Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	May 31, 2023, 9:11 a.m.	May 31, 2023, 9:19 a.m.

Size	322.1KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`a83e6f2744a3e36adcbfe8065fb1629d`
SHA256	`629969a0881903021d039f309d10a9028a1b967153706f7db6386c0773ce727d`
CRC32	`AFCE16CB`
ssdeep	`6144:ABerKbGyxkJADUIOs35d1yF/ZALfUBB7J+XmDOkmUw:ZaGyIId1fTIs2DOkmf`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

INTERNET.exe "C:\Users\test22\AppData\Local\Temp\INTERNET.exe"
2644

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx May 31, 2023, 9:11 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 71 03 2c 25 24 7e 30 4a cf 0d 46 00 38 c8 5e 66 exception.instruction: jno 0x4b10a3e exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4b10a39 registers.esp: 1631480 registers.edi: 227120 registers.eax: 6005152 registers.ebp: 1631488 registers.edx: 78708736 registers.ebx: 78708736 registers.esi: 1631476 registers.ecx: 256	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 27 f6 3b 1f b9 aa be 02 ff 38 bf 50 b8 89 7b exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b10a52 registers.esp: 1631488 registers.edi: 227120 registers.eax: 6005152 registers.ebp: 1631488 registers.edx: 78708736 registers.ebx: 78708736 registers.esi: 1995838602 registers.ecx: 78711187	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 18 32 c2 82 da cc e1 3a a3 10 03 fc b3 7d 13 exception.instruction: mov dword ptr [eax], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4b10a6e registers.esp: 1631484 registers.edi: 227120 registers.eax: 0 registers.ebp: 1631488 registers.edx: 78708736 registers.ebx: 78708736 registers.esi: 3208183554 registers.ecx: 78711187	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7f 02 27 7d 66 7e 00 66 81 fa e9 2f 58 d9 d0 59 exception.instruction: jg 0x4b10aa0 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4b10a9c registers.esp: 1631480 registers.edi: 227120 registers.eax: 1631476 registers.ebp: 1631488 registers.edx: 78708736 registers.ebx: 78708736 registers.esi: 3208183554 registers.ecx: 256	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 2b 44 d3 27 14 ad 02 b3 de 3c 81 f6 d1 2a 5f exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b10ab2 registers.esp: 1631488 registers.edi: 227120 registers.eax: 6005152 registers.ebp: 1631488 registers.edx: 78708736 registers.ebx: 78708736 registers.esi: 1617787013 registers.ecx: 78711187	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 3e 27 de da ea 00 5e 81 c6 ac bd cd 74 57 bf exception.instruction: mov dword ptr [esi], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4b10adb registers.esp: 1631484 registers.edi: 227120 registers.eax: 6005152 registers.ebp: 1631488 registers.edx: 78708736 registers.ebx: 78708736 registers.esi: 0 registers.ecx: 78711187	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7e 03 2a e8 e9 29 c3 9e e3 00 66 39 d3 5e 66 39 exception.instruction: jle 0x4b10b15 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4b10b10 registers.esp: 1631480 registers.edi: 256 registers.eax: 6005152 registers.ebp: 1631488 registers.edx: 78708736 registers.ebx: 78708736 registers.esi: 1631476 registers.ecx: 78711187	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 2b 24 7f 28 07 ea da e4 eb 92 8b b5 0f 02 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b10b23 registers.esp: 1631484 registers.edi: 227120 registers.eax: 6005152 registers.ebp: 1631488 registers.edx: 78708736 registers.ebx: 78708736 registers.esi: 4096 registers.ecx: 78711187	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 77 07 36 b2 ea f7 5f f2 22 ef e9 1c 1e c0 a2 32 exception.instruction: ja 0x4b2c682 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4b2c679 registers.esp: 1631472 registers.edi: 227120 registers.eax: 6005152 registers.ebp: 1631488 registers.edx: 78708736 registers.ebx: 1631468 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 2c 33 6f 8f 36 73 95 1b 99 51 5f 56 be 56 18 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b2c699 registers.esp: 1631476 registers.edi: 227120 registers.eax: 6005152 registers.ebp: 1631488 registers.edx: 78708736 registers.ebx: 78708736 registers.esi: 1995838602 registers.ecx: 78711187	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7d 02 26 94 ff 00 81 fe e6 3d d8 92 5b a8 c3 5e exception.instruction: jge 0x4b2c6d0 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4b2c6cc registers.esp: 1631468 registers.edi: 227120 registers.eax: 6005152 registers.ebp: 1631488 registers.edx: 78708736 registers.ebx: 1631464 registers.esi: 256 registers.ecx: 78711187	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 