Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Dec. 13, 2022, 9:48 a.m.	Dec. 13, 2022, 9:50 a.m.

Size	2.9MB
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`b26439eb7f5e2a7f1e2dabcfa8e3a7b1`
SHA256	`47a40add511868171afab04d336c6120be951799b6230fdbd581e6469e1a088e`
CRC32	`2481B5F0`
ssdeep	`49152:EW32/5cuXfOG+CwXxDebqytiJCaLsL6M8Aoek1d:anXWRxDQqCLd8AK`
Yara	OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE64 - (no description) Malicious_Packer_Zero - Malicious Packer UPX_Zero - UPX packed file

LIMSt.exe "C:\Users\test22\AppData\Local\Temp\LIMSt.exe"
1984
- WMIC.exe wmic os get Caption
  2120
- cmd.exe cmd /C "wmic path win32_VideoController get name"
  2248
  - WMIC.exe wmic path win32_VideoController get name
    2308
- cmd.exe cmd /C "wmic cpu get name"
  2384
  - WMIC.exe wmic cpu get name
    2444

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
185.239.239.194	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 185.239.239.194:8081 -> 192.168.56.103:49162	2260003	SURICATA Applayer Protocol detection skipped	Generic Protocol Command Decode

Suricata TLS

No Suricata TLS

Queries for the computername (3 events)

Time & API	Arguments	Status	Return
GetComputerNameW Dec. 13, 2022, 9:41 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Dec. 13, 2022, 9:41 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Dec. 13, 2022, 9:41 a.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (3 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Dec. 13, 2022, 9:41 a.m.			0	0
IsDebuggerPresent Dec. 13, 2022, 9:41 a.m.			0	0
IsDebuggerPresent Dec. 13, 2022, 9:41 a.m.			0	0

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Dec. 13, 2022, 9:41 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.symtab

One or more processes crashed (3 events)

