Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	July 15, 2021, 10:18 a.m.	July 15, 2021, 10:35 a.m.

Size	711.0KB
Type	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: Invoice 720710 from Quickbooks, LLC, Author: Quickbooks, LLC, Last Saved By: user, Name of Creating Application: Microsoft Excel, Create Time/Date: Wed Jul 14 08:38:23 2021, Last Saved Time/Date: Wed Jul 14 14:06:14 2021, Security: 0
MD5	`40425d09e54ff26289dd074649f0cad9`
SHA256	`6f8f1b26324ea0f3f566fbdcb4a61eb92d054ccf0300c52b3549c774056b8f02`
CRC32	`916A9AF6`
ssdeep	`12288:IRYbXrlUc6XS/CwRl+4MW1H5onZHBDznxcp/c0UGtkbByxlFYd2Drpkk:LUc6EjDMW1UrDjxcNcfgZI2`
Yara	Contains_VBA_macro_code - Detect a MS Office document with embedded VBA macro code [binaries] Microsoft_Office_File_Zero - Microsoft Office File

EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" C:\Users\test22\AppData\Local\Temp\Invoice%20720710%20from%20Quickbooks,%20LLC.xls
2440
- mshta.exe mshta "C:\ProgramData\qRangeAutoFormatLocalFormat3.sct"
  2588
  - qDialogMainChartType.exe C:\ProgramData\qDialogMainChartType.exe
    2736

Name	Response	Post-Analysis Lookup
onlinefastsolutions.com	A 208.83.69.35 A 163.172.213.69 A 128.199.243.169	163.172.213.69

IP Address	Status	Action
163.172.213.69	Active	Moloch
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 15, 2021, 10:18 a.m.		1	1	0

