Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 17, 2023, 6:31 p.m.	Nov. 17, 2023, 6:33 p.m.

Size	13.0MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`bcabfc8a72168c9c59967950ba586367`
SHA256	`8129a2a6764c59fdfbb1945be92d8452a9a6502c6047e39c5b8d9a3c982ca192`
CRC32	`1865D72B`
ssdeep	`393216:Hrqs77+THrAQUSA1In5Q7JNp1ruYVOgDKg:HOsGTLBUSAin5qPv`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature

update.exe "C:\Users\test22\AppData\Local\Temp\update.exe"
2548

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
193.233.132.13	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49162 -> 193.233.132.13:80	2036934	ET MALWARE Win32/RecordBreaker CnC Checkin M1	A Network Trojan was detected
TCP 193.233.132.13:80 -> 192.168.56.101:49162	2036955	ET MALWARE Win32/RecordBreaker CnC Checkin - Server Response	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 193.233.132.13:80	2027250	ET INFO Dotted Quad Host DLL Request	Potentially Bad Traffic
TCP 192.168.56.101:49162 -> 193.233.132.13:80	2044305	ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity	A suspicious filename was detected
TCP 193.233.132.13:80 -> 192.168.56.101:49162	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 192.168.56.101:49164 -> 193.233.132.13:80	2027250	ET INFO Dotted Quad Host DLL Request	Potentially Bad Traffic
TCP 193.233.132.13:80 -> 192.168.56.101:49164	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 192.168.56.101:49164 -> 193.233.132.13:80	2027250	ET INFO Dotted Quad Host DLL Request	Potentially Bad Traffic
TCP 192.168.56.101:49164 -> 193.233.132.13:80	2044307	ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity	A suspicious filename was detected
TCP 192.168.56.101:49164 -> 193.233.132.13:80	2027250	ET INFO Dotted Quad Host DLL Request	Potentially Bad Traffic
TCP 192.168.56.101:49164 -> 193.233.132.13:80	2044302	ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity	A suspicious filename was detected
TCP 192.168.56.101:49164 -> 193.233.132.13:80	2027250	ET INFO Dotted Quad Host DLL Request	Potentially Bad Traffic
TCP 192.168.56.101:49164 -> 193.233.132.13:80	2044303	ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity	A suspicious filename was detected
TCP 192.168.56.101:49164 -> 193.233.132.13:80	2027250	ET INFO Dotted Quad Host DLL Request	Potentially Bad Traffic
TCP 192.168.56.101:49164 -> 193.233.132.13:80	2044306	ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity	A suspicious filename was detected
TCP 192.168.56.101:49164 -> 193.233.132.13:80	2027250	ET INFO Dotted Quad Host DLL Request	Potentially Bad Traffic
TCP 192.168.56.101:49164 -> 193.233.132.13:80	2044301	ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity	A suspicious filename was detected
TCP 192.168.56.101:49164 -> 193.233.132.13:80	2036884	ET HUNTING Possible Generic Stealer Sending System Information	Misc activity

Suricata TLS

No Suricata TLS

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid

Tries to locate where the browsers are installed (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Nov. 17, 2023, 6:31 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section	.3YF
section	.ld}
section	.6OI

HTTP traffic contains suspicious features which may be indicative of malware related traffic (9 events)

suspicious_features	POST method with no referer header, Connection to IP address	suspicious_request	POST http://193.233.132.13/
suspicious_features	Connection to IP address	suspicious_request	GET http://193.233.132.13/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll
suspicious_features	Connection to IP address	suspicious_request	GET http://193.233.132.13/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dll
suspicious_features	Connection to IP address	suspicious_request	GET http://193.233.132.13/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll
suspicious_features	Connection to IP address	suspicious_request	GET http://193.233.132.13/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll
suspicious_features	Connection to IP address	suspicious_request	GET http://193.233.132.13/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll
suspicious_features	Connection to IP address	suspicious_request	GET http://193.233.132.13/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dll
suspicious_features	Connection to IP address	suspicious_request	GET http://193.233.132.13/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dll
suspicious_features	POST method with no referer header, Connection to IP address	suspicious_request	POST http://193.233.132.13/4b3d724e3280557cef4603019e268268

