popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Setup2.exe

Emotet Glupteba VMProtect GIF Format PE File DLL PE32 OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 May 18, 2021, 9:13 a.m. May 18, 2021, 9:18 a.m.
Size 2.5MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 46fcb8a8f7db4f6e098f1213b1955498
SHA256 85abba42910c11d07a20a4f6ec35bdbf85f541790e2908a2f39fa868caa5d121
CRC32 DD8D1D43
ssdeep 49152:pAI+M8b4OEkgGTFPZ/Q6hVp/Q1/wMOHST9y74WAoym5VD39ZhF6VdT4f:pAI+Hb4OE6TT/TdY1TOyT93xypZhFs0f
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
email.yg9.me 198.13.62.186
www.facebook.com
A 157.240.215.35
CNAME star-mini.c10r.facebook.com
157.240.215.35
ol.gamegame.info
A 104.21.21.221
A 172.67.200.215
104.21.21.221
uyg5wye.2ihsfa.com
A 88.218.92.148
88.218.92.148
iw.gamegame.info
A 172.67.200.215
A 104.21.21.221
172.67.200.215
email.yg9.me
A 198.13.62.186
198.13.62.186
ip-api.com
A 208.95.112.1
208.95.112.1
IP Address Status Action
117.18.237.29 Active Moloch
104.21.21.221 Active Moloch
157.240.215.35 Active Moloch
164.124.101.2 Active Moloch
172.217.25.14 Active Moloch
172.67.200.215 Active Moloch
198.13.62.186 Active Moloch
208.95.112.1 Active Moloch
88.218.92.148 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.102:49815 -> 208.95.112.1:80 2022082 ET POLICY External IP Lookup ip-api.com Device Retrieving External IP Address Detected
UDP 192.168.56.102:50840 -> 198.13.62.186:53 2014702 ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Opcode 8 through 15 set Potential Corporate Privacy Violation
TCP 192.168.56.102:49824 -> 208.95.112.1:80 2022082 ET POLICY External IP Lookup ip-api.com Device Retrieving External IP Address Detected
TCP 192.168.56.102:49824 -> 208.95.112.1:80 2022082 ET POLICY External IP Lookup ip-api.com Device Retrieving External IP Address Detected
TCP 192.168.56.102:49824 -> 208.95.112.1:80 2022082 ET POLICY External IP Lookup ip-api.com Device Retrieving External IP Address Detected
TCP 192.168.56.102:49824 -> 208.95.112.1:80 2022082 ET POLICY External IP Lookup ip-api.com Device Retrieving External IP Address Detected
TCP 192.168.56.102:49824 -> 208.95.112.1:80 2022082 ET POLICY External IP Lookup ip-api.com Device Retrieving External IP Address Detected
TCP 192.168.56.102:49823 -> 157.240.215.35:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.102:49823
157.240.215.35:443 		C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA C=US, ST=California, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com 8a:d5:51:89:8f:00:98:8e:5b:0f:b8:07:6d:0d:43:18:89:c2:bb:d0

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
file c:\program files (x86)\Google\Chrome\application\chrome.exe
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section CODE
section DATA
section BSS
packer BobSoft Mini Delphi -> BoB / BobSoft
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0

