Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 28, 2023, 2:05 p.m.	July 28, 2023, 2:14 p.m.

Size	175.2KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`c12fbddc2c7ae2eb6b4431bb52646d4d`
SHA256	`aad4997c066612869506d530ae0715ea9afcb84289731fe7150e71d463cc0785`
CRC32	`ED962CE7`
ssdeep	`3072:nwDijpS4DbYcr8bsDWMqE0I/PgQsU9+fFmll+TfvHpdLcxydWebIJ3yY7qzNwve0:nFPeBU/PgQsOWzLgAdE3y0qhYe0`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

vbc.exe "C:\Users\test22\AppData\Local\Temp\vbc.exe"
2564
- cmd.exe cmd.exe /c set /a "250^177"
  2692
- cmd.exe cmd.exe /c set /a "244^177"
  2764
- cmd.exe cmd.exe /c set /a "227^177"
  2836
- cmd.exe cmd.exe /c set /a "255^177"
  2896
- cmd.exe cmd.exe /c set /a "244^177"
  2956
- cmd.exe cmd.exe /c set /a "253^177"
  3016
- cmd.exe cmd.exe /c set /a "130^177"
  744
- cmd.exe cmd.exe /c set /a "131^177"
  1384
- cmd.exe cmd.exe /c set /a "139^177"
  2136
- cmd.exe cmd.exe /c set /a "139^177"
  2216
- cmd.exe cmd.exe /c set /a "242^177"
  2316
- cmd.exe cmd.exe /c set /a "195^177"
  2520
- cmd.exe cmd.exe /c set /a "212^177"
  2596
- cmd.exe cmd.exe /c set /a "208^177"
  2760
- cmd.exe cmd.exe /c set /a "197^177"
  2644
- cmd.exe cmd.exe /c set /a "212^177"
  2868
- cmd.exe cmd.exe /c set /a "247^177"
  2952
- cmd.exe cmd.exe /c set /a "216^177"
  3032
- cmd.exe cmd.exe /c set /a "221^177"
  940
- cmd.exe cmd.exe /c set /a "212^177"
  1264
- cmd.exe cmd.exe /c set /a "240^177"
  2256
- cmd.exe cmd.exe /c set /a "153^177"
  2440
- cmd.exe cmd.exe /c set /a "220^177"
  2600
- cmd.exe cmd.exe /c set /a "145^177"
  2592
- cmd.exe cmd.exe /c set /a "195^177"
  2360
- cmd.exe cmd.exe /c set /a "133^177"
  2908
- cmd.exe cmd.exe /c set /a "145^177"
  3020
- cmd.exe cmd.exe /c set /a "157^177"
  2072
- cmd.exe cmd.exe /c set /a "145^177"
  2264
- cmd.exe cmd.exe /c set /a "216^177"
  2576
- cmd.exe cmd.exe /c set /a "145^177"
  2580
- cmd.exe cmd.exe /c set /a "129^177"
  2828
- cmd.exe cmd.exe /c set /a "201^177"
  2988
- cmd.exe cmd.exe /c set /a "137^177"
  2100
- cmd.exe cmd.exe /c set /a "129^177"
  2208
- cmd.exe cmd.exe /c set /a "129^177"
  2684
- cmd.exe cmd.exe /c set /a "129^177"
  2852
- cmd.exe cmd.exe /c set /a "129^177"
  3056
- cmd.exe cmd.exe /c set /a "129^177"
  2064
- cmd.exe cmd.exe /c set /a "129^177"
  2532
- cmd.exe cmd.exe /c set /a "129^177"
  2804
- cmd.exe cmd.exe /c set /a "157^177"
  2972
- cmd.exe cmd.exe /c set /a "145^177"
  2124
- cmd.exe cmd.exe /c set /a "216^177"
  2708
- cmd.exe cmd.exe /c set /a "145^177"
  2892
- cmd.exe cmd.exe /c set /a "129^177"
  1536
- cmd.exe cmd.exe /c set /a "157^177"
  3052
- cmd.exe cmd.exe /c set /a "145^177"
  2220
- cmd.exe cmd.exe /c set /a "193^177"
  1576
- cmd.exe cmd.exe /c set /a "145^177"
  300
- cmd.exe cmd.exe /c set /a "129^177"
  1508
- cmd.exe cmd.exe /c set /a "157^177"
  1596
- cmd.exe cmd.exe /c set /a "145^177"
  2212
- cmd.exe cmd.exe /c set /a "216^177"
  2120
- cmd.exe cmd.exe /c set /a "145^177"
  2784
- cmd.exe cmd.exe /c set /a "133^177"
  1080
- cmd.exe cmd.exe /c set /a "157^177"
  2280
- cmd.exe cmd.exe /c set /a "145^177"
  2284
- cmd.exe cmd.exe /c set /a "216^177"
  2812
- cmd.exe cmd.exe /c set /a "145^177"
  504
- cmd.exe cmd.exe /c set /a "129^177"
  196
- cmd.exe cmd.exe /c set /a "201^177"
  3080
- cmd.exe cmd.exe /c set /a "137^177"
  3140
- cmd.exe cmd.exe /c set /a "129^177"
  3200
- cmd.exe cmd.exe /c set /a "157^177"
  3260
