Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Aug. 13, 2021, 8:03 p.m.	Aug. 13, 2021, 8:32 p.m.

Size	1.3MB
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`c00d207efb855910154389b48404e550`
SHA256	`716e5a3d29ff525aed30c18061daff4b496f3f828ba2ac763efd857062a42e96`
CRC32	`281F9345`
ssdeep	`24576:qcFPyLyEv4NeAXD+Rk+p736lDEU4KgTfp:RQa+lKlDJgT`
Yara	Antivirus - Contains references to security software OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\update.dll,TMethodImplementationIntercept
544
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\update.dll,
1960
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\update.dll,dbk_fcall_wrapper
1220
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\update.dll,dbkFCallWrapperAddr
2848
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\update.dll,
2532

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
103.229.126.73	Active	Moloch
192.52.167.44	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (2 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Aug. 13, 2021, 8:02 p.m.			0	0
IsDebuggerPresent Aug. 13, 2021, 8:02 p.m.			0	0

Uses Windows APIs to generate a cryptographic key (33 events)

Time & API	Arguments	Status	Return
CryptGenKey Aug. 13, 2021, 8:02 p.m.	crypto_handle: 0x003b4ea8 algorithm_identifier: 0x00000001 () flags: 67108865 key: provider_handle: 0x003b44f8	1	1
CryptExportKey Aug. 13, 2021, 8:02 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003b4ea8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 7	1	1
CryptExportKey Aug. 13, 2021, 8:02 p.m.	buffer: ¤RSA2WÐUJÉfKz(ôÛO%t°IÅ·ûúÂgMjà`@¸Ð{}´kunÐ×H³r > ¼tHR`ÉH¹Tsïo³Iúè£\¢×À#IUUqÆ\ .G¦FÕo¾ÂØbAj"øÒ8ü5´î=ïØ]"#C·ZQýû©# bÕÔïÔÐñà)-Ñjà"Ð%jÝºç½ÿYUU:tÚß¼ýõÁ_¡)Ë<Îdu¬u¯`IB:i\|vÍ°ûNè^i×QF ©Ä¯½h$<üñø,4Nþ5=ð_ëÕðm(ÊìW´Õ>_\.ýÅK2t´(h¹ãÏt± ½ÉmfàîÝs\| ñêùÝ5«î2lÞ«®5ÙöáG*ãmþ+)Àkø¡ÿPN; Î~ä¸qBi@Ø¯î- þ¶Êô[W¸Iþ l©£5N¤°È'ágMH6NÝJã4ÅB(drÍØàæJÕ÷ýãÛ9¾.NÖÆ%HløØ]di¯÷0=y@ß~ê2Jº)ðêâÙâ%öúHsxjhèD(gSåQâmñÒç²ÖðDýÔÝ^Üü _n¥n³uûRÄ£âzó^´KÄ] 1;RC4{üÎ°ß+r²c§àÆämÙGg'ô#ï±Äú crypto_handle: 0x003b4ea8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 7	1	1
CryptExportKey Aug. 13, 2021, 8:02 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003b4ea8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Aug. 13, 2021, 8:02 p.m.	buffer: ¤RSA1WÐUJÉfKz(ôÛO%t°IÅ·ûúÂgMjà`@¸Ð{}´kunÐ×H³r > ¼tHR`ÉH¹Tsïo³Iúè£\¢×À#IUUqÆ\ .G¦FÕo¾ÂØbAj"øÒ8ü5´î crypto_handle: 0x003b4ea8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptGenKey Aug. 13, 2021, 8:02 p.m.	crypto_handle: 0x003b5080 algorithm_identifier: 0x00006610 () flags: 1 key: f jÕ]W>ÿÐuô3#6bq§Ëg~#=¶/)¬ÍcüV provider_handle: 0x003b50d8	1	1
