Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 21, 2023, 7:53 a.m.	Nov. 21, 2023, 8:03 a.m.

Size	12.2MB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`a9c5d3db8ea47ab1e03cbf5a91065d24`
SHA256	`121a9ea644073f820645f34c67bd159aff5a29cec51269cdc07bf4dad0249f30`
CRC32	`C9411A84`
ssdeep	`393216:FmL5LvPmm1SPtqMOL7JTa/l8ua1ipeE/Dl3uh1:FS5jXMt3OL7ta/mtJgDlez`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description)

brandmar.exe "C:\Users\test22\AppData\Local\Temp\brandmar.exe"
2636
- InstallSetup5.exe "C:\Users\test22\AppData\Local\Temp\InstallSetup5.exe"
  2724
  - Broom.exe C:\Users\test22\AppData\Local\Temp\Broom.exe
    2908
- toolspub2.exe "C:\Users\test22\AppData\Local\Temp\toolspub2.exe"
  2772
- d21cbe21e38b385a41a68c5e6dd32f4c.exe "C:\Users\test22\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe"
  2824
- latestX.exe "C:\Users\test22\AppData\Local\Temp\latestX.exe"
  2884

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (2 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Nov. 21, 2023, 7:53 a.m.			0	0
IsDebuggerPresent Nov. 21, 2023, 7:53 a.m.			0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Nov. 21, 2023, 7:53 a.m.		1	1	0

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x76f89e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x755f3120 toolspub2+0x2597d @ 0x42597d exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x76f89e58 registers.esp: 1627280 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627324 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 9175040	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df toolspub2+0x25985 @ 0x425985 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1627332 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627384 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2776	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x76f89e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x755f3120 toolspub2+0x2597d @ 0x42597d exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x76f89e58 registers.esp: 1627280 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627324 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 9175040	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df toolspub2+0x25985 @ 0x425985 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1627332 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627384 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2776	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x76f89e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x755f3120 toolspub2+0x2597d @ 0x42597d exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x76f89e58 registers.esp: 1627280 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627324 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 9175040	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df toolspub2+0x25985 @ 0x425985 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1627332 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627384 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2776	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x76f89e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x755f3120 toolspub2+0x2597d @ 0x42597d exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x76f89e58 registers.esp: 1627280 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627324 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 9175040	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df toolspub2+0x25985 @ 0x425985 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1627332 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627384 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2776	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x76f89e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x755f3120 toolspub2+0x2597d @ 0x42597d exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x76f89e58 registers.esp: 1627280 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627324 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 9175040	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df toolspub2+0x25985 @ 0x425985 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1627332 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627384 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2776	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x76f89e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x755f3120 toolspub2+0x2597d @ 0x42597d exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x76f89e58 registers.esp: 1627280 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627324 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 9175040	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df toolspub2+0x25985 @ 0x425985 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1627332 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627384 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2776	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x76f89e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x755f3120 toolspub2+0x2597d @ 0x42597d exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x76f89e58 registers.esp: 1627280 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627324 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 9175040	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df toolspub2+0x25985 @ 0x425985 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1627332 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627384 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2776	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x76f89e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x755f3120 toolspub2+0x2597d @ 0x42597d exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x76f89e58 registers.esp: 1627280 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627324 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 9175040	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df toolspub2+0x25985 @ 0x425985 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1627332 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627384 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2776	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x76f89e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x755f3120 toolspub2+0x2597d @ 0x42597d exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x76f89e58 registers.esp: 1627280 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627324 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 9175040	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df toolspub2+0x25985 @ 0x425985 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1627332 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627384 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2776	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x76f89e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x755f3120 toolspub2+0x2597d @ 0x42597d exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x76f89e58 registers.esp: 1627280 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627324 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 9175040	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df toolspub2+0x25985 @ 0x425985 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1627332 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627384 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2776	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x76f89e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x755f3120 toolspub2+0x2597d @ 0x42597d exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x76f89e58 registers.esp: 1627280 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627324 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 9175040	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df toolspub2+0x25985 @ 0x425985 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1627332 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627384 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2776	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x76f89e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x755f3120 toolspub2+0x2597d @ 0x42597d exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x76f89e58 registers.esp: 1627280 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627324 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 9175040	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df toolspub2+0x25985 @ 0x425985 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1627332 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627384 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2776	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x76f89e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x755f3120 toolspub2+0x2597d @ 0x42597d exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x76f89e58 registers.esp: 1627280 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627324 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 9175040	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df toolspub2+0x25985 @ 0x425985 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1627332 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627384 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2776	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x76f89e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x755f3120 toolspub2+0x2597d @ 0x42597d exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x76f89e58 registers.esp: 1627280 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627324 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 9175040	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df toolspub2+0x25985 @ 0x425985 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1627332 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627384 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2776	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x76f89e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x755f3120 toolspub2+0x2597d @ 0x42597d exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x76f89e58 registers.esp: 1627280 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627324 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 9175040	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df toolspub2+0x25985 @ 0x425985 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1627332 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627384 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2776	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x76f89e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x755f3120 toolspub2+0x2597d @ 0x42597d exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x76f89e58 registers.esp: 1627280 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627324 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 9175040	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df toolspub2+0x25985 @ 0x425985 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1627332 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627384 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2776	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x76f89e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x755f3120 toolspub2+0x2597d @ 0x42597d exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x76f89e58 registers.esp: 1627280 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627324 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 9175040	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df toolspub2+0x25985 @ 0x425985 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1627332 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627384 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2776	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x76f89e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x755f3120 toolspub2+0x2597d @ 0x42597d exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x76f89e58 registers.esp: 1627280 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627324 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 9175040	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df toolspub2+0x25985 @ 0x425985 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1627332 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627384 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2776	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x76f89e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x755f3120 toolspub2+0x2597d @ 0x42597d exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x76f89e58 registers.esp: 1627280 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627324 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 9175040	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df toolspub2+0x25985 @ 0x425985 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1627332 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627384 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2776	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x76f89e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x755f3120 toolspub2+0x2597d @ 0x42597d exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x76f89e58 registers.esp: 1627280 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627324 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 9175040	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df toolspub2+0x25985 @ 0x425985 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1627332 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627384 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2776	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x76f89e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x755f3120 toolspub2+0x2597d @ 0x42597d exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x76f89e58 registers.esp: 1627280 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627324 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 9175040	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df toolspub2+0x25985 @ 0x425985 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1627332 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627384 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2776	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x76f89e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x755f3120 toolspub2+0x2597d @ 0x42597d exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x76f89e58 registers.esp: 1627280 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627324 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 9175040	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df toolspub2+0x25985 @ 0x425985 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1627332 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627384 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2776	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x76f89e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x755f3120 toolspub2+0x2597d @ 0x42597d exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x76f89e58 registers.esp: 1627280 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627324 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 9175040	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df toolspub2+0x25985 @ 0x425985 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1627332 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627384 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2776	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x76f89e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x755f3120 toolspub2+0x2597d @ 0x42597d exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x76f89e58 registers.esp: 1627280 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627324 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 9175040	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df toolspub2+0x25985 @ 0x425985 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1627332 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627384 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2776	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x76f89e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x755f3120 toolspub2+0x2597d @ 0x42597d exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x76f89e58 registers.esp: 1627280 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627324 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 9175040	1
__exception__ Nov. 21, 2023, 7:53 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df toolspub2+0x25985 @ 0x425985 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1627332 registers.edi: 9175040 registers.eax: 4294967288 registers.ebp: 1627384 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2776	1