Time & API	Arguments	Status
__exception__ Dec. 13, 2022, 9:41 a.m.	stacktrace: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefdbfa49d RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7fefdf373c3 ObjectStublessClient32+0x8bf CoDisconnectContext-0x107b9 ole32+0x443bf @ 0x7fefe0943bf IUnknown_AddRef_Proxy+0x1f5 NdrFixedArrayBufferSize-0xeb rpcrt4+0x35295 @ 0x7fefdf55295 I_RpcFreeBuffer+0x1b9 NdrRangeUnmarshall-0x5a7 rpcrt4+0x32799 @ 0x7fefdf52799 Ndr64AsyncServerCallAll+0xa9e Ndr64AsyncClientCall-0xf42 rpcrt4+0xdaf1e @ 0x7fefdffaf1e Ndr64AsyncServerCallAll+0x12ec Ndr64AsyncClientCall-0x6f4 rpcrt4+0xdb76c @ 0x7fefdffb76c NdrStubCall3+0xc6 NdrOleAllocate-0x3ea rpcrt4+0x348d6 @ 0x7fefdf548d6 CoGetInstanceFromFile+0x4cd3 HACCEL_UserFree-0x70fd ole32+0x170883 @ 0x7fefe1c0883 CoGetInstanceFromFile+0x511d HACCEL_UserFree-0x6cb3 ole32+0x170ccd @ 0x7fefe1c0ccd CoGetInstanceFromFile+0x5093 HACCEL_UserFree-0x6d3d ole32+0x170c43 @ 0x7fefe1c0c43 CoSetState+0x1450 DcomChannelSetHResult-0x34c ole32+0x2a4f0 @ 0x7fefe07a4f0 GetErrorInfo+0x599 ObjectStublessClient7-0xb1f ole32+0x3d551 @ 0x7fefe08d551 CoGetInstanceFromFile+0x78ce HACCEL_UserFree-0x4502 ole32+0x17347e @ 0x7fefe1c347e CoGetInstanceFromFile+0x567b HACCEL_UserFree-0x6755 ole32+0x17122b @ 0x7fefe1c122b CoGetInstanceFromFile+0x7992 HACCEL_UserFree-0x443e ole32+0x173542 @ 0x7fefe1c3542 GetErrorInfo+0x475 ObjectStublessClient7-0xc43 ole32+0x3d42d @ 0x7fefe08d42d GetErrorInfo+0x21e ObjectStublessClient7-0xe9a ole32+0x3d1d6 @ 0x7fefe08d1d6 TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x77259bd1 TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x772598da GetErrorInfo+0xf3 ObjectStublessClient7-0xfc5 ole32+0x3d0ab @ 0x7fefe08d0ab CoUnloadingWOW+0x117 OleCreateFromFileEx-0x1829 ole32+0x163e57 @ 0x7fefe1b3e57 ObjectStublessClient24+0x1876 CLSIDFromString-0x57a ole32+0x10106 @ 0x7fefe060106 ObjectStublessClient24+0x18f2 CLSIDFromString-0x4fe ole32+0x10182 @ 0x7fefe060182 BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00 exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d exception.instruction: add rsp, 0xc8 exception.module: KERNELBASE.dll exception.exception_code: 0x80040155 exception.offset: 42141 exception.address: 0x7fefdbfa49d registers.r14: 0 registers.r15: 0 registers.rcx: 48621072 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 48627024 registers.r11: 48622832 registers.r8: 0 registers.r9: 0 registers.rdx: 1 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1973127738 registers.r13: 0	1
__exception__ Dec. 13, 2022, 9:41 a.m.	stacktrace: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefdbfa49d RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7fefdf373c3 ObjectStublessClient32+0x8bf CoDisconnectContext-0x107b9 ole32+0x443bf @ 0x7fefe0943bf IUnknown_AddRef_Proxy+0x1f5 NdrFixedArrayBufferSize-0xeb rpcrt4+0x35295 @ 0x7fefdf55295 I_RpcFreeBuffer+0x1b9 NdrRangeUnmarshall-0x5a7 rpcrt4+0x32799 @ 0x7fefdf52799 Ndr64AsyncServerCallAll+0xa9e Ndr64AsyncClientCall-0xf42 rpcrt4+0xdaf1e @ 0x7fefdffaf1e Ndr64AsyncServerCallAll+0x12ec Ndr64AsyncClientCall-0x6f4 rpcrt4+0xdb76c @ 0x7fefdffb76c NdrStubCall3+0xc6 NdrOleAllocate-0x3ea rpcrt4+0x348d6 @ 0x7fefdf548d6 CoGetInstanceFromFile+0x4cd3 HACCEL_UserFree-0x70fd ole32+0x170883 @ 0x7fefe1c0883 CoGetInstanceFromFile+0x511d HACCEL_UserFree-0x6cb3 ole32+0x170ccd @ 0x7fefe1c0ccd CoGetInstanceFromFile+0x5093 HACCEL_UserFree-0x6d3d ole32+0x170c43 @ 0x7fefe1c0c43 CoSetState+0x1450 DcomChannelSetHResult-0x34c ole32+0x2a4f0 @ 0x7fefe07a4f0 GetErrorInfo+0x599 ObjectStublessClient7-0xb1f ole32+0x3d551 @ 0x7fefe08d551 CoGetInstanceFromFile+0x78ce HACCEL_UserFree-0x4502 ole32+0x17347e @ 0x7fefe1c347e CoGetInstanceFromFile+0x567b HACCEL_UserFree-0x6755 ole32+0x17122b @ 0x7fefe1c122b CoGetInstanceFromFile+0x7992 HACCEL_UserFree-0x443e ole32+0x173542 @ 0x7fefe1c3542 GetErrorInfo+0x475 ObjectStublessClient7-0xc43 ole32+0x3d42d @ 0x7fefe08d42d GetErrorInfo+0x21e ObjectStublessClient7-0xe9a ole32+0x3d1d6 @ 0x7fefe08d1d6 TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x77259bd1 TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x772598da GetErrorInfo+0xf3 ObjectStublessClient7-0xfc5 ole32+0x3d0ab @ 0x7fefe08d0ab CoUnloadingWOW+0x117 OleCreateFromFileEx-0x1829 ole32+0x163e57 @ 0x7fefe1b3e57 ObjectStublessClient24+0x1876 CLSIDFromString-0x57a ole32+0x10106 @ 0x7fefe060106 ObjectStublessClient24+0x18f2 CLSIDFromString-0x4fe ole32+0x10182 @ 0x7fefe060182 BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00 exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d exception.instruction: add rsp, 0xc8 exception.module: KERNELBASE.dll exception.exception_code: 0x80040155 exception.offset: 42141 exception.address: 0x7fefdbfa49d registers.r14: 0 registers.r15: 0 registers.rcx: 49340848 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 49346800 registers.r11: 49342608 registers.r8: 0 registers.r9: 0 registers.rdx: 1 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1972273944 registers.r13: 0	1
__exception__ Dec. 13, 2022, 9:41 a.m.	stacktrace: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefdbfa49d RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7fefdf373c3 ObjectStublessClient32+0x8bf CoDisconnectContext-0x107b9 ole32+0x443bf @ 0x7fefe0943bf IUnknown_AddRef_Proxy+0x1f5 NdrFixedArrayBufferSize-0xeb rpcrt4+0x35295 @ 0x7fefdf55295 I_RpcFreeBuffer+0x1b9 NdrRangeUnmarshall-0x5a7 rpcrt4+0x32799 @ 0x7fefdf52799 Ndr64AsyncServerCallAll+0xa9e Ndr64AsyncClientCall-0xf42 rpcrt4+0xdaf1e @ 0x7fefdffaf1e Ndr64AsyncServerCallAll+0x12ec Ndr64AsyncClientCall-0x6f4 rpcrt4+0xdb76c @ 0x7fefdffb76c NdrStubCall3+0xc6 NdrOleAllocate-0x3ea rpcrt4+0x348d6 @ 0x7fefdf548d6 CoGetInstanceFromFile+0x4cd3 HACCEL_UserFree-0x70fd ole32+0x170883 @ 0x7fefe1c0883 CoGetInstanceFromFile+0x511d HACCEL_UserFree-0x6cb3 ole32+0x170ccd @ 0x7fefe1c0ccd CoGetInstanceFromFile+0x5093 HACCEL_UserFree-0x6d3d ole32+0x170c43 @ 0x7fefe1c0c43 CoSetState+0x1450 DcomChannelSetHResult-0x34c ole32+0x2a4f0 @ 0x7fefe07a4f0 GetErrorInfo+0x599 ObjectStublessClient7-0xb1f ole32+0x3d551 @ 0x7fefe08d551 CoGetInstanceFromFile+0x78ce HACCEL_UserFree-0x4502 ole32+0x17347e @ 0x7fefe1c347e CoGetInstanceFromFile+0x567b HACCEL_UserFree-0x6755 ole32+0x17122b @ 0x7fefe1c122b CoGetInstanceFromFile+0x7992 HACCEL_UserFree-0x443e ole32+0x173542 @ 0x7fefe1c3542 GetErrorInfo+0x475 ObjectStublessClient7-0xc43 ole32+0x3d42d @ 0x7fefe08d42d GetErrorInfo+0x21e ObjectStublessClient7-0xe9a ole32+0x3d1d6 @ 0x7fefe08d1d6 TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x77259bd1 TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x772598da GetErrorInfo+0xf3 ObjectStublessClient7-0xfc5 ole32+0x3d0ab @ 0x7fefe08d0ab CoUnloadingWOW+0x117 OleCreateFromFileEx-0x1829 ole32+0x163e57 @ 0x7fefe1b3e57 ObjectStublessClient24+0x1876 CLSIDFromString-0x57a ole32+0x10106 @ 0x7fefe060106 ObjectStublessClient24+0x18f2 CLSIDFromString-0x4fe ole32+0x10182 @ 0x7fefe060182 BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00 exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d exception.instruction: add rsp, 0xc8 exception.module: KERNELBASE.dll exception.exception_code: 0x80040155 exception.offset: 42141 exception.address: 0x7fefdbfa49d registers.r14: 0 registers.r15: 0 registers.rcx: 47704032 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 47709984 registers.r11: 47705792 registers.r8: 0 registers.r9: 0 registers.rdx: 1 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1974042650 registers.r13: 0	1