CryptExportKey Aug. 13, 2021, 8:02 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003b5080 flags: 0 crypto_export_handle: 0x00000000 blob_type: 8	1	1
CryptExportKey Aug. 13, 2021, 8:02 p.m.	buffer: f jÕ]W>ÿÐuô3#6bq§Ëg~#=¶/)¬ÍcüV crypto_handle: 0x003b5080 flags: 0 crypto_export_handle: 0x00000000 blob_type: 8	1	1
CryptGenKey Aug. 13, 2021, 8:02 p.m.	crypto_handle: 0x003b5080 algorithm_identifier: 0x00006610 () flags: 1 key: f EÍ³H%?-éµ ñÒ'GÉô¥@ÓâNI£XÏ} provider_handle: 0x003b50d8	1	1
CryptExportKey Aug. 13, 2021, 8:02 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x003b5080 flags: 0 crypto_export_handle: 0x00000000 blob_type: 8	1	1
CryptExportKey Aug. 13, 2021, 8:02 p.m.	buffer: f EÍ³H%?-éµ ñÒ'GÉô¥@ÓâNI£XÏ} crypto_handle: 0x003b5080 flags: 0 crypto_export_handle: 0x00000000 blob_type: 8	1	1
CryptGenKey Aug. 13, 2021, 8:02 p.m.	crypto_handle: 0x005f4e60 algorithm_identifier: 0x00000001 () flags: 67108865 key: provider_handle: 0x005f44b0	1	1
CryptExportKey Aug. 13, 2021, 8:02 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x005f4e60 flags: 0 crypto_export_handle: 0x00000000 blob_type: 7	1	1
CryptExportKey Aug. 13, 2021, 8:02 p.m.	buffer: ¤RSA2a»ò«²/jûâYå¾¶ìæí"mVâêÁ÷EEÁjIñüËò1eÖZ7ß¾ò°Ð=ÛÄ@¡s=OS2©0z«æ¢÷è!#Û!Svÿýn4Iz'áOÂt¼Ô(ãæ¤MãzD)BGô¼ê ±àÒ³s×Xÿ >CÅáoÄê$ô'R {Ó¸^ò\ÌÏîLI¨ßSÑµñÇtB3~¾ç8l¯»´î¡ê3ÚþE;3ÒÙÙKLçóRÈL+ ðQE9¡¾zÏãÐìpx,dãi fÛ.¼ìñý=ª¥#ñ-ÖáA1y6ò?¶ )\Íð_g¯Ä;rÛ]Qj[¼ö\|èPý³qM»'¢²ÖÓç÷4[É=g!ëÊÁ$cISýH?0Ñ}á÷å´ d<á/^Ì¨^¯!#c\|ÃO&ÏÞFnnµuþ:áÓHÛoBÕ{?TKr>/TÞ^üÎ,!Yo )·kÕÐÕkVÏòÛ¸}á×ø'ÌuØA4ånÇVKÎq'ðY Á6µÉæw`×sJwÇ 94oÝfÒ»[qÊ&Â&2kEIÍñY~°ü,¯ós¡Üqwö¬Ö4_¡YúzÈûI¹ê_ÊCI°ÌÍLÙÎj*á«´"'ðã¾$oHÂÕ4^ crypto_handle: 0x005f4e60 flags: 0 crypto_export_handle: 0x00000000 blob_type: 7	1	1
CryptExportKey Aug. 13, 2021, 8:02 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x005f4e60 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Aug. 13, 2021, 8:02 p.m.	buffer: ¤RSA1a»ò«²/jûâYå¾¶ìæí"mVâêÁ÷EEÁjIñüËò1eÖZ7ß¾ò°Ð=ÛÄ@¡s=OS2©0z«æ¢÷è!#Û!Svÿýn4Iz'áOÂt¼Ô(ãæ¤MãzD)BGô¼ê ±àÒ crypto_handle: 0x005f4e60 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptGenKey Aug. 13, 2021, 8:02 p.m.	crypto_handle: 0x005f5038 algorithm_identifier: 0x00006610 () flags: 1 key: f SÙRØ¢LÌnÀ¦ D×Ä7ñaf¥×üÏ+«n provider_handle: 0x005f5090	1	1
CryptExportKey Aug. 13, 2021, 8:02 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x005f5038 flags: 0 crypto_export_handle: 0x00000000 blob_type: 8	1	1
CryptExportKey Aug. 13, 2021, 8:02 p.m.	buffer: f SÙRØ¢LÌnÀ¦ D×Ä7ñaf¥×üÏ+«n crypto_handle: 0x005f5038 flags: 0 crypto_export_handle: 0x00000000 blob_type: 8	1	1
