Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	June 7, 2023, 6:27 p.m.	June 7, 2023, 6:29 p.m.

Size	209.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`40b8a12714be22a559b3878196e04282`
SHA256	`ce30a1a5e75ce23c0a4de54ca13df1970c2d745e7798f4e5feecf82ade89dc5f`
CRC32	`8E1B5D35`
ssdeep	`6144:gp+ggKIZEnHokKqrKRy4LNyJnXxYlcZ8NCZF:QvIZUHLSy480lcCc7`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library NSIS_Installer - Null Soft Installer PE_Header_Zero - PE File Signature IsPE32 - (no description)

SO9006759004_NEW_ORDER_P202.EXE "C:\Users\test22\AppData\Local\Temp\SO9006759004_NEW_ORDER_P202.EXE"
2996

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 7, 2023, 6:27 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 89 19 5a 2f 24 c2 02 fb eb 3e 92 6c 3a 01 89 95 exception.instruction: mov dword ptr [ecx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6b40739 registers.esp: 1629720 registers.edi: 166892 registers.eax: 9499320 registers.ebp: 1629724 registers.edx: 112459776 registers.ebx: 112459776 registers.esi: 2001474698 registers.ecx: 0	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 42 07 b8 b8 aa 8c 48 28 38 fa 81 f7 48 f9 b5 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x6b4075e registers.esp: 1629724 registers.edi: 2674242251 registers.eax: 9499320 registers.ebp: 1629724 registers.edx: 112459776 registers.ebx: 112459776 registers.esi: 2001474698 registers.ecx: 112461563	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 5a c0 09 9b 6c e4 bd 14 f6 e2 d8 01 30 ad 1f exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x6b4076f registers.esp: 1629724 registers.edi: 1120947075 registers.eax: 9499320 registers.ebp: 1629724 registers.edx: 112459776 registers.ebx: 112459776 registers.esi: 2001474698 registers.ecx: 112461563	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 89 11 5d 4a 33 55 cd b6 4d 72 e7 ef 72 a6 00 95 exception.instruction: mov dword ptr [ecx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6b4079a registers.esp: 1629720 registers.edi: 4096 registers.eax: 9499320 registers.ebp: 1629724 registers.edx: 112459776 registers.ebx: 112459776 registers.esi: 2001474698 registers.ecx: 0	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 4e 3f 58 3c 58 27 ff 74 24 04 cc 4e d2 52 4e exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x6b530fd registers.esp: 1629716 registers.edi: 166892 registers.eax: 9499320 registers.ebp: 1629724 registers.edx: 112459776 registers.ebx: 112459776 registers.esi: 2001474698 registers.ecx: 112461563	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 4e d2 52 4e 69 52 8f 85 44 01 00 00 60 cc 5a exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x6b53108 registers.esp: 1629712 registers.edi: 166892 registers.eax: 9499320 registers.ebp: 1629724 registers.edx: 112459776 registers.ebx: 112459776 registers.esi: 2001474698 registers.ecx: 112461563	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 5a e8 93 60 18 12 1d 6b da af a3 39 25 47 16 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x6b53116 registers.esp: 1629684 registers.edi: 166892 registers.eax: 9499320 registers.ebp: 1629724 registers.edx: 112459776 registers.ebx: 112459776 registers.esi: 2001474698 registers.ecx: 112461563	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 59 9d a1 8f 2e 3f 03 81 d4 60 3c 20 a7 5d 5a exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x6b53129 registers.esp: 1629684 registers.edi: 166892 registers.eax: 9499320 registers.ebp: 1629724 registers.edx: 112459776 registers.ebx: 112459776 registers.esi: 2001474698 registers.ecx: 112461563	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 70 10 5f 89 b7 9b d7 8d c8 22 06 7a 1c 3f 84 2d exception.instruction: jo 0x6b5317e exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x6b5316c registers.esp: 1629672 registers.edi: 166892 registers.eax: 256 registers.ebp: 1629724 registers.edx: 112459776 registers.ebx: 112459776 registers.esi: 2001474698 registers.ecx: 1629668	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 46 6a c6 f3 bf 28 d4 2c d6 ac f1 0b 65 e1 56 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x6b53188 registers.esp: 1629680 registers.edi: 166892 registers.eax: 9499320 registers.ebp: 1629724 registers.edx: 112459776 registers.ebx: 112459776 registers.esi: 2001474698 registers.ecx: 112461563	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 89 3e 42 bd 08 e3 2a 0f 2a 14 00 5e 89 b5 e0 01 exception.instruction: mov dword ptr [esi], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6b531b5 registers.esp: 1629676 registers.edi: 166892 