Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	July 3, 2023, 5:53 p.m.	July 3, 2023, 5:56 p.m.

Size	410.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`7b039d47de748555460ddd62fad6cc12`
SHA256	`c14f03d40463a937c43d9e7717acc6c96c5b294c0d15a6431d09b5e3e2a76d45`
CRC32	`1128183A`
ssdeep	`3072:0tSBOyX9F2dc/ZBZ0Bxiqb+7ekpg165dWAQ0hRyllmMzP5TilS8u3GNIehLvt94b:0C2guh+7eUVjRE44gq3du194wZb6h`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

csrss00.exe "C:\Users\test22\AppData\Local\Temp\csrss00.exe"
2040

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
156.236.72.121	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 3, 2023, 5:53 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 99 9f aa 8f a6 03 40 f6 5f 81 34 24 d1 d9 df exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x61a9a0f registers.esp: 1631040 registers.edi: 237440 registers.eax: 3237224 registers.ebp: 1631044 registers.edx: 102404096 registers.ebx: 102404096 registers.esi: 2005865610 registers.ecx: 102406624	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 7b 05 9b 2b 94 d9 8a 00 84 d8 5f 66 39 d8 58 57 exception.instruction: jnp 0x61a9a4a exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x61a9a43 registers.esp: 1631032 registers.edi: 1631028 registers.eax: 256 registers.ebp: 1631044 registers.edx: 102404096 registers.ebx: 102404096 registers.esi: 2005865610 registers.ecx: 102406624	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 1f 9e 55 cb 64 7a b2 fb 37 bf 16 00 5f 81 34 exception.instruction: mov dword ptr [edi], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x61a9a64 registers.esp: 1631036 registers.edi: 44523 registers.eax: 3237224 registers.ebp: 1631044 registers.edx: 102404096 registers.ebx: 102404096 registers.esi: 2005865610 registers.ecx: 102406624	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 95 56 71 b6 45 81 2c 24 a8 f5 2c 8a cc 81 c3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x61a9a79 registers.esp: 1631040 registers.edi: 237440 registers.eax: 3237224 registers.ebp: 1631044 registers.edx: 102404096 registers.ebx: 102404096 registers.esi: 2005865610 registers.ecx: 102406624	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 81 c3 32 95 d5 71 78 e2 a2 13 b3 ae 76 f5 6a exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x61a9a86 registers.esp: 1631040 registers.edi: 237440 registers.eax: 3237224 registers.ebp: 1631044 registers.edx: 102404096 registers.ebx: 102404096 registers.esi: 2005865610 registers.ecx: 102406624	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 83 8f 99 2a dc 87 a1 0d 36 8e 54 b8 74 73 cb exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x61c5d4f registers.esp: 1631036 registers.edi: 237440 registers.eax: 3237224 registers.ebp: 1631044 registers.edx: 102404096 registers.ebx: 102404096 registers.esi: 2005865610 registers.ecx: 102406624	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 72 04 94 7e 8a 03 00 38 f5 5f 38 d0 5b 60 50 b8 exception.instruction: jb 0x61c5d8a exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x61c5d84 registers.esp: 1631028 registers.edi: 1631024 registers.eax: 3237224 registers.ebp: 1631044 registers.edx: 102404096 registers.ebx: 256 registers.esi: 2005865610 registers.ecx: 102406624	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 00 9e ad cc 13 f7 d0 4f 87 e2 fa 00 58 53 bb exception.instruction: mov dword ptr [eax], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x61c5dac registers.esp: 1631000 registers.edi: 237440 registers.eax: 36137 registers.ebp: 1631044 registers.edx: 102404096 registers.ebx: 102404096 registers.esi: 2005865610 registers.ecx: 102406624	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 13 9d 05 9a 5d 8b 20 ed 12 78 80 a7 00 5b 68 exception.instruction: mov dword ptr [ebx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x61c5dd2 registers.esp: 1631000 registers.edi: 237440 registers.eax: 3237224 registers.ebp: 1631044 registers.edx: 102404096 registers.ebx: 48522 registers.esi: 2005865610 registers.ecx: 102406624	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 1a 85 73 7c 73 8c da a4 a3 f8 6c 36 ed bd 32 exception.instruction: mov dword ptr [edx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x61c5dfe registers.esp: 1630996 registers.edi: 237440 registers.eax: 3237224 registers.ebp: 1631044 registers.edx: 27909 registers.ebx: 102404096 registers.esi: 2005865610 registers.ecx: 102406624	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 9b f7 a1 f0 d6 d0 a6 cc 9b 35 00 7d e5 0c 73 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x61c5e1c registers.esp: 1631000 registers.edi: 237440 registers.eax: 3237224 registers.ebp: 1631044 registers.edx: 102404096 registers.ebx: 102404096 registers.esi: 2005865610 registers.ecx: 102406624	