popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

zxcv.EXE

Gen1 Raccoon Stealer Generic Malware Malicious Library Malicious Packer UPX HTTP DNS ScreenShot KeyLogger Internet API Http API Socket PWS Steal credential OS Processor Check AntiDebug GIF Format PE File DLL JPEG Format AntiVM PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Aug. 17, 2021, 9:52 a.m. Aug. 17, 2021, 10:09 a.m.
Size 1.5MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 575f6a65c28682f88fa808ba8e862d7f
SHA256 5e08ef6445c40ba0c1216c04291b0d9ef48f0983a9aebd25f214e6fc988daa53
CRC32 EF4444B3
ssdeep 24576:F13JKz0ildRWDDD/I1bH1tORRC+ixrw3ORR1+h5LORRY+X1S:F15KzmD+T1toC+ixrw3o1+h5LoY+X1S
Yara
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • Raccoon_Stealer_1_Zero - Raccoon Stealer
  • UPX_Zero - UPX packed file
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
myproskxa.ac.ug
A 185.215.113.77
185.215.113.77
kullasa.ac.ug
A 185.215.113.77
185.215.113.77
telete.in
A 195.201.225.248
195.201.225.248
IP Address Status Action
164.124.101.2 Active Moloch
185.163.45.248 Active Moloch
185.215.113.77 Active Moloch
195.201.225.248 Active Moloch

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp\zxcv.EXE
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: Access is denied.
console_handle: 0x0000000b
1 1 0

WriteConsoleW

 buffer: C:\ProgramData\Dropakcx.exe
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: Access is denied.
console_handle: 0x0000000b
1 1 0

WriteConsoleW

 buffer: The system cannot find the path specified.
console_handle: 0x0000000b
1 1 0

WriteConsoleW

 buffer: ERROR: The process "972" not found.
console_handle: 0x0000000b
1 1 0
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
file C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.111\Locales\ru.pak
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x64f1
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25841
exception.address: 0x4064f1
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x64f2
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25842
exception.address: 0x4064f2
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x64f3
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25843
exception.address: 0x4064f3
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x64f4
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25844
exception.address: 0x4064f4
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x64f5
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25845
exception.address: 0x4064f5
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x64f6
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25846
exception.address: 0x4064f6
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x64f7
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25847
exception.address: 0x4064f7
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x64f8
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25848
exception.address: 0x4064f8
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x64f9
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25849
exception.address: 0x4064f9
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x64fa
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25850
exception.address: 0x4064fa
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x64fb
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25851
exception.address: 0x4064fb
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x64fc
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25852
exception.address: 0x4064fc
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x64fd
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25853
exception.address: 0x4064fd
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x64fe
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25854
exception.address: 0x4064fe
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x64ff
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25855
exception.address: 0x4064ff
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x6500
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25856
exception.address: 0x406500
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x6501
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25857
exception.address: 0x406501
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x6502
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25858
exception.address: 0x406502
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x6503
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25859
exception.address: 0x406503
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x6504
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25860
exception.address: 0x406504
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x6505
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25861
exception.address: 0x406505
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x6506
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25862
exception.address: 0x406506
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x6507
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25863
exception.address: 0x406507
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x6508
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25864
exception.address: 0x406508
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x6509
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25865
exception.address: 0x406509
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x650a
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25866
exception.address: 0x40650a
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x650b
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25867
exception.address: 0x40650b
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x650c
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25868
exception.address: 0x40650c
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x650d
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25869
exception.address: 0x40650d
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x650e
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25870
exception.address: 0x40650e
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x650f
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25871
exception.address: 0x40650f
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x6510
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25872
exception.address: 0x406510
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x6511
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25873
exception.address: 0x406511
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x6512
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25874
exception.address: 0x406512
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x6513
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25875
exception.address: 0x406513
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x6514
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25876
exception.address: 0x406514
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x6515
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25877
exception.address: 0x406515
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x6516
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25878
exception.address: 0x406516
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x6517
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25879
exception.address: 0x406517
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x6518
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25880
exception.address: 0x406518
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x6519
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25881
exception.address: 0x406519
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x651a
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25882
exception.address: 0x40651a
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ec
exception.symbol: zxcv+0x651b
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25883
exception.address: 0x40651b
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ec 00
exception.symbol: zxcv+0x651c
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25884
exception.address: 0x40651c
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 ec 00 00
exception.symbol: zxcv+0x651d
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25885
exception.address: 0x40651d
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 ec 00 00 00
exception.symbol: zxcv+0x651e
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25886
exception.address: 0x40651e
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 ec 00 00 00 00
exception.symbol: zxcv+0x651f
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25887
exception.address: 0x40651f
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 ec 00 00 00 00 00
exception.symbol: zxcv+0x6520
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25888
exception.address: 0x406520
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 ec 00 00 00 00 00 00
exception.symbol: zxcv+0x6521
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25889
exception.address: 0x406521
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x14de @ 0x4014de
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 ec 00 00 00 00 00 00 00
exception.symbol: zxcv+0x6522
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 25890
exception.address: 0x406522
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0
suspicious_features POST method with no referer header suspicious_request POST http://myproskxa.ac.ug/index.php
suspicious_features POST method with no referer header, POST method with no useragent header, Connection to IP address suspicious_request POST http://185.163.45.248/
suspicious_features POST method with no referer header, POST method with no useragent header suspicious_request POST http://kullasa.ac.ug/softokn3.dll
suspicious_features POST method with no referer header, POST method with no useragent header suspicious_request POST http://kullasa.ac.ug/sqlite3.dll
suspicious_features POST method with no referer header, POST method with no useragent header suspicious_request POST http://kullasa.ac.ug/freebl3.dll
suspicious_features POST method with no referer header, POST method with no useragent header suspicious_request POST http://kullasa.ac.ug/mozglue.dll
suspicious_features POST method with no referer header, POST method with no useragent header suspicious_request POST http://kullasa.ac.ug/msvcp140.dll
suspicious_features POST method with no referer header, POST method with no useragent header suspicious_request POST http://kullasa.ac.ug/nss3.dll
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://185.163.45.248//l/f/VAuJUXsBPvGyIjkLtOpJ/cc451af81c78b4f59363dcc043c781304dfe0ce1
suspicious_features POST method with no referer header, POST method with no useragent header suspicious_request POST http://kullasa.ac.ug/vcruntime140.dll
suspicious_features POST method with no referer header, POST method with no useragent header suspicious_request POST http://kullasa.ac.ug/main.php
suspicious_features POST method with no referer header, POST method with no useragent header suspicious_request POST http://kullasa.ac.ug/
suspicious_features GET method with no useragent header suspicious_request GET https://telete.in/brikitiki
request POST http://myproskxa.ac.ug/index.php
request POST http://185.163.45.248/
request POST http://kullasa.ac.ug/softokn3.dll
request POST http://kullasa.ac.ug/sqlite3.dll
request POST http://kullasa.ac.ug/freebl3.dll
request POST http://kullasa.ac.ug/mozglue.dll
request POST http://kullasa.ac.ug/msvcp140.dll
request POST http://kullasa.ac.ug/nss3.dll
request GET http://185.163.45.248//l/f/VAuJUXsBPvGyIjkLtOpJ/cc451af81c78b4f59363dcc043c781304dfe0ce1
request POST http://kullasa.ac.ug/vcruntime140.dll
request POST http://kullasa.ac.ug/main.php
request POST http://kullasa.ac.ug/
request GET https://telete.in/brikitiki
request POST http://myproskxa.ac.ug/index.php
request POST http://185.163.45.248/
request POST http://kullasa.ac.ug/softokn3.dll
request POST http://kullasa.ac.ug/sqlite3.dll
request POST http://kullasa.ac.ug/freebl3.dll
request POST http://kullasa.ac.ug/mozglue.dll
request POST http://kullasa.ac.ug/msvcp140.dll
request POST http://kullasa.ac.ug/nss3.dll
request POST http://kullasa.ac.ug/vcruntime140.dll
request POST http://kullasa.ac.ug/main.php
request POST http://kullasa.ac.ug/
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2548
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73f92000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2548
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x005e0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2548
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x77aff000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2548
region_size: 32768
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03630000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1960
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73f92000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1960
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02550000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1960
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x77aff000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1960
region_size: 32768
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02560000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 180
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73f92000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 180
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x004c0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 180
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x77aff000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 180
region_size: 32768
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x004d0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00550000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2524
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x77aff000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2524
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73f92000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1808
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003c0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1808
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x77aff000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 972
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x004f0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 972
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x77aff000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 972
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73f92000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

