Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	March 23, 2021, 11:15 a.m.	March 23, 2021, 11:18 a.m.

Size	9.0KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`f8372b779001bb5a6c401c657ee514ed`
SHA256	`2c2d88dbff1f9196148cc3c7501d4c45b05ef51887651b3bcdbb111fcc7a2ba2`
CRC32	`65EF4DB9`
ssdeep	`96:AYb1/xVo2DHHa/zWqx8qHcRCLmqKGKTaGM5SVZPgDgsonkcUsyIv0b1ezmtk1daN:FJL7uWWtCqKGCaGMSsgDesyIv0bQFiH`
Yara	PE_Header_Zero - PE File Signature Zero IsPE32 - (no description) IsNET_EXE - (no description) IsWindowsGUI - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT

l8ywly0adHHMfa9UEHOA0OEd.exe "C:\Users\test22\AppData\Local\Temp\l8ywly0adHHMfa9UEHOA0OEd.exe"
2388
- mEsq4rKGAlnpqve9QiyZYrAY.exe "C:\Users\test22\Documents\mEsq4rKGAlnpqve9QiyZYrAY.exe"
  2680
- dHecfqVdFKzLCo2WrQbSdKUe.exe "C:\Users\test22\Documents\dHecfqVdFKzLCo2WrQbSdKUe.exe"
  2776
- cM0KMTqGQD8ICJa7jimkqZMY.exe "C:\Users\test22\Documents\cM0KMTqGQD8ICJa7jimkqZMY.exe"
  2236
- 9xcoL6mLfspbHtn95GDguRgH.exe "C:\Users\test22\Documents\9xcoL6mLfspbHtn95GDguRgH.exe"
  1572
- 7kC0LkpH4lqQopEGsZeJ2saA.exe "C:\Users\test22\Documents\7kC0LkpH4lqQopEGsZeJ2saA.exe"
  2492

Name	Response	Post-Analysis Lookup
aretywer.xyz	A 45.144.30.78	45.144.30.78
pastebin.com	A 104.23.99.190 A 104.23.98.190	104.23.99.190
www.investinae.com	CNAME investinae.com A 108.167.143.77	108.167.143.77
iplogger.org	A 88.99.66.31	88.99.66.31
msiamericas.com	A 141.136.39.190	141.136.39.190
d0wnl0ads.online
file.ekkggr3.com	A 104.21.66.169 A 172.67.162.110	172.67.162.110
digitalassets.ams3.digitaloceanspaces.com	A 5.101.110.225	5.101.110.225
whatitis.site	A 92.63.99.163 A 193.38.55.33	92.63.99.163
mytoolsprivacy.site
jg3.3uag.pw

IP Address	Status	Action
103.124.106.203	Active	Moloch
104.21.66.169	Active	Moloch
104.23.99.190	Active	Moloch
108.167.143.77	Active	Moloch
141.136.39.190	Active	Moloch
164.124.101.2	Active	Moloch
188.93.233.223	Active	Moloch
45.144.30.78	Active	Moloch
5.101.110.225	Active	Moloch
88.99.66.31	Active	Moloch
92.63.99.163	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49200 -> 88.99.66.31:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49201 -> 104.23.99.190:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
UDP 192.168.56.101:56977 -> 164.124.101.2:53	2016778	ET DNS Query to a *.pw domain - Likely Hostile	Potentially Bad Traffic
TCP 192.168.56.101:49207 -> 5.101.110.225:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49211 -> 108.167.143.77:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49209 -> 141.136.39.190:443	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 192.168.56.101:49205 -> 188.93.233.223:80	2016141	ET INFO Executable Download from dotted-quad Host	A Network Trojan was detected
TCP 192.168.56.101:49204 -> 103.124.106.203:80	2016141	ET INFO Executable Download from dotted-quad Host	A Network Trojan was detected
TCP 192.168.56.101:49209 -> 141.136.39.190:443	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
TCP 192.168.56.101:49209 -> 141.136.39.190:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 92.63.99.163:80 -> 192.168.56.101:49202	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 92.63.99.163:80 -> 192.168.56.101:49202	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 192.168.56.101:49206 -> 5.101.110.225:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 188.93.233.223:80 -> 192.168.56.101:49205	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 188.93.233.223:80 -> 192.168.56.101:49205	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 103.124.106.203:80 -> 192.168.56.101:49204	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 103.124.106.203:80 -> 192.168.56.101:49204	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 92.63.99.163:80 -> 192.168.56.101:49202	2015744	ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	Misc activity
TCP 192.168.56.101:49217 -> 88.99.66.31:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 141.136.39.190:443 -> 192.168.56.101:49209	2230002	SURICATA TLS invalid record type	Generic Protocol Command Decode
TCP 141.136.39.190:443 -> 192.168.56.101:49209	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49200 88.99.66.31:443	C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA	CN=*.iplogger.org	55:1e:13:99:46:1c:67:40:a3:48:7f:38:0d:16:e7:51:f4:c4:43:cb
TLSv1 192.168.56.101:49201 104.23.99.190:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2	C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	ce:69:3b:0c:23:1f:bf:e1:a4:87:d2:44:26:54:a5:e4:bd:26:2f:7a
TLSv1 192.168.56.101:49217 88.99.66.31:443	C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA	CN=*.iplogger.org	55:1e:13:99:46:1c:67:40:a3:48:7f:38:0d:16:e7:51:f4:c4:43:cb

