Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	July 20, 2023, 5:06 p.m.	July 20, 2023, 5:16 p.m.

Size	282.6KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`34441248d5a40a61b95aa1f20b42f7c0`
SHA256	`79892ac57af9846e3b718c7388c205438a9d0706a597b67638105d8b5572256d`
CRC32	`6B1E1769`
ssdeep	`6144:ajC8w75wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww5w5wwwwwws:z8w75wwwwwwwwwwwwwwwwwwwwwwwwwwU`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

ChromeSetup.exe "C:\Users\test22\AppData\Local\Temp\ChromeSetup.exe"
2080
- cmd.exe cmd.exe /c set /a "250^177"
  2244
- cmd.exe cmd.exe /c set /a "244^177"
  2304
- cmd.exe cmd.exe /c set /a "227^177"
  2364
- cmd.exe cmd.exe /c set /a "255^177"
  2424
- cmd.exe cmd.exe /c set /a "244^177"
  2484
- cmd.exe cmd.exe /c set /a "253^177"
  2544
- cmd.exe cmd.exe /c set /a "130^177"
  2628
- cmd.exe cmd.exe /c set /a "131^177"
  2688
- cmd.exe cmd.exe /c set /a "139^177"
  2748
- cmd.exe cmd.exe /c set /a "139^177"
  2808
- cmd.exe cmd.exe /c set /a "242^177"
  2868
- cmd.exe cmd.exe /c set /a "195^177"
  2928
- cmd.exe cmd.exe /c set /a "212^177"
  2988
- cmd.exe cmd.exe /c set /a "208^177"
  3048
- cmd.exe cmd.exe /c set /a "197^177"
  2176
- cmd.exe cmd.exe /c set /a "212^177"
  300
- cmd.exe cmd.exe /c set /a "247^177"
  2300
- cmd.exe cmd.exe /c set /a "216^177"
  2384
- cmd.exe cmd.exe /c set /a "221^177"
  2456
- cmd.exe cmd.exe /c set /a "212^177"
  2528
- cmd.exe cmd.exe /c set /a "240^177"
  2644
- cmd.exe cmd.exe /c set /a "153^177"
  2728
- cmd.exe cmd.exe /c set /a "220^177"
  2792
- cmd.exe cmd.exe /c set /a "145^177"
  2884
- cmd.exe cmd.exe /c set /a "195^177"
  2968
- cmd.exe cmd.exe /c set /a "133^177"
  3024
- cmd.exe cmd.exe /c set /a "145^177"
  2168
- cmd.exe cmd.exe /c set /a "157^177"
  2276
- cmd.exe cmd.exe /c set /a "145^177"
  2292
- cmd.exe cmd.exe /c set /a "216^177"
  2504
- cmd.exe cmd.exe /c set /a "145^177"
  2584
- cmd.exe cmd.exe /c set /a "129^177"
  2640
- cmd.exe cmd.exe /c set /a "201^177"
  2840
- cmd.exe cmd.exe /c set /a "137^177"
  2960
- cmd.exe cmd.exe /c set /a "129^177"
  3060
- cmd.exe cmd.exe /c set /a "129^177"
  2172
- cmd.exe cmd.exe /c set /a "129^177"
  2348
- cmd.exe cmd.exe /c set /a "129^177"
  2540
- cmd.exe cmd.exe /c set /a "129^177"
  2708
- cmd.exe cmd.exe /c set /a "129^177"
  2780
- cmd.exe cmd.exe /c set /a "129^177"
  2932
- cmd.exe cmd.exe /c set /a "157^177"
  2992
- cmd.exe cmd.exe /c set /a "145^177"
  1200
- cmd.exe cmd.exe /c set /a "216^177"
  2560
- cmd.exe cmd.exe /c set /a "145^177"
  2824
- cmd.exe cmd.exe /c set /a "129^177"
  3044
- cmd.exe cmd.exe /c set /a "157^177"
  2256
- cmd.exe cmd.exe /c set /a "145^177"
  2336
- cmd.exe cmd.exe /c set /a "193^177"
  2844
- cmd.exe cmd.exe /c set /a "145^177"
  2880
- cmd.exe cmd.exe /c set /a "129^177"
  2420
- cmd.exe cmd.exe /c set /a "157^177"
  2900
- cmd.exe cmd.exe /c set /a "145^177"
  2480
- cmd.exe cmd.exe /c set /a "216^177"
  2320
- cmd.exe cmd.exe /c set /a "145^177"
  2768
- cmd.exe cmd.exe /c set /a "133^177"
  2452
- cmd.exe cmd.exe /c set /a "157^177"
  2948
- cmd.exe cmd.exe /c set /a "145^177"
  2132
- cmd.exe cmd.exe /c set /a "216^177"
  3020
- cmd.exe cmd.exe /c set /a "145^177"
  2116
- cmd.exe cmd.exe /c set /a "129^177"
  2120
- cmd.exe cmd.exe /c set /a "201^177"
  3084
- cmd.exe cmd.exe /c set /a "137^177"
  3144
- cmd.exe cmd.exe /c set /a "129^177"
  3204
- cmd.exe cmd.exe /c set /a "157^177"