Performs some HTTP requests (9 events)

request	POST http://193.233.132.13/
request	GET http://193.233.132.13/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll
request	GET http://193.233.132.13/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dll
request	GET http://193.233.132.13/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll
request	GET http://193.233.132.13/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll
request	GET http://193.233.132.13/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll
request	GET http://193.233.132.13/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dll
request	GET http://193.233.132.13/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dll
request	POST http://193.233.132.13/4b3d724e3280557cef4603019e268268

Sends data using the HTTP POST Method (2 events)

request	POST http://193.233.132.13/
request	POST http://193.233.132.13/4b3d724e3280557cef4603019e268268

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Nov. 17, 2023, 6:31 p.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003d0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1	0	0

Steals private information from local Internet browsers (1 event)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State

Creates executable files on the filesystem (7 events)

file	C:\Users\test22\AppData\LocalLow\msvcp140.dll
file	C:\Users\test22\AppData\LocalLow\softokn3.dll
file	C:\Users\test22\AppData\LocalLow\freebl3.dll
file	C:\Users\test22\AppData\LocalLow\mozglue.dll
file	C:\Users\test22\AppData\LocalLow\vcruntime140.dll
file	C:\Users\test22\AppData\LocalLow\sqlite3.dll
file	C:\Users\test22\AppData\LocalLow\nss3.dll

Drops an executable to the user AppData folder (7 events)

file	C:\Users\test22\AppData\LocalLow\vcruntime140.dll
file	C:\Users\test22\AppData\LocalLow\softokn3.dll
file	C:\Users\test22\AppData\LocalLow\nss3.dll
file	C:\Users\test22\AppData\LocalLow\msvcp140.dll
file	C:\Users\test22\AppData\LocalLow\mozglue.dll
file	C:\Users\test22\AppData\LocalLow\freebl3.dll
file	C:\Users\test22\AppData\LocalLow\sqlite3.dll

An executable file was downloaded by the process update.exe (7 events)

