Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Sept. 13, 2023, 7:45 a.m.	Sept. 13, 2023, 7:49 a.m.

Size	418.9KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`8136a990ac239336f0c9bd5b46f586b0`
SHA256	`74c2f9370bd9b22b8a41ee40f1d4e43fce70494d029b81f8c719d553157cb191`
CRC32	`ADB7C414`
ssdeep	`6144:eapc5j92f62/1IcBe4/RA810YgExd25PSqvd5Tg/:Ux92f62/1de2xdEZTg`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE32 - (no description)

wininit.exe "C:\Users\test22\AppData\Local\Temp\wininit.exe"
1460

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 13, 2023, 7:45 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 19832 events)

Time & API	Arguments	Status
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 0f c7 3f 3a 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: vmptrst qword ptr [edi] exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x4dd1d70 registers.esp: 50001656 registers.edi: 261284 registers.eax: 6558632 registers.ebp: 50001656 registers.edx: 81596416 registers.ebx: 81596416 registers.esi: 2005865610 registers.ecx: 81599814	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 01 87 f4 a3 d3 f2 2f 82 a2 2f a7 52 54 fd eb exception.instruction: mov dword ptr [ecx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4dd1dca registers.esp: 50001652 registers.edi: 261284 registers.eax: 6558632 registers.ebp: 50001656 registers.edx: 2420436495 registers.ebx: 81596416 registers.esi: 2005865610 registers.ecx: 52203	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 0f 00 16 09 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: lldt word ptr [esi] exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x4dd1df5 registers.esp: 50001652 registers.edi: 261284 registers.eax: 6558632 registers.ebp: 50001656 registers.edx: 20480 registers.ebx: 81596416 registers.esi: 2005865610 registers.ecx: 81599814	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 13 67 21 9c 2c 59 d8 d0 e2 f7 2d a1 ae ba 0c exception.instruction: mov dword ptr [ebx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4deea08 registers.esp: 50001644 registers.edi: 261284 registers.eax: 6558632 registers.ebp: 50001656 registers.edx: 81596416 registers.ebx: 42630 registers.esi: 2005865610 registers.ecx: 81599814	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 0f 01 f2 6e 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: lmsw dx exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x4deea2e registers.esp: 50001648 registers.edi: 261284 registers.eax: 6558632 registers.ebp: 50001656 registers.edx: 81596416 registers.ebx: 81596416 registers.esi: 2005865610 registers.ecx: 81599814	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 7b 1a 9b e1 56 ea 6e 58 f1 9e e8 a4 07 37 36 d0 exception.instruction: jnp 0x4deeaa0 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4deea84 registers.esp: 50001636 registers.edi: 256 registers.eax: 6558632 registers.ebp: 50001656 registers.edx: 81596416 registers.ebx: 81596416 registers.esi: 50001632 registers.ecx: 81599814	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 07 91 3f 58 70 aa 58 ed a8 09 3f 64 12 56 e2 exception.instruction: mov dword ptr [edi], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4deeacf registers.esp: 50001644 registers.edi: 64649 registers.eax: 6558632 registers.ebp: 50001656 registers.edx: 81596416 registers.ebx: 81596416 registers.esi: 2005865610 registers.ecx: 81599814	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 01 35 1f 08 58 6d 95 ae 3f ee 57 6f 58 40 97 exception.instruction: mov dword ptr [ecx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4deeb17 registers.esp: 50001612 registers.edi: 261284 registers.eax: 6558632 registers.ebp: 50001656 registers.edx: 81596416 registers.ebx: 81596416 registers.esi: 2005865610 registers.ecx: 2372	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 03 d1 e1 9c 8c 08 35 6d ab 5e fd 41 0d e4 f1 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4deeb43 registers.esp: 50001612 registers.edi: 261284 registers.eax: 6558632 registers.ebp: 50001656 registers.edx: 81596416 registers.ebx: 81596416 registers.esi: 2005865610 registers.ecx: 81599814	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 33 11 6e b1 68 83 23 11 d5 b8 87 49 57 46 ca exception.instruction: mov dword ptr [ebx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4deeb92 registers.esp: 50001608 registers.edi: 261284 registers.eax: 6558632 registers.ebp: 50001656 registers.edx: 81596416 registers.ebx: 6972 registers.esi: 2005865610 registers.ecx: 81599814	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc bb fe b4 67 89 7b b8 03 bd a6 ce a9 9e 1c 68 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4deebc6 registers.esp: 50001612 registers.edi: 261284 registers.eax: 6558632 registers.ebp: 50001656 registers.edx: 81596416 registers.ebx: 81596416 registers.esi: 2005865610 registers.ecx: 81599814	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 38 28 1b 1b a6 fa 6c ef cb fa 4a 88 a5 09 c1 