Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 18, 2023, 6:12 p.m.	July 18, 2023, 6:18 p.m.

Size	162.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`d5d3f11ec57ac1722ca2ac9fab41b480`
SHA256	`8749c26002857510a8faf45fe42730aaa48bd73cc7f99fd181e776b383729f36`
CRC32	`6CA7FD30`
ssdeep	`3072:+NzPHk9MpcQbnlKmVmoq2JgcMgtytP29vSWjIVloAXLUxg3k:+hRFlcuYksWOoAbUxf`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

win32.exe "C:\Users\test22\AppData\Local\Temp\win32.exe"
2580
- cmd.exe cmd.exe /c set /a "250^177"
  2692
- cmd.exe cmd.exe /c set /a "244^177"
  2752
- cmd.exe cmd.exe /c set /a "227^177"
  2824
- cmd.exe cmd.exe /c set /a "255^177"
  2884
- cmd.exe cmd.exe /c set /a "244^177"
  2944
- cmd.exe cmd.exe /c set /a "253^177"
  3004
- cmd.exe cmd.exe /c set /a "130^177"
  3064
- cmd.exe cmd.exe /c set /a "131^177"
  2080
- cmd.exe cmd.exe /c set /a "139^177"
  1356
- cmd.exe cmd.exe /c set /a "139^177"
  2208
- cmd.exe cmd.exe /c set /a "242^177"
  2280
- cmd.exe cmd.exe /c set /a "195^177"
  2548
- cmd.exe cmd.exe /c set /a "212^177"
  2620
- cmd.exe cmd.exe /c set /a "208^177"
  2740
- cmd.exe cmd.exe /c set /a "197^177"
  2652
- cmd.exe cmd.exe /c set /a "212^177"
  2852
- cmd.exe cmd.exe /c set /a "247^177"
  2932
- cmd.exe cmd.exe /c set /a "216^177"
  3024
- cmd.exe cmd.exe /c set /a "221^177"
  940
- cmd.exe cmd.exe /c set /a "212^177"
  2084
- cmd.exe cmd.exe /c set /a "240^177"
  2236
- cmd.exe cmd.exe /c set /a "153^177"
  2444
- cmd.exe cmd.exe /c set /a "220^177"
  2560
- cmd.exe cmd.exe /c set /a "145^177"
  2612
- cmd.exe cmd.exe /c set /a "195^177"
  2844
- cmd.exe cmd.exe /c set /a "133^177"
  2964
- cmd.exe cmd.exe /c set /a "145^177"
  1120
- cmd.exe cmd.exe /c set /a "157^177"
  2120
- cmd.exe cmd.exe /c set /a "145^177"
  2268
- cmd.exe cmd.exe /c set /a "216^177"
  2532
- cmd.exe cmd.exe /c set /a "145^177"
  2600
- cmd.exe cmd.exe /c set /a "129^177"
  2788
- cmd.exe cmd.exe /c set /a "201^177"
  2972
- cmd.exe cmd.exe /c set /a "137^177"
  2124
- cmd.exe cmd.exe /c set /a "129^177"
  1964
- cmd.exe cmd.exe /c set /a "129^177"
  2684
- cmd.exe cmd.exe /c set /a "129^177"
  300
- cmd.exe cmd.exe /c set /a "129^177"
  504
- cmd.exe cmd.exe /c set /a "129^177"
  2888
- cmd.exe cmd.exe /c set /a "129^177"
  2224
- cmd.exe cmd.exe /c set /a "129^177"
  2576
- cmd.exe cmd.exe /c set /a "157^177"
  2816
- cmd.exe cmd.exe /c set /a "145^177"
  536
- cmd.exe cmd.exe /c set /a "216^177"
  452
- cmd.exe cmd.exe /c set /a "145^177"
  1080
- cmd.exe cmd.exe /c set /a "129^177"
  1304
- cmd.exe cmd.exe /c set /a "157^177"
  1520
- cmd.exe cmd.exe /c set /a "145^177"
  3044
- cmd.exe cmd.exe /c set /a "193^177"
  544
- cmd.exe cmd.exe /c set /a "145^177"
  2796
- cmd.exe cmd.exe /c set /a "129^177"
  2316
- cmd.exe cmd.exe /c set /a "157^177"
  2764
- cmd.exe cmd.exe /c set /a "145^177"
  1656
- cmd.exe cmd.exe /c set /a "216^177"
  2956
- cmd.exe cmd.exe /c set /a "145^177"
  2464
- cmd.exe cmd.exe /c set /a "133^177"
  1864
- cmd.exe cmd.exe /c set /a "157^177"
  2112
- cmd.exe cmd.exe /c set /a "145^177"
  192
- cmd.exe cmd.exe /c set /a "216^177"
  2468
- cmd.exe cmd.exe /c set /a "145^177"
  2928
- cmd.exe cmd.exe /c set /a "129^177"
  2292
- cmd.exe cmd.exe /c set /a "201^177"
  2264
- cmd.exe cmd.exe /c set /a "137^177"
  3116
- cmd.exe cmd.exe /c set /a "129^177"
  3176
- cmd.exe cmd.exe /c set /a "157^177"
  3240
- cmd.exe cmd.exe /c set /a "145^177"
