Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Sept. 25, 2021, 10:44 a.m.	Sept. 25, 2021, 10:46 a.m.

Size	3.0MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`cb2519c7618babe98a785cd7bd1485b4`
SHA256	`c18804ac4abfb502a22a55644ff96ee944b3b311154e300517ba2f8b2e437055`
CRC32	`837D18CD`
ssdeep	`24576:zCi8kgvcDLZthdivZE4q5FYrzuBhXq78fktBgSnJ9MaSfUz4Pf4zV1KQpeKr12lP:esgvqAr4XEtKSJ9MKz4If1ZOjtd9i`
Yara	Malicious_Packer_Zero - Malicious Packer UPX_Zero - UPX packed file Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)

file.exe "C:\Users\test22\AppData\Local\Temp\file.exe"
1944
- cmd.exe "C:\Windows\system32\cmd.exe"
  1628

Name	Response	Post-Analysis Lookup
dnsresolver-005.top	A 104.21.47.211 A 172.67.172.172	104.21.47.211

IP Address	Status	Action
164.124.101.2	Active	Moloch
172.67.172.172	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.102:52062 -> 164.124.101.2:53	2023883	ET DNS Query to a *.top domain - Likely Hostile	Potentially Bad Traffic
TCP 192.168.56.102:49164 -> 172.67.172.172:80	2023882	ET INFO HTTP Request to a *.top domain	Potentially Bad Traffic
TCP 192.168.56.102:49180 -> 172.67.172.172:80	2023882	ET INFO HTTP Request to a *.top domain	Potentially Bad Traffic
TCP 192.168.56.102:49187 -> 172.67.172.172:80	2023882	ET INFO HTTP Request to a *.top domain	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW Sept. 25, 2021, 10:44 a.m.	computer_name: TEST22-PC	1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 events)

section	.itext
section	.didata

The executable uses a known packer (1 event)

packer

BobSoft Mini Delphi -> BoB / BobSoft

One or more processes crashed (24 events)