- cmd.exe cmd.exe /c set /a "145^177"
  3320
- cmd.exe cmd.exe /c set /a "216^177"
  3384
- cmd.exe cmd.exe /c set /a "145^177"
  3444
- cmd.exe cmd.exe /c set /a "129^177"
  3504
- cmd.exe cmd.exe /c set /a "152^177"
  3564
- cmd.exe cmd.exe /c set /a "216^177"
  3624
- cmd.exe cmd.exe /c set /a "159^177"
  3688
- cmd.exe cmd.exe /c set /a "195^177"
  3748
- cmd.exe cmd.exe /c set /a "132^177"
  3808
- cmd.exe cmd.exe /c set /a "141^177"
  3868
- cmd.exe cmd.exe /c set /a "250^177"
  3928
- cmd.exe cmd.exe /c set /a "244^177"
  3988
- cmd.exe cmd.exe /c set /a "227^177"
  4048
- cmd.exe cmd.exe /c set /a "255^177"
  2312
- cmd.exe cmd.exe /c set /a "244^177"
  3156
- cmd.exe cmd.exe /c set /a "253^177"
  3276
- cmd.exe cmd.exe /c set /a "130^177"
  3348
- cmd.exe cmd.exe /c set /a "131^177"
  3440
- cmd.exe cmd.exe /c set /a "139^177"
  3524
- cmd.exe cmd.exe /c set /a "139^177"
  3592
- cmd.exe cmd.exe /c set /a "231^177"
  3656
- cmd.exe cmd.exe /c set /a "216^177"
  3732
- cmd.exe cmd.exe /c set /a "195^177"
  3820
- cmd.exe cmd.exe /c set /a "197^177"
  3908
- cmd.exe cmd.exe /c set /a "196^177"
  3932
- cmd.exe cmd.exe /c set /a "208^177"
  4068
- cmd.exe cmd.exe /c set /a "221^177"
  3116
- cmd.exe cmd.exe /c set /a "240^177"
  1316
- cmd.exe cmd.exe /c set /a "221^177"
  3220
- cmd.exe cmd.exe /c set /a "221^177"
  3352
- cmd.exe cmd.exe /c set /a "222^177"
  3388
- cmd.exe cmd.exe /c set /a "210^177"
  3560
- cmd.exe cmd.exe /c set /a "153^177"
  3644
- cmd.exe cmd.exe /c set /a "216^177"
  3764
- cmd.exe cmd.exe /c set /a "145^177"
  3884
- cmd.exe cmd.exe /c set /a "129^177"
  3916
- cmd.exe cmd.exe /c set /a "157^177"
  2168
- cmd.exe cmd.exe /c set /a "216^177"
  1156
- cmd.exe cmd.exe /c set /a "145^177"
  3196
- cmd.exe cmd.exe /c set /a "135^177"
  3364
- cmd.exe cmd.exe /c set /a "128^177"
  3484
- cmd.exe cmd.exe /c set /a "129^177"
  3540
- cmd.exe cmd.exe /c set /a "133^177"
  3776
- cmd.exe cmd.exe /c set /a "135^177"
  4020
- cmd.exe cmd.exe /c set /a "134^177"
  1332
- cmd.exe cmd.exe /c set /a "137^177"
  3184
- cmd.exe cmd.exe /c set /a "133^177"
  3424
- cmd.exe cmd.exe /c set /a "157^177"
  3552
- cmd.exe cmd.exe /c set /a "145^177"
  3856
- cmd.exe cmd.exe /c set /a "216^177"
  4036
- cmd.exe cmd.exe /c set /a "145^177"
  936
- cmd.exe cmd.exe /c set /a "129^177"
  3292
- cmd.exe cmd.exe /c set /a "201^177"
  3684
- cmd.exe cmd.exe /c set /a "130^177"
  3880
- cmd.exe cmd.exe /c set /a "129^177"
  3960
- cmd.exe cmd.exe /c set /a "129^177"
  3612
- cmd.exe cmd.exe /c set /a "129^177"
  4032
- cmd.exe cmd.exe /c set /a "157^177"
  3236
- cmd.exe cmd.exe /c set /a "145^177"
  3532
- cmd.exe cmd.exe /c set /a "216^177"
  4044
- cmd.exe cmd.exe /c set /a "145^177"
  3428
- cmd.exe cmd.exe /c set /a "129^177"
  3736
- cmd.exe cmd.exe /c set /a "201^177"
  1016
- cmd.exe cmd.exe /c set /a "133^177"
  4084
- cmd.exe cmd.exe /c set /a "129^177"
  3180
- cmd.exe cmd.exe /c set /a "152^177"
  4140
- cmd.exe cmd.exe /c set /a "193^177"
  4200
- cmd.exe cmd.exe /c set /a "159^177"
  4260
- cmd.exe cmd.exe /c set /a "195^177"
  4320
- cmd.exe cmd.exe /c set /a "128^177"
  4380
- cmd.exe cmd.exe /c set /a "141^177"
  4440
- cmd.exe cmd.exe /c set /a "250^177"
  4524
- cmd.exe cmd.exe /c set /a "244^177"
  4584
- cmd.exe cmd.exe /c set /a "227^177"
  4644
- cmd.exe cmd.exe /c set /a "255^177"
  4704
- cmd.exe cmd.exe /c set /a "244^177"
  4764
