Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Jan. 18, 2025, 10:10 a.m.	Jan. 18, 2025, 10:12 a.m.

Size	5.4MB
Type	PE32+ executable (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
MD5	`6e3dc1be717861da3cd7c57e8a1e3911`
SHA256	`d4a388cc151fa56379f9ac6ef8b7851b6750c2ecfc2c8f6904ac6002865c4f30`
CRC32	`4C9F3814`
ssdeep	`98304:UK/ZoaSs+bgcPlK+rSN2xeELJ4g1x3+FbdYapMDrEPxiJVwJyHLcnP6WfwCA+D://uVs+bH9K+OGeIBSHqDIPI7WOLyyWfF`
PDB Path	D:\a\wix4\wix4\build\burn\Release\x64\burn.pdb
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) CAB_file_format - CAB archive file Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

QGFQTHIU.exe "C:\Users\test22\AppData\Local\Temp\QGFQTHIU.exe"
2560
- QGFQTHIU.exe "C:\Windows\TEMP\{E039CF43-5A4F-4EE7-A7B6-A922B7D60560}\.cr\QGFQTHIU.exe" -burn.clean.room="C:\Users\test22\AppData\Local\Temp\QGFQTHIU.exe" -burn.filehandle.attached=208 -burn.filehandle.self=204
  2668

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Jan. 18, 2025, 10:03 a.m.			0	0

This executable has a PDB path (1 event)

pdb_path

D:\a\wix4\wix4\build\burn\Release\x64\burn.pdb

Tries to locate where the browsers are installed (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\BundlePatchCode

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section	.didat
section	.wixburn
section	_RDATA

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Jan. 18, 2025, 10:03 a.m.	process_identifier: 2668 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1	0	0

Creates (office) documents on the filesystem (1 event)

file	C:\Windows\Temp\{1F95F2E3-5745-43A3-B048-DC3761728DAF}\.ba\bray.xls

Creates executable files on the filesystem (7 events)

file	C:\Windows\Temp\{1F95F2E3-5745-43A3-B048-DC3761728DAF}\.ba\Celesta.dll
file	C:\Windows\Temp\{1F95F2E3-5745-43A3-B048-DC3761728DAF}\.ba\msncore.dll
file	C:\Windows\Temp\{1F95F2E3-5745-43A3-B048-DC3761728DAF}\.ba\msn.exe
file	C:\Windows\Temp\{1F95F2E3-5745-43A3-B048-DC3761728DAF}\.ba\contactsUX.dll
file	C:\Windows\Temp\{1F95F2E3-5745-43A3-B048-DC3761728DAF}\.ba\msvcr80.dll
file	C:\Windows\Temp\{E039CF43-5A4F-4EE7-A7B6-A922B7D60560}\.cr\QGFQTHIU.exe
file	C:\Windows\Temp\{1F95F2E3-5745-43A3-B048-DC3761728DAF}\.ba\msidcrl40.dll

Queries for potentially installed applications (50 out of 71 events)

