Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	May 23, 2023, 5:13 p.m.	May 23, 2023, 5:28 p.m.

Size	417.2KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`ef9d99538803de5140aa18eeb3b958b3`
SHA256	`26e297f8f4bf5837af4c8b5132598c2eed45245c4f6baf0e8c960ff2a555989e`
CRC32	`8C48BC7A`
ssdeep	`12288:Uvm1Q2ufBC02C3ihqQ8w99Pj3S+l9wwFTlULWrU:im1QJZr2C3qnR5luwNGa`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

csrss.exe "C:\Users\test22\AppData\Local\Temp\csrss.exe"
2564

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
192.3.216.137	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx May 23, 2023, 5:13 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 9670 events)

Time & API	Arguments	Status
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 8b a1 ea 60 39 87 a0 2b 2b 1f f1 68 a3 13 a8 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5064926 registers.esp: 60421968 registers.edi: 241592 registers.eax: 9962280 registers.ebp: 60421968 registers.edx: 84295680 registers.ebx: 84295680 registers.esi: 1995838602 registers.ecx: 84297966	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 33 8b b8 a0 37 2d 0c 81 70 70 00 5b 81 34 24 exception.instruction: mov dword ptr [ebx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5064950 registers.esp: 60421960 registers.edi: 241592 registers.eax: 9962280 registers.ebp: 60421968 registers.edx: 84295680 registers.ebx: 0 registers.esi: 1995838602 registers.ecx: 84297966	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7d 0a 91 41 2d 5e ef f6 67 3e 6b ed 69 7d 22 fe exception.instruction: jge 0x5064997 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x506498b registers.esp: 60421956 registers.edi: 241592 registers.eax: 9962280 registers.ebp: 60421968 registers.edx: 84295680 registers.ebx: 84295680 registers.esi: 60421952 registers.ecx: 256	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 80 b6 10 e8 87 5e 56 be 4c a5 c9 69 81 f6 6c exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x50649b2 registers.esp: 60421964 registers.edi: 241592 registers.eax: 9962280 registers.ebp: 60421968 registers.edx: 84295680 registers.ebx: 84295680 registers.esi: 1995838602 registers.ecx: 84297966	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 0e 8b 2c e3 fd 73 83 77 22 49 00 5e e8 42 bc exception.instruction: mov dword ptr [esi], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x50649cb registers.esp: 60421960 registers.edi: 241592 registers.eax: 9962280 registers.ebp: 60421968 registers.edx: 84295680 registers.ebx: 84295680 registers.esi: 0 registers.ecx: 84297966	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 92 2b 58 6b 0e d9 89 e3 74 56 3e 76 ae 67 af exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5080623 registers.esp: 60421956 registers.edi: 241592 registers.eax: 9962280 registers.ebp: 60421968 registers.edx: 84295680 registers.ebx: 84295680 registers.esi: 1995838602 registers.ecx: 84297966	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 83 51 c1 60 56 be c6 c0 46 0b 81 ee d9 fc ca exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x508063e registers.esp: 60421960 registers.edi: 241592 registers.eax: 9962280 registers.ebp: 60421968 registers.edx: 84295680 registers.ebx: 84295680 registers.esi: 1995838602 registers.ecx: 84297966	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 36 96 c2 6c 63 18 85 09 1d 27 8c b5 ba 0d 76 exception.instruction: mov dword ptr [esi], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x508065b registers.esp: 60421924 registers.edi: 241592 registers.eax: 9962280 registers.ebp: 60421968 registers.edx: 84295680 registers.ebx: 84295680 registers.esi: 0 registers.ecx: 84297966	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 80 83 6b 78 22 05 68 0a ce d0 42 cc 8c 91 43 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x508066d registers.esp: 60421928 registers.edi: 241592 registers.eax: 9962280 registers.ebp: 60421968 registers.edx: 84295680 registers.ebx: 84295680 registers.esi: 1995838602 registers.ecx: 84297966	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 8c 91 43 04 d9 77 d5 03 73 25 81 2c 24 0d e3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5080679 registers.esp: 60421924 registers.edi: 241592 registers.eax: 9962280 registers.ebp: 60421968 registers.edx: 84295680 registers.ebx: 84295680 registers.esi: 1995838602 registers.ecx: 84297966	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 8f 1d ec f2 e5 6c f7 81 34 24 c0 f5 2e 40 50 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x50806e1 registers.esp: 60421924 registers.edi: 241592 registers.eax: 9962280 registers.ebp: 60421968 registers.edx: 84295680 registers.ebx: 84295680 registers.esi: 1995838602 