Allocates read-write-execute memory (usually to unpack itself) (18 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory Nov. 21, 2023, 7:53 a.m.	process_identifier: 2636 region_size: 2097152 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00730000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 21, 2023, 7:53 a.m.	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 21, 2023, 7:53 a.m.	process_identifier: 2636 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 21, 2023, 7:53 a.m.	process_identifier: 2636 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 21, 2023, 7:53 a.m.	process_identifier: 2636 region_size: 589824 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00990000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 21, 2023, 7:53 a.m.	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x009e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 21, 2023, 7:53 a.m.	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00552000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 21, 2023, 7:53 a.m.	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008c5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 21, 2023, 7:53 a.m.	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008cb000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 21, 2023, 7:53 a.m.	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008c7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 21, 2023, 7:53 a.m.	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0070c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 21, 2023, 7:53 a.m.	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a60000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 21, 2023, 7:53 a.m.	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0055a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 21, 2023, 7:53 a.m.	process_identifier: 2772 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 77824 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008dc000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 21, 2023, 7:53 a.m.	process_identifier: 2824 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4161536 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x027b0000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 21, 2023, 7:53 a.m.	process_identifier: 2824 region_size: 9351168 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02bb0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 21, 2023, 7:53 a.m.	process_identifier: 2908 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x703f2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 21, 2023, 7:53 a.m.	process_identifier: 2908 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ac0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (12 events)

