Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	July 18, 2023, 6:21 p.m.	July 18, 2023, 6:28 p.m.

Size	402.6KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`caafec374594c5b93a986bc31df97f17`
SHA256	`99db3b5192d77a3db297df19db4e486c3af98416b0c023720fa2f3e88d6086cf`
CRC32	`AF20F936`
ssdeep	`6144:NPXoDQpcUz+TfBDma1bXGBZnvjFh64S07Qfy6JdRpNWMv7PW62swd:NWDfhWBJjF6aezNWgPJ8`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

wikimap.exe "C:\Users\test22\AppData\Local\Temp\wikimap.exe"
2004

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 18, 2023, 6:21 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 76 04 9a 01 8f de 00 81 7d 70 75 54 00 00 0f 8d exception.instruction: jbe 0x4b43e49 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4b43e43 registers.esp: 60683980 registers.edi: 60683976 registers.eax: 5659288 registers.ebp: 60683988 registers.edx: 78917632 registers.ebx: 256 registers.esi: 2005865610 registers.ecx: 78921097	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 7a 05 8b 6d 2f a6 29 08 60 0f f2 11 02 89 b7 86 exception.instruction: jp 0x4b43e80 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4b43e79 registers.esp: 60683980 registers.edi: 248400 registers.eax: 5659288 registers.ebp: 60683988 registers.edx: 60683976 registers.ebx: 78917632 registers.esi: 2005865610 registers.ecx: 256	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 06 96 93 1c e3 28 6e 69 2e 00 5e 35 63 c3 b1 exception.instruction: mov dword ptr [esi], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4b43ebd registers.esp: 60683984 registers.edi: 248400 registers.eax: 3918476352 registers.ebp: 60683988 registers.edx: 78917632 registers.ebx: 78917632 registers.esi: 64054 registers.ecx: 78921097	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 7e 03 94 b9 a4 8f f5 8b 00 80 fd 4f 59 85 d9 5f exception.instruction: jle 0x4b43ef9 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4b43ef4 registers.esp: 60683980 registers.edi: 256 registers.eax: 20480 registers.ebp: 60683988 registers.edx: 78917632 registers.ebx: 78917632 registers.esi: 2005865610 registers.ecx: 60683976	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 79 0a 8d bc 1a bf ee 07 0a 13 c6 7c 49 ed dd 00 exception.instruction: jns 0x4b43f29 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4b43f1d registers.esp: 60683980 registers.edi: 60683976 registers.eax: 256 registers.ebp: 60683988 registers.edx: 78917632 registers.ebx: 78917632 registers.esi: 2005865610 registers.ecx: 78921097	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 12 8e 27 6b 6f 37 17 c4 42 ef 40 cc 82 f0 d4 exception.instruction: mov dword ptr [edx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4b43fa8 registers.esp: 60683980 registers.edi: 248400 registers.eax: 20480 registers.ebp: 60683988 registers.edx: 8473 registers.ebx: 78917632 registers.esi: 2005865610 registers.ecx: 78921097	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 71 07 90 02 74 5d 3c e3 d5 9e be 49 00 84 d3 5b exception.instruction: jno 0x4b60cf6 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4b60ced registers.esp: 60683972 registers.edi: 248400 registers.eax: 256 registers.ebp: 60683988 registers.edx: 78917632 registers.ebx: 60683968 registers.esi: 2005865610 registers.ecx: 78921097	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 91 7e 68 b5 14 f3 ab 37 d7 88 5b ff 74 24 04 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b60d03 registers.esp: 60683980 registers.edi: 248400 registers.eax: 5659288 registers.ebp: 60683988 registers.edx: 78917632 registers.ebx: 78917632 registers.esi: 2005865610 registers.ecx: 78921097	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 76 02 9b fb cc 00 38 ec 5b 66 81 ff ef 01 5e 60 exception.instruction: jbe 0x4b60d44 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4b60d40 registers.esp: 60683972 registers.edi: 248400 registers.eax: 5659288 registers.ebp: 60683988 registers.edx: 78917632 registers.ebx: 60683968 registers.esi: 256 registers.ecx: 78921097	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 93 82 95 72 d8 82 37 de a4 4e 6c 11 56 57 bf exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b60d50 registers.esp: 60683948 registers.edi: 248400 registers.eax: 5659288 registers.ebp: 60683988 registers.edx: 78917632 registers.ebx: 78917632 registers.esi: 2005865610 registers.ecx: 78921097	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 07 92 72 1a 5a f5 f4 8d 34 c7 09 c8 85 00 5f exception.instruction: mov dword ptr [edi], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4b60d70 registers.esp: 60683944 registers.edi: 19768 registers.eax: 5659288 registers.ebp: 60683988 registers.edx: 