Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	March 7, 2025, 9:44 a.m.	March 7, 2025, 9:48 a.m.

Size	7.8MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`001d7acad697c62d8a2bd742c4955c26`
SHA256	`de53f6f359af6ccc361faf2aa74690c9575b987a01f1250a6eb042cf9d4ea4af`
CRC32	`C6EEE38D`
ssdeep	`196608:fla7YGGDOzn2WavTxO0bDRDLX1cwz48uKPWFsi0l99F:takPDka1LFDLX15jPfP99F`
PDB Path	D:\a\wix4\wix4\build\burn\Release\x86\burn.pdb
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer CAB_file_format - CAB archive file Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet IsPE32 - (no description) ASPack_Zero - ASPack packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file

z3SJkC5.exe "C:\Users\test22\AppData\Local\Temp\z3SJkC5.exe"
1364
- z3SJkC5.exe "C:\Windows\TEMP\{B1041C16-8CED-4E0B-8387-15A7C1F728EC}\.cr\z3SJkC5.exe" -burn.clean.room="C:\Users\test22\AppData\Local\Temp\z3SJkC5.exe" -burn.filehandle.attached=236 -burn.filehandle.self=232
  2096
  - WiseTurbo.exe C:\Windows\TEMP\{CCABF61C-839F-488E-9E26-76BBD6BCB499}\.ba\WiseTurbo.exe
    2148

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent March 7, 2025, 9:44 a.m.			0	0

At least one process apparently crashed during execution (1 event)

Time & API	Arguments	Status	Return	Repeated
LdrLoadDll March 7, 2025, 9:44 a.m.	module_name: FaultRep.dll basename: FaultRep stack_pivoted: 0 flags: 0 module_address: 0x740f0000	1	0	0

This executable has a PDB path (1 event)

pdb_path

D:\a\wix4\wix4\build\burn\Release\x86\burn.pdb

Tries to locate where the browsers are installed (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\BundlePatchCode

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 events)

section	.didat
section	.wixburn

One or more processes crashed (3 events)

Time & API	Arguments	Status
__exception__ March 7, 2025, 9:44 a.m.	stacktrace: quadrisyllable+0x620c @ 0x1000620c quadrisyllable+0x66fc @ 0x100066fc quadrisyllable+0x3f5d @ 0x10003f5d quadrisyllable+0x1076 @ 0x10001076 quadrisyllable+0x104b @ 0x1000104b quadrisyllable+0x1258 @ 0x10001258 quadrisyllable+0x134c @ 0x1000134c RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x778d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x778dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x778dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x778dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x746bd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x755a1d2a z3sjkc5+0x12c82 @ 0x62c82 z3sjkc5+0x6c73 @ 0x56c73 z3sjkc5+0x7337 @ 0x57337 z3sjkc5+0x7e72 @ 0x57e72 z3sjkc5+0x1169 @ 0x51169 z3sjkc5+0x469ca @ 0x969ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.esp: 4254008 registers.edi: 268487616 registers.eax: 0 registers.ebp: 4255524 registers.edx: 2130566132 registers.ebx: 0 registers.esi: 268487680 registers.ecx: 2100	1
__exception__ March 7, 2025, 9:44 a.m.	stacktrace: LdrShutdownProcess+0x97 RtlDetectHeapLeaks-0x1bb ntdll+0x58f10 @ 0x778f8f10 RtlExitUserProcess+0x74 LdrShutdownProcess-0x1d ntdll+0x58e5c @ 0x778f8e5c ExitProcess+0x15 TerminateThread-0xa kernel32+0x17a25 @ 0x757f7a25 z3sjkc5+0x4e674 @ 0x9e674 z3sjkc5+0x4e63e @ 0x9e63e z3sjkc5+0x4e78a @ 0x9e78a z3sjkc5+0x46a45 @ 0x96a45 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x10002140 registers.esp: 4259248 registers.edi: 8434720 registers.eax: 268443968 registers.ebp: 4259272 registers.edx: 8435268 registers.ebx: 2130567168 registers.esi: 6 registers.ecx: 268512264	1
__exception__ March 7, 2025, 9:44 a.m.	stacktrace: RtlAllocateActivationContextStack+0x1cf RtlGetCurrentPeb-0x8a ntdll+0x3a142 @ 0x778da142 RtlDecodePointer+0xf7 LdrInitializeThunk-0x1d ntdll+0x39e2c @ 0x778d9e2c LdrInitializeThunk+0x10 RtlInitializeExceptionChain-0x16 ntdll+0x39e59 @ 0x778d9e59 exception.instruction_r: f0 52 e8 4a 09 00 00 83 c4 08 8b 45 08 8b 48 1c exception.symbol: SymSetOptions-0xa8f7 dbghelp+0x13cf exception.instruction: push edx exception.module: dbghelp.dll exception.exception_code: 0xc000001d exception.offset: 5071 exception.address: 0x734913cf registers.esp: 160955380 registers.edi: 160955524 registers.eax: 0 registers.ebp: 160955412 registers.edx: 32 registers.ebx: 1 registers.esi: 160955400 registers.ecx: 160955488	1