registers.ecx: 84297966	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 76 05 8a f0 56 b5 98 14 b1 ef c9 5a 00 38 c3 59 exception.instruction: jbe 0x5080710 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5080709 registers.esp: 60421916 registers.edi: 241592 registers.eax: 256 registers.ebp: 60421968 registers.edx: 84295680 registers.ebx: 84295680 registers.esi: 1995838602 registers.ecx: 60421912	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 79 02 81 31 38 00 66 85 c3 59 84 e4 58 68 e7 4a exception.instruction: jns 0x5080747 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5080743 registers.esp: 60421916 registers.edi: 241592 registers.eax: 256 registers.ebp: 60421968 registers.edx: 84295680 registers.ebx: 84295680 registers.esi: 1995838602 registers.ecx: 60421912	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 8f 3f f8 33 c3 78 cd 57 bf d5 15 ef 38 81 c7 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5080755 registers.esp: 60421920 registers.edi: 241592 registers.eax: 9962280 registers.ebp: 60421968 registers.edx: 84295680 registers.ebx: 84295680 registers.esi: 1995838602 registers.ecx: 84297966	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 0f 8d ca 1c 07 a4 b7 15 00 5f 81 04 24 52 32 exception.instruction: mov dword ptr [edi], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5080775 registers.esp: 60421916 registers.edi: 0 registers.eax: 9962280 registers.ebp: 60421968 registers.edx: 84295680 registers.ebx: 84295680 registers.esi: 1995838602 registers.ecx: 84297966	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 07 93 16 ab 94 ee ae 52 ce 4b a5 ea 35 b1 79 exception.instruction: mov dword ptr [edi], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x50807a5 registers.esp: 60421916 registers.edi: 0 registers.eax: 9962280 registers.ebp: 60421968 registers.edx: 84295680 registers.ebx: 84295680 registers.esi: 1995838602 registers.ecx: 84297966	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 3a 90 5d e1 06 d5 47 5a ab 1c b0 34 6c 6a d8 exception.instruction: mov dword ptr [edx], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x50807df registers.esp: 60421916 registers.edi: 241592 registers.eax: 9962280 registers.ebp: 60421968 registers.edx: 0 registers.ebx: 84295680 registers.esi: 1995838602 registers.ecx: 84297966	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 82 e5 2a cf 53 bb 8d fa 2f 95 81 eb e4 79 19 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x50807fe registers.esp: 60421920 registers.edi: 241592 registers.eax: 9962280 registers.ebp: 60421968 registers.edx: 84295680 registers.ebx: 84295680 registers.esi: 1995838602 registers.ecx: 84297966	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7d 03 81 18 59 00 66 39 c2 58 f8 5b 89 8d 38 02 exception.instruction: jge 0x508082f exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x508082a registers.esp: 60421912 registers.edi: 241592 registers.eax: 60421908 registers.ebp: 60421968 registers.edx: 84295680 registers.ebx: 256 registers.esi: 1995838602 registers.ecx: 84297966	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 08 91 98 b2 92 7d f4 21 53 7a 97 40 44 81 e6 exception.instruction: mov dword ptr [eax], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5080851 registers.esp: 60421916 registers.edi: 241592 registers.eax: 0 registers.ebp: 60421968 registers.edx: 84295680 registers.ebx: 84295680 registers.esi: 1995838602 registers.ecx: 3695233873	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 11 81 e3 a1 00 59 cc 80 e3 a5 20 bc 5a 81 f1 exception.instruction: mov dword ptr [ecx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5080886 registers.esp: 60421916 registers.edi: 241592 registers.eax: 9962280 registers.ebp: 60421968 registers.edx: 84295680 registers.ebx: 84295680 registers.esi: 1995838602 registers.ecx: 0	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 80 e3 a5 20 bc 5a 81 f1 75 0b 2e 5d 51 8b 8d exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x508088d registers.esp: 60421920 registers.edi: 241592 registers.eax: 9962280 registers.ebp: 60421968 registers.edx: 84295680 registers.ebx: 84295680 registers.esi: 1995838602 registers.ecx: 1566182171	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 73 04 80 32 47 1b 00 84 c8 59 84 f5 5e 53 bb 3b exception.instruction: jae 0x50808c2 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x50808bc registers.esp: 60421908 registers.edi: 241592 registers.eax: 9962280 registers.ebp: 60421968 registers.edx: 84295680 registers.ebx: 84295680 registers.esi: 256 registers.ecx: 60421904	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7d 04 8f 9c 28 4a d9 00 66 85 d1 58 85 c1 5b 89 exception.instruction: jge 0x50808f1 