Time & API	Arguments	Status	Return
InternetReadFile Nov. 17, 2023, 6:31 p.m.	buffer: MZx@xº´ Í!¸LÍ!This program cannot be run in DOS mode.$PELöñ9bà"!à&Ð`ýÑ@Aø!\T¿@@x ¸Ph hýð ðÄ\!@.textiÞà `.rdataäéðêä@@.dataNà*Î@À.00cfg0ø@@.rsrcx@ú@@.reloch Pþ@BUåSWV]u~ÿt@ pàÿ0WÿÑÄ~1ÀÛÀÁàHFDÿt xàÿ0WÿÑÄ1À^_[]Ã1ÀÛÀÁàHFDëéÌÌÌÌÌÌÌÌÌÌÌÌÌUåWVìuþ3'u7¿èÿÿ=ta¡l$ÿ`ÇìÀt:x(p,Ç@0Ä^_]Ã¿²èÿÿþ~2çØÿÿø8wmÿ$èx¿¦èÿÿë¨(ñ$èÀë´èI"ëþæ þoóþOIþ&ÅFþøþ !¿ÐèÿÿéIÿÿÿþ ¿èÿÿé3ÿÿÿ¿èÿÿé)ÿÿÿ¿¯èÿÿéÿÿÿ¿¶èÿÿéÿÿÿ¿´èÿÿéÿÿÿ¿³èÿÿéÿÿÿ¿¢èÿÿé÷þÿÿ¿ èÿÿéíþÿÿ¿×èÿÿéãþÿÿþÈþí¿þå/þç7þãu¿Ñèÿÿéþÿÿþa _¿èÿÿéþÿÿþþzþpÏþx.¿èÿÿéVþÿÿþØþÏßþÉg¿£èÿÿé(þÿÿþkÖþPa¿Éèÿÿéþÿÿþ½ÊþîJ¿èÿÿéêýÿÿþÍ¾þAÿÿÿþ·t´éþo¯þÙ¿èÿÿé£ýÿÿþ'¿¼èÿÿéýÿÿþætþéJ¿èÿÿérýÿÿþ{î¿èÿÿé_ýÿÿþÐæ¿ÙèÿÿéIýÿÿþlå¿ºèÿÿé6ýÿÿþ¾Ú¿èÿÿé ýÿÿþÎÖ¿Áèÿÿé ýÿÿþpmþÿÿþqaþÿÿþø´¿ªèÿÿéÜüÿÿÿ$x¿ÂèÿÿéËüÿÿþÏ¿¤èÿÿéµüÿÿþWCÿÿÿëxþg þÿÿëjþßub¿Óèÿÿéüÿÿþ request_handle: 0x00cc000c	1	1
InternetReadFile Nov. 17, 2023, 6:31 p.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $Ù1Cò_ò_ò_)n°ò_Ìò_ò^"ò_Ï^ò_Ï\ò_Ï[Óò_ÏZÑò_Ï_ò_Ï ò_Ï]ò_Richò_PEL(Á[à"!(`Ù@ ð@AgÏèr ð?°¬=`x8¸w@päÀc@.text&( `.dataH)@,@À.idata¬pD@@.didat4X@À.rsrcð Z@@.reloc¬=°>^@Bð¢ ¢¢à¢£0££p£0¤Ð£°£¤À¤p¤P¤°¤ð¤à¤0¥`¥ ¥¥P¥¦À¦ ¦`¦ §à§À§§°¨ð¨Ð¨ ¨À©ªà©°©àª ««Àª¬@¬ ¬à«P0®¥ ¥¢ ¢à¢ð¢£0£p££°£Ð£¤0¤P¤p¤°¤À¤à¤ð¤¥ ¥0¥P¥`¥¥ ¥`¦¦ ¦À¦§ §À§à§ ¨°¨Ð¨ð¨°©À©à©ªÀªàª« «à«¬ ¬@¬0P®0®°®À¯Ð°à°ð° ±À±²0²@²P²p²²Ð²P³³³ð³ ´0µµ°µÐµ¶P¶0··p¾¿ ÀàÅðÆ0Ð ÑÀÑàÑðÓÔÝ@ÞÐßàßààðæ0èPèÀêàêPïð ðò°òÐôðôpööû0ûÐûüàüPýþàþ`ÿÀÿÐÿðÿ`0` àÐP`°0P`Ð °Ðð 0`pÀ ° request_handle: 0x00cc0018	1	1
InternetReadFile Nov. 17, 2023, 6:31 p.m.	buffer: MZÿÿ¸@èº´ Í!¸LÍ!This program cannot be run in DOS mode. $ÀÅäÕ¤¤¤08e¤Ü¤¤¬¤ÖÌ¤ÖÌ¤ÖÌ¤ÖÌ¤ÖÌu¤ÖÌ¤Rich¤PEL(Á[à"!ÞÙð 0t(@Aàã ¸ú? 8¸ @´.textôÜÞ `.dataôðâ@À.idataä@@.rsrcê@@.reloc î@B0'à'`-à2@4p5°6(9ø9;0;À;<`= = >0>Q>>p?