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 9b 35 00 7d e5 0c 73 81 34 24 7e ef 38 e0 53 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x61c5e24 registers.esp: 1631000 registers.edi: 237440 registers.eax: 3237224 registers.ebp: 1631044 registers.edx: 102404096 registers.ebx: 102404096 registers.esi: 2005865610 registers.ecx: 102406624	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 72 0e 85 74 f7 a3 37 38 60 84 11 08 9b 74 92 77 exception.instruction: jb 0x61c5e6b exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x61c5e5b registers.esp: 1630992 registers.edi: 1630988 registers.eax: 3237224 registers.ebp: 1631044 registers.edx: 102404096 registers.ebx: 256 registers.esi: 2005865610 registers.ecx: 102406624	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 7e 08 98 83 7d 97 0d 49 83 e0 00 84 f5 5a f6 c1 exception.instruction: jle 0x61c5eaf exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x61c5ea5 registers.esp: 1630992 registers.edi: 237440 registers.eax: 3237224 registers.ebp: 1631044 registers.edx: 1630988 registers.ebx: 102404096 registers.esi: 256 registers.ecx: 102406624	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 7a 0b 9c 55 d7 07 48 17 12 05 6e 8b dc cf 00 38 exception.instruction: jp 0x61c5eec exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x61c5edf registers.esp: 1630992 registers.edi: 256 registers.eax: 3237224 registers.ebp: 1631044 registers.edx: 102404096 registers.ebx: 102404096 registers.esi: 1630988 registers.ecx: 102406624	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 87 ba 67 7b 75 65 58 0e 06 f5 20 b4 f5 1c b0 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x61c5f07 registers.esp: 1630996 registers.edi: 237440 registers.eax: 3237224 registers.ebp: 1631044 registers.edx: 102404096 registers.ebx: 102404096 registers.esi: 2005865610 registers.ecx: 102406624	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 82 1d ff 88 6c 64 19 19 55 71 c1 08 00 3d d1 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x61c5f22 registers.esp: 1630996 registers.edi: 237440 registers.eax: 3237224 registers.ebp: 1631044 registers.edx: 102404096 registers.ebx: 102404096 registers.esi: 2005865610 registers.ecx: 102406624	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 36 9c a3 a7 b8 9a 74 82 b9 6c 60 1a 04 00 5e exception.instruction: mov dword ptr [esi], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x61c5f4b registers.esp: 1630992 registers.edi: 237440 registers.eax: 3237224 registers.ebp: 1631044 registers.edx: 102404096 registers.ebx: 102404096 registers.esi: 11117 registers.ecx: 102406624	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 19 9e ef 62 dd 2a ed ab bf cb 8d 00 59 51 b9 exception.instruction: mov dword ptr [ecx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x61c5f78 registers.esp: 1630988 registers.edi: 237440 registers.eax: 3237224 registers.ebp: 1631044 registers.edx: 102404096 registers.ebx: 102404096 registers.esi: 2005865610 registers.ecx: 37004	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 01 9f 2e 4c c9 8c 6f d2 d8 15 00 59 81 34 24 exception.instruction: mov dword ptr [ecx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x61c5fa4 registers.esp: 1630988 registers.edi: 237440 registers.eax: 3237224 registers.ebp: 1631044 registers.edx: 102404096 registers.ebx: 102404096 registers.esi: 2005865610 registers.ecx: 3206	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 07 95 d5 40 00 5f 81 34 24 4e 37 a6 60 81 04 exception.instruction: mov dword ptr [edi], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x61c5fd6 registers.esp: 1630988 registers.edi: 57605 registers.eax: 3237224 registers.ebp: 1631044 registers.edx: 102404096 registers.ebx: 102404096 registers.esi: 2005865610 registers.ecx: 102406624	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 16 9b b5 dc 7b d4 00 5e 53 bb 24 42 54 45 81 exception.instruction: mov dword ptr [esi], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x61c5ffd registers.esp: 1630988 registers.edi: 237440 registers.eax: 3237224 registers.ebp: 1631044 registers.edx: 102404096 registers.ebx: 102404096 registers.esi: 28804 registers.ecx: 102406624	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 7e 03 98 3c 45 b1 46 32 2d 1d 00 66 85 cb 59 39 exception.instruction: jle 0x61c6026 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x61c6021 registers.esp: 1630984 registers.edi: 237440 registers.eax: 3237224 registers.ebp: 1631044 registers.edx: 102404096 registers.ebx: 256 registers.esi: 2005865610 registers.ecx: 1630980	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 9b 97 c7 da 4c c4 e0 57 bf 00 cb 39 f2 81 f7 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x61c6035 registers.esp: 1630992 registers.edi: 237440 registers.eax: 3237224 registers.ebp: 1631044 registers.edx: 