GetDiskFreeSpaceW

 number_of_free_clusters: 2668016
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \\?\Volume{c2d901c4-0706-11e8-912e-806e6f6e6963}\
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 2666620
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 2666620
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 2666620
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 10928193536
free_bytes_available: 10928193536
root_path: C:\
total_number_of_bytes: 34252779520
1 1 0
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlSoceng.store
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\recovery\101.3.34.11\manifest.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\_locales\fil
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\common.js
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nl\messages.json
file C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1
file C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\_locales\hi\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\page_embed_script.js
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc10.sth
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\_locales\da
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\_locales\de
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\fil
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions
file C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Origin Bound Certs
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fil\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\c652a0ec48ceb3fcab170992c43a87413309e80065a26252401ba3362a17c565.sth
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\fi\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\pnacl\0.57.44.2492\_platform_specific\x86_64\pnacl_public_pnacl_json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_TW
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\WidevineCdm\4.10.2209.0\_platform_specific
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales\es_419\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\5ea773f9df56c0e7b536487dd049e0327a919a0c84a112128418759681714558.sth
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\_locales\el\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\_locales\pt_PT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\_locales\ja
file C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\previews_opt_out.db
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCK
file C:\Sandbox\test22\DefaultBox\user\current\AppData\Local\Google\Chrome\User Data\Default\Last Session
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\_locales\pl\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\_locales\fil
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\_locales\zh_HK\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\no
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\nl
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales\ca
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\_locales\el\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales\tr\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales\cs
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\cs
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pt_PT\messages.json
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ru
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\ZxcvbnData\1\english_wikipedia.txt
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\WidevineCdm\4.10.2209.0
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\_metadata\computed_hashes.json
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\nssckbi.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-math-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\breakpadinjector.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-namedpipe-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-interlocked-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-convert-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\softokn3.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-libraryloader-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-process-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\IA2Marshal.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-conio-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\AccessibleHandler.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\freebl3.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\MapiProxy_InUse.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-locale-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\mozMapi32_InUse.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\libEGL.dll
file C:\ProgramData\vcruntime140.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\lgpllibs.dll
file C:\ProgramData\mozglue.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\nssdbm3.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-utility-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\MapiProxy.dll
file C:\ProgramData\sqlite3.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\nss3.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\msvcp140.dll
file C:\ProgramData\freebl3.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-processthreads-l1-1-1.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-timezone-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\AccessibleMarshal.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-heap-l1-1-0.dll
file C:\ProgramData\nss3.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-runtime-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-rtlsupport-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-util-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-filesystem-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-synch-l1-2-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-string-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-private-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\prldap60.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-file-l1-2-0.dll
file C:\ProgramData\msvcp140.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\vcruntime140.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\mozMapi32.dll
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\click.pyw.lnk
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-profile-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\ucrtbase.dll
file C:\ProgramData\softokn3.dll
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\dd81b5e9d99588633b73117e3b1f84f1a6952f9d573057d804047a85abfb8328_1609fbf0d6c26e---38596704027.pdf.lnk
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-environment-l1-1-0.dll
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\agent.pyw.lnk
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\click.txt.lnk
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\msi2.png.lnk
file C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7\Python Manuals.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7\Module Docs.lnk
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\exe1.zip.lnk
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\test.eml.lnk
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Filler 2010.lnk
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\ok1.png.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\util.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7\IDLE (Python GUI).lnk
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\Settings.ini.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\³ª¶óÀåÅÍ\G2BSTOP.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\³ª¶óÀåÅÍ\G2BRUN.lnk
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HttpWatch Professional Edition\Automation Examples.lnk
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\password.txt.lnk
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\robot2.png.lnk
file C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chrome.lnk
file C:\Users\test22\Links\Desktop.lnk
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EditPlus.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HttpWatch Professional Edition\HttpWatch Automation Reference.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\³ª¶óÀåÅÍ\Uninstall.lnk
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\doc.png.lnk
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\dd81b5e9d99588633b73117e3b1f84f1a6952f9d573057d804047a85abfb8328_1609fbf0d6c26e---38596704027.pdf.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\robot3.png.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\msoffice2010_32bit.lnk
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\doc2.png.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk
cmdline cmd.exe /c taskkill /pid 972 & erase C:\ProgramData\Dropakcx.exe & RD /S /Q C:\\ProgramData\\157078219925570\\* & exit
cmdline cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\test22\AppData\Local\Temp\zxcv.EXE"
cmdline "C:\Windows\System32\cmd.exe" /c taskkill /pid 972 & erase C:\ProgramData\Dropakcx.exe & RD /S /Q C:\\ProgramData\\157078219925570\\* & exit
file C:\ProgramData\Vdgfgjkhsdwr.exe
file C:\ProgramData\Dropakcx.exe
file C:\Users\test22\AppData\Local\Temp\zxcv.EXE
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-synch-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-file-l2-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-locale-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\breakpadinjector.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\prldap60.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-private-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\nss3.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-namedpipe-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\mozglue.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-libraryloader-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\softokn3.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\vcruntime140.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-environment-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\MapiProxy.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\IA2Marshal.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-heap-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-time-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-math-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-string-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-memory-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-sysinfo-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-util-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-localization-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\zxcv.EXE
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-processthreads-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-filesystem-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\msvcp140.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-stdio-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\AccessibleHandler.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\qipcap.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-utility-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-processthreads-l1-1-1.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-heap-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\freebl3.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\ucrtbase.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\libEGL.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-processenvironment-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-handle-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\nssckbi.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-timezone-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\nssdbm3.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\lgpllibs.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-synch-l1-2-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-conio-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-file-l1-2-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\ldap60.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-interlocked-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-profile-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-multibyte-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-rtlsupport-l1-1-0.dll
wmi SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( ProcessId = 972)
Time & API Arguments Status Return Repeated

CreateProcessInternalW

 thread_identifier: 2096
thread_handle: 0x00000790
process_identifier: 2792
current_directory:
filepath:
track: 1
command_line: cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\test22\AppData\Local\Temp\zxcv.EXE"
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
inherit_handles: 0
process_handle: 0x00000794
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: cmd.exe
parameters: /c taskkill /pid 972 & erase C:\ProgramData\Dropakcx.exe & RD /S /Q C:\\ProgramData\\157078219925570\\* & exit
filepath: cmd.exe
1 1 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2548
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 24576
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x003a0000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

GetAdaptersAddresses

 flags: 15
family: 0
111 0
Time & API Arguments Status Return Repeated

InternetReadFile

 buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $¢l$æ JOæ JOæ JOïuÙOê JO?oKNä JO?oINä JO?oONì JO?oNNí JOÄmKNä JO-nKNå JOæ KO~ JO-nNNò JO-nJNç JO-nµOç JO-nHNç JORichæ JOPEL¿bë[à"!  ¶b—¼ÐP ±@¨¸È0xÐ@`ÐþT(ÿ@Ðl.textË´¶ `.rdata DÐFº@@.data @À.rsrcx0@@.reloc`@@B
request_handle: 0x00cc000c
1 1 0

InternetReadFile

 buffer: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELê˜=Sv? à! ÐàXà` 8à  °˜ÐL ü'ð¬Ñp.textÀÎÐ`0`.data°àÖ@@À.rdata$­ð®æ@@@.bss˜ €@À.edata˜°”@0@.idataL Ð ®@0À.CRTàº@0À.tls ð¼@0À.relocü'(¾@0B/4`0æ@@B/19È@è@B/35MPì@B/51`C`Dô@B/63„ °8@B/77” À F@B/89ÐR
request_handle: 0x00cc000c
1 1 0

