Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	June 22, 2023, 10:29 a.m.	June 22, 2023, 10:31 a.m.

Size	1.3MB
Type	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 14:06:51 2020, Security: 0, Code page: 1252, Revision Number: {D3AD19F7-D357-423C-9BF1-D6EF7899326B}, Number of Words: 2, Subject: Setup, Author: Setup, Name of Creating Application: Setup, Template: ;1033, Comments: This installer database contains the logic and data required to install Setup., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
MD5	`7c242798e9aa870339219e2a32540ef7`
SHA256	`a51e2cfdb56e05d45236fb8a5a5fb14dd3122abd9aea580e7d3b42978940e1b9`
CRC32	`C68D297C`
ssdeep	`24576:mx2VcFriChlH30IlvKKwc44q55ggXotc8cX:q2VcFriChlvrwc44q55ggXotc8c`
Yara	OS_Processor_Check_Zero - OS Processor Check Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen CAB_file_format - CAB archive file Malicious_Library_Zero - Malicious_Library Microsoft_Office_File_Zero - Microsoft Office File Generic_Malware_Zero - Generic Malware

msiexec.exe "C:\Windows\System32\msiexec.exe" /I "C:\Users\test22\AppData\Local\Temp\Kaspersky Premium.msi"
3024
explorer.exe C:\Windows\Explorer.EXE
1236
- cmd.exe cmd /c ""C:\Program Files (x86)\Microsoft\EdgeWebView\setup.bat" "
  2560
  - taskkill.exe taskkill /F /IM chrome.exe
    2568
  - taskkill.exe taskkill /F /IM msedge.exe
    3016
  - timeout.exe timeout /t 1
    2272
  - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --restore-last-session --load-extension="C:\Program Files (x86)\Microsoft\EdgeWebView\/nmmhkkegccagdldgiimedpiccmgmiedagg4"
    2756
    - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0xb0,0xb4,0xb8,0x84,0xbc,0x7fef3236e00,0x7fef3236e10,0x7fef3236e20
      2452

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (7 events)

Time & API	Arguments	Status	Return
GetComputerNameW June 22, 2023, 10:29 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameA June 22, 2023, 10:30 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 22, 2023, 10:30 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 22, 2023, 10:30 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 22, 2023, 10:30 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 22, 2023, 10:30 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 22, 2023, 10:30 a.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (24 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent June 22, 2023, 10:29 a.m.			0	0
IsDebuggerPresent June 22, 2023, 10:30 a.m.			0	0
IsDebuggerPresent June 22, 2023, 10:30 a.m.			0	0
IsDebuggerPresent June 22, 2023, 10:30 a.m.			0	0
IsDebuggerPresent June 22, 2023, 10:30 a.m.			0	0
IsDebuggerPresent June 22, 2023, 10:30 a.m.			0	0
IsDebuggerPresent June 22, 2023, 10:30 a.m.			0	0
IsDebuggerPresent June 22, 2023, 10:30 a.m.			0	0
IsDebuggerPresent June 22, 2023, 10:30 a.m.			0	0
IsDebuggerPresent June 22, 2023, 10:30 a.m.			0	0
IsDebuggerPresent June 22, 2023, 10:30 a.m.			0	0
IsDebuggerPresent June 22, 2023, 10:30 a.m.			0	0
IsDebuggerPresent June 22, 2023, 10:30 a.m.			0	0
IsDebuggerPresent June 22, 2023, 10:31 a.m.			0	0
IsDebuggerPresent June 22, 2023, 10:31 a.m.			0	0
IsDebuggerPresent June 22, 2023, 10:31 a.m.			0	0
IsDebuggerPresent June 22, 2023, 10:31 a.m.			0	0
IsDebuggerPresent June 22, 2023, 10:31 a.m.			0	0
IsDebuggerPresent June 22, 2023, 10:31 a.m.			0	0
IsDebuggerPresent June 22, 2023, 10:31 a.m.			0	0
IsDebuggerPresent June 22, 2023, 10:31 a.m.			0	0
IsDebuggerPresent June 22, 2023, 10:30 a.m.			0	0
IsDebuggerPresent June 22, 2023, 10:30 a.m.			0	0
IsDebuggerPresent June 22, 2023, 10:30 a.m.			0	0

Command line console output was observed (19 events)