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 exception.symbol: qdialogmaincharttype+0x21e8 exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8680 exception.address: 0x100021e8 registers.esp: 1638276 registers.edi: 0 registers.eax: 0 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 exception.symbol: qdialogmaincharttype+0x21e9 exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8681 exception.address: 0x100021e9 registers.esp: 1638276 registers.edi: 0 registers.eax: 0 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 exception.symbol: qdialogmaincharttype+0x21eb exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8683 exception.address: 0x100021eb registers.esp: 1638276 registers.edi: 0 registers.eax: 1 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 00 exception.symbol: qdialogmaincharttype+0x21ec exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8684 exception.address: 0x100021ec registers.esp: 1638276 registers.edi: 0 registers.eax: 1 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 exception.symbol: qdialogmaincharttype+0x21e8 exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8680 exception.address: 0x100021e8 registers.esp: 1638276 registers.edi: 0 registers.eax: 1 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 exception.symbol: qdialogmaincharttype+0x21e9 exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8681 exception.address: 0x100021e9 registers.esp: 1638276 registers.edi: 0 registers.eax: 1 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 exception.symbol: qdialogmaincharttype+0x21eb exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8683 exception.address: 0x100021eb registers.esp: 1638276 registers.edi: 0 registers.eax: 2 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 00 exception.symbol: qdialogmaincharttype+0x21ec exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8684 exception.address: 0x100021ec registers.esp: 1638276 registers.edi: 0 registers.eax: 2 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 exception.symbol: qdialogmaincharttype+0x21e8 exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8680 exception.address: 0x100021e8 registers.esp: 1638276 registers.edi: 0 registers.eax: 2 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 exception.symbol: qdialogmaincharttype+0x21e9 exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8681 exception.address: 0x100021e9 registers.esp: 1638276 registers.edi: 0 registers.eax: 2 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 exception.symbol: qdialogmaincharttype+0x21eb exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8683 exception.address: 0x100021eb registers.esp: 1638276 registers.edi: 0 registers.eax: 3 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 00 exception.symbol: qdialogmaincharttype+0x21ec exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8684 exception.address: 0x100021ec registers.esp: 1638276 registers.edi: 0 registers.eax: 3 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 exception.symbol: qdialogmaincharttype+0x21e8 exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8680 exception.address: 0x100021e8 registers.esp: 1638276 registers.edi: 0 registers.eax: 3 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 exception.symbol: qdialogmaincharttype+0x21e9 exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8681 exception.address: 0x100021e9 registers.esp: 1638276 registers.edi: 0 registers.eax: 3 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 exception.symbol: qdialogmaincharttype+0x21eb exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8683 exception.address: 0x100021eb registers.esp: 1638276 registers.edi: 0 registers.eax: 4 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 00 exception.symbol: qdialogmaincharttype+0x21ec exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8684 exception.address: 0x100021ec registers.esp: 1638276 registers.edi: 0 registers.eax: 4 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 exception.symbol: qdialogmaincharttype+0x21e8 exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8680 exception.address: 0x100021e8 registers.esp: 1638276 registers.edi: 0 registers.eax: 4 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 exception.symbol: qdialogmaincharttype+0x21e9 exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8681 exception.address: 0x100021e9 registers.esp: 1638276 registers.edi: 0 registers.eax: 4 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 exception.symbol: qdialogmaincharttype+0x21eb exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8683 exception.address: 0x100021eb registers.esp: 1638276 registers.edi: 0 registers.eax: 5 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 00 exception.symbol: qdialogmaincharttype+0x21ec exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8684 exception.address: 0x100021ec registers.esp: 1638276 registers.edi: 0 registers.eax: 5 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 exception.symbol: qdialogmaincharttype+0x21e8 exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8680 exception.address: 0x100021e8 registers.esp: 1638276 registers.edi: 0 registers.eax: 5 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 exception.symbol: qdialogmaincharttype+0x21e9 exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8681 exception.address: 0x100021e9 registers.esp: 1638276 registers.edi: 0 registers.eax: 5 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 exception.symbol: qdialogmaincharttype+0x21eb exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8683 exception.address: 0x100021eb registers.esp: 1638276 registers.edi: 0 registers.eax: 6 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 00 exception.symbol: qdialogmaincharttype+0x21ec exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8684 exception.address: 0x100021ec registers.esp: 1638276 registers.edi: 0 registers.eax: 6 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 exception.symbol: qdialogmaincharttype+0x21e8 exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8680 exception.address: 0x100021e8 registers.esp: 1638276 registers.edi: 0 registers.eax: 6 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 exception.symbol: qdialogmaincharttype+0x21e9 exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8681 exception.address: 0x100021e9 registers.esp: 1638276 registers.edi: 0 registers.eax: 6 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 exception.symbol: qdialogmaincharttype+0x21eb exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8683 exception.address: 0x100021eb registers.esp: 1638276 registers.edi: 0 registers.eax: 7 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 00 exception.symbol: qdialogmaincharttype+0x21ec exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8684 exception.address: 0x100021ec registers.esp: 1638276 registers.edi: 0 registers.eax: 7 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 exception.symbol: qdialogmaincharttype+0x21e8 exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8680 exception.address: 0x100021e8 registers.esp: 1638276 registers.edi: 0 registers.eax: 7 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 exception.symbol: qdialogmaincharttype+0x21e9 exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8681 exception.address: 0x100021e9 registers.esp: 1638276 registers.edi: 0 registers.eax: 7 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 exception.symbol: qdialogmaincharttype+0x21eb exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8683 exception.address: 0x100021eb registers.esp: 1638276 registers.edi: 0 registers.eax: 8 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 00 exception.symbol: qdialogmaincharttype+0x21ec exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8684 exception.address: 0x100021ec registers.esp: 1638276 registers.edi: 0 registers.eax: 8 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 exception.symbol: qdialogmaincharttype+0x21e8 exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8680 exception.address: 0x100021e8 registers.esp: 1638276 registers.edi: 0 registers.eax: 8 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 exception.symbol: qdialogmaincharttype+0x21e9 exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8681 exception.address: 0x100021e9 registers.esp: 1638276 registers.edi: 0 registers.eax: 8 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 exception.symbol: qdialogmaincharttype+0x21eb exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8683 exception.address: 0x100021eb registers.esp: 1638276 registers.edi: 0 registers.eax: 9 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 00 exception.symbol: qdialogmaincharttype+0x21ec exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8684 exception.address: 0x100021ec registers.esp: 1638276 registers.edi: 0 registers.eax: 9 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 exception.symbol: qdialogmaincharttype+0x21e8 exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8680 exception.address: 0x100021e8 registers.esp: 1638276 registers.edi: 0 registers.eax: 9 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 exception.symbol: qdialogmaincharttype+0x21e9 exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8681 exception.address: 0x100021e9 registers.esp: 1638276 registers.edi: 0 registers.eax: 9 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 exception.symbol: qdialogmaincharttype+0x21eb exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8683 exception.address: 0x100021eb registers.esp: 1638276 registers.edi: 0 registers.eax: 10 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 00 exception.symbol: qdialogmaincharttype+0x21ec exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8684 exception.address: 0x100021ec registers.esp: 1638276 registers.edi: 0 registers.eax: 10 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 exception.symbol: qdialogmaincharttype+0x21e8 exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8680 exception.address: 0x100021e8 registers.esp: 1638276 registers.edi: 0 registers.eax: 10 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 exception.symbol: qdialogmaincharttype+0x21e9 exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8681 exception.address: 0x100021e9 registers.esp: 1638276 registers.edi: 0 registers.eax: 10 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 exception.symbol: qdialogmaincharttype+0x21eb exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8683 exception.address: 0x100021eb registers.esp: 1638276 registers.edi: 0 registers.eax: 11 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 00 exception.symbol: qdialogmaincharttype+0x21ec exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8684 exception.address: 0x100021ec registers.esp: 1638276 registers.edi: 0 registers.eax: 11 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 exception.symbol: qdialogmaincharttype+0x21e8 exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8680 exception.address: 0x100021e8 registers.esp: 1638276 registers.edi: 0 registers.eax: 11 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 exception.symbol: qdialogmaincharttype+0x21e9 exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8681 exception.address: 0x100021e9 registers.esp: 1638276 registers.edi: 0 registers.eax: 11 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 exception.symbol: qdialogmaincharttype+0x21eb exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8683 exception.address: 0x100021eb registers.esp: 1638276 registers.edi: 0 registers.eax: 12 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 00 exception.symbol: qdialogmaincharttype+0x21ec exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8684 exception.address: 0x100021ec registers.esp: 1638276 registers.edi: 0 registers.eax: 12 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 exception.symbol: qdialogmaincharttype+0x21e8 exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8680 exception.address: 0x100021e8 registers.esp: 1638276 registers.edi: 0 registers.eax: 12 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1
__exception__ July 15, 2021, 10:18 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 exception.symbol: qdialogmaincharttype+0x21e9 exception.instruction: int3 exception.module: qDialogMainChartType.exe exception.exception_code: 0x80000003 exception.offset: 8681 exception.address: 0x100021e9 registers.esp: 1638276 registers.edi: 0 registers.eax: 12 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638068	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Allocates read-write-execute memory (usually to unpack itself) (7 events)