Time & API	Arguments	Status
__exception__ Sept. 25, 2021, 10:44 a.m.	stacktrace: TMethodImplementationIntercept+0x16c98c dbkFCallWrapperAddr-0x5e37c file+0x2442c0 @ 0x6442c0 TMethodImplementationIntercept+0x170a3d dbkFCallWrapperAddr-0x5a2cb file+0x248371 @ 0x648371 TMethodImplementationIntercept+0x16c5b8 dbkFCallWrapperAddr-0x5e750 file+0x243eec @ 0x643eec TMethodImplementationIntercept+0x1ada80 dbkFCallWrapperAddr-0x1d288 file+0x2853b4 @ 0x6853b4 TMethodImplementationIntercept+0x1b02fd dbkFCallWrapperAddr-0x1aa0b file+0x287c31 @ 0x687c31 TMethodImplementationIntercept+0x1b07cd dbkFCallWrapperAddr-0x1a53b file+0x288101 @ 0x688101 TMethodImplementationIntercept+0x1abbcc dbkFCallWrapperAddr-0x1f13c file+0x283500 @ 0x683500 TMethodImplementationIntercept+0x1ac399 dbkFCallWrapperAddr-0x1e96f file+0x283ccd @ 0x683ccd TMethodImplementationIntercept+0x1ac4ae dbkFCallWrapperAddr-0x1e85a file+0x283de2 @ 0x683de2 TMethodImplementationIntercept+0x1b11a2 dbkFCallWrapperAddr-0x19b66 file+0x288ad6 @ 0x688ad6 TMethodImplementationIntercept+0x1b1811 dbkFCallWrapperAddr-0x194f7 file+0x289145 @ 0x689145 __dbk_fcall_wrapper+0x6e2ae TMethodImplementationIntercept-0x58ef2 file+0x7ea42 @ 0x47ea42 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x7557788a TMethodImplementationIntercept+0x11be74 dbkFCallWrapperAddr-0xaee94 file+0x1f37a8 @ 0x5f37a8 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7566b727 registers.esp: 1636968 registers.edi: 6585040 registers.eax: 1636968 registers.ebp: 1637048 registers.edx: 0 registers.ebx: 6283009 registers.esi: 33611248 registers.ecx: 7	1
__exception__ Sept. 25, 2021, 10:44 a.m.	stacktrace: TMethodImplementationIntercept+0x16c98c dbkFCallWrapperAddr-0x5e37c file+0x2442c0 @ 0x6442c0 TMethodImplementationIntercept+0x170a3d dbkFCallWrapperAddr-0x5a2cb file+0x248371 @ 0x648371 TMethodImplementationIntercept+0x16c5b8 dbkFCallWrapperAddr-0x5e750 file+0x243eec @ 0x643eec TMethodImplementationIntercept+0x1ada80 dbkFCallWrapperAddr-0x1d288 file+0x2853b4 @ 0x6853b4 TMethodImplementationIntercept+0x1b02fd dbkFCallWrapperAddr-0x1aa0b file+0x287c31 @ 0x687c31 TMethodImplementationIntercept+0x1b07cd dbkFCallWrapperAddr-0x1a53b file+0x288101 @ 0x688101 TMethodImplementationIntercept+0x1abbcc dbkFCallWrapperAddr-0x1f13c file+0x283500 @ 0x683500 TMethodImplementationIntercept+0x1ac399 dbkFCallWrapperAddr-0x1e96f file+0x283ccd @ 0x683ccd TMethodImplementationIntercept+0x1ac4ae dbkFCallWrapperAddr-0x1e85a file+0x283de2 @ 0x683de2 TMethodImplementationIntercept+0x1b164b dbkFCallWrapperAddr-0x196bd file+0x288f7f @ 0x688f7f TMethodImplementationIntercept+0x1b184c dbkFCallWrapperAddr-0x194bc file+0x289180 @ 0x689180 __dbk_fcall_wrapper+0x6e2ae TMethodImplementationIntercept-0x58ef2 file+0x7ea42 @ 0x47ea42 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x7557788a TMethodImplementationIntercept+0x11be74 dbkFCallWrapperAddr-0xaee94 file+0x1f37a8 @ 0x5f37a8 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7566b727 registers.esp: 1636968 registers.edi: 6585040 registers.eax: 1636968 registers.ebp: 1637048 registers.edx: 0 registers.ebx: 6283009 registers.esi: 33424608 registers.ecx: 7	1
__exception__ Sept. 25, 2021, 10:44 a.m.	stacktrace: TMethodImplementationIntercept+0x16c98c dbkFCallWrapperAddr-0x5e37c file+0x2442c0 @ 0x6442c0 TMethodImplementationIntercept+0x170a3d dbkFCallWrapperAddr-0x5a2cb file+0x248371 @ 0x648371 TMethodImplementationIntercept+0x16c5b8 dbkFCallWrapperAddr-0x5e750 file+0x243eec @ 0x643eec TMethodImplementationIntercept+0x1ada80 dbkFCallWrapperAddr-0x1d288 file+0x2853b4 @ 0x6853b4 TMethodImplementationIntercept+0x1b02fd dbkFCallWrapperAddr-0x1aa0b file+0x287c31 @ 0x687c31 TMethodImplementationIntercept+0x1b07cd dbkFCallWrapperAddr-0x1a53b file+0x288101 @ 0x688101 TMethodImplementationIntercept+0x1abbcc dbkFCallWrapperAddr-0x1f13c file+0x283500 @ 0x683500 TMethodImplementationIntercept+0x1ac399 dbkFCallWrapperAddr-0x1e96f file+0x283ccd @ 0x683ccd TMethodImplementationIntercept+0x1ac4ae dbkFCallWrapperAddr-0x1e85a file+0x283de2 @ 0x683de2 TMethodImplementationIntercept+0x1b1705 dbkFCallWrapperAddr-0x19603 file+0x289039 @ 0x689039 TMethodImplementationIntercept+0x1b184c dbkFCallWrapperAddr-0x194bc file+0x289180 @ 0x689180 __dbk_fcall_wrapper+0x6e2ae TMethodImplementationIntercept-0x58ef2 file+0x7ea42 @ 0x47ea42 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x7557788a TMethodImplementationIntercept+0x11be74 dbkFCallWrapperAddr-0xaee94 file+0x1f37a8 @ 0x5f37a8 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7566b727 registers.esp: 1636968 registers.edi: 6585040 registers.eax: 1636968 registers.ebp: 1637048 registers.edx: 0 registers.ebx: 6283009 registers.esi: 33424608 registers.ecx: 7	1
__exception__ Sept. 25, 2021, 10:44 a.m.	stacktrace: TMethodImplementationIntercept+0x16c98c dbkFCallWrapperAddr-0x5e37c file+0x2442c0 @ 0x6442c0 TMethodImplementationIntercept+0x170a3d dbkFCallWrapperAddr-0x5a2cb file+0x248371 @ 0x648371 TMethodImplementationIntercept+0x16c5b8 dbkFCallWrapperAddr-0x5e750 file+0x243eec @ 0x643eec TMethodImplementationIntercept+0x1ada80 dbkFCallWrapperAddr-0x1d288 file+0x2853b4 @ 0x6853b4 TMethodImplementationIntercept+0x1b02fd dbkFCallWrapperAddr-0x1aa0b file+0x287c31 @ 0x687c31 TMethodImplementationIntercept+0x1b07cd dbkFCallWrapperAddr-0x1a53b file+0x288101 @ 0x688101 TMethodImplementationIntercept+0x1abbcc dbkFCallWrapperAddr-0x1f13c file+0x283500 @ 0x683500 TMethodImplementationIntercept+0x1ac399 dbkFCallWrapperAddr-0x1e96f file+0x283ccd @ 0x683ccd TMethodImplementationIntercept+0x1ac4ae dbkFCallWrapperAddr-0x1e85a file+0x283de2 @ 0x683de2 TMethodImplementationIntercept+0x1b164b dbkFCallWrapperAddr-0x196bd file+0x288f7f @ 0x688f7f TMethodImplementationIntercept+0x1b184c dbkFCallWrapperAddr-0x194bc file+0x289180 @ 0x689180 __dbk_fcall_wrapper+0x6e2ae TMethodImplementationIntercept-0x58ef2 file+0x7ea42 @ 0x47ea42 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x7557788a TMethodImplementationIntercept+0x11be74 dbkFCallWrapperAddr-0xaee94 file+0x1f37a8 @ 0x5f37a8 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7566b727 registers.esp: 1636968 registers.edi: 6585040 registers.eax: 1636968 registers.ebp: 1637048 registers.edx: 0 registers.ebx: 6283009 registers.esi: 33424608 