78917632 registers.ebx: 78917632 registers.esi: 2005865610 registers.ecx: 78921097	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 3b 88 73 a3 19 a7 25 66 f5 5c d5 de 70 ed 94 exception.instruction: mov dword ptr [ebx], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4b60d9e registers.esp: 60683944 registers.edi: 248400 registers.eax: 5659288 registers.ebp: 60683988 registers.edx: 78917632 registers.ebx: 4927 registers.esi: 2005865610 registers.ecx: 78921097	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 37 8f 26 45 df a7 cd 5d ee df f8 49 90 0b 83 exception.instruction: mov dword ptr [edi], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4b60dd9 registers.esp: 60683940 registers.edi: 59669 registers.eax: 5659288 registers.ebp: 60683988 registers.edx: 78917632 registers.ebx: 78917632 registers.esi: 2005865610 registers.ecx: 78921097	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 08 9a f5 14 d6 00 58 cc 9b 01 d6 27 02 68 02 exception.instruction: mov dword ptr [eax], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4b60e08 registers.esp: 60683940 registers.edi: 248400 registers.eax: 53827 registers.ebp: 60683988 registers.edx: 78917632 registers.ebx: 78917632 registers.esi: 2005865610 registers.ecx: 78921097	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 9b 01 d6 27 02 68 02 85 4f da cc 94 e4 6a c7 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b60e10 registers.esp: 60683944 registers.edi: 248400 registers.eax: 5659288 registers.ebp: 60683988 registers.edx: 78917632 registers.ebx: 78917632 registers.esi: 2005865610 registers.ecx: 78921097	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 94 e4 6a c7 4f 7b b5 de cc 95 8c 64 ed 06 11 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b60e1b registers.esp: 60683940 registers.edi: 248400 registers.eax: 5659288 registers.ebp: 60683988 registers.edx: 78917632 registers.ebx: 78917632 registers.esi: 2005865610 registers.ecx: 78921097	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 95 8c 64 ed 06 11 02 81 2c 24 f4 00 b5 ff 81 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b60e24 registers.esp: 60683940 registers.edi: 248400 registers.eax: 5659288 registers.ebp: 60683988 registers.edx: 78917632 registers.ebx: 78917632 registers.esi: 2005865610 registers.ecx: 78921097	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 1e 8b a5 9a 14 77 39 f9 45 1b 48 67 c5 e7 60 exception.instruction: mov dword ptr [esi], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4b60ed5 registers.esp: 60683936 registers.edi: 248400 registers.eax: 5659288 registers.ebp: 60683988 registers.edx: 78917632 registers.ebx: 78917632 registers.esi: 9377 registers.ecx: 78921097	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 9a 98 6e f5 22 5e 52 ba 5f 99 e2 74 81 f2 7f exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b60eec registers.esp: 60683940 registers.edi: 248400 registers.eax: 5659288 registers.ebp: 60683988 registers.edx: 78917632 registers.ebx: 78917632 registers.esi: 2005865610 registers.ecx: 78921097	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 79 03 9a 66 3a f9 00 39 c1 5b 50 b8 d6 61 c2 3f exception.instruction: jns 0x4b60f14 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4b60f0f registers.esp: 60683932 registers.edi: 248400 registers.eax: 5659288 registers.ebp: 60683988 registers.edx: 256 registers.ebx: 60683928 registers.esi: 2005865610 registers.ecx: 78921097	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 8d 2a bc 71 53 bc a4 11 40 ea 93 da 17 7d 5f exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b60f31 registers.esp: 60683936 registers.edi: 248400 registers.eax: 5659288 registers.ebp: 60683988 registers.edx: 78917632 registers.ebx: 78917632 registers.esi: 2005865610 registers.ecx: 78921097	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 90 2f 97 45 0b 13 d9 e8 03 b1 b1 e7 81 04 24 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b60f4f registers.esp: 60683936 registers.edi: 248400 registers.eax: 5659288 registers.ebp: 60683988 registers.edx: 78917632 registers.ebx: 78917632 registers.esi: 2005865610 registers.ecx: 78921097	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 19 8e 62 e1 82 79 21 e7 73 29 91 db 5f d9 81 exception.instruction: mov dword ptr [ecx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4b60f81 registers.esp: 60683932 registers.edi: 248400 registers.eax: 5659288 registers.ebp: 60683988 registers.edx: 78917632 registers.ebx: 78917632 registers.esi: 2005865610 registers.ecx: 13698	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 73 07 93 3b e1 f9 8d 4f 9f c3 d0 a5 78 00 39 cb exception.instruction: jae 0x4b60fc1 