Ð?ð?À@pADàEJ@ZðZ [0[`[°[\\ \0\@\pe°eàefPj`jpjjjàj l0làlðmn0nPrÐrÐs`tÐtðtuuPuu°uvðvw w@w`ww x`\|}0}@}`}} }ÀÐàð0®À°ÀÐÀðÀ@Á Ò0Ò@ÒPÒàÓÔ ×Ð×°ØðØÙ@Û°Ü@Ý0ßß@ZX!fPjUnknown exception !fPjbad exceptionì!fPj8"fPj"fPjAccess violation - no RTTI data!Attempted a typeid of nullptr pointer!Bad read pointer - no RTTI data!Bad dynamic_cast!csmà 8t°api-ms-win-core-fibers-l1-1-1api-ms-win-core-synch-l1-2-0kernel32api-ms-ext-ms-FlsAlloc request_handle: 0x00cc0024	1	1
InternetReadFile Nov. 17, 2023, 6:31 p.m.	buffer: MZx@xº´ Í!¸LÍ!This program cannot be run in DOS mode.$PELÔñ9bà"!V°/Ð íî @A¼cQ ,p °r ¸ 4C°Wh0 Ø·.textÑ `.rdataÿ0@@.data¸0 @À.00cfgP @@.tls` " @À.rsrc°p $ @@.reloc4C D. @BUåSWVìÎ]¡0 1èEðSèÄÇF9øs0ìEìD$\$<$ñè>ÆMð1éèÂðÄ^_[]ÂÙóør~WQSèJÄÆ;ëËÌÌÌÌÌÌÌUåSWVìEÀ¦MðYÁÉ¾ÿÿÿ¸#]ìxxÚÑê×÷ÿÿÿ9ûwhÚ9ÑÖCñF=sHÀPèÄÇEð]XpÆSÿuWè¸ÄÆMìùs4>ðÄ^_[]ÂøÜwF$ë1ÀHPèDÄx#çàGüëªèAùrHüÀü)Èø sÈPè¡QÄuðë¤1ÿ1öNésÿÿÿÿÔ ÌÌÌÌÌÌÌÌÌUåSWVÇÒÈ É¡Izþæþ¤ÉtNYöÃtFãþyç ÷yáþræ<zÉtv9çþ ÷zræþt^öÃurëÏzÉJ0^_[]Ããþ^r÷Ïzæþt&>Ïz1ë×ÇhH òÌ¹¶èkaÏzÇhH òÌ¹ èPaÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌUåSWVÇÒ·ÈJÉªIzþæþNÉtYöÃuÏzNÉJV0^_[]Ããþ^yç ÷yáþræ<zÉtdyçþ ÷zQræþt^öÃurë²ãþ^r÷Ïzæþt)~ÏzVqëÇhH òÌ¹¶èa`ÏzÇhH òÌ¹ èF`ÌÌÌÌÌUåSWVPÇÒröyÈNöÁáþYyÿt öG÷zç Ï~IJÉLqæþrÖæþyç ÷yz request_handle: 0x00cc0030	1	1
InternetReadFile Nov. 17, 2023, 6:31 p.m.	buffer: MZx@xº´ Í!¸LÍ!This program cannot be run in DOS mode.$PEL&ò9bà"!6°à é @A4, S, È xT ¸° 8$& 0 . D.textÕ `.rdataÄ0@@.data<F@ & @À.00cfg ( @@.rsrcx * @@.reloc8$° &. @BUåhOè2ÄÀt8Ààð]ÃhàÿÿèÄ1À]ÃÌÌÌÌÌÌÌÌÌÌÌÌÌUåWVEÀtu}UMÿt"òò0ë(hàÿÿè¿Ä¸ÿÿÿÿë&Ç4¦¦¦¦Ç0¦¦¦¦jVjjRQPèO¤Ä^_]ÃÌÌÌÌÌÌÌÌUåSWVhOèÄÀt0Ç8Ç1öçðtkEU]MÛtòò0ë%hàÿÿè2Ä1öë<Ç4¦¦¦¦Ç0¦¦¦¦jRjjPQWèÅ£ÄÀtÿ·8èäÄëþð^_[]ÃÌÌÌÌÌUåWVuöt }jVèÉ¨Äÿtÿ¶8è¨Ä^_]ÃUåSWVäøìPL$,M¡´@ 