Queries for the computername (24 events)

Time & API	Arguments	Status	Return
GetComputerNameW March 23, 2021, 11:15 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 23, 2021, 11:15 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 23, 2021, 11:15 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 23, 2021, 11:15 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 23, 2021, 11:15 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 23, 2021, 11:15 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 23, 2021, 11:15 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 23, 2021, 11:15 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 23, 2021, 11:15 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 23, 2021, 11:15 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 23, 2021, 11:15 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 23, 2021, 11:15 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 23, 2021, 11:15 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 23, 2021, 11:15 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 23, 2021, 11:15 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 23, 2021, 11:15 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 23, 2021, 11:15 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 23, 2021, 11:15 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 23, 2021, 11:15 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 23, 2021, 11:15 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 23, 2021, 11:15 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 23, 2021, 11:15 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 23, 2021, 11:15 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 23, 2021, 11:15 a.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (2 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent March 23, 2021, 11:15 a.m.			0	0
IsDebuggerPresent March 23, 2021, 11:15 a.m.			0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx March 23, 2021, 11:15 a.m.		1	1	0

One or more processes crashed (50 out of 196610 events)

Time & API	Arguments	Status
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 1936549001 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1
__exception__ March 23, 2021, 11:15 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 mesq4rkgalnpqve9qiyzyray+0x14e62 @ 0x414e62 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1636708 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1636760 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1224	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

HTTP traffic contains suspicious features which may be indicative of malware related traffic (6 events)

suspicious_features	GET method with no useragent header	suspicious_request	GET http://whatitis.site/dlc/mixinte
suspicious_features	Connection to IP address	suspicious_request	GET http://103.124.106.203/cof4/inst.exe
suspicious_features	Connection to IP address	suspicious_request	GET http://188.93.233.223/proxy1.exe
suspicious_features	GET method with no useragent header	suspicious_request	GET https://iplogger.org/1ixtu7
suspicious_features	GET method with no useragent header	suspicious_request	GET https://iplogger.org/1ifti7
suspicious_features	GET method with no useragent header	suspicious_request	GET https://pastebin.com/raw/mH2EJxkv

Performs some HTTP requests (8 events)

request	GET http://whatitis.site/dlc/mixinte
request	GET http://103.124.106.203/cof4/inst.exe
request	GET http://188.93.233.223/proxy1.exe
request	GET http://file.ekkggr3.com/iuww/jvppp.exe
request	GET https://iplogger.org/1ixtu7
request	GET https://iplogger.org/1ifti7
request	GET https://pastebin.com/raw/mH2EJxkv
request	GET https://iplogger.org/1hVa87

