Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 15, 2021, 11:07 a.m.	June 15, 2021, 11:09 a.m.

Size	5.2MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9a86329fb7bd48fc778676e664d3d0be`
SHA256	`648071554a71aeab1671abf122cdd67da6f356853ae322534394de276b10034d`
CRC32	`C1603F2E`
ssdeep	`98304:t9pAo0zb3cdttpGl4/zgNb8Qn0NbsuO1XeK39NNXH+tCNSZ:t4o03Mdzc4/8Nb8k0V1EXeK3pul`
PDB Path
Yara	NPKI_Zero - File included NPKI UltraVNC_Zero - UltraVNC PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description)

VOKLIGHT.exe "C:\Users\test22\AppData\Local\Temp\VOKLIGHT.exe"
2548

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent June 15, 2021, 11:07 a.m.			0	0

Uses Windows APIs to generate a cryptographic key (5 events)

Time & API	Arguments	Status	Return
CryptExportKey June 15, 2021, 11:07 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00dbb628 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 15, 2021, 11:07 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00dbb628 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 15, 2021, 11:07 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00dbb668 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 15, 2021, 11:07 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00dbb668 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 15, 2021, 11:07 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00dbb7e8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

This executable has a PDB path (1 event)

pdb_path

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 15, 2021, 11:07 a.m.		1	1	0

One or more processes crashed (50 out of 1221 events)

Time & API	Arguments	Status
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0x1f28 @ 0x401f28 exception.instruction_r: f3 aa 8b 45 f0 8b 4d 08 8b 55 10 03 c8 2b d0 52 exception.symbol: voklight+0xf048 exception.instruction: stosb byte ptr es:[edi], al exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61512 exception.address: 0x40f048 registers.esp: 1637008 registers.edi: 4644500 registers.eax: 0 registers.ebp: 1637024 registers.edx: 0 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 12	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4644768 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 39010	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4648864 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 38978	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4652960 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 38946	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4657056 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 38914	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4661152 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 38882	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4665248 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 38850	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4669344 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 38818	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4673440 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 38786	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4677536 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 38754	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4681632 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 38722	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4685728 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 38690	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4689824 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 38658	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4693920 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 38626	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4698016 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 38594	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4702112 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 38562	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4706208 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 38530	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4710304 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 38498	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4714400 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 38466	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4718496 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 38434	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4722592 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 38402	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4726688 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 38370	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4730784 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 38338	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4734880 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 38306	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4738976 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 38274	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4743072 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 38242	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4747168 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 38210	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4751264 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 38178	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4755360 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 38146	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4759456 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 38114	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4763552 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 38082	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4767648 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 38050	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4771744 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 38018	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4775840 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 37986	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4779936 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 37954	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4784032 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 37922	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4788128 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 37890	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4792224 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 37858	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4796320 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 37826	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4800416 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 37794	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4804512 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 37762	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4808608 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 37730	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4812704 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 37698	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4816800 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 37666	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4820896 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 37634	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4824992 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 37602	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4829088 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 37570	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4833184 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 37538	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4837280 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 37506	1
__exception__ June 15, 2021, 11:07 a.m.	stacktrace: voklight+0xf014 @ 0x40f014 voklight+0xf060 @ 0x40f060 voklight+0x1f28 @ 0x401f28 exception.instruction_r: 66 0f 7f 47 60 66 0f 7f 47 70 8d bf 80 00 00 00 exception.symbol: voklight+0xefc4 exception.address: 0x40efc4 exception.module: VOKLIGHT.exe exception.exception_code: 0xc0000005 exception.offset: 61380 registers.esp: 1636952 registers.edi: 4841376 registers.eax: 4644512 registers.ebp: 1636956 registers.edx: 5 registers.ebx: 4644500 registers.esi: 4644500 registers.ecx: 37474	1

Allocates read-write-execute memory (usually to unpack itself) (39 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 851968 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02fc0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03050000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72831000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022ba000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72832000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022b2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022c2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03051000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03052000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022e2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022ec000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03054000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022c3000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022cc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03055000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03057000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x031d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022fb000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022f7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022c4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022ea000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022c5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022c6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022c7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022c8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022c9000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 45056 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x031d1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022ca000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022bb000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x031dc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022d6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022da000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022d7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06460000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72735000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06470000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022f5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022e3000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 11:07 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03059000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0050b600', u'virtual_address': u'0x00026000', u'entropy': 7.967648316723481, u'name': u'.rsrc', u'virtual_size': u'0x0050b490'}

entropy

7.96764831672

description

A section with a high entropy has been found

entropy

0.974530704651

description

Overall entropy of this PE file is high

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 event)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW June 15, 2021, 11:07 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

File has been identified by 13 AntiVirus engines on VirusTotal as malicious (13 events)

Bkav	W32.AIDetect.malware1
FireEye	Generic.mg.9a86329fb7bd48fc
Cylance	Unsafe
APEX	Malicious
McAfee-GW-Edition	BehavesLike.Win32.Generic.tc
Sophos	Generic ML PUA (PUA)
eGambit	Unsafe.AI_Score_86%
Cynet	Malicious (score: 100)
BitDefenderTheta	Gen:NN.ZexaF.34738.@t0@augQkak
Rising	Malware.Heuristic!ET#93% (RDMK:cmRtazqB/qih59iLEZ29TSng2w7x)
SentinelOne	Static AI - Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Cybereason	malicious.267319

VOKLIGHT.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All