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x50808eb registers.esp: 60421908 registers.edi: 241592 registers.eax: 60421904 registers.ebp: 60421968 registers.edx: 84295680 registers.ebx: 256 registers.esi: 1995838602 registers.ecx: 84297966	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7f 0a 95 04 f0 74 8a 1e 5f 1f fa 3e 37 84 26 b9 exception.instruction: jg 0x5080923 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5080917 registers.esp: 60421908 registers.edi: 241592 registers.eax: 9962280 registers.ebp: 60421968 registers.edx: 84295680 registers.ebx: 256 registers.esi: 1995838602 registers.ecx: 60421904	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 72 07 8c 6e aa 7c 22 36 03 b1 00 66 39 ca 58 66 exception.instruction: jb 0x5080964 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x508095b registers.esp: 60421908 registers.edi: 256 registers.eax: 60421904 registers.ebp: 60421968 registers.edx: 1194947837 registers.ebx: 84295680 registers.esi: 1995838602 registers.ecx: 60421916	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 18 8c 2f eb 53 cc 0d 6e cc 00 58 cc 94 48 df exception.instruction: mov dword ptr [eax], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5080997 registers.esp: 60421912 registers.edi: 241592 registers.eax: 0 registers.ebp: 60421968 registers.edx: 1995596250 registers.ebx: 4067111989 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 94 48 df e5 78 8c a2 d5 b5 6c 62 af a9 53 04 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x50809a3 registers.esp: 60421916 registers.edi: 241592 registers.eax: 1995635376 registers.ebp: 60421968 registers.edx: 1995596250 registers.ebx: 4067111989 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7a 0a 8a c9 f8 f8 48 70 86 0c 66 94 00 84 d1 5e exception.instruction: jp 0x50809f2 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x50809e6 registers.esp: 60421908 registers.edi: 256 registers.eax: 1995635376 registers.ebp: 60421968 registers.edx: 1995596250 registers.ebx: 4067111989 registers.esi: 60421904 registers.ecx: 182	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 03 88 90 60 96 03 19 f2 21 9c a7 e5 ba 00 5b exception.instruction: mov dword ptr [ebx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5080a22 registers.esp: 60421912 registers.edi: 241592 registers.eax: 1995635376 registers.ebp: 60421968 registers.edx: 1995596250 registers.ebx: 0 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 07 89 16 2d 75 64 b6 a9 16 b7 3c 43 00 5f 53 exception.instruction: mov dword ptr [edi], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5080a54 registers.esp: 60421924 registers.edi: 0 registers.eax: 1995635376 registers.ebp: 60421968 registers.edx: 1995596250 registers.ebx: 4067111989 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7a 06 8e 72 f4 53 18 29 00 f6 c3 a4 5e 85 c9 5b exception.instruction: jp 0x5080a92 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5080a8a registers.esp: 60421920 registers.edi: 241592 registers.eax: 1995635376 registers.ebp: 60421968 registers.edx: 1995596250 registers.ebx: 256 registers.esi: 60421916 registers.ecx: 182	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 11 88 02 08 08 bb 22 ea df e9 0e b4 58 00 59 exception.instruction: mov dword ptr [ecx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5080ab2 registers.esp: 60421924 registers.edi: 241592 registers.eax: 1995635376 registers.ebp: 60421968 registers.edx: 1995596250 registers.ebx: 4067111989 registers.esi: 1995838602 registers.ecx: 0	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 33 97 0e 6d f2 b8 51 0e 0a 2f bb 40 23 8a 00 exception.instruction: mov dword ptr [ebx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5080aeb registers.esp: 60421924 registers.edi: 241592 registers.eax: 1995635376 registers.ebp: 60421968 registers.edx: 2510374295 registers.ebx: 0 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 81 f2 5a 53 d6 50 b8 e9 a1 d1 fe 35 24 31 41 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5080b02 registers.esp: 60421928 registers.edi: 241592 registers.eax: 1995635376 registers.ebp: 60421968 registers.edx: 1608637961 registers.ebx: 4067111989 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 30 8c 66 72 5a 7f be f8 80 00 58 81 f2 4c fc exception.instruction: mov dword ptr [eax], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5080b1d registers.esp: 60421924 registers.edi: 241592 registers.eax: 0 registers.ebp: 60421968 registers.edx: 1608637961 registers.ebx: 4067111989 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 8c 32 b2 46 2b 4c eb eb 53 b8 81 f2 41 22 b5 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5080b2f registers.esp: 60421928 registers.edi: 