Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 30, 2023, 5:33 p.m.	Oct. 30, 2023, 5:42 p.m.

Size	683.3KB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`b4c67afbce5715b8bc9c3b652564ee22`
SHA256	`9e3176f4b02bade546d7e7965ae7a7092977be4f822ad927e62e6603de83e2f9`
CRC32	`E9A18B8E`
ssdeep	`12288:4D6oYmy0vvcL0xzonhWwnW56viEUrvPiKaTicl80cwenIS93p3qVy4FML:ay0HcLIzMWFjvDPiKaTiclDcwi93MVyH`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check Generic_Malware_Zero - Generic Malware

203.exe "C:\Users\test22\AppData\Local\Temp\203.exe"
2576

Name	Response	Post-Analysis Lookup
guhomush.pw	A 104.21.2.185 A 172.67.129.141	172.67.129.141

IP Address	Status	Action
164.124.101.2	Active	Moloch
172.67.129.141	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.101:59002 -> 164.124.101.2:53	2016778	ET DNS Query to a *.pw domain - Likely Hostile	Potentially Bad Traffic
UDP 192.168.56.101:54148 -> 164.124.101.2:53	2016778	ET DNS Query to a *.pw domain - Likely Hostile	Potentially Bad Traffic
TCP 192.168.56.101:49162 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49164 -> 172.67.129.141:80	2048093	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Check-In	Malware Command and Control Activity Detected
TCP 192.168.56.101:49166 -> 172.67.129.141:80	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	Malware Command and Control Activity Detected
TCP 192.168.56.101:49164 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49166 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49165 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49175 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49202 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49162 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49179 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49167 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49169 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49172 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49184 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49170 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49174 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49177 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49189 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49171 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49178 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49185 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49176 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49191 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49183 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49168 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49186 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49187 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49194 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49188 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49180 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49195 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49198 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49182 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49197 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49199 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49190 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49193 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49201 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49192 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49196 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity
TCP 192.168.56.101:49200 -> 172.67.129.141:80	2016777	ET INFO HTTP Request to a *.pw domain	Misc activity

Suricata TLS

No Suricata TLS

Queries for the computername (2 events)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW Oct. 30, 2023, 5:33 p.m.	computer_name: TEST22-PC	1	1	0
GetComputerNameA Oct. 30, 2023, 5:34 p.m.	computer_name: TEST22-PC	1	1	0

Tries to locate where the browsers are installed (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Oct. 30, 2023, 5:33 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.rqvas

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 event)

suspicious_features

POST method with no referer header

suspicious_request

POST http://guhomush.pw/api

Performs some HTTP requests (1 event)

request

POST http://guhomush.pw/api

Sends data using the HTTP POST Method (1 event)

request

POST http://guhomush.pw/api

Resolves a suspicious Top Level Domain (TLD) (1 event)

domain

guhomush.pw

description

Palau domain TLD

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Oct. 30, 2023, 5:33 p.m.	process_identifier: 2576 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0041c000 process_handle: 0xffffffff	1	0	0

Steals private information from local Internet browsers (50 out of 77 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000004.log
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (38 events)

Time & API	Arguments	Status	Return
Process32FirstW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: [System Process] process_identifier: 0	1	1
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: System process_identifier: 4	1	1
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: smss.exe process_identifier: 224	1	1
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: csrss.exe process_identifier: 304	1	1
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: wininit.exe process_identifier: 352	1	1
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: csrss.exe process_identifier: 360	1	1
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: winlogon.exe process_identifier: 400	1	1
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: services.exe process_identifier: 444	1	1
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: lsass.exe process_identifier: 460	1	1
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: lsm.exe process_identifier: 468	1	1
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: svchost.exe process_identifier: 572	1	1
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: svchost.exe process_identifier: 652	1	1
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: svchost.exe process_identifier: 724	1	1
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: svchost.exe process_identifier: 784	1	1
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: svchost.exe process_identifier: 832	1	1
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: audiodg.exe process_identifier: 900	1	1
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: svchost.exe process_identifier: 992	1	1
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: svchost.exe process_identifier: 292	1	1
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: spoolsv.exe process_identifier: 324	1	1
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: svchost.exe process_identifier: 1048	1	1
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: srvany.exe process_identifier: 1284	1	1
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: KMService.exe process_identifier: 1436	1	1
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: conhost.exe process_identifier: 1448	1	1
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: taskhost.exe process_identifier: 1600	1	1
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: sppsvc.exe process_identifier: 1820	1	1
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: svchost.exe process_identifier: 1896	1	1
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: dwm.exe process_identifier: 1260	1	1
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: explorer.exe process_identifier: 1452	1	1
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: pw.exe process_identifier: 988	1	1
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: SearchIndexer.exe process_identifier: 1160	1	1
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: SearchProtocolHost.exe process_identifier: 936	1	1
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: SearchFilterHost.exe process_identifier: 2000	1	1
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: mobsync.exe process_identifier: 2272	1	1
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: pw.exe process_identifier: 2316	1	1
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: taskhost.exe process_identifier: 2416	1	1
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: 203.exe process_identifier: 2576	1	1
Process32NextW Oct. 30, 2023, 5:34 p.m.	snapshot_handle: 0x00000334 process_name: cmd.exe process_identifier: 2808	1	1
Process32NextW Oct. 30, 2023, 5:34 p.m.	snapshot_handle: 0x0000033c process_name: conhost.exe process_identifier: 2816	1	1

