Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 20, 2023, 7:37 a.m.	June 20, 2023, 7:42 a.m.

Size	414.8KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`78c56c6fd7ed0ff5c69ec132d61e27b3`
SHA256	`6fac7a1f4443bf70639465110324881bdf63d2bb86e1a4397dd72a25fa1364a8`
CRC32	`1EA07548`
ssdeep	`12288:vqugI2VOoo9QTB8gw2JL8xjiUinElye4HbFTt:Cr3Ooo618faCj3inzhTt`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library NSIS_Installer - Null Soft Installer PE_Header_Zero - PE File Signature IsPE32 - (no description)

loki.exe "C:\Users\test22\AppData\Local\Temp\loki.exe"
2552
explorer.exe C:\Windows\Explorer.EXE
1452

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 20, 2023, 7:37 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 1a ae b3 40 90 18 9a 00 5a 81 f6 db ae 7c 41 exception.instruction: mov dword ptr [edx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5fa6666 registers.esp: 58519444 registers.edi: 121316 registers.eax: 6211232 registers.ebp: 58519448 registers.edx: 61731 registers.ebx: 100294656 registers.esi: 3650998950 registers.ecx: 100296226	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7d 0d b7 20 61 98 cb ee 88 5c fd bb 71 22 f6 00 exception.instruction: jge 0x5fa66a3 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5fa6694 registers.esp: 58519440 registers.edi: 58519436 registers.eax: 256 registers.ebp: 58519448 registers.edx: 100294656 registers.ebx: 100294656 registers.esi: 2564914301 registers.ecx: 100296226	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 08 b2 68 4c d8 7a 88 f5 77 35 17 d7 ac 3c 94 exception.instruction: mov dword ptr [eax], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5fb233e registers.esp: 58519436 registers.edi: 121316 registers.eax: 33721 registers.ebp: 58519448 registers.edx: 100294656 registers.ebx: 100294656 registers.esi: 1995838602 registers.ecx: 100296226	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc a9 d7 7a df 82 39 8e fd a1 b6 e1 43 d1 89 9d exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb2355 registers.esp: 58519408 registers.edi: 121316 registers.eax: 6211232 registers.ebp: 58519448 registers.edx: 100294656 registers.ebx: 100294656 registers.esi: 1995838602 registers.ecx: 100296226	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7a 09 b0 e4 da 6d de 33 fd e9 f6 01 70 1f 61 c9 exception.instruction: jp 0x5fb23a1 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5fb2396 registers.esp: 58519400 registers.edi: 121316 registers.eax: 6211232 registers.ebp: 58519448 registers.edx: 58519396 registers.ebx: 256 registers.esi: 1995838602 registers.ecx: 100296226	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b5 3c 85 29 16 97 8e 47 48 90 30 53 7a cf a6 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb23db registers.esp: 58519400 registers.edi: 121316 registers.eax: 6211232 registers.ebp: 58519448 registers.edx: 100294656 registers.ebx: 100294656 registers.esi: 1995838602 registers.ecx: 100296226	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7d 09 b1 4d 7e a2 11 73 49 7d 5d f0 bd 6e 72 ae exception.instruction: jge 0x5fb2437 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5fb242c registers.esp: 58519392 registers.edi: 256 registers.eax: 6211232 registers.ebp: 58519448 registers.edx: 58519388 registers.ebx: 100294656 registers.esi: 1995838602 registers.ecx: 7602286	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc ab 36 aa ff 12 fa 99 8b 5f 13 da 8b 8d d6 01 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb2454 registers.esp: 58519396 registers.edi: 121316 registers.eax: 6211232 registers.ebp: 58519448 registers.edx: 100294656 registers.ebx: 100294656 registers.esi: 1995838602 registers.ecx: 7602286	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 18 a0 aa ad 31 00 58 50 b8 24 de ae 6a 2d 33 exception.instruction: mov dword ptr [eax], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5fb2476 registers.esp: 58519392 registers.edi: 121316 registers.eax: 5340 registers.ebp: 58519448 registers.edx: 100294656 registers.ebx: 100294656 registers.esi: 1995838602 registers.ecx: 100296226	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 78 0d b0 5c 74 72 49 48 16 f3 6d b0 72 ab 22 53 exception.instruction: js 0x5fb24a6 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5fb2497 registers.esp: 58519388 registers.edi: 121316 registers.eax: 256 registers.ebp: 58519448 registers.edx: 100294656 registers.ebx: 58519384 registers.esi: 1995838602 registers.ecx: 100296226	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 75 05 a9 fc df 5e cc 64 d5 05 c8 99 41 00 51 b9 exception.instruction: jne 0x5fb24e4 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5fb24dd registers.esp: 58519388 registers.edi: 121316 registers.eax: 58519384 registers.ebp: 58519448 registers.edx: 2824847353 registers.ebx: 100294656 registers.esi: 256 registers.ecx: 58519396	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b3 fd aa 9a 3c 75 d9 74 c3 87 55 38 5b e3 5c exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb2508 registers.esp: 58519396 registers.edi: 121316 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 247522805 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7e 07 a9 a8 15 5d 22 92 b5 be 4e 97 0a 00 3c 2b exception.instruction: jle 0x5fb2563 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5fb255a registers.esp: 58519388 registers.edi: 121316 registers.eax: 58519384 registers.ebp: 58519448 registers.edx: 256 registers.ebx: 247522805 registers.esi: 12 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 77 08 ac 0a b5 f0 0b 2d a6 50 00 39 cb 5f 84 d0 exception.instruction: ja 0x5fb25c7 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5fb25bd registers.esp: 58519396 registers.edi: 58519392 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 247522805 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 38 b7 ba b2 03 f2 9c 6b 6a 59 1f e6 2e 5b 00 exception.instruction: mov dword ptr [eax], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5fb25e3 registers.esp: 58519400 registers.edi: 121316 registers.eax: 6457 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 247522805 registers.esi: 1995838602 registers.ecx: 3085831799	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 74 0a aa 39 93 ec bb 76 3a 70 dc 6e 00 38 f4 5b exception.instruction: je 0x5fb2652 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5fb2646 registers.esp: 58519392 registers.edi: 121316 registers.eax: 256 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 58519388 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7c 06 ad df 31 82 4d 57 6f 00 66 81 fe 0a a7 5a exception.instruction: jl 0x5fb2694 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5fb268c registers.esp: 58519392 registers.edi: 256 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 58519388 registers.ebx: 58519448 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b5 b6 1e 96 d6 78 14 3c 0b fb e0 45 33 60 69 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb26a3 registers.esp: 58519400 registers.edi: 121316 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 58519448 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b5 b6 1e 96 d6 78 14 3c 0b fb e0 45 33 60 69 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb26a3 registers.esp: 58519400 registers.edi: 121316 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 58519449 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b5 b6 1e 96 d6 78 14 3c 0b fb e0 45 33 60 69 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb26a3 registers.esp: 58519400 registers.edi: 121316 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 58519450 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b5 b6 1e 96 d6 78 14 3c 0b fb e0 45 33 60 69 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb26a3 registers.esp: 58519400 registers.edi: 121316 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 58519451 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b5 b6 1e 96 d6 78 14 3c 0b fb e0 45 33 60 69 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb26a3 registers.esp: 58519400 registers.edi: 121316 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 58519452 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b5 b6 1e 96 d6 78 14 3c 0b fb e0 45 33 60 69 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb26a3 registers.esp: 58519400 registers.edi: 121316 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 58519453 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b5 b6 1e 96 d6 78 14 3c 0b fb e0 45 33 60 69 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb26a3 registers.esp: 58519400 registers.edi: 121316 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 58519454 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b5 b6 1e 96 d6 78 14 3c 0b fb e0 45 33 60 69 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb26a3 registers.esp: 58519400 registers.edi: 121316 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 58519455 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b5 b6 1e 96 d6 78 14 3c 0b fb e0 45 33 60 69 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb26a3 registers.esp: 58519400 registers.edi: 121316 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 58519456 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b5 b6 1e 96 d6 78 14 3c 0b fb e0 45 33 60 69 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb26a3 registers.esp: 58519400 registers.edi: 121316 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 58519457 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b5 b6 1e 96 d6 78 14 3c 0b fb e0 45 33 60 69 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb26a3 registers.esp: 58519400 registers.edi: 121316 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 58519458 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b5 b6 1e 96 d6 78 14 3c 0b fb e0 45 33 60 69 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb26a3 registers.esp: 58519400 registers.edi: 121316 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 58519459 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b5 b6 1e 96 d6 78 14 3c 0b fb e0 45 33 60 69 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb26a3 registers.esp: 58519400 registers.edi: 121316 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 58519460 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b5 b6 1e 96 d6 78 14 3c 0b fb e0 45 33 60 69 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb26a3 registers.esp: 58519400 registers.edi: 121316 