popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

zxcv.EXE

Raccoon Stealer Generic Malware UPX HTTP PWS ScreenShot KeyLogger Internet API DNS Http API Steal credential Socket PE File DLL OS Processor Check PE32 AntiVM AntiDebug
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Nov. 4, 2021, 3:23 p.m. Nov. 4, 2021, 3:31 p.m.
Size 1.3MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 1d4043e95026d07137c5ea2205fcb854
SHA256 e688db3d0be7a10fa8ddd79918265cac9ef0949d7d07072f82aff9ae43d6fadb
CRC32 1019EC28
ssdeep 24576:L0ODLGuA/+jaeVPLoaMugPehxqFuNQwU0K+1In9Fk5sFodXdxg:LnDLGuA/+jRpL8iIqQ8KoI9GHNS
Yara
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • Raccoon_Stealer_1_Zero - Raccoon Stealer
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
telegraf.top
colonna.ac.ug
A 185.215.113.77
185.215.113.77
t.me
A 149.154.167.99
149.154.167.99
toptelete.top
telegalive.top
colonna.ug
A 185.215.113.77
185.215.113.77
IP Address Status Action
149.154.167.99 Active Moloch
164.124.101.2 Active Moloch
185.215.113.77 Active Moloch
50.220.121.209 Active Moloch