Time & API	Arguments	Status	Return
GetDiskFreeSpaceExW Nov. 21, 2023, 7:53 a.m.	total_number_of_free_bytes: 13292896256 free_bytes_available: 13292896256 root_path: C: total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Nov. 21, 2023, 7:53 a.m.	total_number_of_free_bytes: 13340028928 free_bytes_available: 13340028928 root_path: C: total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Nov. 21, 2023, 7:53 a.m.	total_number_of_free_bytes: 13460545536 free_bytes_available: 13460545536 root_path: C: total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Nov. 21, 2023, 7:53 a.m.	total_number_of_free_bytes: 13460545536 free_bytes_available: 13460545536 root_path: C: total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Nov. 21, 2023, 7:53 a.m.	total_number_of_free_bytes: 13458440192 free_bytes_available: 13458440192 root_path: C: total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Nov. 21, 2023, 7:53 a.m.	total_number_of_free_bytes: 13458440192 free_bytes_available: 13458440192 root_path: C: total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Nov. 21, 2023, 7:53 a.m.	total_number_of_free_bytes: 13458440192 free_bytes_available: 13458440192 root_path: C: total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Nov. 21, 2023, 7:53 a.m.	total_number_of_free_bytes: 13458440192 free_bytes_available: 13458440192 root_path: C: total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Nov. 21, 2023, 7:54 a.m.	total_number_of_free_bytes: 13452054528 free_bytes_available: 13452054528 root_path: C: total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Nov. 21, 2023, 7:54 a.m.	total_number_of_free_bytes: 13458141184 free_bytes_available: 13458141184 root_path: C: total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Nov. 21, 2023, 7:54 a.m.	total_number_of_free_bytes: 13458141184 free_bytes_available: 13458141184 root_path: C: total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Nov. 21, 2023, 7:54 a.m.	total_number_of_free_bytes: 13458141184 free_bytes_available: 13458141184 root_path: C: total_number_of_bytes: 34252779520	1	1

Creates executable files on the filesystem (5 events)

file	C:\Users\test22\AppData\Local\Temp\Broom.exe
file	C:\Users\test22\AppData\Local\Temp\latestX.exe
file	C:\Users\test22\AppData\Local\Temp\InstallSetup5.exe
file	C:\Users\test22\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
file	C:\Users\test22\AppData\Local\Temp\toolspub2.exe

Drops a binary and executes it (4 events)

file	C:\Users\test22\AppData\Local\Temp\InstallSetup5.exe
file	C:\Users\test22\AppData\Local\Temp\toolspub2.exe
file	C:\Users\test22\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
file	C:\Users\test22\AppData\Local\Temp\latestX.exe

Drops an executable to the user AppData folder (8 events)

file	C:\Users\test22\AppData\Local\Temp\SandboxieInstall.exe
file	C:\Users\test22\AppData\Local\Temp\202005191702_6d173b9549ce4fe1e5ada5ab9ce0bfff5d9569f19e7fa916db5c8d4f0dace63b_setup_nwc275a_demo.exe
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\winamp58_3660_beta_full_en-us[1].exe
file	C:\Users\test22\AppData\Local\Temp\InstallSetup5.exe
file	C:\Users\test22\AppData\Local\Temp\Broom.exe
file	C:\Users\test22\AppData\Local\Temp\toolspub2.exe
file	C:\Users\test22\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
file	C:\Users\test22\AppData\Local\Temp\brandmar.exe

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00c2ac00', u'virtual_address': u'0x00002000', u'entropy': 7.945520145125646, u'name': u'.text', u'virtual_size': u'0x00c2ab54'}

entropy

7.94552014513

description

A section with a high entropy has been found

entropy

0.999839499238

description

Overall entropy of this PE file is high

Attempts to identify installed AV products by installation directory (1 event)

file	C:\Users\test22\AppData\Local\Temp\SandboxieInstall.exe

Deletes executed files from disk (1 event)

file	C:\Users\test22\AppData\Local\Temp\Broom.exe

Drops 104 unknown file mime types indicative of ransomware writing encrypted files back to disk (50 out of 104 events)