__exception__

 stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77419e31
GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x75763120
_getArchiveInfo@8+0x248 setup+0x3d1f8 @ 0x43d1f8
_getArchiveInfo@8+0x7f8 setup+0x3d7a8 @ 0x43d7a8
_go@4-0x3bace setup+0x14d2 @ 0x4014d2
_go@4-0x3bc21 setup+0x137f @ 0x40137f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77419e58
registers.esp: 1632304
registers.edi: 8650752
registers.eax: 4294967288
registers.ebp: 1632348
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8650752
1 0 0
suspicious_features POST method with no referer header suspicious_request POST http://iw.gamegame.info/report7.4.php
suspicious_features POST method with no referer header suspicious_request POST http://ol.gamegame.info/report7.4.php
suspicious_features POST method with no referer header suspicious_request POST http://uyg5wye.2ihsfa.com/api/?sid=293289&key=0b72a8497029bcfa3fd924f33ac1d264
request GET http://ip-api.com/json/
request GET http://ip-api.com/json/?fields=8198
request POST http://iw.gamegame.info/report7.4.php
request POST http://ol.gamegame.info/report7.4.php
request GET http://uyg5wye.2ihsfa.com/api/fbtime
request POST http://uyg5wye.2ihsfa.com/api/?sid=293289&key=0b72a8497029bcfa3fd924f33ac1d264
request GET https://www.facebook.com/
request POST http://iw.gamegame.info/report7.4.php
request POST http://ol.gamegame.info/report7.4.php
request POST http://uyg5wye.2ihsfa.com/api/?sid=293289&key=0b72a8497029bcfa3fd924f33ac1d264
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 8024
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73772000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 7528
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 114688
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00881000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 8064
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003d0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 8064
region_size: 61440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003e0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 8064
region_size: 73728
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00430000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 8168
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x10000000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 8168
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x10000000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 8168
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73e80000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 8168
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73771000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 8168
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x70b71000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 8168
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72da4000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 8168
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73772000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 8168
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73e01000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 8168
region_size: 1769472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x020b0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 8168
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02220000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 8168
region_size: 1052672
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x020b0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 8168
region_size: 376832
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01cd0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 8168
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x71f81000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 8168
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x76891000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 8168
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x740f1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 8168
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x75111000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 8168
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x75241000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 8168
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74f41000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 8168
region_size: 307200
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01e20000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13289119744
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Explorer
total_number_of_bytes: 0
1 1 0
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
domain ip-api.com
file C:\Program Files (x86)\Company\NewProduct\Uninstall.exe
file C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe
file C:\Users\test22\AppData\Local\Temp\install.dll
file C:\Program Files (x86)\Company\NewProduct\huachen.exe
file C:\Program Files (x86)\Company\NewProduct\file4.exe
file C:\Program Files (x86)\Company\NewProduct\setup.exe
file C:\Users\test22\AppData\Local\Temp\install.dll.lnk
file C:\Program Files (x86)\Company\NewProduct\customer2.exe
file C:\Users\test22\AppData\Local\Temp\jfiag3g_gg.exe
file C:\Users\test22\AppData\Local\Temp\adobe_caps.dll
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk
file C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
file C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk
file C:\Users\test22\AppData\Local\Temp\install.dll.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk
file C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
file C:\Program Files (x86)\Company\NewProduct\setup.exe
file C:\Program Files (x86)\Company\NewProduct\huachen.exe
file C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe
file C:\Program Files (x86)\Company\NewProduct\customer2.exe
file C:\Program Files (x86)\Company\NewProduct\file4.exe
file C:\Users\test22\AppData\Local\Temp\install.dll.lnk
file C:\Users\test22\AppData\Local\Temp\adobe_caps.dll
file C:\Users\test22\AppData\Local\Temp\jfiag3g_gg.exe
file C:\Users\test22\AppData\Local\Temp\install.dll
Time & API Arguments Status Return Repeated

ShellExecuteExW

 show_type: 0
filepath_r: C:\Program Files (x86)\Company\NewProduct\setup.exe
parameters:
filepath: C:\Program Files (x86)\Company\NewProduct\setup.exe
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: C:\Program Files (x86)\Company\NewProduct\huachen.exe
parameters:
filepath: C:\Program Files (x86)\Company\NewProduct\huachen.exe
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe
parameters:
filepath: C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: C:\Program Files (x86)\Company\NewProduct\customer2.exe
parameters:
filepath: C:\Program Files (x86)\Company\NewProduct\customer2.exe
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: C:\Program Files (x86)\Company\NewProduct\file4.exe
parameters:
filepath: C:\Program Files (x86)\Company\NewProduct\file4.exe
1 1 0
Time & API Arguments Status Return Repeated

