Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 19, 2024, 9:36 a.m.	June 19, 2024, 10:02 a.m.

Size	2.8MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`7936c4064fbc9b69fba8b5f0d44a2482`
SHA256	`1ff3a794b0cefe6c10c3c91b93bb6bf5e58054a7d2ce51c987fb32a82d5e929b`
CRC32	`866E347C`
ssdeep	`49152:njt8sWSux8S7P4jqNPSqc1I6LcNx6fyW4WF1eGfaGf1W/FkGJZllE+wD:BPWSux8SAGSVcTQYq1eGfMdbzlbwD`
Yara	Malicious_Packer_Zero - Malicious Packer Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature anti_vm_detect - Possibly employs anti-virtualization techniques IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

2345.exe "C:\Users\test22\AppData\Local\Temp\2345.exe"
2564

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
152.136.174.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent June 19, 2024, 9:36 a.m.			0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 19, 2024, 9:36 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.sedata

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x533fe5 @ 0x933fe5 2345+0x575d60 @ 0x975d60 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: eb 09 b9 28 be d9 28 eb c5 74 67 c3 e9 5a ff ff exception.symbol: 2345+0x48a26a exception.instruction: jmp 0x88a275 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 4760170 exception.address: 0x88a26a registers.esp: 1638008 registers.edi: 0 registers.eax: 0 registers.ebp: 1638052 registers.edx: 582600 registers.ebx: 5 registers.esi: 3062512 registers.ecx: 3062512	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: exception.instruction_r: 0f ca b2 bd 8b 14 24 60 eb 1d 1c 84 1a 7d 8c 48 exception.symbol: 2345+0x4b5a6b exception.instruction: bswap edx exception.module: 2345.exe exception.exception_code: 0x80000004 exception.offset: 4938347 exception.address: 0x8b5a6b registers.esp: 1636952 registers.edi: 1637256 registers.eax: 8904830 registers.ebp: 9144225 registers.edx: 47972 registers.ebx: 1600622675 registers.esi: 1637020 registers.ecx: 1399735363	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: exception.instruction_r: 0f ca b2 bd 8b 14 24 60 eb 1d 1c 84 1a 7d 8c 48 exception.symbol: 2345+0x4b5a6b exception.instruction: bswap edx exception.module: 2345.exe exception.exception_code: 0x80000004 exception.offset: 4938347 exception.address: 0x8b5a6b registers.esp: 46463752 registers.edi: 46464056 registers.eax: 8904708 registers.ebp: 9144225 registers.edx: 48052 registers.ebx: 3081388040 registers.esi: 46463820 registers.ecx: 1399735363	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 47513408 registers.ebp: 47513424 registers.edx: 2949492 registers.ebx: 3603208 registers.esi: 4213797 registers.ecx: 39032493	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1
__exception__ June 19, 2024, 9:36 a.m.	stacktrace: 2345+0x4ed865 @ 0x8ed865 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc c7 45 fc fe ff ff ff 6a 01 e8 9c b1 32 00 33 exception.symbol: 2345+0x4c35 exception.instruction: int3 exception.module: 2345.exe exception.exception_code: 0x80000003 exception.offset: 19509 exception.address: 0x404c35 registers.esp: 47513384 registers.edi: 0 registers.eax: 0 registers.ebp: 47513424 registers.edx: 0 registers.ebx: 0 registers.esi: 4213832 registers.ecx: 0	1

Allocates read-write-execute memory (usually to unpack itself) (50 out of 4865 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 region_size: 851968 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02230000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 region_size: 1576960 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02510000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 65536 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76f20000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 region_size: 1048576 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 region_size: 294912 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 24576 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x759aa000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 19, 2024, 9:36 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 process_handle: 0xffffffff	1

Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (1 event)

Time & API	Arguments	Status	Return	Repeated
GetDiskFreeSpaceExW June 19, 2024, 9:36 a.m.	total_number_of_free_bytes: 13321687040 free_bytes_available: 13321687040 root_path: C:\ total_number_of_bytes: 34252779520	1	1	0

