Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Aug. 24, 2021, 8:56 a.m.	Aug. 24, 2021, 8:59 a.m.

Size	124.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`60a55d0c6cba71cd1215b63ee7a1cc82`
SHA256	`860e16c192167d5dd823b8e533858cdada7aa9b3173254f2f57031af68b84e0c`
CRC32	`B2E2E219`
ssdeep	`1536:fnYgNdzXtWBB9m3w4MPnoQKFF/8ethr+mcjDVyk8i7jLimejN3j:fYgN6Bg3FMqZ7hrZwVNLibN`
Yara	PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file IsPE32 - (no description)

solex.exe "C:\Users\test22\AppData\Local\Temp\solex.exe"
2620
- solex.exe "C:\Users\test22\AppData\Local\Temp\solex.exe"
  1108

Name	Response	Post-Analysis Lookup
s-bins.duckdns.org	A 23.146.242.94	23.146.242.94
s-wave.duckdns.org	A 23.146.242.67	23.146.242.67

IP Address	Status	Action
164.124.101.2	Active	Moloch
23.146.242.67	Active	Moloch
23.146.242.94	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.102:64034 -> 164.124.101.2:53	2022918	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain	Misc activity
UDP 192.168.56.102:52062 -> 164.124.101.2:53	2022918	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain	Misc activity

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Aug. 24, 2021, 8:56 a.m.		1	1	0

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

CUSTOM

One or more processes crashed (50 out of 1360 events)