Time & API	Arguments	Status	Return
WriteConsoleW June 22, 2023, 10:30 a.m.	buffer: C:\Program Files (x86)\Microsoft\EdgeWebView> console_handle: 0x0000000000000007	1	1
WriteConsoleW June 22, 2023, 10:30 a.m.	buffer: taskkill console_handle: 0x0000000000000007	1	1
WriteConsoleW June 22, 2023, 10:30 a.m.	buffer: /F /IM chrome.exe console_handle: 0x0000000000000007	1	1
WriteConsoleW June 22, 2023, 10:30 a.m.	buffer: C:\Program Files (x86)\Microsoft\EdgeWebView> console_handle: 0x0000000000000007	1	1
WriteConsoleW June 22, 2023, 10:30 a.m.	buffer: taskkill console_handle: 0x0000000000000007	1	1
WriteConsoleW June 22, 2023, 10:30 a.m.	buffer: /F /IM msedge.exe console_handle: 0x0000000000000007	1	1
WriteConsoleW June 22, 2023, 10:30 a.m.	buffer: C:\Program Files (x86)\Microsoft\EdgeWebView> console_handle: 0x0000000000000007	1	1
WriteConsoleW June 22, 2023, 10:30 a.m.	buffer: timeout console_handle: 0x0000000000000007	1	1
WriteConsoleW June 22, 2023, 10:30 a.m.	buffer: /t 1 console_handle: 0x0000000000000007	1	1
WriteConsoleW June 22, 2023, 10:30 a.m.	buffer: nul console_handle: 0x0000000000000007	1	1
WriteConsoleW June 22, 2023, 10:30 a.m.	buffer: C:\Program Files (x86)\Microsoft\EdgeWebView> console_handle: 0x0000000000000007	1	1
WriteConsoleW June 22, 2023, 10:30 a.m.	buffer: start console_handle: 0x0000000000000007	1	1
WriteConsoleW June 22, 2023, 10:30 a.m.	buffer: chrome.exe --restore-last-session --load-extension="C:\Program Files (x86)\Microsoft\EdgeWebView\/nmmhkkegccagdldgiimedpiccmgmiedagg4" console_handle: 0x0000000000000007	1	1
WriteConsoleW June 22, 2023, 10:30 a.m.	buffer: C:\Program Files (x86)\Microsoft\EdgeWebView> console_handle: 0x0000000000000007	1	1
WriteConsoleW June 22, 2023, 10:30 a.m.	buffer: start console_handle: 0x0000000000000007	1	1
WriteConsoleW June 22, 2023, 10:30 a.m.	buffer: msedge.exe --restore-last-session --load-extension="C:\Program Files (x86)\Microsoft\EdgeWebView\/nmmhkkegccagdldgiimedpiccmgmiedagg4" console_handle: 0x0000000000000007	1	1
WriteConsoleW June 22, 2023, 10:30 a.m.	buffer: The system cannot find the file msedge.exe. console_handle: 0x000000000000000b	1	1
WriteConsoleW June 22, 2023, 10:30 a.m.	buffer: ERROR: The process "chrome.exe" not found. console_handle: 0x000000000000000b	1	1
WriteConsoleW June 22, 2023, 10:30 a.m.	buffer: ERROR: The process "msedge.exe" not found. console_handle: 0x000000000000000b	1	1

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid

Tries to locate where the browsers are installed (2 events)

file	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
file	c:\program files\mozilla firefox\firefox.exe

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 22, 2023, 10:29 a.m.		1	1	0

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ June 22, 2023, 10:31 a.m.	stacktrace: 0x180004 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: ff 15 16 1f 09 00 ff 25 00 00 00 00 aa a4 17 77 exception.instruction: call qword ptr [rip + 0x91f16] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x180004 registers.r14: 256177208 registers.r15: 72031856 registers.rcx: 1364 registers.rsi: 17302540 registers.r10: 0 registers.rbx: 256176464 registers.rsp: 256176184 registers.r11: 256180080 registers.r8: 2000388492 registers.r9: 0 registers.rdx: 1396 registers.r12: 256176824 registers.rbp: 256176320 registers.rdi: 72134352 registers.rax: 1572864 registers.r13: 84484704	1	0	0

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Allocates read-write-execute memory (usually to unpack itself) (31 events)