71 02 27 da 7c 50 00 85 d8 58 84 e4 5f 60 eb 70 exception.instruction: jno 0x4b2c702 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4b2c6fe registers.esp: 1631472 registers.edi: 256 registers.eax: 1631468 registers.ebp: 1631488 registers.edx: 78708736 registers.ebx: 78708736 registers.esi: 1995838602 registers.ecx: 78711187	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 1f 30 b5 59 14 20 d6 2a 52 31 67 9e 8f 2b 00 exception.instruction: mov dword ptr [edi], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4b2c79c registers.esp: 1631444 registers.edi: 0 registers.eax: 6005152 registers.ebp: 1631488 registers.edx: 78708736 registers.ebx: 78708736 registers.esi: 1995838602 registers.ecx: 78711187	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 12 34 08 e7 2f a9 71 38 cc 5e eb 40 36 3f c7 exception.instruction: mov dword ptr [edx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4b2c7cb registers.esp: 1631444 registers.edi: 227120 registers.eax: 6005152 registers.ebp: 1631488 registers.edx: 0 registers.ebx: 78708736 registers.esi: 1995838602 registers.ecx: 78711187	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 00 2a f4 a0 d6 6f d2 d0 00 58 35 37 00 ba c7 exception.instruction: mov dword ptr [eax], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4b2c7fb registers.esp: 1631444 registers.edi: 227120 registers.eax: 0 registers.ebp: 1631488 registers.edx: 78708736 registers.ebx: 78708736 registers.esi: 1995838602 registers.ecx: 78711187	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 13 32 84 6c 73 79 7e 94 8e 50 07 3a 3f a0 24 exception.instruction: mov dword ptr [ebx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4b2c82e registers.esp: 1631444 registers.edi: 227120 registers.eax: 3514225431 registers.ebp: 1631488 registers.edx: 78708736 registers.ebx: 0 registers.esi: 1995838602 registers.ecx: 78711187	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7c 08 2b 24 77 5c e7 d0 8f 51 00 84 fd 5a 80 fc exception.instruction: jl 0x4b2c872 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4b2c868 registers.esp: 1631440 registers.edi: 227120 registers.eax: 108 registers.ebp: 1631488 registers.edx: 1631436 registers.ebx: 256 registers.esi: 1995838602 registers.ecx: 78711187	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 35 13 07 5f 1e 20 2b 31 47 ce 4e 49 c2 28 1d exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b2c87b registers.esp: 1631444 registers.edi: 227120 registers.eax: 108 registers.ebp: 1631488 registers.edx: 78708736 registers.ebx: 78708736 registers.esi: 1995838602 registers.ecx: 78711187	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 2b 46 6a d9 bc 0a ed e6 11 74 52 ba ce 42 c6 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b2c896 registers.esp: 1631444 registers.edi: 227120 registers.eax: 6005152 registers.ebp: 1631488 registers.edx: 78708736 registers.ebx: 78708736 registers.esi: 1995838602 registers.ecx: 78711187	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 71 03 26 e7 0f 00 85 da 5b 80 fe cf 5a 56 be c1 exception.instruction: jno 0x4b2c8c7 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4b2c8c2 registers.esp: 1631436 registers.edi: 227120 registers.eax: 6005152 registers.ebp: 1631488 registers.edx: 256 registers.ebx: 1631432 registers.esi: 1995838602 registers.ecx: 78711187	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 16 2b 56 a4 3e 8e 41 3e 8e 00 5e 89 8d fc 01 exception.instruction: mov dword ptr [esi], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4b2c8e1 registers.esp: 1631440 registers.edi: 227120 registers.eax: 6005152 registers.ebp: 1631488 registers.edx: 78708736 registers.ebx: 78708736 registers.esi: 0 registers.ecx: 78711187	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 2f 88 20 df 1d 34 50 73 00 2e 07 3f ad 31 81 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b2c8f8 registers.esp: 1631444 registers.edi: 227120 registers.eax: 6005152 registers.ebp: 1631488 registers.edx: 78708736 registers.ebx: 78708736 registers.esi: 1995838602 registers.ecx: 3453761334	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7d 04 2a 5b 5f 4d ab 9a ec 00 3c b7 5a 80 fa b1 exception.instruction: jge 0x4b2c934 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4b2c92e registers.esp: 1631436 registers.edi: 227120 registers.eax: 6005152 registers.ebp: 1631488 registers.edx: 1631432 registers.ebx: 78708736 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7b 06 33 ca 72 d3 a0 ea c3 b4 36 28 58 6d 82 50 exception.instruction: jnp 0x4b2c974 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4b2c96c