1èD$HÇD$4ùrÈàuy;}vhàÿÿé²hàÿÿé¨\|$,}uöÓøàøPèÄÀx\|$ òòD$8ÂÂD$$}WÁïVRèL$0Ä÷ß\|$01ÀÇD$ÇD$ÇD$ÇD$ÇD$ÇD$ÇD$1Ûëf.D$(ÀÃÿøñD$(Ã¿ëaD$fD$0D$8D$0D$9D$0D$:D$0D$;D$0D$<D$0D$=D$0D$>0\$?D$0øÀÇÃø,òùòD$@jD$<PjT$@RPÿt$@Îè¨ÄÂÀJÿÿÿòD$@òþÛñeÿÿÿD$þÀLÿÿÿD$þÀu]D$þÀufD$þÀuwD$þÀD$D$D$D$ÇD$ÇD$ÇD$ÇD$ÇD$éôþÿÿD$ÇD$éãþÿÿD$ÇD$ÇD$éÊþÿÿD$ÇD$ÇD$ÇD$ request_handle: 0x00cc003c	1	1
InternetReadFile Nov. 17, 2023, 6:31 p.m.	buffer: MZx@xº´ Í!¸LÍ!This program cannot be run in DOS mode.$PEL'ò9bà"!ÌòÎ¡Þ@AtvSÇwð°Â¸À5hqà D{.textVÊÌ `.rdata¬à®Ð@@.data~@À.00cfg @@.rsrc°@@.reloc5À6@BUå¡Àtÿ ]ÿáh 6hÿè{ÄÀt¸ÿÿÿÿ]Ã¡ëÌUå¡ÀtHÿ ]ÿáh 6hÿè{ÄÀt1À]Ã¡ëÒÌÌÌÌÌÌUå¡Àt$ÿ ]ÿáh 6hÿè{ÄÀt¸ÿÿÿÿ]Ã¡ëÌUå¡ÀtHÿ ]ÿáh 6hÿè{ÄÀt¸ÿÿÿÿ]Ã¡ëÏÌÌÌUå¡ÀtHÿ ]ÿáh 6hÿè{ÄÀt¸ÿÿÿÿ]Ã¡ëÏÌÌÌUå¡ÀtHÿ ]ÿáh 6hÿè{ÄÀt¸ÿÿÿÿ]Ã¡ëÏÌÌÌUå¡Àt¨ÿ ]ÿáh 6hÿè{ÄÀt¸ÿÿÿÿ]Ã¡ëÌUå¡ÀtH(ÿ ]ÿáh 6hÿè{ÄÀt¸ÿÿÿÿ]Ã¡ëÏÌÌÌUå¡ÀtH,ÿ ]ÿáh 6hÿè{ÄÀt¸ÿÿÿÿ]Ã¡ëÏÌÌÌUå¡ÀtH4ÿ ]ÿáh 6hÿè{ÄÀt1À]Ã¡ëÒÌÌÌÌÌÌUå¡ÀtÀÿ ]ÿáh 6hÿè{ÄÀt1À]Ã¡ëÏÌÌÌUå¡ÀtH8ÿ ]ÿáh 6hÿè{ÄÀt1À]Ã¡ëÒÌÌÌÌÌÌUå¡ÀtH<ÿ ]ÿáh 6hÿè{ÄÀt]Ã¡ëÔÌÌÌÌÌÌÌÌUå¡ÀtH@ÿ ]ÿáh 6hÿè{ÄÀt¸ÿÿÿÿ]Ã¡ëÏÌÌÌUå¡ÀtHDÿ ]ÿáh 6hÿè{ÄÀt¸ÿÿÿÿ]Ã¡ëÏÌÌÌUå¡ÀtHHÿ ]ÿáh 6hÿè{ÄÀt1À]Ã¡ëÒÌÌÌÌÌÌ request_handle: 0x00cc0048	1	1
InternetReadFile Nov. 17, 2023, 6:31 p.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $PEL"©,bv²à!ú àaÈ °nàÐ ¨ à; âÐ.text¬ `P`.data\|' (@`À.rdataDPF:@`@.bss( `À.edatan°,@0@.idataÐà¬@0À.CRT,ðº@0À.tls ¼@0À.rsrc¨ ¾@0À.relocà; <Ä@0B/48` @@B/19RÈp Ê @B/31]'@(Ð @B/45-p.ø @B/57\ &@0B/70#°2@B/81s:À<6@B/92Pr@BSìÇ$èó Ã$è¶Ï Û£¨ìa£¨ìat ÇÄ1À[ÃÄ¸[ÃWVSìT$$Òur¡ ìaÀè1Û5ãìa£ ìaëvÇ$èÿÖìºØð±¨ìaÀuá¡¨ìaøãÇ$è7ó ¸Ä[^_Âö¼'ú¸uäd¡1öX=ãìaëv9ÃÇ$èÿ×ìðð±¨ìaÀuÞ1Û¡¨ìaø!¡¨ìaÀñ¡¨ìaøÛË¡ìaÀtT$(ÇD$T$T$ $ÿÐì ìaÄ¸[^_Â1Àé7ÿÿÿö¼'¡¨ìa$è3Î ÀÆtA¡¨ìa$è Î Ãë9ÞwÀtóëÿÐ9Þvñ4$èèñ Ç¨ìaÇ¨ìa1ÀÇ¨ìa¨ìa¸Ä[^_Â»éÿÿÿf request_handle: 0x00cc0054	1	1