Repeatedly searches for a not-found process, you may want to run a web browser during analysis (50 out of 55 events)

Time & API	Arguments	Status	Return	Repeated
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002e0 process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002e0 process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x000002d8 process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x0000033c process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x00000334 process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x0000033c process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x00000334 process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x0000033c process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x00000334 process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x0000033c process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x00000334 process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x0000033c process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x00000334 process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x0000033c process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x00000334 process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x0000033c process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x00000334 process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x0000033c process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x00000334 process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x0000033c process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x00000334 process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x0000033c process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:33 p.m.	snapshot_handle: 0x00000334 process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:34 p.m.	snapshot_handle: 0x0000033c process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:34 p.m.	snapshot_handle: 0x00000334 process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:34 p.m.	snapshot_handle: 0x0000033c process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:34 p.m.	snapshot_handle: 0x00000334 process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:34 p.m.	snapshot_handle: 0x0000033c process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:34 p.m.	snapshot_handle: 0x00000334 process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:34 p.m.	snapshot_handle: 0x0000033c process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:34 p.m.	snapshot_handle: 0x00000334 process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:34 p.m.	snapshot_handle: 0x0000033c process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:34 p.m.	snapshot_handle: 0x00000334 process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:34 p.m.	snapshot_handle: 0x0000033c process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:34 p.m.	snapshot_handle: 0x00000334 process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:34 p.m.	snapshot_handle: 0x0000033c process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:34 p.m.	snapshot_handle: 0x00000334 process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:34 p.m.	snapshot_handle: 0x0000033c process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:34 p.m.	snapshot_handle: 0x00000334 process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:34 p.m.	snapshot_handle: 0x0000033c process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:34 p.m.	snapshot_handle: 0x00000334 process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:34 p.m.	snapshot_handle: 0x0000033c process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:34 p.m.	snapshot_handle: 0x00000334 process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:34 p.m.	snapshot_handle: 0x0000033c process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:34 p.m.	snapshot_handle: 0x00000334 process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:34 p.m.	snapshot_handle: 0x0000033c process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:34 p.m.	snapshot_handle: 0x00000334 process_name: 203.exe process_identifier: 2576		0	0
Process32NextW Oct. 30, 2023, 5:34 p.m.	snapshot_handle: 0x0000033c process_name: 203.exe process_identifier: 2576		0	0

Queries for potentially installed applications (39 events)

Time & API	Arguments	Status
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x00000870 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40 base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B} base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980} base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4} base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40} base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}	1
RegOpenKeyExW Oct. 30, 2023, 5:34 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d} base_handle: 0x80000002 key_handle: 0x00000874 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}	1

Attempts to access Bitcoin/ALTCoin wallets (2 events)

file	C:\Users\test22\AppData\Roaming\Bitcoin\wallets
file	C:\Users\test22\AppData\Roaming\Electrum\wallets

Collects information about installed applications (27 events)