Process32FirstW

 snapshot_handle: 0x00000120
process_name: [System Process]
process_identifier: 0
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: System
process_identifier: 4
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: smss.exe
process_identifier: 224
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: csrss.exe
process_identifier: 300
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: wininit.exe
process_identifier: 348
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: csrss.exe
process_identifier: 364
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: winlogon.exe
process_identifier: 396
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: services.exe
process_identifier: 440
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: lsass.exe
process_identifier: 456
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: lsm.exe
process_identifier: 464
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: svchost.exe
process_identifier: 568
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: svchost.exe
process_identifier: 640
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: svchost.exe
process_identifier: 700
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: svchost.exe
process_identifier: 776
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: svchost.exe
process_identifier: 824
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: svchost.exe
process_identifier: 968
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: svchost.exe
process_identifier: 264
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: spoolsv.exe
process_identifier: 820
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: svchost.exe
process_identifier: 292
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: svchost.exe
process_identifier: 1192
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: srvany.exe
process_identifier: 1244
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: taskhost.exe
process_identifier: 1284
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: KMService.exe
process_identifier: 1324
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: conhost.exe
process_identifier: 1376
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: sppsvc.exe
process_identifier: 1800
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: svchost.exe
process_identifier: 1876
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: dwm.exe
process_identifier: 1496
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: explorer.exe
process_identifier: 1848
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: SearchIndexer.exe
process_identifier: 2548
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: thunderbird.exe
process_identifier: 3960
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: pw.exe
process_identifier: 5008
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: audiodg.exe
process_identifier: 7936
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: splwow64.exe
process_identifier: 3928
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: SearchProtocolHost.exe
process_identifier: 3816
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: SearchFilterHost.exe
process_identifier: 7776
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: mobsync.exe
process_identifier: 3220
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: pw.exe
process_identifier: 5952
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: taskhost.exe
process_identifier: 8188
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: cmd.exe
process_identifier: 3576
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: conhost.exe
process_identifier: 7092
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: pw.exe
process_identifier: 996
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: slui.exe
process_identifier: 1520
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: setup.exe
process_identifier: 7528
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: customer2.exe
process_identifier: 6096
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: dllhost.exe
process_identifier: 8084
1 1 0

Process32NextW

 snapshot_handle: 0x00000120
process_name: rundll32.exe
process_identifier: 8168
1 1 0
Time & API Arguments Status Return Repeated

GetAdaptersAddresses

 flags: 15
family: 0
111 0
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeShutdownPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeShutdownPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeShutdownPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeShutdownPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeShutdownPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeShutdownPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeShutdownPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeShutdownPrivilege
1 1 0
process rundll32.exe
host 117.18.237.29
host 172.217.25.14
Time & API Arguments Status Return Repeated

FindWindowA

 class_name: ConsoleWindowClass
window_name:
1 5505850 0
Time & API Arguments Status Return Repeated