- cmd.exe cmd.exe /c set /a "253^177"
  4824
- cmd.exe cmd.exe /c set /a "130^177"
  4884
- cmd.exe cmd.exe /c set /a "131^177"
  4944
- cmd.exe cmd.exe /c set /a "139^177"
  5004
- cmd.exe cmd.exe /c set /a "139^177"
  5064
- cmd.exe cmd.exe /c set /a "226^177"
  4100
- cmd.exe cmd.exe /c set /a "212^177"
  4180
- cmd.exe cmd.exe /c set /a "197^177"
  4204
- cmd.exe cmd.exe /c set /a "247^177"
  4332
- cmd.exe cmd.exe /c set /a "216^177"
  4424
- cmd.exe cmd.exe /c set /a "221^177"
  4504
- cmd.exe cmd.exe /c set /a "212^177"
  4528
- cmd.exe cmd.exe /c set /a "225^177"
  4656
- cmd.exe cmd.exe /c set /a "222^177"
  4748
- cmd.exe cmd.exe /c set /a "216^177"
  4800
- cmd.exe cmd.exe /c set /a "223^177"
  4916
- cmd.exe cmd.exe /c set /a "197^177"
  4992
- cmd.exe cmd.exe /c set /a "212^177"
  3904
- cmd.exe cmd.exe /c set /a "195^177"
  4244
- cmd.exe cmd.exe /c set /a "153^177"
  4360
- cmd.exe cmd.exe /c set /a "216^177"
  4452
- cmd.exe cmd.exe /c set /a "145^177"
  4564
- cmd.exe cmd.exe /c set /a "195^177"
  4736
- cmd.exe cmd.exe /c set /a "132^177"
  4856
- cmd.exe cmd.exe /c set /a "157^177"
  4920
- cmd.exe cmd.exe /c set /a "145^177"
  5060
- cmd.exe cmd.exe /c set /a "216^177"
  4280
- cmd.exe cmd.exe /c set /a "145^177"
  4420
- cmd.exe cmd.exe /c set /a "135^177"
  4568
- cmd.exe cmd.exe /c set /a "134^177"
  4744
- cmd.exe cmd.exe /c set /a "134^177"
  4872
- cmd.exe cmd.exe /c set /a "145^177"
  5016
- cmd.exe cmd.exe /c set /a "157^177"
  4212
- cmd.exe cmd.exe /c set /a "145^177"
  4384
- cmd.exe cmd.exe /c set /a "216^177"
  4692
- cmd.exe cmd.exe /c set /a "145^177"
  4912
- cmd.exe cmd.exe /c set /a "129^177"
  4160
- cmd.exe cmd.exe /c set /a "157^177"
  4436
- cmd.exe cmd.exe /c set /a "216^177"
  4792
- cmd.exe cmd.exe /c set /a "145^177"
  4308
- cmd.exe cmd.exe /c set /a "129^177"
  4396
- cmd.exe cmd.exe /c set /a "152^177"
  4188
- cmd.exe cmd.exe /c set /a "216^177"
  4588
- cmd.exe cmd.exe /c set /a "159^177"
  4680
- cmd.exe cmd.exe /c set /a "195^177"
  4540
- cmd.exe cmd.exe /c set /a "130^177"
  2128
- cmd.exe cmd.exe /c set /a "141^177"
  4828
- cmd.exe cmd.exe /c set /a "250^177"
  2140
- cmd.exe cmd.exe /c set /a "244^177"
  5140
- cmd.exe cmd.exe /c set /a "227^177"
  5224
- cmd.exe cmd.exe /c set /a "255^177"
  5284
- cmd.exe cmd.exe /c set /a "244^177"
  5344
- cmd.exe cmd.exe /c set /a "253^177"
  5404
- cmd.exe cmd.exe /c set /a "130^177"
  5464
- cmd.exe cmd.exe /c set /a "131^177"
  5524
- cmd.exe cmd.exe /c set /a "139^177"
  5584
- cmd.exe cmd.exe /c set /a "139^177"
  5644
- cmd.exe cmd.exe /c set /a "227^177"
  5704
- cmd.exe cmd.exe /c set /a "212^177"
  5764
- cmd.exe cmd.exe /c set /a "208^177"
  5824
- cmd.exe cmd.exe /c set /a "213^177"
  5884
- cmd.exe cmd.exe /c set /a "247^177"
  5944
- cmd.exe cmd.exe /c set /a "216^177"
  6004
- cmd.exe cmd.exe /c set /a "221^177"
  6064
- cmd.exe cmd.exe /c set /a "212^177"
  6124
- cmd.exe cmd.exe /c set /a "153^177"
  5168
- cmd.exe cmd.exe /c set /a "216^177"
  5256
- cmd.exe cmd.exe /c set /a "145^177"
  5340
- cmd.exe cmd.exe /c set /a "195^177"
  5424
- cmd.exe cmd.exe /c set /a "132^177"
  5492
- cmd.exe cmd.exe /c set /a "157^177"
  5568
- cmd.exe cmd.exe /c set /a "145^177"
  5664
- cmd.exe cmd.exe /c set /a "216^177"
  5744
- cmd.exe cmd.exe /c set /a "145^177"
  5768
- cmd.exe cmd.exe /c set /a "195^177"
  5896
- cmd.exe cmd.exe /c set /a "128^177"
  5992
- cmd.exe cmd.exe /c set /a "157^177"