Time & API	Arguments	Status
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x42f76c exception.symbol: solex+0x2f76c exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 194412 registers.esp: 505216908 registers.edi: 0 registers.eax: 4388716 registers.ebp: 505216916 registers.edx: 2023888 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x2f771 @ 0x42f771 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: a1 0c a0 46 00 56 57 bf 4e e6 40 bb be 00 00 ff exception.symbol: solex+0x2fc19 exception.instruction: mov eax, dword ptr [0x46a00c] exception.module: solex.exe exception.exception_code: 0xc0000005 exception.offset: 195609 exception.address: 0x42fc19 registers.esp: 505216880 registers.edi: 0 registers.eax: 4388716 registers.ebp: 505216900 registers.edx: 2023888 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x2f771 @ 0x42f771 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: ff 15 e0 32 45 00 8b 45 f8 33 45 f4 89 45 fc ff exception.symbol: solex+0x2fc3f exception.instruction: call dword ptr [0x4532e0] exception.module: solex.exe exception.exception_code: 0xc0000005 exception.offset: 195647 exception.address: 0x42fc3f registers.esp: 505216868 registers.edi: 3141592654 registers.eax: 505216888 registers.ebp: 505216900 registers.edx: 2023888 registers.ebx: 0 registers.esi: 4294901760 registers.ecx: 0	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x2f328 @ 0x42f328 solex+0x2f617 @ 0x42f617 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x4507ca exception.symbol: solex+0x507ca exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 329674 registers.esp: 505216780 registers.edi: 0 registers.eax: 505216888 registers.ebp: 505216832 registers.edx: 0 registers.ebx: 1 registers.esi: 0 registers.ecx: 1323477052	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x2f617 @ 0x42f617 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x431d51 exception.symbol: solex+0x31d51 exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 204113 registers.esp: 505216836 registers.edi: 0 registers.eax: 0 registers.ebp: 505216840 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x2f617 @ 0x42f617 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x434f91 exception.symbol: solex+0x34f91 exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 216977 registers.esp: 505216832 registers.edi: 0 registers.eax: 0 registers.ebp: 505216840 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x2f617 @ 0x42f617 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: a3 20 b3 46 00 c3 cc cc 83 3d 0c ad 46 00 01 72 exception.symbol: solex+0x34fa8 exception.instruction: mov dword ptr [0x46b320], eax exception.module: solex.exe exception.exception_code: 0xc0000005 exception.offset: 217000 exception.address: 0x434fa8 registers.esp: 505216832 registers.edi: 0 registers.eax: 2971490243 registers.ebp: 505216840 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 29	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x2f617 @ 0x42f617 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x4351e5 exception.symbol: solex+0x351e5 exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 217573 registers.esp: 505216832 registers.edi: 0 registers.eax: 4633372 registers.ebp: 505216840 registers.edx: 9 registers.ebx: 0 registers.esi: 0 registers.ecx: 9	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x31cb9 @ 0x431cb9 solex+0x351fb @ 0x4351fb solex+0x2f617 @ 0x42f617 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: ff 36 e8 59 00 00 00 59 85 c0 75 2f 83 c6 04 3b exception.symbol: solex+0x31ad3 exception.instruction: push dword ptr [esi] exception.module: solex.exe exception.exception_code: 0xc0000005 exception.offset: 203475 exception.address: 0x431ad3 registers.esp: 505216764 registers.edi: 4294967295 registers.eax: 2971490243 registers.ebp: 505216776 registers.edx: 2971490243 registers.ebx: 4633368 registers.esi: 4548744 registers.ecx: 3	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x31afd @ 0x431afd solex+0x31cb9 @ 0x431cb9 solex+0x351fb @ 0x4351fb solex+0x2f617 @ 0x42f617 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: f2 ae f7 d1 81 f9 ff ff 00 00 76 05 b9 ff ff 00 exception.symbol: RtlInitString+0x1b RtlInitAnsiString-0x1d ntdll+0x2e1b3 exception.instruction: scasb al, byte ptr es:[edi] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 188851 exception.address: 0x77b0e1b3 registers.esp: 505216716 registers.edi: 4539212 registers.eax: 0 registers.ebp: 505216748 registers.edx: 505216740 registers.ebx: 65535 registers.esi: 4548744 registers.ecx: 4294967295	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x351a1 @ 0x4351a1 solex+0x2f617 @ 0x42f617 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x40e06b exception.symbol: solex+0xe06b exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 57451 registers.esp: 505216808 registers.edi: 0 registers.eax: 1990479659 registers.ebp: 505216820 registers.edx: 2130328564 registers.ebx: 0 registers.esi: 1990479659 registers.ecx: 1990479659	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x2f617 @ 0x42f617 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x43d983 exception.symbol: solex+0x3d983 exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 252291 registers.esp: 505216836 registers.edi: 0 registers.eax: 1 registers.ebp: 505216840 registers.edx: 2130328564 registers.ebx: 0 registers.esi: 0 registers.ecx: 4633380	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x2f617 @ 0x42f617 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x447e38 exception.symbol: solex+0x47e38 exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 294456 registers.esp: 505216824 registers.edi: 0 registers.eax: 1 registers.ebp: 505216840 registers.edx: 2130328564 registers.ebx: 0 registers.esi: 0 registers.ecx: 4633380	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x3d992 @ 0x43d992 