Allocates read-write-execute memory (usually to unpack itself) (41 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory March 23, 2021, 11:15 a.m.	process_identifier: 2388 region_size: 1507328 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00950000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 23, 2021, 11:15 a.m.	process_identifier: 2388 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a80000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory March 23, 2021, 11:15 a.m.	process_identifier: 2388 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72741000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 23, 2021, 11:15 a.m.	process_identifier: 2388 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72742000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 23, 2021, 11:15 a.m.	process_identifier: 2388 region_size: 983040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004d0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 23, 2021, 11:15 a.m.	process_identifier: 2388 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00580000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 23, 2021, 11:15 a.m.	process_identifier: 2388 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003a2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 23, 2021, 11:15 a.m.	process_identifier: 2388 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003d5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 23, 2021, 11:15 a.m.	process_identifier: 2388 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003db000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 23, 2021, 11:15 a.m.	process_identifier: 2388 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003d7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 23, 2021, 11:15 a.m.	process_identifier: 2388 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003bc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 23, 2021, 11:15 a.m.	process_identifier: 2388 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00790000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 23, 2021, 11:15 a.m.	process_identifier: 2388 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003aa000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 23, 2021, 11:15 a.m.	process_identifier: 2388 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003c6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 23, 2021, 11:15 a.m.	process_identifier: 2388 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003ca000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 23, 2021, 11:15 a.m.	process_identifier: 2388 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003c7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 23, 2021, 11:15 a.m.	process_identifier: 2388 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003cb000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 23, 2021, 11:15 a.m.	process_identifier: 2388 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003ba000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 23, 2021, 11:15 a.m.	process_identifier: 2388 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003ac000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 23, 2021, 11:15 a.m.	process_identifier: 2388 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00791000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 23, 2021, 11:15 a.m.	process_identifier: 2388 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00792000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 23, 2021, 11:15 a.m.	process_identifier: 2388 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00793000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 23, 2021, 11:15 a.m.	process_identifier: 2388 region_size: 327680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef10000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 23, 2021, 11:15 a.m.	process_identifier: 2388 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef10000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 23, 2021, 11:15 a.m.	process_identifier: 2388 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef10000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 23, 2021, 11:15 a.m.	process_identifier: 2388 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef18000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 23, 2021, 11:15 a.m.	process_identifier: 2388 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef00000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 23, 2021, 11:15 a.m.	process_identifier: 2388 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef00000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory March 23, 2021, 11:15 a.m.	process_identifier: 2680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 106496 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c5c000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 23, 2021, 11:16 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 327680 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0092c000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 23, 2021, 11:16 a.m.	process_identifier: 2236 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 327680 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00cac000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 23, 2021, 11:16 a.m.	process_identifier: 1572 region_size: 4677632 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 23, 2021, 11:16 a.m.	process_identifier: 1572 region_size: 4677632 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02860000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 23, 2021, 11:16 a.m.	process_identifier: 1572 region_size: 9498624 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02ce0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory March 23, 2021, 11:16 a.m.	process_identifier: 1572 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02ce1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 23, 2021, 11:16 a.m.	process_identifier: 1572 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 663552 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02cee000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 23, 2021, 11:16 a.m.	process_identifier: 2492 region_size: 4677632 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02360000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 23, 2021, 11:16 a.m.	process_identifier: 2492 region_size: 4677632 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x027e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 23, 2021, 11:16 a.m.	process_identifier: 2492 region_size: 9498624 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02c60000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory March 23, 2021, 11:16 a.m.	process_identifier: 2492 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02c61000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 23, 2021, 11:16 a.m.	process_identifier: 2492 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 663552 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02c6e000 process_handle: 0xffffffff	1

A process attempted to delay the analysis task. (1 event)

description

l8ywly0adHHMfa9UEHOA0OEd.exe tried to sleep 150 seconds, actually delayed analysis time by 150 seconds

Creates executable files on the filesystem (50 out of 9736 events)