  3300
- cmd.exe cmd.exe /c set /a "216^177"
  3360
- cmd.exe cmd.exe /c set /a "145^177"
  3420
- cmd.exe cmd.exe /c set /a "129^177"
  3480
- cmd.exe cmd.exe /c set /a "152^177"
  3540
- cmd.exe cmd.exe /c set /a "216^177"
  3600
- cmd.exe cmd.exe /c set /a "159^177"
  3660
- cmd.exe cmd.exe /c set /a "195^177"
  3728
- cmd.exe cmd.exe /c set /a "132^177"
  3788
- cmd.exe cmd.exe /c set /a "141^177"
  3872
- cmd.exe cmd.exe /c set /a "250^177"
  3932
- cmd.exe cmd.exe /c set /a "244^177"
  3992
- cmd.exe cmd.exe /c set /a "227^177"
  4052
- cmd.exe cmd.exe /c set /a "255^177"
  3084
- cmd.exe cmd.exe /c set /a "244^177"
  1108
- cmd.exe cmd.exe /c set /a "253^177"
  3216
- cmd.exe cmd.exe /c set /a "130^177"
  3320
- cmd.exe cmd.exe /c set /a "131^177"
  3404
- cmd.exe cmd.exe /c set /a "139^177"
  3456
- cmd.exe cmd.exe /c set /a "139^177"
  3572
- cmd.exe cmd.exe /c set /a "231^177"
  3656
- cmd.exe cmd.exe /c set /a "216^177"
  1308
- cmd.exe cmd.exe /c set /a "195^177"
  3696
- cmd.exe cmd.exe /c set /a "197^177"
  3820
- cmd.exe cmd.exe /c set /a "196^177"
  3884
- cmd.exe cmd.exe /c set /a "208^177"
  3980
- cmd.exe cmd.exe /c set /a "221^177"
  4072
- cmd.exe cmd.exe /c set /a "240^177"
  3136
- cmd.exe cmd.exe /c set /a "221^177"
  3220
- cmd.exe cmd.exe /c set /a "221^177"
  3356
- cmd.exe cmd.exe /c set /a "222^177"
  3452
- cmd.exe cmd.exe /c set /a "210^177"
  3552
- cmd.exe cmd.exe /c set /a "153^177"
  3568
- cmd.exe cmd.exe /c set /a "216^177"
  936
- cmd.exe cmd.exe /c set /a "145^177"
  3808
- cmd.exe cmd.exe /c set /a "129^177"
  3816
- cmd.exe cmd.exe /c set /a "157^177"
  3936
- cmd.exe cmd.exe /c set /a "216^177"
  3144
- cmd.exe cmd.exe /c set /a "145^177"
  3288
- cmd.exe cmd.exe /c set /a "130^177"
  3364
- cmd.exe cmd.exe /c set /a "129^177"
  3496
- cmd.exe cmd.exe /c set /a "130^177"
  1316
- cmd.exe cmd.exe /c set /a "134^177"
  3772
- cmd.exe cmd.exe /c set /a "132^177"
  3964
- cmd.exe cmd.exe /c set /a "136^177"
  4056
- cmd.exe cmd.exe /c set /a "130^177"
  3252
- cmd.exe cmd.exe /c set /a "135^177"
  3464
- cmd.exe cmd.exe /c set /a "157^177"
  3620
- cmd.exe cmd.exe /c set /a "145^177"
  3680
- cmd.exe cmd.exe /c set /a "216^177"
  3972
- cmd.exe cmd.exe /c set /a "145^177"
  3160
- cmd.exe cmd.exe /c set /a "129^177"
  3332
- cmd.exe cmd.exe /c set /a "201^177"
  3716
- cmd.exe cmd.exe /c set /a "130^177"
  3904
- cmd.exe cmd.exe /c set /a "129^177"
  3152
- cmd.exe cmd.exe /c set /a "129^177"
  3612
- cmd.exe cmd.exe /c set /a "129^177"
  3928
- cmd.exe cmd.exe /c set /a "157^177"
  3132
- cmd.exe cmd.exe /c set /a "145^177"
  3868
- cmd.exe cmd.exe /c set /a "216^177"
  3708
- cmd.exe cmd.exe /c set /a "145^177"
  3272
- cmd.exe cmd.exe /c set /a "129^177"
  3844
- cmd.exe cmd.exe /c set /a "201^177"
  3892
- cmd.exe cmd.exe /c set /a "133^177"
  3476
- cmd.exe cmd.exe /c set /a "129^177"
  4108
- cmd.exe cmd.exe /c set /a "152^177"
  4168
- cmd.exe cmd.exe /c set /a "193^177"
  4228
- cmd.exe cmd.exe /c set /a "159^177"
  4288
- cmd.exe cmd.exe /c set /a "195^177"
  4348
- cmd.exe cmd.exe /c set /a "128^177"
  4408
- cmd.exe cmd.exe /c set /a "141^177"
  4468
- cmd.exe cmd.exe /c set /a "250^177"
  4528
- cmd.exe cmd.exe /c set /a "244^177"
  4588
- cmd.exe cmd.exe /c set /a "227^177"
  4648
- cmd.exe cmd.exe /c set /a "255^177"
  4708
- cmd.exe cmd.exe /c set /a "244^177"
  4768
- cmd.exe cmd.exe /c set /a "253^177"