Time & API	Arguments	Status
NtProtectVirtualMemory June 22, 2023, 10:29 a.m.	process_identifier: 3024 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73c41000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 22, 2023, 10:29 a.m.	process_identifier: 3024 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74011000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 22, 2023, 10:29 a.m.	process_identifier: 3024 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73b11000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 22, 2023, 10:29 a.m.	process_identifier: 3024 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73a61000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 22, 2023, 10:29 a.m.	process_identifier: 3024 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73b12000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 22, 2023, 10:29 a.m.	process_identifier: 3024 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73b91000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 22, 2023, 10:29 a.m.	process_identifier: 3024 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73b93000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 22, 2023, 10:29 a.m.	process_identifier: 3024 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x730d1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 22, 2023, 10:29 a.m.	process_identifier: 3024 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73861000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 22, 2023, 10:29 a.m.	process_identifier: 3024 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73b81000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 22, 2023, 10:29 a.m.	process_identifier: 3024 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73841000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 22, 2023, 10:29 a.m.	process_identifier: 3024 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75dd1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 22, 2023, 10:29 a.m.	process_identifier: 3024 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x758d1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 22, 2023, 10:29 a.m.	process_identifier: 3024 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74e51000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 22, 2023, 10:29 a.m.	process_identifier: 3024 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73821000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 22, 2023, 10:29 a.m.	process_identifier: 3024 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x737e1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 22, 2023, 10:29 a.m.	process_identifier: 3024 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x737c1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 22, 2023, 10:29 a.m.	process_identifier: 3024 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73091000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 22, 2023, 10:29 a.m.	process_identifier: 3024 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73021000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 10:29 a.m.	process_identifier: 3024 region_size: 917504 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x041d0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 10:29 a.m.	process_identifier: 3024 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04270000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory June 22, 2023, 10:29 a.m.	process_identifier: 3024 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73012000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 10:29 a.m.	process_identifier: 3024 region_size: 1376256 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04340000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 10:29 a.m.	process_identifier: 3024 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04450000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory June 22, 2023, 10:29 a.m.	process_identifier: 3024 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72f41000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 22, 2023, 10:29 a.m.	process_identifier: 3024 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75be1000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 10:30 a.m.	process_identifier: 1236 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000004cb0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 22, 2023, 10:30 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef69c9000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 22, 2023, 10:30 a.m.	process_identifier: 2756 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 22, 2023, 10:31 a.m.	process_identifier: 2756 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef69c9000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 22, 2023, 10:30 a.m.	process_identifier: 2452 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1

Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (50 out of 180 events)