  6008
- cmd.exe cmd.exe /c set /a "145^177"
  6128
- cmd.exe cmd.exe /c set /a "216^177"
  5268
- cmd.exe cmd.exe /c set /a "145^177"
  5400
- cmd.exe cmd.exe /c set /a "135^177"
  5408
- cmd.exe cmd.exe /c set /a "128^177"
  5624
- cmd.exe cmd.exe /c set /a "129^177"
  5716
- cmd.exe cmd.exe /c set /a "133^177"
  5836
- cmd.exe cmd.exe /c set /a "135^177"
  5920
- cmd.exe cmd.exe /c set /a "134^177"
  6048
- cmd.exe cmd.exe /c set /a "137^177"
  5136
- cmd.exe cmd.exe /c set /a "133^177"
  5448
- cmd.exe cmd.exe /c set /a "157^177"
  5604
- cmd.exe cmd.exe /c set /a "155^177"
  5740
- cmd.exe cmd.exe /c set /a "216^177"
  5860
- cmd.exe cmd.exe /c set /a "145^177"
  6016
- cmd.exe cmd.exe /c set /a "129^177"
  5220
- cmd.exe cmd.exe /c set /a "157^177"
  5468
- cmd.exe cmd.exe /c set /a "145^177"
  5596
- cmd.exe cmd.exe /c set /a "216^177"
  5844
- cmd.exe cmd.exe /c set /a "145^177"
  6000
- cmd.exe cmd.exe /c set /a "129^177"
  4560
- cmd.exe cmd.exe /c set /a "152^177"
  5828
- cmd.exe cmd.exe /c set /a "216^177"
  5156
- cmd.exe cmd.exe /c set /a "159^177"
  5588
- cmd.exe cmd.exe /c set /a "195^177"
  5868
- cmd.exe cmd.exe /c set /a "130^177"
  5272
- cmd.exe cmd.exe /c set /a "141^177"
  5688
- cmd.exe cmd.exe /c set /a "196^177"
  5496
- cmd.exe cmd.exe /c set /a "194^177"
  5188
- cmd.exe cmd.exe /c set /a "212^177"
  672
- cmd.exe cmd.exe /c set /a "195^177"
  6160
- cmd.exe cmd.exe /c set /a "130^177"
  6288
- cmd.exe cmd.exe /c set /a "131^177"
  6364
- cmd.exe cmd.exe /c set /a "139^177"
  6436
- cmd.exe cmd.exe /c set /a "139^177"
  6504
- cmd.exe cmd.exe /c set /a "242^177"
  6568
- cmd.exe cmd.exe /c set /a "208^177"
  6628
- cmd.exe cmd.exe /c set /a "221^177"
  6688
- cmd.exe cmd.exe /c set /a "221^177"
  6748
- cmd.exe cmd.exe /c set /a "230^177"
  6808
- cmd.exe cmd.exe /c set /a "216^177"
  6868
- cmd.exe cmd.exe /c set /a "223^177"
  6928
- cmd.exe cmd.exe /c set /a "213^177"
  6996
- cmd.exe cmd.exe /c set /a "222^177"
  7056
- cmd.exe cmd.exe /c set /a "198^177"
  7116
- cmd.exe cmd.exe /c set /a "225^177"
  6172
- cmd.exe cmd.exe /c set /a "195^177"
  6284
- cmd.exe cmd.exe /c set /a "222^177"
  6352
- cmd.exe cmd.exe /c set /a "210^177"
  6404
- cmd.exe cmd.exe /c set /a "240^177"
  6520
- cmd.exe cmd.exe /c set /a "153^177"
  6596
- cmd.exe cmd.exe /c set /a "216^177"
  1244
- cmd.exe cmd.exe /c set /a "145^177"
  6736
- cmd.exe cmd.exe /c set /a "195^177"
  732
- cmd.exe cmd.exe /c set /a "128^177"
  1788
- cmd.exe cmd.exe /c set /a "145^177"
  6940
- cmd.exe cmd.exe /c set /a "157^177"
  7024
- cmd.exe cmd.exe /c set /a "216^177"
  7100
- cmd.exe cmd.exe /c set /a "145^177"
  1800
- cmd.exe cmd.exe /c set /a "129^177"
  6212
- cmd.exe cmd.exe /c set /a "157^177"
  6292
- cmd.exe cmd.exe /c set /a "216^177"
  6440
- cmd.exe cmd.exe /c set /a "145^177"
  6516
- cmd.exe cmd.exe /c set /a "129^177"
  6708
- cmd.exe cmd.exe /c set /a "157^177"
  6780
- cmd.exe cmd.exe /c set /a "145^177"
  1868
- cmd.exe cmd.exe /c set /a "216^177"
  6880
- cmd.exe cmd.exe /c set /a "145^177"
  5388
- cmd.exe cmd.exe /c set /a "129^177"
  7072
- cmd.exe cmd.exe /c set /a "157^177"
  6188
- cmd.exe cmd.exe /c set /a "145^177"
  6304
- cmd.exe cmd.exe /c set /a "216^177"
  6448
- cmd.exe cmd.exe /c set /a "129^177"
  1432
- cmd.exe cmd.exe /c set /a "152^177"
  1808
- cmd.exe cmd.exe /c set /a "141^177"
  1804
explorer.exe C:\Windows\Explorer.EXE
1452