registers.eax: 9499320 registers.ebp: 1629724 registers.edx: 112459776 registers.ebx: 112459776 registers.esi: 0 registers.ecx: 112461563	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 89 31 46 fe 71 bf b6 6c 99 c2 4e ed ef 5f 00 59 exception.instruction: mov dword ptr [ecx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6b531e5 registers.esp: 1629676 registers.edi: 166892 registers.eax: 9499320 registers.ebp: 1629724 registers.edx: 112459776 registers.ebx: 112459776 registers.esi: 2001474698 registers.ecx: 0	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 89 07 5a bc 60 6b 1b 07 f7 3f 6e 41 ae 8c 76 87 exception.instruction: mov dword ptr [edi], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6b5320c registers.esp: 1629676 registers.edi: 0 registers.eax: 9499320 registers.ebp: 1629724 registers.edx: 112459776 registers.ebx: 112459776 registers.esi: 326199599 registers.ecx: 112461563	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 74 03 42 62 d8 2c aa c4 9c d2 00 60 66 bf 9e e3 exception.instruction: je 0x6b53246 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x6b53241 registers.esp: 1629672 registers.edi: 166892 registers.eax: 1629668 registers.ebp: 1629724 registers.edx: 112459776 registers.ebx: 112459776 registers.esi: 256 registers.ecx: 112461563	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 46 65 da 04 25 04 66 1b 04 4b c7 9b ac 55 56 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x6b5326d registers.esp: 1629680 registers.edi: 166892 registers.eax: 9499320 registers.ebp: 1629724 registers.edx: 112459776 registers.ebx: 112459776 registers.esi: 7077988 registers.ecx: 112461563	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 89 16 4f b2 fb 00 5e 8b b5 e0 01 00 00 cc 4d 7a exception.instruction: mov dword ptr [esi], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6b5328f registers.esp: 1629672 registers.edi: 166892 registers.eax: 9499320 registers.ebp: 1629724 registers.edx: 112459776 registers.ebx: 112459776 registers.esi: 0 registers.ecx: 112461563	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 4d 7a 21 53 bb 86 9a 86 57 81 f3 81 db 1a 09 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x6b5329c registers.esp: 1629676 registers.edi: 166892 registers.eax: 9499320 registers.ebp: 1629724 registers.edx: 112459776 registers.ebx: 112459776 registers.esi: 2001474698 registers.ecx: 112461563	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 7f 04 44 bb f3 b3 f3 b5 c7 54 85 fe 00 85 d3 5e exception.instruction: jg 0x6b532c1 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x6b532bb registers.esp: 1629668 registers.edi: 166892 registers.eax: 9499320 registers.ebp: 1629724 registers.edx: 112459776 registers.ebx: 256 registers.esi: 1629664 registers.ecx: 112461563	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 89 06 46 dc d1 9a 3f f4 db ea 5d 9e e1 5d 00 5e exception.instruction: mov dword ptr [esi], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6b53328 registers.esp: 1629668 registers.edi: 166892 registers.eax: 9499320 registers.ebp: 1629724 registers.edx: 112459776 registers.ebx: 112459776 registers.esi: 0 registers.ecx: 112461563	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 89 19 59 25 62 ef 58 6f ab 5a 2d e3 36 16 25 00 exception.instruction: mov dword ptr [ecx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6b5335d registers.esp: 1629668 registers.edi: 166892 registers.eax: 9499320 registers.ebp: 1629724 registers.edx: 3959534492 registers.ebx: 112459776 registers.esi: 2001474698 registers.ecx: 0	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 46 3c c8 f2 39 57 93 23 dd 2c 19 81 98 6d e8 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x6b5336e registers.esp: 1629672 registers.edi: 166892 registers.eax: 9499320 registers.ebp: 1629724 registers.edx: 3959534492 registers.ebx: 112459776 registers.esi: 2001474698 registers.ecx: 1629672	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 89 3e 41 11 15 dd 32 00 5e c7 85 05 02 00 00 ee exception.instruction: mov dword ptr [esi], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6b533a0 registers.esp: 1629668 registers.edi: 166892 registers.eax: 2001271472 registers.ebp: 1629724 registers.edx: 2001232346 registers.ebx: 3816347667 registers.esi: 0 registers.ecx: 182	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 89 3e 5b e8 91 06 2b 1f 61 c7 98 40 43 08 aa 86 exception.instruction: mov dword ptr [esi], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6b533c5 registers.esp: 1629668 registers.edi: 166892 registers.eax: 2001271472 registers.ebp: 