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 event)

Time & API	Arguments	Status	Return	Repeated
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0

The binary likely contains encrypted or compressed data indicative of a packer (4 events)

section

{u'size_of_data': u'0x001b9c00', u'virtual_address': u'0x00001000', u'entropy': 7.999893558892107, u'name': u'.text', u'virtual_size': u'0x0047d000'}

entropy

7.99989355889

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x000fce00', u'virtual_address': u'0x0047e000', u'entropy': 7.559107311722981, u'name': u'.sedata', u'virtual_size': u'0x000fd000'}

entropy

7.55910731172

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00001000', u'virtual_address': u'0x0058f000', u'entropy': 7.984202149236482, u'name': u'.sedata', u'virtual_size': u'0x00001000'}

entropy

7.98420214924

description

A section with a high entropy has been found

entropy

0.972902097902

description

Overall entropy of this PE file is high

Repeatedly searches for a not-found process, you may want to run a web browser during analysis (50 out of 81 events)

Time & API	Arguments	Status	Return	Repeated
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0
Process32NextW June 19, 2024, 9:36 a.m.	snapshot_handle: 0x0000028c process_name: 2345.exe process_identifier: 3473460		0	0

Communicates with host for which no DNS query was performed (1 event)

host

152.136.174.2

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ June 19, 2024, 9:36 a.m.	tid: 2664 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

File has been identified by 62 AntiVirus engines on VirusTotal as malicious (50 out of 62 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.ltVd
tehtris	Generic.Malware
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.GenericRI.S30113158
Skyhigh	BehavesLike.Win32.Generic.vc
ALYac	Gen:Variant.Zusy.531805
Cylance	Unsafe
VIPRE	Gen:Variant.Zusy.531805
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 005239691 )
BitDefender	Gen:Variant.Zusy.531805
K7GW	Trojan ( 005239691 )
Cybereason	malicious.64fbc9
Arcabit	Trojan.Zusy.D81D5D
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Packed.NoobyProtect.G suspicious
APEX	Malicious
McAfee	Artemis!7936C4064FBC
Avast	Win32:RATX-gen [Trj]
Kaspersky	Backdoor.Win32.Farfli.cmfp
Alibaba	Packed:Win32/NoobyProtect.cae82066
NANO-Antivirus	Trojan.Win32.Farfli.jzhxie
MicroWorld-eScan	Gen:Variant.Zusy.531805
Rising	Trojan.Convagent!8.12323 (TFE:5:zuAiFNUDi8N)
Emsisoft	Gen:Variant.Zusy.531805 (B)
F-Secure	Backdoor.BDS/Farfli.inrrq
DrWeb	BackDoor.Siggen2.3334
Zillya	Backdoor.Farfli.Win32.15004
TrendMicro	TROJ_GEN.R002C0DFI24
McAfeeD	ti!1FF3A794B0CE
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.7936c4064fbc9b69
Sophos	Mal/Generic-S
Ikarus	PUA.NoobyProtect
Google	Detected
Avira	BDS/Farfli.inrrq
MAX	malware (ai score=89)
Antiy-AVL	GrayWare/Win32.SafeGuard.a
Kingsoft	Win32.Troj.Unknown.a
Gridinsoft	Trojan.Heur!.03010021
Xcitium	TrojWare.Win32.Amtar.KNB@4wlm66
Microsoft	Trojan:Win32/Mikey!MSR
ViRobot	Trojan.Win.Z.Noobyprotect.2944344
ZoneAlarm	Backdoor.Win32.Farfli.cmfp
GData	Win32.Packed.NoobyProtect.B
Varist	W32/ABRisk.MXGW-5663
AhnLab-V3	Backdoor/Win.Generic.R505469
BitDefenderTheta	Gen:NN.ZexaF.36806.Zw2@aqiPhMki

2345.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All