Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 18, 2023, 9:40 p.m.	July 18, 2023, 9:41 p.m.

Size	466.4KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`210b741e2da121370c2521e56fd1a1c6`
SHA256	`e0e89acf0231414faae852330d13f6bafcc6c1ef66f3fdf08d5ee82363977469`
CRC32	`8A199DD6`
ssdeep	`6144:xIw3AEsnWaFcWjU0DBS9grh/B9EFkYedPeDA17SzwbkBlQCS:uEsnWaFv4grh598ZAecg8bk7QV`
Yara	UPX_Zero - UPX packed file NSIS_Installer - Null Soft Installer Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

wininit.exe "C:\Users\test22\AppData\Local\Temp\wininit.exe"
2552

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 18, 2023, 9:40 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 70 06 4f 4a 1c 14 7f 74 a1 71 b3 29 00 66 85 c1 exception.instruction: jo 0x38737aa exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x38737a2 registers.esp: 1629876 registers.edi: 221432 registers.eax: 256 registers.ebp: 1629884 registers.edx: 59191296 registers.ebx: 1629872 registers.esi: 1995838602 registers.ecx: 59193145	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 3f 49 99 f3 27 7f 81 6a 43 00 5f 81 f6 0b 47 exception.instruction: mov dword ptr [edi], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x38737e4 registers.esp: 1629880 registers.edi: 20269 registers.eax: 3529032 registers.ebp: 1629884 registers.edx: 59191296 registers.ebx: 59191296 registers.esi: 2963951865 registers.ecx: 59193145	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc 4b 78 f7 45 43 50 22 c3 81 c6 7d 3a de 31 81 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x38737f6 registers.esp: 1629884 registers.edi: 221432 registers.eax: 3529032 registers.ebp: 1629884 registers.edx: 59191296 registers.ebx: 59191296 registers.esi: 352917490 registers.ecx: 59193145	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 01 44 e1 fd 00 59 56 be 49 d2 2c 3e 81 f6 14 exception.instruction: mov dword ptr [ecx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x3873829 registers.esp: 1629880 registers.edi: 221432 registers.eax: 3529032 registers.ebp: 1629884 registers.edx: 59191296 registers.ebx: 59191296 registers.esi: 8192 registers.ecx: 464	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 16 49 5f b5 4e 6b 9b 67 77 00 5e 56 8b b5 c7 exception.instruction: mov dword ptr [esi], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x3873842 registers.esp: 1629880 registers.edi: 221432 registers.eax: 3529032 registers.ebp: 1629884 registers.edx: 59191296 registers.ebx: 59191296 registers.esi: 13865 registers.ecx: 59193145	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc 56 f5 be 79 cb c1 be 4a 05 80 82 e6 18 dd 50 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3873855 registers.esp: 1629880 registers.edi: 221432 registers.eax: 3529032 registers.ebp: 1629884 registers.edx: 59191296 registers.ebx: 59191296 registers.esi: 1995838602 registers.ecx: 59193145	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc 56 35 ac a4 66 1c 29 ad 93 65 09 b7 10 6b 4a exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3873869 registers.esp: 1629880 registers.edi: 221432 registers.eax: 3529032 registers.ebp: 1629884 registers.edx: 59191296 registers.ebx: 59191296 registers.esi: 1995838602 registers.ecx: 59193145	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 7e 05 4e 9b ae ad 30 d1 1f 25 96 00 38 e7 59 38 exception.instruction: jle 0x388e08c exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x388e085 registers.esp: 1629864 registers.edi: 221432 registers.eax: 256 registers.ebp: 1629884 registers.edx: 59191296 registers.ebx: 59191296 registers.esi: 1995838602 registers.ecx: 1629860	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 7f 0e 57 6f ae fe 23 23 ab e5 1a 8c ec 63 2d 42 exception.instruction: jg 0x388e0ce exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x388e0be registers.esp: 1629868 registers.edi: 221432 registers.eax: 3529032 registers.ebp: 1629884 registers.edx: 256 registers.ebx: 59191296 registers.esi: 1629864 registers.ecx: 59193145	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 08 4a 39 c5 1a 84 00 58 68 47 92 b5 d0 cc 44 exception.instruction: mov dword ptr [eax], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x388e0ea registers.esp: 1629840 registers.edi: 221432 registers.eax: 45717 registers.ebp: 1629884 registers.edx: 59191296 registers.ebx: 59191296 registers.esi: 1995838602 registers.ecx: 59193145	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc 44 5d 6f 43 e6 81 34 24 51 28 ad f0 51 b9 c6 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x388e0f8 registers.esp: 1629840 registers.edi: 221432 registers.eax: 3529032 registers.ebp: 1629884 registers.edx: 59191296 registers.ebx: 59191296 registers.esi: 1995838602 registers.ecx: 