  4828
- cmd.exe cmd.exe /c set /a "130^177"
  4888
- cmd.exe cmd.exe /c set /a "131^177"
  4948
- cmd.exe cmd.exe /c set /a "139^177"
  5008
- cmd.exe cmd.exe /c set /a "139^177"
  5068
- cmd.exe cmd.exe /c set /a "226^177"
  3584
- cmd.exe cmd.exe /c set /a "212^177"
  4180
- cmd.exe cmd.exe /c set /a "197^177"
  4268
- cmd.exe cmd.exe /c set /a "247^177"
  4420
- cmd.exe cmd.exe /c set /a "216^177"
  4512
- cmd.exe cmd.exe /c set /a "221^177"
  4564
- cmd.exe cmd.exe /c set /a "212^177"
  4680
- cmd.exe cmd.exe /c set /a "225^177"
  4764
- cmd.exe cmd.exe /c set /a "222^177"
  4844
- cmd.exe cmd.exe /c set /a "216^177"
  4892
- cmd.exe cmd.exe /c set /a "223^177"
  5040
- cmd.exe cmd.exe /c set /a "197^177"
  4104
- cmd.exe cmd.exe /c set /a "212^177"
  4216
- cmd.exe cmd.exe /c set /a "195^177"
  4308
- cmd.exe cmd.exe /c set /a "153^177"
  4508
- cmd.exe cmd.exe /c set /a "216^177"
  4556
- cmd.exe cmd.exe /c set /a "145^177"
  4724
- cmd.exe cmd.exe /c set /a "195^177"
  4824
- cmd.exe cmd.exe /c set /a "132^177"
  4864
- cmd.exe cmd.exe /c set /a "157^177"
  4996
- cmd.exe cmd.exe /c set /a "145^177"
  4136
- cmd.exe cmd.exe /c set /a "216^177"
  4300
- cmd.exe cmd.exe /c set /a "145^177"
  4484
- cmd.exe cmd.exe /c set /a "135^177"
  4624
- cmd.exe cmd.exe /c set /a "134^177"
  4908
- cmd.exe cmd.exe /c set /a "134^177"
  4932
- cmd.exe cmd.exe /c set /a "145^177"
  4184
- cmd.exe cmd.exe /c set /a "157^177"
  4480
- cmd.exe cmd.exe /c set /a "145^177"
  4540
- cmd.exe cmd.exe /c set /a "216^177"
  4980
- cmd.exe cmd.exe /c set /a "145^177"
  4156
- cmd.exe cmd.exe /c set /a "129^177"
  4264
- cmd.exe cmd.exe /c set /a "157^177"
  4872
- cmd.exe cmd.exe /c set /a "216^177"
  5088
- cmd.exe cmd.exe /c set /a "145^177"
  4144
- cmd.exe cmd.exe /c set /a "129^177"
  4848
- cmd.exe cmd.exe /c set /a "152^177"
  4204
- cmd.exe cmd.exe /c set /a "216^177"
  4952
- cmd.exe cmd.exe /c set /a "159^177"
  4344
- cmd.exe cmd.exe /c set /a "195^177"
  5100
- cmd.exe cmd.exe /c set /a "130^177"
  4524
- cmd.exe cmd.exe /c set /a "141^177"
  4756
- cmd.exe cmd.exe /c set /a "250^177"
  5128
- cmd.exe cmd.exe /c set /a "244^177"
  5188
- cmd.exe cmd.exe /c set /a "227^177"
  5248
- cmd.exe cmd.exe /c set /a "255^177"
  5308
- cmd.exe cmd.exe /c set /a "244^177"
  5368
- cmd.exe cmd.exe /c set /a "253^177"
  5428
- cmd.exe cmd.exe /c set /a "130^177"
  5488
- cmd.exe cmd.exe /c set /a "131^177"
  5548
- cmd.exe cmd.exe /c set /a "139^177"
  5608
- cmd.exe cmd.exe /c set /a "139^177"
  5668
- cmd.exe cmd.exe /c set /a "227^177"
  5728
- cmd.exe cmd.exe /c set /a "212^177"
  5788
- cmd.exe cmd.exe /c set /a "208^177"
  5848
- cmd.exe cmd.exe /c set /a "213^177"
  5908
- cmd.exe cmd.exe /c set /a "247^177"
  5968
- cmd.exe cmd.exe /c set /a "216^177"
  6028
- cmd.exe cmd.exe /c set /a "221^177"
  6088
- cmd.exe cmd.exe /c set /a "212^177"
  5124
- cmd.exe cmd.exe /c set /a "153^177"
  5204
- cmd.exe cmd.exe /c set /a "216^177"
  5276
- cmd.exe cmd.exe /c set /a "145^177"
  5356
- cmd.exe cmd.exe /c set /a "195^177"
  5440
- cmd.exe cmd.exe /c set /a "132^177"
  5568
- cmd.exe cmd.exe /c set /a "157^177"
  5636
- cmd.exe cmd.exe /c set /a "145^177"
  5712
- cmd.exe cmd.exe /c set /a "216^177"
  5800
- cmd.exe cmd.exe /c set /a "145^177"
  5888
- cmd.exe cmd.exe /c set /a "195^177"
  5912
- cmd.exe cmd.exe /c set /a "128^177"
  6040
- cmd.exe cmd.exe /c set /a "157^177"