Time & API	Arguments	Status
NtProtectVirtualMemory July 15, 2021, 10:18 a.m.	process_identifier: 2440 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6bc17000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 15, 2021, 10:18 a.m.	process_identifier: 2440 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6b8b3000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 15, 2021, 10:18 a.m.	process_identifier: 2440 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05fbb000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 15, 2021, 10:18 a.m.	process_identifier: 2440 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05fbb000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 15, 2021, 10:18 a.m.	process_identifier: 2588 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73c02000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 15, 2021, 10:18 a.m.	process_identifier: 2588 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6b8b3000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 15, 2021, 10:18 a.m.	process_identifier: 2736 region_size: 24576 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01ce0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Creates executable files on the filesystem (1 event)

file	C:\ProgramData\qDialogMainChartType.exe

Creates a suspicious process (1 event)

cmdline

mshta "C:\ProgramData\qRangeAutoFormatLocalFormat3.sct"

File has been identified by 17 AntiVirus engines on VirusTotal as malicious (17 events)

Elastic	malicious (high confidence)
ClamAV	Doc.Dropper.MSHTA-6966166-0
ALYac	VBA.Heur2.Dridex.2.1C723EC4.Gen
Arcabit	VBA.Heur2.Dridex.2.1C723EC4.Gen
Kaspersky	HEUR:Trojan-Downloader.Script.Generic
BitDefender	VBA.Heur2.Dridex.2.1C723EC4.Gen
NANO-Antivirus	Trojan.Ole2.Vbs-heuristic.druvzi
MicroWorld-eScan	VBA.Heur2.Dridex.2.1C723EC4.Gen
Ad-Aware	VBA.Heur2.Dridex.2.1C723EC4.Gen
Emsisoft	VBA.Heur2.Dridex.2.1C723EC4.Gen (B)
McAfee-GW-Edition	BehavesLike.OLE2.Downloader.bb
FireEye	VBA.Heur2.Dridex.2.1C723EC4.Gen
ZoneAlarm	HEUR:Trojan-Downloader.Script.Generic
GData	VBA.Heur2.Dridex.2.1C723EC4.Gen
TACHYON	Suspicious/X97M.Dropper.Gen
MAX	malware (ai score=87)
SentinelOne	Static AI - Suspicious OLE

One or more non-whitelisted processes were created (1 event)

parent_process

excel.exe

martian_process

mshta "C:\ProgramData\qRangeAutoFormatLocalFormat3.sct"

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ July 15, 2021, 10:19 a.m.	tid: 2740 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

Invoice%20720710%20from%20Quickbooks,%20LLC.xls

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All