file	C:\Users\test22\Documents\RqQUkVvddlsBbP600ojtkC2b.exe
file	C:\Users\test22\Documents\qkz2qUEcyrNSE8DmeoCaI9H0.exe
file	C:\Users\test22\Documents\5QNc12xnmab86yLQIBL9n0aW.exe
file	C:\Users\test22\Documents\4HyFs4pRnQlM9dbXZJ9xioPD.exe
file	C:\Users\test22\Documents\4vqANvGEfsQh0oxH3N26CExM.exe
file	C:\Users\test22\Documents\YP3UduCz6pkcYZc1esuT5RM0.exe
file	C:\Users\test22\Documents\hbSzVjO3P8iqX217iwTGQOic.exe
file	C:\Users\test22\Documents\OSM9mjWXDeIGymVElVc36i3a.exe
file	C:\Users\test22\Documents\ylnU5Bj8vYJwYMf7rWWAYo4U.exe
file	C:\Users\test22\Documents\Pvj2xQWzcKZGWDJ6T7B34PdO.exe
file	C:\Users\test22\Documents\snaqNqXhf7sZyT8UqCanPXGl.exe
file	C:\Users\test22\Documents\4CgAI34Z5Rz0J3BVjapviG73.exe
file	C:\Users\test22\Documents\eZUsxy6mn7x55MAIoHLfKvXn.exe
file	C:\Users\test22\Documents\I8QBeV7ZnPGmhQr55yuO30Gx.exe
file	C:\Users\test22\Documents\vOmckbEohJPGxyp5LI9InCbM.exe
file	C:\Users\test22\Documents\HSzQTmisY29OVWxerOj1hDfx.exe
file	C:\Users\test22\Documents\YyH5Bu5ZK4X2dopyyoA98neM.exe
file	C:\Users\test22\Documents\Tgv20yU3mfg99SRsuWsHMWd9.exe
file	C:\Users\test22\Documents\66NamnwIos71bAvmaOgxareQ.exe
file	C:\Users\test22\Documents\fRzvQfD7cJ2idgQQ0fER5a4S.exe
file	C:\Users\test22\Documents\gLgzYPwYhxssfyFOKZhOPBkk.exe
file	C:\Users\test22\Documents\rhYayjcCIUqmtJOv517D6jSV.exe
file	C:\Users\test22\Documents\NzkSymMFPuKFtBpjwX9Jht0B.exe
file	C:\Users\test22\Documents\zNPnw87whkeU0tiU7fvzdhSF.exe
file	C:\Users\test22\Documents\8JUxYJOMaSPzM6t23NdflGsk.exe
file	C:\Users\test22\Documents\zCavvsGWaoRd4VKvfrf6jnn4.exe
file	C:\Users\test22\Documents\Pd6Oc8mnRBfCifrSlKcNWOzV.exe
file	C:\Users\test22\Documents\sJ6EXccZRxqWRmSoBrc3gbcy.exe
file	C:\Users\test22\Documents\kInPED4oRdMGUfj0pEqONvAr.exe
file	C:\Users\test22\Documents\6UZKT5FKzW1D7DfRSZiPmvzr.exe
file	C:\Users\test22\Documents\fAlydoAKA1XnAVhd4bMUwH0s.exe
file	C:\Users\test22\Documents\BuDw1FRuIVzm05FNrkBX2830.exe
file	C:\Users\test22\Documents\Q15IkZ6Xg2xHi0MNWNPOOoSX.exe
file	C:\Users\test22\Documents\XpSg4pueWMob5WbeShxP5heH.exe
file	C:\Users\test22\Documents\N2GTtv9vaVsjBZYNJVKGrSRO.exe
file	C:\Users\test22\Documents\0QdhBUSidmV1WMksdwrRWYJY.exe
file	C:\Users\test22\Documents\3cj2PuCrOBu6UIIFnvdspTe0.exe
file	C:\Users\test22\Documents\CEnE2hfxdfG3XtbCYLM5Bm7u.exe
file	C:\Users\test22\Documents\MIPcb6E6cbKyiXyzfhJsBdvo.exe
file	C:\Users\test22\Documents\JFpW0a4I7phNA1ymZQdBeefd.exe
file	C:\Users\test22\Documents\ITPLSaSgidx8k9DgiyB3MN2i.exe
file	C:\Users\test22\Documents\K1mX7Qk76xkvzyA2AIHerTHJ.exe
file	C:\Users\test22\Documents\IRhLOtWMCrwGRq5onGOGQMKk.exe
file	C:\Users\test22\Documents\xpnjwxJi9gb1ib0dn1YdW8ok.exe
file	C:\Users\test22\Documents\8dwqZxBi4l6oN5H2MzPx4hOG.exe
file	C:\Users\test22\Documents\EH9kz9SEB9Bzc6Hoi80wwG4m.exe
file	C:\Users\test22\Documents\i1RX8IKOwKgNvGCaXhJbqMo3.exe
file	C:\Users\test22\Documents\7z95ITZv3dv2BoWovyDNflkI.exe
file	C:\Users\test22\Documents\6MqD13BJnJUJ4WBYBjqbfbyc.exe
file	C:\Users\test22\Documents\pW3vnrGzkpKL60LzYyBmaKCI.exe

Creates hidden or system file (2 events)

Time & API	Arguments	Status	Return	Repeated
NtCreateFile March 23, 2021, 11:16 a.m.	create_disposition: 5 (FILE_OVERWRITE_IF) file_handle: 0x000004a8 filepath: C:\Users\Public\Pictures\W5gP15k9Pro.sys desired_access: 0x10100080 (FILE_READ_ATTRIBUTES\|SYNCHRONIZE\|GENERIC_ALL) file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: \??\C:\Users\Public\Pictures\W5gP15k9Pro.sys create_options: 96 (FILE_NON_DIRECTORY_FILE\|FILE_SYNCHRONOUS_IO_NONALERT) status_info: 2 (FILE_CREATED) share_access: 7 (FILE_SHARE_READ\|FILE_SHARE_WRITE\|FILE_SHARE_DELETE)	1	0	0
NtCreateFile March 23, 2021, 11:16 a.m.	create_disposition: 5 (FILE_OVERWRITE_IF) file_handle: 0x0000012c filepath: C:\Users\Public\Pictures\oP1T64nDQ.sys desired_access: 0x10100080 (FILE_READ_ATTRIBUTES\|SYNCHRONIZE\|GENERIC_ALL) file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: \??\C:\Users\Public\Pictures\oP1T64nDQ.sys create_options: 96 (FILE_NON_DIRECTORY_FILE\|FILE_SYNCHRONOUS_IO_NONALERT) status_info: 2 (FILE_CREATED) share_access: 7 (FILE_SHARE_READ\|FILE_SHARE_WRITE\|FILE_SHARE_DELETE)	1	0	0

Drops a binary and executes it (4 events)

file	C:\Users\test22\Documents\mEsq4rKGAlnpqve9QiyZYrAY.exe
file	C:\Users\test22\Documents\cM0KMTqGQD8ICJa7jimkqZMY.exe
file	C:\Users\test22\Documents\7kC0LkpH4lqQopEGsZeJ2saA.exe
file	C:\Users\test22\Documents\t0gg90ddjG2s97NRUNKEU7eg.exe