  6132
- cmd.exe cmd.exe /c set /a "145^177"
  5296
- cmd.exe cmd.exe /c set /a "216^177"
  5416
- cmd.exe cmd.exe /c set /a "145^177"
  5504
- cmd.exe cmd.exe /c set /a "130^177"
  5560
- cmd.exe cmd.exe /c set /a "129^177"
  5688
- cmd.exe cmd.exe /c set /a "130^177"
  5880
- cmd.exe cmd.exe /c set /a "134^177"
  5940
- cmd.exe cmd.exe /c set /a "132^177"
  6064
- cmd.exe cmd.exe /c set /a "136^177"
  5176
- cmd.exe cmd.exe /c set /a "130^177"
  5468
- cmd.exe cmd.exe /c set /a "135^177"
  5580
- cmd.exe cmd.exe /c set /a "157^177"
  5744
- cmd.exe cmd.exe /c set /a "155^177"
  5792
- cmd.exe cmd.exe /c set /a "216^177"
  6016
- cmd.exe cmd.exe /c set /a "145^177"
  6124
- cmd.exe cmd.exe /c set /a "129^177"
  5500
- cmd.exe cmd.exe /c set /a "157^177"
  5740
- cmd.exe cmd.exe /c set /a "145^177"
  1644
- cmd.exe cmd.exe /c set /a "216^177"
  5972
- cmd.exe cmd.exe /c set /a "145^177"
  6092
- cmd.exe cmd.exe /c set /a "129^177"
  5816
- cmd.exe cmd.exe /c set /a "152^177"
  1432
- cmd.exe cmd.exe /c set /a "216^177"
  5832
- cmd.exe cmd.exe /c set /a "159^177"
  6100
- cmd.exe cmd.exe /c set /a "195^177"
  1092
- cmd.exe cmd.exe /c set /a "130^177"
  5384
- cmd.exe cmd.exe /c set /a "141^177"
  2168
- cmd.exe cmd.exe /c set /a "196^177"
  5936
- cmd.exe cmd.exe /c set /a "194^177"
  5364
- cmd.exe cmd.exe /c set /a "212^177"
  6188
- cmd.exe cmd.exe /c set /a "195^177"
  6248
- cmd.exe cmd.exe /c set /a "130^177"
  6308
- cmd.exe cmd.exe /c set /a "131^177"
  6372
- cmd.exe cmd.exe /c set /a "139^177"
  6432
- cmd.exe cmd.exe /c set /a "139^177"
  6492
- cmd.exe cmd.exe /c set /a "242^177"
  6552
- cmd.exe cmd.exe /c set /a "208^177"
  6612
- cmd.exe cmd.exe /c set /a "221^177"
  6672
- cmd.exe cmd.exe /c set /a "221^177"
  6732
- cmd.exe cmd.exe /c set /a "230^177"
  6792
- cmd.exe cmd.exe /c set /a "216^177"
  6852
- cmd.exe cmd.exe /c set /a "223^177"
  6912
- cmd.exe cmd.exe /c set /a "213^177"
  6972
- cmd.exe cmd.exe /c set /a "222^177"
  7036
- cmd.exe cmd.exe /c set /a "198^177"
  7096
- cmd.exe cmd.exe /c set /a "225^177"
  7156
- cmd.exe cmd.exe /c set /a "195^177"
  732
- cmd.exe cmd.exe /c set /a "222^177"
  6192
- cmd.exe cmd.exe /c set /a "210^177"
  6328
- cmd.exe cmd.exe /c set /a "240^177"
  6400
- cmd.exe cmd.exe /c set /a "153^177"
  6480
- cmd.exe cmd.exe /c set /a "216^177"
  1544
- cmd.exe cmd.exe /c set /a "145^177"
  6556
- cmd.exe cmd.exe /c set /a "195^177"
  6688
- cmd.exe cmd.exe /c set /a "128^177"
  6788
- cmd.exe cmd.exe /c set /a "145^177"
  6796
- cmd.exe cmd.exe /c set /a "157^177"
  6940
- cmd.exe cmd.exe /c set /a "216^177"
  7020
- cmd.exe cmd.exe /c set /a "145^177"
  7112
- cmd.exe cmd.exe /c set /a "129^177"
  6148
- cmd.exe cmd.exe /c set /a "157^177"
  6172
- cmd.exe cmd.exe /c set /a "216^177"
  1800
- cmd.exe cmd.exe /c set /a "145^177"
  6336
- cmd.exe cmd.exe /c set /a "129^177"
  2044
- cmd.exe cmd.exe /c set /a "157^177"
  1872
- cmd.exe cmd.exe /c set /a "145^177"
  6624
- cmd.exe cmd.exe /c set /a "216^177"
  6744
- cmd.exe cmd.exe /c set /a "145^177"
  6776
- cmd.exe cmd.exe /c set /a "129^177"
  6960
- cmd.exe cmd.exe /c set /a "157^177"
  7092
- cmd.exe cmd.exe /c set /a "145^177"
  7116
- cmd.exe cmd.exe /c set /a "216^177"
  2360
- cmd.exe cmd.exe /c set /a "145^177"
  6356
- cmd.exe cmd.exe /c set /a "129^177"
  1268
- cmd.exe cmd.exe /c set /a "152^177"
  6476
- cmd.exe cmd.exe /c set /a "141^177"
  6768

