-f9d8-40f8-8567-a84d638162cd}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{0730f573-ec62-4935-8427-06ffafaa1980}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{4074ce24-9a24-4378-ae40-b45061183e82}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{464f37a9-d4c2-407a-b197-f1066bcbcfad}"
],
"file_exists": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\e2359d57970bc501e42a5b4986ab5b638882def3354711bffbbe1f254adca985.bin.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\e2359d57970bc501e42a5b4986ab5b638882def3354711bffbbe1f254adca985.bin.dll.manifest"
],
"mutex": [
"OSMIM_PQ_PQMutex",
"M_OSSMemRoute",
"OSMIM_SQ_PQMutex",
"OSMIM_FLS_FLSMutex64",
"OSMIM_CFS_CFSMutex64",
"HDR_REPLACEMENT_SHMemMutex"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\AccessProviders\\MartaExtension"
]
},
"first_seen": 1589305986.75,
"ppid": 2660
},
{
"process_path": "C:\\Windows\\SysWOW64\\rundll32.exe",
"process_name": "rundll32.exe",
"pid": 2660,
"summary": {
"dll_loaded": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\e2359d57970bc501e42a5b4986ab5b638882def3354711bffbbe1f254adca985.bin.dll"
],
"file_opened": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\e2359d57970bc501e42a5b4986ab5b638882def3354711bffbbe1f254adca985.bin.dll"
],
"command_line": [
"\"C:\\Windows\\System32\\rundll32.exe\" C:\\Users\\cuck\\AppData\\Local\\Temp\\e2359d57970bc501e42a5b4986ab5b638882def3354711bffbbe1f254adca985.bin.dll,DllMain"
],
"file_exists": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\e2359d57970bc501e42a5b4986ab5b638882def3354711bffbbe1f254adca985.bin.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\e2359d57970bc501e42a5b4986ab5b638882def3354711bffbbe1f254adca985.bin.dll.manifest"
],
"file_read": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\e2359d57970bc501e42a5b4986ab5b638882def3354711bffbbe1f254adca985.bin.dll"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles"
]
},
"first_seen": 1589305986.59375,
"ppid": 3040
},
{
"process_path": "C:\\Windows\\System32\\lsass.exe",
"process_name": "lsass.exe",
"pid": 476,
"summary": {},
"first_seen": 1589305986.34375,
"ppid": 376
}
]Signatures
[
{
"markcount": 1,
"families": [],
"description": "This executable has a PDB path",
"severity": 1,
"marks": [
{
"category": "pdb_path",
"ioc": "d:\\src\\v1.3.338_patch\\Client\\OSMIMHK\\x64\\SmallStandalone\\OSMIMHK64.pdb",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "has_pdb"
},
{
"markcount": 1,
"families": [],
"description": "The executable contains unknown PE section names indicative of a packer (could be a false positive)",
"severity": 1,
"marks": [
{
"category": "section",
"ioc": "Shared",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "pe_features"
},
{
"markcount": 1,
"families": [],
"description": "Allocates read-write-execute memory (usually to unpack itself)",
"severity": 2,
"marks": [
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2588,
"region_size": 65536,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"allocation_type": 12288,
"base_address": "0x000007feff850000"
},
"time": 1589305987.219,
"tid": 2500,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT|MEM_RESERVE"
}
},
"pid": 2588,
"type": "call",
"cid": 498
}
],
"references": [],
"name": "allocates_rwx"
},
{
"markcount": 900,
"families": [],
"description": "Queries for potentially installed applications",
"severity": 2,
"marks": [
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{f76f85ec-c350-441b-a77f-938d5ae7d50a}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{f76f85ec-c350-441b-a77f-938d5ae7d50a}",
"options": 0
},
"time": 1589305987,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 105
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{8edf80b6-2926-4737-981f-5fd7ec9bf662}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{8edf80b6-2926-4737-981f-5fd7ec9bf662}",
"options": 0
},
"time": 1589305987,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 106
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{db7dea22-e231-4a21-b42a-bb516846c0d9}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{db7dea22-e231-4a21-b42a-bb516846c0d9}",
"options": 0
},
"time": 1589305987,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 107
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{15d612df-d417-4cda-b8b5-94f47ba21313}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{15d612df-d417-4cda-b8b5-94f47ba21313}",
"options": 0
},
"time": 1589305987,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 108
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2b089a27-107b-4e0f-aad3-49eb1ec4cc9b}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2b089a27-107b-4e0f-aad3-49eb1ec4cc9b}",
"options": 0
},
"time": 1589305987,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 109
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{6ac4c165-4857-48cf-9877-65e283dde598}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{6ac4c165-4857-48cf-9877-65e283dde598}",
"options": 0
},
"time": 1589305987,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 110
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{a71b1608-0de3-445d-afc1-16cc74422a9e}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{a71b1608-0de3-445d-afc1-16cc74422a9e}",
"options": 0
},
"time": 1589305987,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 111
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{d08d9f98-1c78-4704-87e6-368b0023d831}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{d08d9f98-1c78-4704-87e6-368b0023d831}",
"options": 0
},
"time": 1589305987,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 112
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1c2be269-40e4-429f-8fb9-f0d5290bcace}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1c2be269-40e4-429f-8fb9-f0d5290bcace}",
"options": 0
},