registers.ecx: 7	1
__exception__ Sept. 25, 2021, 10:44 a.m.	stacktrace: TMethodImplementationIntercept+0x16c98c dbkFCallWrapperAddr-0x5e37c file+0x2442c0 @ 0x6442c0 TMethodImplementationIntercept+0x170a3d dbkFCallWrapperAddr-0x5a2cb file+0x248371 @ 0x648371 TMethodImplementationIntercept+0x16c5b8 dbkFCallWrapperAddr-0x5e750 file+0x243eec @ 0x643eec TMethodImplementationIntercept+0x1ada80 dbkFCallWrapperAddr-0x1d288 file+0x2853b4 @ 0x6853b4 TMethodImplementationIntercept+0x1b02fd dbkFCallWrapperAddr-0x1aa0b file+0x287c31 @ 0x687c31 TMethodImplementationIntercept+0x1b07cd dbkFCallWrapperAddr-0x1a53b file+0x288101 @ 0x688101 TMethodImplementationIntercept+0x1abbcc dbkFCallWrapperAddr-0x1f13c file+0x283500 @ 0x683500 TMethodImplementationIntercept+0x1ac399 dbkFCallWrapperAddr-0x1e96f file+0x283ccd @ 0x683ccd TMethodImplementationIntercept+0x1ac4ae dbkFCallWrapperAddr-0x1e85a file+0x283de2 @ 0x683de2 TMethodImplementationIntercept+0x1b164b dbkFCallWrapperAddr-0x196bd file+0x288f7f @ 0x688f7f TMethodImplementationIntercept+0x1b184c dbkFCallWrapperAddr-0x194bc file+0x289180 @ 0x689180 __dbk_fcall_wrapper+0x6e2ae TMethodImplementationIntercept-0x58ef2 file+0x7ea42 @ 0x47ea42 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x7557788a TMethodImplementationIntercept+0x11be74 dbkFCallWrapperAddr-0xaee94 file+0x1f37a8 @ 0x5f37a8 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7566b727 registers.esp: 1636968 registers.edi: 6585040 registers.eax: 1636968 registers.ebp: 1637048 registers.edx: 0 registers.ebx: 6283009 registers.esi: 33424608 registers.ecx: 7	1
__exception__ Sept. 25, 2021, 10:44 a.m.	stacktrace: TMethodImplementationIntercept+0x16c98c dbkFCallWrapperAddr-0x5e37c file+0x2442c0 @ 0x6442c0 TMethodImplementationIntercept+0x170a3d dbkFCallWrapperAddr-0x5a2cb file+0x248371 @ 0x648371 TMethodImplementationIntercept+0x16c5b8 dbkFCallWrapperAddr-0x5e750 file+0x243eec @ 0x643eec TMethodImplementationIntercept+0x1ada80 dbkFCallWrapperAddr-0x1d288 file+0x2853b4 @ 0x6853b4 TMethodImplementationIntercept+0x1b02fd dbkFCallWrapperAddr-0x1aa0b file+0x287c31 @ 0x687c31 TMethodImplementationIntercept+0x1b07cd dbkFCallWrapperAddr-0x1a53b file+0x288101 @ 0x688101 TMethodImplementationIntercept+0x1abbcc dbkFCallWrapperAddr-0x1f13c file+0x283500 @ 0x683500 TMethodImplementationIntercept+0x1ac399 dbkFCallWrapperAddr-0x1e96f file+0x283ccd @ 0x683ccd TMethodImplementationIntercept+0x1ac4ae dbkFCallWrapperAddr-0x1e85a file+0x283de2 @ 0x683de2 TMethodImplementationIntercept+0x1b164b dbkFCallWrapperAddr-0x196bd file+0x288f7f @ 0x688f7f TMethodImplementationIntercept+0x1b184c dbkFCallWrapperAddr-0x194bc file+0x289180 @ 0x689180 __dbk_fcall_wrapper+0x6e2ae TMethodImplementationIntercept-0x58ef2 file+0x7ea42 @ 0x47ea42 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x7557788a TMethodImplementationIntercept+0x11be74 dbkFCallWrapperAddr-0xaee94 file+0x1f37a8 @ 0x5f37a8 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7566b727 registers.esp: 1636968 registers.edi: 6585040 registers.eax: 1636968 registers.ebp: 1637048 registers.edx: 0 registers.ebx: 6283009 registers.esi: 33424608 registers.ecx: 7	1
__exception__ Sept. 25, 2021, 10:44 a.m.	stacktrace: TMethodImplementationIntercept+0x16c98c dbkFCallWrapperAddr-0x5e37c file+0x2442c0 @ 0x6442c0 TMethodImplementationIntercept+0x170a3d dbkFCallWrapperAddr-0x5a2cb file+0x248371 @ 0x648371 TMethodImplementationIntercept+0x16c5b8 dbkFCallWrapperAddr-0x5e750 file+0x243eec @ 0x643eec TMethodImplementationIntercept+0x1ada80 dbkFCallWrapperAddr-0x1d288 file+0x2853b4 @ 0x6853b4 TMethodImplementationIntercept+0x1b02fd dbkFCallWrapperAddr-0x1aa0b file+0x287c31 @ 0x687c31 TMethodImplementationIntercept+0x1b07cd dbkFCallWrapperAddr-0x1a53b file+0x288101 @ 0x688101 TMethodImplementationIntercept+0x1abbcc dbkFCallWrapperAddr-0x1f13c file+0x283500 @ 0x683500 TMethodImplementationIntercept+0x1ac399 dbkFCallWrapperAddr-0x1e96f file+0x283ccd @ 0x683ccd TMethodImplementationIntercept+0x1ac4ae dbkFCallWrapperAddr-0x1e85a file+0x283de2 @ 0x683de2 TMethodImplementationIntercept+0x1b164b dbkFCallWrapperAddr-0x196bd file+0x288f7f @ 0x688f7f TMethodImplementationIntercept+0x1b184c dbkFCallWrapperAddr-0x194bc file+0x289180 @ 0x689180 __dbk_fcall_wrapper+0x6e2ae TMethodImplementationIntercept-0x58ef2 file+0x7ea42 @ 0x47ea42 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x7557788a TMethodImplementationIntercept+0x11be74 dbkFCallWrapperAddr-0xaee94 file+0x1f37a8 @ 0x5f37a8 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7566b727 registers.esp: 1636968 registers.edi: 6585040 registers.eax: 1636968 registers.ebp: 1637048 registers.edx: 0 registers.ebx: 6283009 registers.esi: 33424608 registers.ecx: 7	1
__exception__ Sept. 25, 2021, 10:44 a.m.	stacktrace: TMethodImplementationIntercept+0x16c98c dbkFCallWrapperAddr-0x5e37c file+0x2442c0 @ 0x6442c0 TMethodImplementationIntercept+0x170a3d dbkFCallWrapperAddr-0x5a2cb file+0x248371 @ 0x648371 TMethodImplementationIntercept+0x16c5b8 dbkFCallWrapperAddr-0x5e750 file+0x243eec @ 0x643eec TMethodImplementationIntercept+0x1ada80 dbkFCallWrapperAddr-0x1d288 file+0x2853b4 @ 0x6853b4 TMethodImplementationIntercept+0x1b02fd dbkFCallWrapperAddr-0x1aa0b file+0x287c31 @ 0x687c31 TMethodImplementationIntercept+0x1b07cd dbkFCallWrapperAddr-0x1a53b file+0x288101 @ 0x688101 TMethodImplementationIntercept+0x1abbcc dbkFCallWrapperAddr-0x1f13c file+0x283500 @ 0x683500 TMethodImplementationIntercept+0x1ac399 dbkFCallWrapperAddr-0x1e96f file+0x283ccd @ 0x683ccd TMethodImplementationIntercept+0x1ac4ae dbkFCallWrapperAddr-0x1e85a file+0x283de2 @ 0x683de2 TMethodImplementationIntercept+0x1b164b dbkFCallWrapperAddr-0x196bd file+0x288f7f @ 0x688f7f TMethodImplementationIntercept+0x1b184c dbkFCallWrapperAddr-0x194bc file+0x289180 @ 0x689180 __dbk_fcall_wrapper+0x6e2ae TMethodImplementationIntercept-0x58ef2 file+0x7ea42 @ 0x47ea42 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x7557788a TMethodImplementationIntercept+0x11be74 dbkFCallWrapperAddr-0xaee94 file+0x1f37a8 @ 0x5f37a8 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7566b727 registers.esp: 1636968 registers.edi: 6585040 registers.eax: 1636968 registers.ebp: 1637048 registers.edx: 0 registers.ebx: 6283009 registers.esi: 33424608 