241592 registers.eax: 1995635376 registers.ebp: 60421968 registers.edx: 3467977285 registers.ebx: 4067111989 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 82 1a 2a ee 8b 95 61 02 00 00 cc 92 84 92 b4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5080b41 registers.esp: 60421924 registers.edi: 241592 registers.eax: 1995635376 registers.ebp: 60421968 registers.edx: 4 registers.ebx: 4067111989 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 92 84 92 b4 99 2d 0c 76 dd 40 96 be dd f8 2f exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5080b4c registers.esp: 60421924 registers.edi: 241592 registers.eax: 1995635376 registers.ebp: 60421968 registers.edx: 1995596250 registers.ebx: 4067111989 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 02 80 cb 49 2b 00 5a 57 bf ee ec 12 dd 81 f7 exception.instruction: mov dword ptr [edx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5080b7f registers.esp: 60421920 registers.edi: 241592 registers.eax: 1995635376 registers.ebp: 60421968 registers.edx: 0 registers.ebx: 4067111989 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 0f 80 90 45 94 00 5f cc 82 2c 60 5a 68 e5 f5 exception.instruction: mov dword ptr [edi], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5080b99 registers.esp: 60421920 registers.edi: 0 registers.eax: 1995635376 registers.ebp: 60421968 registers.edx: 1995596250 registers.ebx: 4067111989 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 82 2c 60 5a 68 e5 f5 b6 ea 51 b9 2e a1 bd 2a exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5080ba1 registers.esp: 60421924 registers.edi: 241592 registers.eax: 1995635376 registers.ebp: 60421968 registers.edx: 1995596250 registers.ebx: 4067111989 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 70 0a 95 1b 2a b4 09 27 15 80 cc 23 93 30 0b c8 exception.instruction: jo 0x5080bde exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5080bd2 registers.esp: 60421912 registers.edi: 60421908 registers.eax: 1995635376 registers.ebp: 60421968 registers.edx: 1995596250 registers.ebx: 4067111989 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 73 08 96 ac 6b db b0 93 1d fd b6 6a 66 c1 58 6a exception.instruction: jae 0x5080c2d exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5080c23 registers.esp: 60421912 registers.edi: 60421908 registers.eax: 1995635376 registers.ebp: 60421968 registers.edx: 1995596250 registers.ebx: 256 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 88 ac 06 6a 43 88 98 b9 ec 12 1e 10 67 2a 57 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5080cb7 registers.esp: 60421920 registers.edi: 241592 registers.eax: 1995635376 registers.ebp: 60421968 registers.edx: 1995596250 registers.ebx: 4067111989 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 71 0b 91 d6 0f 8f bc 2f 65 22 a5 a0 33 5d 16 0c exception.instruction: jno 0x5080cfb exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5080cee registers.esp: 60421912 registers.edi: 256 registers.eax: 1995635376 registers.ebp: 60421968 registers.edx: 1995596250 registers.ebx: 4067111989 registers.esi: 60421908 registers.ecx: 182	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 38 8a 9b da d3 ee 33 74 4f 61 f4 00 58 81 f1 exception.instruction: mov dword ptr [eax], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5080d2b registers.esp: 60421916 registers.edi: 241592 registers.eax: 0 registers.ebp: 60421968 registers.edx: 1995596250 registers.ebx: 60421968 registers.esi: 1995838602 registers.ecx: 4089540962	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 77 02 89 3f 69 6d ee 67 11 9b 92 50 6f 00 66 39 exception.instruction: ja 0x5080d61 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5080d5d registers.esp: 60421912 registers.edi: 241592 registers.eax: 256 registers.ebp: 60421968 registers.edx: 1995596250 registers.ebx: 60421908 registers.esi: 1995838602 registers.ecx: 38116714	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 36 8a 54 37 9d 05 76 e4 df 0e 2a 00 5e 81 c1 exception.instruction: mov dword ptr [esi], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5080d96 registers.esp: 60421916 registers.edi: 241592 registers.eax: 1995635376 registers.ebp: 60421968 registers.edx: 1995596250 registers.ebx: 60421968 registers.esi: 0 registers.ecx: 2514765173	1
__exception__ May 23, 2023, 5:14 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7d 02 81 a7 71 00 66 f7 c2 67 f9 58 80 fd 43 59 exception.instruction: jge 0x5080ddd exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5080dd9 registers.esp: 60421912 registers.edi: 241592 registers.eax: 60421908 registers.ebp: 60421968 registers.edx: 1995596250 registers.ebx: 60422292 registers.esi: 1995838602 registers.ecx: 256	1

