Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 25, 2021, 9:53 a.m.	June 25, 2021, 10:18 a.m.

Size	4.5MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`2a862b1187df98c5bdc36dabb514987a`
SHA256	`b3900e7d10944980b22a99300b754fc68a4e03e243233ffa73e35cc354f1eb31`
CRC32	`9660509A`
ssdeep	`98304:LHOJ7HVtZseuoSBFd/Wp6gJo6zMhk9ItDHAVcb31XfLSbuC+u0KMzZiz:LHONZseuosuzSUmk9iLAVcr1PWbuOs1`
PDB Path	C:\kejasasutowime\n.pdb
Yara	PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description)

proxy-IRXC-setup.exe "C:\Users\test22\AppData\Local\Temp\proxy-IRXC-setup.exe"
2776

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

C:\kejasasutowime\n.pdb

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

AFX_DIALOG_LAYOUT

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 1772984082 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1
__exception__ June 25, 2021, 9:52 a.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x757a31df _CallPattern@8+0x4b8 proxy-irxc-setup+0x457888 @ 0x857888 _CallPattern@8+0x143a proxy-irxc-setup+0x45880a @ 0x85880a _zabiray@8-0x4557ca proxy-irxc-setup+0x1bf6 @ 0x401bf6 _zabiray@8-0x455941 proxy-irxc-setup+0x1a7f @ 0x401a7f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x77407cbf registers.esp: 1627896 registers.edi: 15138816 registers.eax: 4294967288 registers.ebp: 1627948 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2416	1

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory June 25, 2021, 9:52 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4440064 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02de0000 process_handle: 0xffffffff	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00460000', u'virtual_address': u'0x00001000', u'entropy': 7.995675675278564, u'name': u'.text', u'virtual_size': u'0x0045fed0'}

entropy

7.99567567528

description

A section with a high entropy has been found

entropy

0.967289215157

description

Overall entropy of this PE file is high

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ June 25, 2021, 9:52 a.m.	tid: 2416 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

File has been identified by 33 AntiVirus engines on VirusTotal as malicious (33 events)

Elastic	malicious (high confidence)
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Riskware ( 0040eff71 )
K7GW	Riskware ( 0040eff71 )
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:PWSX-gen [Trj]
Kaspersky	UDS:DangerousObject.Multi.Generic
Paloalto	generic.ml
Rising	Trojan.Generic@ML.94 (RDML:gRVcOYG7gul943CPFOirKg)
Sophos	Mal/Generic-R + Troj/Kryptik-TR
McAfee-GW-Edition	BehavesLike.Win32.Emotet.rc
MaxSecure	Trojan.Malware.300983.susgen
FireEye	Generic.mg.2a862b1187df98c5
Emsisoft	Trojan.Agent (A)
SentinelOne	Static AI - Suspicious PE
Jiangmin	Trojan.PSW.Racealer.cln
Webroot	W32.Malware.Gen
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)
Microsoft	Trojan:Win32/Glupteba!ml
Gridinsoft	Trojan.Win32.Packed.lu!heur
AegisLab	Trojan.Win32.Generic.4!c
Cynet	Malicious (score: 100)
McAfee	Artemis!2A862B1187DF
VBA32	BScope.Trojan.Crypt
Malwarebytes	Trojan.MalPack.GS
Ikarus	Trojan.Win32.Crypt
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/GenKryptik.FGWL!tr
BitDefenderTheta	Gen:NN.ZexaF.34758.@x0@aCINzmjO
AVG	Win32:PWSX-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (W)

proxy-IRXC-setup.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All