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
162.55.60.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 18, 2023, 6:12 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 6a a7 8d 95 4a 6a 64 05 68 23 95 17 fd cc 71 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x59ac37a registers.esp: 66844460 registers.edi: 120840 registers.eax: 6183264 registers.ebp: 66844460 registers.edx: 94027776 registers.ebx: 94027776 registers.esi: 1995838602 registers.ecx: 94028631	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 71 64 51 41 f2 ef 19 f8 51 be 3e 89 3e 6c 3b exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x59ac388 registers.esp: 66844456 registers.edi: 120840 registers.eax: 6183264 registers.ebp: 66844460 registers.edx: 94027776 registers.ebx: 94027776 registers.esi: 1995838602 registers.ecx: 94028631	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 07 6f b8 6d b5 71 c5 4c 05 06 00 5f 81 34 24 exception.instruction: mov dword ptr [edi], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59ac3b2 registers.esp: 66844452 registers.edi: 19236 registers.eax: 6183264 registers.ebp: 66844460 registers.edx: 94027776 registers.ebx: 94027776 registers.esi: 1995838602 registers.ecx: 94028631	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 3b 77 85 40 c1 e8 ee a8 c1 36 b7 2e 0a 32 02 exception.instruction: mov dword ptr [ebx], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59ac3eb registers.esp: 66844452 registers.edi: 120840 registers.eax: 6183264 registers.ebp: 66844460 registers.edx: 94027776 registers.ebx: 46774 registers.esi: 1995838602 registers.ecx: 94028631	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 67 b8 23 ff 74 24 04 8f 85 44 01 00 00 50 b8 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x59b841f registers.esp: 66844452 registers.edi: 120840 registers.eax: 6183264 registers.ebp: 66844460 registers.edx: 94027776 registers.ebx: 94027776 registers.esi: 1995838602 registers.ecx: 94028631	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 18 76 e8 fc b3 f1 d3 6b c7 71 ed a8 b8 72 ab exception.instruction: mov dword ptr [eax], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59b8447 registers.esp: 66844448 registers.edi: 120840 registers.eax: 43273 registers.ebp: 66844460 registers.edx: 94027776 registers.ebx: 94027776 registers.esi: 1995838602 registers.ecx: 94028631	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 7c 06 69 db fd 4e 2d 2a ac 00 57 bf fc 00 00 00 exception.instruction: jl 0x59b8489 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x59b8481 registers.esp: 66844412 registers.edi: 120840 registers.eax: 256 registers.ebp: 66844460 registers.edx: 66844408 registers.ebx: 94027776 registers.esi: 1995838602 registers.ecx: 94028631	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 73 eb e0 83 18 53 26 8d 81 46 b7 e3 02 20 71 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x59b84b4 registers.esp: 66844420 registers.edi: 120840 registers.eax: 6183264 registers.ebp: 66844460 registers.edx: 94027776 registers.ebx: 94027776 registers.esi: 1995838602 registers.ecx: 660595217	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 36 72 f1 a4 0a ef aa 37 ee 73 7d 32 39 a2 43 exception.instruction: mov dword ptr [esi], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59b84e2 registers.esp: 66844416 registers.edi: 120840 registers.eax: 6183264 registers.ebp: 66844460 registers.edx: 94027776 registers.ebx: 94027776 registers.esi: 41719 registers.ecx: 2869275045	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 3e 74 01 bf bf 1b 4d 3d 82 82 f8 8b ed b9 24 exception.instruction: mov dword ptr [esi], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59b8512 registers.esp: 66844416 registers.edi: 120840 registers.eax: 6183264 registers.ebp: 66844460 registers.edx: 94027776 registers.ebx: 94027776 registers.esi: 28428 registers.ecx: 108	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 71 f7 a6 95 f0 1f 61 72 77 4f 1e 52 31 0b a0 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x59b8536 registers.esp: 66844412 registers.edi: 120840 registers.eax: 6183264 registers.ebp: 66844460 registers.edx: 94027776 registers.ebx: 94027776 registers.esi: 1995838602 registers.ecx: 94028631	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 71 02 65 87 37 00 80 fc 07 58 84 db 5f 81 04 24 exception.instruction: jno 0x59b857b exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x59b8577 registers.esp: 66844404 registers.edi: 256 registers.eax: 66844400 registers.ebp: 66844460 registers.edx: 94027776 registers.ebx: 94027776 registers.esi: 1995838602 registers.ecx: 94028631	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 76 07 74 d1 d3 ee b4 d4 e3 7e 03 72 9b c6 7d 76 exception.instruction: jbe 0x59b85af exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x59b85a6 registers.esp: 66844404 registers.edi: 256 registers.eax: 6183264 registers.ebp: 66844460 registers.edx: 94027776 registers.ebx: 66844400 registers.esi: 1995838602 registers.ecx: 94028631	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 03 71 20 27 5b 24 50 8f 14 34 ad ae 76 04 02 exception.instruction: mov dword ptr [ebx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59b85ee registers.esp: 66844404 registers.edi: 120840 registers.eax: 6183264 registers.ebp: 66844460 registers.edx: 94027776 registers.ebx: 23959 registers.esi: 1995838602 registers.ecx: 94028631	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 0b 6a 72 4a a9 0a c7 00 5b e8 f6 e2 00 00 89 exception.instruction: mov dword ptr [ebx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59b862e registers.esp: 66844404 registers.edi: 120840 registers.eax: 6183264 registers.ebp: 66844460 registers.edx: 3230904866 registers.ebx: 16254 registers.esi: 1995838602 registers.ecx: 66844408	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 77 0f 71 11 f8 eb 25 8c 9f 83 fa 5f d9 ab d3 45 exception.instruction: ja 0x59b8689 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x59b8678 registers.esp: 66844412 registers.edi: 120840 registers.eax: 256 registers.ebp: 66844460 registers.edx: 66844408 registers.ebx: 