CryptGenKey Aug. 13, 2021, 8:02 p.m.	crypto_handle: 0x005f5038 algorithm_identifier: 0x00006610 () flags: 1 key: f {'ÂodÎæÎXíÄ^ç¸ñD/Ê,ì+ provider_handle: 0x005f5090	1	1
CryptExportKey Aug. 13, 2021, 8:02 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x005f5038 flags: 0 crypto_export_handle: 0x00000000 blob_type: 8	1	1
CryptExportKey Aug. 13, 2021, 8:02 p.m.	buffer: f {'ÂodÎæÎXíÄ^ç¸ñD/Ê,ì+ crypto_handle: 0x005f5038 flags: 0 crypto_export_handle: 0x00000000 blob_type: 8	1	1
CryptGenKey Aug. 13, 2021, 8:02 p.m.	crypto_handle: 0x00464e70 algorithm_identifier: 0x00000001 () flags: 67108865 key: provider_handle: 0x004644c0	1	1
CryptExportKey Aug. 13, 2021, 8:02 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00464e70 flags: 0 crypto_export_handle: 0x00000000 blob_type: 7	1	1
CryptExportKey Aug. 13, 2021, 8:02 p.m.	buffer: ¤RSA2óèÔëûÔ(Ã!5zFgY×®PùÈyF÷Ø7þiVIÍý£ Õg(¶¼¼EÒñ²g§ Q=Ú¢u fdGÃwy6Å{G@Âñ:pÂõèùjOÊ@q[]}¡Ì\SK±þkJÞD-ÐS`³¿ÇçÑãc/ðª{µE&²îüÍ q2¸ Dæt¿æy=@D8é.¿Wí#¶i$.Z¤2D ù¹¤¤_5ßu^Q(NÆ÷´ymr°[\×³×Û¢ú'odõY Î m}çr2Å-P÷Ú·ékF\Z±A4¡e;Ð;aVã¨}HØÐýCÕý?/Aßø´AÂkmfÀÄÎFÞÓÛká¡Nêºf±úÍùLjhvÀý( °ðLbã¼g>Ùã¡úSäG×eùT&¦¡êSûF~ ¦ÛoC;Qm'Òì²W0¿B [¾ô;$»"$>W` ÜËÍÍ·Ò'ôsÕbäx¼Ehå&§:Õb²Á÷ Lö(?3~CW¼ H )ªK+CâàkåZ]}¿Ír.â a×ó<Á¨$rè-ìCÔ\|Mx\?#½YûI¯ºß%7¿>zý5zA?Ë6^q½¤Üå] ódGÜ¾? crypto_handle: 0x00464e70 flags: 0 crypto_export_handle: 0x00000000 blob_type: 7	1	1
CryptExportKey Aug. 13, 2021, 8:02 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00464e70 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Aug. 13, 2021, 8:02 p.m.	buffer: ¤RSA1óèÔëûÔ(Ã!5zFgY×®PùÈyF÷Ø7þiVIÍý£ Õg(¶¼¼EÒñ²g§ Q=Ú¢u fdGÃwy6Å{G@Âñ:pÂõèùjOÊ@q[]}¡Ì\SK±þkJÞD-ÐS`³¿ÇçÑã crypto_handle: 0x00464e70 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptGenKey Aug. 13, 2021, 8:02 p.m.	crypto_handle: 0x00465048 algorithm_identifier: 0x00006610 () flags: 1 key: f =h©¸ãðQô6NZ~å& ÿ®Y´o# provider_handle: 0x004650a0	1	1
CryptExportKey Aug. 13, 2021, 8:02 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00465048 flags: 0 crypto_export_handle: 0x00000000 blob_type: 8	1	1
CryptExportKey Aug. 13, 2021, 8:02 p.m.	buffer: f =h©¸ãðQô6NZ~å& ÿ®Y´o# crypto_handle: 0x00465048 flags: 0 crypto_export_handle: 0x00000000 blob_type: 8	1	1
CryptGenKey Aug. 13, 2021, 8:02 p.m.	crypto_handle: 0x00465048 algorithm_identifier: 0x00006610 () flags: 1 key: f ÂÈ]íz¦^}Ê9mJZìLd\| £ÊÕ1Ç¿?øN provider_handle: 0x004650a0	1	1
CryptExportKey Aug. 13, 2021, 8:02 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00465048 flags: 0 crypto_export_handle: 0x00000000 blob_type: 8	1	1
CryptExportKey Aug. 13, 2021, 8:02 p.m.	buffer: f ÂÈ]íz¦^}Ê9mJZìLd\| £ÊÕ1Ç¿?øN crypto_handle: 0x00465048 flags: 0 crypto_export_handle: 0x00000000 blob_type: 8	1	1