Executes one or more WMI queries (1 event)

wmi	SELECT Caption FROM Win32_OperatingSystem

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses March 23, 2021, 11:15 a.m.	flags: 15 family: 0		111	0

Checks for the Locally Unique Identifier on the system for a suspicious privilege (6 events)

Time & API	Arguments	Status	Return
LookupPrivilegeValueW March 23, 2021, 11:16 a.m.	system_name: privilege_name: SeLoadDriverPrivilege	1	1
LookupPrivilegeValueW March 23, 2021, 11:16 a.m.	system_name: privilege_name: SeLoadDriverPrivilege	1	1
LookupPrivilegeValueW March 23, 2021, 11:16 a.m.	system_name: privilege_name: SeLoadDriverPrivilege	1	1
LookupPrivilegeValueW March 23, 2021, 11:16 a.m.	system_name: privilege_name: SeLoadDriverPrivilege	1	1
LookupPrivilegeValueW March 23, 2021, 11:16 a.m.	system_name: privilege_name: SeLoadDriverPrivilege	1	1
LookupPrivilegeValueW March 23, 2021, 11:16 a.m.	system_name: privilege_name: SeLoadDriverPrivilege	1	1

Uses Windows utilities for basic Windows functionality (17 events)

cmdline	C:\Users\test22\Documents\80H0cL6ZHqmVwNiTKadV2ysc.exe
cmdline	C:\Users\test22\Documents\54kEJeKa8Nlh6WFpnnUso1At.exe
cmdline	C:\Users\test22\Documents\J6v3PM6OekTl0WqotRBD7GSc.exe
cmdline	C:\Users\test22\Documents\HHUK8z5NEvSgz5RvpomuWusa.exe
cmdline	C:\Users\test22\Documents\xrDZK1NREx3VnaYR8WJ7HSAt.exe
cmdline	C:\Users\test22\Documents\HOVQLEGDJoNuwgDNAVgP3UAt.exe
cmdline	C:\Users\test22\Documents\X52s9Xc0gnsGlS7sTDzL3HsC.exe
cmdline	C:\Users\test22\Documents\b7lNRtbjBUmp4L2p15ZFvraT.exe
cmdline	C:\Users\test22\Documents\sJsKuAUFvmOLlHHlHfsU3Gsc.exe
cmdline	C:\Users\test22\Documents\fVshijOrsYf8gvx4yvVOCTsC.exe
cmdline	C:\Users\test22\Documents\XAcMgopp8gQHgLRm93BaCjaT.exe
cmdline	C:\Users\test22\Documents\c9AeEL4vKrIRHI35aJocb7sC.exe
cmdline	C:\Users\test22\Documents\ri4xueib8kCPNm6rM2Lgu0At.exe
cmdline	C:\Users\test22\Documents\IggNmhy8tBC1B8xAdBesy5aT.exe
cmdline	C:\Users\test22\Documents\unuSSxI2k1aC13USXxdYuISC.exe
cmdline	C:\Users\test22\Documents\Yb1eLdQxlNCsVQTziIULqFsc.exe
cmdline	C:\Users\test22\Documents\udkx274tdKCPnOhyRA73zoat.exe

One or more of the buffers contains an embedded PE file (1 event)

buffer

Buffer with sha1: f4b90461575f862f28dbc1d91fb2ac91d68e3716

Communicates with host for which no DNS query was performed (2 events)

host	103.124.106.203
host	188.93.233.223

Attempts to identify installed AV products by registry key (2 events)

registry	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\aVPpxsjmaAgPgONUJhHI5CkkvHwXHTKc
registry	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AVPVCme90t0KQ3JdLv3aOcIS17Vpb1sH

Looks for the Windows Idle Time to determine the uptime (1 event)

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation March 23, 2021, 11:15 a.m.	information_class: 8 (SystemProcessorPerformanceInformation)	1	0	0

Installs itself for autorun at Windows startup (50 out of 9742 events)

reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\BwIi415WGhF3gswb83YHjDTAEcWOBmb5	reg_value	C:\Users\test22\Documents\mEsq4rKGAlnpqve9QiyZYrAY.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\eFyCbgdTxAdrNqSJhoqU8aP7mbXXGxtr	reg_value	C:\Users\test22\Documents\dHecfqVdFKzLCo2WrQbSdKUe.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\RUKGHku8OWoGQ6wOy49GkMIEz1a9JGMA	reg_value	C:\Users\test22\Documents\EUpIjlMIqQjIqkdivWbfS2z7.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Qva2fLB63sFmwIrqpIjMynHEMGQQKuyH	reg_value	C:\Users\test22\Documents\9xcoL6mLfspbHtn95GDguRgH.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\oVqZ5vwJ37dIRMKwZ6TvaP8pyiGaaxkJ	reg_value	C:\Users\test22\Documents\Jo0ef3tm2CM1GgSrKtUBhALn.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\XAlXpVsGXTpEVAjFPMfXRzmoII12LAdC	reg_value	C:\Users\test22\Documents\cM0KMTqGQD8ICJa7jimkqZMY.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\X7Pgd04W0nF4MXY6vkCZE3JxgS3pqAIK	reg_value	C:\Users\test22\Documents\9bxLrTb4U1vteVli8gUd4zHh.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\xc9K6Pq0f4k7kn2zJjcpBSgz6TgSSyXl	reg_value	C:\Users\test22\Documents\TPxuE5bd7Y21QrWkIXsTwsdd.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\5KOntYiqh9KQrP43Cv886LrhTCwZoJU9	reg_value	C:\Users\test22\Documents\wT6m5QgrrCWVHYAef2KNQxce.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\cqUqmICXoLYPjJ1JwpeRXjTiQgbX8zKX	reg_value	C:\Users\test22\Documents\1bquB38SdpyIOuwP8RLfydit.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\XvaFqpYzABWl1fkf9Jo7FQNtzm77GBYm	reg_value	C:\Users\test22\Documents\37SViRqVmadDVgqyZBsJ9QW3.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\irPEsbs9ntAchxnYfq5aN3iupDg31i9M	reg_value	C:\Users\test22\Documents\lY8x1ko7BoCTKF73bNKzmZxH.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\IfZo5zIEty1qidD4bUeKNIqJr2TFODsO	reg_value	C:\Users\test22\Documents\l1OKVkPk6CpaEfWnjvU5dW3o.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\yP7CgD0pFns8aNt0pWQmbZfBxMWyjiVP	reg_value	C:\Users\test22\Documents\7kC0LkpH4lqQopEGsZeJ2saA.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\u6OTqBGgRdyYMxNDvY1aPeErg1I4FzwW	reg_value	C:\Users\test22\Documents\KCB5nml1uAKB6GpfqodgcxiZ.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\1hxz2Lbcqb5kmgqdNIglumYPhQdpEtaW	reg_value	C:\Users\test22\Documents\dlLrXRKt3ntcSRT2bauD5HJQ.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\JiSmswY7BjIqq092RyZd0h3yAj5x3nv3	reg_value	C:\Users\test22\Documents\c5zzeV0sLQw0VtQ4uQzxkifO.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\odlJ1kDYxOQFKEyDyAlBrGMaUBg6H9vY	reg_value	C:\Users\test22\Documents\alq5DO9Z2yzwljO3R7fvIBYm.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\RLyzEHQyd22GxPa7cTQQHzGLSTxpCn7y	reg_value	C:\Users\test22\Documents\MDQjm0iRub8XTJtNIc7IaX4i.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\FmhvUkwz4E6E795tFnF75p5p34nD60rf	reg_value	C:\Users\test22\Documents\JsSaCsNnLK4bQmZ3C9qHGnac.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\r11a7s2DWawHnfimUfi0ItAi8k9AyO7y	reg_value	C:\Users\test22\Documents\RzVZLcSkYEhMpV5CD6BdidgZ.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\1TcWt2OId8yrxOBb23po3vAJLblZE44m	reg_value	C:\Users\test22\Documents\T5rTl2mpLdzOiyYhYYJD4qR8.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\TSKRQyDjDLDEvuBn7WaMAaJercCXt3mB	reg_value	C:\Users\test22\Documents\otcRaP6SOrvjArtJXrKAAmEF.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Jqkywq0JiCaYv4iSUAiz3U1CDZrM08yv	reg_value	C:\Users\test22\Documents\oX8HEoCZnLgynpYmphDnM2F2.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\zhvW8nTjNoFp6JOHWkdhFPxDi6NFqmbC	reg_value	C:\Users\test22\Documents\SF8YENn7VWPlPA1v9uSMUP8y.