Time & API

Arguments

Status

Return

Repeated

__exception__

March 7, 2025, 9:44 a.m.

stacktrace:

quadrisyllable+0x620c @ 0x1000620c
quadrisyllable+0x66fc @ 0x100066fc
quadrisyllable+0x3f5d @ 0x10003f5d
quadrisyllable+0x1076 @ 0x10001076
quadrisyllable+0x104b @ 0x1000104b
quadrisyllable+0x1258 @ 0x10001258
quadrisyllable+0x134c @ 0x1000134c
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x778d9930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x778dd8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x778dd76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x778dc4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x746bd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x755a1d2a
z3sjkc5+0x12c82 @ 0x62c82
z3sjkc5+0x6c73 @ 0x56c73
z3sjkc5+0x7337 @ 0x57337
z3sjkc5+0x7e72 @ 0x57e72
z3sjkc5+0x1169 @ 0x51169
z3sjkc5+0x469ca @ 0x969ca
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x0
registers.esp: 4254008
registers.edi: 268487616
registers.eax: 0
registers.ebp: 4255524
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 268487680
registers.ecx: 2100

__exception__

March 7, 2025, 9:44 a.m.

stacktrace:

LdrShutdownProcess+0x97 RtlDetectHeapLeaks-0x1bb ntdll+0x58f10 @ 0x778f8f10
RtlExitUserProcess+0x74 LdrShutdownProcess-0x1d ntdll+0x58e5c @ 0x778f8e5c
ExitProcess+0x15 TerminateThread-0xa kernel32+0x17a25 @ 0x757f7a25
z3sjkc5+0x4e674 @ 0x9e674
z3sjkc5+0x4e63e @ 0x9e63e
z3sjkc5+0x4e78a @ 0x9e78a
z3sjkc5+0x46a45 @ 0x96a45
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x10002140
registers.esp: 4259248
registers.edi: 8434720
registers.eax: 268443968
registers.ebp: 4259272
registers.edx: 8435268
registers.ebx: 2130567168
registers.esi: 6
registers.ecx: 268512264

__exception__

March 7, 2025, 9:44 a.m.

stacktrace:

RtlAllocateActivationContextStack+0x1cf RtlGetCurrentPeb-0x8a ntdll+0x3a142 @ 0x778da142
RtlDecodePointer+0xf7 LdrInitializeThunk-0x1d ntdll+0x39e2c @ 0x778d9e2c
LdrInitializeThunk+0x10 RtlInitializeExceptionChain-0x16 ntdll+0x39e59 @ 0x778d9e59

exception.instruction_r: f0 52 e8 4a 09 00 00 83 c4 08 8b 45 08 8b 48 1c
exception.symbol: SymSetOptions-0xa8f7 dbghelp+0x13cf
exception.instruction: push edx
exception.module: dbghelp.dll
exception.exception_code: 0xc000001d
exception.offset: 5071
exception.address: 0x734913cf
registers.esp: 160955380
registers.edi: 160955524
registers.eax: 0
registers.ebp: 160955412
registers.edx: 32
registers.ebx: 1
registers.esi: 160955400
registers.ecx: 160955488

Allocates read-write-execute memory (usually to unpack itself) (19 events)