  3264
- cmd.exe cmd.exe /c set /a "145^177"
  3324
- cmd.exe cmd.exe /c set /a "216^177"
  3384
- cmd.exe cmd.exe /c set /a "145^177"
  3444
- cmd.exe cmd.exe /c set /a "129^177"
  3504
- cmd.exe cmd.exe /c set /a "152^177"
  3564
- cmd.exe cmd.exe /c set /a "216^177"
  3624
- cmd.exe cmd.exe /c set /a "159^177"
  3684
- cmd.exe cmd.exe /c set /a "195^177"
  3744
- cmd.exe cmd.exe /c set /a "132^177"
  3804
- cmd.exe cmd.exe /c set /a "141^177"
  3864
- cmd.exe cmd.exe /c set /a "250^177"
  3928
- cmd.exe cmd.exe /c set /a "244^177"
  3988
- cmd.exe cmd.exe /c set /a "227^177"
  4048
- cmd.exe cmd.exe /c set /a "255^177"
  2400
- cmd.exe cmd.exe /c set /a "244^177"
  3160
- cmd.exe cmd.exe /c set /a "253^177"
  3260
- cmd.exe cmd.exe /c set /a "130^177"
  3300
- cmd.exe cmd.exe /c set /a "131^177"
  3416
- cmd.exe cmd.exe /c set /a "139^177"
  3500
- cmd.exe cmd.exe /c set /a "139^177"
  3640
- cmd.exe cmd.exe /c set /a "231^177"
  3724
- cmd.exe cmd.exe /c set /a "216^177"
  3748
- cmd.exe cmd.exe /c set /a "195^177"
  3880
- cmd.exe cmd.exe /c set /a "197^177"
  3968
- cmd.exe cmd.exe /c set /a "196^177"
  4024
- cmd.exe cmd.exe /c set /a "208^177"
  3116
- cmd.exe cmd.exe /c set /a "221^177"
  3224
- cmd.exe cmd.exe /c set /a "240^177"
  3252
- cmd.exe cmd.exe /c set /a "221^177"
  3460
- cmd.exe cmd.exe /c set /a "221^177"
  3552
- cmd.exe cmd.exe /c set /a "222^177"
  3660
- cmd.exe cmd.exe /c set /a "210^177"
  3820
- cmd.exe cmd.exe /c set /a "153^177"
  3948
- cmd.exe cmd.exe /c set /a "216^177"
  3972
- cmd.exe cmd.exe /c set /a "145^177"
  1976
- cmd.exe cmd.exe /c set /a "129^177"
  3268
- cmd.exe cmd.exe /c set /a "157^177"
  3352
- cmd.exe cmd.exe /c set /a "216^177"
  3652
- cmd.exe cmd.exe /c set /a "145^177"
  3836
- cmd.exe cmd.exe /c set /a "128^177"
  3896
- cmd.exe cmd.exe /c set /a "136^177"
  4084
- cmd.exe cmd.exe /c set /a "130^177"
  3296
- cmd.exe cmd.exe /c set /a "131^177"
  3492
- cmd.exe cmd.exe /c set /a "133^177"
  3792
- cmd.exe cmd.exe /c set /a "136^177"
  4016
- cmd.exe cmd.exe /c set /a "131^177"
  3176
- cmd.exe cmd.exe /c set /a "137^177"
  3428
- cmd.exe cmd.exe /c set /a "157^177"
  3636
- cmd.exe cmd.exe /c set /a "145^177"
  4000
- cmd.exe cmd.exe /c set /a "216^177"
  3344
- cmd.exe cmd.exe /c set /a "145^177"
  3780
- cmd.exe cmd.exe /c set /a "129^177"
  3404
- cmd.exe cmd.exe /c set /a "201^177"
  3220
- cmd.exe cmd.exe /c set /a "130^177"
  3704
- cmd.exe cmd.exe /c set /a "129^177"
  3132
- cmd.exe cmd.exe /c set /a "129^177"
  3456
- cmd.exe cmd.exe /c set /a "129^177"
  3420
- cmd.exe cmd.exe /c set /a "157^177"
  4108
- cmd.exe cmd.exe /c set /a "145^177"
  4168
- cmd.exe cmd.exe /c set /a "216^177"
  4228
- cmd.exe cmd.exe /c set /a "145^177"
  4288
- cmd.exe cmd.exe /c set /a "129^177"
  4348
- cmd.exe cmd.exe /c set /a "201^177"
  4408
- cmd.exe cmd.exe /c set /a "133^177"
  4468
- cmd.exe cmd.exe /c set /a "129^177"
  4528
- cmd.exe cmd.exe /c set /a "152^177"
  4588
- cmd.exe cmd.exe /c set /a "193^177"
  4648
- cmd.exe cmd.exe /c set /a "159^177"
  4708
- cmd.exe cmd.exe /c set /a "195^177"
  4768
- cmd.exe cmd.exe /c set /a "128^177"
  4828
- cmd.exe cmd.exe /c set /a "141^177"
  4888
- cmd.exe cmd.exe /c set /a "250^177"
  4952
- cmd.exe cmd.exe /c set /a "244^177"
  5012
- cmd.exe cmd.exe /c set /a "227^177"
  5072
- cmd.exe cmd.exe /c set /a "255^177"
  3128
- cmd.exe cmd.exe /c set /a "244^177"
  4180