InternetReadFile

 buffer: MZÿÿ¸@ º´ Í!¸LÍ!This program cannot be run in DOS mode. $Àð/„‘AV„‘AV„‘AVéÒVˆ‘AV]ó@W†‘AV1†V…‘AV]óBW€‘AV]óDW‘AV]óEW‘AV¦ñ@W€‘AVOò@W‡‘AV„‘@V֑AVOòBW†‘AVOòEWÀ‘AVOòAW…‘AVOò¾V…‘AVOòCW…‘AVRich„‘AVPELØbë[à"!  Øf)Ýðp£s@pæPÀæÈ@xüÐPà0âTˆâ@ð8.texttÖØ `.rdataüþðÜ@@.data,HðÜ@À.rsrcx@à@@.relocàPä@B
request_handle: 0x00cc000c
1 1 0

InternetReadFile

 buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $ÂU±É£;âÉ£;âÉ£;âÀÛ¨âÙ£;âWüâË£;âÁ8ãÇ£;âÁ?ã£;âÁ:ãÍ£;âÁ>ãÛ£;âëÃ:ãÀ£;âÉ£:âw£;âÀ?ãÈ£;âÀ>ãÝ£;âÀ;ãÈ£;âÀÄâÈ£;âÀ9ãÈ£;âRichÉ£;âPELÄ_ë[à"!  z†à‚@3@A@Àt´Þ, xúÐ0h ¹TT¹h¸@ôl¾€.textÊxz `.rdata^ef~@@.data¼ ä@À.didat8æ@À.rsrcx è@@.reloch 0ì@B
request_handle: 0x00cc000c
1 1 0

InternetReadFile

 buffer: MZÿÿ¸@øº´ Í!¸LÍ!This program cannot be run in DOS mode. $¦È¼Aâ©Òâ©Òâ©ÒV5=à©ÒëÑAú©Ò;ËÓá©Òâ©Ó"©Ò;ËÑë©Ò;ËÖî©Ò;Ë×ô©Ò;ËÚ•©Ò;ËÒã©Ò;Ë-ã©Ò;ËÐã©ÒRichâ©ÒPEL8'Yà"!  ‚P±  Ðaz@AðC‚ÏôR,€øx8?4:ðf8È(@Pð˜@@.textr `.data( @À.idata6P @@.didat4p6@À.rsrcø€8@@.reloc4:<<@B
request_handle: 0x00cc000c
1 1 0

InternetReadFile

 buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $#ƒ4ŒgâZßgâZßgâZßnšÉßsâZß¾€[ÞeâZßùBßcâZß¾€YÞjâZß¾€_ÞmâZß¾€^ÞlâZßE‚[ÞoâZ߬[ÞdâZßgâ[ߐâZ߬^ÞmãZ߬ZÞfâZ߬¥ßfâZ߬XÞfâZßRichgâZßPEL­bë[à"!  êwð@·»@ˆ ˆ=T°pæÐÀ}p—Tȗ@ø.textèê `.rdataRTî@@.datatG`"B@À.rsrcp°d@@.reloc}À~h@B
request_handle: 0x00cc000c
1 1 0

InternetReadFile

 buffer: MZÿÿ¸@𺴠Í!¸LÍ!This program cannot be run in DOS mode. $ù£NE˜ÍE˜ÍE˜Íñ"G˜ÍLà^N˜ÍE˜Ìl˜ÍœúÉU˜ÍœúÎV˜ÍœúÈA˜ÍœúÅ_˜ÍœúÍD˜Íœú2D˜ÍœúÏD˜ÍRichE˜ÍPEL 8'Yà"!  ê ® @¼@A°ð ÀŒ H?0” °8è@¼.textÄéê `.dataDî@À.idata¸ð@@.rsrc ö@@.reloc” 0 ü@B
request_handle: 0x00cc000c
1 1 0
section {u'size_of_data': u'0x00182000', u'virtual_address': u'0x00001000', u'entropy': 7.87777549652725, u'name': u'.text', u'virtual_size': u'0x0018139c'} entropy 7.87777549653 description A section with a high entropy has been found
entropy 0.994845360825 description Overall entropy of this PE file is high
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0
url http://ip-api.com/json
url https://dotbit.me/a/
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
description Communications use DNS rule Network_DNS
description Communications over RAW Socket rule Network_TCP_Socket
description Win32 PWS Loki rule Win32_PWS_Loki_Zero
description Run a KeyLogger rule KeyLogger
description Communications over HTTP rule Network_HTTP
description Match Windows Inet API call rule Str_Win32_Internet_API
description Take ScreenShot rule ScreenShot
description Match Windows Http API call rule Str_Win32_Http_API
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
description Take ScreenShot rule ScreenShot
description Match Windows Http API call rule Str_Win32_Http_API
description Steal credential rule local_credential_Steal
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
Time & API Arguments Status Return Repeated

