Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	May 27, 2021, 9:41 a.m.	May 27, 2021, 10:03 a.m.

Size	1.7MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`138f1e886df537f014b2d4a74efb57d3`
SHA256	`7d2aa440d1865ca2262908dbb3102194d0fd77117b2b3ea0af9de8cc21d1e394`
CRC32	`19F5804D`
ssdeep	`49152:pAI+Y4rOwdlovusbBIY+KvRGsKh7RLSIzoQnuBp9yCur:pAI+BawobBIYD87RLSIXub9yb`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)

Setup2.exe "C:\Users\test22\AppData\Local\Temp\Setup2.exe"
3908
- runme.exe "C:\Program Files (x86)\Company\NewProduct\runme.exe"
  3916
- file4.exe "C:\Program Files (x86)\Company\NewProduct\file4.exe"
  1608
- lij.exe "C:\Program Files (x86)\Company\NewProduct\lij.exe"
  8408
  - rundll32.exe "C:\Windows\system32\rUNdlL32.eXe" "C:\Users\test22\AppData\Local\Temp\install.dll",setpwd
    7000
- md8_8eus.exe "C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe"
  4780
explorer.exe C:\Windows\Explorer.EXE
1848

Name	Response	Post-Analysis Lookup
email.yg9.me		198.13.62.186
email.yg9.me	A 198.13.62.186	198.13.62.186
ol.gamegame.info	A 172.67.200.215 A 104.21.21.221	172.67.200.215
ip-api.com	A 208.95.112.1	208.95.112.1
iw.gamegame.info	A 104.21.21.221 A 172.67.200.215	172.67.200.215

IP Address	Status	Action
104.21.21.221	Active	Moloch
164.124.101.2	Active	Moloch
172.217.25.14	Active	Moloch
172.67.200.215	Active	Moloch
198.13.62.186	Active	Moloch
208.95.112.1	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.102:50840 -> 198.13.62.186:53	2014702	ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Opcode 8 through 15 set	Potential Corporate Privacy Violation
TCP 192.168.56.102:49828 -> 208.95.112.1:80	2022082	ET POLICY External IP Lookup ip-api.com	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49828 -> 208.95.112.1:80	2022082	ET POLICY External IP Lookup ip-api.com	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49828 -> 208.95.112.1:80	2022082	ET POLICY External IP Lookup ip-api.com	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49828 -> 208.95.112.1:80	2022082	ET POLICY External IP Lookup ip-api.com	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49828 -> 208.95.112.1:80	2022082	ET POLICY External IP Lookup ip-api.com	Device Retrieving External IP Address Detected

Suricata TLS

No Suricata TLS

Queries for the computername (2 events)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW May 27, 2021, 9:53 a.m.	computer_name: TEST22-PC	1	1	0
GetComputerNameW May 27, 2021, 9:53 a.m.	computer_name: TEST22-PC	1	1	0

Checks if process is being debugged by a debugger (2 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent May 27, 2021, 9:35 a.m.			0	0
IsDebuggerPresent May 27, 2021, 10 a.m.			0	0

Tries to locate where the browsers are installed (1 event)

file	c:\program files (x86)\Google\Chrome\application\chrome.exe

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx May 27, 2021, 9:35 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section	CODE
section	DATA
section	BSS

The executable uses a known packer (1 event)

packer

BobSoft Mini Delphi -> BoB / BobSoft

One or more processes crashed (50 out of 13988 events)

Time & API	Arguments	Status
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 13918 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1
__exception__ May 27, 2021, 9:59 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _get@12+0x57d runme+0x2006d @ 0x42006d _get@12+0x14ab runme+0x20f9b @ 0x420f9b _get@12-0x1dfae runme+0x1b42 @ 0x401b42 _get@12-0x1e101 runme+0x19ef @ 0x4019ef BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633072 registers.edi: 2752512 registers.eax: 4294967288 registers.ebp: 1633124 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4772	1

HTTP traffic contains suspicious features which may be indicative of malware related traffic (2 events)

suspicious_features	POST method with no referer header				suspicious_request	POST http://iw.gamegame.info/report7.4.php
suspicious_features	POST method with no referer header				suspicious_request	POST http://ol.gamegame.info/report7.4.php