- cmd.exe cmd.exe /c set /a "253^177"
  4276
- cmd.exe cmd.exe /c set /a "130^177"
  4292
- cmd.exe cmd.exe /c set /a "131^177"
  4440
- cmd.exe cmd.exe /c set /a "139^177"
  4524
- cmd.exe cmd.exe /c set /a "139^177"
  4600
- cmd.exe cmd.exe /c set /a "226^177"
  4680
- cmd.exe cmd.exe /c set /a "212^177"
  4752
- cmd.exe cmd.exe /c set /a "197^177"
  4844
- cmd.exe cmd.exe /c set /a "247^177"
  4928
- cmd.exe cmd.exe /c set /a "216^177"
  4996
- cmd.exe cmd.exe /c set /a "221^177"
  5092
- cmd.exe cmd.exe /c set /a "212^177"
  4152
- cmd.exe cmd.exe /c set /a "225^177"
  4248
- cmd.exe cmd.exe /c set /a "222^177"
  4376
- cmd.exe cmd.exe /c set /a "216^177"
  4496
- cmd.exe cmd.exe /c set /a "223^177"
  4512
- cmd.exe cmd.exe /c set /a "197^177"
  4728
- cmd.exe cmd.exe /c set /a "212^177"
  4688
- cmd.exe cmd.exe /c set /a "195^177"
  4816
- cmd.exe cmd.exe /c set /a "153^177"
  4980
- cmd.exe cmd.exe /c set /a "216^177"
  5060
- cmd.exe cmd.exe /c set /a "145^177"
  4208
- cmd.exe cmd.exe /c set /a "195^177"
  4380
- cmd.exe cmd.exe /c set /a "132^177"
  4436
- cmd.exe cmd.exe /c set /a "157^177"
  4668
- cmd.exe cmd.exe /c set /a "145^177"
  3584
- cmd.exe cmd.exe /c set /a "216^177"
  4920
- cmd.exe cmd.exe /c set /a "145^177"
  5068
- cmd.exe cmd.exe /c set /a "135^177"
  4128
- cmd.exe cmd.exe /c set /a "134^177"
  4384
- cmd.exe cmd.exe /c set /a "134^177"
  4632
- cmd.exe cmd.exe /c set /a "145^177"
  3600
- cmd.exe cmd.exe /c set /a "157^177"
  4932
- cmd.exe cmd.exe /c set /a "145^177"
  4224
- cmd.exe cmd.exe /c set /a "216^177"
  4560
- cmd.exe cmd.exe /c set /a "145^177"
  4720
- cmd.exe cmd.exe /c set /a "129^177"
  3360
- cmd.exe cmd.exe /c set /a "157^177"
  5104
- cmd.exe cmd.exe /c set /a "216^177"
  5032
- cmd.exe cmd.exe /c set /a "145^177"
  4472
- cmd.exe cmd.exe /c set /a "129^177"
  4628
- cmd.exe cmd.exe /c set /a "152^177"
  4824
- cmd.exe cmd.exe /c set /a "216^177"
  4964
- cmd.exe cmd.exe /c set /a "159^177"
  4676
- cmd.exe cmd.exe /c set /a "195^177"
  5044
- cmd.exe cmd.exe /c set /a "130^177"
  5128
- cmd.exe cmd.exe /c set /a "141^177"
  5188
- cmd.exe cmd.exe /c set /a "250^177"
  5252
- cmd.exe cmd.exe /c set /a "244^177"
  5312
- cmd.exe cmd.exe /c set /a "227^177"
  5372
- cmd.exe cmd.exe /c set /a "255^177"
  5432
- cmd.exe cmd.exe /c set /a "244^177"
  5492
- cmd.exe cmd.exe /c set /a "253^177"
  5552
- cmd.exe cmd.exe /c set /a "130^177"
  5612
- cmd.exe cmd.exe /c set /a "131^177"
  5672
- cmd.exe cmd.exe /c set /a "139^177"
  5732
- cmd.exe cmd.exe /c set /a "139^177"
  5792
- cmd.exe cmd.exe /c set /a "227^177"
  5852
- cmd.exe cmd.exe /c set /a "212^177"
  5912
- cmd.exe cmd.exe /c set /a "208^177"
  5972
- cmd.exe cmd.exe /c set /a "213^177"
  6032
- cmd.exe cmd.exe /c set /a "247^177"
  6124
- cmd.exe cmd.exe /c set /a "216^177"
  5244
- cmd.exe cmd.exe /c set /a "221^177"
  5288
- cmd.exe cmd.exe /c set /a "212^177"
  5392
- cmd.exe cmd.exe /c set /a "153^177"
  5480
- cmd.exe cmd.exe /c set /a "216^177"
  5496
- cmd.exe cmd.exe /c set /a "145^177"
  5640
- cmd.exe cmd.exe /c set /a "195^177"
  5728
- cmd.exe cmd.exe /c set /a "132^177"
  5808
- cmd.exe cmd.exe /c set /a "157^177"
  5884
- cmd.exe cmd.exe /c set /a "145^177"
  5956
- cmd.exe cmd.exe /c set /a "216^177"
  6044
- cmd.exe cmd.exe /c set /a "145^177"
  5148
- cmd.exe cmd.exe /c set /a "195^177"
  5280
- cmd.exe cmd.exe /c set /a "128^177"
  5420
- cmd.exe cmd.exe /c set /a "157^177"