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
base_handle: 0x80000002
key_handle: 0x00000674
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ePageSafer
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ePageSafer
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko)
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko)
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUS
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUS
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TouchEn nxKey
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TouchEn nxKey
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UnINISafeWeb
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UnINISafeWeb
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UnINISafeWeb6
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UnINISafeWeb6
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1CBD185A-9CB3-4f30-B7E4-75CC551455F9}_is1
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1CBD185A-9CB3-4f30-B7E4-75CC551455F9}_is1
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180131F0}
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180131F0}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5BEFEB79-2B4D-4EEE-9979-AFDE0A20FADE}_is1
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5BEFEB79-2B4D-4EEE-9979-AFDE0A20FADE}_is1
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8941A397-4065-4F41-92CE-0EB610846EED}_is1
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8941A397-4065-4F41-92CE-0EB610846EED}_is1
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0015-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0015-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0016-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0016-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0018-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0018-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0019-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0019-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001A-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001A-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001B-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001B-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0028-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0028-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0044-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0044-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00A1-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00A1-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00BA-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00BA-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}
base_handle: 0x80000002
key_handle: 0x00000698
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}
1 0 0
cmdline cmd.exe /c taskkill /pid 972 & erase C:\ProgramData\Dropakcx.exe & RD /S /Q C:\\ProgramData\\157078219925570\\* & exit
cmdline cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\test22\AppData\Local\Temp\zxcv.EXE"
cmdline taskkill /pid 972
cmdline "C:\Windows\System32\cmd.exe" /c taskkill /pid 972 & erase C:\ProgramData\Dropakcx.exe & RD /S /Q C:\\ProgramData\\157078219925570\\* & exit
buffer Buffer with sha1: 106e9c0b5971c5d99d53b5c0414e807891921dd2
buffer Buffer with sha1: cf3429650334eb7e4c2cfd18c8cfd5be456c5900
buffer Buffer with sha1: 95ae5c1c4c3bc1700c7688d0667ff036019b8ae8
buffer Buffer with sha1: 9ca3572f835e85dba83c764d5f222743d1725267
host 185.163.45.248
file C:\ProgramData\Microsoft\Microsoft Antimalware\Network Inspection System\Support
file C:\ProgramData\Microsoft\Microsoft Antimalware\Network Inspection System\Support\NisLog.txt
file C:\ProgramData\Microsoft\Microsoft Antimalware
file C:\ProgramData\Microsoft\Microsoft Antimalware\Network Inspection System
file C:\Users\test22\AppData\Local\Temp\SandboxieInstall.exe
file C:\ProgramData\Microsoft\Microsoft Security Client\Support\EppSetup.etl
file C:\ProgramData\Microsoft\Microsoft Security Client\Support\EppSetupResult.ini
file C:\ProgramData\Microsoft\Microsoft Security Client\Support\MSSecurityClient_Setup_4.10.209.0_epp_Install.log
file C:\ProgramData\Microsoft\Microsoft Security Client
file C:\ProgramData\Microsoft\Microsoft Security Client\Support\Application.etl
file C:\ProgramData\Microsoft\Microsoft Security Client\Support\EppSetup.log
file C:\ProgramData\Microsoft\Microsoft Security Client\Support\MSSecurityClient_Setup_4.10.209.0_epp_Uninstall.log
file C:\ProgramData\Microsoft\Microsoft Security Client\Support
file C:\ProgramData\Microsoft\Microsoft Security Client\Support\EppOobe.etl
registry HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString
file C:\Users\test22\AppData\Roaming\Bitcoin\
file C:\Users\test22\AppData\Roaming\Electrum\wallets\
file C:\Users\test22\AppData\Roaming\Litecoin\
file C:\Users\test22\AppData\Roaming\Namecoin\
file C:\Users\test22\AppData\Roaming\Terracoin\
file C:\Users\test22\AppData\Roaming\Primecoin\
file C:\Users\test22\AppData\Roaming\Freicoin\
file C:\Users\test22\AppData\Roaming\devcoin\
file C:\Users\test22\AppData\Roaming\Franko\
file C:\Users\test22\AppData\Roaming\Megacoin\
file C:\Users\test22\AppData\Roaming\Infinitecoin\
file C:\Users\test22\AppData\Roaming\Ixcoin\
file C:\Users\test22\AppData\Roaming\Anoncoin\
file C:\Users\test22\AppData\Roaming\BBQCoin\
file C:\Users\test22\AppData\Roaming\digitalcoin\
file C:\Users\test22\AppData\Roaming\Mincoin\
file C:\Users\test22\AppData\Roaming\GoldCoin (GLD)\
file C:\Users\test22\AppData\Roaming\YACoin\
file C:\Users\test22\AppData\Roaming\Florincoin\
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\agent.py
file C:\Python27\agent.pyw
Time & API Arguments Status Return Repeated

