Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 17, 2024, 2:56 p.m.	Oct. 17, 2024, 2:59 p.m.

Size	313.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4c4200cdf2e58dee2b4db5200c231468`
SHA256	`8241ed9b5cbf2bdbc37576027497125c0d77ecbaec322d434605454794786bbe`
CRC32	`903A6E31`
ssdeep	`6144:sDKW1Lgbdl0TBBvjc/5tSlqAsI92VSKpPJJn+crE0rn+H/:6h1Lk70TnvjcDSlqAsI80MH+cVrn+f`
PDB Path
Yara	Malicious_Library_Zero - Malicious_Library MALWARE_Win_VT_RedLine - Detects RedLine infostealer PE_Header_Zero - PE File Signature UltraVNC_Zero - UltraVNC IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

AppReseter_forOutlooker.exe "C:\Users\test22\AppData\Local\Temp\AppReseter_forOutlooker.exe"
1072

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (2 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Oct. 17, 2024, 2:56 p.m.			0	0
IsDebuggerPresent Oct. 17, 2024, 2:56 p.m.			0	0

Uses Windows APIs to generate a cryptographic key (13 events)

Time & API	Arguments	Status	Return
CryptExportKey Oct. 17, 2024, 2:56 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00615e88 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Oct. 17, 2024, 2:56 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00615e88 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Oct. 17, 2024, 2:56 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00615ec8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Oct. 17, 2024, 2:56 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00615ec8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Oct. 17, 2024, 2:56 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00615f88 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Oct. 17, 2024, 2:56 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00615fc8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Oct. 17, 2024, 2:56 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00615fc8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Oct. 17, 2024, 2:56 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00615fc8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Oct. 17, 2024, 2:56 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00615fc8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Oct. 17, 2024, 2:56 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x006161c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Oct. 17, 2024, 2:56 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x006161c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Oct. 17, 2024, 2:56 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x006161c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Oct. 17, 2024, 2:56 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x006161c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

This executable has a PDB path (1 event)

pdb_path

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Oct. 17, 2024, 2:56 p.m.		1	1	0

One or more processes crashed (43 events)

Time & API	Arguments	Status
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: f3 aa 8b 45 f0 8b 4d 08 8b 55 10 03 c8 2b d0 52 exception.symbol: appreseter_foroutlooker+0xf088 exception.instruction: stosb byte ptr es:[edi], al exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61576 exception.address: 0x40f088 registers.esp: 1636996 registers.edi: 4354652 registers.eax: 0 registers.ebp: 1637012 registers.edx: 0 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 4	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4358112 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 1341	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4362208 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 1309	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4366304 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 1277	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4370400 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 1245	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4374496 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 1213	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4378592 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 1181	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4382688 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 1149	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4386784 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 1117	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4390880 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 1085	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4394976 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 1053	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4399072 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 1021	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4403168 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 989	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4407264 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 957	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4411360 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 925	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4415456 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 893	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4419552 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 861	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4423648 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 829	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4427744 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 797	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4431840 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 765	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4435936 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 733	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4440032 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 701	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4444128 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 669	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4448224 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 637	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4452320 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 605	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4456416 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 573	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4460512 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 541	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4464608 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 509	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4468704 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 477	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4472800 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 445	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4476896 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 413	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4480992 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 381	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4485088 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 349	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4489184 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 317	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4493280 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 285	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4497376 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 253	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4501472 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 221	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4505568 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 189	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4509664 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 157	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4513760 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 125	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4517856 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 93	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4521952 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 61	1
__exception__ Oct. 17, 2024, 2:56 p.m.	stacktrace: appreseter_foroutlooker+0xf054 @ 0x40f054 appreseter_foroutlooker+0xf0a0 @ 0x40f0a0 appreseter_foroutlooker+0x1fa2 @ 0x401fa2 exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66 exception.symbol: appreseter_foroutlooker+0xeff0 exception.address: 0x40eff0 exception.module: AppReseter_forOutlooker.exe exception.exception_code: 0xc0000005 exception.offset: 61424 registers.esp: 1636940 registers.edi: 4526048 registers.eax: 4354656 registers.ebp: 1636944 registers.edx: 82 registers.ebx: 0 registers.esi: 32964680 registers.ecx: 29	1

