Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	July 30, 2023, 8:50 a.m.	July 30, 2023, 9:02 a.m.

Size	181.1KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`665f93abbe5d9241c9b8146e85aacaa1`
SHA256	`54cafdf8da41670e57c16daae615b7109e4c475de30ee61e84e270efe7ada372`
CRC32	`E2EA7CAE`
ssdeep	`3072:nwDijpS4DbYcr8buK4WCGyZPm4zkEQ7ybA9j30+TXDH6dlUa1gYIJ3yY7o1emkY1:nFPeu8CdmotWyb6j3x6gz3y0We2`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

ChromeSetup.exe "C:\Users\test22\AppData\Local\Temp\ChromeSetup.exe"
652
- cmd.exe cmd.exe /c set /a "250^177"
  2168
- cmd.exe cmd.exe /c set /a "244^177"
  2232
- cmd.exe cmd.exe /c set /a "227^177"
  2332
- cmd.exe cmd.exe /c set /a "255^177"
  2392
- cmd.exe cmd.exe /c set /a "244^177"
  2452
- cmd.exe cmd.exe /c set /a "253^177"
  2512
- cmd.exe cmd.exe /c set /a "130^177"
  2572
- cmd.exe cmd.exe /c set /a "131^177"
  2632
- cmd.exe cmd.exe /c set /a "139^177"
  2692
- cmd.exe cmd.exe /c set /a "139^177"
  2756
- cmd.exe cmd.exe /c set /a "242^177"
  2816
- cmd.exe cmd.exe /c set /a "195^177"
  2876
- cmd.exe cmd.exe /c set /a "212^177"
  2936
- cmd.exe cmd.exe /c set /a "208^177"
  2996
- cmd.exe cmd.exe /c set /a "197^177"
  3056
- cmd.exe cmd.exe /c set /a "212^177"
  2088
- cmd.exe cmd.exe /c set /a "247^177"
  2216
- cmd.exe cmd.exe /c set /a "216^177"
  2360
- cmd.exe cmd.exe /c set /a "221^177"
  2420
- cmd.exe cmd.exe /c set /a "212^177"
  2508
- cmd.exe cmd.exe /c set /a "240^177"
  2588
- cmd.exe cmd.exe /c set /a "153^177"
  2664
- cmd.exe cmd.exe /c set /a "220^177"
  2752
- cmd.exe cmd.exe /c set /a "145^177"
  2792
- cmd.exe cmd.exe /c set /a "195^177"
  2888
- cmd.exe cmd.exe /c set /a "133^177"
  2992
- cmd.exe cmd.exe /c set /a "145^177"
  3000
- cmd.exe cmd.exe /c set /a "157^177"
  2184
- cmd.exe cmd.exe /c set /a "145^177"
  880
- cmd.exe cmd.exe /c set /a "216^177"
  2448
- cmd.exe cmd.exe /c set /a "145^177"
  2544
- cmd.exe cmd.exe /c set /a "129^177"
  2668
- cmd.exe cmd.exe /c set /a "201^177"
  2892
- cmd.exe cmd.exe /c set /a "137^177"
  3016
- cmd.exe cmd.exe /c set /a "129^177"
  508
- cmd.exe cmd.exe /c set /a "129^177"
  2568
- cmd.exe cmd.exe /c set /a "129^177"
  2832
- cmd.exe cmd.exe /c set /a "129^177"
  3024
- cmd.exe cmd.exe /c set /a "129^177"
  2328
- cmd.exe cmd.exe /c set /a "129^177"
  2932
- cmd.exe cmd.exe /c set /a "129^177"
  2468
- cmd.exe cmd.exe /c set /a "157^177"
  2604
- cmd.exe cmd.exe /c set /a "145^177"
  2800
- cmd.exe cmd.exe /c set /a "216^177"
  2560
- cmd.exe cmd.exe /c set /a "145^177"
  2760
- cmd.exe cmd.exe /c set /a "129^177"
  2080
- cmd.exe cmd.exe /c set /a "157^177"
  3092
- cmd.exe cmd.exe /c set /a "145^177"
  3152
- cmd.exe cmd.exe /c set /a "193^177"
  3216
- cmd.exe cmd.exe /c set /a "145^177"
  3276
- cmd.exe cmd.exe /c set /a "129^177"
  3336
- cmd.exe cmd.exe /c set /a "157^177"
  3396
- cmd.exe cmd.exe /c set /a "145^177"
  3456
- cmd.exe cmd.exe /c set /a "216^177"
  3516
- cmd.exe cmd.exe /c set /a "145^177"
  3576
- cmd.exe cmd.exe /c set /a "133^177"
  3636
- cmd.exe cmd.exe /c set /a "157^177"
  3696
- cmd.exe cmd.exe /c set /a "145^177"
  3756
- cmd.exe cmd.exe /c set /a "216^177"
  3816
- cmd.exe cmd.exe /c set /a "145^177"
  3876
- cmd.exe cmd.exe /c set /a "129^177"
  3936
- cmd.exe cmd.exe /c set /a "201^177"
  3996
- cmd.exe cmd.exe /c set /a "137^177"
  4056
- cmd.exe cmd.exe /c set /a "129^177"
  3052
- cmd.exe cmd.exe /c set /a "157^177"
  1800
