Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	March 29, 2021, 9:28 a.m.	March 29, 2021, 9:32 a.m.

Size	1.4MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d9c426f7688fa244fa016d0c8aa9d7f3`
SHA256	`87acb56b84059232e2cd16cf7e2d5f2855aecf7ab2729ca22c3348159d10205a`
CRC32	`E4ABD0A1`
ssdeep	`24576:+xK6J1MEAEs0WJn56JthgK+gBwtfK+1Cm7i8RikllLtu3hWOokYFSi38H:QK6J1vvM56Jv4gBwtfKGCURRibcahH`
Yara	PE_Header_Zero - PE File Signature Zero escalate_priv - Escalade priviledges screenshot - Take screenshot keylogger - Run a keylogger win_registry - Affect system registries win_token - Affect system token win_files_operation - Affect private profile IsPE32 - (no description) IsWindowsGUI - (no description) IsPacked - Entropy Check HasOverlay - Overlay Check HasRichSignature - Rich Signature Check

lv.exe "C:\Users\test22\AppData\Local\Temp\lv.exe"
732
- 4.exe "C:\Users\test22\AppData\Local\Temp\New Feature\4.exe"
  2260
- 6.exe "C:\Users\test22\AppData\Local\Temp\New Feature\6.exe"
  2076
- vpn.exe "C:\Users\test22\AppData\Local\Temp\New Feature\vpn.exe"
  1836
  - at.exe "C:\Windows\System32\at.exe"
    2044
  - cmd.exe "C:\Windows\System32\cmd.exe" /c C:\Windows\system32\cmd.exe < Compatto.mov
    1632
    - cmd.exe C:\Windows\system32\cmd.exe
      1188
      - findstr.exe findstr /V /R "^cYTeoHVrOqLkcXGjrbFKOomyhlPuTSgqMixczWQTFZGqYVjctkUfrCbjmOPYROpWLLngClTuHLtPCnuaYzwIYZWlJiVEiRwR$" Animazione.mov
        1768
      - Suo.exe.com Suo.exe.com a
        2892
        
        Suo.exe.com C:\Users\test22\AppData\Roaming\IPJetaNqFjk\Suo.exe.com a
        1896
      - PING.EXE ping 127.0.0.1 -n 30
        204

Name	Response	Post-Analysis Lookup
ZbMBYMOhExfgYPJhZS.ZbMBYMOhExfgYPJhZS

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (2 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent March 29, 2021, 9:28 a.m.			0	0
IsDebuggerPresent March 29, 2021, 9:28 a.m.			0	0

Command line console output was observed (50 out of 1901 events)