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4b60fb8 registers.esp: 60683928 registers.edi: 248400 registers.eax: 256 registers.ebp: 60683988 registers.edx: 78917632 registers.ebx: 78917632 registers.esi: 2005865610 registers.ecx: 60683924	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 12 8d 5a 80 b3 62 84 73 23 cb 6e d9 a6 a7 00 exception.instruction: mov dword ptr [edx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4b60fea registers.esp: 60683932 registers.edi: 248400 registers.eax: 2005662384 registers.ebp: 60683988 registers.edx: 10364 registers.ebx: 3916555063 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 94 48 1b 71 51 b9 a0 ee 89 95 08 02 00 00 53 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b60ffb registers.esp: 60683936 registers.edi: 248400 registers.eax: 2005662384 registers.ebp: 60683988 registers.edx: 2005623258 registers.ebx: 3916555063 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 71 03 91 e6 11 59 89 d0 77 2f 93 00 38 d8 5a 80 exception.instruction: jno 0x4b61036 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4b61031 registers.esp: 60683928 registers.edi: 248400 registers.eax: 2005662384 registers.ebp: 60683988 registers.edx: 60683924 registers.ebx: 256 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 33 95 47 cd c8 bd 00 5b 56 be 1e e7 ee ba 81 exception.instruction: mov dword ptr [ebx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4b61061 registers.esp: 60683932 registers.edi: 248400 registers.eax: 2005662384 registers.ebp: 60683988 registers.edx: 3974197903 registers.ebx: 34804 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 72 0c 8d cf a8 c3 ce 71 9c 9b b9 15 ae 7b af 00 exception.instruction: jb 0x4b61093 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4b61085 registers.esp: 60683928 registers.edi: 248400 registers.eax: 2005662384 registers.ebp: 60683988 registers.edx: 3974197903 registers.ebx: 60683924 registers.esi: 256 registers.ecx: 182	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 99 2d 26 81 f2 d2 1a e3 d8 81 ea e1 3a bb ca exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b610a4 registers.esp: 60683936 registers.edi: 248400 registers.eax: 2005662384 registers.ebp: 60683988 registers.edx: 307765311 registers.ebx: 3916555063 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 9b 27 cf fd e7 01 d4 8b 95 08 02 00 00 cc 97 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b610b4 registers.esp: 60683936 registers.edi: 248400 registers.eax: 2005662384 registers.ebp: 60683988 registers.edx: 12 registers.ebx: 3916555063 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 97 24 22 c7 f5 03 48 d7 aa 52 ba ad 8c 02 bd exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b610c2 registers.esp: 60683948 registers.edi: 248400 registers.eax: 2005662384 registers.ebp: 60683988 registers.edx: 2005623258 registers.ebx: 3916555063 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 7d 07 90 0a d8 c6 54 72 b0 3d 24 41 00 84 e6 59 exception.instruction: jge 0x4b610fd exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4b610f4 registers.esp: 60683940 registers.edi: 248400 registers.eax: 2005662384 registers.ebp: 60683988 registers.edx: 256 registers.ebx: 3916555063 registers.esi: 2005865610 registers.ecx: 60683936	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 13 91 c0 8a 29 02 d7 1c d9 98 00 5b 89 85 14 exception.instruction: mov dword ptr [ebx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4b6111f registers.esp: 60683944 registers.edi: 248400 registers.eax: 2005662384 registers.ebp: 60683988 registers.edx: 2005623258 registers.ebx: 16758 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 78 0a 8c 5e 66 de e6 10 ad f8 39 1e 0b d6 e7 08 exception.instruction: js 0x4b61161 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4b61155 registers.esp: 60683940 registers.edi: 248400 registers.eax: 256 registers.ebp: 60683988 registers.edx: 2005623258 registers.ebx: 60683936 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 8d b4 3b 44 18 46 ce 03 71 55 43 1d e9 47 5e exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b61173 registers.esp: 60683948 registers.edi: 248400 registers.eax: 3588819985 registers.ebp: 60683988 registers.edx: 2005623258 registers.ebx: 3916555063 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 0a 94 3a a6 b4 00 d2 00 5a 05 f3 f3 16 2a cc exception.instruction: mov dword ptr [edx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4b611a1 registers.esp: 60683944 registers.edi: 248400 registers.eax: 3588819985 registers.ebp: 60683988 registers.edx: 13391 registers.ebx: 3916555063 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 98 ea c1 c3 50 8b 85 