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 28, 2023, 2:05 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 55200 events)

Time & API	Arguments	Status
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 9c d8 19 68 2a ee f8 b4 81 34 24 3b 72 82 13 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x62e5aeb registers.esp: 58128172 registers.edi: 107032 registers.eax: 5373416 registers.ebp: 58128172 registers.edx: 103698432 registers.ebx: 103698432 registers.esi: 1995838602 registers.ecx: 103701173	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 33 8f d0 57 c4 05 f0 46 ab e2 e7 56 5f 87 b9 exception.instruction: mov dword ptr [ebx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x62e5b21 registers.esp: 58128164 registers.edi: 107032 registers.eax: 5373416 registers.ebp: 58128172 registers.edx: 103698432 registers.ebx: 8936 registers.esi: 1995838602 registers.ecx: 103701173	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 30 8f 9d 2d 1b 7c 51 2e f0 97 10 aa 56 e0 f8 exception.instruction: mov dword ptr [eax], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x62f14c0 registers.esp: 58128160 registers.edi: 107032 registers.eax: 62911 registers.ebp: 58128172 registers.edx: 103698432 registers.ebx: 103698432 registers.esi: 1995838602 registers.ecx: 103701173	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 10 97 d3 d8 66 a6 f9 67 d8 03 77 8b c9 00 58 exception.instruction: mov dword ptr [eax], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x62f14fd registers.esp: 58128128 registers.edi: 107032 registers.eax: 42729 registers.ebp: 58128172 registers.edx: 103698432 registers.ebx: 103698432 registers.esi: 1995838602 registers.ecx: 103701173	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 8d e8 eb 1f b2 5f bb 7c a7 6a 22 7c a6 65 70 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x62f152a registers.esp: 58128132 registers.edi: 107032 registers.eax: 5373416 registers.ebp: 58128172 registers.edx: 103698432 registers.ebx: 103698432 registers.esi: 1995838602 registers.ecx: 108	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 11 8a f2 eb b1 dd ee 86 14 fe 81 10 95 1b 80 exception.instruction: mov dword ptr [ecx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x62f156f registers.esp: 58128124 registers.edi: 107032 registers.eax: 5373416 registers.ebp: 58128172 registers.edx: 103698432 registers.ebx: 103698432 registers.esi: 1995838602 registers.ecx: 5275	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 72 02 90 f0 a7 27 ed 00 85 c8 58 84 c9 59 51 8b exception.instruction: jb 0x62f15ba exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x62f15b6 registers.esp: 58128120 registers.edi: 107032 registers.eax: 58128116 registers.ebp: 58128172 registers.edx: 103698432 registers.ebx: 103698432 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 13 94 3b 78 3a 6d 7f d3 43 6a 00 5b 68 86 c0 exception.instruction: mov dword ptr [ebx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x62f15e9 registers.esp: 58128120 registers.edi: 107032 registers.eax: 5373416 registers.ebp: 58128172 registers.edx: 103698432 registers.ebx: 36586 registers.esi: 1995838602 registers.ecx: 103701173	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 19 91 98 82 32 59 5b 00 59 ba 53 6c 7e 96 e8 exception.instruction: mov dword ptr [ecx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x62f162a registers.esp: 58128116 registers.edi: 107032 registers.eax: 5373416 registers.ebp: 58128172 registers.edx: 103698432 registers.ebx: 103698432 registers.esi: 1995838602 registers.ecx: 21006	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 1b 89 96 d6 83 cc 25 a7 cf e9 ca df 0f 36 94 exception.instruction: mov dword ptr [ebx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x62f1667 registers.esp: 58128116 registers.edi: 1157818024 registers.eax: 1995635376 registers.ebp: 58128172 registers.edx: 1995596250 registers.ebx: 62357 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 93 16 ce df 47 6d dc f8 de 03 cc 89 e3 50 3b exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x62f1685 registers.esp: 58128120 registers.edi: 2365609968 registers.eax: 1995635376 registers.ebp: 58128172 registers.edx: 1995596250 registers.ebx: 1137500821 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 89 e3 50 3b 12 62 65 29 66 43 af 41 60 74 56 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x62f1690 registers.esp: 58128120 registers.edi: 2365609968 registers.eax: 1995635376 registers.ebp: 58128172 registers.edx: 1995596250 registers.ebx: 1137500821 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 94 70 fb 04 38 d8 f6 9e 37 3b 23 01 fc 8b bd exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x62f16a7 registers.esp: 58128120 registers.edi: 12 registers.eax: 1995635376 registers.ebp: 58128172 registers.edx: 1995596250 registers.ebx: 1137500821 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 36 8e e9 03 40 07 d0 f5 c0 74 f8 58 2d 93 19 exception.instruction: mov dword ptr [esi], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x62f16e5 registers.esp: 58128124 registers.edi: 107032 registers.eax: 1995635376 registers.ebp: 58128172 registers.edx: 1995596250 registers.ebx: 1137500821 registers.esi: 49927 registers.ecx: 182	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 17 90 2b 67 63 5a 00 5f c7 85 48 01 00 00 0a exception.instruction: mov dword ptr [edi], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x62f17a3 registers.esp: 58128112 registers.edi: 50139 registers.eax: 1995635376 registers.ebp: 58128172 registers.edx: 1995596250 registers.ebx: 58128496 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 36 8a d7 e9 88 c5 a0 6f d9 57 3c 30 c5 99 a8 exception.instruction: mov dword ptr [esi], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x62f17ce registers.esp: 58128112 registers.edi: 107032 registers.eax: 1995635376 registers.ebp: 58128172 registers.edx: 1995596250 registers.ebx: 58128496 registers.esi: 26178 registers.ecx: 182	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 70 07 8b 34 ca eb 5a 75 7e e9 a7 2f b2 0e 61 c6 exception.instruction: jo 0x62f1826 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x62f181d registers.esp: 