Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	July 29, 2021, 10:50 a.m.	July 29, 2021, 11:02 a.m.

Size	1.2MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d2c0c03331999024a0b92a6c4a29ae5b`
SHA256	`9f00050fee1102d44931b93fc60bf70f094b2b43061f5d8d713c2d01eab13b41`
CRC32	`A7BA5045`
ssdeep	`24576:zfgw1Zk/uiT7D2bH95zY8q1grd3l8ib4Ii2XVARIT866EbgBgT:bb1Zk/uiTu795zYt1grd314f2lARINxn`
Yara	IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature

lv.exe "C:\Users\test22\AppData\Local\Temp\lv.exe"
300
- vpn.exe "C:\Users\test22\AppData\Local\Temp\New Feature\vpn.exe"
  2140
  - cmd.exe cmd /c IZFw
    2244
  - cmd.exe cmd /c cmd < Luce.xltx
    2328
    - cmd.exe cmd
      2400
      - findstr.exe findstr /V /R "^XMtOLTeGRaAISVixYSqxnHVaMSZqGjATpnvNWxKMDWvOBGfkTIcDOTwfRMeSUwqERHnznznEigQBluRuDNuYQWtfviVlsRSCWRWUiVMmlRcArmyKVWf$" Oscurato.xltx
        2444
      - Sai.exe.com Sai.exe.com X
        2492
        
        Sai.exe.com C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Sai.exe.com X
        2564
      - choice.exe choice /C YN /D Y /t 30
        2632
- 4.exe "C:\Users\test22\AppData\Local\Temp\New Feature\4.exe"
  2176

Name	Response	Post-Analysis Lookup
gFalWYIwGOZBDjWwkf.gFalWYIwGOZBDjWwkf

IP Address	Status	Action
162.241.253.147	Active	Moloch
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (3 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent July 29, 2021, 10:50 a.m.			0	0
IsDebuggerPresent July 29, 2021, 10:50 a.m.			0	0
IsDebuggerPresent July 29, 2021, 10:50 a.m.			0	0

Command line console output was observed (25 events)