  5548
- cmd.exe cmd.exe /c set /a "145^177"
  5568
- cmd.exe cmd.exe /c set /a "216^177"
  5760
- cmd.exe cmd.exe /c set /a "145^177"
  5864
- cmd.exe cmd.exe /c set /a "128^177"
  5984
- cmd.exe cmd.exe /c set /a "136^177"
  6068
- cmd.exe cmd.exe /c set /a "130^177"
  5284
- cmd.exe cmd.exe /c set /a "131^177"
  5444
- cmd.exe cmd.exe /c set /a "133^177"
  5588
- cmd.exe cmd.exe /c set /a "136^177"
  5700
- cmd.exe cmd.exe /c set /a "131^177"
  5908
- cmd.exe cmd.exe /c set /a "137^177"
  6064
- cmd.exe cmd.exe /c set /a "157^177"
  6136
- cmd.exe cmd.exe /c set /a "155^177"
  5508
- cmd.exe cmd.exe /c set /a "216^177"
  5644
- cmd.exe cmd.exe /c set /a "145^177"
  5892
- cmd.exe cmd.exe /c set /a "129^177"
  5140
- cmd.exe cmd.exe /c set /a "157^177"
  5512
- cmd.exe cmd.exe /c set /a "145^177"
  5788
- cmd.exe cmd.exe /c set /a "216^177"
  6020
- cmd.exe cmd.exe /c set /a "145^177"
  5384
- cmd.exe cmd.exe /c set /a "129^177"
  5836
- cmd.exe cmd.exe /c set /a "152^177"
  5144
- cmd.exe cmd.exe /c set /a "216^177"
  6128
- cmd.exe cmd.exe /c set /a "159^177"
  5868
- cmd.exe cmd.exe /c set /a "195^177"
  5468
- cmd.exe cmd.exe /c set /a "130^177"
  5988
- cmd.exe cmd.exe /c set /a "141^177"
  5272
- cmd.exe cmd.exe /c set /a "196^177"
  5308
- cmd.exe cmd.exe /c set /a "194^177"
  4232
- cmd.exe cmd.exe /c set /a "212^177"
  5928
- cmd.exe cmd.exe /c set /a "195^177"
  6164
- cmd.exe cmd.exe /c set /a "130^177"
  6228
- cmd.exe cmd.exe /c set /a "131^177"
  6288
- cmd.exe cmd.exe /c set /a "139^177"
  6348
- cmd.exe cmd.exe /c set /a "139^177"
  6408
- cmd.exe cmd.exe /c set /a "242^177"
  6468
- cmd.exe cmd.exe /c set /a "208^177"
  6528
- cmd.exe cmd.exe /c set /a "221^177"
  6588
- cmd.exe cmd.exe /c set /a "221^177"
  6648
- cmd.exe cmd.exe /c set /a "230^177"
  6708
- cmd.exe cmd.exe /c set /a "216^177"
  6768
- cmd.exe cmd.exe /c set /a "223^177"
  6832
- cmd.exe cmd.exe /c set /a "213^177"
  6892
- cmd.exe cmd.exe /c set /a "222^177"
  6952
- cmd.exe cmd.exe /c set /a "198^177"
  7012
- cmd.exe cmd.exe /c set /a "225^177"
  7120
- cmd.exe cmd.exe /c set /a "195^177"
  5948
- cmd.exe cmd.exe /c set /a "222^177"
  6260
- cmd.exe cmd.exe /c set /a "210^177"
  6316
- cmd.exe cmd.exe /c set /a "240^177"
  1868
- cmd.exe cmd.exe /c set /a "153^177"
  6424
- cmd.exe cmd.exe /c set /a "216^177"
  6508
- cmd.exe cmd.exe /c set /a "145^177"
  6572
- cmd.exe cmd.exe /c set /a "195^177"
  6664
- cmd.exe cmd.exe /c set /a "128^177"
  6736
- cmd.exe cmd.exe /c set /a "145^177"
  6816
- cmd.exe cmd.exe /c set /a "157^177"
  6908
- cmd.exe cmd.exe /c set /a "216^177"
  6992
- cmd.exe cmd.exe /c set /a "145^177"
  7092
- cmd.exe cmd.exe /c set /a "129^177"
  7152
- cmd.exe cmd.exe /c set /a "157^177"
  7124
- cmd.exe cmd.exe /c set /a "216^177"
  6120
- cmd.exe cmd.exe /c set /a "145^177"
  1668
- cmd.exe cmd.exe /c set /a "129^177"
  1656
- cmd.exe cmd.exe /c set /a "157^177"
  6472
- cmd.exe cmd.exe /c set /a "145^177"
  6592
- cmd.exe cmd.exe /c set /a "216^177"
  6668
- cmd.exe cmd.exe /c set /a "145^177"
  6860
- cmd.exe cmd.exe /c set /a "129^177"
  6980
- cmd.exe cmd.exe /c set /a "157^177"
  7140
- cmd.exe cmd.exe /c set /a "145^177"
  2104
- cmd.exe cmd.exe /c set /a "216^177"
  6176
- cmd.exe cmd.exe /c set /a "145^177"
  6328
- cmd.exe cmd.exe /c set /a "129^177"
  6480
- cmd.exe cmd.exe /c set /a "152^177"
  6604
- cmd.exe cmd.exe /c set /a "141^177"
  6712