file	C:\Windows\Prefetch\SDIAGNHOST.EXE-8D72177C.pf
file	c:\Windows\Temp\fwtsqmfile01.sqm
file	C:\Windows\Prefetch\INJECT-X86.EXE-6FB1ED76.pf
file	C:\Windows\Prefetch\CSC.EXE-BE9AC2DF.pf
file	C:\Windows\Prefetch\INSTALLSETUP5.EXE-6CAE54AE.pf
file	c:\Windows\Temp\fwtsqmfile00.sqm
file	C:\Windows\Prefetch\RUNDLL32.EXE-87432CEE.pf
file	C:\Windows\Prefetch\RUNDLL32.EXE-7BCB21A1.pf
file	C:\Windows\Prefetch\INJECT-X64.EXE-AAEEB6EB.pf
file	C:\Windows\Prefetch\Layout.ini
file	C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf
file	C:\Users\test22\AppData\Local\Temp\~DF8C0F100C7231519A.TMP
file	C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf
file	C:\Windows\Prefetch\SETUP.EXE-A9A86358.pf
file	C:\Windows\Prefetch\SEARCHINDEXER.EXE-4A6353B9.pf
file	C:\Windows\Prefetch\SVCHOST.EXE-CF79EE4C.pf
file	C:\Windows\Prefetch\TASKHOST.EXE-7238F31D.pf
file	C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf
file	C:\Windows\Prefetch\RUNDLL32.EXE-DE9673F9.pf
file	C:\Windows\Prefetch\MAINTENANCESERVICE.EXE-FA0B1B99.pf
file	C:\Windows\Prefetch\PING.EXE-7E94E73E.pf
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\uglified_jindo[1].js
file	C:\Windows\Prefetch\ReadyBoot\Trace9.fx
file	C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
file	C:\Windows\Prefetch\IS32BIT.EXE-9A90D66E.pf
file	C:\Windows\Prefetch\SETUP-STUB.EXE-8F842224.pf
file	C:\Windows\Prefetch\DLLHOST.EXE-40DD444D.pf
file	C:\Windows\Prefetch\D21CBE21E38B385A41A68C5E6DD32-E9890065.pf
file	C:\Windows\Prefetch\MSIEXEC.EXE-A2D55CB6.pf
file	C:\Windows\Prefetch\REGSVR32.EXE-8461DBEE.pf
file	C:\Windows\Prefetch\ReadyBoot\Trace1.fx
file	C:\Windows\Prefetch\AgGlGlobalHistory.db
file	C:\Windows\Prefetch\DEFAULT-BROWSER-AGENT.EXE-01C82E17.pf
file	C:\Windows\Prefetch\TOOLSPUB2.EXE-762F2EFF.pf
file	C:\Windows\Prefetch\DEFRAG.EXE-588F90AD.pf
file	C:\Windows\Prefetch\ReadyBoot\Trace8.fx
file	C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf
file	C:\Windows\Prefetch\CONTROL.EXE-817F8F1D.pf
file	C:\Windows\Prefetch\SVCHOST.EXE-5901D5E8.pf
file	C:\Windows\Prefetch\MMC.EXE-561C5A40.pf
file	C:\Windows\Prefetch\MSCORSVW.EXE-90526FAC.pf
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT
file	C:\Windows\Prefetch\PW.EXE-1D40DDAD.pf
file	C:\Windows\Prefetch\W32TM.EXE-1101AF41.pf
file	C:\Windows\Prefetch\MSCORSVW.EXE-57D17DAF.pf
file	C:\Windows\Prefetch\CMD.EXE-4A81B364.pf
file	C:\Windows\Prefetch\7ZG.EXE-0F8C4081.pf
file	C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000009.log
file	C:\Windows\Prefetch\SVCHOST.EXE-A1476A17.pf
file	C:\Windows\Prefetch\PfSvPerfStats.bin

Deletes a large number of files from the system indicative of ransomware, wiper malware or system destruction (50 out of 977 events)