58128108 registers.edi: 107032 registers.eax: 1995635376 registers.ebp: 58128172 registers.edx: 1995596250 registers.ebx: 58128496 registers.esi: 58128104 registers.ecx: 256	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 7a 04 91 18 79 7c 9a 5b 00 81 7d 48 71 a9 00 00 exception.instruction: jp 0x62f186e exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x62f1868 registers.esp: 58128108 registers.edi: 107032 registers.eax: 256 registers.ebp: 58128172 registers.edx: 58128104 registers.ebx: 58128496 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 7a 0d 8d 47 7d 64 2e 3c 94 54 6e 73 d1 d8 8f ff exception.instruction: jp 0x62f18ba exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x62f18ab registers.esp: 58128108 registers.edi: 107032 registers.eax: 256 registers.ebp: 58128172 registers.edx: 1995596250 registers.ebx: 58128104 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 75 09 89 0b 5d 7c f4 f8 5b 28 3d fb c1 82 7c 43 exception.instruction: jne 0x62f1914 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x62f1909 registers.esp: 58128108 registers.edi: 107032 registers.eax: 58128104 registers.ebp: 58128172 registers.edx: 1995596250 registers.ebx: 58128496 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 12 95 3c d7 fb ae e8 fb ba 9e 96 00 5a 81 ad exception.instruction: mov dword ptr [edx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x62f1948 registers.esp: 58128112 registers.edi: 107032 registers.eax: 1995635376 registers.ebp: 58128172 registers.edx: 30485 registers.ebx: 58128496 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 88 26 ff 9b 85 69 74 c3 e5 11 d1 e2 7d 7b 99 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x62f1972 registers.esp: 58128116 registers.edi: 107032 registers.eax: 1995635376 registers.ebp: 58128172 registers.edx: 1995596250 registers.ebx: 58128500 registers.esi: 58128500 registers.ecx: 182	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 9c 34 98 e8 bf d5 00 00 56 be f5 ee 56 35 81 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x62f19a4 registers.esp: 58128104 registers.edi: 107032 registers.eax: 1995635376 registers.ebp: 58128172 registers.edx: 1995596250 registers.ebx: 58128500 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 7a 05 88 ef a2 08 c7 31 5c f4 81 1e 2e 4d a1 00 exception.instruction: jp 0x62f19dc exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x62f19d5 registers.esp: 58128124 registers.edi: 107032 registers.eax: 0 registers.ebp: 58128172 registers.edx: 103698432 registers.ebx: 58128120 registers.esi: 256 registers.ecx: 103750061	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 12 8b 08 e3 92 83 3e b2 fd 1b ca 82 17 ad 8e exception.instruction: mov dword ptr [edx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x62f1a2a registers.esp: 58128160 registers.edi: 107032 registers.eax: 3145345865 registers.ebp: 58128172 registers.edx: 58433 registers.ebx: 103698432 registers.esi: 1995838602 registers.ecx: 103701173	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 92 ea bb 98 7c d9 f6 25 c0 35 88 fd 87 5d cc exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x62f1a48 registers.esp: 58128164 registers.edi: 107032 registers.eax: 1569193352 registers.ebp: 58128172 registers.edx: 103698432 registers.ebx: 103698432 registers.esi: 1995838602 registers.ecx: 103701173	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 89 cb 12 22 e3 a5 bd 48 eb 25 b0 87 f8 e8 1b exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x62f1a57 registers.esp: 58128164 registers.edi: 107032 registers.eax: 0 registers.ebp: 58128172 registers.edx: 103698432 registers.ebx: 103698432 registers.esi: 1995838602 registers.ecx: 103701173	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 10 89 6d 27 f5 a9 ee 78 e7 e6 a3 91 a9 bb e3 exception.instruction: mov dword ptr [eax], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x62f1a78 registers.esp: 58128160 registers.edi: 107032 registers.eax: 36204 registers.ebp: 58128172 registers.edx: 103698432 registers.ebx: 103698432 registers.esi: 1995838602 registers.ecx: 103701173	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 39 8f 4a df 5a 57 30 d2 1e 6c a5 e5 a9 e6 b4 exception.instruction: mov dword ptr [ecx], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x62f1aa2 registers.esp: 58128160 registers.edi: 107032 registers.eax: 0 registers.ebp: 58128172 registers.edx: 103698432 registers.ebx: 103698432 registers.esi: 1995838602 registers.ecx: 381	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 7f 03 93 85 57 74 1c 82 e6 fd 00 66 85 c0 59 81 exception.instruction: jg 0x62f1ae9 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x62f1ae4 registers.esp: 58128152 registers.edi: 107032 registers.eax: 0 registers.ebp: 58128172 registers.edx: 256 registers.ebx: 103698432 registers.esi: 1995838602 registers.ecx: 58128148	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 75 12 8e 11 ea c3 af 50 24 2f 29 30 5f 9f 61 b6 exception.instruction: jne 0x62f1b3e exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x62f1b2a registers.esp: 58128152 registers.edi: 107032 registers.eax: 256 registers.ebp: 58128172 registers.edx: 58128148 registers.ebx: 103698432 registers.esi: 179709945 registers.ecx: 103701173	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 71 02 93 cc 8a 8f ea fd 11 81 00 85 c2 5e 66 85 exception.instruction: jno 0x62f1b83 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x62f1b7f registers.esp: 58128152 registers.edi: 107032 registers.eax: 0 registers.ebp: 58128172 registers.edx: 256 registers.ebx: 103698432 registers.esi: 58128148 registers.ecx: 103701173	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 74 0f 8e 70 2f d6 17 51 25 f7 89 6c 89 a8 46 3b exception.instruction: je 0x62f1bd5 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x62f1bc4 registers.esp: 58128152 registers.edi: 107032 registers.eax: 256 registers.ebp: 58128172 registers.edx: 103698432 registers.ebx: 103698432 registers.esi: 1995838602 registers.ecx: 58128148	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 89 98 b0 49 30 c4 d8 a8 f5 5f 78 9a 31 a5 7c exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x62f1bef registers.esp: 58128160 