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 20, 2023, 5:06 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 72 04 1b 02 0f c0 6e 86 93 d1 02 5f 4f f6 e0 36 exception.instruction: jb 0x477fc8e exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x477fc88 registers.esp: 61142324 registers.edi: 110744 registers.eax: 5625736 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 256 registers.esi: 2005865610 registers.ecx: 61142320	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 16 02 2b 94 e9 e1 69 49 aa 7a ed 00 5e 81 eb exception.instruction: mov dword ptr [esi], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x477fcc9 registers.esp: 61142328 registers.edi: 110744 registers.eax: 5625736 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 2947473799 registers.esi: 41215 registers.ecx: 74972221	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 07 b0 b1 45 dd ee 76 ff 74 24 04 8f 85 44 01 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x478bcaf registers.esp: 61142324 registers.edi: 110744 registers.eax: 5625736 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 74969088 registers.esi: 2005865610 registers.ecx: 74972221	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 05 20 28 41 dd 2b a8 a9 42 89 bd 70 02 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x478bcc2 registers.esp: 61142292 registers.edi: 110744 registers.eax: 5625736 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 74969088 registers.esi: 2005865610 registers.ecx: 74972221	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 77 0f 1a 42 03 d0 e6 0c 3f ca 82 d7 50 50 4e 2d exception.instruction: ja 0x478bd15 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x478bd04 registers.esp: 61142284 registers.edi: 256 registers.eax: 5625736 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 61142280 registers.esi: 2005865610 registers.ecx: 74972221	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 02 24 f7 66 af 86 08 25 b6 5f f0 79 8b bd 70 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x478bd2b registers.esp: 61142288 registers.edi: 108 registers.eax: 5625736 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 74969088 registers.esi: 2005865610 registers.ecx: 74972221	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 04 1a de 88 06 15 ce 6e b4 80 ba 67 63 9f 4f exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x478bd7e registers.esp: 61142280 registers.edi: 110744 registers.eax: 5625736 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 74969088 registers.esi: 2005865610 registers.ecx: 61142280	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 7c 09 1d a1 f7 4c 12 6f 08 ae 05 a7 38 df df 08 exception.instruction: jl 0x478bdf1 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x478bde6 registers.esp: 61142280 registers.edi: 110744 registers.eax: 2005662384 registers.ebp: 61142332 registers.edx: 61142276 registers.ebx: 2141652661 registers.esi: 256 registers.ecx: 182	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 7c 05 1e 14 37 42 8f fd 64 b7 d6 ac 24 81 fc 96 exception.instruction: jl 0x478be3b exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x478be34 registers.esp: 61142280 registers.edi: 110744 registers.eax: 2005662384 registers.ebp: 61142332 registers.edx: 61142276 registers.ebx: 2141652661 registers.esi: 256 registers.ecx: 182	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 36 00 24 b6 fb be 3f d5 20 5d 42 ec b6 00 5e exception.instruction: mov dword ptr [esi], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x478be8d registers.esp: 61142284 registers.edi: 110744 registers.eax: 2005662384 registers.ebp: 61142332 registers.edx: 12288 registers.ebx: 2141652661 registers.esi: 11249 registers.ecx: 182	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 07 69 c2 0c d1 87 b7 81 b5 15 02 00 00 3a cd exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x478beb0 registers.esp: 61142284 registers.edi: 110744 registers.eax: 2005662384 registers.ebp: 61142332 registers.edx: 2005623258 registers.ebx: 61142332 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 7d 0a 1d 79 18 41 82 1e 5b d0 8b de 54 c4 e8 4c exception.instruction: jge 0x478beea exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x478bede registers.esp: 61142276 registers.edi: 110744 registers.eax: 2005662384 registers.ebp: 61142332 registers.edx: 256 registers.ebx: 61142332 registers.esi: 2005865610 registers.ecx: 61142272	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 09 00 d8 5c 02 51 8b 8d 9f 01 00 00 56 be 81 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x478bf20 registers.esp: 61142284 registers.edi: 110744 registers.eax: 2005662384 registers.ebp: 61142332 registers.edx: 2005623258 registers.ebx: 61142656 registers.esi: 2005865610 registers.ecx: 61142656	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 16 1f d8 33 c7 32 c3 55 d7 38 dd ab 83 a1 00 exception.instruction: mov dword ptr [esi], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x478bf4b registers.esp: 61142276 registers.edi: 110744 registers.eax: 2005662384 registers.ebp: 61142332 registers.edx: 2005623258 registers.ebx: 61142656 registers.esi: 49234 registers.ecx: 182	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 7c 02 05 ad 9a e9 93 52 86 00 50 b8 f0 00 00 00 exception.instruction: jl 0x478bff1 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x478bfed registers.esp: 61142268 registers.edi: 256 registers.eax: 2005662384 registers.ebp: 61142332 registers.edx: 2005623258 registers.ebx: 61142264 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 11 1a ca e9 5e 18 bd 59 ea e2 b8 04 b8 f5 c1 exception.instruction: mov dword ptr [ecx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x478c034 registers.esp: 61142272 registers.edi: 110744 registers.eax: 2005662384 registers.ebp: 61142332 registers.edx: 2005623258 registers.ebx: 61142660 registers.esi: 2005865610 registers.ecx: 8753	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 18 09 70 6f 00 58 50 8b 85 d8 01 00 00 56 be exception.instruction: mov dword ptr [eax], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x478c067 