file	C:\Users\test22\AppData\Local\Temp\nsr191.tmp
file	C:\Users\test22\AppData\Local\Temp\SetupExe(20200504224110B04).log
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\dthumb[10].jpg
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\dthumb[3].png
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1F4WQUHZ\dropbox_logo_text_2015-vfld7_dJ8[1].svg
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\013[1].png
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\sprite-20210713@2x[2].png
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\7028d2d448816aeaab0e_20211029092933036[1].jpg
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\spr_lft_white_150916[1].png
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\AdPostInjectAsync[1].nhn
file	c:\Windows\Temp\fwtsqmfile01.sqm
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\dthumbCAUKPFFO.jpg
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\m_920_294_0729[1].png
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\cropImg_196x196_38699317823237099[1].jpg
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\e84a7e15-e6a9-41ec-9eb7-883e9b5e7249[1].jpg
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\348acc74d7ad9acbdda7_20211101182838273[1].jpg
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\1_237[1].png
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\favicon[3].png
file	C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\dthumb[9].jpg
file	C:\Windows\Prefetch\SVCHOST.EXE-80F4A784.pf
file	C:\Users\test22\AppData\Local\Temp\dd_vcredist_amd64_20180201144548_000_vcRuntimeMinimum_x64.log
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\bootstrap.min[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\desktop.ini
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\jquery-1.12.4.min_v1[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\w[1].css
file	C:\Windows\Prefetch\MAINTENANCESERVICE.EXE-FA0B1B99.pf
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\S6uyw4BMUTPHjx4wWA[1].woff
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CURBIYE7\icon_spacer-vflN3BYt2[1].gif
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\3a7f4c4cb962a54fae75_20200728093632144[1].jpg
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\cropImg_728x360_77691188554226350[1].jpg
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\8c9b6e5b-4abb-45c6-9aa7-aa28806e8e84[1].jpg
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\TopNav[1].js
file	C:\Windows\Prefetch\CONTROL.EXE-817F8F1D.pf
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\adf7905c-28ea-4ddf-93b2-aa96dad57752[1].jpg
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\977[1].png
file	C:\Windows\Prefetch\MSCORSVW.EXE-90526FAC.pf
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\015[1].png
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\dthumbCAR5WT7S.jpg
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\smart_editor2.me.min.200716[1].css
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\ipsec[3].htm
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\nsd13728808[1].png
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\327[1].png
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\sample-doc-download[1].htm
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\SOC-Facebook[1].png
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\f[2].txt
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\images[1].png
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\f1e83251-9248-4d4e-8d2e-d1505a55bc83[1].jpg
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\3de5642a-2629-4625-9a63-d96768537b11[1].jpg
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\keys_js5[2].htm

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ Nov. 21, 2023, 7:53 a.m.	tid: 2776 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

Detects VirtualBox through the presence of a file (1 event)

file	C:\Windows\Prefetch\VBOXDRVINST.EXE-7DCD6070.pf

File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 events)

Lionic	Trojan.Win32.ShortLoader.a!c
MicroWorld-eScan	IL:Trojan.MSILZilla.9891
FireEye	Generic.mg.a9c5d3db8ea47ab1
Skyhigh	BehavesLike.Win32.Generic.rc
McAfee	GenericRXOO-YN!A9C5D3DB8EA4
Malwarebytes	Trojan.Crypt.MSIL.Generic
VIPRE	IL:Trojan.MSILZilla.9891
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Ransomware ( 005a8b921 )
Alibaba	TrojanDownloader:MSIL/Mokes.c9ac7b3a
K7GW	Ransomware ( 005a8b921 )
CrowdStrike	win/malicious_confidence_100% (W)
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Agent.UZA
Cynet	Malicious (score: 99)
APEX	Malicious
Kaspersky	HEUR:Trojan-Downloader.MSIL.ShortLoader.gen
BitDefender	IL:Trojan.MSILZilla.9891
Avast	Win32:DropperX-gen [Drp]
Tencent	Msil.Trojan-Downloader.Shortloader.Ijgl
Emsisoft	IL:Trojan.MSILZilla.9891 (B)
F-Secure	Heuristic.HEUR/AGEN.1365025
DrWeb	Trojan.MulDropNET.43
TrendMicro	TrojanSpy.Win32.REDLINE.YXDKTZ
Trapmine	malicious.moderate.ml.score
Sophos	Troj/ILAgent-I
SentinelOne	Static AI - Malicious PE
Webroot	W32.Trojan.MSILZilla
Varist	W32/MSIL_Kryptik.FFY.gen!Eldorado
Avira	HEUR/AGEN.1365025
MAX	malware (ai score=80)
Kingsoft	MSIL.Trojan-Downloader.ShortLoader.gen
Microsoft	Trojan:MSIL/Mokes.B!MTB
Gridinsoft	Trojan.Win32.Glupteba.bot
Arcabit	IL:Trojan.MSILZilla.D26A3
ZoneAlarm	HEUR:Trojan-Downloader.MSIL.ShortLoader.gen
GData	Win32.Trojan.Agent.T0RUXD
Google	Detected
AhnLab-V3	Malware/Win.Generic.C4478643
BitDefenderTheta	Gen:NN.ZemsilF.36792.@p0@aueqgbg
ALYac	IL:Trojan.MSILZilla.9891
VBA32	Trojan.MSIL.Injector.gen
Cylance	unsafe
Panda	Trj/GdSda.A
TrendMicro-HouseCall	TrojanSpy.Win32.REDLINE.YXDKTZ
Rising	Trojan.AntiVM!1.CF63 (CLASSIC)
Ikarus	Trojan.MSIL.Krypt
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/GenKryptik.FFMZ!tr

brandmar.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All