59193145	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 7e 0f 55 77 8c f6 7c 03 d5 9e ef 4f 4c 23 79 30 exception.instruction: jle 0x388e131 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x388e120 registers.esp: 1629832 registers.edi: 221432 registers.eax: 1629828 registers.ebp: 1629884 registers.edx: 59191296 registers.ebx: 59191296 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 70 05 49 b0 1c be b5 2a 48 18 00 84 d3 59 80 fb exception.instruction: jo 0x388e184 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x388e17d registers.esp: 1629832 registers.edi: 221432 registers.eax: 3529032 registers.ebp: 1629884 registers.edx: 59191296 registers.ebx: 256 registers.esi: 1995838602 registers.ecx: 1629828	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc 4d 11 25 a6 42 0a 6c 0c 22 7c dc 7c 33 6c 68 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x388e196 registers.esp: 1629840 registers.edi: 221432 registers.eax: 3529032 registers.ebp: 1629884 registers.edx: 59191296 registers.ebx: 59191296 registers.esi: 1995838602 registers.ecx: 59193145	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 3e 4d 27 c8 82 e5 ea 60 ac 61 7d 91 9e 00 5e exception.instruction: mov dword ptr [esi], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x388e1bc registers.esp: 1629832 registers.edi: 221432 registers.eax: 3529032 registers.ebp: 1629884 registers.edx: 59191296 registers.ebx: 59191296 registers.esi: 21496 registers.ecx: 59193145	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 79 06 57 52 af e6 ec 8c 28 12 5a 39 01 0b 5f 26 exception.instruction: jns 0x388e210 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x388e208 registers.esp: 1629828 registers.edi: 256 registers.eax: 3529032 registers.ebp: 1629884 registers.edx: 1629824 registers.ebx: 59191296 registers.esi: 1995838602 registers.ecx: 59193145	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 3b 56 a5 6c ae d8 31 d1 9f f3 3b 72 91 12 ac exception.instruction: mov dword ptr [ebx], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x388e236 registers.esp: 1629832 registers.edi: 221432 registers.eax: 3529032 registers.ebp: 1629884 registers.edx: 59191296 registers.ebx: 13751 registers.esi: 1995838602 registers.ecx: 59193145	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 12 45 c6 0a 29 00 5a 81 eb da 19 f7 08 81 f3 exception.instruction: mov dword ptr [edx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x388e268 registers.esp: 1629832 registers.edi: 221432 registers.eax: 3529032 registers.ebp: 1629884 registers.edx: 47672 registers.ebx: 2884652931 registers.esi: 1995838602 registers.ecx: 59193145	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 7f 07 50 de 1a b9 3d 60 aa 74 c5 35 7e 30 91 9d exception.instruction: jg 0x388e2a6 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x388e29d registers.esp: 1629828 registers.edi: 221432 registers.eax: 3529032 registers.ebp: 1629884 registers.edx: 59191296 registers.ebx: 256 registers.esi: 1995838602 registers.ecx: 1629824	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 01 48 fe 9b 95 71 59 89 00 59 81 c3 ca b8 91 exception.instruction: mov dword ptr [ecx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x388e2ce registers.esp: 1629832 registers.edi: 221432 registers.eax: 3529032 registers.ebp: 1629884 registers.edx: 59191296 registers.ebx: 3487713188 registers.esi: 1995838602 registers.ecx: 37948	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc 46 4b 1d 53 56 be 12 63 a1 8c 81 c6 5a 11 cb exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x388e2df registers.esp: 1629836 registers.edi: 221432 registers.eax: 3529032 registers.ebp: 1629884 registers.edx: 59191296 registers.ebx: 7602286 registers.esi: 1995838602 registers.ecx: 59193145	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 3e 4f 88 dc 18 92 47 dc 71 25 f5 00 5e 8b 9d exception.instruction: mov dword ptr [esi], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x388e2fc registers.esp: 1629828 registers.edi: 221432 registers.eax: 3529032 registers.ebp: 1629884 registers.edx: 59191296 registers.ebx: 7602286 registers.esi: 40889 registers.ecx: 59193145	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc 53 f0 00 89 85 01 03 6d b5 c8 84 86 b4 0f 8b exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x388e310 registers.esp: 1629832 registers.edi: 221432 registers.eax: 3529032 registers.ebp: 1629884 registers.edx: 59191296 registers.ebx: 59191296 registers.esi: 1995838602 registers.ecx: 59193145	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 37 57 5b d6 8c d1 dc 4f 91 ae 49 09 4f ed 15 exception.instruction: mov dword ptr [edi], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x388e33f registers.esp: 1629828 