?xml version=“1.0” ? |
- <!- - |
This analysis was created by CWSandbox (c) CWSE GmbH/Sunbelt Software |
- -> |
<analysis cwsversion=“2.1.12” time=“08.08.2009 05:22:19” |
file=“c:\260589951029048b3e6d93316b3c2507” |
md5=“260589951029048b3e6d93316b3c2507” |
sha1=“0089453df77890ae95ce7d9130a4ef85eaea36e8” |
logpath=“c:\cwsandbox\log\260589951029048b3e6d93316b3c2507\run_1\” |
analysisid=“647702” sampleid=“431657”> |
<calltree> |
<process_call index=“1” pid=“1940” |
filename=“c:\260589951029048b3e6d93316b3c2507” starttime=“00:01.922” |
startreason=“AnalysisTarget”> |
<calltree> |
<process_call index=“2” pid=“2084” filename=“C:\Programme\Internet |
Explorer\iexplore.exe” starttime=“00:05.343” startreason=“CreateProcess” /> |
</calltree> |
</process_call> |
<process_call index=“3” pid=“948” |
filename=“C:\WINDOWS\system32\svchost.exe” starttime=“00:07.062” |
startreason=“DCOMService” /> |
</calltree> |
<processes> |
<process index=“1” pid=“1940” |
filename=“c:\260589951029048b3e6d93316b3c2507” filesize=“761856” |
md5=“260589951029048b3e6d93316b3c2507” |
sha1=“0089453df77890ae95ce7d9130a4ef85eaea36e8” username=“Administrator” |
parentindex=“0” starttime=“00:01.922” terminationtime=“00:07.484” |
startreason=“AnalysisTarget” terminationreason=“NormalTermination” |
executionstatus=“OK” applicationtype=“Win32Application”> |
<dll_handling_section> |
<load_image filename=“c:\260589951029048b3e6d93316b3c2507” successful=“1” |
address=400000” end_address=4C1000” size=“790528” /> |
<load_dll filename=“C:\WINDOWS\system32\ntdll.dll” successful=“1” |
address=7C910000” end_address=7C9C9000” size=“757760” quantity=“16”/> |
<load_dll filename=“C:\WINDOWS\system32\kernel32.dll” successful=“1” |
address=7C800000” end_address=7C908000” size=“1081344” quantity=“2” /> |
<load_dll filename=“C:\WINDOWS\system32\gdi32.dll” successful=“1” |
address=77EF0000” end_address=77F39000” size=“299008” quantity=“2” /> |
<load_dll filename=“C:\WINDOWS\system32\USER32.dll” successful=“1” |
address=7E360000” end_address=7E3F1000” size=“593920” quantity=“2” /> |
</dll_handling_section> |
<filesystem_section> |