102404096 registers.ebx: 102404096 registers.esi: 2005865610 registers.ecx: 1630992	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 0f 98 9e 8d d8 c1 14 a2 4d 00 5f ba 18 58 f2 exception.instruction: mov dword ptr [edi], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x61c604f registers.esp: 1630988 registers.edi: 21721 registers.eax: 3237224 registers.ebp: 1631044 registers.edx: 102404096 registers.ebx: 102404096 registers.esi: 2005865610 registers.ecx: 1630992	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 73 0b 9c c9 20 9a b6 19 45 1f d9 3b 9d 2f 00 84 exception.instruction: jae 0x61c6094 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x61c6087 registers.esp: 1630984 registers.edi: 237440 registers.eax: 1630980 registers.ebp: 1631044 registers.edx: 1777489944 registers.ebx: 102404096 registers.esi: 256 registers.ecx: 1630992	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 87 60 9a 10 4d db 0b 64 83 f2 e7 ef d6 1e be exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x61c60a5 registers.esp: 1630992 registers.edi: 237440 registers.eax: 2005662384 registers.ebp: 1631044 registers.edx: 2005623258 registers.ebx: 657044731 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 19 85 67 e8 ae 31 bb 10 92 68 46 44 42 56 f7 exception.instruction: mov dword ptr [ecx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x61c60d1 registers.esp: 1630988 registers.edi: 237440 registers.eax: 2005662384 registers.ebp: 1631044 registers.edx: 2005623258 registers.ebx: 657044731 registers.esi: 2005865610 registers.ecx: 22376	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 1a 81 34 f7 ed bf a3 54 81 d8 03 f3 6a fa 93 exception.instruction: mov dword ptr [edx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x61c6100 registers.esp: 1630988 registers.edi: 237440 registers.eax: 2005662384 registers.ebp: 1631044 registers.edx: 57649 registers.ebx: 657044731 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 12 9e 81 a3 07 16 d8 f1 e7 c5 de 00 5a cc 97 exception.instruction: mov dword ptr [edx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x61c6130 registers.esp: 1630988 registers.edi: 237440 registers.eax: 2005662384 registers.ebp: 1631044 registers.edx: 28111 registers.ebx: 657044731 registers.esi: 301378706 registers.ecx: 182	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 97 02 67 81 f6 50 27 cd a5 53 bb 7a c7 64 89 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x61c613e registers.esp: 1630992 registers.edi: 237440 registers.eax: 2005662384 registers.ebp: 1631044 registers.edx: 2005623258 registers.ebx: 657044731 registers.esi: 301378706 registers.ecx: 182	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 7d 0c 87 42 c0 8d 18 3d bc 90 b5 1b 22 dc 32 b7 exception.instruction: jge 0x61c617e exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x61c6170 registers.esp: 1630984 registers.edi: 237440 registers.eax: 2005662384 registers.ebp: 1631044 registers.edx: 2005623258 registers.ebx: 256 registers.esi: 1630980 registers.ecx: 182	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 33 9d b0 d7 59 a4 c2 53 30 ad b1 c7 00 5b 01 exception.instruction: mov dword ptr [ebx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x61c61c0 registers.esp: 1630988 registers.edi: 237440 registers.eax: 2005662384 registers.ebp: 1631044 registers.edx: 2005623258 registers.ebx: 58074 registers.esi: 12 registers.ecx: 182	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 07 98 c0 aa b0 04 43 b6 e1 00 5f 89 8d 34 02 exception.instruction: mov dword ptr [edi], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x61c61e9 registers.esp: 1631000 registers.edi: 13028 registers.eax: 2005662384 registers.ebp: 1631044 registers.edx: 2005623258 registers.ebx: 657044731 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 3a 84 6b 21 be 9d 44 ee 41 cb 2c 1d 4e 0a 3c exception.instruction: mov dword ptr [edx], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x61c627f registers.esp: 1631000 registers.edi: 237440 registers.eax: 2005662384 registers.ebp: 1631044 registers.edx: 42185 registers.ebx: 657044731 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 80 d9 18 d0 63 27 be b9 a0 42 c7 84 fe 39 ae exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x61c629c registers.esp: 1631004 registers.edi: 237440 registers.eax: 2005662384 registers.ebp: 1631044 registers.edx: 2005623258 registers.ebx: 657044731 registers.esi: 2005865610 registers.ecx: 2264161131	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 07 83 3b 4b 40 13 39 f4 cc 78 1a 22 b1 d1 00 exception.instruction: mov dword ptr [edi], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x61c62d3 registers.esp: 1631000 registers.edi: 22180 registers.eax: 2005662384 registers.ebp: 1631044 registers.edx: 2005623258 registers.ebx: 