registers.esp: 61142272 registers.edi: 110744 registers.eax: 41988 registers.ebp: 61142332 registers.edx: 2005623258 registers.ebx: 61142660 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 36 1d ea 9d 42 42 2e fc e5 f8 72 13 3d c2 cb exception.instruction: mov dword ptr [esi], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x478c093 registers.esp: 61142268 registers.edi: 110744 registers.eax: 2005662384 registers.ebp: 61142332 registers.edx: 2005623258 registers.ebx: 61142660 registers.esi: 38074 registers.ecx: 182	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 07 09 de 29 a1 8f 69 81 04 24 6c 15 54 e9 81 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x478c0b2 registers.esp: 61142268 registers.edi: 110744 registers.eax: 2005662384 registers.ebp: 61142332 registers.edx: 2005623258 registers.ebx: 61142660 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 7f 02 05 e4 9e eb 98 73 73 00 80 fb 6c 5f f6 c4 exception.instruction: jg 0x478c0ed exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x478c0e9 registers.esp: 61142260 registers.edi: 61142256 registers.eax: 2005662384 registers.ebp: 61142332 registers.edx: 2005623258 registers.ebx: 256 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 0a 83 67 36 35 1b 2a 32 4a cc 1a e0 2b 85 26 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x478c124 registers.esp: 61142324 registers.edi: 110744 registers.eax: 1244801563 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 74969088 registers.esi: 2005865610 registers.ecx: 74972221	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 1a e0 2b 85 26 3b b1 32 62 55 ca a7 9a 0f a0 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x478c12e registers.esp: 61142324 registers.edi: 110744 registers.eax: 0 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 74969088 registers.esi: 2005865610 registers.ecx: 74972221	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 78 07 05 ee ca da 7e 52 8b 00 66 39 cb 5a 85 c9 exception.instruction: js 0x478c17c exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x478c173 registers.esp: 61142312 registers.edi: 110744 registers.eax: 0 registers.ebp: 61142332 registers.edx: 61142308 registers.ebx: 256 registers.esi: 2005865610 registers.ecx: 74972221	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 75 0b 1c 8a 56 91 06 61 81 bd 6e f6 83 fa 1c f0 exception.instruction: jne 0x478c1e1 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x478c1d4 registers.esp: 61142312 registers.edi: 110744 registers.eax: 0 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 74969088 registers.esi: 61142308 registers.ecx: 256	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 78 05 1f 22 56 10 2f 44 e4 a3 fd d7 cb 10 98 00 exception.instruction: js 0x478c211 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x478c20a registers.esp: 61142312 registers.edi: 110744 registers.eax: 0 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 61142308 registers.esi: 2005865610 registers.ecx: 256	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 78 05 1f 22 56 10 2f 44 e4 a3 fd d7 cb 10 98 00 exception.instruction: js 0x478c211 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x478c20a registers.esp: 61142312 registers.edi: 110744 registers.eax: 1 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 61142308 registers.esi: 2005865610 registers.ecx: 256	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 78 05 1f 22 56 10 2f 44 e4 a3 fd d7 cb 10 98 00 exception.instruction: js 0x478c211 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x478c20a registers.esp: 61142312 registers.edi: 110744 registers.eax: 2 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 61142308 registers.esi: 2005865610 registers.ecx: 256	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 0b 00 93 2b 90 d8 76 f2 b4 16 e8 99 b9 00 5b exception.instruction: mov dword ptr [ebx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x478c258 registers.esp: 61142316 registers.edi: 110744 registers.eax: 4 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 56684 registers.esi: 2005865610 registers.ecx: 61145092	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 1e 1f 3b e8 6e 27 52 8f 53 2a 21 fd 54 f1 00 exception.instruction: mov dword ptr [esi], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x478c29d registers.esp: 61142316 registers.edi: 110744 registers.eax: 4 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 74969088 registers.esi: 35714 registers.ecx: 61145092	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 74 06 03 b2 d0 39 01 32 24 b4 56 00 81 f9 c3 b9 exception.instruction: je 0x478c2e7 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x478c2df registers.esp: 61142312 registers.edi: 110744 registers.eax: 4 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 256 registers.esi: 61142308 registers.ecx: 61145092	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 04 32 13 6d 50 28 3b 8d c3 17 3b 85 01 02 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x478c309 registers.esp: 61142320 registers.edi: 110744 registers.eax: 4 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 74969088 registers.esi: 2005865610 registers.ecx: 61145092	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 75 0b 1c 8a 56 91 06 61 81 bd 6e f6 83 fa 1c f0 exception.instruction: jne 0x478c1e1 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x478c1d4 registers.esp: 61142312 registers.edi: 110744 registers.eax: 4 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 74969088 registers.esi: 61142308 registers.ecx: 256	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 78 05 1f 22 56 10 2f 44 e4 a3 fd d7 cb 10 98 00 exception.instruction: js 0x478c211 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x478c20a registers.esp: 61142312 registers.edi: 110744 registers.eax: 4 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 61142308 registers.esi: 2005865610 registers.ecx: 256	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 78 05 1f 22 56 10 2f 44 e4 a3 fd d7 cb 10 98 00 exception.instruction: js 0x478c211 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x478c20a