exception.instruction: mov dword ptr [eax], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4deec08 registers.esp: 50001608 registers.edi: 261284 registers.eax: 64314 registers.ebp: 50001656 registers.edx: 81596416 registers.ebx: 81596416 registers.esi: 2005865610 registers.ecx: 81599814	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 3a 43 a0 50 d5 c6 ab f2 e0 08 85 91 12 b0 c3 exception.instruction: mov dword ptr [edx], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4deec45 registers.esp: 50001604 registers.edi: 261284 registers.eax: 6558632 registers.ebp: 50001656 registers.edx: 45328 registers.ebx: 81596416 registers.esi: 2005865610 registers.ecx: 81599814	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 8d c7 de 3f 5f 10 8b 6e 09 f7 81 19 a5 81 d0 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4deec8c registers.esp: 50001608 registers.edi: 261284 registers.eax: 6558632 registers.ebp: 50001656 registers.edx: 81596416 registers.ebx: 81596416 registers.esi: 2005865610 registers.ecx: 81599814	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 02 e8 18 c3 fd 94 63 2c b5 40 62 01 87 34 78 exception.instruction: mov dword ptr [edx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4deeccd registers.esp: 50001604 registers.edi: 261284 registers.eax: 6558632 registers.ebp: 50001656 registers.edx: 35765 registers.ebx: 81596416 registers.esi: 2005865610 registers.ecx: 81599814	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 74 1d 3f ba 84 24 75 26 01 09 da 37 65 cf 09 a0 exception.instruction: je 0x4deed35 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4deed16 registers.esp: 50001596 registers.edi: 50001592 registers.eax: 6558632 registers.ebp: 50001656 registers.edx: 256 registers.ebx: 81596416 registers.esi: 2005865610 registers.ecx: 81599814	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 13 e2 45 a9 4e 15 42 d7 45 87 75 8c 7a 86 ab exception.instruction: mov dword ptr [ebx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4deed6f registers.esp: 50001600 registers.edi: 261284 registers.eax: 6558632 registers.ebp: 50001656 registers.edx: 81596416 registers.ebx: 18067 registers.esi: 2005865610 registers.ecx: 81599814	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 7e 2b 55 b0 49 41 14 64 e9 bc 13 b6 bb f9 aa 22 exception.instruction: jle 0x4deedeb exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4deedbe registers.esp: 50001596 registers.edi: 256 registers.eax: 6558632 registers.ebp: 50001656 registers.edx: 50001592 registers.ebx: 81596416 registers.esi: 2005865610 registers.ecx: 81599814	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 0f c7 3e 4e 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: vmptrst qword ptr [esi] exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x4deee06 registers.esp: 50001604 registers.edi: 261284 registers.eax: 2005662384 registers.ebp: 50001656 registers.edx: 2005623258 registers.ebx: 943935227 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 24 a5 c0 22 fa 36 1e 1b 08 53 ad 47 c2 6e 63 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4deee31 registers.esp: 50001604 registers.edi: 261284 registers.eax: 2005662384 registers.ebp: 50001656 registers.edx: 2005623258 registers.ebx: 943935227 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 52 f8 05 fe 4e 50 11 46 25 f4 2a 5a 1c a7 49 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4deee60 registers.esp: 50001604 registers.edi: 1122595638 registers.eax: 2005662384 registers.ebp: 50001656 registers.edx: 2005623258 registers.ebx: 943935227 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 19 a8 e9 ec 0c 2f c4 6c 4b 81 15 15 09 01 52 exception.instruction: mov dword ptr [ecx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4deeeb4 registers.esp: 50001600 registers.edi: 3417983880 registers.eax: 2005662384 registers.ebp: 50001656 registers.edx: 2005623258 registers.ebx: 943935227 registers.esi: 2005865610 registers.ecx: 30422	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc ce 96 56 c4 7d 8c 48 86 26 0e ee e2 5e ff 95 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4deeeec registers.esp: 50001604 registers.edi: 12 registers.eax: 2005662384 registers.ebp: 50001656 registers.edx: 2005623258 registers.ebx: 943935227 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 32 c8 5f 62 10 f0 d8 30 eb b2 ea 87 da 43 68 exception.instruction: mov dword ptr [edx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4deef3c registers.esp: 50001612 registers.edi: 261284 registers.eax: 2005662384 registers.ebp: 50001656 registers.edx: 52709 registers.ebx: 943935227 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 7e 02 e1 f4 1e 60 6c cc 99 65 66 0d d6 62 88 e4 exception.instruction: jle 0x4deef87 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4deef83 registers.esp: 50001608 registers.edi: 261284 registers.eax: 2005662384 registers.ebp: 50001656 registers.edx: 2005623258 registers.ebx: 943935227 registers.esi: 256 registers.ecx: 50001604	