Time & API	Arguments	Status	Return
GetDiskFreeSpaceExW June 22, 2023, 10:29 a.m.	total_number_of_free_bytes: 9120276480 free_bytes_available: 9120276480 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceW June 22, 2023, 10:29 a.m.	number_of_free_clusters: 2226630 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceExW June 22, 2023, 10:29 a.m.	total_number_of_free_bytes: 9120276480 free_bytes_available: 9120276480 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceW June 22, 2023, 10:29 a.m.	number_of_free_clusters: 2226630 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceExW June 22, 2023, 10:29 a.m.	total_number_of_free_bytes: 9120276480 free_bytes_available: 9120276480 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceW June 22, 2023, 10:29 a.m.	number_of_free_clusters: 2226630 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceExW June 22, 2023, 10:29 a.m.	total_number_of_free_bytes: 9120276480 free_bytes_available: 9120276480 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceW June 22, 2023, 10:29 a.m.	number_of_free_clusters: 2226630 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceExW June 22, 2023, 10:29 a.m.	total_number_of_free_bytes: 9120276480 free_bytes_available: 9120276480 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceW June 22, 2023, 10:29 a.m.	number_of_free_clusters: 2226630 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceExW June 22, 2023, 10:29 a.m.	total_number_of_free_bytes: 9120276480 free_bytes_available: 9120276480 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceW June 22, 2023, 10:29 a.m.	number_of_free_clusters: 2226630 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceExW June 22, 2023, 10:29 a.m.	total_number_of_free_bytes: 9120276480 free_bytes_available: 9120276480 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceW June 22, 2023, 10:29 a.m.	number_of_free_clusters: 2226630 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceExW June 22, 2023, 10:29 a.m.	total_number_of_free_bytes: 9120276480 free_bytes_available: 9120276480 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceW June 22, 2023, 10:29 a.m.	number_of_free_clusters: 2226630 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceExW June 22, 2023, 10:29 a.m.	total_number_of_free_bytes: 9120276480 free_bytes_available: 9120276480 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceW June 22, 2023, 10:29 a.m.	number_of_free_clusters: 2226630 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceExW June 22, 2023, 10:29 a.m.	total_number_of_free_bytes: 9120276480 free_bytes_available: 9120276480 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceW June 22, 2023, 10:29 a.m.	number_of_free_clusters: 2226630 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceExW June 22, 2023, 10:29 a.m.	total_number_of_free_bytes: 9120280576 free_bytes_available: 9120280576 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceW June 22, 2023, 10:29 a.m.	number_of_free_clusters: 2226631 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceExW June 22, 2023, 10:29 a.m.	total_number_of_free_bytes: 9120280576 free_bytes_available: 9120280576 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceW June 22, 2023, 10:29 a.m.	number_of_free_clusters: 2226631 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceExW June 22, 2023, 10:29 a.m.	total_number_of_free_bytes: 9120280576 free_bytes_available: 9120280576 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceW June 22, 2023, 10:29 a.m.	number_of_free_clusters: 2226631 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceExW June 22, 2023, 10:29 a.m.	total_number_of_free_bytes: 9120280576 free_bytes_available: 9120280576 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceW June 22, 2023, 10:29 a.m.	number_of_free_clusters: 2226631 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceExW June 22, 2023, 10:29 a.m.	total_number_of_free_bytes: 9120280576 free_bytes_available: 9120280576 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceW June 22, 2023, 10:29 a.m.	number_of_free_clusters: 2226631 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceExW June 22, 2023, 10:29 a.m.	total_number_of_free_bytes: 9120280576 free_bytes_available: 9120280576 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceW June 22, 2023, 10:29 a.m.	number_of_free_clusters: 2226631 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceExW June 22, 2023, 10:29 a.m.	total_number_of_free_bytes: 9120280576 free_bytes_available: 9120280576 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceW June 22, 2023, 10:29 a.m.	number_of_free_clusters: 2226631 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceExW June 22, 2023, 10:29 a.m.	total_number_of_free_bytes: 9120280576 free_bytes_available: 9120280576 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceW June 22, 2023, 10:29 a.m.	number_of_free_clusters: 2226631 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceExW June 22, 2023, 10:29 a.m.	total_number_of_free_bytes: 9120280576 free_bytes_available: 9120280576 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceW June 22, 2023, 10:29 a.m.	number_of_free_clusters: 2226631 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceExW June 22, 2023, 10:29 a.m.	total_number_of_free_bytes: 9120280576 free_bytes_available: 9120280576 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceW June 22, 2023, 10:29 a.m.	number_of_free_clusters: 2226631 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceExW June 22, 2023, 10:29 a.m.	total_number_of_free_bytes: 9120280576 free_bytes_available: 9120280576 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceW June 22, 2023, 10:29 a.m.	number_of_free_clusters: 2226631 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceExW June 22, 2023, 10:29 a.m.	total_number_of_free_bytes: 9120280576 free_bytes_available: 9120280576 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceW June 22, 2023, 10:29 a.m.	number_of_free_clusters: 2226631 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceExW June 22, 2023, 10:29 a.m.	total_number_of_free_bytes: 9120280576 free_bytes_available: 9120280576 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceW June 22, 2023, 10:29 a.m.	number_of_free_clusters: 2226631 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceExW June 22, 2023, 10:29 a.m.	total_number_of_free_bytes: 9120280576 free_bytes_available: 9120280576 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceW June 22, 2023, 10:29 a.m.	number_of_free_clusters: 2226631 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceExW June 22, 2023, 10:29 a.m.	total_number_of_free_bytes: 9120280576 free_bytes_available: 9120280576 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceW June 22, 2023, 10:29 a.m.	number_of_free_clusters: 2226631 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: C:\ total_number_of_clusters: 8362495	1	1

An application raised an exception which may be indicative of an exploit crash (2 events)

Time & API	Arguments	Status	Return	Repeated
Application Crash	Process chrome.exe with pid 2756 crashed
__exception__ June 22, 2023, 10:31 a.m.	stacktrace: 0x180004 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: ff 15 16 1f 09 00 ff 25 00 00 00 00 aa a4 17 77 exception.instruction: call qword ptr [rip + 0x91f16] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x180004 registers.r14: 256177208 registers.r15: 72031856 registers.rcx: 1364 registers.rsi: 17302540 registers.r10: 0 registers.rbx: 256176464 registers.rsp: 256176184 registers.r11: 256180080 registers.r8: 2000388492 registers.r9: 0 registers.rdx: 1396 registers.r12: 256176824 registers.rbp: 256176320 registers.rdi: 72134352 registers.rax: 1572864 registers.r13: 84484704	1	0	0