RegSetValueExW

 key_handle: 0x00000124
regkey_r: 1
reg_type: 3 (REG_BINARY)
value: ÁÕx4XÁåH<PÁýPwËoÜØ_µHŀµ¾HŘ¼«HcáA—@ű4^¯fZÅÊC@K°h·?ˆËjètM=…ã•ŸK£¹áü÷¶­Ãc~–¹²$ ?xÃ{a‰LÇs°Íh™$ÏüsEø½ƒç@tPAÊ]—ù¸003ú6)žÃ{¸ÍE´H±Æ·¹ÎMŽÅÉ`tÃ]žÁÍ` dÁÂGÅh™»ÿ*^ßptÃE&÷3á“ù¸€€HÃE¾(ŸÃ×x|ÃçHD(ÃÿPL ËGôqœ‹Ã ç„ÁÕx<‘Åh,]ÅáHñÉm,Àe-Ï!E`3è‚â‰.DDH‚îçLLLHÃÛHTÇÙB]ÆÉr}ÈEϋû~I*#|·@ŠNRƙPÉ7¼ˆˆBÉ„ŒŒ‰Ì*œüp:ò2z‹½ÃÎòÿ‰)øTK¸ÀL½ThÃÞêúÎRÖ±¼Ãčº[€B!ãˀ·=‹Êhêt’ªÀ4³pºÊúQiJó±x`AnóÁϕ•XžNېÅûrEN±½J¶< Çӑyc¤Š›c‰1~"yò8†zBaj ;»­¾ÊÊe©3vJÃϸ£@ÊÂUUJËCŸ…ØJәrêލ7µ‹Î*&J‰së߈!¦Aø—.‹@|2~o‘ˆNÇH<>α~¦$ËÍ‚ƒÏJKŽP{û´Ÿ®ÉÌ@Šp·OÁƒN±¾I¶?Âû¹y`§Š›eXXJ>==>§"ÍÅ ‚ƒK¸ûòÁ#ÀL¼e‰IOfïÕŠBE´kWÅÀŠL[ß±¿À ƍ¹X€@#ãې·>‰Ëiët’^õ;¡Ñ隣·ÅÀŠ8/]÷©¿ìOÃI)é1óˆÃ¸ÔðHÉEÀ_ž„ËoÄÀûí·ËkáAËGìë„ÁÕx,]ËoÜxÃrrQcõ;Q!ïFáü÷¶­ÁÍ` À6#F²$ ?xÃc9,F;—ÂÁ  ¬ˆLÇkTAFð¾õz4ÇsGRF–ŒR¹Á  ¤€èu`·ÁÍ`lÇckx»3t4ó)¼V¸õZf_>s~²½ f_>r­+Ktņ Hs⫧T½nEt}ˆ½<u¶{¸ fãÁz(bÃA²z(vÄHðf_}z*aÑàK¸óz8JÁ¹ úBZ•ÉÜPLÈE´VkÄ–‹ÊE:ø̈þ†¶JњËBéar묛ÔúÏÇr}~ñōߢ»Ïßjjgᓾ5FҐÊIƒ¶µoù´'zó»OqÀŽAʀJxrCIÊÈGENH C;áÑŒÀÖsiÌĶüËCJ€¶ÚáŽêNL‰ŽÏZ˜Êkét¾ojn_Š¾øù@Aù¸00AÊYáú6*ÃSÍEϋ_%»ÏÏzjÃ\ŸÃC‰¾(’vúˆN¸^"wr8u: Èäh¸rÅŒÁÊJÚ…E´VgÎJÖEÀE´aTÊZÒHŁKKԖ¾(’vú¯'Bî‹]WR8t²ŒÇçH˜õZf_:wweïŠK+G„èEHKøÂ>sv‹ŽŒ 7°…Eϋ ŽD}¶;´‰HřOÇP—gto»NÏÉFEB˼*ý½AÊKˆËkà@™9¤/³UE¾EwÁÇBMJ¸¶¸¹ððAN¸w¦Eâx¹  f]ú´dšKÀaðJljOMHÊBÃOfÿ¡¹‰vúBÉFLKÓ[NÏÉFEB˽ÖïÇ/€¬ˆ‹ …EϋšHŹ7ˆƒEϋŒ‹ÅBHÏå~XKȏÏ{¼Oè§Oð «p mvú…Çk¨ÍEϋü…¾Êb¤t7z3ÂE‹Îr±ÃšXÂG„ÍW«| ¸e9ìOËAÀJKÐ,k°¤€EvúÍEϋĽ´Â+g·:‰Çv´ˆ&äHƁ;{u0|Ê÷ËEҟƒEµôÍÇ/€¬ˆLÇçHdÏ ' EÀE´S¬ #¤…E´i–C€ð⿫ǁOÇH‹‰+éB¾*ÁÖouvóKôW`Ã@ƒKøºÌýqŠ])(REµhXvóóášÃ@4(äá“ù¸€€HÃ@Š¾+=OZtMŽÃ×xT8ËGôqž:k™X°¶§qÍ 666Ûqïp‚í âӐGžúåÐ¥ð"+  |x¤àF cûƒËN‚…„  ÊD†š•LZ`` ‚Ž x†û @Aåæà!@‚ƒ†PNðö ðÀMx805Nv ”š”ðíFDÆÌ{z/îççÿçõtL) Ǝ8åÆS'çÔ–VÁ‹J L€€CN•ÕÁ1àÖ:úÁÖÁ:¾… ÉÇÀúøú:NãíDTžÇÏÕÏÝ ÜǺ<ÜÃIÞˌŽÒåÇwޜT“RÀ”T€û{¢lÇ\ÚäÿommXËoì(À_Fñ3úÉEvóóášÁ„]A|kÀÀÒÀèê/ #Kŀ»Î|QBò›L#€Gìè)ÇSÌÎâåííÆ`¥„ÏÀ He}ðàçñä!†"âæ钙â4óàhÁŒú²l/ p>HÃɬ¦âáôZNàû8Àòñê àé)ÃB©+ÀfïŒé,ÀÃåê.