Time & API	Arguments	Status
RegQueryValueExW Oct. 30, 2023, 5:34 p.m.	key_handle: 0x00000874 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: EditPlus regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName	1
RegQueryValueExW Oct. 30, 2023, 5:34 p.m.	key_handle: 0x00000874 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE\DisplayName	1
RegQueryValueExW Oct. 30, 2023, 5:34 p.m.	key_handle: 0x00000874 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Chrome regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName	1
RegQueryValueExW Oct. 30, 2023, 5:34 p.m.	key_handle: 0x00000874 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName	1
RegQueryValueExW Oct. 30, 2023, 5:34 p.m.	key_handle: 0x00000874 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: HttpWatch Professional 9.3.39 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName	1
RegQueryValueExW Oct. 30, 2023, 5:34 p.m.	key_handle: 0x00000874 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName	1
RegQueryValueExW Oct. 30, 2023, 5:34 p.m.	key_handle: 0x00000874 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Google Update Helper regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName	1
RegQueryValueExW Oct. 30, 2023, 5:34 p.m.	key_handle: 0x00000874 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Access MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 30, 2023, 5:34 p.m.	key_handle: 0x00000874 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Excel MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 30, 2023, 5:34 p.m.	key_handle: 0x00000874 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office PowerPoint MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 30, 2023, 5:34 p.m.	key_handle: 0x00000874 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Publisher MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 30, 2023, 5:34 p.m.	key_handle: 0x00000874 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Outlook MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 30, 2023, 5:34 p.m.	key_handle: 0x00000874 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Word MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 30, 2023, 5:34 p.m.	key_handle: 0x00000874 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 30, 2023, 5:34 p.m.	key_handle: 0x00000874 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 30, 2023, 5:34 p.m.	key_handle: 0x00000874 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office IME (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 30, 2023, 5:34 p.m.	key_handle: 0x00000874 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proofing (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 30, 2023, 5:34 p.m.	key_handle: 0x00000874 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 30, 2023, 5:34 p.m.	key_handle: 0x00000874 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office InfoPath MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 30, 2023, 5:34 p.m.	key_handle: 0x00000874 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 30, 2023, 5:34 p.m.	key_handle: 0x00000874 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 30, 2023, 5:34 p.m.	key_handle: 0x00000874 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office OneNote MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 30, 2023, 5:34 p.m.	key_handle: 0x00000874 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Groove MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 30, 2023, 5:34 p.m.	key_handle: 0x00000874 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Groove Setup Metadata MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 30, 2023, 5:34 p.m.	key_handle: 0x00000874 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Flash Player 13 ActiveX regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}\DisplayName	1
RegQueryValueExW Oct. 30, 2023, 5:34 p.m.	key_handle: 0x00000874 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Flash Player 13 NPAPI regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}\DisplayName	1
RegQueryValueExW Oct. 30, 2023, 5:34 p.m.	key_handle: 0x00000874 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\DisplayName	1

Appends a known CryptoMix ransomware file extension to files that have been encrypted (1 event)

file	C:\Users\test22\AppData\Roaming\Exodus\exodus.wallet

Detects Virtual Machines through their custom firmware (1 event)

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation Oct. 30, 2023, 5:34 p.m.	information_class: 76 (SystemFirmwareTableInformation)		3221225507	0

File has been identified by 30 AntiVirus engines on VirusTotal as malicious (30 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Stealerc.4!c
tehtris	Generic.Malware
FireEye	Generic.mg.b4c67afbce5715b8
Skyhigh	Artemis!Trojan
Sangfor	Trojan.Win32.Agent.Vk0g
CrowdStrike	win/malicious_confidence_100% (W)
BitDefenderTheta	Gen:NN.ZexaF.36792.QuY@aGulbxb
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/GenKryptik.GPLS
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	UDS:DangerousObject.Multi.Generic
Rising	Trojan.Generic@AI.80 (RDML:asCh2OCTI1pAVXVeTpr4xg)
Sophos	Mal/Generic-R
Trapmine	malicious.high.ml.score
SentinelOne	Static AI - Malicious PE
Google	Detected
Kingsoft	malware.kb.a.858
Gridinsoft	Trojan.Heur!.00002031
ZoneAlarm	UDS:DangerousObject.Multi.Generic
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
McAfee	Artemis!B4C67AFBCE57
DeepInstinct	MALICIOUS
Cylance	unsafe
Tencent	Win32.Trojan.FalseSign.Tnkl
Ikarus	Trojan.Agent
AVG	Win32:Evo-gen [Trj]
Avast	Win32:Evo-gen [Trj]

203.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All