Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 1, 2021, 9:31 a.m.	Sept. 1, 2021, 9:36 a.m.

Size	3.1MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`61ed372e749496ecbb31e17bc90a0422`
SHA256	`4c4e8920ac22f97ac6c372923023d1d6f2fe32fb822d929357eec16cd41e63f7`
CRC32	`A6C4476A`
ssdeep	`49152:G5K1cLEBvZcznCm0SvO9tD13OxtlzRvYgFXpuHQoz07Vj+//vsv1D36aGzuEH2WZ:G5fwlZgntvotD13OlzRvfn6//UwzuEJ1`
PDB Path	D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check Win32_WinRAR_SFX_Zero - Win32 WinRAR SFX Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)

Glary_Utilities.exe "C:\Users\test22\AppData\Local\Temp\Glary_Utilities.exe"
204
- 65324435278.exe "C:\Users\test22\AppData\Local\Temp\RarSFX0\65324435278.exe"
  2856
  - RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe"
    804

Name	Response	Post-Analysis Lookup
dns16-microsoft-health.com	A 45.137.152.34	45.137.152.34

IP Address	Status	Action
164.124.101.2	Active	Moloch
45.137.152.34	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (2 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Sept. 1, 2021, 9:32 a.m.			0	0
IsDebuggerPresent Sept. 1, 2021, 9:32 a.m.			0	0

Uses Windows APIs to generate a cryptographic key (3 events)

Time & API	Arguments	Status	Return
CryptExportKey Sept. 1, 2021, 9:32 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00842528 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 1, 2021, 9:32 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00842528 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 1, 2021, 9:32 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00842568 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

This executable has a PDB path (1 event)

pdb_path

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 1, 2021, 9:32 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.gfids

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

PNG

One or more processes crashed (50 out of 12653 events)

Time & API	Arguments	Status
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x193d exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6461 exception.address: 0x40193d registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x193e exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6462 exception.address: 0x40193e registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x193f exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6463 exception.address: 0x40193f registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x1940 exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6464 exception.address: 0x401940 registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x1941 exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6465 exception.address: 0x401941 registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x1942 exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6466 exception.address: 0x401942 registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x1943 exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6467 exception.address: 0x401943 registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x1944 exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6468 exception.address: 0x401944 registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x1945 exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6469 exception.address: 0x401945 registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x1946 exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6470 exception.address: 0x401946 registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x1947 exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6471 exception.address: 0x401947 registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x1948 exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6472 exception.address: 0x401948 registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x1949 exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6473 exception.address: 0x401949 registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x194a exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6474 exception.address: 0x40194a registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x194b exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6475 exception.address: 0x40194b registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x194c exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6476 exception.address: 0x40194c registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x194d exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6477 exception.address: 0x40194d registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x194e exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6478 exception.address: 0x40194e registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x194f exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6479 exception.address: 0x40194f registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x1950 exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6480 exception.address: 0x401950 registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x1951 exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6481 exception.address: 0x401951 registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x1952 exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6482 exception.address: 0x401952 registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x1953 exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6483 exception.address: 0x401953 registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x1954 exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6484 exception.address: 0x401954 registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x1955 exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6485 exception.address: 0x401955 registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x1956 exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6486 exception.address: 0x401956 registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x1957 exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6487 exception.address: 0x401957 registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x1958 exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6488 exception.address: 0x401958 registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x1959 exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6489 exception.address: 0x401959 registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x195a exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6490 exception.address: 0x40195a registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x195b exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6491 exception.address: 0x40195b registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x195c exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6492 exception.address: 0x40195c registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x195d exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6493 exception.address: 0x40195d registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x195e exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6494 exception.address: 0x40195e registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x195f exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6495 exception.address: 0x40195f registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x1960 exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6496 exception.address: 0x401960 registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x1961 exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6497 exception.address: 0x401961 registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x1962 exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6498 exception.address: 0x401962 registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x1963 exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6499 exception.address: 0x401963 registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x1964 exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6500 exception.address: 0x401964 registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x1965 exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6501 exception.address: 0x401965 registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x1966 exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6502 exception.address: 0x401966 registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ec exception.symbol: 65324435278+0x1967 exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6503 exception.address: 0x401967 registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ec 00 exception.symbol: 65324435278+0x1968 exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6504 exception.address: 0x401968 registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 ec 00 00 exception.symbol: 65324435278+0x1969 exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6505 exception.address: 0x401969 registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 ec 00 00 00 exception.symbol: 65324435278+0x196a exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6506 exception.address: 0x40196a registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 ec 00 00 00 00 exception.symbol: 65324435278+0x196b exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6507 exception.address: 0x40196b registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 ec 00 00 00 00 00 exception.symbol: 65324435278+0x196c exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6508 exception.address: 0x40196c registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 00 ec 00 00 00 00 00 00 exception.symbol: 65324435278+0x196d exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6509 exception.address: 0x40196d registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 1, 2021, 9:31 a.m.	stacktrace: EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048 BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981 ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600 65324435278+0x2466 @ 0x402466 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 00 00 00 00 00 00 00 00 ec 00 00 00 00 00 00 00 exception.symbol: 65324435278+0x196e exception.instruction: add byte ptr [eax], al exception.module: 65324435278.exe exception.exception_code: 0xc0000005 exception.offset: 6510 exception.address: 0x40196e registers.esp: 1637384 registers.edi: 1 registers.eax: 0 registers.ebp: 1637724 registers.edx: 1923237542 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Allocates read-write-execute memory (usually to unpack itself) (50 out of 55 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Sept. 1, 2021, 9:31 a.m.	process_identifier: 204 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x736f2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 1, 2021, 9:31 a.m.	process_identifier: 2856 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x736f2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 1, 2021, 9:31 a.m.	process_identifier: 2856 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 1, 2021, 9:31 a.m.	process_identifier: 2856 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x773bf000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 1, 2021, 9:31 a.m.	process_identifier: 2856 region_size: 20480 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02380000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002a0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x773bf000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72072000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 region_size: 1769472 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00cd0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00e40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x70ba2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7054b000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x70561000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x70562000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 region_size: 2293760 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x029e0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02bd0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00492000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00505000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0050b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00507000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004ac000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x71ffa000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004b6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007a1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004ba000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004b7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6c7df000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0049a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6c6e1000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004bb000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004aa000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004bc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 region_size: 327680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef50000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef58000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef40000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6c591000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6c571000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76891000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x77371000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6c561000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6c501000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6c4b1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6c4a1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6c481000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004b8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 1, 2021, 9:32 a.m.	process_identifier: 804 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6c3f1000 process_handle: 0xffffffff	1