registers.edi: 41319 registers.eax: 3529032 registers.ebp: 1629884 registers.edx: 59191296 registers.ebx: 59191296 registers.esi: 1995838602 registers.ecx: 59193145	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 77 08 57 e2 f3 e8 2f 22 83 35 ea f4 e1 53 88 bd exception.instruction: ja 0x388e37e exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x388e374 registers.esp: 1629824 registers.edi: 221432 registers.eax: 256 registers.ebp: 1629884 registers.edx: 59191296 registers.ebx: 59191296 registers.esi: 1995838602 registers.ecx: 1629820	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 7f 11 55 ec a6 14 a1 4a cc 21 44 fc 76 18 cd 10 exception.instruction: jg 0x388e3d6 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x388e3c3 registers.esp: 1629824 registers.edi: 221432 registers.eax: 3529032 registers.ebp: 1629884 registers.edx: 59191296 registers.ebx: 256 registers.esi: 1995838602 registers.ecx: 1629820	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 0a 51 ea 17 c1 06 01 4d a3 1c 04 de 9e 23 55 exception.instruction: mov dword ptr [edx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x388e3f8 registers.esp: 1629828 registers.edi: 221432 registers.eax: 3529032 registers.ebp: 1629884 registers.edx: 64278 registers.ebx: 59191296 registers.esi: 1995838602 registers.ecx: 1629832	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc 4c 37 e8 39 46 21 00 c5 24 4a 96 e3 bf cc 50 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x388e411 registers.esp: 1629832 registers.edi: 221432 registers.eax: 1995635376 registers.ebp: 1629884 registers.edx: 1995596250 registers.ebx: 2303999995 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc 50 f2 8d b0 7b 7e 29 f7 20 4e 2e e5 d9 ad 5f exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x388e41f registers.esp: 1629832 registers.edi: 221432 registers.eax: 1995635376 registers.ebp: 1629884 registers.edx: 1995596250 registers.ebx: 2303999995 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc 47 5d 05 89 89 95 4f 02 00 00 ba 8e 72 11 c3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x388e43d registers.esp: 1629844 registers.edi: 221432 registers.eax: 1995635376 registers.ebp: 1629884 registers.edx: 1995596250 registers.ebx: 2303999995 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 3a 4a b4 89 03 57 00 5a cc 47 a6 2c fd 52 8b exception.instruction: mov dword ptr [edx], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x388e477 registers.esp: 1629840 registers.edi: 221432 registers.eax: 1995635376 registers.ebp: 1629884 registers.edx: 41141 registers.ebx: 2303999995 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc 47 a6 2c fd 52 8b 95 4f 02 00 00 56 be 11 80 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x388e480 registers.esp: 1629844 registers.edi: 221432 registers.eax: 1995635376 registers.ebp: 1629884 registers.edx: 4 registers.ebx: 2303999995 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 75 04 49 98 7b 93 e7 ec 97 ea 00 66 85 c8 58 85 exception.instruction: jne 0x388e4ad exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x388e4a7 registers.esp: 1629832 registers.edi: 221432 registers.eax: 1629828 registers.ebp: 1629884 registers.edx: 1995596250 registers.ebx: 2303999995 registers.esi: 256 registers.ecx: 182	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 70 02 51 78 db b7 09 77 3c 08 45 b4 19 60 e8 12 exception.instruction: jo 0x388e4de exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x388e4da registers.esp: 1629832 registers.edi: 221432 registers.eax: 1995635376 registers.ebp: 1629884 registers.edx: 1995596250 registers.ebx: 2303999995 registers.esi: 256 registers.ecx: 1629828	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 78 11 57 c6 b6 c3 df 30 13 3e 8c e5 02 b2 27 52 exception.instruction: js 0x388e532 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x388e51f registers.esp: 1629832 registers.edi: 221432 registers.eax: 1995635376 registers.ebp: 1629884 registers.edx: 1995596250 registers.ebx: 2303999995 registers.esi: 256 registers.ecx: 1629828	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 7d 02 44 d7 12 00 85 d2 58 f6 c3 eb 5f 68 d1 e3 exception.instruction: jge 0x388e55c exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x388e558 registers.esp: 1629832 registers.edi: 256 registers.eax: 1629828 registers.ebp: 1629884 registers.edx: 1995596250 registers.ebx: 2303999995 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc 44 9f d4 1e 76 56 be 4b c9 6a 02 81 f6 34 37 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x388e56a registers.esp: 1629836 registers.edi: 221432 registers.eax: 1995635376 registers.ebp: 1629884 registers.edx: 1995596250 registers.ebx: 2303999995 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 