registers.esp: 1631436 registers.edi: 256 registers.eax: 6005152 registers.ebp: 1631488 registers.edx: 1631432 registers.ebx: 78708736 registers.esi: 1995838602 registers.ecx: 2584044571	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 33 04 18 89 d7 ba 0c 0d 12 4a d1 26 19 eb 96 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b2c98c registers.esp: 1631444 registers.edi: 227120 registers.eax: 6005152 registers.ebp: 1631488 registers.edx: 78708736 registers.ebx: 78708736 registers.esi: 1995838602 registers.ecx: 7077988	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 06 35 b9 b6 df a8 3c 06 e9 43 26 54 8a 56 4d exception.instruction: mov dword ptr [esi], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4b2c9be registers.esp: 1631436 registers.edi: 227120 registers.eax: 6005152 registers.ebp: 1631488 registers.edx: 78708736 registers.ebx: 78708736 registers.esi: 0 registers.ecx: 78711187	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 27 8a 19 fe 87 8d 68 e8 43 12 38 81 34 24 bf exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b2c9d4 registers.esp: 1631440 registers.edi: 227120 registers.eax: 6005152 registers.ebp: 1631488 registers.edx: 78708736 registers.ebx: 78708736 registers.esi: 1995838602 registers.ecx: 78711187	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 70 03 29 68 e1 47 25 08 00 3d 1c b6 6c de 59 66 exception.instruction: jo 0x4b2ca14 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4b2ca0f registers.esp: 1631428 registers.edi: 227120 registers.eax: 6005152 registers.ebp: 1631488 registers.edx: 78708736 registers.ebx: 78708736 registers.esi: 256 registers.ecx: 1631424	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7b 0a 34 34 24 19 0d 04 87 f1 36 6c 89 29 59 45 exception.instruction: jnp 0x4b2ca50 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4b2ca44 registers.esp: 1631428 registers.edi: 1631424 registers.eax: 6005152 registers.ebp: 1631488 registers.edx: 78708736 registers.ebx: 78708736 registers.esi: 256 registers.ecx: 78711187	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 77 0b 36 19 1d 50 b9 37 89 7d 76 64 c1 d9 1c 3c exception.instruction: ja 0x4b2ca89 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4b2ca7c registers.esp: 1631428 registers.edi: 227120 registers.eax: 6005152 registers.ebp: 1631488 registers.edx: 78708736 registers.ebx: 1631424 registers.esi: 256 registers.ecx: 1631436	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 34 73 55 26 a2 dc 42 4d 5b 0d c4 fe 81 03 84 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b2ca9d registers.esp: 1631436 registers.edi: 227120 registers.eax: 6005152 registers.ebp: 1631488 registers.edx: 3310751750 registers.ebx: 78708736 registers.esi: 1995838602 registers.ecx: 1631436	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 77 04 2f 49 9e 31 99 4f b5 54 0c 0a 56 20 00 38 exception.instruction: ja 0x4b2cad3 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4b2cacd registers.esp: 1631428 registers.edi: 227120 registers.eax: 6005152 registers.ebp: 1631488 registers.edx: 256 registers.ebx: 1631424 registers.esi: 1995838602 registers.ecx: 1631436	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 27 6e 76 9b b1 ef c7 85 59 02 00 00 78 f5 45 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b2cae8 registers.esp: 1631436 registers.edi: 227120 registers.eax: 1995635376 registers.ebp: 1631488 registers.edx: 1995596250 registers.ebx: 3194482327 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 1e 32 d9 76 e4 e8 50 cf 7d 25 24 c7 b4 8a 47 exception.instruction: mov dword ptr [esi], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4b2cb11 registers.esp: 1631432 registers.edi: 227120 registers.eax: 1995635376 registers.ebp: 1631488 registers.edx: 1995596250 registers.ebx: 3194482327 registers.esi: 0 registers.ecx: 182	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 39 2e dc e3 18 99 9b 3d ba b9 68 04 00 59 53 exception.instruction: mov dword ptr [ecx], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4b2cb40 registers.esp: 1631432 registers.edi: 227120 registers.eax: 1995635376 registers.ebp: 1631488 registers.edx: 1995596250 registers.ebx: 3194482327 registers.esi: 1995838602 registers.ecx: 0	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 75 06 2c 8c e0 1a 87 84 6c 34 69 00 16 17 eb 19 exception.instruction: jne 0x4b2cb7e exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4b2cb76 registers.esp: 1631428 registers.edi: 227120 registers.eax: 1631424 registers.ebp: 1631488 registers.edx: 1995596250 registers.ebx: 256 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 25 66 