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.103:60880 -> 164.124.101.2:53 2023883 ET DNS Query to a *.top domain - Likely Hostile Potentially Bad Traffic
TCP 185.215.113.77:80 -> 192.168.56.103:49171 2400024 ET DROP Spamhaus DROP Listed Traffic Inbound group 25 Misc Attack
TCP 185.215.113.77:80 -> 192.168.56.103:49171 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 185.215.113.77:80 -> 192.168.56.103:49172 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 185.215.113.77:80 -> 192.168.56.103:49170 2029138 ET MALWARE AZORult v3.3 Server Response M3 Malware Command and Control Activity Detected
UDP 192.168.56.103:53064 -> 164.124.101.2:53 2023883 ET DNS Query to a *.top domain - Likely Hostile Potentially Bad Traffic
TCP 149.154.167.99:443 -> 192.168.56.103:49178 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 149.154.167.99:443 -> 192.168.56.103:49182 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49181 -> 149.154.167.99:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49175 -> 149.154.167.99:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49179 -> 149.154.167.99:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 149.154.167.99:443 -> 192.168.56.103:49184 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 149.154.167.99:443 -> 192.168.56.103:49176 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 149.154.167.99:443 -> 192.168.56.103:49180 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49183 -> 149.154.167.99:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49177 -> 149.154.167.99:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49185 -> 149.154.167.99:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 149.154.167.99:443 -> 192.168.56.103:49186 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x196d
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6509
exception.address: 0x40196d
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x196e
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6510
exception.address: 0x40196e
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x196f
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6511
exception.address: 0x40196f
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x1970
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6512
exception.address: 0x401970
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x1971
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6513
exception.address: 0x401971
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x1972
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6514
exception.address: 0x401972
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x1973
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6515
exception.address: 0x401973
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x1974
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6516
exception.address: 0x401974
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x1975
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6517
exception.address: 0x401975
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x1976
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6518
exception.address: 0x401976
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x1977
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6519
exception.address: 0x401977
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x1978
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6520
exception.address: 0x401978
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x1979
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6521
exception.address: 0x401979
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x197a
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6522
exception.address: 0x40197a
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x197b
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6523
exception.address: 0x40197b
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x197c
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6524
exception.address: 0x40197c
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x197d
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6525
exception.address: 0x40197d
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x197e
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6526
exception.address: 0x40197e
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x197f
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6527
exception.address: 0x40197f
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x1980
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6528
exception.address: 0x401980
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x1981
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6529
exception.address: 0x401981
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x1982
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6530
exception.address: 0x401982
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x1983
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6531
exception.address: 0x401983
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x1984
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6532
exception.address: 0x401984
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x1985
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6533
exception.address: 0x401985
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x1986
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6534
exception.address: 0x401986
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x1987
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6535
exception.address: 0x401987
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x1988
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6536
exception.address: 0x401988
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x1989
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6537
exception.address: 0x401989
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x198a
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6538
exception.address: 0x40198a
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x198b
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6539
exception.address: 0x40198b
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x198c
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6540
exception.address: 0x40198c
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x198d
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6541
exception.address: 0x40198d
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x198e
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6542
exception.address: 0x40198e
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x198f
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6543
exception.address: 0x40198f
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x1990
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6544
exception.address: 0x401990
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x1991
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6545
exception.address: 0x401991
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x1992
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6546
exception.address: 0x401992
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x1993
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6547
exception.address: 0x401993
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x1994
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6548
exception.address: 0x401994
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x1995
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6549
exception.address: 0x401995
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
exception.symbol: zxcv+0x1996
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6550
exception.address: 0x401996
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ec
exception.symbol: zxcv+0x1997
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6551
exception.address: 0x401997
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ec 00
exception.symbol: zxcv+0x1998
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6552
exception.address: 0x401998
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 ec 00 00
exception.symbol: zxcv+0x1999
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6553
exception.address: 0x401999
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 ec 00 00 00
exception.symbol: zxcv+0x199a
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6554
exception.address: 0x40199a
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 ec 00 00 00 00
exception.symbol: zxcv+0x199b
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6555
exception.address: 0x40199b
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 ec 00 00 00 00 00
exception.symbol: zxcv+0x199c
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6556
exception.address: 0x40199c
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 00 ec 00 00 00 00 00 00
exception.symbol: zxcv+0x199d
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6557
exception.address: 0x40199d
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
zxcv+0x13d002 @ 0x53d002
EbLoadRunTime+0x1166 DllFunctionCall-0xb5 msvbvm60+0xa048 @ 0x7294a048
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
zxcv+0x24ca @ 0x4024ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 00 00 00 00 00 00 00 00 ec 00 00 00 00 00 00 00
exception.symbol: zxcv+0x199e
exception.instruction: add byte ptr [eax], al
exception.module: zxcv.EXE
exception.exception_code: 0xc0000005
exception.offset: 6558
exception.address: 0x40199e
registers.esp: 1637332
registers.edi: 5398666
registers.eax: 0
registers.ebp: 1637412
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 1923210905
registers.ecx: 0
1 0 0
suspicious_features POST method with no referer header suspicious_request POST http://colonna.ug/index.php
suspicious_features POST method with no referer header, POST method with no useragent header suspicious_request POST http://colonna.ac.ug/softokn3.dll
suspicious_features POST method with no referer header, POST method with no useragent header suspicious_request POST http://colonna.ac.ug/sqlite3.dll
request POST http://colonna.ug/index.php
request POST http://colonna.ac.ug/softokn3.dll
request POST http://colonna.ac.ug/sqlite3.dll
request POST http://colonna.ug/index.php
request POST http://colonna.ac.ug/softokn3.dll
request POST http://colonna.ac.ug/sqlite3.dll
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2416
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01eb0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x772cf000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2416
region_size: 28672
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02d20000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2496
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00790000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2496
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x772cf000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2496
region_size: 28672
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x007e0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2532
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00580000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2532
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x772cf000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2532
region_size: 28672
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00590000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2580
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003c0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2580
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x772cf000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2680
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00330000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x772cf000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2728
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00340000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2728
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x772cf000
process_handle: 0xffffffff
1 0 0
description zxcv.EXE tried to sleep 176 seconds, actually delayed analysis time by 176 seconds
file C:\Users\test22\AppData\Local\Temp\cdvcxsdme.exe
file C:\Users\test22\AppData\Local\Temp\vbndfgame.exe
file C:\ProgramData\softokn3.dll
file C:\Users\test22\AppData\Local\Temp\cdvcxsdme.exe
file C:\Users\test22\AppData\Local\Temp\vbndfgame.exe
file C:\Users\test22\AppData\Local\Temp\cdvcxsdme.exe
file C:\Users\test22\AppData\Local\Temp\vbndfgame.exe
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 24576
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x01e80000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

InternetReadFile

 buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $¢l$æ JOæ JOæ JOïuÙOê JO?oKNä JO?oINä JO?oONì JO?oNNí JOÄmKNä JO-nKNå JOæ KO~ JO-nNNò JO-nJNç JO-nµOç JO-nHNç JORichæ JOPEL¿bë[à"!  ¶b—¼ÐP ±@¨¸È0xÐ@`ÐþT(ÿ@Ðl.textË´¶ `.rdata DÐFº@@.data @À.rsrcx0@@.reloc`@@B
request_handle: 0x00cc000c
1 1 0