Time & API	Arguments	Status	Return
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: There are no entries in the list. console_handle: 0x00000007	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: Microsoft Windows [Version 6.1.7601] console_handle: 0x00000007	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: Copyright (c) 2009 Microsoft Corporation. All rights reserved. console_handle: 0x00000007	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: C:\Users\test22\AppData\Roaming\IPJetaNqFjk> console_handle: 0x00000007	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: TTLTlCkxBdvsATFqtrhsBoeweWXoigombwHzBvmJkpLQbJMDQROUwzNKRJ=hFrhjiWUnjjmIDDuabjEzlzsfmhnrgXCRFkriVmJAOhsEausbhxhEybrkMYMTnRlgJHesmZvXCrEWeNXzWqQTKXMioScXNQwXreUKtZYhXfewSupYqzWnqdEMVUpHDmlMeHTZSjfXwCWxVKfwIvWzTDXMboOpQdJbyfZkhpyNtZvbxlRkFi console_handle: 0x00000007	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: 'TTLTlCkxBdvsATFqtrhsBoeweWXoigombwHzBvmJkpLQbJMDQROUwzNKRJ' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x0000000b	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: C:\Users\test22\AppData\Roaming\IPJetaNqFjk> console_handle: 0x00000007	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: iDQTnJiCKnuiLSnfFKrOmdofUumshdDDIsCUgvAByHxfYRLEWUkACamQxAYalPgxUCnzdDqplCJSVTs=cUcatrqdSLAObosfaqxcasgzUefqIHUBoVXfxWfRBoAEejLekzmVnWJrFwneNqHkRZFBkwUvLCTlQKdHshPfiZ console_handle: 0x00000007	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: 'iDQTnJiCKnuiLSnfFKrOmdofUumshdDDIsCUgvAByHxfYRLEWUkACamQxAYalPgxUCnzdDqplCJSVTs' is not recognized as an internal or external command, operable program or bat console_handle: 0x0000000b	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: ch file. console_handle: 0x0000000b	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: C:\Users\test22\AppData\Roaming\IPJetaNqFjk> console_handle: 0x00000007	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: jkTKabhtBAfMrHpRpnrlVrmhVLQKmkatSVzfsdCZbnsKBXjqivF=tOioMGPHGCFfokUigTmSWtMbLOLXnQDeGBZrOlDLBUaVSeCdryMhXMUqeKbXURoQZCIGkRzrdNswLREIjcTzrfyUHZwtMFRKLBVfzVtjLIWlcSglyOLnXPMJbOZkQfdLWGdpVgfddHHczUnPKQYYTaMWPjREWScvslgOCtgQmxidisdCdl console_handle: 0x00000007	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: 'jkTKabhtBAfMrHpRpnrlVrmhVLQKmkatSVzfsdCZbnsKBXjqivF' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x0000000b	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: C:\Users\test22\AppData\Roaming\IPJetaNqFjk> console_handle: 0x00000007	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: ZdaRDUzxJvKxnkkroGKjGBommkvOnVfgMsvuZzKToKFzOqJtWhoWFXUnoSaanEWNi=HuPttPVQrVWOKnBsRlNzIPvXXuqaxDNRkaaDgRpzqPTYCzoTQuMLqONSJRuXODvmotDayYrqwzzTVbcEYuChQeQvFATvKkEvzzQbQPOSrMKGcTXkvCZIwoIuguNFtGfPPW console_handle: 0x00000007	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: 'ZdaRDUzxJvKxnkkroGKjGBommkvOnVfgMsvuZzKToKFzOqJtWhoWFXUnoSaanEWNi' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x0000000b	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: C:\Users\test22\AppData\Roaming\IPJetaNqFjk> console_handle: 0x00000007	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: BHXNoaJptspwLDHqokWclKKpKeoNbbURmzcEnOQfsYEOtywevGuDSAfRWOrulWMGb=BairBzcGtjyWyEqydRsdZYrEHKKKyxkYsMDJUztMokvrLqInytGVfuaDgDcRJKBJqiEawskWMEiNBqTHwkEwNdJlzqxdXhrbKNeDcfbOSJoLYFwgKNPbymVKn console_handle: 0x00000007	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: 'BHXNoaJptspwLDHqokWclKKpKeoNbbURmzcEnOQfsYEOtywevGuDSAfRWOrulWMGb' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x0000000b	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: C:\Users\test22\AppData\Roaming\IPJetaNqFjk> console_handle: 0x00000007	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: ZqWUYmAKeOXfkMOQoroXkOZuGlnGslRaywdvSYLIkgChdcBeIfsRCAikwPgOw=aSWFllcsYlamMXkMPlIcXeTZPETtceJWGsWKdLlsHssumeNlZfqruGVdYWPFddWVAvScqBcrZdOGKNANRJyyeGPqcGMzVFwdxcFelapnTWrQSfFkveOHkQTUGSZxOeixfbkgibCnmGjyCZiuqAXTRztECLvszPJROJBxrdtYmfoFENsHKSzhtgDV console_handle: 0x00000007	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: 'ZqWUYmAKeOXfkMOQoroXkOZuGlnGslRaywdvSYLIkgChdcBeIfsRCAikwPgOw' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x0000000b	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: C:\Users\test22\AppData\Roaming\IPJetaNqFjk> console_handle: 0x00000007	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: HMcwkyJWxsTbNrKvZxBkmqOzOHAvcNmyGwvEIWgpnIpvbpWPJRtUwJUHXwjDF=AHRNRMHyOrysMQQsVFKLNEIFtWuPGHJLEkiCFKsloDrwOJWrQFyHSUAWZkJVFRnizxNBJhMkhmDpBGQcZrYwBwSKKkDxwvFdtWHxVxxCTTzasdx console_handle: 0x00000007	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: 'HMcwkyJWxsTbNrKvZxBkmqOzOHAvcNmyGwvEIWgpnIpvbpWPJRtUwJUHXwjDF' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x0000000b	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: C:\Users\test22\AppData\Roaming\IPJetaNqFjk> console_handle: 0x00000007	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: xhVCTbFsCeRbKalQUjyFZvmFIciHImzzQlZNBevGdfSTDWSBJCbtkOzYOfTn=YJeJbHAabfRPnfJEGwMDFYywfowRqYkpYfaFPpufsokhGgMmJxogiUKZEqxfFIsmrIQpXrOvVbkbMRcqcCiGPXetFawPPRJIQMlXnDCGFLaJJhjMFxTrBL console_handle: 0x00000007	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: 'xhVCTbFsCeRbKalQUjyFZvmFIciHImzzQlZNBevGdfSTDWSBJCbtkOzYOfTn' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x0000000b	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: C:\Users\test22\AppData\Roaming\IPJetaNqFjk> console_handle: 0x00000007	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: yGMDFwZHtNCGqHbCSZAqrFaxsyglcXFiyetsLZXEGtgVuHjyiRwrqKFAhsjmNOjuocBYCy=SeWxZdvgKSoeDWBucvEtxNbRRSiNLyhDwwowtdGpQrBGEMJlGgyBXwvyEyCipJCEFFwBNAwtQcgdkQjypWivZMGqFrvZNmZiAXwZKivyhwKCNyTOSvXjBuESZwWKressciQgOhcwAwpYwrjmpIisBMFxapZJlMelKzuGfFqEwVMmXFQVOb console_handle: 0x00000007	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: 'yGMDFwZHtNCGqHbCSZAqrFaxsyglcXFiyetsLZXEGtgVuHjyiRwrqKFAhsjmNOjuocBYCy' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x0000000b	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: C:\Users\test22\AppData\Roaming\IPJetaNqFjk> console_handle: 0x00000007	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: Set zJvkAQxSjxMmOucpVrpxEYouOodAhjdJjbEhuTwjvvRTXf=Z console_handle: 0x00000007	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: C:\Users\test22\AppData\Roaming\IPJetaNqFjk> console_handle: 0x00000007	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: cdftYmYdiYijVNsJlIcYokpQrBzIEynCsVjjqAwFnvkuNAdTYwzPIUApinqbudMemFVqAy=JHPAMZerDlAJCLITvxryBADmiJpGoFdaTaJoSxOptcbjGGpdRLnGbZuprdaeQvUXUiQleAweGTwuesSBASPbuKVTjAtCeLaHAmsmPZgdJvZDYquMbQCYHbRljXXBcmZVAzFCZzLAEnNJKsUjzatkoxqrIujSwMV console_handle: 0x00000007	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: 'cdftYmYdiYijVNsJlIcYokpQrBzIEynCsVjjqAwFnvkuNAdTYwzPIUApinqbudMemFVqAy' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x0000000b	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: C:\Users\test22\AppData\Roaming\IPJetaNqFjk> console_handle: 0x00000007	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: vtrFxDMrywxoKiAUeLiexOMuaCUSuTmRDCjFgfRQGwuuZSzAGaPfESQI=WjSJTWjCDEiVUFMUsvzIGumpxjOrpjKLEhaeZuMtTDvhkELNrchvbqMQMIgHopzdTvsHhKUlJgOeJjYPAwZOZggEBBfdRyWKluzPhrmzAeMpkJuAKmuupFsFiN console_handle: 0x00000007	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: 'vtrFxDMrywxoKiAUeLiexOMuaCUSuTmRDCjFgfRQGwuuZSzAGaPfESQI' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x0000000b	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: C:\Users\test22\AppData\Roaming\IPJetaNqFjk> console_handle: 0x00000007	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: LxEaEsrRDSoBvBGhWCtaRcPFaYPBFOOHAXNYWJiRiSDHCYJECsxer=gdFZqGCCkOtBqmOIsjchlZSirxglZgzMEuIbzXJBfFGODqXlQTqiGPpfnnVGssCXxsXUQsfzDUYFzrDrbtzyhkyOWaYUwrpXrIzjeezmEGEMREWxVSphXvKojpXbaxa console_handle: 0x00000007	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: 'LxEaEsrRDSoBvBGhWCtaRcPFaYPBFOOHAXNYWJiRiSDHCYJECsxer' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x0000000b	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: C:\Users\test22\AppData\Roaming\IPJetaNqFjk> console_handle: 0x00000007	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: KqBKKdqxKUBGHaWavDZoUWZGYlqTtWilgreRejKERODrVrBTjFwOxpGNqVMmdidNN=aDdyflScdyzWKUJiGnUaPtbgQimkhKnPdFKXCidRVZSAxtlRPpBRTxAguefoKHiGHDGypMEmorvQkWTMWIcrpGWVtvQmRiugRjTRbyIrEwIPXKrloCkekr console_handle: 0x00000007	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: 'KqBKKdqxKUBGHaWavDZoUWZGYlqTtWilgreRejKERODrVrBTjFwOxpGNqVMmdidNN' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x0000000b	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: C:\Users\test22\AppData\Roaming\IPJetaNqFjk> console_handle: 0x00000007	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: qHKwNVtHqWoZZregRqaniYuYxzGdfWteNOSpNrUoAxISPKtuugxeTFdeALGxgNa=SyjllSANypYMdgoJfmlwBwponQJebATMeDqJnTWhNGXJGDMjCXtODsCQWrLxpndEdjKMhmkcDWhUtmCVrbmmctoLqp console_handle: 0x00000007	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: 'qHKwNVtHqWoZZregRqaniYuYxzGdfWteNOSpNrUoAxISPKtuugxeTFdeALGxgNa' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x0000000b	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: C:\Users\test22\AppData\Roaming\IPJetaNqFjk> console_handle: 0x00000007	1	1
WriteConsoleW March 29, 2021, 9:28 a.m.	buffer: xoBtfdazzSZYrLJkGrHLvBPdMZQojrZLtLQjeSYEMuoerncOMTCHandTalafApifThTsVvpN=rZfzNhhDecaBazGcXURAItCZSpPFtSdKOCfnqAFXyMbNOOBUhWYCshvZvdADbImpyIMPtixbgTcWGPktIVsiUOaBufe console_handle: 0x00000007	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx March 29, 2021, 9:28 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 131072 events)