1763379607 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 6b 02 e9 56 0c e8 7d 57 8b bd a2 01 00 00 56 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x59b86af registers.esp: 66844420 registers.edi: 4 registers.eax: 1995635376 registers.ebp: 66844460 registers.edx: 1995596250 registers.ebx: 1763379607 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 75 07 69 73 b1 54 82 5f 25 00 84 f4 5a 66 85 d9 exception.instruction: jne 0x59b86e8 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x59b86df registers.esp: 66844408 registers.edi: 120840 registers.eax: 1995635376 registers.ebp: 66844460 registers.edx: 66844404 registers.ebx: 1763379607 registers.esi: 256 registers.ecx: 182	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 77 8b 3d e4 13 7d 5a d0 ce f0 0d f6 5f 4c 75 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x59b86f0 registers.esp: 66844416 registers.edi: 120840 registers.eax: 1995635376 registers.ebp: 66844460 registers.edx: 1995596250 registers.ebx: 1763379607 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 72 a8 69 e0 81 19 85 c3 82 39 27 47 e0 23 60 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x59b872a registers.esp: 66844412 registers.edi: 120840 registers.eax: 1995635376 registers.ebp: 66844460 registers.edx: 1995596250 registers.ebx: 66844460 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 64 97 45 e8 38 34 43 cc 77 05 7a ef 77 b2 b0 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x59b8762 registers.esp: 66844412 registers.edi: 120840 registers.eax: 1995635376 registers.ebp: 66844460 registers.edx: 1995596250 registers.ebx: 66844783 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 77 05 7a ef 77 b2 b0 b9 61 4b ed fc d9 f0 59 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x59b876a registers.esp: 66844412 registers.edi: 120840 registers.eax: 1995635376 registers.ebp: 66844460 registers.edx: 1995596250 registers.ebx: 66844784 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 7a 08 6c ef 58 82 ae ee 83 de 26 c6 ed fe 00 84 exception.instruction: jp 0x59b87b9 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x59b87af registers.esp: 66844400 registers.edi: 120840 registers.eax: 1995635376 registers.ebp: 66844460 registers.edx: 66844396 registers.ebx: 66844784 registers.esi: 256 registers.ecx: 182	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 13 76 c1 42 6f b2 74 a0 05 a2 5c 7d 10 6e cb exception.instruction: mov dword ptr [ebx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59b87fa registers.esp: 66844404 registers.edi: 120840 registers.eax: 1995635376 registers.ebp: 66844460 registers.edx: 1995596250 registers.ebx: 17145 registers.esi: 0 registers.ecx: 182	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 3b 75 5a 0f 12 4a 44 35 42 39 c1 9e c9 f2 0b exception.instruction: mov dword ptr [ebx], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59b888f registers.esp: 66844400 registers.edi: 120840 registers.eax: 1995635376 registers.ebp: 66844460 registers.edx: 1995596250 registers.ebx: 60998 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 70 03 65 05 25 00 85 db 5a 38 d1 5b 68 e2 27 fe exception.instruction: jo 0x59b88dc exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x59b88d7 registers.esp: 66844392 registers.edi: 120840 registers.eax: 1995635376 registers.ebp: 66844460 registers.edx: 66844388 registers.ebx: 256 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 08 75 94 e3 c1 4d 71 bf f3 cb db 13 85 8c 83 exception.instruction: mov dword ptr [eax], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59b890d registers.esp: 66844392 registers.edi: 120840 registers.eax: 61854 registers.ebp: 66844460 registers.edx: 1995596250 registers.ebx: 66844788 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 70 b8 0b 13 37 e2 e2 73 50 a5 2b 11 12 55 5d exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x59b8952 registers.esp: 66844452 registers.edi: 120840 registers.eax: 0 registers.ebp: 66844460 registers.edx: 94027776 registers.ebx: 94027776 registers.esi: 1995838602 registers.ecx: 94028631	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 6f f7 37 68 19 fa b7 47 e8 d4 00 8b b5 52 02 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x59b896e registers.esp: 66844448 registers.edi: 120840 registers.eax: 0 registers.ebp: 66844460 registers.edx: 94027776 registers.ebx: 94027776 registers.esi: 94028631 registers.ecx: 94028631	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 78 04 6a 92 7a 3d 01 6f 00 85 c8 5f 85 ca 5a 81 exception.instruction: js 0x59b89b2 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x59b89ac registers.esp: 66844440 registers.edi: 66844436 registers.eax: 0 registers.ebp: 66844460 registers.edx: 256 registers.ebx: 907214411 registers.esi: 1995838602 registers.ecx: 94028631	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 71 b0 12 d2 0d e4 14 4d 99 0b f6 7f 3f 45 12 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x59b89dc registers.esp: 66844448 registers.edi: 120840 registers.eax: 4 registers.ebp: 66844460 registers.edx: 94027776 registers.ebx: 94027776 registers.esi: 1995838602 registers.ecx: 5701636	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 38 6f 3b f3 d0 90 53 1a d6 e1 00 58 31 04 24 exception.instruction: mov dword ptr [eax], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59b8a06 registers.esp: 66844440 registers.edi: 120840 registers.eax: 16668 registers.ebp: 66844460 registers.edx: 94027776 registers.ebx: 94027776 registers.esi: 1995838602 registers.ecx: 5701636	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 07 75 b5 5d 42 0b 7a a8 41 c0 27 a9 df 9d 79 exception.instruction: mov dword ptr [edi], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59b8a47 registers.esp: 66844444 registers.edi: 30178 registers.eax: 4 registers.ebp: 66844460 registers.edx: 94027776 registers.ebx: 272407323 registers.esi: 1995838602 registers.ecx: 5701636	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 76 e6 ef 29 1f cd 43 43 d5 34 1c 90 90 bf 0f exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x59b8a6a registers.esp: 66844448 registers.edi: 