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\urxBaO3lMDiwkspFlvdZ2LIWHXifxsPp	reg_value	C:\Users\test22\Documents\GJjgcR9rDpXl4LyzgLztwbtj.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\jb3DpYyex3Vk64lmfonGxRtFIu9DjPrG	reg_value	C:\Users\test22\Documents\aAvud8QzwwY0nCOygtIA7Tqi.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\rx45Zu4iMORutjiRfPH2O9Ze2X4DuYas	reg_value	C:\Users\test22\Documents\TMLCENJX84Dtqo1lIffTqkvR.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\YZCB01xyyjTzOS7QR43td7HufVGgkAPi	reg_value	C:\Users\test22\Documents\a4UQTO8N9fgbXH2j7Nyac2Cr.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SRgeuROyUu7laEEVhvBuUT6cAbQC1rji	reg_value	C:\Users\test22\Documents\1m13M6XIrsnxyDUpPhJi9TOa.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\VDdSAL7nLYO9cJ4pXlPfz2WSMEiDqVR3	reg_value	C:\Users\test22\Documents\Xal4a2XaeydDFsOLdxANReG8.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\rLF5m360HUo0kiQSM6o89px7VOKVfmou	reg_value	C:\Users\test22\Documents\UmiWZFZT102qePtU2V0pPkJd.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\YIkYtkUfq4Xf3CTsPqE7GnWcfzQ7IVyS	reg_value	C:\Users\test22\Documents\dFpN9dq74CjJk2tUEhdS6KdB.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\vH23TXWVGE4PMcy7cuPCKq7RZOsXSiNE	reg_value	C:\Users\test22\Documents\lnz03SOTrEdqfNaCOuCQFg5u.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\KleFo8Ci1zhHWChHu5UCGf8OY6bNu1yz	reg_value	C:\Users\test22\Documents\sEFwZUAUrIjbTKzw6FxVQ2kE.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\mQqrgzy9BrnVZtSzOl6F4ekqghpDQcR5	reg_value	C:\Users\test22\Documents\eAmyz4qtFBkdnrZ4hqkVii7o.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\p9L9JusiarSchslPZq1TComcD1pfVUUK	reg_value	C:\Users\test22\Documents\D7LjN8MQNlc6EEexYvG7l2uH.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Xt6REMMGXIPdyXcMkYaIIPqBlAWewYJw	reg_value	C:\Users\test22\Documents\NE4OxMGd24gWvBPpJ1h5AbFB.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\D5pE0rT88de4hX6v9uasQCOzIlFaDhvC	reg_value	C:\Users\test22\Documents\830EPyYqra9nww1vZVUmA62H.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\qz5Om25asc4xWmmp4alQX6iMXDCe5eg0	reg_value	C:\Users\test22\Documents\AtBUIUz9GApSR6OBYjmQfK0A.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Rt1i0afN6E5V7TPTDYKIVuJ7YPh8IbRR	reg_value	C:\Users\test22\Documents\2AoTZkXNFOkyCapw67WEiknu.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\j4Kl3hEewn8ERkkPCfZ71McFa4QFaH12	reg_value	C:\Users\test22\Documents\X3BptyWosX27eTynrCBJaeZh.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\cFK8Q8DpwFjwevkQuOpdBluqiJnoA7xD	reg_value	C:\Users\test22\Documents\eeGyovvLSYK0VuVHcwH4EbpX.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\UdaHVZpzRf7vZBp7UVIfhef8g6dJw7Sn	reg_value	C:\Users\test22\Documents\zsWjlw4TUfEPLjnqL0K0vMW0.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\8ckY6gCUNTZ3xilhWNoShzWooT7jb1ke	reg_value	C:\Users\test22\Documents\WfOHWw850O7pm1RJLMfaD1Tz.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\F5tmic2Vt4rYZrVxOUG3XDMQ6U8dyuSL	reg_value	C:\Users\test22\Documents\MYI4Mj9ULnbScYWnl8DzMASJ.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\tdqNeYh9mfSa2F71iXIRepk8HD0iIaRr	reg_value	C:\Users\test22\Documents\F9yQ0WwsvGjhq8N4mQl23YvC.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\2sGbh80MOlNGikL9Jvs4tZSUCTPZFvat	reg_value	C:\Users\test22\Documents\NwgXqiOXjj5KpwBhStUgQehE.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\avZNsaGcKe2FGOiW5HKAcNwHUh1vZ67l	reg_value	C:\Users\test22\Documents\Oce7bwzktt6Ei48shUWevnUd.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\9R3LiVDOhR7Fq29TP1X9TrEb4i8ZXSIy	reg_value	C:\Users\test22\Documents\IAhpXl1Smd4EC3mTw9iocTAM.exe

