Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 8, 2023, 5:32 p.m.	June 8, 2023, 5:42 p.m.

Size	1018.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`8f25fe4c31de1a795ca154d7dacad298`
SHA256	`4e57a7ae42e9005020df2671b6aa6cf19d044be264da5f8e1a4836d5a47b2f14`
CRC32	`19D0A4ED`
ssdeep	`24576:ePLjh9E6G3VibpHIdebodR6jlKFtQVUv+iP8o79bO+:2jh3G32poHRS2tQuWikK9j`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

wininit.exe "C:\Users\test22\AppData\Local\Temp\wininit.exe"
2548

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 8, 2023, 5:32 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 79 05 32 65 d0 10 68 cf b7 f9 bd 91 e0 8d 12 09 exception.instruction: jns 0x69af5c4 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x69af5bd registers.esp: 1631372 registers.edi: 255980 registers.eax: 256 registers.ebp: 1631380 registers.edx: 110817280 registers.ebx: 110817280 registers.esi: 1995838602 registers.ecx: 1631368	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 71 0a 34 97 a5 c0 23 f3 30 22 e2 83 db fa fa 28 exception.instruction: jno 0x69af61b exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x69af60f registers.esp: 1631368 registers.edi: 255980 registers.eax: 5182984 registers.ebp: 1631380 registers.edx: 110817280 registers.ebx: 110817280 registers.esi: 1631364 registers.ecx: 256	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 0f 32 bd 2e ab 93 03 40 23 fa 3a 90 40 15 dd exception.instruction: mov dword ptr [edi], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x69af64b registers.esp: 1631372 registers.edi: 61052 registers.eax: 5182984 registers.ebp: 1631380 registers.edx: 110817280 registers.ebx: 110817280 registers.esi: 1995838602 registers.ecx: 110818669	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 70 06 28 4c a3 ab 5b f6 77 9d 00 38 d0 5e 38 c3 exception.instruction: jo 0x69af693 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x69af68b registers.esp: 1631368 registers.edi: 255980 registers.eax: 5182984 registers.ebp: 1631380 registers.edx: 110817280 registers.ebx: 256 registers.esi: 1631364 registers.ecx: 110818669	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7f 03 29 84 56 0d b2 92 84 00 f7 c3 87 c6 15 61 exception.instruction: jg 0x69cb425 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x69cb420 registers.esp: 1631364 registers.edi: 255980 registers.eax: 5182984 registers.ebp: 1631380 registers.edx: 1631360 registers.ebx: 110817280 registers.esi: 256 registers.ecx: 110818669	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 27 bc ab 8f 85 44 01 00 00 53 bb 39 50 60 26 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x69cb438 registers.esp: 1631368 registers.edi: 255980 registers.eax: 5182984 registers.ebp: 1631380 registers.edx: 110817280 registers.ebx: 110817280 registers.esi: 1995838602 registers.ecx: 110818669	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 73 02 24 05 21 d6 00 85 c0 5e 85 c3 5b 57 bf 0f exception.instruction: jae 0x69cb461 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x69cb45d registers.esp: 1631364 registers.edi: 255980 registers.eax: 5182984 registers.ebp: 1631380 registers.edx: 110817280 registers.ebx: 256 registers.esi: 1631360 registers.ecx: 110818669	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 0f 2b 1d f5 d0 63 00 5f 60 51 b9 4c 9a 08 c0 exception.instruction: mov dword ptr [edi], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x69cb482 registers.esp: 1631368 registers.edi: 7836 registers.eax: 5182984 registers.ebp: 1631380 registers.edx: 110817280 registers.ebx: 110817280 registers.esi: 1995838602 registers.ecx: 110818669	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 09 2b 8b 04 28 1f 00 59 53 bb 65 0b fd 61 81 exception.instruction: mov dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x69cb4a4 registers.esp: 1631336 registers.edi: 255980 registers.eax: 5182984 registers.ebp: 1631380 registers.edx: 110817280 registers.ebx: 110817280 registers.esi: 1995838602 registers.ecx: 46995	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7d 02 34 0b 4c 20 21 70 e5 04 6e 53 dd a9 69 e3 exception.instruction: jge 0x69cb4d2 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x69cb4ce registers.esp: 1631332 registers.edi: 255980 registers.eax: 5182984 registers.ebp: 1631380 registers.edx: 110817280 registers.ebx: 256 registers.esi: 1631328 registers.ecx: 110818669	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 32 37 48 45 61 44 29 29 47 25 f8 5c bd 46 e3 exception.instruction: mov dword ptr [edx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x69cb508 registers.esp: 1631336 registers.edi: 255980 registers.eax: 