120840 registers.eax: 4 registers.ebp: 66844460 registers.edx: 94027776 registers.ebx: 2593 registers.esi: 1995838602 registers.ecx: 5701636	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 78 04 6a 92 7a 3d 01 6f 00 85 c8 5f 85 ca 5a 81 exception.instruction: js 0x59b89b2 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x59b89ac registers.esp: 66844440 registers.edi: 66844436 registers.eax: 4 registers.ebp: 66844460 registers.edx: 256 registers.ebx: 907214411 registers.esi: 1995838602 registers.ecx: 5701636	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 71 b0 12 d2 0d e4 14 4d 99 0b f6 7f 3f 45 12 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x59b89dc registers.esp: 66844448 registers.edi: 120840 registers.eax: 8 registers.ebp: 66844460 registers.edx: 94027776 registers.ebx: 94027776 registers.esi: 1995838602 registers.ecx: 5701640	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 38 6f 3b f3 d0 90 53 1a d6 e1 00 58 31 04 24 exception.instruction: mov dword ptr [eax], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59b8a06 registers.esp: 66844440 registers.edi: 120840 registers.eax: 16668 registers.ebp: 66844460 registers.edx: 94027776 registers.ebx: 94027776 registers.esi: 1995838602 registers.ecx: 5701640	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 07 75 b5 5d 42 0b 7a a8 41 c0 27 a9 df 9d 79 exception.instruction: mov dword ptr [edi], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59b8a47 registers.esp: 66844444 registers.edi: 30178 registers.eax: 8 registers.ebp: 66844460 registers.edx: 94027776 registers.ebx: 272407323 registers.esi: 1995838602 registers.ecx: 5701640	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 76 e6 ef 29 1f cd 43 43 d5 34 1c 90 90 bf 0f exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x59b8a6a registers.esp: 66844448 registers.edi: 120840 registers.eax: 8 registers.ebp: 66844460 registers.edx: 94027776 registers.ebx: 2593 registers.esi: 1995838602 registers.ecx: 5701640	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 78 04 6a 92 7a 3d 01 6f 00 85 c8 5f 85 ca 5a 81 exception.instruction: js 0x59b89b2 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x59b89ac registers.esp: 66844440 registers.edi: 66844436 registers.eax: 8 registers.ebp: 66844460 registers.edx: 256 registers.ebx: 907214411 registers.esi: 1995838602 registers.ecx: 5701640	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 71 b0 12 d2 0d e4 14 4d 99 0b f6 7f 3f 45 12 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x59b89dc registers.esp: 66844448 registers.edi: 120840 registers.eax: 12 registers.ebp: 66844460 registers.edx: 94027776 registers.ebx: 94027776 registers.esi: 1995838602 registers.ecx: 5701644	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 38 6f 3b f3 d0 90 53 1a d6 e1 00 58 31 04 24 exception.instruction: mov dword ptr [eax], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59b8a06 registers.esp: 66844440 registers.edi: 120840 registers.eax: 16668 registers.ebp: 66844460 registers.edx: 94027776 registers.ebx: 94027776 registers.esi: 1995838602 registers.ecx: 5701644	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 07 75 b5 5d 42 0b 7a a8 41 c0 27 a9 df 9d 79 exception.instruction: mov dword ptr [edi], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59b8a47 registers.esp: 66844444 registers.edi: 30178 registers.eax: 12 registers.ebp: 66844460 registers.edx: 94027776 registers.ebx: 272407323 registers.esi: 1995838602 registers.ecx: 5701644	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 76 e6 ef 29 1f cd 43 43 d5 34 1c 90 90 bf 0f exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x59b8a6a registers.esp: 66844448 registers.edi: 120840 registers.eax: 12 registers.ebp: 66844460 registers.edx: 94027776 registers.ebx: 2593 registers.esi: 1995838602 registers.ecx: 5701644	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 78 04 6a 92 7a 3d 01 6f 00 85 c8 5f 85 ca 5a 81 exception.instruction: js 0x59b89b2 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x59b89ac registers.esp: 66844440 registers.edi: 66844436 registers.eax: 12 registers.ebp: 66844460 registers.edx: 256 registers.ebx: 907214411 registers.esi: 1995838602 registers.ecx: 5701644	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 71 b0 12 d2 0d e4 14 4d 99 0b f6 7f 3f 45 12 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x59b89dc registers.esp: 66844448 registers.edi: 120840 registers.eax: 16 registers.ebp: 66844460 registers.edx: 94027776 registers.ebx: 94027776 registers.esi: 1995838602 registers.ecx: 5701648	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 38 6f 3b f3 d0 90 53 1a d6 e1 00 58 31 04 24 exception.instruction: mov dword ptr [eax], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59b8a06 registers.esp: 66844440 registers.edi: 120840 registers.eax: 16668 registers.ebp: 66844460 registers.edx: 94027776 registers.ebx: 94027776 registers.esi: 1995838602 registers.ecx: 5701648	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 07 75 b5 5d 42 0b 7a a8 41 c0 27 a9 df 9d 79 exception.instruction: mov dword ptr [edi], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59b8a47 registers.esp: 66844444 registers.edi: 30178 registers.eax: 16 registers.ebp: 66844460 registers.edx: 94027776 registers.ebx: 272407323 registers.esi: 1995838602 registers.ecx: 5701648	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 76 e6 ef 29 1f cd 43 43 d5 34 1c 90 90 bf 0f exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x59b8a6a registers.esp: 66844448 registers.edi: 120840 registers.eax: 16 registers.ebp: 66844460 registers.edx: 94027776 registers.ebx: 2593 registers.esi: 1995838602 registers.ecx: 5701648	1
__exception__ July 18, 2023, 6:13 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 78 04 6a 92 7a 3d 01 6f 00 85 c8 5f 85 ca 5a 81 exception.instruction: js 0x59b89b2 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x59b89ac registers.esp: 66844440 registers.edi: 66844436 registers.eax: 16 registers.ebp: 66844460 registers.edx: 256 registers.ebx: 907214411 registers.esi: 1995838602 registers.ecx: 5701648	1