åÿûCu8(xHáHhÎóô"öÁÌE « œÀ8c+à¨ÅÙp«‰†=»b+´êïséA©€®ãZ“Œ!:ìȀ¹QÃÆMHsþ%DÛu{I<MYþàiôŸæèhé®ÎmèDl»jîïG¶ñ=Éô_A/Ùè(ÁéB¨êkyñã皝üöÚó…N©ác(ýå6ááú™¯ê>®ÇN JØE´d°œÌ‡7BÄú4 ³¼E@€@(µ,qÌ­iÈÃ'u <y5¥hêüè\@áž_d}vÁÕ\$,@ÁåH4XH‰ýP<PÁõX,(av((hňïÃ)HÃR‘D…ˆR©ê´%ÈHՖᲞŒab1Þ*„KàëPÙÊ Åö#HXÁâ;0`8µøU"dï"+À'öÐ+(Cà·ßž§»2ÐáIÁÎÿPý<ha©Ž%!Fm+Ë Ìߎõ—žÎ'}bwHËmït´‰ÃƒdHX,ÇÿPd@HÃ÷XlÁ ‘€ Š KÁ‹H‹`ïD ®!@!`ÇD©¸2 âXE†51 !ÇDæbB_  ! '_ÍÅÃ×\$xËGäaTÉ!Ãv¶þ”Q’ÃñČ¥ó5Âu|·"¸!IÃD':Œß“™LA€Y.…æ–ÑiEH<šŠˆ9xߏ±tQ¦ˆKI ˆÃë9dPÌ"'!È ÂyÏêš œ(¿Àې„‘ ³˜~q‹ŒˆœVù°_¿ó÷óÕÄó«z3@@00ŠÀÓI5ÿaö†€;:¡º tNÊñy‡êó`²Âù“~çïü´±ïC³ùü41øÈ0Fj»±,—Ä÷PƒhPĵËyගÂOç` ½ÖƒsbF–ÑBÏ•éìt¼Y—GPïêÊ^óE·ê¿F“PB+y]\±çv?·Úž+‘ב‹êê;äQj¨9®Mʛà¸ÃaZ£flñ*ŠÆDµe»¯•Š|XÌzs‚ôÌÇÈK›µ!PutÃ^™/cÀˆÃLJëÈ´~ÕW¬o0ozSm0È ß‡»—êöó<.º¥+hµÊA>$ûÃŌÍ-Úv€ÀkGx£ŒDh)_!¾ˆÑêWӁEµs–MB]ߤHHD(ÅÉF&DPt` dÁˆCW1?/v`A6ÈDŸgokáž<G=:I›7//h4HÁ ¶—Eô[zš³À³;ÅÂw—âÂĤì꧴r6P³µtRòŒ®ø™Æ¶u[xtÅÒ~AgsP†ßG)[@öæ›Èû º ½uÀ€ÌO‰AI@ȊápSRTØ[ÃÄ©ÈþUƒ‘Ö˜ôóÄH+4o|ÉËv³2°QCď§ê„ÂKįê†CÛH@}[3ÁÇT@#/€Ì<}¶,Q\íáõãE)s÷ç#ÁâO|³Ù ሪÐz؂BDŸ~ôK­ù@/$E h(ÀãJ @3F‚¾â­vŒpPñåS+ÈókH{ê¢#Rg çê ¢²ÔP6òÄﺡâzi[ƒwû´îççUÍùqr`kÒòn TLZrOíAfË+€Ž{$H؊ ¢)Kj‘ÞW8o}µ–oà¡@ËoÌ2˘‘ÙAÅÁhrÓ~û üô‘Eϋ€U|§»ýÃd71F¢é F'-µ W¿Â0ôïìÉ~³4mÊC+‡ƒJkI¨…_Ɔ»?„pEƒ´ùç °Ú¿Ãbføê·¹» LDŸ·!AHþ„ûû¿ÔG” ˜û»K7ŒŒ€ƒ@NjܕÀâsQÀúCwÆñ³àŒ˜¥Ÿ-ó‰Âz¸‰£c‹{¼ÇiªÃbi Ž>8‹¹-MÍzð‹€AA‰Êkkž/rA¶¯ÀÒSEM‰òkUÈõt́ªìBGù»±¦d8z±†Ÿ™.9ÃÎE0|Ç@ĸúe(EÎMŽÁÍ`ø‰Â_œÅ vô÷ñ,÷Æ2³3÷Õý“ªg"`œxòÑÎ…‹u`ZÁ—õáBÈ @#xÿmñ•4 xD,Ü®Vi4EzB¨ÔL(^N…˜¤¦¢ÚÜٙzÌ(wPò¸~tE"§5ý{™n°}ðY¨8!Tÿ[M›÷ÀrM L7à‹ÍϹêGðóÊ  OÁ1+€Ãš ±¶uÿ$#¥îSG{$§Þ¶+šºŒ À‡’ªÉ´6ó*ãÅÌeõ” Á½yÏÜWÂZ8çZF$=€JÁÅh¼[””…™ÐHÁ’™ˆ"„'êǘ YÅí(¸¹A"{BFü¤T´Å²¸;ˆ"¶\\By(€{È:‰HÐp4K¹6Å5J;ŠæƒàEwߥÃJ…ÌŒ¨ˆFöL½pLh£C‰»ðøµ•æù‹àU2€zù@5q7ó+î´µÅáýɍÏ-aŠØ@Uv×Æ)O4x<ë¢_eX,lEabFoê
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{LJU50KX1-5I52-VT6Q-WSWM-U2Z9XL21ZV61}\1
1 0 0
file C:\Users\test22\AppData\Local\Temp\fj4ghga23_fsa.txt
file C:\Users\test22\AppData\Local\Temp\jfiag3g_gg.exe
Time & API Arguments Status Return Repeated