registers.esp: 61142312 registers.edi: 110744 registers.eax: 5 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 61142308 registers.esi: 2005865610 registers.ecx: 256	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 78 05 1f 22 56 10 2f 44 e4 a3 fd d7 cb 10 98 00 exception.instruction: js 0x478c211 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x478c20a registers.esp: 61142312 registers.edi: 110744 registers.eax: 6 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 61142308 registers.esi: 2005865610 registers.ecx: 256	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 0b 00 93 2b 90 d8 76 f2 b4 16 e8 99 b9 00 5b exception.instruction: mov dword ptr [ebx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x478c258 registers.esp: 61142316 registers.edi: 110744 registers.eax: 8 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 56684 registers.esi: 2005865610 registers.ecx: 61145096	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 1e 1f 3b e8 6e 27 52 8f 53 2a 21 fd 54 f1 00 exception.instruction: mov dword ptr [esi], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x478c29d registers.esp: 61142316 registers.edi: 110744 registers.eax: 8 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 74969088 registers.esi: 35714 registers.ecx: 61145096	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 74 06 03 b2 d0 39 01 32 24 b4 56 00 81 f9 c3 b9 exception.instruction: je 0x478c2e7 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x478c2df registers.esp: 61142312 registers.edi: 110744 registers.eax: 8 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 256 registers.esi: 61142308 registers.ecx: 61145096	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 04 32 13 6d 50 28 3b 8d c3 17 3b 85 01 02 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x478c309 registers.esp: 61142320 registers.edi: 110744 registers.eax: 8 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 74969088 registers.esi: 2005865610 registers.ecx: 61145096	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 75 0b 1c 8a 56 91 06 61 81 bd 6e f6 83 fa 1c f0 exception.instruction: jne 0x478c1e1 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x478c1d4 registers.esp: 61142312 registers.edi: 110744 registers.eax: 8 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 74969088 registers.esi: 61142308 registers.ecx: 256	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 78 05 1f 22 56 10 2f 44 e4 a3 fd d7 cb 10 98 00 exception.instruction: js 0x478c211 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x478c20a registers.esp: 61142312 registers.edi: 110744 registers.eax: 8 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 61142308 registers.esi: 2005865610 registers.ecx: 256	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 78 05 1f 22 56 10 2f 44 e4 a3 fd d7 cb 10 98 00 exception.instruction: js 0x478c211 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x478c20a registers.esp: 61142312 registers.edi: 110744 registers.eax: 9 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 61142308 registers.esi: 2005865610 registers.ecx: 256	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 78 05 1f 22 56 10 2f 44 e4 a3 fd d7 cb 10 98 00 exception.instruction: js 0x478c211 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x478c20a registers.esp: 61142312 registers.edi: 110744 registers.eax: 10 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 61142308 registers.esi: 2005865610 registers.ecx: 256	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 0b 00 93 2b 90 d8 76 f2 b4 16 e8 99 b9 00 5b exception.instruction: mov dword ptr [ebx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x478c258 registers.esp: 61142316 registers.edi: 110744 registers.eax: 12 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 56684 registers.esi: 2005865610 registers.ecx: 61145100	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 1e 1f 3b e8 6e 27 52 8f 53 2a 21 fd 54 f1 00 exception.instruction: mov dword ptr [esi], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x478c29d registers.esp: 61142316 registers.edi: 110744 registers.eax: 12 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 74969088 registers.esi: 35714 registers.ecx: 61145100	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 74 06 03 b2 d0 39 01 32 24 b4 56 00 81 f9 c3 b9 exception.instruction: je 0x478c2e7 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x478c2df registers.esp: 61142312 registers.edi: 110744 registers.eax: 12 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 256 registers.esi: 61142308 registers.ecx: 61145100	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 04 32 13 6d 50 28 3b 8d c3 17 3b 85 01 02 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x478c309 registers.esp: 61142320 registers.edi: 110744 registers.eax: 12 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 74969088 registers.esi: 2005865610 registers.ecx: 61145100	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 75 0b 1c 8a 56 91 06 61 81 bd 6e f6 83 fa 1c f0 exception.instruction: jne 0x478c1e1 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x478c1d4 registers.esp: 61142312 registers.edi: 110744 registers.eax: 12 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 74969088 registers.esi: 61142308 registers.ecx: 256	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 78 05 1f 22 56 10 2f 44 e4 a3 fd d7 cb 10 98 00 exception.instruction: js 0x478c211 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x478c20a registers.esp: 61142312 registers.edi: 110744 registers.eax: 12 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 61142308 registers.esi: 2005865610 registers.ecx: 256	1
__exception__ July 20, 2023, 5:07 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 78 05 1f 22 56 10 2f 44 e4 a3 fd d7 cb 10 98 00 exception.instruction: js 0x478c211 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x478c20a registers.esp: 61142312 registers.edi: 110744 registers.eax: 13 registers.ebp: 61142332 registers.edx: 74969088 registers.ebx: 61142308 registers.esi: 2005865610 registers.ecx: 256	1