- cmd.exe cmd.exe /c set /a "145^177"
  3200
- cmd.exe cmd.exe /c set /a "216^177"
  3296
- cmd.exe cmd.exe /c set /a "145^177"
  3384
- cmd.exe cmd.exe /c set /a "129^177"
  3472
- cmd.exe cmd.exe /c set /a "152^177"
  3548
- cmd.exe cmd.exe /c set /a "216^177"
  3624
- cmd.exe cmd.exe /c set /a "159^177"
  1228
- cmd.exe cmd.exe /c set /a "195^177"
  3772
- cmd.exe cmd.exe /c set /a "132^177"
  3844
- cmd.exe cmd.exe /c set /a "141^177"
  300
- cmd.exe cmd.exe /c set /a "250^177"
  3952
- cmd.exe cmd.exe /c set /a "244^177"
  4024
- cmd.exe cmd.exe /c set /a "227^177"
  3080
- cmd.exe cmd.exe /c set /a "255^177"
  1552
- cmd.exe cmd.exe /c set /a "244^177"
  3272
- cmd.exe cmd.exe /c set /a "253^177"
  3280
- cmd.exe cmd.exe /c set /a "130^177"
  3496
- cmd.exe cmd.exe /c set /a "131^177"
  3604
- cmd.exe cmd.exe /c set /a "139^177"
  3668
- cmd.exe cmd.exe /c set /a "139^177"
  3800
- cmd.exe cmd.exe /c set /a "231^177"
  2056
- cmd.exe cmd.exe /c set /a "216^177"
  4044
- cmd.exe cmd.exe /c set /a "195^177"
  3096
- cmd.exe cmd.exe /c set /a "197^177"
  3184
- cmd.exe cmd.exe /c set /a "196^177"
  3400
- cmd.exe cmd.exe /c set /a "208^177"
  3492
- cmd.exe cmd.exe /c set /a "221^177"
  3632
- cmd.exe cmd.exe /c set /a "240^177"
  3716
- cmd.exe cmd.exe /c set /a "221^177"
  2304
- cmd.exe cmd.exe /c set /a "221^177"
  4072
- cmd.exe cmd.exe /c set /a "222^177"
  3196
- cmd.exe cmd.exe /c set /a "210^177"
  1200
- cmd.exe cmd.exe /c set /a "153^177"
  3664
- cmd.exe cmd.exe /c set /a "216^177"
  3692
- cmd.exe cmd.exe /c set /a "145^177"
  4028
- cmd.exe cmd.exe /c set /a "129^177"
  3248
- cmd.exe cmd.exe /c set /a "157^177"
  3288
- cmd.exe cmd.exe /c set /a "216^177"
  3740
- cmd.exe cmd.exe /c set /a "145^177"
  2912
- cmd.exe cmd.exe /c set /a "137^177"
  3428
- cmd.exe cmd.exe /c set /a "131^177"
  3476
- cmd.exe cmd.exe /c set /a "133^177"
  3908
- cmd.exe cmd.exe /c set /a "128^177"
  3612
- cmd.exe cmd.exe /c set /a "128^177"
  3848
- cmd.exe cmd.exe /c set /a "132^177"
  3572
- cmd.exe cmd.exe /c set /a "131^177"
  4036
- cmd.exe cmd.exe /c set /a "129^177"
  3672
- cmd.exe cmd.exe /c set /a "157^177"
  3188
- cmd.exe cmd.exe /c set /a "145^177"
  4104
- cmd.exe cmd.exe /c set /a "216^177"
  4164
- cmd.exe cmd.exe /c set /a "145^177"
  4224
- cmd.exe cmd.exe /c set /a "129^177"
  4284
- cmd.exe cmd.exe /c set /a "201^177"
  4344
- cmd.exe cmd.exe /c set /a "130^177"
  4404
- cmd.exe cmd.exe /c set /a "129^177"
  4464
- cmd.exe cmd.exe /c set /a "129^177"
  4524
- cmd.exe cmd.exe /c set /a "129^177"
  4584
- cmd.exe cmd.exe /c set /a "157^177"
  4644
- cmd.exe cmd.exe /c set /a "145^177"
  4704
- cmd.exe cmd.exe /c set /a "216^177"
  4764
- cmd.exe cmd.exe /c set /a "145^177"
  4824
- cmd.exe cmd.exe /c set /a "129^177"
  4884
- cmd.exe cmd.exe /c set /a "201^177"
  4944
- cmd.exe cmd.exe /c set /a "133^177"
  5004
- cmd.exe cmd.exe /c set /a "129^177"
  5064
- cmd.exe cmd.exe /c set /a "152^177"
  4100
- cmd.exe cmd.exe /c set /a "193^177"
  4180
- cmd.exe cmd.exe /c set /a "159^177"
  4252
- cmd.exe cmd.exe /c set /a "195^177"
  4328
- cmd.exe cmd.exe /c set /a "128^177"
  4420
- cmd.exe cmd.exe /c set /a "141^177"
  4504
- cmd.exe cmd.exe /c set /a "250^177"
  4560
- cmd.exe cmd.exe /c set /a "244^177"
  4656
- cmd.exe cmd.exe /c set /a "227^177"
  4752
- cmd.exe cmd.exe /c set /a "255^177"
  4768
- cmd.exe cmd.exe /c set /a "244^177"
  4916
- cmd.exe cmd.exe /c set /a "253^177"