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00c7c800', u'virtual_address': u'0x00701000', u'entropy': 7.877889260410832, u'name': u'.6OI', u'virtual_size': u'0x00c7c6f0'}

entropy

7.87788926041

description

A section with a high entropy has been found

entropy

0.958578550812

description

Overall entropy of this PE file is high

Queries for potentially installed applications (50 out of 67 events)

Time & API	Arguments	Status
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x00002804 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: 7-Zip base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: AddressBook base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: Connection Manager base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: DirectDrawEx base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: Fontcore base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: HashTab base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HashTab	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: IE40 base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: IE4Data base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: IE5BAKEX base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: IEData base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: MobileOptionPack base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: Mozilla Firefox 105.0.1 (x64 en-US) base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 105.0.1 (x64 en-US)	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: MozillaMaintenanceService base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: SchedulingAgent base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: WIC base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: {1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1} base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: {26A24AE4-039D-4CA4-87B4-2F86417051FF} base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F86417051FF}	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: {3160A0D4-A4F3-39B4-B4CC-B5306F9CF9B3} base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3160A0D4-A4F3-39B4-B4CC-B5306F9CF9B3}	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: {50A2BC33-C9CD-3BF1-A8FF-53C10A0B183C} base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{50A2BC33-C9CD-3BF1-A8FF-53C10A0B183C}	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: {90120000-0028-0412-1000-0000000FF1CE} base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-1000-0000000FF1CE}	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: {90120000-002A-0000-1000-0000000FF1CE} base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002A-0000-1000-0000000FF1CE}	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: {90120000-002A-0409-1000-0000000FF1CE} base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002A-0409-1000-0000000FF1CE}	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: {90120000-002A-0412-1000-0000000FF1CE} base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002A-0412-1000-0000000FF1CE}	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: {92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: {92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1042 base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1042	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: {A5F504DF-2ED9-4A2D-A2F3-9D2750DD42D6} base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5F504DF-2ED9-4A2D-A2F3-9D2750DD42D6}	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: {EF1EC6A9-17DE-3DA9-B040-686A1E8A8B04} base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EF1EC6A9-17DE-3DA9-B040-686A1E8A8B04}	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x00002804 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: AddressBook base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: Connection Manager base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: DirectDrawEx base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: EditPlus base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: ENTERPRISE base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: Fontcore base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: Google Chrome base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: Haansoft HWord 80 Korean base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: IE40 base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: IE4Data base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: IE5BAKEX base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: IEData base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: MobileOptionPack base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: SchedulingAgent base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: WIC base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: {01B845D4-B73E-4CF7-A377-94BC7BB4F77B} base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: {1D91F7DA-F517-4727-9E62-B7EA978BE980} base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: {90120000-0015-0412-0000-0000000FF1CE} base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: {90120000-0016-0412-0000-0000000FF1CE} base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Nov. 17, 2023, 6:31 p.m.	regkey_r: {90120000-0018-0412-0000-0000000FF1CE} base_handle: 0x00002804 key_handle: 0x00002808 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}	1

