Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	June 30, 2021, 10:11 a.m.	June 30, 2021, 10:14 a.m.

Size	2.0MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`db77d643f56c5e832b3b67492debaedd`
SHA256	`90cf380fe740fe0238b6657feee9905d2f03a6945bcde6db01f24948a3a41a7a`
CRC32	`45306C2D`
ssdeep	`49152:sW6O75oig21VgjmeqP0QE8oIw+P3Rp/exp969:sVb869qNpoIw+PfQT2`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature

Protecteded.exe "C:\Users\test22\AppData\Local\Temp\Protecteded.exe"
4564
- Protecteded.exe "C:\Users\test22\AppData\Local\Temp\Protecteded.exe"
  7680

Name	Response	Post-Analysis Lookup
csoltero.duckdns.org	A 194.5.98.207	194.5.98.207

IP Address	Status	Action
164.124.101.2	Active	Moloch
172.217.25.14	Active	Moloch
194.5.98.207	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.102:57660 -> 164.124.101.2:53	2022918	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain	Misc activity
UDP 192.168.56.102:61459 -> 164.124.101.2:53	2022918	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain	Misc activity
TCP 192.168.56.102:49809 -> 194.5.98.207:672	906200098	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (BitRAT)	undefined
TCP 194.5.98.207:672 -> 192.168.56.102:49809	2030724	ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)	Domain Observed Used for C2 Detected

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLS 1.2 192.168.56.102:49809 194.5.98.207:672	CN=BitRAT	CN=BitRAT	43:6b:7c:fa:7e:2f:a5:fd:57:ea:db:1c:4e:63:f0:14:28:3a:be:c1

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW June 30, 2021, 10:11 a.m.	computer_name: TEST22-PC	1	1	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 30, 2021, 10:11 a.m.		1	1	0

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

CUSTOM

One or more processes crashed (50 out of 2601 events)

Time & API	Arguments	Status
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15bd exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5565 exception.address: 0x4015bd registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15be exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5566 exception.address: 0x4015be registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15bf exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5567 exception.address: 0x4015bf registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15c0 exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5568 exception.address: 0x4015c0 registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15c1 exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5569 exception.address: 0x4015c1 registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15c2 exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5570 exception.address: 0x4015c2 registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15c3 exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5571 exception.address: 0x4015c3 registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15c4 exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5572 exception.address: 0x4015c4 registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15c5 exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5573 exception.address: 0x4015c5 registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15c6 exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5574 exception.address: 0x4015c6 registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15c7 exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5575 exception.address: 0x4015c7 registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15c8 exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5576 exception.address: 0x4015c8 registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15c9 exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5577 exception.address: 0x4015c9 registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15ca exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5578 exception.address: 0x4015ca registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15cb exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5579 exception.address: 0x4015cb registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15cc exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5580 exception.address: 0x4015cc registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15cd exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5581 exception.address: 0x4015cd registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15ce exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5582 exception.address: 0x4015ce registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15cf exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5583 exception.address: 0x4015cf registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15d0 exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5584 exception.address: 0x4015d0 registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15d1 exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5585 exception.address: 0x4015d1 registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15d2 exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5586 exception.address: 0x4015d2 registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15d3 exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5587 exception.address: 0x4015d3 registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15d4 exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5588 exception.address: 0x4015d4 registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15d5 exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5589 exception.address: 0x4015d5 registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15d6 exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5590 exception.address: 0x4015d6 registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15d7 exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5591 exception.address: 0x4015d7 registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15d8 exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5592 exception.address: 0x4015d8 registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15d9 exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5593 exception.address: 0x4015d9 registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15da exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5594 exception.address: 0x4015da registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15db exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5595 exception.address: 0x4015db registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15dc exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5596 exception.address: 0x4015dc registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15dd exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5597 exception.address: 0x4015dd registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15de exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5598 exception.address: 0x4015de registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15df exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5599 exception.address: 0x4015df registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15e0 exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5600 exception.address: 0x4015e0 registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15e1 exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5601 exception.address: 0x4015e1 registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15e2 exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5602 exception.address: 0x4015e2 registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15e3 exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5603 exception.address: 0x4015e3 registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15e4 exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5604 exception.address: 0x4015e4 registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15e5 exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5605 exception.address: 0x4015e5 registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15e6 exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5606 exception.address: 0x4015e6 registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ec exception.symbol: protecteded+0x15e7 exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5607 exception.address: 0x4015e7 registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ec 00 exception.symbol: protecteded+0x15e8 exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5608 exception.address: 0x4015e8 registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 ec 00 00 exception.symbol: protecteded+0x15e9 exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5609 exception.address: 0x4015e9 registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 ec 00 00 00 exception.symbol: protecteded+0x15ea exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5610 exception.address: 0x4015ea registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 ec 00 00 00 00 exception.symbol: protecteded+0x15eb exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5611 exception.address: 0x4015eb registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 ec 00 00 00 00 00 exception.symbol: protecteded+0x15ec exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5612 exception.address: 0x4015ec registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 ec 00 00 00 00 00 00 exception.symbol: protecteded+0x15ed exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5613 exception.address: 0x4015ed registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1
__exception__ June 30, 2021, 10:11 a.m.	stacktrace: protecteded+0x186463 @ 0x586463 EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 protecteded+0x20fe @ 0x4020fe RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 ec 00 00 00 00 00 00 00 exception.symbol: protecteded+0x15ee exception.instruction: add byte ptr [eax], al exception.module: Protecteded.exe exception.exception_code: 0xc0000005 exception.offset: 5614 exception.address: 0x4015ee registers.esp: 1637252 registers.edi: 0 registers.eax: 0 registers.ebp: 1637312 registers.edx: 1637284 registers.ebx: 1923194888 registers.esi: 1923210905 registers.ecx: 0	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Connects to a Dynamic DNS Domain (1 event)