  4992
- cmd.exe cmd.exe /c set /a "130^177"
  5084
- cmd.exe cmd.exe /c set /a "131^177"
  4136
- cmd.exe cmd.exe /c set /a "139^177"
  4244
- cmd.exe cmd.exe /c set /a "139^177"
  4360
- cmd.exe cmd.exe /c set /a "226^177"
  4476
- cmd.exe cmd.exe /c set /a "212^177"
  4596
- cmd.exe cmd.exe /c set /a "197^177"
  4648
- cmd.exe cmd.exe /c set /a "247^177"
  4812
- cmd.exe cmd.exe /c set /a "216^177"
  4940
- cmd.exe cmd.exe /c set /a "221^177"
  5060
- cmd.exe cmd.exe /c set /a "212^177"
  4124
- cmd.exe cmd.exe /c set /a "225^177"
  4272
- cmd.exe cmd.exe /c set /a "222^177"
  4388
- cmd.exe cmd.exe /c set /a "216^177"
  4568
- cmd.exe cmd.exe /c set /a "223^177"
  4672
- cmd.exe cmd.exe /c set /a "197^177"
  3992
- cmd.exe cmd.exe /c set /a "212^177"
  4956
- cmd.exe cmd.exe /c set /a "195^177"
  5092
- cmd.exe cmd.exe /c set /a "153^177"
  4208
- cmd.exe cmd.exe /c set /a "216^177"
  4364
- cmd.exe cmd.exe /c set /a "145^177"
  4588
- cmd.exe cmd.exe /c set /a "195^177"
  3940
- cmd.exe cmd.exe /c set /a "132^177"
  4972
- cmd.exe cmd.exe /c set /a "157^177"
  4192
- cmd.exe cmd.exe /c set /a "145^177"
  4220
- cmd.exe cmd.exe /c set /a "216^177"
  4716
- cmd.exe cmd.exe /c set /a "145^177"
  3968
- cmd.exe cmd.exe /c set /a "135^177"
  4960
- cmd.exe cmd.exe /c set /a "134^177"
  4624
- cmd.exe cmd.exe /c set /a "134^177"
  4904
- cmd.exe cmd.exe /c set /a "145^177"
  5044
- cmd.exe cmd.exe /c set /a "157^177"
  4740
- cmd.exe cmd.exe /c set /a "145^177"
  5020
- cmd.exe cmd.exe /c set /a "216^177"
  4340
- cmd.exe cmd.exe /c set /a "145^177"
  4452
- cmd.exe cmd.exe /c set /a "129^177"
  4424
- cmd.exe cmd.exe /c set /a "157^177"
  5140
- cmd.exe cmd.exe /c set /a "216^177"
  5200
- cmd.exe cmd.exe /c set /a "145^177"
  5260
- cmd.exe cmd.exe /c set /a "129^177"
  5320
- cmd.exe cmd.exe /c set /a "152^177"
  5380
- cmd.exe cmd.exe /c set /a "216^177"
  5440
- cmd.exe cmd.exe /c set /a "159^177"
  5500
- cmd.exe cmd.exe /c set /a "195^177"
  5560
- cmd.exe cmd.exe /c set /a "130^177"
  5620
- cmd.exe cmd.exe /c set /a "141^177"
  5680
- cmd.exe cmd.exe /c set /a "250^177"
  5740
- cmd.exe cmd.exe /c set /a "244^177"
  5800
- cmd.exe cmd.exe /c set /a "227^177"
  5860
- cmd.exe cmd.exe /c set /a "255^177"
  5920
- cmd.exe cmd.exe /c set /a "244^177"
  5980
- cmd.exe cmd.exe /c set /a "253^177"
  6040
- cmd.exe cmd.exe /c set /a "130^177"
  6100
- cmd.exe cmd.exe /c set /a "131^177"
  5052
- cmd.exe cmd.exe /c set /a "139^177"
  5220
- cmd.exe cmd.exe /c set /a "139^177"
  3376
- cmd.exe cmd.exe /c set /a "227^177"
  5356
- cmd.exe cmd.exe /c set /a "212^177"
  5460
- cmd.exe cmd.exe /c set /a "208^177"
  5548
- cmd.exe cmd.exe /c set /a "213^177"
  5564
- cmd.exe cmd.exe /c set /a "247^177"
  5708
- cmd.exe cmd.exe /c set /a "216^177"
  5796
- cmd.exe cmd.exe /c set /a "221^177"
  5876
- cmd.exe cmd.exe /c set /a "212^177"
  5952
- cmd.exe cmd.exe /c set /a "153^177"
  6024
- cmd.exe cmd.exe /c set /a "216^177"
  6112
- cmd.exe cmd.exe /c set /a "145^177"
  5184
- cmd.exe cmd.exe /c set /a "195^177"
  5276
- cmd.exe cmd.exe /c set /a "132^177"
  5392
- cmd.exe cmd.exe /c set /a "157^177"
  5528
- cmd.exe cmd.exe /c set /a "145^177"
  5556
- cmd.exe cmd.exe /c set /a "216^177"
  5684
- cmd.exe cmd.exe /c set /a "145^177"
  5804
- cmd.exe cmd.exe /c set /a "195^177"
  5976
- cmd.exe cmd.exe /c set /a "128^177"
  6080
- cmd.exe cmd.exe /c set /a "157^177"
  5152