14 02 00 00 cc 94 89 0e exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b611b0 registers.esp: 60683948 registers.edi: 248400 registers.eax: 4 registers.ebp: 60683988 registers.edx: 2005623258 registers.ebx: 3916555063 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 94 89 0e 93 e3 30 f2 c6 51 b9 d9 c5 3b 0f 81 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b611bc registers.esp: 60683944 registers.edi: 248400 registers.eax: 2005662384 registers.ebp: 60683988 registers.edx: 2005623258 registers.ebx: 3916555063 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 72 10 8e 00 78 ea 74 a4 05 31 bc a2 aa eb 5c b3 exception.instruction: jb 0x4b611f2 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4b611e0 registers.esp: 60683936 registers.edi: 248400 registers.eax: 2005662384 registers.ebp: 60683988 registers.edx: 2005623258 registers.ebx: 3916555063 registers.esi: 60683932 registers.ecx: 256	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 0b 90 cb 55 49 79 76 00 06 13 6f 00 5b cc 89 exception.instruction: mov dword ptr [ebx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4b61218 registers.esp: 60683940 registers.edi: 248400 registers.eax: 2005662384 registers.ebp: 60683988 registers.edx: 2005623258 registers.ebx: 24149 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 89 65 02 d8 e6 19 e8 bf a8 75 cb 70 97 b5 58 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b61226 registers.esp: 60683944 registers.edi: 248400 registers.eax: 2005662384 registers.ebp: 60683988 registers.edx: 2005623258 registers.ebx: 3916555063 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 75 0c 8d 6c c2 14 72 4c 92 5c c6 27 00 38 dc 00 exception.instruction: jne 0x4b61274 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4b61266 registers.esp: 60683936 registers.edi: 248400 registers.eax: 2005662384 registers.ebp: 60683988 registers.edx: 2005623258 registers.ebx: 256 registers.esi: 60683932 registers.ecx: 986851748	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 79 04 9a ab e7 0e 00 85 db 5f 84 f7 58 81 f1 8e exception.instruction: jns 0x4b612b7 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4b612b1 registers.esp: 60683936 registers.edi: 60683932 registers.eax: 256 registers.ebp: 60683988 registers.edx: 2005623258 registers.ebx: 3916555063 registers.esi: 2005865610 registers.ecx: 633212420	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 33 8b 4a 13 e6 46 02 e4 74 94 cf a8 66 6b 02 exception.instruction: mov dword ptr [ebx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4b612e2 registers.esp: 60683940 registers.edi: 248400 registers.eax: 2005662384 registers.ebp: 60683988 registers.edx: 2005623258 registers.ebx: 753 registers.esi: 2005865610 registers.ecx: 111570058	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 72 05 96 f8 3c 44 77 b4 a1 5a 00 66 85 d0 59 f6 exception.instruction: jb 0x4b6131b exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4b61314 registers.esp: 60683936 registers.edi: 248400 registers.eax: 2005662384 registers.ebp: 60683988 registers.edx: 2005623258 registers.ebx: 3916555063 registers.esi: 256 registers.ecx: 60683932	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 8f 18 54 92 5e af 10 e3 8d 9e 0a a3 8e ba b9 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b6132d registers.esp: 60683944 registers.edi: 248400 registers.eax: 2005662384 registers.ebp: 60683988 registers.edx: 2005623258 registers.ebx: 3916555063 registers.esi: 2005865610 registers.ecx: 12288	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 8c 59 87 4d ab 32 49 36 7a 87 8e 77 94 c3 09 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b61340 registers.esp: 60683940 registers.edi: 248400 registers.eax: 2005662384 registers.ebp: 60683988 registers.edx: 2005623258 registers.ebx: 3916555063 registers.esi: 2005865610 registers.ecx: 12288	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 01 92 94 70 c7 48 16 7b c8 e1 e9 35 a9 00 59 exception.instruction: mov dword ptr [ecx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4b61369 registers.esp: 60683936 registers.edi: 248400 registers.eax: 2005662384 registers.ebp: 60683988 registers.edx: 2005623258 registers.ebx: 3916555063 registers.esi: 2005865610 registers.ecx: 47162	1
__exception__ July 18, 2023, 6:21 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 1e 92 be 05 04 1b 9b ad cb 3c e3 6d 79 00 5e exception.instruction: mov dword ptr [esi], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4b61391 registers.esp: 60683936 registers.edi: 248400 registers.eax: 2005662384 registers.ebp: 60683988 registers.edx: 2005623258 registers.ebx: 3916555063 registers.esi: 35891 registers.ecx: 182	1