Allocates read-write-execute memory (usually to unpack itself) (4 events)

Time & API	Arguments	Status
NtProtectVirtualMemory May 23, 2023, 5:13 p.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73272000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 23, 2023, 5:13 p.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10004000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 23, 2023, 5:13 p.m.	process_identifier: 2564 region_size: 34140160 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03a10000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory May 23, 2023, 5:14 p.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 876544 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76f20000 process_handle: 0xffffffff	1

Creates executable files on the filesystem (2 events)

file	C:\Users\test22\AppData\Local\Temp\nsbF108.tmp\System.dll
file	C:\Users\test22\Sladrehankens\Bagagebrernes\SoulKeyServicePlugin.dll

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\nsbF108.tmp\System.dll

Queries for potentially installed applications (50 out of 271 events)

Time & API	Arguments	Return
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2
RegOpenKeyExA May 23, 2023, 5:13 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Splintredes229\Bortforpagtes	2

Communicates with host for which no DNS query was performed (1 event)

host

192.3.216.137

Enumerates services, possibly for anti-virtualization (1 event)

Time & API	Arguments	Status	Return	Repeated
EnumServicesStatusA May 23, 2023, 5:14 p.m.	service_handle: 0x00969930 service_type: 48 service_status: 3	1	1	0

File has been identified by 21 AntiVirus engines on VirusTotal as malicious (21 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Androm.4!c
Elastic	malicious (high confidence)
FireEye	Generic.mg.ef9d99538803de51
McAfee	Artemis!EF9D99538803
Sangfor	Trojan.Win32.Agent.Vjqw
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Backdoor.Win32.Androm.gen
Avast	FileRepMalware [Misc]
Sophos	Mal/Generic-S
McAfee-GW-Edition	Artemis!Trojan
Trapmine	suspicious.low.ml.score
Webroot	W32.Malware.Gen
Microsoft	Trojan:Win32/Wacatac.B!ml
ZoneAlarm	HEUR:Backdoor.Win32.Androm.gen
Cylance	unsafe
AVG	FileRepMalware [Misc]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_60% (W)

csrss.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All