- cmd.exe cmd.exe /c set /a "145^177"
  5304
- cmd.exe cmd.exe /c set /a "216^177"
  5480
- cmd.exe cmd.exe /c set /a "145^177"
  5588
- cmd.exe cmd.exe /c set /a "137^177"
  5768
- cmd.exe cmd.exe /c set /a "131^177"
  5936
- cmd.exe cmd.exe /c set /a "133^177"
  5964
- cmd.exe cmd.exe /c set /a "128^177"
  5256
- cmd.exe cmd.exe /c set /a "128^177"
  5324
- cmd.exe cmd.exe /c set /a "132^177"
  5676
- cmd.exe cmd.exe /c set /a "131^177"
  5756
- cmd.exe cmd.exe /c set /a "129^177"
  6056
- cmd.exe cmd.exe /c set /a "157^177"
  5236
- cmd.exe cmd.exe /c set /a "155^177"
  5596
- cmd.exe cmd.exe /c set /a "216^177"
  5724
- cmd.exe cmd.exe /c set /a "145^177"
  6132
- cmd.exe cmd.exe /c set /a "129^177"
  5360
- cmd.exe cmd.exe /c set /a "157^177"
  5624
- cmd.exe cmd.exe /c set /a "145^177"
  6000
- cmd.exe cmd.exe /c set /a "216^177"
  6096
- cmd.exe cmd.exe /c set /a "145^177"
  5540
- cmd.exe cmd.exe /c set /a "129^177"
  1012
- cmd.exe cmd.exe /c set /a "152^177"
  5616
- cmd.exe cmd.exe /c set /a "216^177"
  5652
- cmd.exe cmd.exe /c set /a "159^177"
  5636
- cmd.exe cmd.exe /c set /a "195^177"
  724
- cmd.exe cmd.exe /c set /a "130^177"
  1172
- cmd.exe cmd.exe /c set /a "141^177"
  4500
- cmd.exe cmd.exe /c set /a "196^177"
  4776
- cmd.exe cmd.exe /c set /a "194^177"
  5264
- cmd.exe cmd.exe /c set /a "212^177"
  1480
- cmd.exe cmd.exe /c set /a "195^177"
  5488
- cmd.exe cmd.exe /c set /a "130^177"
  904
- cmd.exe cmd.exe /c set /a "131^177"
  1096
- cmd.exe cmd.exe /c set /a "139^177"
  1152
- cmd.exe cmd.exe /c set /a "139^177"
  792
- cmd.exe cmd.exe /c set /a "242^177"
  6164
- cmd.exe cmd.exe /c set /a "208^177"
  6224
- cmd.exe cmd.exe /c set /a "221^177"
  6284
- cmd.exe cmd.exe /c set /a "221^177"
  6348
- cmd.exe cmd.exe /c set /a "230^177"
  6408
- cmd.exe cmd.exe /c set /a "216^177"
  6468
- cmd.exe cmd.exe /c set /a "223^177"
  6528
- cmd.exe cmd.exe /c set /a "213^177"
  6588
- cmd.exe cmd.exe /c set /a "222^177"
  6648
- cmd.exe cmd.exe /c set /a "198^177"
  6708
- cmd.exe cmd.exe /c set /a "225^177"
  6768
- cmd.exe cmd.exe /c set /a "195^177"
  6828
- cmd.exe cmd.exe /c set /a "222^177"
  6932
- cmd.exe cmd.exe /c set /a "210^177"
  7000
- cmd.exe cmd.exe /c set /a "240^177"
  7060
- cmd.exe cmd.exe /c set /a "153^177"
  7120
- cmd.exe cmd.exe /c set /a "216^177"
  6148
- cmd.exe cmd.exe /c set /a "145^177"
  6236
- cmd.exe cmd.exe /c set /a "195^177"
  6328
- cmd.exe cmd.exe /c set /a "128^177"
  6392
- cmd.exe cmd.exe /c set /a "145^177"
  6480
- cmd.exe cmd.exe /c set /a "157^177"
  6556
- cmd.exe cmd.exe /c set /a "216^177"
  6644
- cmd.exe cmd.exe /c set /a "145^177"
  6696
- cmd.exe cmd.exe /c set /a "129^177"
  6780
- cmd.exe cmd.exe /c set /a "157^177"
  6868
- cmd.exe cmd.exe /c set /a "216^177"
  6980
- cmd.exe cmd.exe /c set /a "145^177"
  7080
- cmd.exe cmd.exe /c set /a "129^177"
  7148
- cmd.exe cmd.exe /c set /a "157^177"
  6212
- cmd.exe cmd.exe /c set /a "145^177"
  6336
- cmd.exe cmd.exe /c set /a "216^177"
  6452
- cmd.exe cmd.exe /c set /a "145^177"
  6472
- cmd.exe cmd.exe /c set /a "129^177"
  6592
- cmd.exe cmd.exe /c set /a "157^177"
  6784
- cmd.exe cmd.exe /c set /a "145^177"
  6900
- cmd.exe cmd.exe /c set /a "216^177"
  7028
- cmd.exe cmd.exe /c set /a "145^177"
  7140
- cmd.exe cmd.exe /c set /a "129^177"
  6252
- cmd.exe cmd.exe /c set /a "152^177"
  6420
- cmd.exe cmd.exe /c set /a "141^177"
  6544
explorer.exe C:\Windows\Explorer.EXE
1236