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: 7-Zip 20.02 alpha
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe AIR
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: EditPlus
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: MarkAny Inc. e-PageSafer V2.5 NoAX ( Basic )_2.5.1.18
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ePageSafer\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Chrome
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: ????? ?? 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Mozilla Thunderbird 78.4.0 (x86 ko)
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko)\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Professional Plus 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUS\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: TouchEn nxKey with E2E for 32bit
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\TouchEn nxKey\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: INISafeWeb 5.0
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\UnINISafeWeb\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: INISafeWeb 6.0
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\UnINISafeWeb6\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe AIR
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: HttpWatch Professional 9.3.39
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Delfino G3 (x86) version 3.6.6.5
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1CBD185A-9CB3-4f30-B7E4-75CC551455F9}_is1\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: ????? ?? 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Java 8 Update 131
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180131F0}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Java Auto Updater
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: G2BRUN
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5BEFEB79-2B4D-4EEE-9979-AFDE0A20FADE}_is1\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Google Update Helper
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: WIZVERA Process Manager 1,0,5,4
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8941A397-4065-4F41-92CE-0EB610846EED}_is1\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Professional Plus 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Access MUI (Korean) 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0015-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Excel MUI (Korean) 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0016-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office PowerPoint MUI (Korean) 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0018-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Publisher MUI (Korean) 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0019-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Outlook MUI (Korean) 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001A-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Word MUI (Korean) 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001B-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proof (English) 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proof (Korean) 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office IME (Korean) 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0028-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proofing (Korean) 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office InfoPath MUI (Korean) 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0044-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Shared MUI (Korean) 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office OneNote MUI (Korean) 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00A1-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Groove MUI (Korean) 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00BA-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe Flash Player 13 ActiveX
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe Flash Player 13 NPAPI
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe Acrobat Reader DC MUI
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: iniLINE CrossEX Service
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\iniLINE_CrossEX\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000698
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: iniLINE CrossEX Service
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\iniLINE_CrossEX\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000334
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: 7-Zip 20.02 alpha
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000334
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe AIR
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000334
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: EditPlus
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000334
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: MarkAny Inc. e-PageSafer V2.5 NoAX ( Basic )_2.5.1.18
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ePageSafer\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000334
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Chrome
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000334
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: ????? ?? 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000334
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Mozilla Thunderbird 78.4.0 (x86 ko)
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko)\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000334
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Professional Plus 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUS\DisplayName
1 0 0
file C:\Users\test22\AppData\Local\Thunderbird\Profiles\hzkyl8yo.default
file C:\Users\test22\AppData\Roaming\Thunderbird\Profiles\hzkyl8yo.default
file C:\Users\test22\AppData\Roaming\Thunderbird\profiles.ini
registry HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts
registry HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\SMTP Password2
registry HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager
registry HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook
process Vdgfgjkhsdwr.exe useragent Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
process Dropakcx.exe useragent
Process injection Process 2548 called NtSetContextThread to modify thread in remote process 2524
Process injection Process 1960 called NtSetContextThread to modify thread in remote process 1808
Process injection Process 180 called NtSetContextThread to modify thread in remote process 972