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 0f 01 1c 24 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: lidt ptr [esp] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4deefdf registers.esp: 50001612 registers.edi: 261284 registers.eax: 2005662384 registers.ebp: 50001656 registers.edx: 2005623258 registers.ebx: 943935227 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 37 b1 f0 0a 01 b0 66 fc 33 6f 91 88 df 80 ab exception.instruction: mov dword ptr [edi], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4def039 registers.esp: 50001608 registers.edi: 23579 registers.eax: 2005662384 registers.ebp: 50001656 registers.edx: 2005623258 registers.ebx: 943935227 registers.esi: 256387688 registers.ecx: 182	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 7c 08 3d 9c 18 4c a6 9c 4a 4c 6e 3d cb 95 7a a0 exception.instruction: jl 0x4def09c exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4def092 registers.esp: 50001604 registers.edi: 256 registers.eax: 2005662384 registers.ebp: 50001656 registers.edx: 50001600 registers.ebx: 943935227 registers.esi: 1842227749 registers.ecx: 182	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 76 12 77 1d b1 72 5d 7b e8 09 84 52 ed a3 14 71 exception.instruction: jbe 0x4def10d exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4def0f9 registers.esp: 50001604 registers.edi: 50001600 registers.eax: 2005662384 registers.ebp: 50001656 registers.edx: 2005623258 registers.ebx: 943935227 registers.esi: 256 registers.ecx: 182	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 07 f7 5d ab 74 c9 ee a1 d1 a6 dd 8b 6f ca 88 exception.instruction: mov dword ptr [edi], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4def144 registers.esp: 50001604 registers.edi: 26515 registers.eax: 2005662384 registers.ebp: 50001656 registers.edx: 2005623258 registers.ebx: 943935227 registers.esi: 12288 registers.ecx: 182	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 0f 01 c8 e5 00 00 00 00 00 00 00 00 00 00 00 00 exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x4def16e registers.esp: 50001608 registers.edi: 261284 registers.eax: 2005662384 registers.ebp: 50001656 registers.edx: 2005623258 registers.ebx: 943935227 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 76 15 41 21 07 e1 f3 2b 67 4d 64 90 e3 06 9f 04 exception.instruction: jbe 0x4def1d8 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4def1c1 registers.esp: 50001600 registers.edi: 261284 registers.eax: 50001596 registers.ebp: 50001656 registers.edx: 2005623258 registers.ebx: 943935227 registers.esi: 2005865610 registers.ecx: 256	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 0f 00 d9 c2 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: ltr cx exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x4def20d registers.esp: 50001608 registers.edi: 261284 registers.eax: 2005662384 registers.ebp: 50001656 registers.edx: 2005623258 registers.ebx: 50001656 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 72 e2 50 96 9c d3 12 9a 0a 25 bf 4b 5a bc 96 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4def24d registers.esp: 50001608 registers.edi: 261284 registers.eax: 2005662384 registers.ebp: 50001656 registers.edx: 2005623258 registers.ebx: 50001656 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 0f 01 f2 90 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: lmsw dx exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x4def27f registers.esp: 50001608 registers.edi: 261284 registers.eax: 2005662384 registers.ebp: 50001656 registers.edx: 2005623258 registers.ebx: 50001656 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 0f 01 f2 03 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: lmsw dx exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x4def2bd registers.esp: 50001608 registers.edi: 261284 registers.eax: 2005662384 registers.ebp: 50001656 registers.edx: 2005623258 registers.ebx: 50001979 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc c0 a5 af 37 19 4c cb 6a 5b b9 92 6c 93 1d 68 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4def2e9 registers.esp: 50001608 registers.edi: 261284 registers.eax: 2005662384 registers.ebp: 50001656 registers.edx: 2005623258 registers.ebx: 50001980 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 0f 08 93 1e 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: invd exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x4def32f registers.esp: 50001604 registers.edi: 261284 registers.eax: 2005662384 registers.ebp: 50001656 registers.edx: 2005623258 registers.ebx: 50001980 registers.esi: 2005865610 registers.ecx: 76589301	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc e0 12 e8 55 80 0b 7c 3f 9c ea 62 10 e9 da 04 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4def366 registers.esp: 50001604 registers.edi: 261284 registers.eax: 2005662384 registers.ebp: 50001656 registers.edx: 2005623258 registers.ebx: 50001980 registers.esi: 2005865610 registers.ecx: 1099395692	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 