domain

csoltero.duckdns.org

Allocates read-write-execute memory (usually to unpack itself) (50 out of 58 events)

Time & API	Arguments	Status
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73772000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00650000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x773bf000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006ae000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7294a000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006ae000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006ae000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006c5000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00405000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006ab000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006ab000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006ae000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00405000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006c6000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006c6000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006ab000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00405000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006c6000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006c6000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006c6000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00405000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006c6000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006c6000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006c6000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00405000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006b3000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006b3000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006c6000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00405000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006c6000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006c6000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006b3000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00405000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006c6000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006c6000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006c6000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00405000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006c6000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006c6000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006ab000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00405000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006ab000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006ab000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006ae000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00405000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006ae000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006ae000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006ab000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00405000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006ab000 process_handle: 0xffffffff	1

A process attempted to delay the analysis task. (1 event)

description

Protecteded.exe tried to sleep 658 seconds, actually delayed analysis time by 658 seconds

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory June 30, 2021, 10:11 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 24576 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x003f0000 process_handle: 0xffffffff	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0018a000', u'virtual_address': u'0x00001000', u'entropy': 7.979596213688398, u'name': u'.text', u'virtual_size': u'0x00189ef4'}

entropy

7.97959621369

description

A section with a high entropy has been found

entropy

0.768031189084

description

Overall entropy of this PE file is high

Checks for the Locally Unique Identifier on the system for a suspicious privilege (2 events)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW June 30, 2021, 10:11 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0
LookupPrivilegeValueW June 30, 2021, 10:11 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1	0

Yara rule detected in process memory (8 events)

description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep

One or more of the buffers contains an embedded PE file (1 event)

buffer

Buffer with sha1: a02a74a95f42d3c8d3dd6b330c73d03d59b6fe25

Communicates with host for which no DNS query was performed (1 event)

host

172.217.25.14

Looks for the Windows Idle Time to determine the uptime (1 event)

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation June 30, 2021, 10:11 a.m.	information_class: 8 (SystemProcessorPerformanceInformation)	1	0	0

Installs an hook procedure to monitor for mouse events (1 event)

Time & API	Arguments	Status	Return	Repeated
SetWindowsHookExW June 30, 2021, 10:11 a.m.	thread_identifier: 0 callback_function: 0x0050fc98 hook_identifier: 14 (WH_MOUSE_LL) module_address: 0x00000000	1	25232473	0

Creates a windows hook that monitors keyboard input (keylogger) (1 event)

Time & API	Arguments	Status	Return	Repeated
SetWindowsHookExW June 30, 2021, 10:11 a.m.	thread_identifier: 0 callback_function: 0x004cb66b hook_identifier: 13 (WH_KEYBOARD_LL) module_address: 0x00000000	1	12911869	0

Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 4564 called NtSetContextThread to modify thread in remote process 7680
NtSetContextThread June 30, 2021, 10:11 a.m.	registers.eip: 8273920 registers.esp: 1638384 registers.edi: 0 registers.eax: 8266608 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 2000355780 thread_handle: 0x00000128 process_identifier: 7680	1	0	0

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 4564 resumed a thread in remote process 7680
NtResumeThread June 30, 2021, 10:11 a.m.	thread_handle: 0x00000128 suspend_count: 1 process_identifier: 7680	1	0	0

Executed a process and injected code into it, probably while unpacking (34 events)

Time & API	Arguments	Status	Return
CreateProcessInternalW June 30, 2021, 10:11 a.m.	thread_identifier: 7748 thread_handle: 0x00000128 process_identifier: 7680 current_directory: filepath: C:\Users\test22\AppData\Local\Temp\Protecteded.exe track: 1 command_line: filepath_r: C:\Users\test22\AppData\Local\Temp\Protecteded.exe stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000130	1	1
NtGetContextThread June 30, 2021, 10:11 a.m.	thread_handle: 0x00000128	1	0
NtUnmapViewOfSection June 30, 2021, 10:11 a.m.	base_address: 0x00400000 region_size: 4096 process_identifier: 7680 process_handle: 0x00000130	1	0
NtMapViewOfSection June 30, 2021, 10:11 a.m.	section_handle: 0x000000f4 process_identifier: 7680 commit_size: 0 win32_protect: 64 (PAGE_EXECUTE_READWRITE) buffer: base_address: 0x00400000 allocation_type: 0 () section_offset: 0 view_size: 4100096 process_handle: 0x00000130	1	0
NtSetContextThread June 30, 2021, 10:11 a.m.	registers.eip: 8273920 registers.esp: 1638384 registers.edi: 0 registers.eax: 8266608 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 2000355780 thread_handle: 0x00000128 process_identifier: 7680	1	0
NtResumeThread June 30, 2021, 10:11 a.m.	thread_handle: 0x00000128 suspend_count: 1 process_identifier: 7680	1	0
NtResumeThread June 30, 2021, 10:11 a.m.	thread_handle: 0x000002c8 suspend_count: 1 process_identifier: 7680	1	0
NtResumeThread June 30, 2021, 10:11 a.m.	thread_handle: 0x000002d0 suspend_count: 1 process_identifier: 7680	1	0
NtResumeThread June 30, 2021, 10:11 a.m.	thread_handle: 0x000002d8 suspend_count: 1 process_identifier: 7680	1	0
NtResumeThread June 30, 2021, 10:11 a.m.	thread_handle: 0x000002e0 suspend_count: 1 process_identifier: 7680	1	0
NtResumeThread June 30, 2021, 10:11 a.m.	thread_handle: 0x000002e8 suspend_count: 1 process_identifier: 7680	1	0
NtResumeThread June 30, 2021, 10:11 a.m.	thread_handle: 0x000002f0 suspend_count: 1 process_identifier: 7680	1	0
NtResumeThread June 30, 2021, 10:11 a.m.	thread_handle: 0x0000032c suspend_count: 1 process_identifier: 7680	1	0
NtResumeThread June 30, 2021, 10:11 a.m.	thread_handle: 0x0000038c suspend_count: 1 process_identifier: 7680	1	0
NtResumeThread June 30, 2021, 10:12 a.m.	thread_handle: 0x00000394 suspend_count: 1 process_identifier: 7680	1	0
NtResumeThread June 30, 2021, 10:12 a.m.	thread_handle: 0x00000388 suspend_count: 1 process_identifier: 7680	1	0
NtResumeThread June 30, 2021, 10:12 a.m.	thread_handle: 0x0000038c suspend_count: 1 process_identifier: 7680	1	0
NtResumeThread June 30, 2021, 10:12 a.m.	thread_handle: 0x00000394 suspend_count: 1 process_identifier: 7680	1	0
NtResumeThread June 30, 2021, 10:12 a.m.	thread_handle: 0x0000038c suspend_count: 1 process_identifier: 7680	1	0
NtResumeThread June 30, 2021, 10:12 a.m.	thread_handle: 0x0000038c suspend_count: 1 process_identifier: 7680	1	0
NtResumeThread June 30, 2021, 10:12 a.m.	thread_handle: 0x00000398 suspend_count: 1 process_identifier: 7680	1	0
NtResumeThread June 30, 2021, 10:12 a.m.	thread_handle: 0x0000038c suspend_count: 1 process_identifier: 7680	1	0
NtResumeThread June 30, 2021, 10:12 a.m.	thread_handle: 0x00000398 suspend_count: 1 process_identifier: 7680	1	0
NtResumeThread June 30, 2021, 10:12 a.m.	thread_handle: 0x00000118 suspend_count: 1 process_identifier: 7680	1	0
NtResumeThread June 30, 2021, 10:12 a.m.	thread_handle: 0x00000118 suspend_count: 1 process_identifier: 7680	1	0
NtResumeThread June 30, 2021, 10:13 a.m.	thread_handle: 0x00000118 suspend_count: 1 process_identifier: 7680	1	0
NtResumeThread June 30, 2021, 10:13 a.m.	thread_handle: 0x000001fc suspend_count: 1 process_identifier: 7680	1	0
NtResumeThread June 30, 2021, 10:13 a.m.	thread_handle: 0x0000039c suspend_count: 1 process_identifier: 7680	1	0
NtResumeThread June 30, 2021, 10:13 a.m.	thread_handle: 0x000001fc suspend_count: 1 process_identifier: 7680	1	0
NtResumeThread June 30, 2021, 10:13 a.m.	thread_handle: 0x0000039c suspend_count: 1 process_identifier: 7680	1	0
NtResumeThread June 30, 2021, 10:13 a.m.	thread_handle: 0x000003a0 suspend_count: 1 process_identifier: 7680	1	0
NtResumeThread June 30, 2021, 10:13 a.m.	thread_handle: 0x00000394 suspend_count: 1 process_identifier: 7680	1	0
NtResumeThread June 30, 2021, 10:13 a.m.	thread_handle: 0x00000118 suspend_count: 1 process_identifier: 7680	1	0
NtResumeThread June 30, 2021, 10:13 a.m.	thread_handle: 0x00000390 suspend_count: 1 process_identifier: 7680	1	0