Time & API	Arguments	Status
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 1883822070 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1
__exception__ March 29, 2021, 9:28 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 4+0x2b820 @ 0x42b820 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635684 registers.edi: 12845056 registers.eax: 4294967288 registers.ebp: 1635736 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 2680	1

Allocates read-write-execute memory (usually to unpack itself) (30 events)

Time & API	Arguments	Status
NtProtectVirtualMemory March 29, 2021, 9:28 a.m.	process_identifier: 732 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73721000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 29, 2021, 9:28 a.m.	process_identifier: 732 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74e51000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 29, 2021, 9:28 a.m.	process_identifier: 732 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10001000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 29, 2021, 9:28 a.m.	process_identifier: 732 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73711000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 29, 2021, 9:28 a.m.	process_identifier: 732 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 29, 2021, 9:28 a.m.	process_identifier: 732 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72764000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 29, 2021, 9:28 a.m.	process_identifier: 732 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 29, 2021, 9:28 a.m.	process_identifier: 2260 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 90112 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c83000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 29, 2021, 9:28 a.m.	process_identifier: 2076 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 126976 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a03000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 29, 2021, 9:28 a.m.	process_identifier: 1836 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72941000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 29, 2021, 9:28 a.m.	process_identifier: 1836 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72904000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 29, 2021, 9:28 a.m.	process_identifier: 1836 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72942000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 29, 2021, 9:28 a.m.	process_identifier: 2044 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x736f1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 29, 2021, 9:28 a.m.	process_identifier: 2044 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72521000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 29, 2021, 9:28 a.m.	process_identifier: 2044 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72511000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 29, 2021, 9:28 a.m.	process_identifier: 2044 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x724c1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 29, 2021, 9:28 a.m.	process_identifier: 2044 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72521000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 29, 2021, 9:28 a.m.	process_identifier: 2892 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72941000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 29, 2021, 9:28 a.m.	process_identifier: 2892 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72904000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 29, 2021, 9:28 a.m.	process_identifier: 2892 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72942000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 29, 2021, 9:28 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72941000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 29, 2021, 9:28 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72904000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 29, 2021, 9:28 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72942000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 29, 2021, 9:28 a.m.	process_identifier: 1896 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b90000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory March 29, 2021, 9:28 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 106496 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03eb1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 29, 2021, 9:28 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03ecb000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 29, 2021, 9:28 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03ed3000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 29, 2021, 9:28 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03ed5000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 29, 2021, 9:28 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03ed6000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 29, 2021, 9:28 a.m.	process_identifier: 204 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73321000 process_handle: 0xffffffff	1

Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (1 event)