0e 4b 0d c6 c2 70 6d 00 5e 81 34 24 f2 a4 c5 exception.instruction: mov dword ptr [esi], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x388e588 registers.esp: 1629832 registers.edi: 221432 registers.eax: 1995635376 registers.ebp: 1629884 registers.edx: 1995596250 registers.ebx: 2303999995 registers.esi: 22772 registers.ecx: 182	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 31 53 26 f9 8c 91 76 e9 bf c1 ac 2c 28 b7 7d exception.instruction: mov dword ptr [ecx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x388e5b2 registers.esp: 1629832 registers.edi: 221432 registers.eax: 1995635376 registers.ebp: 1629884 registers.edx: 1995596250 registers.ebx: 2303999995 registers.esi: 1995838602 registers.ecx: 11927	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 13 51 b9 a2 6c eb ac 7d 49 56 29 89 39 16 9f exception.instruction: mov dword ptr [ebx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x388e5dd registers.esp: 1629832 registers.edi: 221432 registers.eax: 1995635376 registers.ebp: 1629884 registers.edx: 1995596250 registers.ebx: 22904 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc 57 ce 11 ed fb ac 28 d6 29 90 d6 26 81 c9 95 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x388e5f1 registers.esp: 1629836 registers.edi: 221432 registers.eax: 1995635376 registers.ebp: 1629884 registers.edx: 1995596250 registers.ebx: 2303999995 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 39 4f 87 a4 93 c1 81 89 95 49 bd 00 59 89 eb exception.instruction: mov dword ptr [ecx], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x388e618 registers.esp: 1629832 registers.edi: 221432 registers.eax: 1995635376 registers.ebp: 1629884 registers.edx: 1995596250 registers.ebx: 2303999995 registers.esi: 1995838602 registers.ecx: 61757	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc 4d 6c 2d a5 02 c3 82 be 02 b8 2a c0 1b f8 89 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x388e634 registers.esp: 1629836 registers.edi: 221432 registers.eax: 1995635376 registers.ebp: 1629884 registers.edx: 1995596250 registers.ebx: 1630208 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc 46 2f 67 89 de 56 56 be 09 f6 cb 68 81 f6 05 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x388e649 registers.esp: 1629836 registers.edi: 221432 registers.eax: 1995635376 registers.ebp: 1629884 registers.edx: 1995596250 registers.ebx: 1630208 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 3e 4e 6d 4f 91 00 df 7d e8 0a 00 5e 8b b5 bd exception.instruction: mov dword ptr [esi], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x388e66e registers.esp: 1629828 registers.edi: 221432 registers.eax: 1995635376 registers.ebp: 1629884 registers.edx: 1995596250 registers.ebx: 1630208 registers.esi: 61733 registers.ecx: 182	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 77 0b 50 64 f0 57 cc 55 a7 4b 09 71 01 74 c5 36 exception.instruction: ja 0x388e6a9 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x388e69c registers.esp: 1629824 registers.edi: 221432 registers.eax: 1995635376 registers.ebp: 1629884 registers.edx: 256 registers.ebx: 1630208 registers.esi: 1995838602 registers.ecx: 1629820	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 76 02 4e 07 2d f2 49 da 54 88 f9 00 66 85 db 59 exception.instruction: jbe 0x388e6ec exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x388e6e8 registers.esp: 1629824 registers.edi: 256 registers.eax: 1995635376 registers.ebp: 1629884 registers.edx: 1995596250 registers.ebx: 1630208 registers.esi: 1995838602 registers.ecx: 1629820	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc 51 05 3e fc 8d 3e c8 81 d0 87 eb 58 18 5d 61 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x388e712 registers.esp: 1629832 registers.edi: 221432 registers.eax: 1995635376 registers.ebp: 1629884 registers.edx: 1995596250 registers.ebx: 1630208 registers.esi: 1995838602 registers.ecx: 3130034918	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 7b 10 54 d2 49 da 22 b8 00 02 e5 29 fc b3 ca 7d exception.instruction: jnp 0x388e75f exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x388e74d registers.esp: 1629824 registers.edi: 221432 registers.eax: 1995635376 registers.ebp: 1629884 registers.edx: 1995596250 registers.ebx: 256 registers.esi: 1995838602 registers.ecx: 1629820	1
__exception__ July 18, 2023, 9:40 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 75 03 4e dc b5 13 50 de 21 e8 f8 00 38 d1 5a 38 exception.instruction: jne 0x388e787 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x388e782 registers.esp: 1629824 registers.edi: 221432 registers.eax: 256 registers.ebp: 1629884 registers.edx: 1629820 registers.ebx: 1630208 registers.esi: 1995838602 registers.ecx: 0	1