Time & API

Arguments

Status

Return

Repeated

__exception__

Dec. 13, 2022, 9:41 a.m.

stacktrace:

RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefdbfa49d
RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7fefdf373c3
ObjectStublessClient32+0x8bf CoDisconnectContext-0x107b9 ole32+0x443bf @ 0x7fefe0943bf
IUnknown_AddRef_Proxy+0x1f5 NdrFixedArrayBufferSize-0xeb rpcrt4+0x35295 @ 0x7fefdf55295
I_RpcFreeBuffer+0x1b9 NdrRangeUnmarshall-0x5a7 rpcrt4+0x32799 @ 0x7fefdf52799
Ndr64AsyncServerCallAll+0xa9e Ndr64AsyncClientCall-0xf42 rpcrt4+0xdaf1e @ 0x7fefdffaf1e
Ndr64AsyncServerCallAll+0x12ec Ndr64AsyncClientCall-0x6f4 rpcrt4+0xdb76c @ 0x7fefdffb76c
NdrStubCall3+0xc6 NdrOleAllocate-0x3ea rpcrt4+0x348d6 @ 0x7fefdf548d6
CoGetInstanceFromFile+0x4cd3 HACCEL_UserFree-0x70fd ole32+0x170883 @ 0x7fefe1c0883
CoGetInstanceFromFile+0x511d HACCEL_UserFree-0x6cb3 ole32+0x170ccd @ 0x7fefe1c0ccd
CoGetInstanceFromFile+0x5093 HACCEL_UserFree-0x6d3d ole32+0x170c43 @ 0x7fefe1c0c43
CoSetState+0x1450 DcomChannelSetHResult-0x34c ole32+0x2a4f0 @ 0x7fefe07a4f0
GetErrorInfo+0x599 ObjectStublessClient7-0xb1f ole32+0x3d551 @ 0x7fefe08d551
CoGetInstanceFromFile+0x78ce HACCEL_UserFree-0x4502 ole32+0x17347e @ 0x7fefe1c347e
CoGetInstanceFromFile+0x567b HACCEL_UserFree-0x6755 ole32+0x17122b @ 0x7fefe1c122b
CoGetInstanceFromFile+0x7992 HACCEL_UserFree-0x443e ole32+0x173542 @ 0x7fefe1c3542
GetErrorInfo+0x475 ObjectStublessClient7-0xc43 ole32+0x3d42d @ 0x7fefe08d42d
GetErrorInfo+0x21e ObjectStublessClient7-0xe9a ole32+0x3d1d6 @ 0x7fefe08d1d6
TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x77259bd1
TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x772598da
GetErrorInfo+0xf3 ObjectStublessClient7-0xfc5 ole32+0x3d0ab @ 0x7fefe08d0ab
CoUnloadingWOW+0x117 OleCreateFromFileEx-0x1829 ole32+0x163e57 @ 0x7fefe1b3e57
ObjectStublessClient24+0x1876 CLSIDFromString-0x57a ole32+0x10106 @ 0x7fefe060106
ObjectStublessClient24+0x18f2 CLSIDFromString-0x4fe ole32+0x10182 @ 0x7fefe060182
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521

exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00
exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d
exception.instruction: add rsp, 0xc8
exception.module: KERNELBASE.dll
exception.exception_code: 0x80040155
exception.offset: 42141
exception.address: 0x7fefdbfa49d
registers.r14: 0
registers.r15: 0
registers.rcx: 48621072
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 48627024
registers.r11: 48622832
registers.r8: 0
registers.r9: 0
registers.rdx: 1
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 1973127738
registers.r13: 0

__exception__

Dec. 13, 2022, 9:41 a.m.

stacktrace:

RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefdbfa49d
RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7fefdf373c3
ObjectStublessClient32+0x8bf CoDisconnectContext-0x107b9 ole32+0x443bf @ 0x7fefe0943bf
IUnknown_AddRef_Proxy+0x1f5 NdrFixedArrayBufferSize-0xeb rpcrt4+0x35295 @ 0x7fefdf55295
I_RpcFreeBuffer+0x1b9 NdrRangeUnmarshall-0x5a7 rpcrt4+0x32799 @ 0x7fefdf52799
Ndr64AsyncServerCallAll+0xa9e Ndr64AsyncClientCall-0xf42 rpcrt4+0xdaf1e @ 0x7fefdffaf1e
Ndr64AsyncServerCallAll+0x12ec Ndr64AsyncClientCall-0x6f4 rpcrt4+0xdb76c @ 0x7fefdffb76c
NdrStubCall3+0xc6 NdrOleAllocate-0x3ea rpcrt4+0x348d6 @ 0x7fefdf548d6
CoGetInstanceFromFile+0x4cd3 HACCEL_UserFree-0x70fd ole32+0x170883 @ 0x7fefe1c0883
CoGetInstanceFromFile+0x511d HACCEL_UserFree-0x6cb3 ole32+0x170ccd @ 0x7fefe1c0ccd
CoGetInstanceFromFile+0x5093 HACCEL_UserFree-0x6d3d ole32+0x170c43 @ 0x7fefe1c0c43
CoSetState+0x1450 DcomChannelSetHResult-0x34c ole32+0x2a4f0 @ 0x7fefe07a4f0
GetErrorInfo+0x599 ObjectStublessClient7-0xb1f ole32+0x3d551 @ 0x7fefe08d551
CoGetInstanceFromFile+0x78ce HACCEL_UserFree-0x4502 ole32+0x17347e @ 0x7fefe1c347e
CoGetInstanceFromFile+0x567b HACCEL_UserFree-0x6755 ole32+0x17122b @ 0x7fefe1c122b
CoGetInstanceFromFile+0x7992 HACCEL_UserFree-0x443e ole32+0x173542 @ 0x7fefe1c3542
GetErrorInfo+0x475 ObjectStublessClient7-0xc43 ole32+0x3d42d @ 0x7fefe08d42d
GetErrorInfo+0x21e ObjectStublessClient7-0xe9a ole32+0x3d1d6 @ 0x7fefe08d1d6
TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x77259bd1
TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x772598da
GetErrorInfo+0xf3 ObjectStublessClient7-0xfc5 ole32+0x3d0ab @ 0x7fefe08d0ab
CoUnloadingWOW+0x117 OleCreateFromFileEx-0x1829 ole32+0x163e57 @ 0x7fefe1b3e57
ObjectStublessClient24+0x1876 CLSIDFromString-0x57a ole32+0x10106 @ 0x7fefe060106
ObjectStublessClient24+0x18f2 CLSIDFromString-0x4fe ole32+0x10182 @ 0x7fefe060182
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521

exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00
exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d
exception.instruction: add rsp, 0xc8
exception.module: KERNELBASE.dll
exception.exception_code: 0x80040155
exception.offset: 42141
exception.address: 0x7fefdbfa49d
registers.r14: 0
registers.r15: 0
registers.rcx: 49340848
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 49346800
registers.r11: 49342608
registers.r8: 0
registers.r9: 0
registers.rdx: 1
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 1972273944
registers.r13: 0

__exception__

Dec. 13, 2022, 9:41 a.m.

stacktrace:

RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefdbfa49d
RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7fefdf373c3
ObjectStublessClient32+0x8bf CoDisconnectContext-0x107b9 ole32+0x443bf @ 0x7fefe0943bf
IUnknown_AddRef_Proxy+0x1f5 NdrFixedArrayBufferSize-0xeb rpcrt4+0x35295 @ 0x7fefdf55295
I_RpcFreeBuffer+0x1b9 NdrRangeUnmarshall-0x5a7 rpcrt4+0x32799 @ 0x7fefdf52799
Ndr64AsyncServerCallAll+0xa9e Ndr64AsyncClientCall-0xf42 rpcrt4+0xdaf1e @ 0x7fefdffaf1e
Ndr64AsyncServerCallAll+0x12ec Ndr64AsyncClientCall-0x6f4 rpcrt4+0xdb76c @ 0x7fefdffb76c
NdrStubCall3+0xc6 NdrOleAllocate-0x3ea rpcrt4+0x348d6 @ 0x7fefdf548d6
CoGetInstanceFromFile+0x4cd3 HACCEL_UserFree-0x70fd ole32+0x170883 @ 0x7fefe1c0883
CoGetInstanceFromFile+0x511d HACCEL_UserFree-0x6cb3 ole32+0x170ccd @ 0x7fefe1c0ccd
CoGetInstanceFromFile+0x5093 HACCEL_UserFree-0x6d3d ole32+0x170c43 @ 0x7fefe1c0c43
CoSetState+0x1450 DcomChannelSetHResult-0x34c ole32+0x2a4f0 @ 0x7fefe07a4f0
GetErrorInfo+0x599 ObjectStublessClient7-0xb1f ole32+0x3d551 @ 0x7fefe08d551
CoGetInstanceFromFile+0x78ce HACCEL_UserFree-0x4502 ole32+0x17347e @ 0x7fefe1c347e
CoGetInstanceFromFile+0x567b HACCEL_UserFree-0x6755 ole32+0x17122b @ 0x7fefe1c122b
CoGetInstanceFromFile+0x7992 HACCEL_UserFree-0x443e ole32+0x173542 @ 0x7fefe1c3542
GetErrorInfo+0x475 ObjectStublessClient7-0xc43 ole32+0x3d42d @ 0x7fefe08d42d
GetErrorInfo+0x21e ObjectStublessClient7-0xe9a ole32+0x3d1d6 @ 0x7fefe08d1d6
TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x77259bd1
TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x772598da
GetErrorInfo+0xf3 ObjectStublessClient7-0xfc5 ole32+0x3d0ab @ 0x7fefe08d0ab
CoUnloadingWOW+0x117 OleCreateFromFileEx-0x1829 ole32+0x163e57 @ 0x7fefe1b3e57
ObjectStublessClient24+0x1876 CLSIDFromString-0x57a ole32+0x10106 @ 0x7fefe060106
ObjectStublessClient24+0x18f2 CLSIDFromString-0x4fe ole32+0x10182 @ 0x7fefe060182
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521

exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00
exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d
exception.instruction: add rsp, 0xc8
exception.module: KERNELBASE.dll
exception.exception_code: 0x80040155
exception.offset: 42141
exception.address: 0x7fefdbfa49d
registers.r14: 0
registers.r15: 0
registers.rcx: 47704032
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 47709984
registers.r11: 47705792
registers.r8: 0
registers.r9: 0
registers.rdx: 1
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 1974042650
registers.r13: 0

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Allocates read-write-execute memory (usually to unpack itself) (3 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Dec. 13, 2022, 9:41 a.m.	process_identifier: 2120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3e89000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Dec. 13, 2022, 9:41 a.m.	process_identifier: 2308 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef4269000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Dec. 13, 2022, 9:41 a.m.	process_identifier: 2444 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3e89000 process_handle: 0xffffffffffffffff	1

Steals private information from local Internet browsers (50 out of 2186 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\fi\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSoceng.store
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\recovery\101.3.34.11\manifest.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\fi\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ro\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\LOG
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nl\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\ca\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ru\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\WidevineCdm\4.10.2391.0\manifest.fingerprint
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\6781\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\MEIPreload\1.0.6.0\preloaded_data.pb
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\en_US\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc10.sth
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\is\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\iw
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\it
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales\ro\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales\fil\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\fil
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\zh_CN\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\_locales\de
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\id
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\ca\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\WidevineCdm\4.10.2209.0\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\7605\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fil\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\cs\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\c652a0ec48ceb3fcab170992c43a87413309e80065a26252401ba3362a17c565.sth
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\_locales\te\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\fi\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\pnacl\0.57.44.2492\_platform_specific\x86_64\pnacl_public_pnacl_json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\_locales\vi\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_TW
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\WidevineCdm\4.10.2209.0\_platform_specific
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\_locales\fi\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales\es_419\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\_locales\ca\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\5ea773f9df56c0e7b536487dd049e0327a919a0c84a112128418759681714558.sth
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\_locales\el\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales\et\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\_locales\ja
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\ja\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\el\

Creates a shortcut to an executable file (50 out of 83 events)

file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\ZeroAI_Click.pyw.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\agent.pyw.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\click_image.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\click.txt.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\msi2.png.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\My Documents.LNK
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\test_doc.eml.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\office_2007.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\exe1.zip.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\test.eml.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\robot.png.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\click.py.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\╗τ┐δ╣².txt.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\ok2.png.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox Guest Additions\Website.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\ok1.png.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\sn.txt.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\util.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\test (1).eml.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\KMSAuto_Net_2015_v1.4. 2.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\docx2.png.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\Database1.accdb.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\한글2010(정품).lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\KMS Activation.txt.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\Office.2010.Toolkit.and.EZ-Activator.v2.1.5.Final.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\agent.py.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\SendTo\EditPlus.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\readme.txt.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\시리얼넘버.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\ZeroCERT.bmp.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\age.pyw.lnk