Loads a driver (6 events)

Time & API	Arguments	Return
NtLoadDriver March 23, 2021, 11:16 a.m.	driver_service_name: \Registry\Machine\System\CurrentControlSet\Services\3Ge1k1pgO	3221225473
NtLoadDriver March 23, 2021, 11:16 a.m.	driver_service_name: \Registry\Machine\System\CurrentControlSet\Services\fWJ6JR098	3221225473
NtLoadDriver March 23, 2021, 11:16 a.m.	driver_service_name: \Registry\Machine\System\CurrentControlSet\Services\59G13TnIk	3221225473
NtLoadDriver March 23, 2021, 11:16 a.m.	driver_service_name: \Registry\Machine\System\CurrentControlSet\Services\NV11208	3221225473
NtLoadDriver March 23, 2021, 11:16 a.m.	driver_service_name: \Registry\Machine\System\CurrentControlSet\Services\fLV6e2N	3221225473
NtLoadDriver March 23, 2021, 11:16 a.m.	driver_service_name: \Registry\Machine\System\CurrentControlSet\Services\PB61UOq	3221225473

Uses Sysinternals tools in order to add additional command line functionality (18 events)

cmdline	C:\Users\test22\Documents\6hBSJl4IFcgzivwNpmXzGFDu.exe
cmdline	C:\Users\test22\Documents\QBbUPwFFwJDLOIAbHIDR7ddU.exe
cmdline	C:\Users\test22\Documents\QAtWrjWzsUDFwmx6IXv2ARru.exe
cmdline	C:\Users\test22\Documents\vB9iJTgsC9PZ4pKgCNW1ZDRu.exe
cmdline	C:\Users\test22\Documents\6PSn345rEeyr3eHPNCp9yBRU.exe
cmdline	C:\Users\test22\Documents\co5bFEuLHKNaPXtO7MCigIrU.exe
cmdline	C:\Users\test22\Documents\jUZiUyMIqzuVcYBlcpZYGTDu.exe
cmdline	C:\Users\test22\Documents\CxUSOTb2NGmWlfZD8xCqVZRu.exe
cmdline	C:\Users\test22\Documents\vtXRRGwLe9GeMyQBWCOFpQDu.exe
cmdline	C:\Users\test22\Documents\qDJ7FrneWIbfeTI5mJNhforu.exe
cmdline	C:\Users\test22\Documents\lWpOpVtep9wzzMNRIlXw8qRU.exe
cmdline	C:\Users\test22\Documents\jmHLi7VF2BFSrU48cfTnWFRU.exe
cmdline	C:\Users\test22\Documents\n0dUuBDiVpFkmUrPPnqpCVdU.exe
cmdline	C:\Users\test22\Documents\FwVduxvl3EycBinzR8GubfRu.exe
cmdline	C:\Users\test22\Documents\lrsFl5GXjm4I4678x3oYIkDU.exe
cmdline	C:\Users\test22\Documents\trN2lgsBQ7oKV1TxZkBifIRu.exe
cmdline	C:\Users\test22\Documents\NEBwnO2Eu10NlHp5Q6MQ0ZDu.exe
cmdline	C:\Users\test22\Documents\K3hdALghtQT31MKMqak2JxDu.exe

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ March 23, 2021, 11:16 a.m.	tid: 1224 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

Generates some ICMP traffic

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 event)

dead_host

45.144.30.78:80

Stops Windows services (6 events)

service	NV11208 (regkey HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NV11208\Start)
service	PB61UOq (regkey HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PB61UOq\Start)
service	3Ge1k1pgO (regkey HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\3Ge1k1pgO\Start)
service	59G13TnIk (regkey HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\59G13TnIk\Start)
service	fWJ6JR098 (regkey HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fWJ6JR098\Start)
service	fLV6e2N (regkey HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fLV6e2N\Start)

File has been identified by 43 AntiVirus engines on VirusTotal as malicious (43 events)

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.36542463
FireEye	Generic.mg.f8372b779001bb5a
ALYac	Trojan.GenericKD.36542463
Malwarebytes	Trojan.Downloader
Sangfor	Trojan.Win32.Save.a
Alibaba	TrojanSpy:MSIL/Stealer.c5fc5e66
K7GW	Trojan-Downloader ( 005796b91 )
Cybereason	malicious.768d12
BitDefenderTheta	Gen:NN.ZemsilF.34628.am0@aqZ1kHm
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:DropperX-gen [Drp]
Kaspersky	HEUR:Trojan-Spy.MSIL.Stealer.gen
BitDefender	Trojan.GenericKD.36542463
Paloalto	generic.ml
AegisLab	Trojan.MSIL.Stealer.l!c
Tencent	Msil.Trojan-spy.Stealer.Ecjv
Ad-Aware	Trojan.GenericKD.36542463
Emsisoft	Trojan.GenericKD.36542463 (B)
DrWeb	Trojan.Siggen12.46475
McAfee-GW-Edition	RDN/Generic PWS.y
Sophos	Mal/Generic-S
SentinelOne	Static AI - Malicious PE
eGambit	Unsafe.AI_Score_68%
Avira	HEUR/AGEN.1137614
MAX	malware (ai score=85)
Microsoft	Backdoor:Win32/Bladabindi!ml
Gridinsoft	Trojan.Win32.Downloader.sa
Arcabit	Trojan.Generic.D22D97FF
ZoneAlarm	HEUR:Trojan-Spy.MSIL.Stealer.gen
GData	Trojan.GenericKD.36542463
Cynet	Malicious (score: 100)
McAfee	RDN/Generic PWS.y
Cylance	Unsafe
ESET-NOD32	a variant of MSIL/TrojanDownloader.Small.CLF
Rising	Trojan.IPLogger!1.B69D (CLOUD)
Ikarus	Trojan-Downloader.MSIL.Small
Fortinet	PossibleThreat
AVG	Win32:DropperX-gen [Drp]
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_100% (W)
Qihoo-360	Win32/TrojanSpy.Generic.HgIASRIA

l8ywly0adHHMfa9UEHOA0OEd.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All