solex+0x2f617 @ 0x42f617 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: 8b 1e 85 db 74 0e 8b cb ff 15 74 34 45 00 ff d3 exception.symbol: solex+0x47e59 exception.instruction: mov ebx, dword ptr [esi] exception.module: solex.exe exception.exception_code: 0xc0000005 exception.offset: 294489 exception.address: 0x447e59 registers.esp: 505216804 registers.edi: 4551376 registers.eax: 2936121591 registers.ebp: 505216820 registers.edx: 2130328564 registers.ebx: 0 registers.esi: 4551376 registers.ecx: 4633380	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x3d992 @ 0x43d992 solex+0x2f617 @ 0x42f617 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x4428a3 exception.symbol: solex+0x428a3 exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 272547 registers.esp: 505216792 registers.edi: 4551376 registers.eax: 2936121591 registers.ebp: 505216820 registers.edx: 2130328564 registers.ebx: 4446354 registers.esi: 4551376 registers.ecx: 4634196	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x3d992 @ 0x43d992 solex+0x2f617 @ 0x42f617 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x436939 exception.symbol: solex+0x36939 exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 223545 registers.esp: 505216788 registers.edi: 4551376 registers.eax: 3 registers.ebp: 505216820 registers.edx: 4628968 registers.ebx: 4446406 registers.esi: 2971490243 registers.ecx: 29	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x3d992 @ 0x43d992 solex+0x2f617 @ 0x42f617 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x43c855 exception.symbol: solex+0x3c855 exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 247893 registers.esp: 505216784 registers.edi: 4551376 registers.eax: 1 registers.ebp: 505216820 registers.edx: 2971490243 registers.ebx: 4446406 registers.esi: 2971490243 registers.ecx: 4633512	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x3d992 @ 0x43d992 solex+0x2f617 @ 0x42f617 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x44800b exception.symbol: solex+0x4800b exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 294923 registers.esp: 505216780 registers.edi: 4551376 registers.eax: 1 registers.ebp: 505216820 registers.edx: 2971490243 registers.ebx: 4446406 registers.esi: 2971490243 registers.ecx: 4633528	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x3d992 @ 0x43d992 solex+0x2f617 @ 0x42f617 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x403f84 exception.symbol: solex+0x3f84 exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 16260 registers.esp: 505216800 registers.edi: 4551376 registers.eax: 2971490049 registers.ebp: 505216820 registers.edx: 2971490243 registers.ebx: 4210564 registers.esi: 4551400 registers.ecx: 4210564	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x3d992 @ 0x43d992 solex+0x2f617 @ 0x42f617 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x43f0ec exception.symbol: solex+0x3f0ec exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 258284 registers.esp: 505216800 registers.edi: 4551376 registers.eax: 2971490049 registers.ebp: 505216820 registers.edx: 2971490243 registers.ebx: 4452588 registers.esi: 4551408 registers.ecx: 4452588	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x3f104 @ 0x43f104 solex+0x3d992 @ 0x43d992 solex+0x2f617 @ 0x42f617 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x441fe7 exception.symbol: solex+0x41fe7 exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 270311 registers.esp: 505216744 registers.edi: 4633872 registers.eax: 2936121543 registers.ebp: 505216772 registers.edx: 2971490243 registers.ebx: 4452588 registers.esi: 0 registers.ecx: 4452588	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x425c8 @ 0x4425c8 solex+0x3f104 @ 0x43f104 solex+0x3d992 @ 0x43d992 solex+0x2f617 @ 0x42f617 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: ff 36 e8 59 00 00 00 59 85 c0 75 2f 83 c6 04 3b exception.symbol: solex+0x42023 exception.instruction: push dword ptr [esi] exception.module: solex.exe exception.exception_code: 0xc0000005 exception.offset: 270371 exception.address: 0x442023 registers.esp: 505216728 registers.edi: 4294967295 registers.eax: 2971490243 registers.ebp: 505216740 registers.edx: 2971490243 registers.ebx: 4634360 registers.esi: 4559064 registers.ecx: 3	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x4202a @ 0x44202a solex+0x425c8 @ 0x4425c8 solex+0x3f104 @ 0x43f104 solex+0x3d992 @ 0x43d992 solex+0x2f617 @ 0x42f617 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: 8b 1c 85 78 8b 45 00 56 68 00 08 00 00 6a 00 53 exception.symbol: solex+0x420a5 exception.instruction: mov ebx, dword ptr [eax*4 + 0x458b78] exception.module: solex.exe exception.exception_code: 0xc0000005 exception.offset: 270501 exception.address: 0x4420a5 registers.esp: 505216708 registers.edi: 4634232 registers.eax: 8 registers.ebp: 505216716 registers.edx: 2971490243 registers.ebx: 4634360 registers.esi: 4559064 registers.ecx: 0	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x419ee @ 0x4419ee solex+0x41b50 @ 0x441b50 solex+0x41c16 @ 0x441c16 solex+0x41e16 @ 0x441e16 solex+0x3d992 @ 0x43d992 solex+0x2f617 @ 0x42f617 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x449519 exception.symbol: solex+0x49519 exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 300313 registers.esp: 505216640 registers.edi: 10336312 registers.eax: 4628968 registers.ebp: 505216648 registers.edx: 2130328564 registers.ebx: 0 registers.esi: 87 registers.ecx: 505216760	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x3d992 @ 0x43d992 solex+0x2f617 @ 0x42f617 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x440245 exception.symbol: solex+0x40245 exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 262725 registers.esp: 505216768 registers.edi: 10336312 registers.eax: 0 registers.ebp: 505216820 registers.edx: 0 registers.ebx: 0 registers.esi: 87 