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 58519461 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b5 b6 1e 96 d6 78 14 3c 0b fb e0 45 33 60 69 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb26a3 registers.esp: 58519400 registers.edi: 121316 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 58519462 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b5 b6 1e 96 d6 78 14 3c 0b fb e0 45 33 60 69 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb26a3 registers.esp: 58519400 registers.edi: 121316 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 58519463 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b5 b6 1e 96 d6 78 14 3c 0b fb e0 45 33 60 69 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb26a3 registers.esp: 58519400 registers.edi: 121316 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 58519464 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b5 b6 1e 96 d6 78 14 3c 0b fb e0 45 33 60 69 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb26a3 registers.esp: 58519400 registers.edi: 121316 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 58519465 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b5 b6 1e 96 d6 78 14 3c 0b fb e0 45 33 60 69 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb26a3 registers.esp: 58519400 registers.edi: 121316 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 58519466 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b5 b6 1e 96 d6 78 14 3c 0b fb e0 45 33 60 69 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb26a3 registers.esp: 58519400 registers.edi: 121316 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 58519467 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b5 b6 1e 96 d6 78 14 3c 0b fb e0 45 33 60 69 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb26a3 registers.esp: 58519400 registers.edi: 121316 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 58519468 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b5 b6 1e 96 d6 78 14 3c 0b fb e0 45 33 60 69 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb26a3 registers.esp: 58519400 registers.edi: 121316 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 58519469 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b5 b6 1e 96 d6 78 14 3c 0b fb e0 45 33 60 69 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb26a3 registers.esp: 58519400 registers.edi: 121316 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 58519470 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b5 b6 1e 96 d6 78 14 3c 0b fb e0 45 33 60 69 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb26a3 registers.esp: 58519400 registers.edi: 121316 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 58519471 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b5 b6 1e 96 d6 78 14 3c 0b fb e0 45 33 60 69 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb26a3 registers.esp: 58519400 registers.edi: 121316 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 58519472 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b5 b6 1e 96 d6 78 14 3c 0b fb e0 45 33 60 69 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb26a3 registers.esp: 58519400 registers.edi: 121316 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 58519473 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b5 b6 1e 96 d6 78 14 3c 0b fb e0 45 33 60 69 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb26a3 registers.esp: 58519400 registers.edi: 121316 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 58519474 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b5 b6 1e 96 d6 78 14 3c 0b fb e0 45 33 60 69 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb26a3 registers.esp: 58519400 registers.edi: 121316 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 58519475 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b5 b6 1e 96 d6 78 14 3c 0b fb e0 45 33 60 69 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb26a3 registers.esp: 58519400 registers.edi: 121316 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 58519476 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b5 b6 1e 96 d6 78 14 3c 0b fb e0 45 33 60 69 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb26a3 registers.esp: 58519400 registers.edi: 121316 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 58519477 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b5 b6 1e 96 d6 78 14 3c 0b fb e0 45 33 60 69 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb26a3 registers.esp: 58519400 registers.edi: 121316 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 58519478 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b5 b6 1e 96 d6 78 14 3c 0b fb e0 45 33 60 69 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb26a3 registers.esp: 58519400 registers.edi: 121316 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 58519479 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 20, 2023, 7:37 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b5 b6 1e 96 d6 78 14 3c 0b fb e0 45 33 60 69 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5fb26a3 registers.esp: 58519400 registers.edi: 121316 registers.eax: 1995635376 registers.ebp: 58519448 registers.edx: 1995596250 registers.ebx: 58519480 registers.esi: 1995838602 registers.ecx: 182	1