Time & API Arguments Status Return Repeated

NtSetContextThread

 registers.eip: 4792320
registers.esp: 1638384
registers.edi: 0
registers.eax: 4454519
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 2007957956
thread_handle: 0x000001a0
process_identifier: 2524
1 0 0

NtSetContextThread

 registers.eip: 4325376
registers.esp: 1638384
registers.edi: 0
registers.eax: 4302468
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 2007957956
thread_handle: 0x00000118
process_identifier: 1808
1 0 0

NtSetContextThread

 registers.eip: 4407296
registers.esp: 1638384
registers.edi: 0
registers.eax: 4291211
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 2007957956
thread_handle: 0x00000118
process_identifier: 972
1 0 0
file C:\Users\test22\AppData\Roaming\Exodus\exodus.wallet
file C:\Python27\tcl\tcl8.5\encoding\euc-cn.enc
file C:\Python27\tcl\tcl8.5\encoding\iso8859-3.enc
file C:\Python27\tcl\tcl8.5\encoding\ascii.enc
file C:\Python27\tcl\tcl8.5\encoding\cp857.enc
file C:\Python27\tcl\tcl8.5\encoding\macIceland.enc
file C:\Python27\tcl\tcl8.5\encoding\cp864.enc
file C:\Python27\tcl\tcl8.5\encoding\cp1254.enc
file C:\Python27\tcl\tcl8.5\encoding\iso8859-8.enc
file C:\Python27\tcl\tcl8.5\encoding\cp932.enc
file C:\Python27\tcl\tcl8.5\encoding\cp863.enc
file C:\Python27\tcl\tcl8.5\encoding\ksc5601.enc
file C:\Python27\tcl\tcl8.5\encoding\euc-kr.enc
file C:\Python27\tcl\tcl8.5\encoding\jis0212.enc
file C:\Python27\tcl\tcl8.5\encoding\cp1255.enc
file C:\Python27\tcl\tcl8.5\encoding\iso8859-2.enc
file C:\Python27\tcl\tcl8.5\encoding\macGreek.enc
file C:\Python27\tcl\tcl8.5\encoding\cp1256.enc
file C:\Python27\tcl\tcl8.5\encoding\cp949.enc
file C:\Python27\tcl\tcl8.5\encoding\cp437.enc
file C:\Python27\tcl\tcl8.5\encoding\cp775.enc
file C:\Python27\tcl\tcl8.5\encoding\iso8859-14.enc
file C:\Python27\tcl\tcl8.5\encoding\big5.enc
file C:\Python27\tcl\tcl8.5\encoding\cp950.enc
file C:\Python27\tcl\tcl8.5\encoding\iso2022-jp.enc
file C:\Python27\tcl\tcl8.5\encoding\cp869.enc
file C:\Python27\tcl\tcl8.5\encoding\iso8859-5.enc
file C:\Python27\tcl\tcl8.5\encoding\iso8859-9.enc
file C:\Python27\tcl\tcl8.5\encoding\macThai.enc
file C:\Python27\tcl\tcl8.5\encoding\macRoman.enc
file C:\Python27\tcl\tcl8.5\encoding\gb1988.enc
file C:\Python27\tcl\tcl8.5\encoding\iso8859-15.enc
file C:\Python27\tcl\tcl8.5\encoding\macDingbats.enc
file C:\Users\test22\AppData\Roaming\Thunderbird\Profiles\g8t0pe67.default-release\parent.lock
file C:\Python27\tcl\tcl8.5\encoding\cp865.enc
file C:\Python27\tcl\tcl8.5\encoding\jis0201.enc
file C:\Python27\tcl\tcl8.5\encoding\macCentEuro.enc
file C:\Python27\tcl\tcl8.5\encoding\cp850.enc
file C:\Python27\tcl\tcl8.5\encoding\shiftjis.enc
file C:\Python27\tcl\tcl8.5\encoding\cp1251.enc
file C:\Python27\tcl\tcl8.5\encoding\euc-jp.enc
file C:\Python27\tcl\tcl8.5\encoding\jis0208.enc
file C:\Python27\tcl\tcl8.5\encoding\macUkraine.enc
file C:\Python27\tcl\tcl8.5\encoding\macTurkish.enc
file C:\Python27\tcl\tcl8.5\encoding\macCyrillic.enc
file C:\Python27\tcl\tcl8.5\encoding\iso8859-1.enc
file C:\Python27\tcl\tcl8.5\encoding\macRomania.enc
file C:\Python27\tcl\tcl8.5\encoding\ebcdic.enc
file C:\Python27\tcl\tcl8.5\encoding\iso8859-4.enc
file C:\Python27\tcl\tcl8.5\encoding\cp1250.enc
file C:\Users\test22\AppData\Local\Temp\zxcv.EXE
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\nssckbi.dll
file C:\Users\test22\AppData\LocalLow\p871oZdlQ
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-stdio-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\breakpadinjector.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-namedpipe-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-timezone-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-convert-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\ucrtbase.dll
file C:\Users\test22\AppData\LocalLow\38Eslv9Hyz8.zip
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-libraryloader-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-process-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\IA2Marshal.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-handle-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-heap-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-math-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\MapiProxy_InUse.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-locale-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\mozMapi32_InUse.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\libEGL.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\lgpllibs.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-synch-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-utility-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\MapiProxy.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\prldap60.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\nss3.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\msvcp140.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\ldap60.dll
file C:\Users\test22\AppData\LocalLow\foxmail.temp
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-processthreads-l1-1-1.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-interlocked-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\AccessibleMarshal.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\vcruntime140.dll
file C:\Users\test22\AppData\LocalLow\p871oZdlQ-shm
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-runtime-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-rtlsupport-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-util-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-filesystem-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-synch-l1-2-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\mozglue.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\ldif60.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-string-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-private-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-localization-l1-2-0.dll
file C:\Users\test22\AppData\LocalLow\chrome_urls.txt
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-file-l1-2-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-conio-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\mozMapi32.dll
file C:\Users\test22\AppData\LocalLow\ie_ftp_data.txt
file C:\Users\test22\AppData\LocalLow\sqlite3.dll
Process injection Process 2548 resumed a thread in remote process 2524
Process injection Process 1960 resumed a thread in remote process 1808
Process injection Process 180 resumed a thread in remote process 972
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x000001a0
suspend_count: 1
process_identifier: 2524
1 0 0