registers.ecx: 7	1
__exception__ Sept. 25, 2021, 10:44 a.m.	stacktrace: TMethodImplementationIntercept+0x16c98c dbkFCallWrapperAddr-0x5e37c file+0x2442c0 @ 0x6442c0 TMethodImplementationIntercept+0x170a3d dbkFCallWrapperAddr-0x5a2cb file+0x248371 @ 0x648371 TMethodImplementationIntercept+0x16c5b8 dbkFCallWrapperAddr-0x5e750 file+0x243eec @ 0x643eec TMethodImplementationIntercept+0x1ada80 dbkFCallWrapperAddr-0x1d288 file+0x2853b4 @ 0x6853b4 TMethodImplementationIntercept+0x1b02fd dbkFCallWrapperAddr-0x1aa0b file+0x287c31 @ 0x687c31 TMethodImplementationIntercept+0x1b07cd dbkFCallWrapperAddr-0x1a53b file+0x288101 @ 0x688101 TMethodImplementationIntercept+0x1abbcc dbkFCallWrapperAddr-0x1f13c file+0x283500 @ 0x683500 TMethodImplementationIntercept+0x1ac399 dbkFCallWrapperAddr-0x1e96f file+0x283ccd @ 0x683ccd TMethodImplementationIntercept+0x1ac4ae dbkFCallWrapperAddr-0x1e85a file+0x283de2 @ 0x683de2 TMethodImplementationIntercept+0x1b164b dbkFCallWrapperAddr-0x196bd file+0x288f7f @ 0x688f7f TMethodImplementationIntercept+0x1b184c dbkFCallWrapperAddr-0x194bc file+0x289180 @ 0x689180 __dbk_fcall_wrapper+0x6e2ae TMethodImplementationIntercept-0x58ef2 file+0x7ea42 @ 0x47ea42 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x7557788a TMethodImplementationIntercept+0x11be74 dbkFCallWrapperAddr-0xaee94 file+0x1f37a8 @ 0x5f37a8 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7566b727 registers.esp: 1636968 registers.edi: 6585040 registers.eax: 1636968 registers.ebp: 1637048 registers.edx: 0 registers.ebx: 6283009 registers.esi: 33424608 registers.ecx: 7	1
__exception__ Sept. 25, 2021, 10:44 a.m.	stacktrace: TMethodImplementationIntercept+0x16c98c dbkFCallWrapperAddr-0x5e37c file+0x2442c0 @ 0x6442c0 TMethodImplementationIntercept+0x170a3d dbkFCallWrapperAddr-0x5a2cb file+0x248371 @ 0x648371 TMethodImplementationIntercept+0x16c5b8 dbkFCallWrapperAddr-0x5e750 file+0x243eec @ 0x643eec TMethodImplementationIntercept+0x1ada80 dbkFCallWrapperAddr-0x1d288 file+0x2853b4 @ 0x6853b4 TMethodImplementationIntercept+0x1b02fd dbkFCallWrapperAddr-0x1aa0b file+0x287c31 @ 0x687c31 TMethodImplementationIntercept+0x1b07cd dbkFCallWrapperAddr-0x1a53b file+0x288101 @ 0x688101 TMethodImplementationIntercept+0x1abbcc dbkFCallWrapperAddr-0x1f13c file+0x283500 @ 0x683500 TMethodImplementationIntercept+0x1ac399 dbkFCallWrapperAddr-0x1e96f file+0x283ccd @ 0x683ccd TMethodImplementationIntercept+0x1ac4ae dbkFCallWrapperAddr-0x1e85a file+0x283de2 @ 0x683de2 TMethodImplementationIntercept+0x1b164b dbkFCallWrapperAddr-0x196bd file+0x288f7f @ 0x688f7f TMethodImplementationIntercept+0x1b184c dbkFCallWrapperAddr-0x194bc file+0x289180 @ 0x689180 __dbk_fcall_wrapper+0x6e2ae TMethodImplementationIntercept-0x58ef2 file+0x7ea42 @ 0x47ea42 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x7557788a TMethodImplementationIntercept+0x11be74 dbkFCallWrapperAddr-0xaee94 file+0x1f37a8 @ 0x5f37a8 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7566b727 registers.esp: 1636968 registers.edi: 6585040 registers.eax: 1636968 registers.ebp: 1637048 registers.edx: 0 registers.ebx: 6283009 registers.esi: 33424608 registers.ecx: 7	1
__exception__ Sept. 25, 2021, 10:45 a.m.	stacktrace: TMethodImplementationIntercept+0x16c98c dbkFCallWrapperAddr-0x5e37c file+0x2442c0 @ 0x6442c0 TMethodImplementationIntercept+0x170a3d dbkFCallWrapperAddr-0x5a2cb file+0x248371 @ 0x648371 TMethodImplementationIntercept+0x16c5b8 dbkFCallWrapperAddr-0x5e750 file+0x243eec @ 0x643eec TMethodImplementationIntercept+0x1ada80 dbkFCallWrapperAddr-0x1d288 file+0x2853b4 @ 0x6853b4 TMethodImplementationIntercept+0x1b02fd dbkFCallWrapperAddr-0x1aa0b file+0x287c31 @ 0x687c31 TMethodImplementationIntercept+0x1b07cd dbkFCallWrapperAddr-0x1a53b file+0x288101 @ 0x688101 TMethodImplementationIntercept+0x1abbcc dbkFCallWrapperAddr-0x1f13c file+0x283500 @ 0x683500 TMethodImplementationIntercept+0x1ac399 dbkFCallWrapperAddr-0x1e96f file+0x283ccd @ 0x683ccd TMethodImplementationIntercept+0x1ac4ae dbkFCallWrapperAddr-0x1e85a file+0x283de2 @ 0x683de2 TMethodImplementationIntercept+0x1b164b dbkFCallWrapperAddr-0x196bd file+0x288f7f @ 0x688f7f TMethodImplementationIntercept+0x1b184c dbkFCallWrapperAddr-0x194bc file+0x289180 @ 0x689180 __dbk_fcall_wrapper+0x6e2ae TMethodImplementationIntercept-0x58ef2 file+0x7ea42 @ 0x47ea42 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x7557788a TMethodImplementationIntercept+0x11be74 dbkFCallWrapperAddr-0xaee94 file+0x1f37a8 @ 0x5f37a8 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7566b727 registers.esp: 1636968 registers.edi: 6585040 registers.eax: 1636968 registers.ebp: 1637048 registers.edx: 0 registers.ebx: 6283009 registers.esi: 33424608 registers.ecx: 7	1
__exception__ Sept. 25, 2021, 10:45 a.m.	stacktrace: TMethodImplementationIntercept+0x16c98c dbkFCallWrapperAddr-0x5e37c file+0x2442c0 @ 0x6442c0 TMethodImplementationIntercept+0x170a3d dbkFCallWrapperAddr-0x5a2cb file+0x248371 @ 0x648371 TMethodImplementationIntercept+0x16c5b8 dbkFCallWrapperAddr-0x5e750 file+0x243eec @ 0x643eec TMethodImplementationIntercept+0x1ada80 dbkFCallWrapperAddr-0x1d288 file+0x2853b4 @ 0x6853b4 TMethodImplementationIntercept+0x1b02fd dbkFCallWrapperAddr-0x1aa0b file+0x287c31 @ 0x687c31 TMethodImplementationIntercept+0x1b07cd dbkFCallWrapperAddr-0x1a53b file+0x288101 @ 0x688101 TMethodImplementationIntercept+0x1abbcc dbkFCallWrapperAddr-0x1f13c file+0x283500 @ 0x683500 TMethodImplementationIntercept+0x1ac399 dbkFCallWrapperAddr-0x1e96f file+0x283ccd @ 0x683ccd TMethodImplementationIntercept+0x1ac4ae dbkFCallWrapperAddr-0x1e85a file+0x283de2 @ 0x683de2 TMethodImplementationIntercept+0x1b164b dbkFCallWrapperAddr-0x196bd file+0x288f7f @ 0x688f7f TMethodImplementationIntercept+0x1b184c dbkFCallWrapperAddr-0x194bc file+0x289180 @ 0x689180 __dbk_fcall_wrapper+0x6e2ae TMethodImplementationIntercept-0x58ef2 file+0x7ea42 @ 0x47ea42 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x7557788a TMethodImplementationIntercept+0x11be74 dbkFCallWrapperAddr-0xaee94 file+0x1f37a8 @ 0x5f37a8 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7566b727 registers.esp: 1636968 registers.edi: 6585040 registers.eax: 1636968 registers.ebp: 1637048 registers.edx: 0 registers.ebx: 6283009 registers.esi: 33424608 