5182984 registers.ebp: 1631380 registers.edx: 11614 registers.ebx: 110817280 registers.esi: 1995838602 registers.ecx: 110818669	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 72 02 25 b5 f6 00 39 d3 5e 38 d1 5a 81 f1 e9 85 exception.instruction: jb 0x69cb547 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x69cb543 registers.esp: 1631332 registers.edi: 255980 registers.eax: 5182984 registers.ebp: 1631380 registers.edx: 256 registers.ebx: 110817280 registers.esi: 1631328 registers.ecx: 2839671077	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 27 d7 ad 52 ba b9 35 db 6f 81 f2 1c 76 7b 7f exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x69cb55b registers.esp: 1631340 registers.edi: 255980 registers.eax: 5182984 registers.ebp: 1631380 registers.edx: 110817280 registers.ebx: 110817280 registers.esi: 1995838602 registers.ecx: 608130096	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 71 04 2b 90 b1 b7 89 00 f6 c6 ad 5b eb 30 03 c6 exception.instruction: jno 0x69cb586 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x69cb580 registers.esp: 1631332 registers.edi: 255980 registers.eax: 5182984 registers.ebp: 1631380 registers.edx: 256 registers.ebx: 1631328 registers.esi: 1995838602 registers.ecx: 608130096	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 28 00 06 3a 0f b7 4f af 8b 22 cc 2a e2 2a 62 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x69cb5c5 registers.esp: 1631340 registers.edi: 255980 registers.eax: 5182984 registers.ebp: 1631380 registers.edx: 110817280 registers.ebx: 110817280 registers.esi: 1995838602 registers.ecx: 108	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 2a e2 2a 62 3c c5 53 97 51 8b 8d 0e 02 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x69cb5d0 registers.esp: 1631340 registers.edi: 255980 registers.eax: 5182984 registers.ebp: 1631380 registers.edx: 110817280 registers.ebx: 110817280 registers.esi: 1995838602 registers.ecx: 108	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 3a 2b 47 b3 b9 1e 00 5a 81 34 24 52 fa fa 12 exception.instruction: mov dword ptr [edx], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x69cb5fd registers.esp: 1631328 registers.edi: 255980 registers.eax: 5182984 registers.ebp: 1631380 registers.edx: 27879 registers.ebx: 110817280 registers.esi: 1995838602 registers.ecx: 110818669	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 79 10 34 3f d3 d7 e2 bb d4 98 f3 cc 39 a6 ce a3 exception.instruction: jns 0x69cb63a exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x69cb628 registers.esp: 1631324 registers.edi: 256 registers.eax: 5182984 registers.ebp: 1631380 registers.edx: 110817280 registers.ebx: 110817280 registers.esi: 1995838602 registers.ecx: 1631320	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 75 0d 34 0d 8c 5e 91 b2 da 66 6e d3 2f e6 45 c3 exception.instruction: jne 0x69cb672 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x69cb663 registers.esp: 1631324 registers.edi: 255980 registers.eax: 256 registers.ebp: 1631380 registers.edx: 110817280 registers.ebx: 1631320 registers.esi: 1995838602 registers.ecx: 110818669	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 77 0e 37 dd 84 67 ab c5 17 78 19 b5 77 08 b4 ef exception.instruction: ja 0x69cb6b2 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x69cb6a2 registers.esp: 1631324 registers.edi: 255980 registers.eax: 5182984 registers.ebp: 1631380 registers.edx: 1631320 registers.ebx: 110817280 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 27 f0 d0 81 04 24 c5 10 fb 07 51 b9 35 d2 d8 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x69cb6bd registers.esp: 1631332 registers.edi: 255980 registers.eax: 5182984 registers.ebp: 1631380 registers.edx: 110817280 registers.ebx: 110817280 registers.esi: 1995838602 registers.ecx: 110818669	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 70 02 29 51 cd b3 8e 8f 06 00 80 fe e6 5b 84 db exception.instruction: jo 0x69cb6ed exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x69cb6e9 registers.esp: 1631324 registers.edi: 255980 registers.eax: 5182984 registers.ebp: 1631380 registers.edx: 110817280 registers.ebx: 1631320 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 30 6d 42 46 ce cd f7 ab dc 73 4b 55 d3 06 b0 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x69cb754 registers.esp: 1631332 registers.edi: 255980 registers.eax: 5182984 registers.ebp: 1631380 registers.edx: 110817280 registers.ebx: 110817280 registers.esi: 1995838602 registers.ecx: 110818669	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 73 03 2b 15 c4 ba c5 00 81 7d 70 56 7f 00 00 0f exception.instruction: jae 0x69cb799 