Steals private information from local Internet browsers (22 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-spare.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Last Version
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\reports\53866c5d-02d5-4102-af21-5bd36bc6e7ab.dmp
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\First Run
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\reports
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Policy\User Policy
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\metadata
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-649430E8-AC4.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_2

Creates a shortcut to an executable file (15 events)

file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Defender.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\MSI29BA.tmp

Executes one or more WMI queries (2 events)

wmi	SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "msedge.exe")
wmi	SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "chrome.exe")

Checks for the Locally Unique Identifier on the system for a suspicious privilege (26 events)

Time & API	Arguments	Status	Return
LookupPrivilegeValueW June 22, 2023, 10:29 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW June 22, 2023, 10:29 a.m.	system_name: privilege_name: SeCreateTokenPrivilege	1	1
LookupPrivilegeValueW June 22, 2023, 10:29 a.m.	system_name: privilege_name: SeAssignPrimaryTokenPrivilege	1	1
LookupPrivilegeValueW June 22, 2023, 10:29 a.m.	system_name: privilege_name: SeMachineAccountPrivilege	1	1
LookupPrivilegeValueW June 22, 2023, 10:29 a.m.	system_name: privilege_name: SeTcbPrivilege	1	1
LookupPrivilegeValueW June 22, 2023, 10:29 a.m.	system_name: privilege_name: SeSecurityPrivilege	1	1
LookupPrivilegeValueW June 22, 2023, 10:29 a.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW June 22, 2023, 10:29 a.m.	system_name: privilege_name: SeLoadDriverPrivilege	1	1
LookupPrivilegeValueW June 22, 2023, 10:29 a.m.	system_name: privilege_name: SeBackupPrivilege	1	1
LookupPrivilegeValueW June 22, 2023, 10:29 a.m.	system_name: privilege_name: SeRestorePrivilege	1	1
LookupPrivilegeValueW June 22, 2023, 10:29 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW June 22, 2023, 10:29 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW June 22, 2023, 10:29 a.m.	system_name: privilege_name: SeRemoteShutdownPrivilege	1	1
LookupPrivilegeValueW June 22, 2023, 10:29 a.m.	system_name: privilege_name: SeEnableDelegationPrivilege	1	1
LookupPrivilegeValueW June 22, 2023, 10:29 a.m.	system_name: privilege_name: SeManageVolumePrivilege	1	1
LookupPrivilegeValueW June 22, 2023, 10:29 a.m.	system_name: privilege_name: SeCreateGlobalPrivilege	1	1
LookupPrivilegeValueW June 22, 2023, 10:30 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW June 22, 2023, 10:30 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW June 22, 2023, 10:30 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW June 22, 2023, 10:30 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW June 22, 2023, 10:30 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW June 22, 2023, 10:30 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW June 22, 2023, 10:30 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW June 22, 2023, 10:30 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW June 22, 2023, 10:30 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW June 22, 2023, 10:30 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1

Yara rule detected in process memory (9 events)

description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	DebuggerException__SetConsoleCtrl
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep

Uses Windows utilities for basic Windows functionality (2 events)

cmdline	taskkill /F /IM chrome.exe
cmdline	taskkill /F /IM msedge.exe

One or more of the buffers contains an embedded PE file (1 event)

buffer

Buffer with sha1: a2b0a187a7131a36c2f482ef7a5706d27ea10e73

File has been identified by 17 AntiVirus engines on VirusTotal as malicious (17 events)

Lionic	Trojan.Win32.Agent.Y!c
MicroWorld-eScan	Trojan.GenericKD.67649423
FireEye	Trojan.GenericKD.67649423
ALYac	Trojan.PWS.Agent.SWJ
Symantec	Trojan.Gen.2
ESET-NOD32	JS/ExtenBro.Agent.EI
Kaspersky	HEUR:Trojan-PSW.JS.Agent.gen
BitDefender	Trojan.GenericKD.67649423
VIPRE	Generic.Bard.C.013B9C30
Ikarus	Trojan-Spy.Agent
Arcabit	Trojan.Generic.D4083F8F
ZoneAlarm	HEUR:Trojan-PSW.JS.Agent.gen
GData	Trojan.GenericKD.67649423
Google	Detected
MAX	malware (ai score=88)
Rising	Stealer.Facebook/JS!1.E6A7 (CLASSIC)
Fortinet	PossibleThreat