Communicates with host for which no DNS query was performed (1 event)

host

193.233.132.13

Collects information about installed applications (43 events)

Time & API	Arguments	Status
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 7-Zip 19.00 (x64) regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: HashTab 6.0.0.34 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HashTab\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Mozilla Firefox (x64 en-US) regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 105.0.1 (x64 en-US)\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Mozilla Maintenance Service regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft .NET Framework 4.5 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Java 7 Update 51 (64-bit) regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F86417051FF}\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft .NET Framework 4.5 KOR Language Pack regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3160A0D4-A4F3-39B4-B4CC-B5306F9CF9B3}\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24215 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{50A2BC33-C9CD-3BF1-A8FF-53C10A0B183C}\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office IME (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-1000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Office 64-bit Components 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002A-0000-1000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared 64-bit MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002A-0409-1000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared 64-bit MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002A-0412-1000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft .NET Framework 4.5 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft .NET Framework 4.5 한국어 언어 팩 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1042\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Python 2.7.18 (64-bit) regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5F504DF-2ED9-4A2D-A2F3-9D2750DD42D6}\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24215 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EF1EC6A9-17DE-3DA9-B040-686A1E8A8B04}\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: EditPlus regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Chrome regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: HttpWatch Professional 9.3.39 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Google Update Helper regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Access MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Excel MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office PowerPoint MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Publisher MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Outlook MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Word MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office IME (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proofing (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office InfoPath MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office OneNote MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Groove MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Groove Setup Metadata MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Flash Player 13 ActiveX regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Flash Player 13 NPAPI regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}\DisplayName	1
RegQueryValueExW Nov. 17, 2023, 6:31 p.m.	key_handle: 0x00002808 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\DisplayName	1

File has been identified by 40 AntiVirus engines on VirusTotal as malicious (40 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.RecordBreaker.i!c
tehtris	Generic.Malware
MicroWorld-eScan	Trojan.GenericKD.70434495
Skyhigh	BehavesLike.Win32.Generic.tc
McAfee	Artemis!BCABFC8A7216
Cylance	unsafe
Sangfor	Infostealer.Win32.Recordbreaker.Vec9
Alibaba	TrojanPSW:Win32/RecordBreaker.c8e27392
Cybereason	malicious.5ca21d
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
APEX	Malicious
Kaspersky	Trojan-PSW.Win32.RecordBreaker.cb
BitDefender	Trojan.GenericKD.70434495
Avast	Win32:PWSX-gen [Trj]
Sophos	Mal/Generic-S
TrendMicro	TrojanSpy.Win32.RACCOONSTEALER.YXDKQZ
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.bcabfc8a72168c9c
Emsisoft	Trojan.GenericKD.70434495 (B)
SentinelOne	Static AI - Malicious PE
MAX	malware (ai score=84)
Kingsoft	Win32.HeurC.KVMH008.a
Microsoft	Trojan:Win32/ScarletFlash.A
Gridinsoft	Ransom.Win32.Wacatac.sa
ZoneAlarm	Trojan-PSW.Win32.RecordBreaker.cb
GData	Trojan.GenericKD.70434495
Google	Detected
VBA32	BScope.TrojanPSW.Coins
TrendMicro-HouseCall	TrojanSpy.Win32.RACCOONSTEALER.YXDKQZ
Rising	Trojan.Generic@AI.98 (RDML:9Ud9UPfwmpcU3pgV1K0zPQ)
Ikarus	Trojan.Win32.VMProtect
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	Riskware/Application
BitDefenderTheta	Gen:NN.ZexaF.36792.@F0@a4wD1Dli
AVG	Win32:PWSX-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

update.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All