Time & API	Arguments	Status	Return	Repeated
GetDiskFreeSpaceExW March 29, 2021, 9:28 a.m.	total_number_of_free_bytes: 0 free_bytes_available: 13722529792 root_path: C:\Users\test22\AppData\Roaming\IPJetaNqFjk total_number_of_bytes: 0	1	1	0

Creates executable files on the filesystem (5 events)

file	C:\Users\test22\AppData\Local\Temp\New Feature\vpn.exe
file	C:\Users\test22\AppData\Local\Temp\New Feature\4.exe
file	C:\Users\test22\AppData\Local\Temp\nsf6442.tmp\UAC.dll
file	C:\Users\test22\AppData\Local\Temp\New Feature\6.exe
file	C:\Users\test22\AppData\Roaming\IPJetaNqFjk\Suo.exe.com

Creates a suspicious process (3 events)

cmdline	cmd /c C:\Windows\system32\cmd.exe < Compatto.mov
cmdline	C:\Windows\system32\cmd.exe
cmdline	"C:\Windows\System32\cmd.exe" /c C:\Windows\system32\cmd.exe < Compatto.mov

Drops an executable to the user AppData folder (4 events)

file	C:\Users\test22\AppData\Local\Temp\nsf6442.tmp\UAC.dll
file	C:\Users\test22\AppData\Local\Temp\New Feature\vpn.exe
file	C:\Users\test22\AppData\Local\Temp\New Feature\4.exe
file	C:\Users\test22\AppData\Local\Temp\New Feature\6.exe

A process created a hidden window (2 events)

Time & API	Arguments	Status	Return	Repeated
ShellExecuteExW March 29, 2021, 9:28 a.m.	show_type: 0 filepath_r: at.exe parameters: filepath: at.exe	1	1	0
ShellExecuteExW March 29, 2021, 9:28 a.m.	show_type: 0 filepath_r: cmd parameters: /c C:\Windows\system32\cmd.exe < Compatto.mov filepath: cmd	1	1	0

The binary likely contains encrypted or compressed data indicative of a packer (1 event)

section

{u'size_of_data': u'0x00001000', u'virtual_address': u'0x00171000', u'entropy': 7.903348971384409, u'name': u'.reloc', u'virtual_size': u'0x00000fd6'}

entropy

7.90334897138

description

A section with a high entropy has been found

Uses Windows utilities for basic Windows functionality (3 events)

cmdline	"C:\Windows\System32\at.exe"
cmdline	ping 127.0.0.1 -n 30
cmdline	at.exe

Attempts to identify installed AV products by installation directory (2 events)

file	C:\ProgramData\AVAST Software
file	C:\ProgramData\AVG

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 1188 resumed a thread in remote process 2892
NtResumeThread March 29, 2021, 9:28 a.m.	thread_handle: 0x00000134 suspend_count: 0 process_identifier: 2892	1	0	0

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ March 29, 2021, 9:28 a.m.	tid: 2680 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

File has been identified by 24 AntiVirus engines on VirusTotal as malicious (24 events)

Elastic	malicious (high confidence)
FireEye	Generic.mg.d9c426f7688fa244
McAfee	Artemis!D9C426F7688F
Zillya	Trojan.Alien.Win32.499
Sangfor	Trojan.Win32.Save.a
BitDefenderTheta	Gen:NN.ZexaF.34654.oqW@aavxZajG
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Generik.CPWWJWB
Avast	Win32:TrojanX-gen [Trj]
Kaspersky	HEUR:Trojan.Win32.Swisyn.gen
Tencent	Win32.Trojan.Swisyn.Wugy
Sophos	Generic ML PUA (PUA)
McAfee-GW-Edition	BehavesLike.Win32.Dropper.tc
APEX	Malicious
Avira	HEUR/AGEN.1140895
Microsoft	Trojan:Win32/Hynamer.C!ml
ZoneAlarm	HEUR:Trojan.Win32.Swisyn.gen
Cynet	Malicious (score: 100)
Malwarebytes	Malware.AI.2890551882
Rising	Malware.Heuristic!ET#90% (RDMK:cmRtazqg+N8OM7eGQ9cmvO3jPUtl)
SentinelOne	Static AI - Suspicious PE
eGambit	Unsafe.AI_Score_62%
AVG	Win32:TrojanX-gen [Trj]
CrowdStrike	win/malicious_confidence_60% (W)

lv.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All