Allocates read-write-execute memory (usually to unpack itself) (5 events)

Time & API	Arguments	Status
NtProtectVirtualMemory June 20, 2023, 7:37 a.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73272000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 20, 2023, 7:37 a.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10004000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 20, 2023, 7:37 a.m.	process_identifier: 2552 region_size: 54779904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03ff0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory June 20, 2023, 7:38 a.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 876544 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76f20000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 20, 2023, 7:31 a.m.	process_identifier: 1452 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000046b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1

Creates executable files on the filesystem (2 events)

file	C:\Users\test22\AppData\Local\Tristich.lnk
file	C:\Users\test22\AppData\Local\Temp\nsn684.tmp\System.dll

Creates hidden or system file (3 events)

Time & API	Arguments	Status	Return	Repeated
SetFileAttributesW June 20, 2023, 7:37 a.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Windows\resources\fluidible\temptsome\Brkagernes26\philanthropinist.mem filepath: C:\Windows\resources\fluidible\temptsome\Brkagernes26\philanthropinist.mem		0	0
SetFileAttributesW June 20, 2023, 7:37 a.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Windows\resources\fluidible\temptsome\Brkagernes26\philanthropinist.mem filepath: C:\Windows\resources\fluidible\temptsome\Brkagernes26\philanthropinist.mem		0	0
SetFileAttributesW June 20, 2023, 7:37 a.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Windows\resources\fluidible\temptsome\Brkagernes26\philanthropinist.mem filepath: C:\Windows\resources\fluidible\temptsome\Brkagernes26\philanthropinist.mem		0	0

Creates a shortcut to an executable file (2 events)

file	C:\Users\test22\AppData\Local\Tristich.lnk
file	C:\Windows\System32\udfrings\drejebnke.lnk

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\nsn684.tmp\System.dll

Queries for potentially installed applications (50 out of 438 events)

Time & API	Arguments	Return
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 20, 2023, 7:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2

Deletes executed files from disk (1 event)

file	C:\Users\test22\AppData\Local\Temp\nsn684.tmp

File has been identified by 17 AntiVirus engines on VirusTotal as malicious (17 events)

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
FireEye	Generic.mg.78c56c6fd7ed0ff5
McAfee	Artemis!78C56C6FD7ED
Cynet	Malicious (score: 100)
APEX	Malicious
Kaspersky	UDS:DangerousObject.Multi.Generic
SUPERAntiSpyware	Adware.HPDefender/Variant
TrendMicro	Trojan.Win32.GULOADER.YXDFSZ
McAfee-GW-Edition	BehavesLike.Win32.Dropper.gc
Ikarus	Trojan.NSIS.Agent
ZoneAlarm	HEUR:Trojan.Win32.Inject.gen
Google	Detected
TrendMicro-HouseCall	Trojan.Win32.GULOADER.YXDFSZ
Rising	Trojan.Injector/NSIS!1.E690 (CLASSIC)
SentinelOne	Static AI - Suspicious PE
DeepInstinct	MALICIOUS

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ June 20, 2023, 7:38 a.m.	tid: 2656 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

loki.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All