NtResumeThread

 thread_handle: 0x00000118
suspend_count: 1
process_identifier: 1808
1 0 0

NtResumeThread

 thread_handle: 0x00000118
suspend_count: 1
process_identifier: 972
1 0 0
Time & API Arguments Status Return Repeated

WNetGetProviderNameW

 net_type: 0x00250000
1222 0
Time & API Arguments Status Return Repeated

CreateProcessInternalW

 thread_identifier: 2088
thread_handle: 0x00000268
process_identifier: 1960
current_directory: C:\Users\test22\AppData\Local\Temp
filepath: C:\ProgramData\Vdgfgjkhsdwr.exe
track: 1
command_line: "C:\ProgramData\Vdgfgjkhsdwr.exe"
filepath_r: C:\ProgramData\Vdgfgjkhsdwr.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x00000254
1 1 0

CreateProcessInternalW

 thread_identifier: 2132
thread_handle: 0x00000268
process_identifier: 180
current_directory: C:\Users\test22\AppData\Local\Temp
filepath: C:\ProgramData\Dropakcx.exe
track: 1
command_line: "C:\ProgramData\Dropakcx.exe"
filepath_r: C:\ProgramData\Dropakcx.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x00000294
1 1 0

CreateProcessInternalW

 thread_identifier: 2752
thread_handle: 0x000001a0
process_identifier: 2524
current_directory:
filepath: C:\Users\test22\AppData\Local\Temp\zxcv.EXE
track: 1
command_line:
filepath_r: C:\Users\test22\AppData\Local\Temp\zxcv.EXE
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
inherit_handles: 0
process_handle: 0x00000198
1 1 0

NtGetContextThread

 thread_handle: 0x000001a0
1 0 0

NtUnmapViewOfSection

 base_address: 0x00400000
region_size: 4096
process_identifier: 2524
process_handle: 0x00000198
1 0 0

NtMapViewOfSection

 section_handle: 0x00000190
process_identifier: 2524
commit_size: 0
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
base_address: 0x00400000
allocation_type: 0 ()
section_offset: 0
view_size: 618496
process_handle: 0x00000198
1 0 0

NtSetContextThread

 registers.eip: 4792320
registers.esp: 1638384
registers.edi: 0
registers.eax: 4454519
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 2007957956
thread_handle: 0x000001a0
process_identifier: 2524
1 0 0

NtResumeThread

 thread_handle: 0x000001a0
suspend_count: 1
process_identifier: 2524
1 0 0

CreateProcessInternalW

 thread_identifier: 2492
thread_handle: 0x00000118
process_identifier: 1808
current_directory:
filepath: C:\ProgramData\Vdgfgjkhsdwr.exe
track: 1
command_line:
filepath_r: C:\ProgramData\Vdgfgjkhsdwr.exe
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
inherit_handles: 0
process_handle: 0x00000120
1 1 0

NtGetContextThread

 thread_handle: 0x00000118
1 0 0

NtUnmapViewOfSection

 base_address: 0x00400000
region_size: 4096
process_identifier: 1808
process_handle: 0x00000120
1 0 0