Creates a suspicious process (5 events)

cmdline	cmd /C "wmic path win32_VideoController get name"
cmdline	cmd /C "wmic cpu get name"
cmdline	wmic os get Caption
cmdline	wmic path win32_VideoController get name
cmdline	wmic cpu get name

Uses Windows utilities for basic Windows functionality (5 events)

cmdline	cmd /C "wmic path win32_VideoController get name"
cmdline	cmd /C "wmic cpu get name"
cmdline	wmic os get Caption
cmdline	wmic path win32_VideoController get name
cmdline	wmic cpu get name

Communicates with host for which no DNS query was performed (1 event)

host

185.239.239.194

Attempts to identify installed AV products by installation directory (1 event)

file	C:\Users\test22\AppData\Local\Temp\SandboxieInstall.exe

Harvests credentials from local email clients (3 events)

file	C:\Users\test22\AppData\Local\Thunderbird\Profiles\hzkyl8yo.default
file	C:\Users\test22\AppData\Roaming\Thunderbird\Profiles\hzkyl8yo.default
file	C:\Users\test22\AppData\Roaming\Thunderbird\profiles.ini

Appends a known multi-family ransomware file extension to files that have been encrypted (2 events)

file	C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\1pfa5s83.default-release\parent.lock
file	C:\Users\test22\AppData\Roaming\Thunderbird\Profiles\g8t0pe67.default-release\parent.lock

Detects the presence of Wine emulator (1 event)

Time & API	Arguments	Status	Return	Repeated
LdrGetProcedureAddress Dec. 13, 2022, 9:41 a.m.	ordinal: 0 function_address: 0x000007fefe467a50 function_name: wine_get_version module: ntdll module_address: 0x00000000776c0000		-1073741511	0

File has been identified by 49 AntiVirus engines on VirusTotal as malicious (49 events)

Lionic	Trojan.Win32.Coins.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKDZ.94141
ALYac	Trojan.GenericKDZ.94141
Cylance	Unsafe
Sangfor	Infostealer.Win32.Coins.Vetn
K7AntiVirus	Trojan ( 0059bc771 )
Alibaba	TrojanPSW:Win32/Coins.e6752413
K7GW	Trojan ( 0059bc771 )
Cyren	W64/ABRisk.UPPS-5289
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of WinGo/Agent.JS
APEX	Malicious
Kaspersky	Trojan-PSW.Win32.Coins.aeda
BitDefender	Trojan.GenericKDZ.94141
NANO-Antivirus	Trojan.Win64.Coins.jtpdda
Cynet	Malicious (score: 100)
Tencent	Win32.Trojan-QQPass.QQRob.Bnhl
Ad-Aware	Trojan.GenericKDZ.94141
Emsisoft	Trojan.GenericKDZ.94141 (B)
F-Secure	Trojan.TR/PSW.Coins.tovmp
VIPRE	Trojan.GenericKDZ.94141
McAfee-GW-Edition	BehavesLike.Win64.Generic.vh
FireEye	Trojan.GenericKDZ.94141
Sophos	Mal/Generic-S
GData	Trojan.GenericKDZ.94141
Jiangmin	Trojan.PSW.Agent.dct
Webroot	W32.Trojan.Genkd
Avira	TR/PSW.Coins.tovmp
Antiy-AVL	Trojan[PSW]/Win32.Coins
Kingsoft	Win32.PSWTroj.Undef.(kcloud)
Gridinsoft	Ransom.Win64.Sabsik.sa
Arcabit	Trojan.Generic.D16FBD
ZoneAlarm	Trojan-PSW.Win32.Coins.aeda
Microsoft	Trojan:Win32/Vigorf.A
Google	Detected
AhnLab-V3	Trojan/Win.Generic.C5305322
McAfee	Artemis!B26439EB7F5E
MAX	malware (ai score=84)
VBA32	TrojanPSW.Coins
Malwarebytes	Malware.AI.4251672349
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002H0CKU22
Rising	Stealer.Coins!8.133E9 (CLOUD)
Ikarus	Trojan.Win64.TurtleLoader
MaxSecure	Trojan.Malware.194146414.susgen
Fortinet	W32/PossibleThreat
AVG	Win64:Evo-gen [Trj]
Avast	Win64:Evo-gen [Trj]

LIMSt.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All