registers.ecx: 4463105	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x3d992 @ 0x43d992 solex+0x2f617 @ 0x42f617 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x443504 exception.symbol: solex+0x43504 exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 275716 registers.esp: 505216800 registers.edi: 4551376 registers.eax: 10336257 registers.ebp: 505216820 registers.edx: 87 registers.ebx: 4470020 registers.esi: 4551440 registers.ecx: 4470020	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x4733b @ 0x44733b solex+0x3d992 @ 0x43d992 solex+0x2f617 @ 0x42f617 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x446fbc exception.symbol: solex+0x46fbc exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 290748 registers.esp: 505216764 registers.edi: 4551376 registers.eax: 4630400 registers.ebp: 505216784 registers.edx: 87 registers.ebx: 4485929 registers.esi: 4551456 registers.ecx: 4486120	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x4728a @ 0x44728a solex+0x4733b @ 0x44733b solex+0x3d992 @ 0x43d992 solex+0x2f617 @ 0x42f617 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x431ffd exception.symbol: solex+0x31ffd exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 204797 registers.esp: 505216684 registers.edi: 10368416 registers.eax: 0 registers.ebp: 505216744 registers.edx: 0 registers.ebx: 1252 registers.esi: 10368248 registers.ecx: 241	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x4712f @ 0x44712f solex+0x475c6 @ 0x4475c6 solex+0x4728a @ 0x44728a solex+0x4733b @ 0x44733b solex+0x3d992 @ 0x43d992 solex+0x2f617 @ 0x42f617 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x430bf0 exception.symbol: solex+0x30bf0 exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 199664 registers.esp: 505214248 registers.edi: 1 registers.eax: 1 registers.ebp: 505214816 registers.edx: 3016362 registers.ebx: 512 registers.esi: 505214264 registers.ecx: 1969884928	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x475c6 @ 0x4475c6 solex+0x4728a @ 0x44728a solex+0x4733b @ 0x44733b solex+0x3d992 @ 0x43d992 solex+0x2f617 @ 0x42f617 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x44485c exception.symbol: solex+0x4485c exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 280668 registers.esp: 505214784 registers.edi: 256 registers.eax: 505216428 registers.ebp: 505216688 registers.edx: 3016362 registers.ebx: 0 registers.esi: 10368248 registers.ecx: 2971490243	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x46eb6 @ 0x446eb6 solex+0x47312 @ 0x447312 solex+0x4733b @ 0x44733b solex+0x3d992 @ 0x43d992 solex+0x2f617 @ 0x42f617 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x44e7e6 exception.symbol: solex+0x4e7e6 exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 321510 registers.esp: 505216644 registers.edi: 0 registers.eax: 10368260 registers.ebp: 505216712 registers.edx: 505214200 registers.ebx: 0 registers.esi: 505216772 registers.ecx: 505216772	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: 39 05 50 dd 46 00 0f 95 c0 c3 cc cc cc cc cc cc exception.symbol: solex+0x2fb9f exception.instruction: cmp dword ptr [0x46dd50], eax exception.module: solex.exe exception.exception_code: 0xc0000005 exception.offset: 195487 exception.address: 0x42fb9f registers.esp: 505216844 registers.edi: 0 registers.eax: 0 registers.ebp: 505216904 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 1	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x2f659 @ 0x42f659 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x43ee1f exception.symbol: solex+0x3ee1f exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 257567 registers.esp: 505216804 registers.edi: 4388166 registers.eax: 0 registers.ebp: 505216836 registers.edx: 0 registers.ebx: 0 registers.esi: 4535664 registers.ecx: 4635228	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x2f659 @ 0x42f659 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x40dddb exception.symbol: solex+0xdddb exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 56795 registers.esp: 505216804 registers.edi: 4388166 registers.eax: 4633868 registers.ebp: 505216836 registers.edx: 0 registers.ebx: 0 registers.esi: 4633868 registers.ecx: 4635228	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x2f659 @ 0x42f659 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x40bb08 exception.symbol: solex+0xbb08 exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 47880 registers.esp: 505216812 registers.edi: 4388166 registers.eax: 0 registers.ebp: 505216836 registers.edx: 2971490243 registers.ebx: 0 registers.esi: 4535664 registers.ecx: 4390208	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x2fcca @ 0x42fcca solex+0x2f659 @ 0x42f659 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x44ac70 exception.symbol: solex+0x4ac70 exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 306288 registers.esp: 505216780 registers.edi: 4388166 registers.eax: 65536 registers.ebp: 505216796 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 196608	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x2f659 @ 0x42f659 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x40480a exception.symbol: solex+0x480a exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 18442 registers.esp: 505216812 registers.edi: 4388330 registers.eax: 0 registers.ebp: 505216836 registers.edx: 10107164 registers.ebx: 0 registers.esi: 4535668 registers.ecx: 4388330	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x2f659 @ 0x42f659 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x44f6b4 exception.symbol: solex+0x4f6b4 exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 325300 registers.esp: 505216820 registers.edi: 4519604 registers.eax: 0 registers.ebp: 505216836 registers.edx: 4294963696 registers.ebx: 0 registers.esi: 4535688 registers.ecx: 4519604	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x2f659 @ 0x42f659 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x44bce4 exception.symbol: solex+0x4bce4 exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 310500 registers.esp: 505216820 registers.edi: 4504804 registers.eax: 0 registers.ebp: 505216836 registers.edx: 4294963696 registers.ebx: 0 registers.esi: 4535692 registers.ecx: 4504804	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x2f67f @ 0x42f67f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x4014a2 exception.symbol: solex+0x14a2 exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 5282 registers.esp: 505216812 registers.edi: 2 registers.eax: 4199586 registers.ebp: 505216836 registers.edx: 2130328564 registers.ebx: 60 registers.esi: 4535424 registers.ecx: 4199586	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x2f67f @ 0x42f67f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x402213 exception.symbol: solex+0x2213 exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 8723 registers.esp: 505216800 registers.edi: 7 registers.eax: 4198400 registers.ebp: 505216836 registers.edx: 10122768 registers.ebx: 60 registers.esi: 4636896 registers.ecx: 4636896	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x1f75 @ 0x401f75 solex+0x2f67f @ 0x42f67f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: 83 61 10 00 8b c1 83 61 14 00 c3 55 8b ec 53 56 exception.symbol: solex+0x31e7 exception.instruction: and dword ptr [ecx + 0x10], 0 exception.module: solex.exe exception.exception_code: 0xc0000005 exception.offset: 12775 exception.address: 0x4031e7 registers.esp: 505216772 registers.edi: 7 registers.eax: 4198400 registers.ebp: 505216796 registers.edx: 10122768 registers.ebx: 60 registers.esi: 4636896 registers.ecx: 4636896	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x1049 @ 0x401049 solex+0x2f67f @ 0x42f67f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x439546 exception.symbol: solex+0x39546 exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 234822 registers.esp: 505216792 registers.edi: 10 registers.eax: 4198466 registers.ebp: 505216800 registers.edx: 10122768 registers.ebx: 60 registers.esi: 4535456 registers.ecx: 4198466	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x2f67f @ 0x42f67f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x4510f8 exception.symbol: solex+0x510f8 exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 332024 registers.esp: 505216800 registers.edi: 11 registers.eax: 4531776 registers.ebp: 505216836 registers.edx: 10122768 registers.ebx: 60 registers.esi: 4535460 registers.ecx: 4198480	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x2f67f @ 0x42f67f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x41747d exception.symbol: solex+0x1747d exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 95357 registers.esp: 505216808 registers.edi: 16 registers.eax: 4198590 registers.ebp: 505216836 registers.edx: 10223504 registers.ebx: 60 registers.esi: 4535480 registers.ecx: 4637240	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x250c @ 0x40250c solex+0x20a4 @ 0x4020a4 solex+0x17496 @ 0x417496 solex+0x10c8 @ 0x4010c8 solex+0x2f67f @ 0x42f67f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: 80 38 00 75 04 33 c0 5d c3 8d 50 01 8a 08 40 84 exception.symbol: solex+0x15e0 exception.instruction: cmp byte ptr [eax], 0 exception.module: solex.exe exception.exception_code: 0xc0000005 exception.offset: 5600 exception.address: 0x4015e0 registers.esp: 505216744 registers.edi: 4584660 registers.eax: 4584660 registers.ebp: 505216744 registers.edx: 10223504 registers.ebx: 4637240 registers.esi: 4637240 registers.ecx: 4637240	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x10c8 @ 0x4010c8 solex+0x2f67f @ 0x42f67f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x405220 exception.symbol: solex+0x5220 exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 21024 registers.esp: 505216780 registers.edi: 4584659 registers.eax: 4637240 registers.ebp: 505216804 registers.edx: 505290620 registers.ebx: 4637240 registers.esi: 0 registers.ecx: 4637240	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: solex+0x2f67f @ 0x42f67f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.address: 0x4080db exception.symbol: solex+0x80db exception.exception_code: 0xc0000005 exception.module: solex.exe exception.offset: 32987 registers.esp: 505216808 registers.edi: 21 registers.eax: 4198704 registers.ebp: 505216836 registers.edx: 505290620 registers.ebx: 60 registers.esi: 4535500 registers.ecx: 4198704	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x75696753 GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x75671f1c solex+0x13bd @ 0x4013bd solex+0x2f67f @ 0x42f67f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: 8a 10 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f exception.symbol: RtlInitAnsiStringEx+0x1f _aulldvrm-0xc6 ntdll+0x2f7ba exception.instruction: mov dl, byte ptr [eax] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 194490 exception.address: 0x77b0f7ba registers.esp: 505216744 registers.edi: 50 registers.eax: 4610312 registers.ebp: 505216748 registers.edx: 2971490243 registers.ebx: 60 registers.esi: 4610313 registers.ecx: 505216764	1
__exception__ Aug. 24, 2021, 8:58 a.m.	stacktrace: LoadLibraryA+0x1b HeapCreate-0x3b kernel32+0x149f2 @ 0x76a449f2 solex+0x1495 @ 0x401495 solex+0x2f67f @ 0x42f67f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: 8a 27 83 c7 01 3a e0 74 ee 2c 41 3c 1a 1a c9 80 exception.symbol: _strcmpi+0x40 LdrpResGetMappingSize-0x203 ntdll+0x3c7f9 exception.instruction: mov ah, byte ptr [edi] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 247801 exception.address: 0x77b1c7f9 registers.esp: 505216756 registers.edi: 4588800 registers.eax: 4199540 registers.ebp: 505216768 registers.edx: 2130328564 registers.ebx: 60 registers.esi: 1990478353 registers.ecx: 4199557	1