Performs some HTTP requests (3 events)

request	GET http://ip-api.com/json/?fields=8198
request	POST http://iw.gamegame.info/report7.4.php
request	POST http://ol.gamegame.info/report7.4.php

Sends data using the HTTP POST Method (2 events)

request	POST http://iw.gamegame.info/report7.4.php
request	POST http://ol.gamegame.info/report7.4.php

Allocates read-write-execute memory (usually to unpack itself) (11 events)

Time & API	Arguments	Status
NtProtectVirtualMemory May 27, 2021, 9:35 a.m.	process_identifier: 3908 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73772000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 27, 2021, 9:59 a.m.	process_identifier: 3916 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 114688 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002bc000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 27, 2021, 9:59 a.m.	process_identifier: 1608 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 27, 2021, 9:59 a.m.	process_identifier: 1608 region_size: 61440 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 27, 2021, 9:59 a.m.	process_identifier: 1608 region_size: 73728 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00430000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory May 27, 2021, 10 a.m.	process_identifier: 7000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10002000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 27, 2021, 10 a.m.	process_identifier: 7000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73e80000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 27, 2021, 10 a.m.	process_identifier: 7000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73771000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 27, 2021, 10 a.m.	process_identifier: 7000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73861000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 27, 2021, 10 a.m.	process_identifier: 7000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72da4000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 27, 2021, 10 a.m.	process_identifier: 7000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73772000 process_handle: 0xffffffff	1

Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (1 event)

Time & API	Arguments	Status	Return	Repeated
GetDiskFreeSpaceExW May 27, 2021, 9:53 a.m.	total_number_of_free_bytes: 0 free_bytes_available: 13292756992 root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Explorer total_number_of_bytes: 0	1	1	0

Looks up the external IP address (1 event)

domain

ip-api.com

Creates executable files on the filesystem (7 events)

file	C:\Program Files (x86)\Company\NewProduct\Uninstall.exe
file	C:\Program Files (x86)\Company\NewProduct\file4.exe
file	C:\Users\test22\AppData\Local\Temp\install.dll
file	C:\Program Files (x86)\Company\NewProduct\lij.exe
file	C:\Program Files (x86)\Company\NewProduct\runme.exe
file	C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe
file	C:\Users\test22\AppData\Local\Temp\install.dll.lnk

Creates a shortcut to an executable file (13 events)

file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk
file	C:\Users\test22\AppData\Local\Temp\install.dll.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk

Drops a binary and executes it (5 events)

file	C:\Program Files (x86)\Company\NewProduct\runme.exe
file	C:\Program Files (x86)\Company\NewProduct\file4.exe
file	C:\Program Files (x86)\Company\NewProduct\lij.exe
file	C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe
file	C:\Users\test22\AppData\Local\Temp\install.dll.lnk

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\install.dll

A process created a hidden window (4 events)

Time & API	Arguments	Status	Return
ShellExecuteExW May 27, 2021, 9:36 a.m.	show_type: 0 filepath_r: C:\Program Files (x86)\Company\NewProduct\runme.exe parameters: filepath: C:\Program Files (x86)\Company\NewProduct\runme.exe	1	1
ShellExecuteExW May 27, 2021, 9:36 a.m.	show_type: 0 filepath_r: C:\Program Files (x86)\Company\NewProduct\file4.exe parameters: filepath: C:\Program Files (x86)\Company\NewProduct\file4.exe	1	1
ShellExecuteExW May 27, 2021, 9:36 a.m.	show_type: 0 filepath_r: C:\Program Files (x86)\Company\NewProduct\lij.exe parameters: filepath: C:\Program Files (x86)\Company\NewProduct\lij.exe	1	1
ShellExecuteExW May 27, 2021, 9:36 a.m.	show_type: 0 filepath_r: C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe parameters: filepath: C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe	1	1

Checks for the Locally Unique Identifier on the system for a suspicious privilege (8 events)

Time & API	Arguments	Status	Return
LookupPrivilegeValueW May 27, 2021, 9:53 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW May 27, 2021, 9:53 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW May 27, 2021, 9:53 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW May 27, 2021, 9:53 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW May 27, 2021, 9:53 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW May 27, 2021, 9:53 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW May 27, 2021, 9:53 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW May 27, 2021, 9:53 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1

Communicates with host for which no DNS query was performed (1 event)

host

172.217.25.14

Setup2.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All