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x69cb794 registers.esp: 1631324 registers.edi: 255980 registers.eax: 5182984 registers.ebp: 1631380 registers.edx: 1631320 registers.ebx: 110817280 registers.esi: 256 registers.ecx: 110818669	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 28 32 1b 85 7a f9 f9 1f 50 05 2d 06 a0 86 15 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x69cb7b2 registers.esp: 1631332 registers.edi: 255980 registers.eax: 1132126064 registers.ebp: 1631380 registers.edx: 110817280 registers.ebx: 110817280 registers.esi: 1995838602 registers.ecx: 110818669	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 78 02 24 8a 4c 60 00 3d 8b c9 a9 1c 5b 84 f7 59 exception.instruction: js 0x69cb7f2 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x69cb7ee registers.esp: 1631324 registers.edi: 255980 registers.eax: 2656525663 registers.ebp: 1631380 registers.edx: 110817280 registers.ebx: 1631320 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 0f 2f 25 5f e7 62 58 87 1d 6f 00 5f 50 cc 2e exception.instruction: mov dword ptr [edi], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x69cb815 registers.esp: 1631328 registers.edi: 62077 registers.eax: 7602286 registers.ebp: 1631380 registers.edx: 110817280 registers.ebx: 110817280 registers.esi: 1995838602 registers.ecx: 110818669	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 2e e9 20 85 c5 41 c6 87 ba 9a 06 78 8b 85 80 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x69cb823 registers.esp: 1631328 registers.edi: 255980 registers.eax: 7602286 registers.ebp: 1631380 registers.edx: 110817280 registers.ebx: 110817280 registers.esi: 1995838602 registers.ecx: 110818669	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 1a 37 6f f5 3e 75 fe a3 f4 c1 c7 1e 1a 69 67 exception.instruction: mov dword ptr [edx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x69cb848 registers.esp: 1631324 registers.edi: 255980 registers.eax: 5182984 registers.ebp: 1631380 registers.edx: 62181 registers.ebx: 110817280 registers.esi: 1995838602 registers.ecx: 110818669	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 32 2b a2 cf 25 da 2f 6d 11 d9 3b 73 10 5f e1 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x69cb85f registers.esp: 1631328 registers.edi: 255980 registers.eax: 5182984 registers.ebp: 1631380 registers.edx: 110817280 registers.ebx: 110817280 registers.esi: 1995838602 registers.ecx: 1631328	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 78 02 2f 10 5c 1c 97 37 71 46 8d 00 66 81 fe 4f exception.instruction: js 0x69cb8a0 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x69cb89c registers.esp: 1631320 registers.edi: 255980 registers.eax: 1995635376 registers.ebp: 1631380 registers.edx: 1995596250 registers.ebx: 256 registers.esi: 1631316 registers.ecx: 182	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 71 0b 36 ee 06 8c e9 d5 5e cc c2 f6 1c f8 96 62 exception.instruction: jno 0x69cb8e4 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x69cb8d7 registers.esp: 1631332 registers.edi: 1631328 registers.eax: 256 registers.ebp: 1631380 registers.edx: 1995596250 registers.ebx: 2770200119 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 12 30 75 e6 07 89 40 18 5f 09 3e 8f f0 04 12 exception.instruction: mov dword ptr [edx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x69cb90a registers.esp: 1631332 registers.edi: 255980 registers.eax: 1995635376 registers.ebp: 1631380 registers.edx: 13085 registers.ebx: 2770200119 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 06 28 cd 55 dd 7b e1 13 11 00 5e 81 34 24 8a exception.instruction: mov dword ptr [esi], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x69cb93d registers.esp: 1631332 registers.edi: 255980 registers.eax: 1995635376 registers.ebp: 1631380 registers.edx: 1995596250 registers.ebx: 2770200119 registers.esi: 48352 registers.ecx: 182	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7a 04 24 73 e4 f2 00 38 fd 58 84 f5 5f cc 31 a5 exception.instruction: jp 0x69cb97e exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x69cb978 registers.esp: 1631328 registers.edi: 256 registers.eax: 1631324 registers.ebp: 1631380 registers.edx: 1995596250 registers.ebx: 2770200119 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 31 a5 31 f8 c7 f0 b3 e2 5f a8 6b 99 31 8c 39 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x69cb985 registers.esp: 1631336 registers.edi: 255980 registers.eax: 1995635376 registers.ebp: 1631380 registers.edx: 1995596250 registers.ebx: 2770200119 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 37 2e 1f 3c 64 ee ad 1c 6b 6c fe 00 5f 56 be