Time & API	Arguments	Status	Return
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DF5D96CA-1F21-4B25-B00E-0EEFA7F5A281} base_handle: 0xffffffff80000002 key_handle: 0x0000000000000000 options: 0 access: 0x00000001 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DF5D96CA-1F21-4B25-B00E-0EEFA7F5A281}		2
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DF5D96CA-1F21-4B25-B00E-0EEFA7F5A281} base_handle: 0xffffffff80000002 key_handle: 0x0000000000000000 options: 0 access: 0x00000001 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DF5D96CA-1F21-4B25-B00E-0EEFA7F5A281}		2
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0xffffffff80000002 key_handle: 0x00000000000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: AddressBook base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: Connection Manager base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: DirectDrawEx base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: EditPlus base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: ENTERPRISE base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: Fontcore base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: Google Chrome base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: Haansoft HWord 80 Korean base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: IE40 base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: IE4Data base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: IE5BAKEX base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: IEData base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: MobileOptionPack base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: SchedulingAgent base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: WIC base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: {01B845D4-B73E-4CF7-A377-94BC7BB4F77B} base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: {1D91F7DA-F517-4727-9E62-B7EA978BE980} base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: {90120000-0015-0412-0000-0000000FF1CE} base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: {90120000-0016-0412-0000-0000000FF1CE} base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: {90120000-0018-0412-0000-0000000FF1CE} base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: {90120000-0019-0412-0000-0000000FF1CE} base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: {90120000-001A-0412-0000-0000000FF1CE} base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: {90120000-001B-0412-0000-0000000FF1CE} base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: {90120000-001F-0409-0000-0000000FF1CE} base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: {90120000-001F-0412-0000-0000000FF1CE} base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: {90120000-0028-0412-0000-0000000FF1CE} base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: {90120000-002C-0412-0000-0000000FF1CE} base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: {90120000-0030-0000-0000-0000000FF1CE} base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: {90120000-0044-0412-0000-0000000FF1CE} base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: {90120000-006E-0409-0000-0000000FF1CE} base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: {90120000-006E-0412-0000-0000000FF1CE} base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: {90120000-00A1-0412-0000-0000000FF1CE} base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: {90120000-00BA-0409-0000-0000000FF1CE} base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: {90120000-0114-0412-0000-0000000FF1CE} base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: {939659F3-71D2-461F-B24D-91D05A4389B4} base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: {9B84A461-3B4C-40E2-B44F-CE22E215EE40} base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: {d992c12e-cab2-426f-bde3-fb8c53950b0d} base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0xffffffff80000002 key_handle: 0x00000000000001b4 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: 7-Zip base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: AddressBook base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: Connection Manager base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: DirectDrawEx base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: Fontcore base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: HashTab base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HashTab	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: IE40 base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40	1	0
RegOpenKeyExW Jan. 18, 2025, 10:03 a.m.	regkey_r: IE4Data base_handle: 0x00000000000001b4 key_handle: 0x00000000000001b0 options: 0 access: 0x00020119 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data	1	0

Drops a binary and executes it (1 event)

file	C:\Windows\Temp\{E039CF43-5A4F-4EE7-A7B6-A922B7D60560}\.cr\QGFQTHIU.exe

File has been identified by 37 AntiVirus engines on VirusTotal as malicious (37 events)

Lionic	Trojan.Win32.Penguish.4!c
ALYac	Gen:Variant.Zusy.575122
Cylance	Unsafe
VIPRE	Gen:Variant.Zusy.575122
CrowdStrike	win/malicious_confidence_70% (W)
BitDefender	Gen:Variant.Zusy.575122
Arcabit	Trojan.Zusy.D8C692
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	multiple detections
Avast	Win64:Malware-gen
ClamAV	Win.Trojan.Penguish-10040796-0
Alibaba	Trojan:Application/Generic.31f14a02
MicroWorld-eScan	Gen:Variant.Zusy.575122
Emsisoft	Gen:Variant.Zusy.575122 (B)
F-Secure	Trojan.TR/Redcap.jxeie
Zillya	Trojan.Penguish.Win32.680
TrendMicro	TrojanSpy.Win64.LUMMASTEALER.YXFAQZ
McAfeeD	ti!D4A388CC151F
CTX	exe.unknown.zusy
Sophos	Mal/Generic-S
FireEye	Gen:Variant.Zusy.575122
Google	Detected
Avira	TR/Redcap.jxeie
Antiy-AVL	Trojan/Win32.Agent
Microsoft	TrojanDownloader:Win64/Rugmi!rfn
GData	Gen:Variant.Zusy.575122
Varist	W32/ABTrojan.WOGJ-2246
McAfee	Artemis!6E3DC1BE7178
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.4278279633
Ikarus	Win32.Outbreak
Panda	Trj/Agent.CTG
TrendMicro-HouseCall	TrojanSpy.Win64.LUMMASTEALER.YXFAQZ
MaxSecure	Trojan.Malware.318344599.susgen
Fortinet	W32/PossibleThreat
AVG	Win64:Malware-gen
Paloalto	generic.ml

QGFQTHIU.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All