registers.edi: 107032 registers.eax: 4 registers.ebp: 58128172 registers.edx: 103698432 registers.ebx: 103698432 registers.esi: 1995838602 registers.ecx: 32899076	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 92 dc d4 8b 62 f9 3a d9 b8 c1 2c 24 10 51 b9 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x62f1c04 registers.esp: 58128156 registers.edi: 107032 registers.eax: 4 registers.ebp: 58128172 registers.edx: 103698432 registers.ebx: 103698432 registers.esi: 1995838602 registers.ecx: 32899076	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 71 03 90 a2 3e 5d 61 00 3d 6e 3f 2e 36 5e 84 c0 exception.instruction: jno 0x62f1c33 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x62f1c2e registers.esp: 58128148 registers.edi: 107032 registers.eax: 4 registers.ebp: 58128172 registers.edx: 103698432 registers.ebx: 103698432 registers.esi: 58128144 registers.ecx: 256	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 7e 03 90 a2 a6 9f 83 00 80 f9 35 58 84 d9 5f 3b exception.instruction: jle 0x62f1c8c exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x62f1c87 registers.esp: 58128152 registers.edi: 256 registers.eax: 58128148 registers.ebp: 58128172 registers.edx: 103698432 registers.ebx: 103698432 registers.esi: 1995838602 registers.ecx: 32899076	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 75 12 8e 11 ea c3 af 50 24 2f 29 30 5f 9f 61 b6 exception.instruction: jne 0x62f1b3e exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x62f1b2a registers.esp: 58128152 registers.edi: 107032 registers.eax: 256 registers.ebp: 58128172 registers.edx: 58128148 registers.ebx: 103698432 registers.esi: 179709945 registers.ecx: 32899076	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 71 02 93 cc 8a 8f ea fd 11 81 00 85 c2 5e 66 85 exception.instruction: jno 0x62f1b83 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x62f1b7f registers.esp: 58128152 registers.edi: 107032 registers.eax: 4 registers.ebp: 58128172 registers.edx: 256 registers.ebx: 103698432 registers.esi: 58128148 registers.ecx: 32899076	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 74 0f 8e 70 2f d6 17 51 25 f7 89 6c 89 a8 46 3b exception.instruction: je 0x62f1bd5 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x62f1bc4 registers.esp: 58128152 registers.edi: 107032 registers.eax: 256 registers.ebp: 58128172 registers.edx: 103698432 registers.ebx: 103698432 registers.esi: 1995838602 registers.ecx: 58128148	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 89 98 b0 49 30 c4 d8 a8 f5 5f 78 9a 31 a5 7c exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x62f1bef registers.esp: 58128160 registers.edi: 107032 registers.eax: 8 registers.ebp: 58128172 registers.edx: 103698432 registers.ebx: 103698432 registers.esi: 1995838602 registers.ecx: 32899080	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 92 dc d4 8b 62 f9 3a d9 b8 c1 2c 24 10 51 b9 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x62f1c04 registers.esp: 58128156 registers.edi: 107032 registers.eax: 8 registers.ebp: 58128172 registers.edx: 103698432 registers.ebx: 103698432 registers.esi: 1995838602 registers.ecx: 32899080	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 71 03 90 a2 3e 5d 61 00 3d 6e 3f 2e 36 5e 84 c0 exception.instruction: jno 0x62f1c33 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x62f1c2e registers.esp: 58128148 registers.edi: 107032 registers.eax: 8 registers.ebp: 58128172 registers.edx: 103698432 registers.ebx: 103698432 registers.esi: 58128144 registers.ecx: 256	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 7e 03 90 a2 a6 9f 83 00 80 f9 35 58 84 d9 5f 3b exception.instruction: jle 0x62f1c8c exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x62f1c87 registers.esp: 58128152 registers.edi: 256 registers.eax: 58128148 registers.ebp: 58128172 registers.edx: 103698432 registers.ebx: 103698432 registers.esi: 1995838602 registers.ecx: 32899080	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 75 12 8e 11 ea c3 af 50 24 2f 29 30 5f 9f 61 b6 exception.instruction: jne 0x62f1b3e exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x62f1b2a registers.esp: 58128152 registers.edi: 107032 registers.eax: 256 registers.ebp: 58128172 registers.edx: 58128148 registers.ebx: 103698432 registers.esi: 179709945 registers.ecx: 32899080	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 71 02 93 cc 8a 8f ea fd 11 81 00 85 c2 5e 66 85 exception.instruction: jno 0x62f1b83 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x62f1b7f registers.esp: 58128152 registers.edi: 107032 registers.eax: 8 registers.ebp: 58128172 registers.edx: 256 registers.ebx: 103698432 registers.esi: 58128148 registers.ecx: 32899080	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 74 0f 8e 70 2f d6 17 51 25 f7 89 6c 89 a8 46 3b exception.instruction: je 0x62f1bd5 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x62f1bc4 registers.esp: 58128152 registers.edi: 107032 registers.eax: 256 registers.ebp: 58128172 registers.edx: 103698432 registers.ebx: 103698432 registers.esi: 1995838602 registers.ecx: 58128148	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 89 98 b0 49 30 c4 d8 a8 f5 5f 78 9a 31 a5 7c exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x62f1bef registers.esp: 58128160 registers.edi: 107032 registers.eax: 12 registers.ebp: 58128172 registers.edx: 103698432 registers.ebx: 103698432 registers.esi: 1995838602 registers.ecx: 32899084	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 92 dc d4 8b 62 f9 3a d9 b8 c1 2c 24 10 51 b9 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x62f1c04 registers.esp: 58128156 registers.edi: 107032 registers.eax: 12 registers.ebp: 58128172 registers.edx: 103698432 registers.ebx: 103698432 registers.esi: 1995838602 registers.ecx: 32899084	1
__exception__ July 28, 2023, 2:06 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 71 03 90 a2 3e 5d 61 00 3d 6e 3f 2e 36 5e 84 c0 exception.instruction: jno 0x62f1c33 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x62f1c2e registers.esp: 58128148 registers.edi: 107032 registers.eax: 12 registers.ebp: 58128172 registers.edx: 103698432 registers.ebx: 103698432 registers.esi: 58128144 registers.ecx: 256	1

