Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	June 2, 2021, 5:55 p.m.	June 2, 2021, 6:12 p.m.

Size	321.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`bc004ebe4199980b8686dc9202f3b7cb`
SHA256	`c129ece5ce4cc5bc3c8d93ba6801c79e644bf838f4adb262bf7780476576bde1`
CRC32	`F2C58965`
ssdeep	`6144:W4p1j3VUf82XBk7Cc2ZZOQx4HNsWjnwVHLCj6i:W4p1Rq82u7CcdQ6NsWeH`
PDB Path	C:\rarucezecab\vosonusip-mot-sefu.pdb
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware Malicious_Packer_Zero - Malicious Packer OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library

toolspab1.exe "C:\Users\test22\AppData\Local\Temp\toolspab1.exe"
9132

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
172.67.188.154	Active	Moloch
172.67.75.172	Active	Moloch
164.124.101.2	Active	Moloch
172.217.25.14	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

C:\rarucezecab\vosonusip-mot-sefu.pdb

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 5585 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1
__exception__ June 2, 2021, 5:55 p.m.	stacktrace: LocalSize+0xe4 BasepMapModuleHandle-0x31 kernel32+0x2e825 @ 0x7574e825 toolspab1+0x2e44f @ 0x42e44f toolspab1+0x2f38c @ 0x42f38c toolspab1+0x4622 @ 0x404622 toolspab1+0x44cf @ 0x4044cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1633000 registers.edi: 5242880 registers.eax: 4294967288 registers.ebp: 1633052 registers.edx: 6 registers.ebx: 0 registers.esi: 0 registers.ecx: 1660	1

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory June 2, 2021, 5:55 p.m.	process_identifier: 9132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 49152 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0051c000 process_handle: 0xffffffff	1	0	0

Foreign language identified in PE resource (31 events)

name

RT_CURSOR

language

LANG_LATVIAN

filetype

dBase III DBT, version number 0, next free block index 40

sublanguage

SUBLANG_DEFAULT

offset

0x00055f30

size

0x000010a8

name

RT_CURSOR

language

LANG_LATVIAN

filetype

dBase III DBT, version number 0, next free block index 40

sublanguage

SUBLANG_DEFAULT

offset

0x00055f30

size

0x000010a8

name

RT_CURSOR

language

LANG_LATVIAN

filetype

dBase III DBT, version number 0, next free block index 40

sublanguage

SUBLANG_DEFAULT

offset

0x00055f30

size

0x000010a8

name

RT_ICON

language

LANG_LATVIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x000557e0

size

0x00000468

name

RT_ICON

language

LANG_LATVIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x000557e0

size

0x00000468

name

RT_ICON

language

LANG_LATVIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x000557e0

size

0x00000468

name

RT_ICON

language

LANG_LATVIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x000557e0

size

0x00000468

name

RT_ICON

language

LANG_LATVIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x000557e0

size

0x00000468

name

RT_ICON

language

LANG_LATVIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x000557e0

size

0x00000468

name

RT_ICON

language

LANG_LATVIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x000557e0

size

0x00000468

name

RT_ICON

language

LANG_LATVIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x000557e0

size

0x00000468

name

RT_ICON

language

LANG_LATVIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x000557e0

size

0x00000468

name

RT_ICON

language

LANG_LATVIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x000557e0

size

0x00000468

name

RT_ICON

language

LANG_LATVIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x000557e0

size

0x00000468

name

RT_ICON

language

LANG_LATVIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x000557e0

size

0x00000468

name

RT_ICON

language

LANG_LATVIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x000557e0

size

0x00000468

name

RT_ICON

language

LANG_LATVIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x000557e0

size

0x00000468

name

RT_ICON

language

LANG_LATVIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x000557e0

size

0x00000468

name

RT_ICON

language

LANG_LATVIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x000557e0

size

0x00000468

name

RT_ICON

language

LANG_LATVIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_DEFAULT

offset

0x000557e0

size

0x00000468

name

RT_STRING

language

LANG_LATVIAN

filetype

data

sublanguage

SUBLANG_DEFAULT

offset

0x000580c0

size

0x0000017a

name

RT_STRING

language

LANG_LATVIAN

filetype

data

sublanguage

SUBLANG_DEFAULT

offset

0x000580c0

size

0x0000017a

name

RT_STRING

language

LANG_LATVIAN

filetype

data

sublanguage

SUBLANG_DEFAULT

offset

0x000580c0

size

0x0000017a

name

RT_STRING

language

LANG_LATVIAN

filetype

data

sublanguage

SUBLANG_DEFAULT

offset

0x000580c0

size

0x0000017a

name

RT_STRING

language

LANG_LATVIAN

filetype

data

sublanguage

SUBLANG_DEFAULT

offset

0x000580c0

size

0x0000017a

name

RT_ACCELERATOR

language

LANG_LATVIAN

filetype

data

sublanguage

SUBLANG_DEFAULT

offset

0x00055cc0

size

0x00000050

name

RT_GROUP_CURSOR

language

LANG_LATVIAN

filetype

data

sublanguage

SUBLANG_DEFAULT

offset

0x00056fd8

size

0x00000030

name

RT_GROUP_ICON

language

LANG_LATVIAN

filetype

data

sublanguage

SUBLANG_DEFAULT

offset

0x00055c48

size

0x00000076

name

RT_GROUP_ICON

language

LANG_LATVIAN

filetype

data

sublanguage

SUBLANG_DEFAULT

offset

0x00055c48

size

0x00000076

name

RT_GROUP_ICON

language

LANG_LATVIAN

filetype

data

sublanguage

SUBLANG_DEFAULT

offset

0x00055c48

size

0x00000076

name

RT_VERSION

language

LANG_LATVIAN

filetype

data

sublanguage

SUBLANG_DEFAULT

offset

0x00057008

size

0x00000144

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0002e600', u'virtual_address': u'0x00001000', u'entropy': 6.924111172532856, u'name': u'.text', u'virtual_size': u'0x0002e541'}

entropy

6.92411117253

description

A section with a high entropy has been found

entropy

0.578783151326

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (3 events)

host	172.67.188.154
host	172.67.75.172
host	172.217.25.14

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ June 2, 2021, 5:55 p.m.	tid: 1660 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

File has been identified by 26 AntiVirus engines on VirusTotal as malicious (26 events)

Bkav	W32.AIDetect.malware2
Elastic	malicious (high confidence)
FireEye	Generic.mg.bc004ebe4199980b
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7GW	Hacktool ( 700007861 )
Cybereason	malicious.f06363
Cyren	W32/Kryptik.EFF.gen!Eldorado
APEX	Malicious
Avast	FileRepMetagen [Malware]
Rising	Malware.Heuristic!ET#88% (RDMK:cmRtazqTSPeGkQfVbzJVvazKlA35)
Sophos	ML/PE-A + Troj/Kryptik-TR
SentinelOne	Static AI - Malicious PE
Webroot	W32.Trojan.Gen
Microsoft	Trojan:Win32/Hynamer.C!ml
GData	Win32.Trojan.BSE.18JIJAK
Cynet	Malicious (score: 100)
Acronis	suspicious
McAfee	Packed-GDT!BC004EBE4199
Malwarebytes	Trojan.MalPack.GS
Ikarus	Trojan-Spy.Win32.Raccoon
eGambit	Unsafe.AI_Score_99%
BitDefenderTheta	Gen:NN.ZexaF.34692.uqW@aedAjgjc
AVG	FileRepMetagen [Malware]
CrowdStrike	win/malicious_confidence_90% (D)
MaxSecure	Trojan.Malware.300983.susgen

toolspab1.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All