Time & API	Arguments	Status
NtProtectVirtualMemory March 7, 2025, 9:44 a.m.	process_identifier: 2148 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 7, 2025, 9:44 a.m.	process_identifier: 2148 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00409000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 7, 2025, 9:44 a.m.	process_identifier: 2148 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0062f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 7, 2025, 9:44 a.m.	process_identifier: 2148 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0062f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 7, 2025, 9:44 a.m.	process_identifier: 2148 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00458000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 7, 2025, 9:44 a.m.	process_identifier: 2148 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004e8000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 7, 2025, 9:44 a.m.	process_identifier: 2148 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040a000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 7, 2025, 9:44 a.m.	process_identifier: 2148 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040a000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 7, 2025, 9:44 a.m.	process_identifier: 2148 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00409000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 7, 2025, 9:44 a.m.	process_identifier: 2148 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00409000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 7, 2025, 9:44 a.m.	process_identifier: 2148 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00409000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 7, 2025, 9:44 a.m.	process_identifier: 2148 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00409000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 7, 2025, 9:44 a.m.	process_identifier: 2148 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00409000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 7, 2025, 9:44 a.m.	process_identifier: 2148 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00409000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 7, 2025, 9:44 a.m.	process_identifier: 2148 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00409000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 7, 2025, 9:44 a.m.	process_identifier: 2148 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00408000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 7, 2025, 9:44 a.m.	process_identifier: 2148 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00458000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 7, 2025, 9:44 a.m.	process_identifier: 2148 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00458000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 7, 2025, 9:44 a.m.	process_identifier: 2148 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00458000 process_handle: 0xffffffff	1

Creates executable files on the filesystem (4 events)

file	C:\Windows\Temp\{B1041C16-8CED-4E0B-8387-15A7C1F728EC}\.cr\z3SJkC5.exe
file	C:\Windows\Temp\{CCABF61C-839F-488E-9E26-76BBD6BCB499}\.ba\Quadrisyllable.dll
file	C:\Windows\Temp\{CCABF61C-839F-488E-9E26-76BBD6BCB499}\.ba\sqlite3.dll
file	C:\Windows\Temp\{CCABF61C-839F-488E-9E26-76BBD6BCB499}\.ba\WiseTurbo.exe

Drops a binary and executes it (1 event)

file	C:\Windows\Temp\{B1041C16-8CED-4E0B-8387-15A7C1F728EC}\.cr\z3SJkC5.exe

Queries for potentially installed applications (50 out of 81 events)