registers.ecx: 7	1
__exception__ Sept. 25, 2021, 10:45 a.m.	stacktrace: TMethodImplementationIntercept+0x16c98c dbkFCallWrapperAddr-0x5e37c file+0x2442c0 @ 0x6442c0 TMethodImplementationIntercept+0x170a3d dbkFCallWrapperAddr-0x5a2cb file+0x248371 @ 0x648371 TMethodImplementationIntercept+0x16c5b8 dbkFCallWrapperAddr-0x5e750 file+0x243eec @ 0x643eec TMethodImplementationIntercept+0x1ada80 dbkFCallWrapperAddr-0x1d288 file+0x2853b4 @ 0x6853b4 TMethodImplementationIntercept+0x1b02fd dbkFCallWrapperAddr-0x1aa0b file+0x287c31 @ 0x687c31 TMethodImplementationIntercept+0x1b07cd dbkFCallWrapperAddr-0x1a53b file+0x288101 @ 0x688101 TMethodImplementationIntercept+0x1abbcc dbkFCallWrapperAddr-0x1f13c file+0x283500 @ 0x683500 TMethodImplementationIntercept+0x1ac399 dbkFCallWrapperAddr-0x1e96f file+0x283ccd @ 0x683ccd TMethodImplementationIntercept+0x1ac4ae dbkFCallWrapperAddr-0x1e85a file+0x283de2 @ 0x683de2 TMethodImplementationIntercept+0x1b164b dbkFCallWrapperAddr-0x196bd file+0x288f7f @ 0x688f7f TMethodImplementationIntercept+0x1b184c dbkFCallWrapperAddr-0x194bc file+0x289180 @ 0x689180 __dbk_fcall_wrapper+0x6e2ae TMethodImplementationIntercept-0x58ef2 file+0x7ea42 @ 0x47ea42 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x7557788a TMethodImplementationIntercept+0x11be74 dbkFCallWrapperAddr-0xaee94 file+0x1f37a8 @ 0x5f37a8 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7566b727 registers.esp: 1636968 registers.edi: 6585040 registers.eax: 1636968 registers.ebp: 1637048 registers.edx: 0 registers.ebx: 6283009 registers.esi: 33424608 registers.ecx: 7	1
__exception__ Sept. 25, 2021, 10:45 a.m.	stacktrace: TMethodImplementationIntercept+0x16c98c dbkFCallWrapperAddr-0x5e37c file+0x2442c0 @ 0x6442c0 TMethodImplementationIntercept+0x170a3d dbkFCallWrapperAddr-0x5a2cb file+0x248371 @ 0x648371 TMethodImplementationIntercept+0x16c5b8 dbkFCallWrapperAddr-0x5e750 file+0x243eec @ 0x643eec TMethodImplementationIntercept+0x1ada80 dbkFCallWrapperAddr-0x1d288 file+0x2853b4 @ 0x6853b4 TMethodImplementationIntercept+0x1b02fd dbkFCallWrapperAddr-0x1aa0b file+0x287c31 @ 0x687c31 TMethodImplementationIntercept+0x1b07cd dbkFCallWrapperAddr-0x1a53b file+0x288101 @ 0x688101 TMethodImplementationIntercept+0x1abbcc dbkFCallWrapperAddr-0x1f13c file+0x283500 @ 0x683500 TMethodImplementationIntercept+0x1ac399 dbkFCallWrapperAddr-0x1e96f file+0x283ccd @ 0x683ccd TMethodImplementationIntercept+0x1ac4ae dbkFCallWrapperAddr-0x1e85a file+0x283de2 @ 0x683de2 TMethodImplementationIntercept+0x1b164b dbkFCallWrapperAddr-0x196bd file+0x288f7f @ 0x688f7f TMethodImplementationIntercept+0x1b184c dbkFCallWrapperAddr-0x194bc file+0x289180 @ 0x689180 __dbk_fcall_wrapper+0x6e2ae TMethodImplementationIntercept-0x58ef2 file+0x7ea42 @ 0x47ea42 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x7557788a TMethodImplementationIntercept+0x11be74 dbkFCallWrapperAddr-0xaee94 file+0x1f37a8 @ 0x5f37a8 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7566b727 registers.esp: 1636968 registers.edi: 6585040 registers.eax: 1636968 registers.ebp: 1637048 registers.edx: 0 registers.ebx: 6283009 registers.esi: 33424608 registers.ecx: 7	1
__exception__ Sept. 25, 2021, 10:45 a.m.	stacktrace: TMethodImplementationIntercept+0x16c98c dbkFCallWrapperAddr-0x5e37c file+0x2442c0 @ 0x6442c0 TMethodImplementationIntercept+0x170a3d dbkFCallWrapperAddr-0x5a2cb file+0x248371 @ 0x648371 TMethodImplementationIntercept+0x16c5b8 dbkFCallWrapperAddr-0x5e750 file+0x243eec @ 0x643eec TMethodImplementationIntercept+0x1ada80 dbkFCallWrapperAddr-0x1d288 file+0x2853b4 @ 0x6853b4 TMethodImplementationIntercept+0x1b02fd dbkFCallWrapperAddr-0x1aa0b file+0x287c31 @ 0x687c31 TMethodImplementationIntercept+0x1b07cd dbkFCallWrapperAddr-0x1a53b file+0x288101 @ 0x688101 TMethodImplementationIntercept+0x1abbcc dbkFCallWrapperAddr-0x1f13c file+0x283500 @ 0x683500 TMethodImplementationIntercept+0x1ac399 dbkFCallWrapperAddr-0x1e96f file+0x283ccd @ 0x683ccd TMethodImplementationIntercept+0x1ac4ae dbkFCallWrapperAddr-0x1e85a file+0x283de2 @ 0x683de2 TMethodImplementationIntercept+0x1b164b dbkFCallWrapperAddr-0x196bd file+0x288f7f @ 0x688f7f TMethodImplementationIntercept+0x1b184c dbkFCallWrapperAddr-0x194bc file+0x289180 @ 0x689180 __dbk_fcall_wrapper+0x6e2ae TMethodImplementationIntercept-0x58ef2 file+0x7ea42 @ 0x47ea42 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x7557788a TMethodImplementationIntercept+0x11be74 dbkFCallWrapperAddr-0xaee94 file+0x1f37a8 @ 0x5f37a8 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7566b727 registers.esp: 1636968 registers.edi: 6585040 registers.eax: 1636968 registers.ebp: 1637048 registers.edx: 0 registers.ebx: 6283009 registers.esi: 33424608 registers.ecx: 7	1
__exception__ Sept. 25, 2021, 10:45 a.m.	stacktrace: TMethodImplementationIntercept+0x16c98c dbkFCallWrapperAddr-0x5e37c file+0x2442c0 @ 0x6442c0 TMethodImplementationIntercept+0x170a3d dbkFCallWrapperAddr-0x5a2cb file+0x248371 @ 0x648371 TMethodImplementationIntercept+0x16c5b8 dbkFCallWrapperAddr-0x5e750 file+0x243eec @ 0x643eec TMethodImplementationIntercept+0x1ada80 dbkFCallWrapperAddr-0x1d288 file+0x2853b4 @ 0x6853b4 TMethodImplementationIntercept+0x1b02fd dbkFCallWrapperAddr-0x1aa0b file+0x287c31 @ 0x687c31 TMethodImplementationIntercept+0x1b07cd dbkFCallWrapperAddr-0x1a53b file+0x288101 @ 0x688101 TMethodImplementationIntercept+0x1abbcc dbkFCallWrapperAddr-0x1f13c file+0x283500 @ 0x683500 TMethodImplementationIntercept+0x1ac399 dbkFCallWrapperAddr-0x1e96f file+0x283ccd @ 0x683ccd TMethodImplementationIntercept+0x1ac4ae dbkFCallWrapperAddr-0x1e85a file+0x283de2 @ 0x683de2 TMethodImplementationIntercept+0x1b164b dbkFCallWrapperAddr-0x196bd file+0x288f7f @ 0x688f7f TMethodImplementationIntercept+0x1b184c dbkFCallWrapperAddr-0x194bc file+0x289180 @ 0x689180 __dbk_fcall_wrapper+0x6e2ae TMethodImplementationIntercept-0x58ef2 file+0x7ea42 @ 0x47ea42 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x7557788a TMethodImplementationIntercept+0x11be74 dbkFCallWrapperAddr-0xaee94 file+0x1f37a8 @ 0x5f37a8 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7566b727 registers.esp: 1636968 registers.edi: 6585040 registers.eax: 1636968 registers.ebp: 1637048 registers.edx: 0 registers.ebx: 6283009 registers.esi: 33424608 registers.ecx: 