Allocates read-write-execute memory (usually to unpack itself) (3 events)

Time & API	Arguments	Status
NtProtectVirtualMemory July 20, 2023, 5:06 p.m.	process_identifier: 2080 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10004000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 20, 2023, 5:06 p.m.	process_identifier: 2080 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10004000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 20, 2023, 5:06 p.m.	process_identifier: 2080 region_size: 19324928 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03f40000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

Creates executable files on the filesystem (3 events)

file	C:\Users\test22\AppData\Local\Temp\Yardarm\ledegigts\Mytholog\Represents\lang-1071.dll
file	C:\Users\test22\AppData\Local\Temp\nstEFC6.tmp\nsExec.dll
file	C:\Users\test22\AppData\Local\Temp\nstEFC6.tmp\System.dll

Creates hidden or system file (50 out of 589 events)

Time & API	Arguments	Status	Return	Repeated
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0
SetFileAttributesW July 20, 2023, 5:06 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor filepath: C:\Users\test22\AppData\Roaming\Barberblades\Armlnenes.Jor		0	0

Creates a shortcut to an executable file (1 event)

file	C:\Users\test22\AppData\Local\Slotsforvalter\Sennelss\Underskrevet\Handelsomstning.lnk

Creates a suspicious process (46 events)

cmdline	cmd.exe /c set /a "216^177"
cmdline	cmd.exe /c set /a "198^177"
cmdline	cmd.exe /c set /a "201^177"
cmdline	cmd.exe /c set /a "159^177"
cmdline	cmd.exe /c set /a "131^177"
cmdline	cmd.exe /c set /a "210^177"
cmdline	cmd.exe /c set /a "152^177"
cmdline	cmd.exe /c set /a "208^177"
cmdline	cmd.exe /c set /a "221^177"
cmdline	cmd.exe /c set /a "226^177"
cmdline	cmd.exe /c set /a "128^177"
cmdline	cmd.exe /c set /a "137^177"
cmdline	cmd.exe /c set /a "194^177"
cmdline	cmd.exe /c set /a "230^177"
cmdline	cmd.exe /c set /a "196^177"
cmdline	cmd.exe /c set /a "195^177"
cmdline	cmd.exe /c set /a "145^177"
cmdline	cmd.exe /c set /a "132^177"
cmdline	cmd.exe /c set /a "247^177"
cmdline	cmd.exe /c set /a "136^177"
cmdline	cmd.exe /c set /a "253^177"
cmdline	cmd.exe /c set /a "130^177"
cmdline	cmd.exe /c set /a "133^177"
cmdline	cmd.exe /c set /a "139^177"
cmdline	cmd.exe /c set /a "212^177"
cmdline	cmd.exe /c set /a "255^177"
cmdline	cmd.exe /c set /a "135^177"
cmdline	cmd.exe /c set /a "141^177"
cmdline	cmd.exe /c set /a "129^177"
cmdline	cmd.exe /c set /a "250^177"
cmdline	cmd.exe /c set /a "155^177"
cmdline	cmd.exe /c set /a "220^177"
cmdline	cmd.exe /c set /a "153^177"
cmdline	cmd.exe /c set /a "227^177"
cmdline	cmd.exe /c set /a "157^177"
cmdline	cmd.exe /c set /a "244^177"
cmdline	cmd.exe /c set /a "134^177"
cmdline	cmd.exe /c set /a "225^177"
cmdline	cmd.exe /c set /a "242^177"
cmdline	cmd.exe /c set /a "231^177"
cmdline	cmd.exe /c set /a "222^177"
cmdline	cmd.exe /c set /a "223^177"
cmdline	cmd.exe /c set /a "213^177"
cmdline	cmd.exe /c set /a "197^177"
cmdline	cmd.exe /c set /a "240^177"
cmdline	cmd.exe /c set /a "193^177"

Drops an executable to the user AppData folder (3 events)

file	C:\Users\test22\AppData\Local\Temp\nstEFC6.tmp\System.dll
file	C:\Users\test22\AppData\Local\Temp\nstEFC6.tmp\nsExec.dll
file	C:\Users\test22\AppData\Local\Temp\Yardarm\ledegigts\Mytholog\Represents\lang-1071.dll

Queries for potentially installed applications (2 events)

Time & API	Arguments	Status	Return	Repeated
RegOpenKeyExA July 20, 2023, 5:06 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Moderationers\Patronization152\Energiforsyningen base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Moderationers\Patronization152\Energiforsyningen		2	0
RegOpenKeyExA July 20, 2023, 5:06 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Moderationers\Patronization152\Energiforsyningen base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Moderationers\Patronization152\Energiforsyningen		2	0

File has been identified by 14 AntiVirus engines on VirusTotal as malicious (14 events)

Bkav	W32.AIDetectMalware
CrowdStrike	win/malicious_confidence_90% (W)
Symantec	Trojan.Gen.2
Elastic	malicious (high confidence)
ESET-NOD32	NSIS/Injector.ASH
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Makoob.gen
Avast	NSIS:InjectorX-gen [Trj]
Microsoft	Trojan:Script/Phonzy.B!ml
ZoneAlarm	HEUR:Trojan.Win32.Makoob.gen
Panda	Trj/Chgt.AD
AVG	NSIS:InjectorX-gen [Trj]
DeepInstinct	MALICIOUS

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ July 20, 2023, 5:07 p.m.	tid: 2240 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

ChromeSetup.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All