__anomaly__

 tid: 7144
message: Encountered 65537 exceptions, quitting.
subcategory: exception
function_name:
1 0 0
Bkav W32.AIDetect.malware2
MicroWorld-eScan Trojan.GenericKDZ.75251
CAT-QuickHeal Trojan.Injector
McAfee Artemis!46FCB8A8F7DB
Cylance Unsafe
K7AntiVirus Trojan ( 0057c5af1 )
K7GW Trojan ( 0057c5af1 )
CrowdStrike win/malicious_confidence_80% (W)
Arcabit Trojan.Generic.D125F3
Cyren W32/Trojan.JPGM-8106
Symantec ML.Attribute.HighConfidence
ESET-NOD32 multiple detections
APEX Malicious
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender Trojan.GenericKDZ.75251
NANO-Antivirus Riskware.Win32.PSWTool.hqsnsl
Avast Win32:CrypterX-gen [Trj]
Tencent Win32.Trojan.Injector.Pfts
Sophos ML/PE-A
F-Secure Heuristic.HEUR/AGEN.1114952
DrWeb Trojan.MulDrop16.31196
McAfee-GW-Edition BehavesLike.Win32.BadFile.vc
FireEye Generic.mg.46fcb8a8f7db4f6e
Emsisoft Trojan.GenericKDZ.75251 (B)
SentinelOne Static AI - Suspicious PE
Webroot W32.Trojan.Gen
Avira TR/AD.Inject.dseps
eGambit Unsafe.AI_Score_100%
MAX malware (ai score=83)
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Trojan.Win32.CoinMiner.vb!s8
Microsoft Trojan:Win32/CryptInject!MSR
SUPERAntiSpyware Trojan.Agent/Gen-Reconyc
ZoneAlarm HEUR:Trojan.Win32.Bsymem.gen
GData Gen:Variant.Zusy.380087
Cynet Malicious (score: 100)
ALYac Gen:Variant.Zusy.380087
Malwarebytes Generic.Trojan.Malicious.DDS
Rising Exploit.Generic!8.3E1 (CLOUD)
Yandex Trojan.Blocker!OH3Aj8L7MuI
Ikarus Trojan-Spy.Win32.QuStealer
MaxSecure Trojan-Ransom.Win32.Crypmod.zfq
Fortinet Riskware/NetPass
BitDefenderTheta Gen:NN.ZexaF.34690.vuW@aaaADlO
AVG Win32:CrypterX-gen [Trj]
Cybereason malicious.8f7db4
Panda Trj/CI.A