Tries to locate where the browsers are installed (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 events)

section	.itext
section	.didata

One or more processes crashed (2 events)

Time & API	Arguments	Status	Return	Repeated
__exception__ Aug. 13, 2021, 8:02 p.m.	stacktrace: rundll32+0x1326 @ 0x8f1326 rundll32+0x1901 @ 0x8f1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff exception.instruction: add byte ptr [eax], al exception.exception_code: 0xc0000005 exception.symbol: dbkFCallWrapperAddr+0xd6150 TMethodImplementationIntercept-0x1882eec update+0x135630 exception.address: 0x1e35630 registers.esp: 981448 registers.edi: 0 registers.eax: 394146 registers.ebp: 981564 registers.edx: 9 registers.ebx: 0 registers.esi: 394146 registers.ecx: 0	1	0	0
__exception__ Aug. 13, 2021, 8:02 p.m.	stacktrace: dbkFCallWrapperAddr+0x4f TMethodImplementationIntercept-0xd6101 update+0x5f52f @ 0x1d5f52f dbkFCallWrapperAddr+0xe TMethodImplementationIntercept-0xd6142 update+0x5f4ee @ 0x1d5f4ee rundll32+0x137d @ 0x8f137d rundll32+0x1326 @ 0x8f1326 rundll32+0x1901 @ 0x8f1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: 8b 53 0c 8b 0d a4 12 d4 01 e8 3e d6 fa ff 5e 5b exception.instruction: mov edx, dword ptr [ebx + 0xc] exception.exception_code: 0xc0000005 exception.symbol: __dbk_fcall_wrapper+0x4e618 dbkFCallWrapperAddr-0xa40 update+0x5eaa0 exception.address: 0x1d5eaa0 registers.esp: 1177176 registers.edi: 0 registers.eax: 1177220 registers.ebp: 1177224 registers.edx: 1177220 registers.ebx: 0 registers.esi: 1177220 registers.ecx: 1177284	1	0	0