"time": 1589305987,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 113
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{9628510f-b692-4d05-b126-6092de4e6b8e}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{9628510f-b692-4d05-b126-6092de4e6b8e}",
"options": 0
},
"time": 1589305987,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 114
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}",
"options": 0
},
"time": 1589305987,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 115
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{614c7e53-96ab-4bc9-a1cd-cb7ea8e3e105}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{614c7e53-96ab-4bc9-a1cd-cb7ea8e3e105}",
"options": 0
},
"time": 1589305987,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 116
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{02cf1d86-3ded-457c-beef-17f69673438f}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{02cf1d86-3ded-457c-beef-17f69673438f}",
"options": 0
},
"time": 1589305987,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 117
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1b3c34b7-5d93-41e4-a18e-51b930458852}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1b3c34b7-5d93-41e4-a18e-51b930458852}",
"options": 0
},
"time": 1589305987,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 118
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{62f41b6d-3dbd-4b7a-81c4-2990cdc7248e}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{62f41b6d-3dbd-4b7a-81c4-2990cdc7248e}",
"options": 0
},
"time": 1589305987.016,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 119
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{d6a666b8-3dfc-480c-9180-b5d3799edd92}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{d6a666b8-3dfc-480c-9180-b5d3799edd92}",
"options": 0
},
"time": 1589305987.016,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 120
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2358a6dd-dfcc-4519-90a8-63ad28847171}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2358a6dd-dfcc-4519-90a8-63ad28847171}",
"options": 0
},
"time": 1589305987.016,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 121
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2d90094b-3e3e-43e6-89ba-c6cdf84a8eed}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2d90094b-3e3e-43e6-89ba-c6cdf84a8eed}",
"options": 0
},
"time": 1589305987.016,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 122
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{d1f0f240-b69a-4fba-80a1-83ac2a18a68f}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{d1f0f240-b69a-4fba-80a1-83ac2a18a68f}",
"options": 0
},
"time": 1589305987.016,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 123
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{f50bc8dc-2ee0-46d3-bcd4-247fa737e62a}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{f50bc8dc-2ee0-46d3-bcd4-247fa737e62a}",
"options": 0
},
"time": 1589305987.016,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 124
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{8aa55f28-ed54-4de4-8954-30cf1b0be72c}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{8aa55f28-ed54-4de4-8954-30cf1b0be72c}",
"options": 0
},
"time": 1589305987.016,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 125
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{6a347828-bbc8-4344-b2a3-37b3b920dc62}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{6a347828-bbc8-4344-b2a3-37b3b920dc62}",
"options": 0
},
"time": 1589305987.016,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 126
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{9cf77345-ac1f-46e5-83ff-79676bee4d6b}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{9cf77345-ac1f-46e5-83ff-79676bee4d6b}",
"options": 0
},
"time": 1589305987.016,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 127
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{d76e0199-482b-44f9-9378-f8e28a381113}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{d76e0199-482b-44f9-9378-f8e28a381113}",
"options": 0
},
"time": 1589305987.016,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 128
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{42cd067f-d483-428d-83bc-437211349927}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{42cd067f-d483-428d-83bc-437211349927}",
"options": 0
},
"time": 1589305987.016,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 129
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2dd5aede-3a56-4b0b-be92-574af29faa45}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2dd5aede-3a56-4b0b-be92-574af29faa45}",
"options": 0
},
"time": 1589305987.016,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 130
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{0541a37a-f396-4b41-ac58-e76b37a4b318}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{0541a37a-f396-4b41-ac58-e76b37a4b318}",
"options": 0
},
"time": 1589305987.016,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 131
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1213de8e-90f1-4241-8cb2-3144e29bea25}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1213de8e-90f1-4241-8cb2-3144e29bea25}",
"options": 0
},
"time": 1589305987.016,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 132
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{295eeab0-ad85-44f5-b985-dc96e62c23e7}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{295eeab0-ad85-44f5-b985-dc96e62c23e7}",
"options": 0
},
"time": 1589305987.016,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 133
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{63d905c0-5721-440c-84e2-a7e08abce6d1}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{63d905c0-5721-440c-84e2-a7e08abce6d1}",
"options": 0
},
"time": 1589305987.016,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 134