2c de 81 85 59 02 00 00 f5 5f b3 23 cc exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b2cbad registers.esp: 1631436 registers.edi: 227120 registers.eax: 1995635376 registers.ebp: 1631488 registers.edx: 1995596250 registers.ebx: 3194482327 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 2b 6f 98 c8 e6 66 ec 05 4e 75 44 ff 8d 59 02 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b2cbbc registers.esp: 1631436 registers.edi: 227120 registers.eax: 1995635376 registers.ebp: 1631488 registers.edx: 1995596250 registers.ebx: 3194482327 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 1e 30 a2 cc 27 75 e0 48 f2 21 7d 0f d6 e3 00 exception.instruction: mov dword ptr [esi], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4b2cc56 registers.esp: 1631444 registers.edi: 227120 registers.eax: 1995635376 registers.ebp: 1631488 registers.edx: 1995596250 registers.ebx: 3194482327 registers.esi: 0 registers.ecx: 4	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 33 31 4d ec 57 37 85 71 61 88 e8 53 4a 1a ac exception.instruction: mov dword ptr [ebx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4b2cc80 registers.esp: 1631440 registers.edi: 227120 registers.eax: 1995635376 registers.ebp: 1631488 registers.edx: 1995596250 registers.ebx: 0 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 2f 3f 9c 40 27 d7 89 ba f7 9b 45 1e d2 85 cc exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b2cc92 registers.esp: 1631444 registers.edi: 227120 registers.eax: 1995635376 registers.ebp: 1631488 registers.edx: 1995596250 registers.ebx: 3194482327 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 31 54 f3 2a 8f 7f b4 81 e1 b4 66 d0 1d c9 94 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b2cca1 registers.esp: 1631444 registers.edi: 227120 registers.eax: 1995635376 registers.ebp: 1631488 registers.edx: 1995596250 registers.ebx: 3194482327 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 2f 15 b9 32 92 ea ac 8f 00 a3 89 96 4f b7 bf exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b2ccb8 registers.esp: 1631444 registers.edi: 227120 registers.eax: 1995635376 registers.ebp: 1631488 registers.edx: 1995596250 registers.ebx: 3194482327 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7b 0c 33 17 f3 95 a7 43 82 ac 8e d3 10 cf 66 78 exception.instruction: jnp 0x4b2ccf5 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4b2cce7 registers.esp: 1631436 registers.edi: 2477998026 registers.eax: 1995635376 registers.ebp: 1631488 registers.edx: 1631432 registers.ebx: 256 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 33 5a 7f 16 22 26 33 a6 06 2c 9e e5 f4 55 1e exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b2cd0f registers.esp: 1631444 registers.edi: 1729275077 registers.eax: 1995635376 registers.ebp: 1631488 registers.edx: 1995596250 registers.ebx: 3194482327 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 78 08 34 ce 98 1f 80 5b 8e 64 ea 77 66 1a 54 60 exception.instruction: js 0x4b2cd4b exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4b2cd41 registers.esp: 1631436 registers.edi: 12288 registers.eax: 256 registers.ebp: 1631488 registers.edx: 1995596250 registers.ebx: 1631432 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 13 36 2f 15 8d 4c cf 4d a3 f9 50 5d 08 35 e3 exception.instruction: mov dword ptr [ebx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4b2cd6d registers.esp: 1631440 registers.edi: 12288 registers.eax: 1995635376 registers.ebp: 1631488 registers.edx: 1995596250 registers.ebx: 0 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 75 05 2a 69 cd 9d ba 74 57 00 66 39 d0 59 80 fd exception.instruction: jne 0x4b2cdb6 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4b2cdaf registers.esp: 1631432 registers.edi: 227120 registers.eax: 256 registers.ebp: 1631488 registers.edx: 1995596250 registers.ebx: 3194482327 registers.esi: 1995838602 registers.ecx: 1631428	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 33 44 53 5b da f1 16 6e ca 25 3e b1 91 37 cf exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b2cdcf registers.esp: 1631440 registers.edi: 227120 registers.eax: 1995635376 registers.ebp: 1631488 registers.edx: 1995596250 registers.ebx: 1631812 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ May 31, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 24 22 45 89 b5 a4 01 00 00 89 de 56 cc 2a 36 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b2cde2 registers.esp: 1631440 registers.edi: 227120 registers.eax: 1995635376 registers.ebp: 1631488 registers.edx: 1995596250 registers.ebx: 1631812 registers.esi: 1995838602 registers.ecx: 182	1