657044731 registers.esi: 2005865610 registers.ecx: 3406671369	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 75 03 9e d6 0f fd 25 92 ad 3c 24 c4 00 38 fd 59 exception.instruction: jne 0x61c630a exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x61c6305 registers.esp: 1630996 registers.edi: 256 registers.eax: 2005662384 registers.ebp: 1631044 registers.edx: 2005623258 registers.ebx: 657044731 registers.esi: 2005865610 registers.ecx: 1630992	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 0b 9e 4d f3 f7 88 85 10 60 3c b7 00 5b 8b 8d exception.instruction: mov dword ptr [ebx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x61c6337 registers.esp: 1630996 registers.edi: 237440 registers.eax: 2005662384 registers.ebp: 1631044 registers.edx: 2005623258 registers.ebx: 23927 registers.esi: 2005865610 registers.ecx: 4	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 32 82 ec 07 ae 6e 86 b9 8e b6 aa e2 26 d4 d5 exception.instruction: mov dword ptr [edx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x61c6369 registers.esp: 1630996 registers.edi: 237440 registers.eax: 2005662384 registers.ebp: 1631044 registers.edx: 24601 registers.ebx: 657044731 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 9a 38 06 c2 01 df 0e c8 cc 9a eb 67 4e 68 d9 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x61c637b registers.esp: 1631000 registers.edi: 237440 registers.eax: 2005662384 registers.ebp: 1631044 registers.edx: 2005623258 registers.ebx: 657044731 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 9a eb 67 4e 68 d9 5c dd 68 4d 7b f9 9e 57 bf exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x61c6384 registers.esp: 1631000 registers.edi: 237440 registers.eax: 2005662384 registers.ebp: 1631044 registers.edx: 2005623258 registers.ebx: 657044731 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 75 03 94 43 e6 8a 00 66 85 cb 5e 66 85 c8 5f 81 exception.instruction: jne 0x61c63be exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x61c63b9 registers.esp: 1630988 registers.edi: 256 registers.eax: 2005662384 registers.ebp: 1631044 registers.edx: 2005623258 registers.ebx: 657044731 registers.esi: 1630984 registers.ecx: 182	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 7e 07 9f 41 18 3b 16 a5 9d 17 ae 00 84 cb 5e 84 exception.instruction: jle 0x61c63f8 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x61c63ef registers.esp: 1630988 registers.edi: 237440 registers.eax: 256 registers.ebp: 1631044 registers.edx: 2005623258 registers.ebx: 657044731 registers.esi: 1630984 registers.ecx: 182	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 31 94 c1 9c 02 00 59 51 b9 eb 4e ca f9 81 f1 exception.instruction: mov dword ptr [ecx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x61c6426 registers.esp: 1630992 registers.edi: 237440 registers.eax: 2005662384 registers.ebp: 1631044 registers.edx: 2005623258 registers.ebx: 657044731 registers.esi: 2005865610 registers.ecx: 41117	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 19 84 e2 a6 f5 6a 76 3d 8e 9f fb b9 71 15 e7 exception.instruction: mov dword ptr [ecx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x61c6446 registers.esp: 1630992 registers.edi: 237440 registers.eax: 2005662384 registers.ebp: 1631044 registers.edx: 2005623258 registers.ebx: 657044731 registers.esi: 2005865610 registers.ecx: 41104	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 38 99 99 ea a1 e6 37 e9 00 58 c7 85 60 02 00 exception.instruction: mov dword ptr [eax], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x61c6470 registers.esp: 1630992 registers.edi: 237440 registers.eax: 41900 registers.ebp: 1631044 registers.edx: 2005623258 registers.ebx: 1631044 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 38 9e 82 09 2c df 5d c1 dd a6 cc 00 58 81 b5 exception.instruction: mov dword ptr [eax], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x61c649a registers.esp: 1630992 registers.edi: 237440 registers.eax: 11321 registers.ebp: 1631044 registers.edx: 2005623258 registers.ebx: 1631044 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 87 25 70 b8 08 f9 29 c3 7c 32 70 62 2e 98 63 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x61c64bc registers.esp: 1630996 registers.edi: 237440 registers.eax: 2005662384 registers.ebp: 1631044 registers.edx: 2005623258 registers.ebx: 1631044 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 3, 2023, 5:53 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 01 9a 55 2f 85 7e a6 00 59 53 bb c1 8c 95 b9 exception.instruction: mov dword ptr [ecx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x61c64f8 registers.esp: 1630992 registers.edi: 237440 registers.eax: 2005662384 registers.ebp: 1631044 registers.edx: 2005623258 registers.ebx: 1631044 registers.esi: 2005865610 registers.ecx: 47291	1