7	1
__exception__ Sept. 25, 2021, 10:45 a.m.	stacktrace: TMethodImplementationIntercept+0x16c98c dbkFCallWrapperAddr-0x5e37c file+0x2442c0 @ 0x6442c0 TMethodImplementationIntercept+0x170a3d dbkFCallWrapperAddr-0x5a2cb file+0x248371 @ 0x648371 TMethodImplementationIntercept+0x16c5b8 dbkFCallWrapperAddr-0x5e750 file+0x243eec @ 0x643eec TMethodImplementationIntercept+0x1ada80 dbkFCallWrapperAddr-0x1d288 file+0x2853b4 @ 0x6853b4 TMethodImplementationIntercept+0x1b02fd dbkFCallWrapperAddr-0x1aa0b file+0x287c31 @ 0x687c31 TMethodImplementationIntercept+0x1b07cd dbkFCallWrapperAddr-0x1a53b file+0x288101 @ 0x688101 TMethodImplementationIntercept+0x1abbcc dbkFCallWrapperAddr-0x1f13c file+0x283500 @ 0x683500 TMethodImplementationIntercept+0x1ac399 dbkFCallWrapperAddr-0x1e96f file+0x283ccd @ 0x683ccd TMethodImplementationIntercept+0x1ac4ae dbkFCallWrapperAddr-0x1e85a file+0x283de2 @ 0x683de2 TMethodImplementationIntercept+0x1b164b dbkFCallWrapperAddr-0x196bd file+0x288f7f @ 0x688f7f TMethodImplementationIntercept+0x1b184c dbkFCallWrapperAddr-0x194bc file+0x289180 @ 0x689180 __dbk_fcall_wrapper+0x6e2ae TMethodImplementationIntercept-0x58ef2 file+0x7ea42 @ 0x47ea42 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x7557788a TMethodImplementationIntercept+0x11be74 dbkFCallWrapperAddr-0xaee94 file+0x1f37a8 @ 0x5f37a8 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7566b727 registers.esp: 1636968 registers.edi: 6585040 registers.eax: 1636968 registers.ebp: 1637048 registers.edx: 0 registers.ebx: 6283009 registers.esi: 33424608 registers.ecx: 7	1
__exception__ Sept. 25, 2021, 10:45 a.m.	stacktrace: TMethodImplementationIntercept+0x16c98c dbkFCallWrapperAddr-0x5e37c file+0x2442c0 @ 0x6442c0 TMethodImplementationIntercept+0x170a3d dbkFCallWrapperAddr-0x5a2cb file+0x248371 @ 0x648371 TMethodImplementationIntercept+0x16c5b8 dbkFCallWrapperAddr-0x5e750 file+0x243eec @ 0x643eec TMethodImplementationIntercept+0x1ada80 dbkFCallWrapperAddr-0x1d288 file+0x2853b4 @ 0x6853b4 TMethodImplementationIntercept+0x1b02fd dbkFCallWrapperAddr-0x1aa0b file+0x287c31 @ 0x687c31 TMethodImplementationIntercept+0x1b07cd dbkFCallWrapperAddr-0x1a53b file+0x288101 @ 0x688101 TMethodImplementationIntercept+0x1abbcc dbkFCallWrapperAddr-0x1f13c file+0x283500 @ 0x683500 TMethodImplementationIntercept+0x1ac399 dbkFCallWrapperAddr-0x1e96f file+0x283ccd @ 0x683ccd TMethodImplementationIntercept+0x1ac4ae dbkFCallWrapperAddr-0x1e85a file+0x283de2 @ 0x683de2 TMethodImplementationIntercept+0x1b164b dbkFCallWrapperAddr-0x196bd file+0x288f7f @ 0x688f7f TMethodImplementationIntercept+0x1b184c dbkFCallWrapperAddr-0x194bc file+0x289180 @ 0x689180 __dbk_fcall_wrapper+0x6e2ae TMethodImplementationIntercept-0x58ef2 file+0x7ea42 @ 0x47ea42 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x7557788a TMethodImplementationIntercept+0x11be74 dbkFCallWrapperAddr-0xaee94 file+0x1f37a8 @ 0x5f37a8 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7566b727 registers.esp: 1636968 registers.edi: 6585040 registers.eax: 1636968 registers.ebp: 1637048 registers.edx: 0 registers.ebx: 6283009 registers.esi: 33424608 registers.ecx: 7	1
__exception__ Sept. 25, 2021, 10:45 a.m.	stacktrace: TMethodImplementationIntercept+0x16c98c dbkFCallWrapperAddr-0x5e37c file+0x2442c0 @ 0x6442c0 TMethodImplementationIntercept+0x170a3d dbkFCallWrapperAddr-0x5a2cb file+0x248371 @ 0x648371 TMethodImplementationIntercept+0x16c5b8 dbkFCallWrapperAddr-0x5e750 file+0x243eec @ 0x643eec TMethodImplementationIntercept+0x1ada80 dbkFCallWrapperAddr-0x1d288 file+0x2853b4 @ 0x6853b4 TMethodImplementationIntercept+0x1b02fd dbkFCallWrapperAddr-0x1aa0b file+0x287c31 @ 0x687c31 TMethodImplementationIntercept+0x1b07cd dbkFCallWrapperAddr-0x1a53b file+0x288101 @ 0x688101 TMethodImplementationIntercept+0x1abbcc dbkFCallWrapperAddr-0x1f13c file+0x283500 @ 0x683500 TMethodImplementationIntercept+0x1ac399 dbkFCallWrapperAddr-0x1e96f file+0x283ccd @ 0x683ccd TMethodImplementationIntercept+0x1ac4ae dbkFCallWrapperAddr-0x1e85a file+0x283de2 @ 0x683de2 TMethodImplementationIntercept+0x1b164b dbkFCallWrapperAddr-0x196bd file+0x288f7f @ 0x688f7f TMethodImplementationIntercept+0x1b184c dbkFCallWrapperAddr-0x194bc file+0x289180 @ 0x689180 __dbk_fcall_wrapper+0x6e2ae TMethodImplementationIntercept-0x58ef2 file+0x7ea42 @ 0x47ea42 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x7557788a TMethodImplementationIntercept+0x11be74 dbkFCallWrapperAddr-0xaee94 file+0x1f37a8 @ 0x5f37a8 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7566b727 registers.esp: 1636968 registers.edi: 6585040 registers.eax: 1636968 registers.ebp: 1637048 registers.edx: 0 registers.ebx: 6283009 registers.esi: 33424608 registers.ecx: 7	1
__exception__ Sept. 25, 2021, 10:45 a.m.	stacktrace: TMethodImplementationIntercept+0x16c98c dbkFCallWrapperAddr-0x5e37c file+0x2442c0 @ 0x6442c0 TMethodImplementationIntercept+0x170a3d dbkFCallWrapperAddr-0x5a2cb file+0x248371 @ 0x648371 TMethodImplementationIntercept+0x16c5b8 dbkFCallWrapperAddr-0x5e750 file+0x243eec @ 0x643eec TMethodImplementationIntercept+0x1ada80 dbkFCallWrapperAddr-0x1d288 file+0x2853b4 @ 0x6853b4 TMethodImplementationIntercept+0x1b02fd dbkFCallWrapperAddr-0x1aa0b file+0x287c31 @ 0x687c31 TMethodImplementationIntercept+0x1b07cd dbkFCallWrapperAddr-0x1a53b file+0x288101 @ 0x688101 TMethodImplementationIntercept+0x1abbcc dbkFCallWrapperAddr-0x1f13c file+0x283500 @ 0x683500 TMethodImplementationIntercept+0x1ac399 dbkFCallWrapperAddr-0x1e96f file+0x283ccd @ 0x683ccd TMethodImplementationIntercept+0x1ac4ae dbkFCallWrapperAddr-0x1e85a file+0x283de2 @ 0x683de2 TMethodImplementationIntercept+0x1b164b dbkFCallWrapperAddr-0x196bd file+0x288f7f @ 0x688f7f TMethodImplementationIntercept+0x1b184c dbkFCallWrapperAddr-0x194bc file+0x289180 @ 0x689180 __dbk_fcall_wrapper+0x6e2ae TMethodImplementationIntercept-0x58ef2 file+0x7ea42 @ 0x47ea42 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x7557788a TMethodImplementationIntercept+0x11be74 dbkFCallWrapperAddr-0xaee94 file+0x1f37a8 @ 0x5f37a8 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7566b727 registers.esp: 1636968 registers.edi: 6585040 registers.eax: 1636968 registers.ebp: 1637048 registers.edx: 0 registers.ebx: 6283009 registers.esi: 33424608 registers.ecx: 