Allocates read-write-execute memory (usually to unpack itself) (4 events)

Time & API	Arguments	Status
NtProtectVirtualMemory July 18, 2023, 9:40 p.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x732d2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 18, 2023, 9:40 p.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10004000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 18, 2023, 9:40 p.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10004000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 18, 2023, 9:40 p.m.	process_identifier: 2552 region_size: 27226112 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03490000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

Creates executable files on the filesystem (1 event)

file	C:\Users\test22\AppData\Local\Temp\nshF28F.tmp\System.dll

Creates a shortcut to an executable file (2 events)

file	C:\Users\test22\Documents\circumscribing\Overworks\Undeceived\Bilophugningspladsers.lnk
file	C:\Users\Public\Documents\circumscribing\Overworks\Undeceived\Bilophugningspladsers.lnk

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\nshF28F.tmp\System.dll

File has been identified by 6 AntiVirus engines on VirusTotal as malicious (6 events)

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
ESET-NOD32	NSIS/Injector.ASH
Kaspersky	HEUR:Trojan.Win32.Makoob.gen
Microsoft	Trojan:Win32/Sonbokli.A!cl
ZoneAlarm	HEUR:Trojan.Win32.Makoob.gen

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ July 18, 2023, 9:40 p.m.	tid: 2556 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

wininit.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All