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 30, 2023, 8:50 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 47395 events)

Time & API	Arguments	Status
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 79 08 06 14 6e 1a 5f 14 4d a8 0d 00 38 cb 59 eb exception.instruction: jns 0x772fc20 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x772fc16 registers.esp: 53409564 registers.edi: 113852 registers.eax: 5418432 registers.ebp: 53409580 registers.edx: 124923904 registers.ebx: 256 registers.esi: 2005865610 registers.ecx: 53409560	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 19 6c 1f 2e dd 04 d0 3d 61 b3 37 72 59 4e 1b exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x772fc77 registers.esp: 53409536 registers.edi: 113852 registers.eax: 5418432 registers.ebp: 53409580 registers.edx: 124923904 registers.ebx: 124923904 registers.esi: 209347710 registers.ecx: 124926427	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 30 04 cb 40 72 79 09 b3 bc 22 c5 7d 00 58 81 exception.instruction: mov dword ptr [eax], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x772fc9f registers.esp: 53409532 registers.edi: 113852 registers.eax: 27126 registers.ebp: 53409580 registers.edx: 124923904 registers.ebx: 124923904 registers.esi: 209347710 registers.ecx: 124926427	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 05 38 98 36 2c 29 04 87 92 c7 92 43 1f 23 81 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x772fcb4 registers.esp: 53409536 registers.edi: 113852 registers.eax: 5418432 registers.ebp: 53409580 registers.edx: 124923904 registers.ebx: 124923904 registers.esi: 1375959475 registers.ecx: 124926427	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 79 05 03 7b 4d 0c 9b 86 00 38 e6 59 80 fc d7 58 exception.instruction: jns 0x772fcea exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x772fce3 registers.esp: 53409524 registers.edi: 113852 registers.eax: 256 registers.ebp: 53409580 registers.edx: 124923904 registers.ebx: 124923904 registers.esi: 7077988 registers.ecx: 53409520	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 1b 19 ca 5e de 95 1f ae cc c1 18 79 6c c7 91 exception.instruction: mov dword ptr [ebx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x772fd1c registers.esp: 53409528 registers.edi: 113852 registers.eax: 5418432 registers.ebp: 53409580 registers.edx: 124923904 registers.ebx: 61854 registers.esi: 3932045690 registers.ecx: 124926427	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 03 75 ef 5d 38 77 0a 65 56 8b b5 0d 02 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x772fd3c registers.esp: 53409532 registers.edi: 113852 registers.eax: 5418432 registers.ebp: 53409580 registers.edx: 124923904 registers.ebx: 124923904 registers.esi: 7602286 registers.ecx: 124926427	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 1f 01 b5 b9 5a 00 de e4 eb 4b 57 02 95 4f 66 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x772fd76 registers.esp: 53409528 registers.edi: 113852 registers.eax: 2005662384 registers.ebp: 53409580 registers.edx: 2005623258 registers.ebx: 43967829 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 02 9a c6 c7 2a 9f 05 57 bf a2 fa 0b 8e 81 f7 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x772fda4 registers.esp: 53409536 registers.edi: 113852 registers.eax: 2005662384 registers.ebp: 53409580 registers.edx: 2005623258 registers.ebx: 43967829 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 07 19 5f 39 c6 a2 bb 07 f0 23 99 29 40 7f 01 exception.instruction: mov dword ptr [edi], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x772fdc4 registers.esp: 53409532 registers.edi: 33576 registers.eax: 2005662384 registers.ebp: 53409580 registers.edx: 2005623258 registers.ebx: 43967829 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 79 0b 05 1a 0e 22 fb 0e d3 74 56 5c a6 0b 00 85 exception.instruction: jns 0x772fe15 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x772fe08 registers.esp: 53409528 registers.edi: 113852 registers.eax: 2005662384 registers.ebp: 53409580 registers.edx: 2005623258 registers.ebx: 256 registers.esi: 2005865610 registers.ecx: 53409524	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 7a 02 0d 7e 2e c8 00 84 fd 5a 81 7d 74 57 4d 00 exception.instruction: jp 0x772fe48 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x772fe44 registers.esp: 53409524 registers.edi: 113852 registers.eax: 2005662384 registers.ebp: 53409580 registers.edx: 53409520 registers.ebx: 43967829 registers.esi: 256 registers.ecx: 182	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 7e 06 1c c3 2d b5 cf 69 0d 4a 03 e8 09 eb 95 42 exception.instruction: jle 0x772fe85 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x772fe7d registers.esp: 53409524 registers.edi: 113852 registers.eax: 53409520 registers.ebp: 53409580 registers.edx: 2005623258 registers.ebx: 43967829 registers.esi: 256 registers.ecx: 182	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 7f 08 07 86 e0 64 f2 4a b5 11 8b af 00 85 d1 59 exception.instruction: jg 0x772feda exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x772fed0 registers.esp: 53409524 registers.edi: 113852 registers.eax: 256 registers.ebp: 53409580 registers.edx: 2005623258 registers.ebx: 53409580 registers.esi: 2005865610 registers.ecx: 53409520	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 00 cd 03 62 e2 2e cf 49 28 01 c3 8b 85 96 01 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x772fefe registers.esp: 53409532 registers.edi: 113852 registers.eax: 324 registers.ebp: 53409580 registers.edx: 2005623258 registers.ebx: 53409580 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 30 05 ec 0f 9b c3 55 7b d3 24 e4 4d 11 00 58 exception.instruction: mov dword ptr [eax], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x772ff25 registers.esp: 53409528 registers.edi: 113852 registers.eax: 28883 registers.ebp: 53409580 registers.edx: 2005623258 registers.ebx: 53409904 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 00 77 66 af cb 2c a6 ee ff 89 d9 51 8b 8d a1 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x772ff3b registers.esp: 53409532 registers.edi: 113852 