exception.instruction: mov dword ptr [edi], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x69cb9b6 registers.esp: 1631332 registers.edi: 17834 registers.eax: 1995635376 registers.ebp: 1631380 registers.edx: 1995596250 registers.ebx: 2770200119 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 74 03 24 ca 9f 7d 00 66 85 c0 5a 39 ca 5e 52 ba exception.instruction: je 0x69cb9e4 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x69cb9df registers.esp: 1631328 registers.edi: 255980 registers.eax: 1995635376 registers.ebp: 1631380 registers.edx: 1631324 registers.ebx: 2770200119 registers.esi: 256 registers.ecx: 182	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 74 04 24 fb cc 29 00 81 fa c0 5c 86 6b 58 53 bb exception.instruction: je 0x69cba0e exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x69cba08 registers.esp: 1631328 registers.edi: 255980 registers.eax: 1631324 registers.ebp: 1631380 registers.edx: 256 registers.ebx: 2770200119 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 37 e7 27 64 8a 9b 17 30 55 f8 0e 91 26 5d 33 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x69cba2c registers.esp: 1631332 registers.edi: 255980 registers.eax: 1995635376 registers.ebp: 1631380 registers.edx: 1995596250 registers.ebx: 2770200119 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 24 af 9a 7d 59 5c 57 bf 36 77 08 72 81 ef a1 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x69cba47 registers.esp: 1631332 registers.edi: 255980 registers.eax: 1995635376 registers.ebp: 1631380 registers.edx: 1995596250 registers.ebx: 2770200119 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 07 31 22 b6 7e e9 72 41 a2 0c ed 8e 21 95 21 exception.instruction: mov dword ptr [edi], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x69cba6c registers.esp: 1631328 registers.edi: 53379 registers.eax: 1995635376 registers.ebp: 1631380 registers.edx: 1995596250 registers.ebx: 2770200119 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 12 36 f7 db f0 6f 81 4e 0e f4 7d 78 dc 9d 3b exception.instruction: mov dword ptr [edx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x69cba98 registers.esp: 1631328 registers.edi: 255980 registers.eax: 1995635376 registers.ebp: 1631380 registers.edx: 66 registers.ebx: 2770200119 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 37 29 ae 8f d0 ab b4 4d 00 5f 89 eb 89 bd b7 exception.instruction: mov dword ptr [edi], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x69cbad3 registers.esp: 1631328 registers.edi: 61338 registers.eax: 1995635376 registers.ebp: 1631380 registers.edx: 1995596250 registers.ebx: 2770200119 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7a 0c 2c 1d 43 c0 22 34 1c 2e 85 d4 4e 5f 00 66 exception.instruction: jp 0x69cbb2d exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x69cbb1f registers.esp: 1631324 registers.edi: 324 registers.eax: 1995635376 registers.ebp: 1631380 registers.edx: 1995596250 registers.ebx: 1631380 registers.esi: 1631320 registers.ecx: 256	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 25 9a 18 d4 44 cc 30 77 1d 2c af 87 51 b0 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x69cbb3f registers.esp: 1631332 registers.edi: 255980 registers.eax: 1995635376 registers.ebp: 1631380 registers.edx: 1995596250 registers.ebx: 1631704 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 30 77 1d 2c af 87 51 b0 c4 b1 68 fb 11 30 42 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x69cbb45 registers.esp: 1631332 registers.edi: 255980 registers.eax: 1995635376 registers.ebp: 1631380 registers.edx: 1995596250 registers.ebx: 1631704 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 36 96 35 e9 37 25 f8 95 5f 47 b6 3a 1a ba 24 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x69cbb58 registers.esp: 1631332 registers.edi: 255980 registers.eax: 1995635376 registers.ebp: 1631380 registers.edx: 1995596250 registers.ebx: 1631704 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 77 0d 34 d8 4f 05 31 80 c7 15 25 f2 d1 92 3a 41 exception.instruction: ja 0x69cbba9 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x69cbb9a registers.esp: 1631324 registers.edi: 256 registers.eax: 1631320 registers.ebp: 1631380 registers.edx: 1995596250 registers.ebx: 1631704 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 17 32 1f 1a 42 58 cb 9d bb 92 35 74 26 12 75 exception.instruction: mov dword ptr [edi], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x69cbbe6 registers.esp: 1631328 registers.edi: 3333 registers.eax: 1995635376 registers.ebp: 1631380 registers.edx: 1995596250 registers.ebx: 1631704 registers.esi: 1631704 registers.ecx: 182	1

