Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	May 28, 2021, 8:20 a.m.	May 28, 2021, 8:25 a.m.

Size	6.0MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`38976248b5751e588795a5c9c4ca0327`
SHA256	`4a2ed0d379350270d2a380b42a5620a20e1f1663f2d846796f86a6667edd7676`
CRC32	`957CCF23`
ssdeep	`196608:UlJFmxSzD+NbPQZcn3DDt/mB++FaEWtpb8E:U8SzuboZi3Fv+FaEI2`
PDB Path	C:\pax\nunuke3\hukugekepuwiho\yole-zujuhiniwe\daz 60 la.pdb
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description)

seleja.exe "C:\Users\test22\AppData\Local\Temp\seleja.exe"
232

Name	Response	Post-Analysis Lookup
r2---sn-3u-bh2z7.gvt1.com	CNAME r2.sn-3u-bh2z7.gvt1.com A 211.114.66.77	211.114.66.77

IP Address	Status	Action
164.124.101.2	Active	Moloch
172.217.25.14	Active	Moloch
211.114.66.77	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49809 -> 216.58.220.195:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLS 1.2 192.168.56.102:49809 216.58.220.195:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=upload.video.google.com	4c:f7:71:9d:b2:c7:1b:2b:a2:f7:d5:41:9c:01:ca:78:4e:d0:c4:cb

This executable has a PDB path (1 event)

pdb_path

C:\pax\nunuke3\hukugekepuwiho\yole-zujuhiniwe\daz 60 la.pdb

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 757869 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1
__exception__ May 28, 2021, 8:20 a.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 _zabiray@8+0x5c3 seleja+0x5e8f43 @ 0x9e8f43 _zabiray@8+0x14bb seleja+0x5e9e3b @ 0x9e9e3b _zabiray@8-0x5e677e seleja+0x2202 @ 0x402202 _zabiray@8-0x5e68d1 seleja+0x20af @ 0x4020af BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1635120 registers.edi: 15728640 registers.eax: 4294967288 registers.ebp: 1635172 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 4748	1

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 event)

suspicious_features

POST method with no referer header

suspicious_request

POST https://update.googleapis.com/service/update2?cup2key=10:1895035685&cup2hreq=72915f2a185bd04d4a4507b96e78435e1e4d450e3fccbcf7802dca34e4dee720

Performs some HTTP requests (3 events)

request	HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request	HEAD http://r2---sn-3u-bh2z7.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=175.208.134.150&mm=28&mn=sn-3u-bh2z7&ms=nvh&mt=1622157617&mv=m&mvi=2&pl=18&shardbypass=yes
request	POST https://update.googleapis.com/service/update2?cup2key=10:1895035685&cup2hreq=72915f2a185bd04d4a4507b96e78435e1e4d450e3fccbcf7802dca34e4dee720

Sends data using the HTTP POST Method (1 event)

request

POST https://update.googleapis.com/service/update2?cup2key=10:1895035685&cup2hreq=72915f2a185bd04d4a4507b96e78435e1e4d450e3fccbcf7802dca34e4dee720

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory May 28, 2021, 8:20 a.m.	process_identifier: 232 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 6066176 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x025f0000 process_handle: 0xffffffff	1	0	0

Foreign language identified in PE resource (38 events)

name

RT_CURSOR

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x00607d98

size

0x00000130

name

RT_CURSOR

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x00607d98

size

0x00000130

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x006077a8

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x006077a8

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x006077a8

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x006077a8

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x006077a8

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x006077a8

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x006077a8

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x006077a8

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x006077a8

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x006077a8

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x006077a8

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x006077a8

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x006077a8

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x006077a8

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x006077a8

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x006077a8

size

0x00000468

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x00608ea8

size

0x000000fa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x00608ea8

size

0x000000fa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x00608ea8

size

0x000000fa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x00608ea8

size

0x000000fa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x00608ea8

size

0x000000fa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x00608ea8

size

0x000000fa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x00608ea8

size

0x000000fa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x00608ea8

size

0x000000fa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x00608ea8

size

0x000000fa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x00608ea8

size

0x000000fa

name

RT_ACCELERATOR

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x00607c88

size

0x00000050

name

RT_ACCELERATOR

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x00607c88

size

0x00000050

name

RT_ACCELERATOR

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x00607c88

size

0x00000050

name

RT_ACCELERATOR

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x00607c88

size

0x00000050

name

RT_GROUP_CURSOR

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x00607ec8

size

0x00000014

name

RT_GROUP_CURSOR

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x00607ec8

size

0x00000014

name

RT_GROUP_ICON

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x00607c10

size

0x00000076

name

RT_GROUP_ICON

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x00607c10

size

0x00000076

name

RT_VERSION

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x00607ee0

size

0x00000144

name

RT_VERSION

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_ARABIC_TUNISIA

offset

0x00607ee0

size

0x00000144

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x005e9000', u'virtual_address': u'0x00001000', u'entropy': 7.997929237272558, u'name': u'.text', u'virtual_size': u'0x005e8e9b'}

entropy

7.99792923727

description

A section with a high entropy has been found

entropy

0.984145052443

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 event)

host

172.217.25.14

File has been identified by 18 AntiVirus engines on VirusTotal as malicious (18 events)

Elastic	malicious (high confidence)
FireEye	Generic.mg.38976248b5751e58
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_70% (D)
Cyren	W32/Kryptik.EED.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
McAfee-GW-Edition	BehavesLike.Win32.Lockbit.vc
SentinelOne	Static AI - Suspicious PE
eGambit	Unsafe.AI_Score_99%
Microsoft	Trojan:Win32/Azorult.RW!MTB
Cynet	Malicious (score: 100)
BitDefenderTheta	Gen:NN.ZexaF.34692.@xW@ai2qLhpG
Malwarebytes	Trojan.MalPack.GS
Rising	Malware.Heuristic!ET#80% (RDMK:cmRtazoIDIQVwPRIiqsOkX4btQB/)
Ikarus	Trojan.Win32.Crypt
MaxSecure	Trojan.Malware.300983.susgen

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ May 28, 2021, 8:20 a.m.	tid: 4748 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

seleja.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All