Allocates read-write-execute memory (usually to unpack itself) (5 events)

Time & API	Arguments	Status
NtProtectVirtualMemory July 28, 2023, 2:05 p.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73272000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 28, 2023, 2:05 p.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10004000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 28, 2023, 2:05 p.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10004000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 28, 2023, 2:06 p.m.	process_identifier: 2564 region_size: 61046784 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03ce0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 28, 2023, 2:06 p.m.	process_identifier: 1452 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000004760000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1

Creates executable files on the filesystem (5 events)

file	C:\Users\test22\AppData\Local\Temp\nsvF156.tmp\nsExec.dll
file	C:\Users\test22\AppData\Local\gasrrledningers\mellemkrigstiders\Forebyggelsesindgreb\Microsoft.Win32.Primitives.dll
file	C:\Users\test22\AppData\Local\gasrrledningers\mellemkrigstiders\Forebyggelsesindgreb\Rhinoscopic\Medlemsblade12\Scudded100\Spada171\System.Runtime.Extensions.dll
file	C:\Users\test22\AppData\Local\Temp\nsvF156.tmp\System.dll
file	C:\Users\test22\Documents\rustful.lnk

Creates a shortcut to an executable file (1 event)

file	C:\Users\test22\Documents\rustful.lnk

Creates a suspicious process (45 events)

cmdline	cmd.exe /c set /a "216^177"
cmdline	cmd.exe /c set /a "198^177"
cmdline	cmd.exe /c set /a "201^177"
cmdline	cmd.exe /c set /a "159^177"
cmdline	cmd.exe /c set /a "131^177"
cmdline	cmd.exe /c set /a "210^177"
cmdline	cmd.exe /c set /a "152^177"
cmdline	cmd.exe /c set /a "208^177"
cmdline	cmd.exe /c set /a "221^177"
cmdline	cmd.exe /c set /a "226^177"
cmdline	cmd.exe /c set /a "128^177"
cmdline	cmd.exe /c set /a "137^177"
cmdline	cmd.exe /c set /a "194^177"
cmdline	cmd.exe /c set /a "230^177"
cmdline	cmd.exe /c set /a "196^177"
cmdline	cmd.exe /c set /a "195^177"
cmdline	cmd.exe /c set /a "145^177"
cmdline	cmd.exe /c set /a "132^177"
cmdline	cmd.exe /c set /a "247^177"
cmdline	cmd.exe /c set /a "253^177"
cmdline	cmd.exe /c set /a "130^177"
cmdline	cmd.exe /c set /a "133^177"
cmdline	cmd.exe /c set /a "139^177"
cmdline	cmd.exe /c set /a "212^177"
cmdline	cmd.exe /c set /a "255^177"
cmdline	cmd.exe /c set /a "135^177"
cmdline	cmd.exe /c set /a "141^177"
cmdline	cmd.exe /c set /a "129^177"
cmdline	cmd.exe /c set /a "250^177"
cmdline	cmd.exe /c set /a "155^177"
cmdline	cmd.exe /c set /a "220^177"
cmdline	cmd.exe /c set /a "153^177"
cmdline	cmd.exe /c set /a "227^177"
cmdline	cmd.exe /c set /a "157^177"
cmdline	cmd.exe /c set /a "244^177"
cmdline	cmd.exe /c set /a "134^177"
cmdline	cmd.exe /c set /a "225^177"
cmdline	cmd.exe /c set /a "242^177"
cmdline	cmd.exe /c set /a "231^177"
cmdline	cmd.exe /c set /a "222^177"
cmdline	cmd.exe /c set /a "223^177"
cmdline	cmd.exe /c set /a "213^177"
cmdline	cmd.exe /c set /a "197^177"
cmdline	cmd.exe /c set /a "240^177"
cmdline	cmd.exe /c set /a "193^177"

Drops an executable to the user AppData folder (4 events)

file	C:\Users\test22\AppData\Local\Temp\nsvF156.tmp\System.dll
file	C:\Users\test22\AppData\Local\gasrrledningers\mellemkrigstiders\Forebyggelsesindgreb\Timbery\folderviewimpl.dll.mui
file	C:\Users\test22\AppData\Local\Temp\nsvF156.tmp\nsExec.dll
file	C:\Users\test22\AppData\Local\gasrrledningers\mellemkrigstiders\Forebyggelsesindgreb\Rhinoscopic\Medlemsblade12\Scudded100\Spada171\System.Runtime.Extensions.dll

Queries for potentially installed applications (5 events)

Time & API	Arguments	Return
RegOpenKeyExA July 28, 2023, 2:05 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Apotekerbevillinger\Buffoaries38\knogle base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Apotekerbevillinger\Buffoaries38\knogle	2
RegOpenKeyExA July 28, 2023, 2:06 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Apotekerbevillinger\Buffoaries38\knogle base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Apotekerbevillinger\Buffoaries38\knogle	2
RegOpenKeyExA July 28, 2023, 2:06 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Apotekerbevillinger\Buffoaries38\knogle base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Apotekerbevillinger\Buffoaries38\knogle	2
RegOpenKeyExA July 28, 2023, 2:06 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Apotekerbevillinger\Buffoaries38\knogle base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Apotekerbevillinger\Buffoaries38\knogle	2
RegOpenKeyExA July 28, 2023, 2:06 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Apotekerbevillinger\Buffoaries38\knogle base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Apotekerbevillinger\Buffoaries38\knogle	2

File has been identified by 31 AntiVirus engines on VirusTotal as malicious (31 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Makoob.4!c
Elastic	malicious (high confidence)
Cylance	unsafe
Sangfor	Trojan.Win32.Injector.Vsln
CrowdStrike	win/grayware_confidence_60% (W)
K7GW	Trojan ( 005a917b1 )
K7AntiVirus	Trojan ( 005a917b1 )
Cyren	W32/Injector.IMUB-5386
Symantec	Trojan.Gen.MBT
ESET-NOD32	NSIS/Injector.BZO
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Makoob.gen
Avast	FileRepMalware [Inj]
McAfee-GW-Edition	BehavesLike.Win32.Vopak.cc
Trapmine	suspicious.low.ml.score
FireEye	Generic.mg.c12fbddc2c7ae2eb
Sophos	Mal/Generic-S
Ikarus	Trojan.NSIS.Agent
ZoneAlarm	HEUR:Trojan.Win32.Makoob.gen
Microsoft	Trojan:Win32/Wacatac.B!ml
Google	Detected
McAfee	Artemis!C12FBDDC2C7A
Malwarebytes	Neshta.Virus.FileInfector.DDS
Tencent	Win32.Trojan.Makoob.Rimw
SentinelOne	Static AI - Suspicious PE
Fortinet	NSIS/Injector.ECMD!tr
AVG	FileRepMalware [Inj]
Cybereason	malicious.3f0327
DeepInstinct	MALICIOUS

vbc.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All