registers.eax: 2005662384 registers.ebp: 53409580 registers.edx: 2005623258 registers.ebx: 53409904 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 1f 92 be c0 22 6e 7e 3b df a5 eb a0 68 78 bd exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x772ff65 registers.esp: 53409528 registers.edi: 3791389167 registers.eax: 2005662384 registers.ebp: 53409580 registers.edx: 2005623258 registers.ebx: 53409904 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 07 1a bb ca 1d b7 59 ce 15 cd fc 0d da 1b 00 exception.instruction: mov dword ptr [edi], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x772ff98 registers.esp: 53409524 registers.edi: 15552 registers.eax: 2005662384 registers.ebp: 53409580 registers.edx: 2005623258 registers.ebx: 53409904 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 37 05 1f e6 0f 2b d7 67 e6 77 36 f5 2b 00 5f exception.instruction: mov dword ptr [edi], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x772ffbc registers.esp: 53409520 registers.edi: 53680 registers.eax: 2005662384 registers.ebp: 53409580 registers.edx: 2005623258 registers.ebx: 53409904 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 17 1a 77 f8 53 72 72 ef 6a a8 06 b1 04 64 00 exception.instruction: mov dword ptr [edi], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7730008 registers.esp: 53409520 registers.edi: 12542 registers.eax: 2005662384 registers.ebp: 53409580 registers.edx: 2005623258 registers.ebx: 53409904 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 0f 1a 27 e6 8a 9c 72 98 46 98 3c fa 61 39 00 exception.instruction: mov dword ptr [edi], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7730067 registers.esp: 53409520 registers.edi: 260 registers.eax: 2005662384 registers.ebp: 53409580 registers.edx: 2005623258 registers.ebx: 53409908 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 72 0a 07 eb eb 9d 9f 23 1a 2b 2e 81 00 85 cb 5b exception.instruction: jb 0x77300a0 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x7730094 registers.esp: 53409516 registers.edi: 256 registers.eax: 2005662384 registers.ebp: 53409580 registers.edx: 2005623258 registers.ebx: 53409512 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 73 05 00 99 ba 8e cf c7 76 00 f7 c3 7e 00 ee 46 exception.instruction: jae 0x77300f6 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x77300ef registers.esp: 53409512 registers.edi: 53409508 registers.eax: 2005662384 registers.ebp: 53409580 registers.edx: 2156784167 registers.ebx: 256 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 7c 03 0c 8f d7 00 39 cb 58 66 f7 c7 45 fb 5a 8b exception.instruction: jl 0x7730132 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x773012d registers.esp: 53409508 registers.edi: 113852 registers.eax: 53409504 registers.ebp: 53409580 registers.edx: 256 registers.ebx: 53409908 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 02 19 c7 f9 32 a4 3f 24 28 9c 44 09 16 e8 15 exception.instruction: mov dword ptr [edx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7730160 registers.esp: 53409512 registers.edi: 113852 registers.eax: 2005662384 registers.ebp: 53409580 registers.edx: 28490 registers.ebx: 53409908 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 3e 1f 7c 0d 58 67 4e 65 6a c6 01 64 f0 01 e1 exception.instruction: mov dword ptr [esi], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7730186 registers.esp: 53409512 registers.edi: 113852 registers.eax: 2005662384 registers.ebp: 53409580 registers.edx: 2005623258 registers.ebx: 53409908 registers.esi: 7583 registers.ecx: 182	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 31 03 cf 38 4b e9 c9 00 59 e8 37 e7 00 00 50 exception.instruction: mov dword ptr [ecx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x77301af registers.esp: 53409508 registers.edi: 113852 registers.eax: 2005662384 registers.ebp: 53409580 registers.edx: 2005623258 registers.ebx: 53409908 registers.esi: 2005865610 registers.ecx: 11152	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 72 0d 1a 01 7e 80 6c ab d8 be f1 96 bc 02 a7 00 exception.instruction: jb 0x77301e7 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x77301d8 registers.esp: 53409532 registers.edi: 113852 registers.eax: 256 registers.ebp: 53409580 registers.edx: 124923904 registers.ebx: 124923904 registers.esi: 53409528 registers.ecx: 124977598	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 7b 02 1f d4 15 5b 18 10 80 2f bd ad d1 03 bf a7 exception.instruction: jnp 0x7730221 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x773021d registers.esp: 53409532 registers.edi: 113852 registers.eax: 0 registers.ebp: 53409580 registers.edx: 124923904 registers.ebx: 53409528 registers.esi: 2005865610 registers.ecx: 256	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 02 7d 0e cf 43 81 d1 61 83 bd 60 01 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x7730239 registers.esp: 53409540 registers.edi: 113852 registers.eax: 0 registers.ebp: 53409580 registers.edx: 124923904 registers.ebx: 124923904 registers.esi: 2005865610 registers.ecx: 124977598	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 1a 03 81 33 6b 6f c5 00 5a 35 65 a6 0b 83 52 exception.instruction: mov dword ptr [edx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7730266 registers.esp: 53409568 registers.edi: 113852 registers.eax: 577601669 registers.ebp: 53409580 registers.edx: 29159 registers.ebx: 124923904 registers.esi: 2005865610 registers.ecx: 124926427	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 12 18 e5 0a 87 80 aa 5f 8b f5 79 31 2d b9 46 exception.instruction: mov dword ptr [edx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7730293 registers.esp: 53409568 registers.edi: 113852 registers.eax: 2707826400 registers.ebp: 53409580 registers.edx: 199 registers.ebx: 124923904 registers.esi: 2005865610 registers.ecx: 124926427	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 75 05 00 f0 a8 83 d3 b6 48 00 66 85 c9 59 66 85 exception.instruction: jne 0x77302ce exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x77302c7 registers.esp: 53409564 registers.edi: 113852 registers.eax: 2707826400 registers.ebp: 53409580 registers.edx: 