popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

cryptq.exe

Gen1 UPX PE File DLL OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 July 8, 2021, 9:20 a.m. July 8, 2021, 9:33 a.m.
Size 1.3MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 616ae69cbf101d5b170846c3fd63a930
SHA256 be0d8928d4c9b226389bd2cfa04a6410aa9fe209aaaed24880e40b4e0a6cd7cd
CRC32 55DCD206
ssdeep 12288:CFPwV0BeiN7K2cQZebRiE0y4sziyXRXi0JMOfKSRdIwcYc7G+yAdtkfX4U4NjBiT:/jit8p4sOyXtJMOLvW79dQqjBiT
PDB Path H:\fjkhsdfjhdsjfhshfkdshfjkdshfdshfj.pdb
Yara
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
tttttt.me
A 95.216.186.40
95.216.186.40
IP Address Status Action
164.124.101.2 Active Moloch
34.89.184.90 Active Moloch
95.216.186.40 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameA

 computer_name: TEST22-PC
1 1 0
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
pdb_path H:\fjkhsdfjhdsjfhshfkdshfjkdshfdshfj.pdb
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
suspicious_features POST method with no referer header, POST method with no useragent header, Connection to IP address suspicious_request POST http://34.89.184.90/
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://34.89.184.90//l/f/wkiGg3oBu_snDy_muguP/10a74136af31ca2528d7d60dd6bcc205a9c7e35e
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://34.89.184.90//l/f/wkiGg3oBu_snDy_muguP/bb9f3c60f856f65173ed576bb1c055ca9aca41e4
suspicious_features GET method with no useragent header suspicious_request GET https://tttttt.me/fififmozbrows2
request POST http://34.89.184.90/
request GET http://34.89.184.90//l/f/wkiGg3oBu_snDy_muguP/10a74136af31ca2528d7d60dd6bcc205a9c7e35e
request GET http://34.89.184.90//l/f/wkiGg3oBu_snDy_muguP/bb9f3c60f856f65173ed576bb1c055ca9aca41e4
request GET https://tttttt.me/fififmozbrows2
request POST http://34.89.184.90/
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1016
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 602112
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x011a2000
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-sysinfo-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-process-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-file-l2-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-rtlsupport-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\prldap60.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\nssckbi.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-profile-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\mozMapi32.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\breakpadinjector.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-processthreads-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\mozMapi32_InUse.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\IA2Marshal.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-processenvironment-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-convert-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-utility-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\qipcap.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\softokn3.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-synch-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\MapiProxy.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-localization-l1-2-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\freebl3.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\AccessibleHandler.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-locale-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\ucrtbase.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-synch-l1-2-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\AccessibleMarshal.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\vcruntime140.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-conio-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\mozglue.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\lgpllibs.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-file-l1-2-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\ldif60.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-multibyte-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\libEGL.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\msvcp140.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-namedpipe-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-environment-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-heap-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-processthreads-l1-1-1.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-string-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\ldap60.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-string-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\sqlite3.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\MapiProxy_InUse.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-time-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-private-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-interlocked-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-timezone-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-filesystem-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\nss3.dll
cmdline cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\test22\AppData\Local\Temp\cryptq.exe"
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-synch-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-file-l2-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-locale-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\breakpadinjector.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\prldap60.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-private-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\nss3.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-namedpipe-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\mozglue.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-libraryloader-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\softokn3.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\vcruntime140.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-environment-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\MapiProxy.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\IA2Marshal.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-heap-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-time-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-math-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-string-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-memory-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-sysinfo-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-util-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-localization-l1-2-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-processthreads-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\cryptq.exe
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-filesystem-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\msvcp140.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-stdio-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\AccessibleHandler.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\qipcap.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-utility-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-processthreads-l1-1-1.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-heap-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\sqlite3.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\freebl3.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\ucrtbase.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\libEGL.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-processenvironment-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-handle-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\nssckbi.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-timezone-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\nssdbm3.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\lgpllibs.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-synch-l1-2-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-conio-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-file-l1-2-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\ldap60.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-interlocked-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-core-profile-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\nW6mI-7yS1k\api-ms-win-crt-multibyte-l1-1-0.dll
Time & API Arguments Status Return Repeated

CreateProcessInternalW

 thread_identifier: 2092
thread_handle: 0x000005d0
process_identifier: 2840
current_directory:
filepath:
track: 1
command_line: cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\test22\AppData\Local\Temp\cryptq.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
inherit_handles: 0
process_handle: 0x000005d4
1 1 0
Time & API Arguments Status Return Repeated

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
base_handle: 0x80000002
key_handle: 0x000004dc
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}
base_handle: 0x80000002
key_handle: 0x000004b0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00020019
regkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
2 0
cmdline cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\test22\AppData\Local\Temp\cryptq.exe"
host 34.89.184.90
file C:\Users\test22\AppData\Local\Temp\cryptq.exe
Time & API Arguments Status Return Repeated

RegQueryValueExA

 key_handle: 0x000004b0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: EditPlus
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000004b0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Enterprise 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000004b0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Chrome
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000004b0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: ????? ?? 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000004b0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: HttpWatch Professional 9.3.39
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000004b0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: ????? ?? 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000004b0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Google Update Helper
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000004b0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Access MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000004b0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Excel MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000004b0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office PowerPoint MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000004b0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Publisher MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000004b0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Outlook MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000004b0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Word MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000004b0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proof (English) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000004b0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proof (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000004b0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office IME (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000004b0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proofing (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000004b0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Enterprise 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000004b0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office InfoPath MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000004b0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Shared MUI (English) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000004b0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Shared MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000004b0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office OneNote MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000004b0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Groove MUI (English) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000004b0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Groove Setup Metadata MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000004b0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe Flash Player 13 ActiveX
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000004b0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe Flash Player 13 NPAPI
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000004b0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\DisplayName
1 0 0
registry HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts
registry HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
registry HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager
registry HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook
file C:\Users\test22\AppData\Roaming\Exodus\exodus.wallet
Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.37200069
McAfee Artemis!616AE69CBF10
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
Symantec Trojan!im
ESET-NOD32 a variant of Win32/GenKryptik.FHHB
APEX Malicious
Paloalto generic.ml
Kaspersky UDS:DangerousObject.Multi.Generic
Avast Win32:TrojanX-gen [Trj]
Sophos ML/PE-A
McAfee-GW-Edition Artemis!Trojan
FireEye Generic.mg.616ae69cbf101d5b
GData Win32.Trojan-Stealer.Raccoon.M1C2EL
MAX malware (ai score=84)
ZoneAlarm UDS:DangerousObject.Multi.Generic
Microsoft Trojan:Win32/Sabsik.FL.A!ml
Cynet Malicious (score: 100)
VBA32 BScope.Trojan.Cidox.02
Malwarebytes Malware.AI.4222401586
MaxSecure Trojan.Malware.300983.susgen
Fortinet PossibleThreat.MU
BitDefenderTheta Gen:NN.ZexaF.34790.qz3@aSfZY2gc
AVG Win32:TrojanX-gen [Trj]
CrowdStrike win/malicious_confidence_80% (W)