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Allocates read-write-execute memory (usually to unpack itself) (32 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Aug. 13, 2021, 8:02 p.m.	process_identifier: 544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01e38000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 13, 2021, 8:02 p.m.	process_identifier: 544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73ff1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 13, 2021, 8:02 p.m.	process_identifier: 544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74d31000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 13, 2021, 8:02 p.m.	process_identifier: 544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73fd1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 13, 2021, 8:02 p.m.	process_identifier: 544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73fc1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 13, 2021, 8:02 p.m.	process_identifier: 544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f01000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 13, 2021, 8:02 p.m.	process_identifier: 544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 19484672 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x028c1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 13, 2021, 8:02 p.m.	process_identifier: 544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73520000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 13, 2021, 8:02 p.m.	process_identifier: 544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73431000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 13, 2021, 8:02 p.m.	process_identifier: 544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x733a1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 13, 2021, 8:02 p.m.	process_identifier: 544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x732f1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 13, 2021, 8:02 p.m.	process_identifier: 544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73432000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 13, 2021, 8:02 p.m.	process_identifier: 544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x734f1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 13, 2021, 8:02 p.m.	process_identifier: 1220 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc8000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 13, 2021, 8:02 p.m.	process_identifier: 1220 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73ff1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 13, 2021, 8:02 p.m.	process_identifier: 1220 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74d31000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 13, 2021, 8:02 p.m.	process_identifier: 1220 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73fd1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 13, 2021, 8:02 p.m.	process_identifier: 1220 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73fc1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 13, 2021, 8:02 p.m.	process_identifier: 1220 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f01000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 13, 2021, 8:02 p.m.	process_identifier: 2848 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01e38000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 13, 2021, 8:02 p.m.	process_identifier: 2848 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73ff1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 13, 2021, 8:02 p.m.	process_identifier: 2848 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74d31000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 13, 2021, 8:02 p.m.	process_identifier: 2848 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73fd1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 13, 2021, 8:02 p.m.	process_identifier: 2848 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73fc1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 13, 2021, 8:02 p.m.	process_identifier: 2848 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f01000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 13, 2021, 8:02 p.m.	process_identifier: 2848 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 19484672 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02971000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 13, 2021, 8:02 p.m.	process_identifier: 2848 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73520000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 13, 2021, 8:02 p.m.	process_identifier: 2848 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73431000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 13, 2021, 8:02 p.m.	process_identifier: 2848 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x733a1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 13, 2021, 8:02 p.m.	process_identifier: 2848 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x732f1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 13, 2021, 8:02 p.m.	process_identifier: 2848 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73432000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 13, 2021, 8:02 p.m.	process_identifier: 2848 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x734f1000 process_handle: 0xffffffff	1

Queries for potentially installed applications (50 out of 210 events)

Time & API	Arguments	Status
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x00000168 options: 0 access: 0x02000000 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ePageSafer base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ePageSafer	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ePageSafer base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ePageSafer	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40 base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40 base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko) base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko)	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko) base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko)	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUS base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUS	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUS base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUS	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TouchEn nxKey base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TouchEn nxKey	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TouchEn nxKey base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TouchEn nxKey	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UnINISafeWeb base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UnINISafeWeb	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UnINISafeWeb base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UnINISafeWeb	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UnINISafeWeb6 base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UnINISafeWeb6	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UnINISafeWeb6 base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UnINISafeWeb6	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F} base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F} base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B} base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B} base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}	1
RegOpenKeyExW Aug. 13, 2021, 8:02 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1CBD185A-9CB3-4f30-B7E4-75CC551455F9}_is1 base_handle: 0x80000002 key_handle: 0x0000016c options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1CBD185A-9CB3-4f30-B7E4-75CC551455F9}_is1	1

One or more of the buffers contains an embedded PE file (1 event)

buffer

Buffer with sha1: 76725a59e1ccd0f98194187440ef08d85da53b5e

Communicates with host for which no DNS query was performed (2 events)

host	103.229.126.73
host	192.52.167.44

Collects information about installed applications (50 out of 76 events)