Time & API	Arguments	Status	Return
WriteConsoleW July 29, 2021, 10:50 a.m.	buffer: 'IZFw' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x0000000b	1	1
WriteConsoleW July 29, 2021, 10:50 a.m.	buffer: Microsoft Windows [Version 6.1.7601] console_handle: 0x00000007	1	1
WriteConsoleW July 29, 2021, 10:50 a.m.	buffer: Copyright (c) 2009 Microsoft Corporation. All rights reserved. console_handle: 0x00000007	1	1
WriteConsoleW July 29, 2021, 10:50 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\IXP000.TMP> console_handle: 0x00000007	1	1
WriteConsoleW July 29, 2021, 10:50 a.m.	buffer: Set hwlUhevscgtBvBzIBVJPPVKeBqh=DESKTOP- console_handle: 0x00000007	1	1
WriteConsoleW July 29, 2021, 10:50 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\IXP000.TMP> console_handle: 0x00000007	1	1
WriteConsoleW July 29, 2021, 10:50 a.m.	buffer: Set csEdfaArjTWEOiVtqBnkifXvdRSadi=QO5QU33 console_handle: 0x00000007	1	1
WriteConsoleW July 29, 2021, 10:50 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\IXP000.TMP> console_handle: 0x00000007	1	1
WriteConsoleW July 29, 2021, 10:50 a.m.	buffer: if %userdomain%==%hwlUhevscgtBvBzIBVJPPVKeBqh% exit console_handle: 0x00000007	1	1
WriteConsoleW July 29, 2021, 10:50 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\IXP000.TMP> console_handle: 0x00000007	1	1
WriteConsoleW July 29, 2021, 10:50 a.m.	buffer: Set wFCyjlJBNawchA=MZ console_handle: 0x00000007	1	1
WriteConsoleW July 29, 2021, 10:50 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\IXP000.TMP> console_handle: 0x00000007	1	1
WriteConsoleW July 29, 2021, 10:50 a.m.	buffer: <nul set /p = "%wFCyjlJBNawchA%" > Sai.exe.com console_handle: 0x00000007	1	1
WriteConsoleW July 29, 2021, 10:50 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\IXP000.TMP> console_handle: 0x00000007	1	1
WriteConsoleW July 29, 2021, 10:50 a.m.	buffer: findstr /V /R "^XMtOLTeGRaAISVixYSqxnHVaMSZqGjATpnvNWxKMDWvOBGfkTIcDOTwfRMeSUwqERHnznznEigQBluRuDNuYQWtfviVlsRSCWRWUiVMmlRcArmyKVWf$" Oscurato.xltx >> Sai.exe.com" console_handle: 0x00000007	1	1
WriteConsoleW July 29, 2021, 10:50 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\IXP000.TMP> console_handle: 0x00000007	1	1
WriteConsoleW July 29, 2021, 10:50 a.m.	buffer: copy Rosa.xltx X console_handle: 0x00000007	1	1
WriteConsoleW July 29, 2021, 10:50 a.m.	buffer: 1 file(s) copied. console_handle: 0x00000007	1	1
WriteConsoleW July 29, 2021, 10:50 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\IXP000.TMP> console_handle: 0x00000007	1	1
WriteConsoleW July 29, 2021, 10:50 a.m.	buffer: start Sai.exe.com X console_handle: 0x00000007	1	1
WriteConsoleW July 29, 2021, 10:50 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\IXP000.TMP> console_handle: 0x00000007	1	1
WriteConsoleW July 29, 2021, 10:50 a.m.	buffer: choice /C YN /D Y /t 30 console_handle: 0x00000007	1	1
WriteConsoleW July 29, 2021, 10:50 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\IXP000.TMP> console_handle: 0x00000007	1	1
WriteConsoleW July 29, 2021, 10:50 a.m.	buffer: [Y,N]? console_handle: 0x00000007	1	1
WriteConsoleW July 29, 2021, 10:50 a.m.	buffer: Y console_handle: 0x00000007	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 29, 2021, 10:50 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1
__exception__ July 29, 2021, 10:50 a.m.	stacktrace: _vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x771d9e31 GetProfileStringW+0x5b74 EnumResourceNamesW-0x40041 kernel32+0x43120 @ 0x750a3120 4+0x226fd @ 0x4226fd 4+0x22cc8 @ 0x422cc8 4+0x2776 @ 0x402776 4+0x25ff @ 0x4025ff BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84 exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58 exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 499288 exception.address: 0x771d9e58 registers.esp: 1626820 registers.edi: 5177344 registers.eax: 4294967288 registers.ebp: 1626864 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 5177344	1

Allocates read-write-execute memory (usually to unpack itself) (27 events)

Time & API	Arguments	Status
NtProtectVirtualMemory July 29, 2021, 10:50 a.m.	process_identifier: 300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73b41000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 29, 2021, 10:50 a.m.	process_identifier: 300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x767a1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 29, 2021, 10:50 a.m.	process_identifier: 300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10001000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 29, 2021, 10:50 a.m.	process_identifier: 300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73b31000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 29, 2021, 10:50 a.m.	process_identifier: 300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73a01000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 29, 2021, 10:50 a.m.	process_identifier: 300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73951000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 29, 2021, 10:50 a.m.	process_identifier: 300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73a02000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 29, 2021, 10:50 a.m.	process_identifier: 2140 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73c71000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 29, 2021, 10:50 a.m.	process_identifier: 2140 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73b91000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 29, 2021, 10:50 a.m.	process_identifier: 2140 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73a61000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 29, 2021, 10:50 a.m.	process_identifier: 2140 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73b92000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 29, 2021, 10:50 a.m.	process_identifier: 2140 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73c11000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 29, 2021, 10:50 a.m.	process_identifier: 2140 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73c13000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 29, 2021, 10:50 a.m.	process_identifier: 2140 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73b61000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 29, 2021, 10:50 a.m.	process_identifier: 2176 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 90112 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00531000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 29, 2021, 10:50 a.m.	process_identifier: 2492 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73b91000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 29, 2021, 10:50 a.m.	process_identifier: 2492 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73a61000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 29, 2021, 10:50 a.m.	process_identifier: 2492 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73b92000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 29, 2021, 10:50 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73b91000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 29, 2021, 10:50 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73a61000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 29, 2021, 10:50 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73b92000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 29, 2021, 10:50 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03190000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory July 29, 2021, 10:50 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 102400 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x043c1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 29, 2021, 10:50 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x043da000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 29, 2021, 10:50 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x043e2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 29, 2021, 10:50 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x043e4000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 29, 2021, 10:50 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x043e5000 process_handle: 0xffffffff	1

Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (2 events)

Time & API	Arguments	Status	Return	Repeated
GetDiskFreeSpaceW July 29, 2021, 10:50 a.m.	number_of_free_clusters: 3005954 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1	0
GetDiskFreeSpaceW July 29, 2021, 10:50 a.m.	number_of_free_clusters: 3005954 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1	0

Creates executable files on the filesystem (7 events)

file	C:\Users\test22\AppData\Local\Temp\IXP000.TMP\Sai.exe.com
file	C:\Program Files (x86)\foler\olader\acppage.dll
file	C:\Users\test22\AppData\Local\Temp\New Feature\vpn.exe
file	C:\Program Files (x86)\foler\olader\acledit.dll
file	C:\Program Files (x86)\foler\olader\adprovider.dll
file	C:\Users\test22\AppData\Local\Temp\New Feature\4.exe
file	C:\Users\test22\AppData\Local\Temp\nsr55DC.tmp\UAC.dll

Drops an executable to the user AppData folder (3 events)

file	C:\Users\test22\AppData\Local\Temp\nsr55DC.tmp\UAC.dll
file	C:\Users\test22\AppData\Local\Temp\New Feature\vpn.exe
file	C:\Users\test22\AppData\Local\Temp\New Feature\4.exe

Communicates with host for which no DNS query was performed (1 event)

host

162.241.253.147

Attempts to identify installed AV products by installation directory (2 events)

file	C:\ProgramData\AVAST Software
file	C:\ProgramData\AVG

Installs itself for autorun at Windows startup (1 event)

reg_key

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0

reg_value

rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP000.TMP\"

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2400 resumed a thread in remote process 2492
NtResumeThread July 29, 2021, 10:50 a.m.	thread_handle: 0x00000134 suspend_count: 0 process_identifier: 2492	1	0	0

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ July 29, 2021, 10:50 a.m.	tid: 2180 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

File has been identified by 35 AntiVirus engines on VirusTotal as malicious (35 events)

Lionic	Trojan.Win32.Agent.m!c
MicroWorld-eScan	Gen:Variant.Graftor.983589
FireEye	Gen:Variant.Graftor.983589
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
Alibaba	TrojanPSW:Win32/Coins.05d10241
BitDefenderTheta	Gen:NN.ZexaF.34050.uuW@aeui0LhI
Cyren	W32/Kryptik.ESK.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	multiple detections
Paloalto	generic.ml
ClamAV	Win.Packed.Filerepmalware-9864117-0
Kaspersky	Backdoor.Win32.Agent.myucnb
BitDefender	Gen:Variant.Graftor.983589
SUPERAntiSpyware	Trojan.Agent/GenericKD
APEX	Malicious
Emsisoft	Trojan.Crypt (A)
McAfee-GW-Edition	BehavesLike.Win32.Generic.tc
Sophos	Troj/Agent-BHFT
Ikarus	Malware.Win32.AVEvader
eGambit	Unsafe.AI_Score_99%
Microsoft	Trojan:Win32/Caynamer.A!ml
GData	Win32.Trojan.BSE.HLJWVB
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.C4493298
McAfee	Artemis!D2C0C0333199
MAX	malware (ai score=80)
VBA32	BScope.Trojan.Crypt
Malwarebytes	Malware.AI.4024116118
Avast	Win32:PWSX-gen [Trj]
Rising	Trojan.Kryptik!1.C6FC (CLASSIC)
Webroot	W32.Malware.Gen
AVG	Win32:PWSX-gen [Trj]
Panda	Trj/CI.A
Qihoo-360	Win32/TrojanSpy.Coins.HgIASZMA

lv.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All