One or more non-whitelisted processes were created (2 events)

parent_process	chrome.exe				martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0xb0,0xb4,0xb8,0x84,0xbc,0x7fef3236e00,0x7fef3236e10,0x7fef3236e20
parent_process	chrome.exe				martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1128,2444615184355213138,5973679347720131406,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1164 /prefetch:2

Resumed a suspended thread in a remote process potentially indicative of process injection (26 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 1236 resumed a thread in remote process 2560
Process injection	Process 2452 resumed a thread in remote process 2756
NtResumeThread June 22, 2023, 10:30 a.m.	thread_handle: 0x0000000000000b50 suspend_count: 1 process_identifier: 2560	1	0	0
NtResumeThread June 22, 2023, 10:31 a.m.	thread_handle: 0x0000000000000154 suspend_count: 2 process_identifier: 2756	1	0	0
NtResumeThread June 22, 2023, 10:31 a.m.	thread_handle: 0x0000000000000154 suspend_count: 2 process_identifier: 2756	1	0	0
NtResumeThread June 22, 2023, 10:31 a.m.	thread_handle: 0x0000000000000154 suspend_count: 2 process_identifier: 2756	1	0	0
NtResumeThread June 22, 2023, 10:31 a.m.	thread_handle: 0x0000000000000154 suspend_count: 2 process_identifier: 2756	1	0	0
NtResumeThread June 22, 2023, 10:31 a.m.	thread_handle: 0x0000000000000154 suspend_count: 2 process_identifier: 2756	1	0	0
NtResumeThread June 22, 2023, 10:31 a.m.	thread_handle: 0x0000000000000154 suspend_count: 2 process_identifier: 2756	1	0	0
NtResumeThread June 22, 2023, 10:31 a.m.	thread_handle: 0x0000000000000154 suspend_count: 2 process_identifier: 2756	1	0	0
NtResumeThread June 22, 2023, 10:31 a.m.	thread_handle: 0x0000000000000154 suspend_count: 2 process_identifier: 2756	1	0	0
NtResumeThread June 22, 2023, 10:31 a.m.	thread_handle: 0x0000000000000154 suspend_count: 2 process_identifier: 2756	1	0	0
NtResumeThread June 22, 2023, 10:31 a.m.	thread_handle: 0x0000000000000154 suspend_count: 2 process_identifier: 2756	1	0	0
NtResumeThread June 22, 2023, 10:31 a.m.	thread_handle: 0x0000000000000154 suspend_count: 2 process_identifier: 2756	1	0	0
NtResumeThread June 22, 2023, 10:31 a.m.	thread_handle: 0x0000000000000154 suspend_count: 2 process_identifier: 2756	1	0	0
NtResumeThread June 22, 2023, 10:31 a.m.	thread_handle: 0x0000000000000154 suspend_count: 2 process_identifier: 2756	1	0	0
NtResumeThread June 22, 2023, 10:31 a.m.	thread_handle: 0x0000000000000154 suspend_count: 2 process_identifier: 2756	1	0	0
NtResumeThread June 22, 2023, 10:31 a.m.	thread_handle: 0x0000000000000154 suspend_count: 2 process_identifier: 2756	1	0	0
NtResumeThread June 22, 2023, 10:31 a.m.	thread_handle: 0x0000000000000154 suspend_count: 2 process_identifier: 2756	1	0	0
NtResumeThread June 22, 2023, 10:31 a.m.	thread_handle: 0x0000000000000154 suspend_count: 2 process_identifier: 2756	1	0	0
NtResumeThread June 22, 2023, 10:31 a.m.	thread_handle: 0x0000000000000154 suspend_count: 2 process_identifier: 2756	1	0	0
NtResumeThread June 22, 2023, 10:31 a.m.	thread_handle: 0x0000000000000154 suspend_count: 2 process_identifier: 2756	1	0	0
NtResumeThread June 22, 2023, 10:31 a.m.	thread_handle: 0x0000000000000154 suspend_count: 2 process_identifier: 2756	1	0	0
NtResumeThread June 22, 2023, 10:31 a.m.	thread_handle: 0x0000000000000154 suspend_count: 2 process_identifier: 2756	1	0	0
NtResumeThread June 22, 2023, 10:31 a.m.	thread_handle: 0x0000000000000154 suspend_count: 2 process_identifier: 2756	1	0	0
NtResumeThread June 22, 2023, 10:31 a.m.	thread_handle: 0x0000000000000154 suspend_count: 2 process_identifier: 2756	1	0	0

Kaspersky Premium.msi

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All