124923904 registers.ebx: 124923904 registers.esi: 256 registers.ecx: 53409560	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 1b 8d 01 77 8e 03 60 29 0f 87 79 eb 34 92 5b exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x77302e3 registers.esp: 53409572 registers.edi: 113852 registers.eax: 0 registers.ebp: 53409580 registers.edx: 124923904 registers.ebx: 124923904 registers.esi: 2005865610 registers.ecx: 124926427	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 70 10 1c 11 6c 34 86 6c 79 01 3f d2 c5 9b db ad exception.instruction: jo 0x7730322 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x7730310 registers.esp: 53409564 registers.edi: 113852 registers.eax: 0 registers.ebp: 53409580 registers.edx: 53409560 registers.ebx: 124923904 registers.esi: 256 registers.ecx: 124926427	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 33 1f b7 96 ba c6 6f 88 4a 08 66 6e 51 e3 c9 exception.instruction: mov dword ptr [ebx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7730356 registers.esp: 53409568 registers.edi: 124926427 registers.eax: 0 registers.ebp: 53409580 registers.edx: 124923904 registers.ebx: 1686 registers.esi: 2005865610 registers.ecx: 124926427	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 1f 02 e2 d3 2f 5c 00 5f 05 be d6 82 06 2d ba exception.instruction: mov dword ptr [edi], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x773038b registers.esp: 53409564 registers.edi: 46333 registers.eax: 0 registers.ebp: 53409580 registers.edx: 124923904 registers.ebx: 124923904 registers.esi: 2005865610 registers.ecx: 124926427	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 71 02 00 59 68 52 f0 8c 68 00 66 85 c1 5e eb 26 exception.instruction: jno 0x77303f4 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x77303f0 registers.esp: 53409560 registers.edi: 1211174332 registers.eax: 4 registers.ebp: 53409580 registers.edx: 124923904 registers.ebx: 124923904 registers.esi: 53409556 registers.ecx: 256	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 02 1b 92 1c 71 17 30 62 a3 54 66 27 db 20 34 exception.instruction: mov dword ptr [edx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x773043f registers.esp: 53409564 registers.edi: 658247647 registers.eax: 4 registers.ebp: 53409580 registers.edx: 20122 registers.ebx: 124923904 registers.esi: 2005865610 registers.ecx: 38928388	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 07 be 1c ed 21 ce 78 27 5b bd d1 91 39 f8 8b exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x7730457 registers.esp: 53409568 registers.edi: 4003 registers.eax: 4 registers.ebp: 53409580 registers.edx: 124923904 registers.ebx: 124923904 registers.esi: 2005865610 registers.ecx: 38928388	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 1f 02 e2 d3 2f 5c 00 5f 05 be d6 82 06 2d ba exception.instruction: mov dword ptr [edi], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x773038b registers.esp: 53409564 registers.edi: 46333 registers.eax: 4 registers.ebp: 53409580 registers.edx: 124923904 registers.ebx: 124923904 registers.esi: 2005865610 registers.ecx: 38928388	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 71 02 00 59 68 52 f0 8c 68 00 66 85 c1 5e eb 26 exception.instruction: jno 0x77303f4 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x77303f0 registers.esp: 53409560 registers.edi: 1211174332 registers.eax: 8 registers.ebp: 53409580 registers.edx: 124923904 registers.ebx: 124923904 registers.esi: 53409556 registers.ecx: 256	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 02 1b 92 1c 71 17 30 62 a3 54 66 27 db 20 34 exception.instruction: mov dword ptr [edx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x773043f registers.esp: 53409564 registers.edi: 658247647 registers.eax: 8 registers.ebp: 53409580 registers.edx: 20122 registers.ebx: 124923904 registers.esi: 2005865610 registers.ecx: 38928392	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 07 be 1c ed 21 ce 78 27 5b bd d1 91 39 f8 8b exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x7730457 registers.esp: 53409568 registers.edi: 4003 registers.eax: 8 registers.ebp: 53409580 registers.edx: 124923904 registers.ebx: 124923904 registers.esi: 2005865610 registers.ecx: 38928392	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 1f 02 e2 d3 2f 5c 00 5f 05 be d6 82 06 2d ba exception.instruction: mov dword ptr [edi], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x773038b registers.esp: 53409564 registers.edi: 46333 registers.eax: 8 registers.ebp: 53409580 registers.edx: 124923904 registers.ebx: 124923904 registers.esi: 2005865610 registers.ecx: 38928392	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 71 02 00 59 68 52 f0 8c 68 00 66 85 c1 5e eb 26 exception.instruction: jno 0x77303f4 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x77303f0 registers.esp: 53409560 registers.edi: 1211174332 registers.eax: 12 registers.ebp: 53409580 registers.edx: 124923904 registers.ebx: 124923904 registers.esi: 53409556 registers.ecx: 256	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 02 1b 92 1c 71 17 30 62 a3 54 66 27 db 20 34 exception.instruction: mov dword ptr [edx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x773043f registers.esp: 53409564 registers.edi: 658247647 registers.eax: 12 registers.ebp: 53409580 registers.edx: 20122 registers.ebx: 124923904 registers.esi: 2005865610 registers.ecx: 38928396	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 07 be 1c ed 21 ce 78 27 5b bd d1 91 39 f8 8b exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x7730457 registers.esp: 53409568 registers.edi: 4003 registers.eax: 12 registers.ebp: 53409580 registers.edx: 124923904 registers.ebx: 124923904 registers.esi: 2005865610 registers.ecx: 38928396	1
__exception__ July 30, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 1f 02 e2 d3 2f 5c 00 5f 05 be d6 82 06 2d ba exception.instruction: mov dword ptr [edi], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x773038b registers.esp: 53409564 registers.edi: 46333 registers.eax: 12 registers.ebp: 53409580 registers.edx: 124923904 registers.ebx: 124923904 registers.esi: 2005865610 registers.ecx: 38928396	1