Allocates read-write-execute memory (usually to unpack itself) (2 events)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory July 18, 2023, 6:21 p.m.	process_identifier: 2004 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x741c4000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory July 18, 2023, 6:21 p.m.	process_identifier: 2004 region_size: 51367936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03a30000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1	0	0

Creates executable files on the filesystem (1 event)

file	C:\Users\test22\AppData\Local\Temp\nseC178.tmp\System.dll

Creates hidden or system file (6 events)

Time & API	Arguments	Status	Return	Repeated
SetFileAttributesW July 18, 2023, 6:21 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\Documents\fermorite.brd filepath: C:\Users\test22\Documents\fermorite.brd		0	0
SetFileAttributesW July 18, 2023, 6:21 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\Documents\fermorite.brd filepath: C:\Users\test22\Documents\fermorite.brd		0	0
SetFileAttributesW July 18, 2023, 6:21 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\Documents\fermorite.brd filepath: C:\Users\test22\Documents\fermorite.brd		0	0
SetFileAttributesW July 18, 2023, 6:21 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\Documents\fermorite.brd filepath: C:\Users\test22\Documents\fermorite.brd		0	0
SetFileAttributesW July 18, 2023, 6:21 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\Documents\fermorite.brd filepath: C:\Users\test22\Documents\fermorite.brd		0	0
SetFileAttributesW July 18, 2023, 6:21 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\Documents\fermorite.brd filepath: C:\Users\test22\Documents\fermorite.brd		0	0

Creates a shortcut to an executable file (2 events)

file	C:\Users\test22\AppData\Roaming\Bisole\trbriketter\retarded.lnk
file	C:\Users\test22\AppData\Roaming\klimatologens\saunt\kontonummer.lnk

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\nseC178.tmp\System.dll

Queries for potentially installed applications (50 out of 271 events)

Time & API	Arguments	Return
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2
RegOpenKeyExA July 18, 2023, 6:21 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\unermined\timarau\instruktoren\exclusionism	2

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ July 18, 2023, 6:22 p.m.	tid: 2088 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

File has been identified by 27 AntiVirus engines on VirusTotal as malicious (27 events)

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Nemesis.25445
FireEye	Gen:Variant.Nemesis.25445
Cylance	unsafe
Sangfor	Downloader.Win32.Agent.Vjbq
Arcabit	Trojan.Nemesis.D6365
Cyren	W32/ABRisk.JGWW-4933
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Kaspersky	HEUR:Trojan-Downloader.Win32.Minix.gen
BitDefender	Gen:Variant.Nemesis.25445
Avast	FileRepMalware [Misc]
Emsisoft	Gen:Variant.Nemesis.25445 (B)
McAfee-GW-Edition	Artemis!Trojan
Sophos	Generic Reputation PUA (PUA)
Webroot	W32.Downloader.Gen
Microsoft	Program:Win32/Leonem
ZoneAlarm	HEUR:Trojan-Downloader.Win32.Minix.gen
GData	Gen:Variant.Nemesis.25445
Google	Detected
AhnLab-V3	Downloader/Win.GuLoader.C5456833
McAfee	Artemis!CAAFEC374594
MAX	malware (ai score=88)
AVG	FileRepMalware [Misc]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

wikimap.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All