I have been following the steps word for word in the module, when I terminate Noriben as instructed, I get a pop up error that the pml file could not be read and that the csv file could not be created, has anyone else run into this issue?
Hi - I have the same issue and it occurs using both kali machine and the pwnbox - its such a simple set of instructions I assume it is a bug?
Figured it out through the help of HackTheBox support!
When you run Noriben and procmon starts, run the exe, close the message, then wait 10 minutes before closing procmon, after procmon is closed then you can CTRL+C out of Noriben.
Worked for me!
1 Like
Hey Venza! Nice one! Totally worked. Cannot believe the quirks of htb academy lol!! Also - the ip was the local address lol! Should we have been able to anticipate this?? Idk. Anyhow- just have to finish few more questions in this malware module and I will be eligible to take the soc exam - how you doing with progress? Are you following paths or just hitting modules in your own order? Help much appreciated! All best to you!
1 Like
Kinda skipping around in order, Im currently struggling on the first question of the code analysis segment of the Malware Analysis module, really hard question!
It didn’t work out for me. 
Any suggestions?
Hi, this is what I did to get it to work: I let Noriben run for aprox. 10 minutes, then opened Task Manager and terminated both ProcMon instances and then I Crtl-C out of Noriben. After that It worked and got the text file.
1 Like
Hi,
[Update]No need to wait 10 minutes 
1- Run Noriben
2- Run the malware (Shell.exe)
3- Close Procmon using Task Manager
4- Close Noriben (Ctrl+C)
The .txt file will popup then u can read the IP
2 Likes
It worked for me.Thank you.