7	1
__exception__ Sept. 25, 2021, 10:45 a.m.	stacktrace: TMethodImplementationIntercept+0x16c98c dbkFCallWrapperAddr-0x5e37c file+0x2442c0 @ 0x6442c0 TMethodImplementationIntercept+0x170a3d dbkFCallWrapperAddr-0x5a2cb file+0x248371 @ 0x648371 TMethodImplementationIntercept+0x16c5b8 dbkFCallWrapperAddr-0x5e750 file+0x243eec @ 0x643eec TMethodImplementationIntercept+0x1ada80 dbkFCallWrapperAddr-0x1d288 file+0x2853b4 @ 0x6853b4 TMethodImplementationIntercept+0x1b02fd dbkFCallWrapperAddr-0x1aa0b file+0x287c31 @ 0x687c31 TMethodImplementationIntercept+0x1b07cd dbkFCallWrapperAddr-0x1a53b file+0x288101 @ 0x688101 TMethodImplementationIntercept+0x1abbcc dbkFCallWrapperAddr-0x1f13c file+0x283500 @ 0x683500 TMethodImplementationIntercept+0x1ac399 dbkFCallWrapperAddr-0x1e96f file+0x283ccd @ 0x683ccd TMethodImplementationIntercept+0x1ac4ae dbkFCallWrapperAddr-0x1e85a file+0x283de2 @ 0x683de2 TMethodImplementationIntercept+0x1b164b dbkFCallWrapperAddr-0x196bd file+0x288f7f @ 0x688f7f TMethodImplementationIntercept+0x1b184c dbkFCallWrapperAddr-0x194bc file+0x289180 @ 0x689180 __dbk_fcall_wrapper+0x6e2ae TMethodImplementationIntercept-0x58ef2 file+0x7ea42 @ 0x47ea42 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x7557788a TMethodImplementationIntercept+0x11be74 dbkFCallWrapperAddr-0xaee94 file+0x1f37a8 @ 0x5f37a8 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7566b727 registers.esp: 1636968 registers.edi: 6585040 registers.eax: 1636968 registers.ebp: 1637048 registers.edx: 0 registers.ebx: 6283009 registers.esi: 33424608 registers.ecx: 7	1
__exception__ Sept. 25, 2021, 10:45 a.m.	stacktrace: TMethodImplementationIntercept+0x16c98c dbkFCallWrapperAddr-0x5e37c file+0x2442c0 @ 0x6442c0 TMethodImplementationIntercept+0x170a3d dbkFCallWrapperAddr-0x5a2cb file+0x248371 @ 0x648371 TMethodImplementationIntercept+0x16c5b8 dbkFCallWrapperAddr-0x5e750 file+0x243eec @ 0x643eec TMethodImplementationIntercept+0x1ada80 dbkFCallWrapperAddr-0x1d288 file+0x2853b4 @ 0x6853b4 TMethodImplementationIntercept+0x1b02fd dbkFCallWrapperAddr-0x1aa0b file+0x287c31 @ 0x687c31 TMethodImplementationIntercept+0x1b07cd dbkFCallWrapperAddr-0x1a53b file+0x288101 @ 0x688101 TMethodImplementationIntercept+0x1abbcc dbkFCallWrapperAddr-0x1f13c file+0x283500 @ 0x683500 TMethodImplementationIntercept+0x1ac399 dbkFCallWrapperAddr-0x1e96f file+0x283ccd @ 0x683ccd TMethodImplementationIntercept+0x1ac4ae dbkFCallWrapperAddr-0x1e85a file+0x283de2 @ 0x683de2 TMethodImplementationIntercept+0x1b164b dbkFCallWrapperAddr-0x196bd file+0x288f7f @ 0x688f7f TMethodImplementationIntercept+0x1b184c dbkFCallWrapperAddr-0x194bc file+0x289180 @ 0x689180 __dbk_fcall_wrapper+0x6e2ae TMethodImplementationIntercept-0x58ef2 file+0x7ea42 @ 0x47ea42 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x7557788a TMethodImplementationIntercept+0x11be74 dbkFCallWrapperAddr-0xaee94 file+0x1f37a8 @ 0x5f37a8 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7566b727 registers.esp: 1636968 registers.edi: 6585040 registers.eax: 1636968 registers.ebp: 1637048 registers.edx: 0 registers.ebx: 6283009 registers.esi: 33424608 registers.ecx: 7	1
__exception__ Sept. 25, 2021, 10:46 a.m.	stacktrace: TMethodImplementationIntercept+0x16c98c dbkFCallWrapperAddr-0x5e37c file+0x2442c0 @ 0x6442c0 TMethodImplementationIntercept+0x170a3d dbkFCallWrapperAddr-0x5a2cb file+0x248371 @ 0x648371 TMethodImplementationIntercept+0x16c5b8 dbkFCallWrapperAddr-0x5e750 file+0x243eec @ 0x643eec TMethodImplementationIntercept+0x1ada80 dbkFCallWrapperAddr-0x1d288 file+0x2853b4 @ 0x6853b4 TMethodImplementationIntercept+0x1b02fd dbkFCallWrapperAddr-0x1aa0b file+0x287c31 @ 0x687c31 TMethodImplementationIntercept+0x1b07cd dbkFCallWrapperAddr-0x1a53b file+0x288101 @ 0x688101 TMethodImplementationIntercept+0x1abbcc dbkFCallWrapperAddr-0x1f13c file+0x283500 @ 0x683500 TMethodImplementationIntercept+0x1ac399 dbkFCallWrapperAddr-0x1e96f file+0x283ccd @ 0x683ccd TMethodImplementationIntercept+0x1ac4ae dbkFCallWrapperAddr-0x1e85a file+0x283de2 @ 0x683de2 TMethodImplementationIntercept+0x1b164b dbkFCallWrapperAddr-0x196bd file+0x288f7f @ 0x688f7f TMethodImplementationIntercept+0x1b184c dbkFCallWrapperAddr-0x194bc file+0x289180 @ 0x689180 __dbk_fcall_wrapper+0x6e2ae TMethodImplementationIntercept-0x58ef2 file+0x7ea42 @ 0x47ea42 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x7557788a TMethodImplementationIntercept+0x11be74 dbkFCallWrapperAddr-0xaee94 file+0x1f37a8 @ 0x5f37a8 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7566b727 registers.esp: 1636968 registers.edi: 6585040 registers.eax: 1636968 registers.ebp: 1637048 registers.edx: 0 registers.ebx: 6283009 registers.esi: 33424608 registers.ecx: 7	1
__exception__ Sept. 25, 2021, 10:46 a.m.	stacktrace: TMethodImplementationIntercept+0x16c98c dbkFCallWrapperAddr-0x5e37c file+0x2442c0 @ 0x6442c0 TMethodImplementationIntercept+0x170a3d dbkFCallWrapperAddr-0x5a2cb file+0x248371 @ 0x648371 TMethodImplementationIntercept+0x16c5b8 dbkFCallWrapperAddr-0x5e750 file+0x243eec @ 0x643eec TMethodImplementationIntercept+0x1ada80 dbkFCallWrapperAddr-0x1d288 file+0x2853b4 @ 0x6853b4 TMethodImplementationIntercept+0x1b02fd dbkFCallWrapperAddr-0x1aa0b file+0x287c31 @ 0x687c31 TMethodImplementationIntercept+0x1b07cd dbkFCallWrapperAddr-0x1a53b file+0x288101 @ 0x688101 TMethodImplementationIntercept+0x1abbcc dbkFCallWrapperAddr-0x1f13c file+0x283500 @ 0x683500 TMethodImplementationIntercept+0x1ac399 dbkFCallWrapperAddr-0x1e96f file+0x283ccd @ 0x683ccd TMethodImplementationIntercept+0x1ac4ae dbkFCallWrapperAddr-0x1e85a file+0x283de2 @ 0x683de2 TMethodImplementationIntercept+0x1b164b dbkFCallWrapperAddr-0x196bd file+0x288f7f @ 0x688f7f TMethodImplementationIntercept+0x1b184c dbkFCallWrapperAddr-0x194bc file+0x289180 @ 0x689180 __dbk_fcall_wrapper+0x6e2ae TMethodImplementationIntercept-0x58ef2 file+0x7ea42 @ 0x47ea42 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x7557788a TMethodImplementationIntercept+0x11be74 dbkFCallWrapperAddr-0xaee94 file+0x1f37a8 @ 0x5f37a8 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7566b727 registers.esp: 1636968 registers.edi: 6585040 registers.eax: 1636968 registers.ebp: 1637048 registers.edx: 0 registers.ebx: 6283009 registers.esi: 33424608 registers.ecx: 7	1