Time & API	Arguments	Status
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 7-Zip 20.02 alpha regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe AIR regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: EditPlus regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: MarkAny Inc. e-PageSafer V2.5 NoAX ( Basic )_2.5.1.18 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ePageSafer\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Chrome regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Mozilla Thunderbird 78.4.0 (x86 ko) regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko)\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Professional Plus 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUS\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: TouchEn nxKey with E2E for 32bit regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\TouchEn nxKey\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: INISafeWeb 5.0 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\UnINISafeWeb\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: INISafeWeb 6.0 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\UnINISafeWeb6\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe AIR regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: HttpWatch Professional 9.3.39 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Delfino G3 (x86) version 3.6.6.5 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1CBD185A-9CB3-4f30-B7E4-75CC551455F9}_is1\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Java 8 Update 131 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180131F0}\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: G2BRUN regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5BEFEB79-2B4D-4EEE-9979-AFDE0A20FADE}_is1\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Google Update Helper regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: WIZVERA Process Manager 1,0,5,4 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8941A397-4065-4F41-92CE-0EB610846EED}_is1\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Professional Plus 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Access MUI (Korean) 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0015-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Excel MUI (Korean) 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0016-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office PowerPoint MUI (Korean) 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0018-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Publisher MUI (Korean) 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0019-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Outlook MUI (Korean) 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001A-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Word MUI (Korean) 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001B-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (English) 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (Korean) 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office IME (Korean) 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0028-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proofing (Korean) 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office InfoPath MUI (Korean) 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0044-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (Korean) 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office OneNote MUI (Korean) 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00A1-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Groove MUI (Korean) 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00BA-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Flash Player 13 ActiveX regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Flash Player 13 NPAPI regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Acrobat Reader DC MUI regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 7-Zip 20.02 alpha regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe AIR regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: EditPlus regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: MarkAny Inc. e-PageSafer V2.5 NoAX ( Basic )_2.5.1.18 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ePageSafer\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Chrome regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Mozilla Thunderbird 78.4.0 (x86 ko) regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko)\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Professional Plus 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUS\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: TouchEn nxKey with E2E for 32bit regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\TouchEn nxKey\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: INISafeWeb 5.0 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\UnINISafeWeb\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: INISafeWeb 6.0 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\UnINISafeWeb6\DisplayName	1
RegQueryValueExW Aug. 13, 2021, 8:02 p.m.	key_handle: 0x0000016c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe AIR regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}\DisplayName	1

File has been identified by 37 AntiVirus engines on VirusTotal as malicious (37 events)

Lionic	Trojan.Win32.Danabot.7!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
McAfee	GenericRXAA-AA!C00D207EFB85
Cylance	Unsafe
Alibaba	TrojanSpy:Win32/Danabot.604b67c1
K7GW	Spyware ( 0057f3611 )
K7AntiVirus	Spyware ( 0057f3611 )
Cyren	W32/Trojan.ONMW-3300
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Spy.Danabot.S
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Trojan-Banker.Win32.Danabot.gen
Avast	Win32:BankerX-gen [Trj]
Tencent	Win32.Trojan-banker.Danabot.Stjx
Sophos	Mal/Generic-S
F-Secure	Heuristic.HEUR/AGEN.1144074
DrWeb	Trojan.Siggen14.60163
McAfee-GW-Edition	BehavesLike.Win32.Infected.th
FireEye	Generic.mg.c00d207efb855910
Ikarus	Trojan-Spy.Agent
GData	Win32.Trojan.Agent.CK4OC3
MaxSecure	Trojan.Malware.300983.susgen
Avira	HEUR/AGEN.1144074
Kingsoft	Win32.Troj.Banker.(kcloud)
ViRobot	Trojan.Win32.S.Danabot.1390592
ZoneAlarm	HEUR:Trojan-Banker.Win32.Danabot.gen
Microsoft	Trojan:Win32/Danabot!MSR
AhnLab-V3	Trojan/Win.Danabot.R430712
ALYac	Spyware.Danabot.A
Malwarebytes	Trojan.DanaBot
TrendMicro-HouseCall	TROJ_GEN.R002H0CHC21
Fortinet	W32/Danabot.S!tr
AVG	Win32:BankerX-gen [Trj]
Panda	Trj/GdSda.A
Qihoo-360	Win32/TrojanPSW.DanaBot.HgkASaQA

update.dll

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All