0f 00 d9 4f 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: ltr cx exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x4def39a registers.esp: 50001600 registers.edi: 261284 registers.eax: 2005662384 registers.ebp: 50001656 registers.edx: 2005623258 registers.ebx: 50001980 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 12 cd 92 bb 0b 5a 93 32 e0 7b 11 2d e2 ec f4 exception.instruction: mov dword ptr [edx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4def3df registers.esp: 50001596 registers.edi: 261284 registers.eax: 2005662384 registers.ebp: 50001656 registers.edx: 15327 registers.ebx: 50001980 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 90 38 ab f4 ff 0e a4 12 ab 36 ff f1 f3 01 a6 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4def41a registers.esp: 50001600 registers.edi: 261284 registers.eax: 2005662384 registers.ebp: 50001656 registers.edx: 2005623258 registers.ebx: 50001980 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 0f c7 37 15 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: vmptrld qword ptr [edi] exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x4def459 registers.esp: 50001600 registers.edi: 261284 registers.eax: 2005662384 registers.ebp: 50001656 registers.edx: 2005623258 registers.ebx: 50001980 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 0f c7 39 20 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: vmptrst qword ptr [ecx] exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x4def481 registers.esp: 50001600 registers.edi: 261284 registers.eax: 2005662384 registers.ebp: 50001656 registers.edx: 2005623258 registers.ebx: 50001980 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 7f 0b 0c 8d 8a a7 e8 89 59 3a 28 16 42 2d 31 ed exception.instruction: jg 0x4def4e6 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4def4d9 registers.esp: 50001592 registers.edi: 261284 registers.eax: 2005662384 registers.ebp: 50001656 registers.edx: 2005623258 registers.ebx: 50001980 registers.esi: 256 registers.ecx: 50001588	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 5c 61 b3 e9 80 ec 25 b9 43 4e 3c 7a 0a ea 24 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4def519 registers.esp: 50001600 registers.edi: 261284 registers.eax: 2005662384 registers.ebp: 50001656 registers.edx: 2005623258 registers.ebx: 50001980 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 24 91 71 db 84 43 58 8e da d5 2e 7f d0 df b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4def557 registers.esp: 50001600 registers.edi: 261284 registers.eax: 2005662384 registers.ebp: 50001656 registers.edx: 2005623258 registers.ebx: 50001984 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 01 1b 74 45 41 9d a6 84 7b a8 50 ff 4d be 73 exception.instruction: mov dword ptr [ecx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4def593 registers.esp: 50001596 registers.edi: 261284 registers.eax: 2005662384 registers.ebp: 50001656 registers.edx: 2005623258 registers.ebx: 50001984 registers.esi: 2005865610 registers.ecx: 42829	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 12 75 e5 c5 a3 df b8 cc a3 e5 53 eb f4 9b cd exception.instruction: mov dword ptr [edx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4def5d9 registers.esp: 50001596 registers.edi: 261284 registers.eax: 2005662384 registers.ebp: 50001656 registers.edx: 57362 registers.ebx: 50001984 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 13, 2023, 7:47 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 76 18 8c 53 a3 20 ac 84 0f 0a 2c 08 37 d9 4c 31 exception.instruction: jbe 0x4def642 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4def628 registers.esp: 50001588 registers.edi: 261284 registers.eax: 256 registers.ebp: 50001656 registers.edx: 2005623258 registers.ebx: 50001984 registers.esi: 2005865610 registers.ecx: 50001584	1

Allocates read-write-execute memory (usually to unpack itself) (3 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Sept. 13, 2023, 7:45 a.m.	process_identifier: 1460 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x741c4000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 13, 2023, 7:45 a.m.	process_identifier: 1460 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73fe4000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 13, 2023, 7:45 a.m.	process_identifier: 1460 region_size: 95354880 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03950000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

Creates executable files on the filesystem (3 events)

file	C:\Users\test22\AppData\Local\hests\personalness\Tillempningers\libgmodule-2.0-0.dll
file	C:\Users\test22\AppData\Local\Temp\nseBF94.tmp\LangDLL.dll
file	C:\Users\test22\AppData\Local\Temp\nseBF94.tmp\System.dll

Drops an executable to the user AppData folder (2 events)

file	C:\Users\test22\AppData\Local\Temp\nseBF94.tmp\LangDLL.dll
file	C:\Users\test22\AppData\Local\Temp\nseBF94.tmp\System.dll

wininit.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All