A process attempted to delay the analysis task. (1 event)

description

RegAsm.exe tried to sleep 276 seconds, actually delayed analysis time by 276 seconds

Creates executable files on the filesystem (4 events)

file	C:\Users\test22\AppData\Local\Temp\RarSFX0\mscortim.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\47433272457.exe
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\65324435278.exe
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\5634623465868.exe

Drops a binary and executes it (1 event)

file	C:\Users\test22\AppData\Local\Temp\RarSFX0\65324435278.exe

Drops an executable to the user AppData folder (4 events)

file	C:\Users\test22\AppData\Local\Temp\RarSFX0\5634623465868.exe
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\47433272457.exe
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\mscortim.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\65324435278.exe

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 1, 2021, 9:31 a.m.	process_identifier: 2856 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 24576 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x003b0000 process_handle: 0xffffffff	1	0	0

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses Sept. 1, 2021, 9:32 a.m.	flags: 15 family: 0		111	0

Yara rule detected in process memory (9 events)

description	Virtual currency	rule	Virtual_currency_Zero
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep

Terminates another process (2 events)

Time & API	Arguments	Status	Return	Repeated
NtTerminateProcess Sept. 1, 2021, 9:31 a.m.	status_code: 0x00000000 process_identifier: 1120 process_handle: 0x000000ec		0	0
NtTerminateProcess Sept. 1, 2021, 9:31 a.m.	status_code: 0x00000000 process_identifier: 1120 process_handle: 0x000000ec	1	0	0

One or more of the buffers contains an embedded PE file (1 event)

buffer

Buffer with sha1: f86a7c8050dd98980838e90e27b53f11f91f8b55

Manipulates memory of a non-child process indicative of process injection (3 events)

Time & API	Arguments	Return	Repeated
Process injection	Process 2856 manipulating memory of non-child process 1120
NtUnmapViewOfSection Sept. 1, 2021, 9:31 a.m.	base_address: 0x00400000 region_size: 118784 process_identifier: 1120 process_handle: 0x000000ec	3221225497	0
NtMapViewOfSection Sept. 1, 2021, 9:31 a.m.	section_handle: 0x000000e0 process_identifier: 1120 commit_size: 0 win32_protect: 64 (PAGE_EXECUTE_READWRITE) buffer: base_address: 0x00400000 allocation_type: 0 () section_offset: 0 view_size: 133108 process_handle: 0x000000ec	3221225496	0

Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2856 called NtSetContextThread to modify thread in remote process 804
NtSetContextThread Sept. 1, 2021, 9:31 a.m.	registers.eip: 4317184 registers.esp: 3930792 registers.edi: 0 registers.eax: 4296642 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 2000355780 thread_handle: 0x000000f4 process_identifier: 804	1	0	0

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2856 resumed a thread in remote process 804
NtResumeThread Sept. 1, 2021, 9:31 a.m.	thread_handle: 0x000000f4 suspend_count: 1 process_identifier: 804	1	0	0

Executed a process and injected code into it, probably while unpacking (16 events)