NtMapViewOfSection

 section_handle: 0x000000e0
process_identifier: 1808
commit_size: 0
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
base_address: 0x00400000
allocation_type: 0 ()
section_offset: 0
view_size: 151552
process_handle: 0x00000120
1 0 0

NtSetContextThread

 registers.eip: 4325376
registers.esp: 1638384
registers.edi: 0
registers.eax: 4302468
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 2007957956
thread_handle: 0x00000118
process_identifier: 1808
1 0 0

NtResumeThread

 thread_handle: 0x00000118
suspend_count: 1
process_identifier: 1808
1 0 0

CreateProcessInternalW

 thread_identifier: 2848
thread_handle: 0x00000118
process_identifier: 972
current_directory:
filepath: C:\ProgramData\Dropakcx.exe
track: 1
command_line:
filepath_r: C:\ProgramData\Dropakcx.exe
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
inherit_handles: 0
process_handle: 0x00000120
1 1 0

NtGetContextThread

 thread_handle: 0x00000118
1 0 0

NtUnmapViewOfSection

 base_address: 0x00400000
region_size: 4096
process_identifier: 972
process_handle: 0x00000120
1 0 0

NtMapViewOfSection

 section_handle: 0x000000e0
process_identifier: 972
commit_size: 0
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
base_address: 0x00400000
allocation_type: 0 ()
section_offset: 0
view_size: 233472
process_handle: 0x00000120
1 0 0

NtSetContextThread

 registers.eip: 4407296
registers.esp: 1638384
registers.edi: 0
registers.eax: 4291211
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 2007957956
thread_handle: 0x00000118
process_identifier: 972
1 0 0

NtResumeThread

 thread_handle: 0x00000118
suspend_count: 1
process_identifier: 972
1 0 0

NtResumeThread

 thread_handle: 0x0000014c
suspend_count: 1
process_identifier: 2524
1 0 0

CreateProcessInternalW

 thread_identifier: 2096
thread_handle: 0x00000790
process_identifier: 2792
current_directory:
filepath:
track: 1
command_line: cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\test22\AppData\Local\Temp\zxcv.EXE"
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
inherit_handles: 0
process_handle: 0x00000794
1 1 0

NtResumeThread

 thread_handle: 0x000000f0
suspend_count: 1
process_identifier: 1808
1 0 0

CreateProcessInternalW

 thread_identifier: 1596
thread_handle: 0x000002b8
process_identifier: 2696
current_directory: C:\ProgramData
filepath: C:\Windows\System32\cmd.exe
track: 1
command_line: "C:\Windows\System32\cmd.exe" /c taskkill /pid 972 & erase C:\ProgramData\Dropakcx.exe & RD /S /Q C:\\ProgramData\\157078219925570\\* & exit
filepath_r: C:\Windows\System32\cmd.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x0000027c
1 1 0

CreateProcessInternalW

 thread_identifier: 2148
thread_handle: 0x00000088
process_identifier: 1068
current_directory: C:\Users\test22\AppData\LocalLow
filepath: C:\Windows\System32\timeout.exe
track: 1
command_line: timeout /T 10 /NOBREAK
filepath_r: C:\Windows\system32\timeout.exe
stack_pivoted: 0
creation_flags: 524288 (EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 1
process_handle: 0x0000008c
1 1 0

CreateProcessInternalW

 thread_identifier: 2584
thread_handle: 0x00000084
process_identifier: 2652
current_directory: C:\ProgramData
filepath: C:\Windows\System32\taskkill.exe
track: 1
command_line: taskkill /pid 972
filepath_r: C:\Windows\system32\taskkill.exe
stack_pivoted: 0
creation_flags: 524288 (EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 1
process_handle: 0x00000088
1 1 0
Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Barys.102299
FireEye Generic.mg.575f6a65c28682f8
McAfee Artemis!575F6A65C286
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
K7GW Hacktool ( 700007861 )
Cybereason malicious.5c2868
Cyren W32/VBKrypt.AXL.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Injector.EPVS
APEX Malicious
Paloalto generic.ml
ClamAV Win.Dropper.Raccoon-9884067-0
Kaspersky HEUR:Trojan.Win32.Chapak.vho
BitDefender Gen:Variant.Barys.102299
Avast Win32:DropperX-gen [Drp]
Ad-Aware Gen:Variant.Barys.102299
Sophos Generic ML PUA (PUA)
DrWeb Trojan.Inject4.15179
McAfee-GW-Edition BehavesLike.Win32.Generic.tc
Emsisoft Trojan.Injector (A)
MaxSecure Trojan.Malware.300983.susgen
Avira TR/Dropper.Gen
Microsoft Trojan:Win32/Fareit.RT!MTB
ZoneAlarm HEUR:Trojan.Win32.Chapak.vho
GData Gen:Variant.Barys.102299
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Fareit.R432645
BitDefenderTheta Gen:NN.ZevbaF.34088.Hn0@aCqwJiC
ALYac Gen:Variant.Barys.102299
MAX malware (ai score=81)
VBA32 BScope.TrojanPSW.Stelega
Malwarebytes Spyware.RedLineStealer
Rising Trojan.Injector!1.C6AF (CLASSIC)
SentinelOne Static AI - Suspicious PE
Fortinet W32/Injector.EPVS!tr
AVG Win32:DropperX-gen [Drp]
Panda Trj/GdSda.A
CrowdStrike win/malicious_confidence_70% (D)
Qihoo-360 HEUR/QVM20.1.4DCA.Malware.Gen