Time & API	Arguments	Status	Return
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FAE3097D-20C0-4689-84E8-79ED5EE59E0D} base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000001 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FAE3097D-20C0-4689-84E8-79ED5EE59E0D}		2
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FAE3097D-20C0-4689-84E8-79ED5EE59E0D} base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000001 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FAE3097D-20C0-4689-84E8-79ED5EE59E0D}		2
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x000001b8 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: 7-Zip base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: AddressBook base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: Adobe AIR base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: Connection Manager base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: DirectDrawEx base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: EditPlus base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: Fontcore base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: Google Chrome base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: Haansoft HWord 80 Korean base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: IE40 base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: IE4Data base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: IE5BAKEX base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: IEData base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: MobileOptionPack base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: Mozilla Thunderbird 78.4.0 (x86 ko) base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko)	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: Office15.PROPLUSR base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office15.PROPLUSR	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: SchedulingAgent base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: WIC base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: {00203668-8170-44A0-BE44-B632FA4D780F} base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: {01B845D4-B73E-4CF7-A377-94BC7BB4F77B} base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: {1D91F7DA-F517-4727-9E62-B7EA978BE980} base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: {26A24AE4-039D-4CA4-87B4-2F32180131F0} base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180131F0}	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: {4A03706F-666A-4037-7777-5F2748764D10} base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: {90150000-0015-0409-0000-0000000FF1CE} base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0015-0409-0000-0000000FF1CE}	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: {90150000-0016-0409-0000-0000000FF1CE} base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0016-0409-0000-0000000FF1CE}	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: {90150000-0018-0409-0000-0000000FF1CE} base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0018-0409-0000-0000000FF1CE}	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: {90150000-0019-0409-0000-0000000FF1CE} base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0019-0409-0000-0000000FF1CE}	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: {90150000-001A-0409-0000-0000000FF1CE} base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001A-0409-0000-0000000FF1CE}	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: {90150000-001B-0409-0000-0000000FF1CE} base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001B-0409-0000-0000000FF1CE}	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: {90150000-001F-0409-0000-0000000FF1CE} base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-0409-0000-0000000FF1CE}	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: {90150000-001F-040C-0000-0000000FF1CE} base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-040C-0000-0000000FF1CE}	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: {90150000-001F-0C0A-0000-0000000FF1CE} base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-0C0A-0000-0000000FF1CE}	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: {90150000-002C-0409-0000-0000000FF1CE} base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-002C-0409-0000-0000000FF1CE}	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: {90150000-0044-0409-0000-0000000FF1CE} base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0044-0409-0000-0000000FF1CE}	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: {90150000-006E-0409-0000-0000000FF1CE} base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-006E-0409-0000-0000000FF1CE}	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: {90150000-0090-0409-0000-0000000FF1CE} base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0090-0409-0000-0000000FF1CE}	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: {90150000-00A1-0409-0000-0000000FF1CE} base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00A1-0409-0000-0000000FF1CE}	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: {90150000-00BA-0409-0000-0000000FF1CE} base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00BA-0409-0000-0000000FF1CE}	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: {90150000-00E1-0409-0000-0000000FF1CE} base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00E1-0409-0000-0000000FF1CE}	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: {90150000-00E2-0409-0000-0000000FF1CE} base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00E2-0409-0000-0000000FF1CE}	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: {90150000-0115-0409-0000-0000000FF1CE} base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0115-0409-0000-0000000FF1CE}	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: {90150000-0117-0409-0000-0000000FF1CE} base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0117-0409-0000-0000000FF1CE}	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: {90150000-012B-0409-0000-0000000FF1CE} base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-012B-0409-0000-0000000FF1CE}	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: {91150000-0011-0000-0000-0000000FF1CE} base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{91150000-0011-0000-0000-0000000FF1CE}	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: {939659F3-71D2-461F-B24D-91D05A4389B4} base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}	1	0
RegOpenKeyExW March 7, 2025, 9:44 a.m.	regkey_r: {9B84A461-3B4C-40E2-B44F-CE22E215EE40} base_handle: 0x000001b8 key_handle: 0x000001b4 options: 0 access: 0x00020219 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}	1	0

File has been identified by 42 AntiVirus engines on VirusTotal as malicious (42 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Penguish.4!c
CAT-QuickHeal	cld.trojan.penguish
Skyhigh	BehavesLike.Win32.Dropper.wc
ALYac	Trojan.GenericKD.75933598
Cylance	Unsafe
VIPRE	Trojan.GenericKD.75933598
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Trojan.GenericKD.75933598
Arcabit	Trojan.Generic.D486A79E
VirIT	Trojan.Win32.CabDrp.HWA
Symantec	Trojan Horse
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Generik.CFSIPDK
Avast	Win32:Malware-gen
Kaspersky	HEUR:Trojan.Win32.Penguish.gen
MicroWorld-eScan	Trojan.GenericKD.75933598
Emsisoft	Trojan.GenericKD.75933598 (B)
Zillya	Trojan.Penguish.Win32.671
McAfeeD	ti!DE53F6F359AF
CTX	exe.trojan.penguish
Sophos	Mal/Generic-S
FireEye	Trojan.GenericKD.75933598
Google	Detected
Antiy-AVL	Trojan/Win32.Penguish
Kingsoft	Win32.Trojan.Penguish.gen
Xcitium	Malware@#1vpyiq7kiieed
Microsoft	TrojanDownloader:Win64/Rugmi!rfn
GData	Trojan.GenericKD.75933598
Varist	W32/ABTrojan.NAGR-3701
AhnLab-V3	Trojan/Win.Malware-gen.C5736638
McAfee	Artemis!001D7ACAD697
DeepInstinct	MALICIOUS
VBA32	Trojan.Penguish
Malwarebytes	Trojan.Loader
Panda	Trj/Chgt.AD
Tencent	Win32.Trojan.Penguish.Jmnw
MaxSecure	Trojan.Malware.325361894.susgen
Fortinet	W32/PossibleThreat
AVG	Win32:Malware-gen
Paloalto	generic.ml
alibabacloud	Trojan:Win/Penguish.gyf

z3SJkC5.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All