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 event)

suspicious_features

POST method with no referer header, HTTP version 1.0 used

suspicious_request

POST http://dnsresolver-005.top/

Performs some HTTP requests (1 event)

request

POST http://dnsresolver-005.top/

Sends data using the HTTP POST Method (1 event)

request

POST http://dnsresolver-005.top/

Resolves a suspicious Top Level Domain (TLD) (1 event)

domain

dnsresolver-005.top

description

Generic top level domain TLD

Allocates read-write-execute memory (usually to unpack itself) (2 events)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 25, 2021, 10:44 a.m.	process_identifier: 1944 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73762000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Sept. 25, 2021, 10:44 a.m.	process_identifier: 1944 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00730000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

Creates a suspicious process (1 event)

cmdline

C:\Windows\System32\cmd.exe

A process created a hidden window (1 event)

Time & API	Arguments	Status	Return	Repeated
CreateProcessInternalW Sept. 25, 2021, 10:44 a.m.	thread_identifier: 1636 thread_handle: 0x000001e0 process_identifier: 1628 current_directory: filepath: C:\Windows\System32\cmd.exe track: 1 command_line: filepath_r: C:\Windows\system32\cmd.exe stack_pivoted: 0 creation_flags: 134217728 (CREATE_NO_WINDOW) inherit_handles: 4294967295 process_handle: 0x000001e4	1	1	0

File has been identified by 4 AntiVirus engines on VirusTotal as malicious (4 events)

FireEye	Generic.mg.cb2519c7618babe9
APEX	Malicious
BitDefenderTheta	Gen:NN.ZelphiF.34170.9U0@a8aW0nbi
MaxSecure	Trojan.Malware.300983.susgen

file.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All