Allocates read-write-execute memory (usually to unpack itself) (5 events)

Time & API	Arguments	Status
NtProtectVirtualMemory July 30, 2023, 8:50 a.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10004000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 30, 2023, 8:50 a.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10004000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 30, 2023, 8:50 a.m.	process_identifier: 652 region_size: 82411520 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03360000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory July 30, 2023, 8:51 a.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 876544 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x778b0000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 30, 2023, 8:50 a.m.	process_identifier: 1236 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000049b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1

Creates executable files on the filesystem (5 events)

file	C:\Users\test22\AppData\Local\gasrrledningers\mellemkrigstiders\Forebyggelsesindgreb\Goethite\beethoven\System.Runtime.Extensions.dll
file	C:\Users\test22\AppData\Local\Temp\nsdC494.tmp\nsExec.dll
file	C:\Users\test22\AppData\Local\Temp\nsdC494.tmp\System.dll
file	C:\Users\test22\AppData\Local\gasrrledningers\mellemkrigstiders\Forebyggelsesindgreb\instrumentalises\Microsoft.Win32.Primitives.dll
file	C:\Users\test22\Documents\rustful.lnk

Creates a shortcut to an executable file (1 event)

file	C:\Users\test22\Documents\rustful.lnk

Creates a suspicious process (45 events)

cmdline	cmd.exe /c set /a "216^177"
cmdline	cmd.exe /c set /a "198^177"
cmdline	cmd.exe /c set /a "201^177"
cmdline	cmd.exe /c set /a "159^177"
cmdline	cmd.exe /c set /a "131^177"
cmdline	cmd.exe /c set /a "210^177"
cmdline	cmd.exe /c set /a "152^177"
cmdline	cmd.exe /c set /a "208^177"
cmdline	cmd.exe /c set /a "221^177"
cmdline	cmd.exe /c set /a "226^177"
cmdline	cmd.exe /c set /a "128^177"
cmdline	cmd.exe /c set /a "137^177"
cmdline	cmd.exe /c set /a "194^177"
cmdline	cmd.exe /c set /a "230^177"
cmdline	cmd.exe /c set /a "196^177"
cmdline	cmd.exe /c set /a "195^177"
cmdline	cmd.exe /c set /a "145^177"
cmdline	cmd.exe /c set /a "132^177"
cmdline	cmd.exe /c set /a "247^177"
cmdline	cmd.exe /c set /a "253^177"
cmdline	cmd.exe /c set /a "130^177"
cmdline	cmd.exe /c set /a "133^177"
cmdline	cmd.exe /c set /a "139^177"
cmdline	cmd.exe /c set /a "212^177"
cmdline	cmd.exe /c set /a "255^177"
cmdline	cmd.exe /c set /a "135^177"
cmdline	cmd.exe /c set /a "141^177"
cmdline	cmd.exe /c set /a "129^177"
cmdline	cmd.exe /c set /a "250^177"
cmdline	cmd.exe /c set /a "155^177"
cmdline	cmd.exe /c set /a "220^177"
cmdline	cmd.exe /c set /a "153^177"
cmdline	cmd.exe /c set /a "227^177"
cmdline	cmd.exe /c set /a "157^177"
cmdline	cmd.exe /c set /a "244^177"
cmdline	cmd.exe /c set /a "134^177"
cmdline	cmd.exe /c set /a "225^177"
cmdline	cmd.exe /c set /a "242^177"
cmdline	cmd.exe /c set /a "231^177"
cmdline	cmd.exe /c set /a "222^177"
cmdline	cmd.exe /c set /a "223^177"
cmdline	cmd.exe /c set /a "213^177"
cmdline	cmd.exe /c set /a "197^177"
cmdline	cmd.exe /c set /a "240^177"
cmdline	cmd.exe /c set /a "193^177"

Drops an executable to the user AppData folder (4 events)

file	C:\Users\test22\AppData\Local\Temp\nsdC494.tmp\System.dll
file	C:\Users\test22\AppData\Local\gasrrledningers\mellemkrigstiders\Forebyggelsesindgreb\Goethite\beethoven\folderviewimpl.dll.mui
file	C:\Users\test22\AppData\Local\Temp\nsdC494.tmp\nsExec.dll
file	C:\Users\test22\AppData\Local\gasrrledningers\mellemkrigstiders\Forebyggelsesindgreb\Goethite\beethoven\System.Runtime.Extensions.dll

Queries for potentially installed applications (5 events)

Time & API	Arguments	Return
RegOpenKeyExA July 30, 2023, 8:50 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Apotekerbevillinger\Buffoaries38\knogle base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Apotekerbevillinger\Buffoaries38\knogle	2
RegOpenKeyExA July 30, 2023, 8:50 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Apotekerbevillinger\Buffoaries38\knogle base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Apotekerbevillinger\Buffoaries38\knogle	2
RegOpenKeyExA July 30, 2023, 8:50 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Apotekerbevillinger\Buffoaries38\knogle base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Apotekerbevillinger\Buffoaries38\knogle	2
RegOpenKeyExA July 30, 2023, 8:51 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Apotekerbevillinger\Buffoaries38\knogle base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Apotekerbevillinger\Buffoaries38\knogle	2
RegOpenKeyExA July 30, 2023, 8:51 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Apotekerbevillinger\Buffoaries38\knogle base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Apotekerbevillinger\Buffoaries38\knogle	2

File has been identified by 48 AntiVirus engines on VirusTotal as malicious (48 events)

Bkav	W32.Common.572423BA
Lionic	Trojan.Win32.Makoob.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Tedy.405515
ALYac	Gen:Variant.Tedy.405515
Malwarebytes	Neshta.Virus.FileInfector.DDS
VIPRE	Gen:Variant.Tedy.405515
Sangfor	Trojan.Win32.Makoob.Vtzf
K7AntiVirus	Trojan ( 005a917b1 )
Alibaba	Trojan:Win32/Makoob.0014658a
K7GW	Trojan ( 005a917b1 )
Cybereason	malicious.cf0cc6
Arcabit	Trojan.Tedy.D6300B
VirIT	Trojan.Win32.GenusT.DOYF
Cyren	W32/Injector.IMUB-5386
Symantec	Trojan Horse
ESET-NOD32	NSIS/Injector.BZO
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Makoob.gen
BitDefender	Gen:Variant.Tedy.405515
Avast	Win32:Malware-gen
Tencent	Win32.Trojan.Makoob.Uwhl
Emsisoft	Gen:Variant.Tedy.405515 (B)
F-Secure	Trojan.TR/Injector.bhomo
TrendMicro	Trojan.Win32.GULOADER.YXDGZZ
McAfee-GW-Edition	BehavesLike.Win32.Generic.cc
Trapmine	suspicious.low.ml.score
FireEye	Generic.mg.665f93abbe5d9241
Sophos	Mal/Generic-S
SentinelOne	Static AI - Suspicious PE
Webroot	W32.Trojan.Gen
Avira	TR/Injector.bhomo
MAX	malware (ai score=83)
Gridinsoft	Ransom.Win32.Wacatac.cl
Xcitium	Malware@#yp86g2ajq6j8
Microsoft	Trojan:Win32/Casdet!rfn
ZoneAlarm	HEUR:Trojan.Win32.Makoob.gen
GData	Gen:Variant.Tedy.405515
Google	Detected
McAfee	RDN/Makoob
Cylance	unsafe
Panda	Trj/Chgt.AC
TrendMicro-HouseCall	Trojan.Win32.GULOADER.YXDGZZ
Ikarus	Trojan.NSIS.Agent
Fortinet	NSIS/Injector.ECMD!tr
AVG	Win32:Malware-gen
DeepInstinct	MALICIOUS

ChromeSetup.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All