Allocates read-write-execute memory (usually to unpack itself) (4 events)

Time & API	Arguments	Status
NtProtectVirtualMemory July 18, 2023, 6:12 p.m.	process_identifier: 2580 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73272000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 18, 2023, 6:12 p.m.	process_identifier: 2580 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10004000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 18, 2023, 6:12 p.m.	process_identifier: 2580 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10004000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 18, 2023, 6:13 p.m.	process_identifier: 2580 region_size: 30375936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04210000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

Creates executable files on the filesystem (2 events)

file	C:\Users\test22\AppData\Local\Temp\nsqF2CE.tmp\System.dll
file	C:\Users\test22\AppData\Local\Temp\nsqF2CE.tmp\nsExec.dll

Creates a shortcut to an executable file (2 events)

file	C:\Users\test22\Documents\academia\Arkades\Cafeteatret48.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\brachydiagonal\kalveleverne.lnk

Creates a suspicious process (46 events)

cmdline	cmd.exe /c set /a "216^177"
cmdline	cmd.exe /c set /a "198^177"
cmdline	cmd.exe /c set /a "201^177"
cmdline	cmd.exe /c set /a "159^177"
cmdline	cmd.exe /c set /a "131^177"
cmdline	cmd.exe /c set /a "210^177"
cmdline	cmd.exe /c set /a "152^177"
cmdline	cmd.exe /c set /a "208^177"
cmdline	cmd.exe /c set /a "221^177"
cmdline	cmd.exe /c set /a "226^177"
cmdline	cmd.exe /c set /a "128^177"
cmdline	cmd.exe /c set /a "137^177"
cmdline	cmd.exe /c set /a "194^177"
cmdline	cmd.exe /c set /a "230^177"
cmdline	cmd.exe /c set /a "196^177"
cmdline	cmd.exe /c set /a "195^177"
cmdline	cmd.exe /c set /a "145^177"
cmdline	cmd.exe /c set /a "132^177"
cmdline	cmd.exe /c set /a "247^177"
cmdline	cmd.exe /c set /a "136^177"
cmdline	cmd.exe /c set /a "253^177"
cmdline	cmd.exe /c set /a "130^177"
cmdline	cmd.exe /c set /a "133^177"
cmdline	cmd.exe /c set /a "139^177"
cmdline	cmd.exe /c set /a "212^177"
cmdline	cmd.exe /c set /a "255^177"
cmdline	cmd.exe /c set /a "135^177"
cmdline	cmd.exe /c set /a "141^177"
cmdline	cmd.exe /c set /a "250^177"
cmdline	cmd.exe /c set /a "155^177"
cmdline	cmd.exe /c set /a "220^177"
cmdline	cmd.exe /c set /a "153^177"
cmdline	cmd.exe /c set /a "227^177"
cmdline	cmd.exe /c set /a "157^177"
cmdline	cmd.exe /c set /a "244^177"
cmdline	cmd.exe /c set /a "134^177"
cmdline	cmd.exe /c set /a "225^177"
cmdline	cmd.exe /c set /a "242^177"
cmdline	cmd.exe /c set /a "129^177"
cmdline	cmd.exe /c set /a "222^177"
cmdline	cmd.exe /c set /a "231^177"
cmdline	cmd.exe /c set /a "223^177"
cmdline	cmd.exe /c set /a "213^177"
cmdline	cmd.exe /c set /a "197^177"
cmdline	cmd.exe /c set /a "240^177"
cmdline	cmd.exe /c set /a "193^177"

Drops an executable to the user AppData folder (2 events)

file	C:\Users\test22\AppData\Local\Temp\nsqF2CE.tmp\System.dll
file	C:\Users\test22\AppData\Local\Temp\nsqF2CE.tmp\nsExec.dll

Queries for potentially installed applications (50 out of 300 events)

Time & API	Arguments	Return
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\glggerne\sildefangster base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020119 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\glggerne\sildefangster	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2
RegOpenKeyExA July 18, 2023, 6:12 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\flekskort	2

Communicates with host for which no DNS query was performed (1 event)

host

162.55.60.2

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ July 18, 2023, 6:14 p.m.	tid: 2680 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

File has been identified by 29 AntiVirus engines on VirusTotal as malicious (29 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Makoob.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Nemesis.25421
FireEye	Generic.mg.d5d3f11ec57ac172
Sangfor	Suspicious.Win32.Save.ins
CrowdStrike	win/malicious_confidence_60% (W)
Cyren	W32/Agent.GSO.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	NSIS/Injector.BZF
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Makoob.gen
BitDefender	Gen:Variant.Nemesis.25421
Tencent	Win32.Trojan.Makoob.Lajl
Sophos	Mal/Generic-S
Trapmine	malicious.moderate.ml.score
Emsisoft	Gen:Variant.Nemesis.25421 (B)
Ikarus	Trojan.NSIS.Agent
Arcabit	Trojan.Nemesis.D634D
ZoneAlarm	HEUR:Trojan.Win32.Makoob.gen
GData	Gen:Variant.Nemesis.25421
Google	Detected
McAfee	Artemis!D5D3F11EC57A
MAX	malware (ai score=82)
Cylance	unsafe
SentinelOne	Static AI - Suspicious PE
Fortinet	NSIS/Injector.BZF!tr
DeepInstinct	MALICIOUS

win32.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All