Time & API	Arguments	Status	Return
NtResumeThread Sept. 1, 2021, 9:31 a.m.	thread_handle: 0x00000180 suspend_count: 1 process_identifier: 204	1	0
CreateProcessInternalW Sept. 1, 2021, 9:31 a.m.	thread_identifier: 1452 thread_handle: 0x000002e0 process_identifier: 2856 current_directory: C:\Users\test22\AppData\Local\Temp\RarSFX0 filepath: C:\Users\test22\AppData\Local\Temp\RarSFX0\65324435278.exe track: 1 command_line: "C:\Users\test22\AppData\Local\Temp\RarSFX0\65324435278.exe" filepath_r: C:\Users\test22\AppData\Local\Temp\RarSFX0\65324435278.exe stack_pivoted: 0 creation_flags: 67634196 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_SUSPENDED\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x000002e8	1	1
CreateProcessInternalW Sept. 1, 2021, 9:31 a.m.	thread_identifier: 2840 thread_handle: 0x000000e8 process_identifier: 1120 current_directory: filepath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe track: 1 command_line: filepath_r: C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x000000ec	1	1
NtGetContextThread Sept. 1, 2021, 9:31 a.m.	thread_handle: 0x000000e8	1	0
NtUnmapViewOfSection Sept. 1, 2021, 9:31 a.m.	base_address: 0x00400000 region_size: 118784 process_identifier: 1120 process_handle: 0x000000ec		3221225497
NtMapViewOfSection Sept. 1, 2021, 9:31 a.m.	section_handle: 0x000000e0 process_identifier: 1120 commit_size: 0 win32_protect: 64 (PAGE_EXECUTE_READWRITE) buffer: base_address: 0x00400000 allocation_type: 0 () section_offset: 0 view_size: 133108 process_handle: 0x000000ec		3221225496
CreateProcessInternalW Sept. 1, 2021, 9:31 a.m.	thread_identifier: 260 thread_handle: 0x000000f4 process_identifier: 804 current_directory: filepath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe track: 1 command_line: filepath_r: C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x000000f0	1	1
NtGetContextThread Sept. 1, 2021, 9:31 a.m.	thread_handle: 0x000000f4	1	0
NtUnmapViewOfSection Sept. 1, 2021, 9:31 a.m.	base_address: 0x00400000 region_size: 8060928 process_identifier: 804 process_handle: 0x000000f0		3221225497
NtMapViewOfSection Sept. 1, 2021, 9:31 a.m.	section_handle: 0x000000e0 process_identifier: 804 commit_size: 0 win32_protect: 64 (PAGE_EXECUTE_READWRITE) buffer: base_address: 0x00400000 allocation_type: 0 () section_offset: 0 view_size: 135168 process_handle: 0x000000f0	1	0
NtSetContextThread Sept. 1, 2021, 9:31 a.m.	registers.eip: 4317184 registers.esp: 3930792 registers.edi: 0 registers.eax: 4296642 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 2000355780 thread_handle: 0x000000f4 process_identifier: 804	1	0
NtResumeThread Sept. 1, 2021, 9:31 a.m.	thread_handle: 0x000000f4 suspend_count: 1 process_identifier: 804	1	0
NtResumeThread Sept. 1, 2021, 9:32 a.m.	thread_handle: 0x00000194 suspend_count: 1 process_identifier: 804	1	0
NtResumeThread Sept. 1, 2021, 9:32 a.m.	thread_handle: 0x00000204 suspend_count: 1 process_identifier: 804	1	0
NtResumeThread Sept. 1, 2021, 9:32 a.m.	thread_handle: 0x00000240 suspend_count: 1 process_identifier: 804	1	0
NtResumeThread Sept. 1, 2021, 9:32 a.m.	thread_handle: 0x000003e0 suspend_count: 1 process_identifier: 804	1	0

File has been identified by 34 AntiVirus engines on VirusTotal as malicious (34 events)

Bkav	W32.AIDetect.malware2
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.46871978
FireEye	Generic.mg.61ed372e749496ec
ALYac	Trojan.GenericKD.46871978
Cylance	Unsafe
Alibaba	Trojan:Win32/Remcos.4e662129
K7GW	Trojan ( 005815481 )
Cybereason	malicious.3f0142
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win32/GenKryptik.FJIT
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Trojan-PSW.MSIL.Reline.gne
BitDefender	Trojan.GenericKD.46871978
Avast	Win32:MalwareX-gen [Trj]
Rising	Trojan.Injector!1.C6AF (CLASSIC)
Ad-Aware	Trojan.GenericKD.46871978
Sophos	Mal/Generic-S
McAfee-GW-Edition	BehavesLike.Win32.Generic.wc
Emsisoft	Trojan.GenericKD.46871978 (B)
MAX	malware (ai score=81)
Microsoft	Trojan:Win32/Remcos.ARK!MTB
ZoneAlarm	Trojan-PSW.MSIL.Reline.gne
GData	Trojan.GenericKD.46871978
Cynet	Malicious (score: 100)
McAfee	Artemis!61ED372E7494
VBA32	BScope.TrojanPSW.Stelega
Malwarebytes	Backdoor.Remcos
Yandex	Trojan.Agent!gBuU069AxVE
SentinelOne	Static AI - Suspicious SFX
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/GenKryptik.FJIT!tr
AVG	Win32:MalwareX-gen [Trj]

Glary_Utilities.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All