Connects to a Dynamic DNS Domain (2 events)

domain	s-wave.duckdns.org
domain	s-bins.duckdns.org

Performs some HTTP requests (1 event)

request

GET http://s-bins.duckdns.org/Remcos_S_ttbtMhtE31.bin

Allocates read-write-execute memory (usually to unpack itself) (4 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Aug. 24, 2021, 8:56 a.m.	process_identifier: 2620 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f92000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 24, 2021, 8:57 a.m.	process_identifier: 2620 region_size: 77824 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00800000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 24, 2021, 8:57 a.m.	process_identifier: 2620 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 876544 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x77af0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 24, 2021, 8:58 a.m.	process_identifier: 1108 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 876544 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x77af0000 process_handle: 0xffffffff	1

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Aug. 24, 2021, 8:56 a.m.	process_identifier: 2620 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 24576 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x00360000 process_handle: 0xffffffff	1	0	0

Enumerates services, possibly for anti-virtualization (1 event)

Time & API	Arguments	Status	Return	Repeated
EnumServicesStatusA Aug. 24, 2021, 8:57 a.m.	service_handle: 0x00854040 service_type: 48 service_status: 3		0	0

File has been identified by 23 AntiVirus engines on VirusTotal as malicious (23 events)

Bkav	W32.AIDetect.malware2
Lionic	Trojan.Multi.Generic.4!c
Elastic	malicious (high confidence)
McAfee	Artemis!60A55D0C6CBA
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (W)
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/GenKryptik.FJKT
APEX	Malicious
Paloalto	generic.ml
Kaspersky	UDS:DangerousObject.Multi.Generic
Avast	FileRepMalware
McAfee-GW-Edition	BehavesLike.Win32.Trojan.ch
FireEye	Generic.mg.60a55d0c6cba71cd
SentinelOne	Static AI - Malicious PE
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)
ZoneAlarm	UDS:DangerousObject.Multi.Generic
Microsoft	PWS:Win32/Fareit!ml
Cynet	Malicious (score: 100)
Cylance	Unsafe
eGambit	Unsafe.AI_Score_99%
BitDefenderTheta	Gen:NN.ZevbaF.34088.hm0@amvrulgO
AVG	FileRepMalware

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (22 events)

dead_host	192.168.56.102:49172
dead_host	192.168.56.102:49167
dead_host	192.168.56.102:49176
dead_host	192.168.56.102:49171
dead_host	192.168.56.102:49180
dead_host	23.146.242.67:1111
dead_host	192.168.56.102:49175
dead_host	192.168.56.102:49186
dead_host	192.168.56.102:49166
dead_host	192.168.56.102:49179
dead_host	192.168.56.102:49170
dead_host	192.168.56.102:49183
dead_host	192.168.56.102:49174
dead_host	192.168.56.102:49178
dead_host	192.168.56.102:49185
dead_host	192.168.56.102:49182
dead_host	192.168.56.102:49169
dead_host	192.168.56.102:49173
dead_host	192.168.56.102:49184
dead_host	192.168.56.102:49177
dead_host	192.168.56.102:49188
dead_host	192.168.56.102:49168

solex.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All