1629724 registers.edx: 2001232346 registers.ebx: 3816347667 registers.esi: 0 registers.ecx: 182	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 46 31 9e e2 3c 33 77 52 1c e5 07 1c d7 8b 81 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x6b533e2 registers.esp: 1629672 registers.edi: 166892 registers.eax: 2001271472 registers.ebp: 1629724 registers.edx: 2001232346 registers.ebx: 3816347667 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 89 13 5f 4d 04 0a a4 30 3c c0 50 42 87 74 85 9b exception.instruction: mov dword ptr [ebx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6b53427 registers.esp: 1629680 registers.edi: 166892 registers.eax: 2001271472 registers.ebp: 1629724 registers.edx: 2001232346 registers.ebx: 0 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 89 19 5b dd c7 df 4e f4 ee 58 82 bc 82 68 37 95 exception.instruction: mov dword ptr [ecx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6b53455 registers.esp: 1629676 registers.edi: 166892 registers.eax: 2001271472 registers.ebp: 1629724 registers.edx: 2001232346 registers.ebx: 3816347667 registers.esi: 2001474698 registers.ecx: 0	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 5b cf 96 b9 28 dd 3a eb a9 c4 95 93 e5 f1 a0 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x6b53468 registers.esp: 1629680 registers.edi: 166892 registers.eax: 2001271472 registers.ebp: 1629724 registers.edx: 2001232346 registers.ebx: 3816347667 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 89 16 5b 16 e6 81 c2 c6 08 df 34 b2 e4 69 0d e1 exception.instruction: mov dword ptr [esi], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6b5349f registers.esp: 1629676 registers.edi: 166892 registers.eax: 2001271472 registers.ebp: 1629724 registers.edx: 2001232346 registers.ebx: 3816347667 registers.esi: 0 registers.ecx: 182	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 40 99 2b 5a 29 54 e8 b7 81 34 24 c6 6d 80 6d exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x6b534b2 registers.esp: 1629680 registers.edi: 166892 registers.eax: 2001271472 registers.ebp: 1629724 registers.edx: 2001232346 registers.ebx: 3816347667 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 7d 09 44 ca 4f 0b 91 02 19 2a 46 7b 00 f6 c4 c1 exception.instruction: jge 0x6b534ee exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x6b534e3 registers.esp: 1629672 registers.edi: 166892 registers.eax: 2001271472 registers.ebp: 1629724 registers.edx: 256 registers.ebx: 1629668 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 47 6d bd 2a eb e4 c2 07 bb 55 83 3f be 81 04 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x6b534f7 registers.esp: 1629680 registers.edi: 166892 registers.eax: 2001271472 registers.ebp: 1629724 registers.edx: 2001232346 registers.ebx: 3816347667 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 7d 07 45 5b 28 99 4c 90 be 57 b4 00 80 fd 7d 5b exception.instruction: jge 0x6b53536 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x6b5352d registers.esp: 1629672 registers.edi: 256 registers.eax: 2001271472 registers.ebp: 1629724 registers.edx: 2001232346 registers.ebx: 1629668 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 5a fe 14 9d c8 03 0f 6a 52 70 25 6a 7d 96 65 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x6b53540 registers.esp: 1629680 registers.edi: 166892 registers.eax: 2001271472 registers.ebp: 1629724 registers.edx: 2001232346 registers.ebx: 3816347667 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 5a 5d 9c 71 45 62 f2 71 b1 42 5a b7 df 05 12 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x6b5355e registers.esp: 1629680 registers.edi: 166892 registers.eax: 2582781041 registers.ebp: 1629724 registers.edx: 2001232346 registers.ebx: 3816347667 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 89 3f 40 1d 4a fc bf 51 00 5f 35 59 dd 85 77 50 exception.instruction: mov dword ptr [edi], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6b53593 registers.esp: 1629676 registers.edi: 0 registers.eax: 2005265753 registers.ebp: 1629724 registers.edx: 2001232346 registers.ebx: 3816347667 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 76 06 44 d5 7e 12 d7 83 ae ea d8 d4 00 f6 c1 4a exception.instruction: jbe 0x6b535c4 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x6b535bc registers.esp: 1629672 registers.edi: 166892 registers.eax: 256 registers.ebp: 1629724 registers.edx: 2001232346 registers.ebx: 3816347667 registers.esi: 1629668 registers.ecx: 182	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 89 1a 5f 14 11 ff c4 be d6 b6 ab 07 e4 64 8e 5a exception.instruction: mov dword ptr [edx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6b535e3 registers.esp: 1629672 registers.edi: 166892 registers.eax: 12288 registers.ebp: 1629724 registers.edx: 0 registers.ebx: 3816347667 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 40 05 9f 78 95 03 41 33 cc 59 16 89 f9 29 7f exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x6b53600 registers.esp: 1629676 registers.edi: 166892 registers.eax: 2001271472 registers.ebp: 1629724 registers.edx: 2001232346 registers.ebx: 3816347667 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 59 16 89 f9 29 7f 03 d3 7d 5d 79 cb e9 b8 05 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x6b53609 registers.esp: 1629676 registers.edi: 166892 registers.eax: 2001271472 registers.ebp: 1629724 registers.edx: 2001232346 registers.ebx: 3816347667 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 7f 05 43 7d 75 a8 d1 49 82 00 84 d8 5e 38 e5 59 exception.instruction: jg 0x6b53654 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x6b5364d registers.esp: 1629668 registers.edi: 166892 registers.eax: 2001271472 registers.ebp: 1629724 registers.edx: 2001232346 registers.ebx: 1629724 registers.esi: 1629664 registers.ecx: 256	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 44 9d c6 bc af 8a 92 96 d8 74 61 f6 81 ad 82 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x6b53667 registers.esp: 1629676 registers.edi: 166892 registers.eax: 2001271472 registers.ebp: 1629724 registers.edx: 2001232346 registers.ebx: 1629724 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 89 0e 41 d1 9f 3a 43 00 5e 81 b5 82 01 00 00 9a exception.instruction: mov dword ptr [esi], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6b5369c registers.esp: 1629672 registers.edi: 166892 registers.eax: 2001271472 registers.ebp: 1629724 registers.edx: 2001232346 registers.ebx: 1629724 registers.esi: 0 registers.ecx: 182	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 47 a1 25 5a 5b 6f 0e dd 82 70 f0 a2 cd 43 ff exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x6b536af registers.esp: 1629676 registers.edi: 166892 registers.eax: 2001271472 registers.ebp: 1629724 registers.edx: 2001232346 registers.ebx: 1629724 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 45 3c f7 6e 6e c7 bc 9d 4b 18 76 68 f9 40 8e exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x6b536d6 registers.esp: 1629672 registers.edi: 166892 registers.eax: 2001271472 registers.ebp: 1629724 registers.edx: 2001232346 registers.ebx: 1630048 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 5b 7c 52 22 62 5a 45 71 59 fd 52 12 0c a4 ef exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x6b536ee registers.esp: 1629668 registers.edi: 166892 registers.eax: 2001271472 registers.ebp: 1629724 registers.edx: 2001232346 registers.ebx: 1630048 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 46 98 e5 e5 5e e8 d5 f5 70 4c e8 3d 62 13 53 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x6b5370e registers.esp: 1629668 registers.edi: 166892 registers.eax: 2001271472 registers.ebp: 1629724 registers.edx: 2001232346 registers.ebx: 1630048 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 7e 03 59 a2 2a 68 51 eb 5e eb 9c 5f b2 84 eb 00 exception.instruction: jle 0x6b5373e exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x6b53739 registers.esp: 1629660 registers.edi: 166892 registers.eax: 1629656 registers.ebp: 1629724 registers.edx: 2001232346 registers.ebx: 256 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 89 1f 4f 8f 1c 00 5f 81 85 48 01 00 00 db c0 07 exception.instruction: mov dword ptr [edi], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6b5376c registers.esp: 1629664 registers.edi: 0 registers.eax: 2001271472 registers.ebp: 1629724 registers.edx: 2001232346 registers.ebx: 1630048 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 7e 0d 5e b9 90 f5 23 3a b4 01 a4 30 ce 76 b6 95 exception.instruction: jle 0x6b537eb exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x6b537dc registers.esp: 1629660 registers.edi: 166892 registers.eax: 256 registers.ebp: 1629724 registers.edx: 2001232346 registers.ebx: 1629656 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:27 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 89 3a 44 11 82 35 d3 fc 8a f1 a8 eb 00 5a 43 ff exception.instruction: mov dword ptr [edx], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6b53812 registers.esp: 1629664 registers.edi: 166892 registers.eax: 2001271472 registers.ebp: 1629724 registers.edx: 0 registers.ebx: 1630048 registers.esi: 2001474698 registers.ecx: 182	1