Allocates read-write-execute memory (usually to unpack itself) (4 events)

Time & API	Arguments	Status
NtProtectVirtualMemory June 8, 2023, 5:32 p.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x732a2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 8, 2023, 5:32 p.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73924000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 8, 2023, 5:32 p.m.	process_identifier: 2548 region_size: 88530944 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03430000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory June 8, 2023, 5:33 p.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 876544 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76f20000 process_handle: 0xffffffff	1

Creates executable files on the filesystem (1 event)

file	C:\Users\test22\AppData\Local\Temp\nsiEDEB.tmp\System.dll

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\nsiEDEB.tmp\System.dll

Queries for potentially installed applications (50 out of 271 events)

Time & API	Arguments	Return
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2
RegOpenKeyExA June 8, 2023, 5:32 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Frikendelserne	2

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ June 8, 2023, 5:33 p.m.	tid: 2552 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

File has been identified by 28 AntiVirus engines on VirusTotal as malicious (28 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Makoob.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Tedy.380502
McAfee	Artemis!8F25FE4C31DE
Sangfor	Trojan.Win32.Agent.V2z9
Arcabit	Trojan.Tedy.D5CE56
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Generik.HXWCXGV
APEX	Malicious
Kaspersky	HEUR:Trojan.NSIS.Makoob.gen
BitDefender	Gen:Variant.Tedy.380502
Avast	FileRepMalware [Trj]
Emsisoft	Gen:Variant.Tedy.380502 (B)
TrendMicro	Trojan.Win32.GULOADER.YXDFGZ
McAfee-GW-Edition	Artemis!Trojan
FireEye	Gen:Variant.Tedy.380502
Sophos	Mal/Generic-S
MAX	malware (ai score=85)
Microsoft	Trojan:Win32/Sabsik.FL.A!ml
ZoneAlarm	HEUR:Trojan.NSIS.Makoob.gen
GData	Gen:Variant.Tedy.380502
AhnLab-V3	Malware/Win32.Generic.C2472678
Cylance	unsafe
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	Trojan.Win32.GULOADER.YXDFGZ
AVG	FileRepMalware [Trj]
DeepInstinct	MALICIOUS

wininit.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All