Starts servers listening (3 events)

Time & API	Arguments	Status	Return
bind Oct. 17, 2024, 2:56 p.m.	ip_address: 127.0.0.1 socket: 616 port: 0	1	0
listen Oct. 17, 2024, 2:56 p.m.	socket: 616 backlog: 2147483647	1	0
accept Oct. 17, 2024, 2:56 p.m.	ip_address: 127.0.0.1 socket: 616 port: 0		4294967295

Allocates read-write-execute memory (usually to unpack itself) (50 out of 72 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 2097152 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02070000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02230000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 655360 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00460000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73eb1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73eb2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 327680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00580000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00512000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004c1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004c2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0051a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0051c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004c3000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0052c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004c4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0054b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00547000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x048e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00545000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 49152 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x048e1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x048ed000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x048ee000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x048ef000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04c5f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04c50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00536000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0053a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00537000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04d20000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0052d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 12288 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04d21000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04d24000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04d25000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04d26000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0052e000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x051c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 86016 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x051c1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 12288 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x051d6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x051d9000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x051da000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04c51000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x051db000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x051dc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x051dd000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x051de000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0052f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0052a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x051df000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 17, 2024, 2:56 p.m.	process_identifier: 1072 region_size: 327680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0xfff50000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffff	1

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0002c600', u'virtual_address': u'0x00026000', u'entropy': 7.988852764168543, u'name': u'.rsrc', u'virtual_size': u'0x0002c438'}

entropy

7.98885276417

description

A section with a high entropy has been found

entropy

0.568

description

Overall entropy of this PE file is high

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 event)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW Oct. 17, 2024, 2:56 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

A process attempted to delay the analysis task. (1 event)

description

AppReseter_forOutlooker.exe tried to sleep 2728163 seconds, actually delayed analysis time by 2728163 seconds

File has been identified by 43 AntiVirus engines on VirusTotal as malicious (43 events)

Lionic	Trojan.Win32.Injuke.16!c
tehtris	Generic.Malware
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.Generic.fc
ALYac	Trojan.GenericKD.73326279
Cylance	Unsafe
VIPRE	Trojan.GenericKD.73326279
CrowdStrike	win/malicious_confidence_70% (W)
BitDefender	Trojan.GenericKD.73326279
K7GW	Riskware ( 00584baa1 )
K7AntiVirus	Riskware ( 00584baa1 )
Arcabit	Trojan.Generic.D45EDEC7
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	Trojan.Win32.Injuke.obzk
Alibaba	Trojan:Win32/Injuke.1f025d6e
MicroWorld-eScan	Trojan.GenericKD.73326279
Emsisoft	Trojan.GenericKD.73326279 (B)
Zillya	Trojan.Injuke.Win32.41804
McAfeeD	ti!8241ED9B5CBF
Trapmine	malicious.high.ml.score
CTX	exe.trojan.generic
Sophos	Mal/Generic-S
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.4c4200cdf2e58dee
Google	Detected
Kingsoft	Win32.Troj.Unknown.a
Microsoft	Trojan:Win32/Injuke!MTB
ZoneAlarm	Trojan.Win32.Injuke.obzk
GData	Trojan.GenericKD.73326279
AhnLab-V3	Trojan/Win.Generic.C5620079
TACHYON	Trojan/W32.Injuke.321024
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.3770680161
Ikarus	Trojan.MSIL.Spy
Panda	Trj/Chgt.AD
MaxSecure	Trojan.Malware.1728101.susgen
Fortinet	W32/PossibleThreat
AVG	Win32:Malware-gen
Paloalto	generic.ml
alibabacloud	Trojan:Win/Injuke.ohwu

AppReseter_forOutlooker.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All