Allocates read-write-execute memory (usually to unpack itself) (3 events)

Time & API	Arguments	Status
NtProtectVirtualMemory May 31, 2023, 9:11 a.m.	process_identifier: 2644 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73272000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 31, 2023, 9:11 a.m.	process_identifier: 2644 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10004000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 31, 2023, 9:11 a.m.	process_identifier: 2644 region_size: 28229632 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03540000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

Creates executable files on the filesystem (2 events)

file	C:\Users\test22\AppData\Local\Temp\nscF379.tmp\System.dll
file	C:\Users\test22\AppData\Local\Temp\Antiapostle108\triptanes\Uniformeringernes107\totype.dll

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\nscF379.tmp\System.dll

Queries for potentially installed applications (50 out of 271 events)

Time & API	Arguments	Return
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2
RegOpenKeyExA May 31, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\servitutterne	2

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ May 31, 2023, 9:12 a.m.	tid: 2648 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

File has been identified by 28 AntiVirus engines on VirusTotal as malicious (28 events)

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.67305340
FireEye	Trojan.GenericKD.67305340
Malwarebytes	Trojan.GuLoader
Sangfor	Trojan.Win32.Agent.Vtd0
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Generik.ECRDGIV
Cynet	Malicious (score: 99)
Kaspersky	HEUR:Trojan.Win32.Guloader.gen
BitDefender	Trojan.GenericKD.67305340
Avast	NSIS:TrojanX-gen [Trj]
Emsisoft	Trojan.GenericKD.67305340 (B)
F-Secure	Trojan.TR/Redcap.haxib
DrWeb	Trojan.Loader.1512
McAfee-GW-Edition	Artemis!Trojan
Sophos	Mal/Generic-S
Avira	TR/Redcap.haxib
MAX	malware (ai score=86)
Gridinsoft	Trojan.Win32.GuLoader.bot
Microsoft	Trojan:Win32/Casdet!rfn
ZoneAlarm	HEUR:Trojan.Win32.Guloader.gen
GData	Trojan.GenericKD.67305340
McAfee	Artemis!A83E6F2744A3
Panda	Trj/Chgt.AD
AVG	NSIS:TrojanX-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_70% (W)

INTERNET.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All