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{114912a3-69fa-4b4d-a77b-1d74d959cce4}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{114912a3-69fa-4b4d-a77b-1d74d959cce4}",
"options": 0
},
"time": 1589305987.016,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 135
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{eb89b364-cf98-4d30-9b22-789ebee1f6b1}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{eb89b364-cf98-4d30-9b22-789ebee1f6b1}",
"options": 0
},
"time": 1589305987.016,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 136
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{4092b7bc-4bf7-4ea7-9424-259a0e7dc7f6}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{4092b7bc-4bf7-4ea7-9424-259a0e7dc7f6}",
"options": 0
},
"time": 1589305987.016,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 137
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32f66531-e188-4d2d-bb57-f36725963fd7}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32f66531-e188-4d2d-bb57-f36725963fd7}",
"options": 0
},
"time": 1589305987.016,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 138
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{3579c468-f59f-4726-8460-0aeb416e3086}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{3579c468-f59f-4726-8460-0aeb416e3086}",
"options": 0
},
"time": 1589305987.016,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 139
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{233cabe3-7257-4122-b48b-a5b1b16b26d4}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{233cabe3-7257-4122-b48b-a5b1b16b26d4}",
"options": 0
},
"time": 1589305987.016,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 140
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{fb41dea8-8966-4579-b330-d2cd9a015a41}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{fb41dea8-8966-4579-b330-d2cd9a015a41}",
"options": 0
},
"time": 1589305987.016,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 141
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{9617031d-0585-414a-bfac-a31c3d2be037}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{9617031d-0585-414a-bfac-a31c3d2be037}",
"options": 0
},
"time": 1589305987.016,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 142
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{464f37a9-d4c2-407a-b197-f1066bcbcfad}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{464f37a9-d4c2-407a-b197-f1066bcbcfad}",
"options": 0
},
"time": 1589305987.016,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 143
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{acd16646-870d-46fe-b0af-b444d17e6ccb}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{acd16646-870d-46fe-b0af-b444d17e6ccb}",
"options": 0
},
"time": 1589305987.016,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 144
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{019ca07c-bd0d-47c0-b634-d75122f7b021}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{019ca07c-bd0d-47c0-b634-d75122f7b021}",
"options": 0
},
"time": 1589305987.016,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 145
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{3b9d6392-d0bd-4d9b-91f5-d8f092969fc7}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{3b9d6392-d0bd-4d9b-91f5-d8f092969fc7}",
"options": 0
},
"time": 1589305987.016,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 146
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{ec5b1160-4918-4d15-8e27-f27a1f1f6042}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{ec5b1160-4918-4d15-8e27-f27a1f1f6042}",
"options": 0
},
"time": 1589305987.016,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 147
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{471d551a-f5a7-4430-8973-743efd95229d}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{471d551a-f5a7-4430-8973-743efd95229d}",
"options": 0
},
"time": 1589305987.016,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 148
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{7c4b369f-e660-40df-9329-289886054297}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{7c4b369f-e660-40df-9329-289886054297}",
"options": 0
},
"time": 1589305987.016,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 149
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{5eafdf74-1830-41e8-8aaa-6babd746c193}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{5eafdf74-1830-41e8-8aaa-6babd746c193}",
"options": 0
},
"time": 1589305987.016,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 150
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{4074ce24-9a24-4378-ae40-b45061183e82}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{4074ce24-9a24-4378-ae40-b45061183e82}",
"options": 0
},
"time": 1589305987.016,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 151
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{c6fdaf89-7622-41cf-bff9-ff22bf31f207}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{c6fdaf89-7622-41cf-bff9-ff22bf31f207}",
"options": 0
},
"time": 1589305987.032,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 152
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{775953c1-3a9f-4611-bc00-dfc5467f0c54}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{775953c1-3a9f-4611-bc00-dfc5467f0c54}",
"options": 0
},
"time": 1589305987.032,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 153
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020200",
"base_handle": "0xffffffff80000002",
"key_handle": "0x0000000000000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{5b35d2f8-2082-4cfa-a9df-f6e28464bd40}",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{5b35d2f8-2082-4cfa-a9df-f6e28464bd40}",
"options": 0
},
"time": 1589305987.032,
"tid": 2500,
"flags": {}
},
"pid": 2588,
"type": "call",
"cid": 154
}
],
"references": [],
"name": "queries_programs"
}
]Yara
The Yara rules did not detect anything in the file.