Allocates read-write-execute memory (usually to unpack itself) (5 events)

Time & API	Arguments	Status
NtProtectVirtualMemory June 7, 2023, 6:27 p.m.	process_identifier: 2996 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73e92000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 7, 2023, 6:27 p.m.	process_identifier: 2996 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f43000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 7, 2023, 6:27 p.m.	process_identifier: 2996 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f34000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 7, 2023, 6:27 p.m.	process_identifier: 2996 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f24000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 7, 2023, 6:27 p.m.	process_identifier: 2996 region_size: 44249088 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06570000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

Creates executable files on the filesystem (1 event)

file	C:\Users\test22\AppData\Local\Temp\nsx2B33.tmp\System.dll

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\nsx2B33.tmp\System.dll

Queries for potentially installed applications (50 out of 4110 events)

Time & API	Arguments	Return
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2
RegOpenKeyExW June 7, 2023, 6:27 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadekampes	2

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ June 7, 2023, 6:28 p.m.	tid: 3000 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

File has been identified by 42 AntiVirus engines on VirusTotal as malicious (42 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Androm.4!c
MicroWorld-eScan	Trojan.Generic.33842805
FireEye	Trojan.Generic.33842805
McAfee	RDN/Generic BackDoor
Cylance	unsafe
Sangfor	Trojan.Win32.Agent.Vtxm
K7AntiVirus	Trojan ( 005a63a21 )
K7GW	Trojan ( 005a63a21 )
Arcabit	Trojan.Generic.D2046675
Cyren	W32/ABRisk.CTOL-6107
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Generik.HWXTIQG
Cynet	Malicious (score: 99)
Kaspersky	HEUR:Backdoor.Win32.Androm.gen
BitDefender	Trojan.Generic.33842805
Avast	Win32:Evo-gen [Trj]
Tencent	Win32.Trojan.FalseSign.Ncnw
Emsisoft	Trojan.Generic.33842805 (B)
F-Secure	Trojan.TR/AD.Nekark.zooxr
VIPRE	Trojan.Generic.33842805
TrendMicro	TROJ_GEN.R053C0DF123
McAfee-GW-Edition	RDN/Generic BackDoor
Sophos	Mal/Generic-S
Webroot	W32.Trojan.Gen
Avira	TR/AD.Nekark.zooxr
Microsoft	Trojan:Win32/Guloader.SM!MTB
ViRobot	Trojan.Win.Z.Guloader.213976
ZoneAlarm	HEUR:Backdoor.Win32.Androm.gen
GData	Trojan.Generic.33842805
Google	Detected
AhnLab-V3	Trojan/Win.GuLoader.C5435356
ALYac	Trojan.Downloader.Minix
MAX	malware (ai score=89)
Malwarebytes	Trojan.GuLoader
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R053C0DF123
Fortinet	Malicious_Behavior.SB
AVG	Win32:Evo-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

SO9006759004_NEW_ORDER_P202.EXE

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All