File has been identified by 50 AntiVirus engines on VirusTotal as malicious (50 events)

Bkav	W32.AIDetect.malware2
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Razy.882840
FireEye	Generic.mg.db77d643f56c5e83
ALYac	Gen:Variant.Razy.882840
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0057cb4c1 )
Alibaba	Trojan:Win32/Injector.3d12c366
K7GW	Trojan ( 0057cb4c1 )
Cyren	W32/Trojan.FLFY-5819
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Injector.EPJG
TrendMicro-HouseCall	TROJ_GEN.R002H0CFS21
Avast	Win32:PWSX-gen [Trj]
Kaspersky	Trojan-Spy.Win32.Solmyr.nl
BitDefender	Gen:Variant.Razy.882840
Paloalto	generic.ml
AegisLab	Trojan.Win32.Razy.4!c
Tencent	Win32.Trojan.Inject.Auto
Ad-Aware	Gen:Variant.Razy.882840
Sophos	Mal/Generic-S
F-Secure	Heuristic.HEUR/AGEN.1106768
DrWeb	Trojan.Inject4.12925
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win32.VirRansom.vc
Emsisoft	Gen:Variant.Razy.882840 (B)
APEX	Malicious
eGambit	Unsafe.AI_Score_89%
Avira	HEUR/AGEN.1106768
Kingsoft	Win32.Heur.KVM006.a.(kcloud)
Microsoft	Trojan:Win32/Zbot.EP!MTB
Gridinsoft	Trojan.Win32.Downloader.oa
Arcabit	Trojan.Razy.DD7898
ZoneAlarm	Trojan-Spy.Win32.Solmyr.nl
GData	Gen:Variant.Razy.882840
Cynet	Malicious (score: 99)
Acronis	suspicious
McAfee	Artemis!DB77D643F56C
MAX	malware (ai score=83)
VBA32	BScope.TrojanPSW.Racealer
Malwarebytes	Malware.AI.1683986376
Rising	Trojan.Injector!1.C6AF (CLASSIC)
Ikarus	Trojan.Win32.Injector
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/PossibleThreat
AVG	Win32:PWSX-gen [Trj]
Cybereason	malicious.3f56c5
Panda	Trj/CI.A
Qihoo-360	Win32/Trojan.Generic.HykCPkQA

Protecteded.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All