Network
{
"tls": [],
"udp": [
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 662,
"time": 6.1748998165130615,
"dport": 137,
"sport": 137
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 5946,
"time": 6.077677965164185,
"dport": 5355,
"sport": 51001
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 6274,
"time": 4.085105895996094,
"dport": 5355,
"sport": 53595
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 6602,
"time": 6.117610931396484,
"dport": 5355,
"sport": 53848
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 6930,
"time": 4.777551889419556,
"dport": 5355,
"sport": 54255
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7258,
"time": 2.9682319164276123,
"dport": 5355,
"sport": 55314
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 7586,
"time": 4.740610837936401,
"dport": 1900,
"sport": 1900
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 21618,
"time": 4.195537805557251,
"dport": 3702,
"sport": 49152
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 30002,
"time": 6.199930906295776,
"dport": 1900,
"sport": 53598
}
],
"dns_servers": [],
"http": [],
"icmp": [],
"smtp": [],
"tcp": [],
"smtp_ex": [],
"mitm": [],
"hosts": [],
"pcap_sha256": "7d9fdf071e7584e12b0ae5dc5d11f7cc6fdafd65e369b9432627cff5c5174c73",
"dns": [],
"http_ex": [],
"domains": [],
"dead_hosts": [],
"sorted_pcap_sha256": "c4424a1386cbc224d1a6ac3ffc0eafb94f62b10ac6f650253b4abb75887fb7e9",
"irc": [],
"https_ex": []
}Screenshots
pmls64.dll removal instructions
The instructions below shows how to remove pmls64.dll with help from the FreeFixer removal tool. Basically, you install FreeFixer, scan your computer, check the pmls64.dll file for removal, restart your computer and scan it again to verify that pmls64.dll has been successfully removed. Here are the removal instructions in more detail:
- Download and install FreeFixer: http://www.freefixer.com/download.html
- Start FreeFixer and press the Start Scan button. The scan will finish in approximately five minutes.
- When the scan is finished, locate pmls64.dll in the scan result and tick the checkbox next to the pmls64.dll file. Do not check any other file for removal unless you are 100% sure you want to delete it. Tip: Press CTRL-F to open up FreeFixer's search dialog to quickly locate pmls64.dll in the scan result.
c:\users\%USERNAME%\appdata\local\temp\~osc5f1.tmp\pmls64.dll 
- Scroll down to the bottom of the scan result and press the Fix button. FreeFixer will now delete the pmls64.dll file.
- Restart your computer.
- Start FreeFixer and scan your computer again. If pmls64.dll still remains in the scan result, proceed with the next step. If pmls64.dll is gone from the scan result you're done.
- If pmls64.dll still remains in the scan result, check its checkbox again in the scan result and click Fix.
- Restart your computer.
- Start FreeFixer and scan your computer again. Verify that pmls64.dll no longer appear in the scan result.
Folder name variants
pmls64.dll may also be located in other folders than c:\users\%USERNAME%\appdata\local\temp\~osc5f1.tmp\. The most common variants are listed below:
- C:\windows\system32\
Other files also named pmls64.dll
pmls64.dll (37 votes)
Hashes [?]
| Property | Value |
|---|---|
| MD5 | 5bd46b434dd8a5896d1d93f796bc6c5e |
| SHA256 | e2359d57970bc501e42a5b4986ab5b638882def3354711bffbbe1f254adca985 |
What will you do with pmls64.dll?
To help other users, please let us know what you will do with pmls64.dll:
Comments
Please share with the other users what you think about this file. What does this file do? Is it legitimate or something that your computer is better without? Do you know how it was installed on your system? Did you install it yourself or did it come bundled with some other software? Is it running smoothly or do you get some error message? Any information that will help to document this file is welcome. Thank you for your contributions.
I'm reading all new comments so don't hesitate to post a question about the file. If I don't have the answer perhaps another user can help you.
No comments posted yet.