Allocates read-write-execute memory (usually to unpack itself) (2 events)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory July 3, 2023, 5:53 p.m.	process_identifier: 2040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10004000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory July 3, 2023, 5:53 p.m.	process_identifier: 2040 region_size: 62005248 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03120000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1	0	0

Creates executable files on the filesystem (1 event)

file	C:\Users\test22\AppData\Local\Temp\nsmC233.tmp\System.dll

Creates hidden or system file (6 events)

Time & API	Arguments	Status	Return	Repeated
SetFileAttributesW July 3, 2023, 5:53 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Windows\resources\0409\denitrified\alleging\Lightheadedly.sko filepath: C:\Windows\resources\0409\denitrified\alleging\Lightheadedly.sko		0	0
SetFileAttributesW July 3, 2023, 5:53 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Windows\resources\0409\denitrified\alleging\Lightheadedly.sko filepath: C:\Windows\resources\0409\denitrified\alleging\Lightheadedly.sko		0	0
SetFileAttributesW July 3, 2023, 5:53 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Windows\resources\0409\denitrified\alleging\Lightheadedly.sko filepath: C:\Windows\resources\0409\denitrified\alleging\Lightheadedly.sko		0	0
SetFileAttributesW July 3, 2023, 5:53 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Windows\resources\0409\denitrified\alleging\Lightheadedly.sko filepath: C:\Windows\resources\0409\denitrified\alleging\Lightheadedly.sko		0	0
SetFileAttributesW July 3, 2023, 5:53 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Windows\resources\0409\denitrified\alleging\Lightheadedly.sko filepath: C:\Windows\resources\0409\denitrified\alleging\Lightheadedly.sko		0	0
SetFileAttributesW July 3, 2023, 5:53 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Windows\resources\0409\denitrified\alleging\Lightheadedly.sko filepath: C:\Windows\resources\0409\denitrified\alleging\Lightheadedly.sko		0	0

Creates a shortcut to an executable file (3 events)

file	C:\ProgramData\Microsoft\Windows\Templates\patronymers\heftiness.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Templates\patronymers\heftiness.lnk
file	C:\Windows\Fonts\arklngdernes\Lowly\brunch\Brugerskrms.lnk

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\nsmC233.tmp\System.dll

File has been identified by 5 AntiVirus engines on VirusTotal as malicious (5 events)

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
Kaspersky	UDS:DangerousObject.Multi.Generic
ZoneAlarm	UDS:DangerousObject.Multi.Generic
CrowdStrike	win/malicious_confidence_100% (W)

Queries for potentially installed applications (50 out of 547 events)

Time & API	Arguments	Return
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Allistir84\ideologiserende\kavaleris\sikkerhedsforvaringernes	2
RegOpenKeyExA July 3, 2023, 5:53 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\theophrastaceous	2

Communicates with host for which no DNS query was performed (1 event)

host

156.236.72.121

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ July 3, 2023, 5:54 p.m.	tid: 2028 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 event)

dead_host

192.168.56.103:49889

csrss00.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All