InternetReadFile

 buffer: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELê˜=Sv? à! ÐàXà` 8à  °˜ÐL ü'ð¬Ñp.textÀÎÐ`0`.data°àÖ@@À.rdata$­ð®æ@@@.bss˜ €@À.edata˜°”@0@.idataL Ð ®@0À.CRTàº@0À.tls ð¼@0À.relocü'(¾@0B/4`0æ@@B/19È@è@B/35MPì@B/51`C`Dô@B/63„ °8@B/77” À F@B/89ÐR
request_handle: 0x00cc000c
1 1 0
section {u'size_of_data': u'0x00140000', u'virtual_address': u'0x00001000', u'entropy': 7.847109485523328, u'name': u'.text', u'virtual_size': u'0x0013f7b4'} entropy 7.84710948552 description A section with a high entropy has been found
entropy 0.993788819876 description Overall entropy of this PE file is high
url http://ip-api.com/json
url https://dotbit.me/a/
description Steal credential rule local_credential_Steal
description Take ScreenShot rule ScreenShot
description Match Windows Http API call rule Str_Win32_Http_API
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
description Communications over RAW Socket rule Network_TCP_Socket
description Communications use DNS rule Network_DNS
description Match Windows Inet API call rule Str_Win32_Internet_API
description Win32 PWS Loki rule Win32_PWS_Loki_Zero
description Communications over HTTP rule Network_HTTP
description Run a KeyLogger rule KeyLogger
description Take ScreenShot rule ScreenShot
description Match Windows Http API call rule Str_Win32_Http_API
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
buffer Buffer with sha1: 6354620d45425ec1c1bd6741ba7bf2791581c68b
buffer Buffer with sha1: 71d0fa6eb285c1f4018fef88baae5578c9a2a230
buffer Buffer with sha1: 37f77bf8df6b5d42534abb0845cccd2d1d243ecb
host 50.220.121.209
process cdvcxsdme.exe useragent Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
process vbndfgame.exe useragent
Process injection Process 2416 called NtSetContextThread to modify thread in remote process 2580
Process injection Process 2496 called NtSetContextThread to modify thread in remote process 2680
Process injection Process 2532 called NtSetContextThread to modify thread in remote process 2728
Time & API Arguments Status Return Repeated

NtSetContextThread

 registers.eip: 4788224
registers.esp: 1638384
registers.edi: 0
registers.eax: 4450750
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 1999372740
thread_handle: 0x00000230
process_identifier: 2580
1 0 0

NtSetContextThread

 registers.eip: 4325376
registers.esp: 1638384
registers.edi: 0
registers.eax: 4302468
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 1999372740
thread_handle: 0x00000114
process_identifier: 2680
1 0 0

NtSetContextThread

 registers.eip: 4407296
registers.esp: 1638384
registers.edi: 0
registers.eax: 4291211
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 1999372740
thread_handle: 0x00000114
process_identifier: 2728
1 0 0
Process injection Process 2416 resumed a thread in remote process 2580
Process injection Process 2496 resumed a thread in remote process 2680
Process injection Process 2532 resumed a thread in remote process 2728
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x00000230
suspend_count: 1
process_identifier: 2580
1 0 0

NtResumeThread

 thread_handle: 0x00000114
suspend_count: 1
process_identifier: 2680
1 0 0

NtResumeThread

 thread_handle: 0x00000114
suspend_count: 1
process_identifier: 2728
1 0 0
Time & API Arguments Status Return Repeated

__anomaly__

 tid: 2836
message: Encountered 65537 exceptions, quitting.
subcategory: exception
function_name:
1 0 0
Time & API Arguments Status Return Repeated

CreateProcessInternalW

 thread_identifier: 2500
thread_handle: 0x000002a4
process_identifier: 2496
current_directory: C:\Users\test22\AppData\Local\Temp
filepath: C:\Users\test22\AppData\Local\Temp\cdvcxsdme.exe
track: 1
command_line: "C:\Users\test22\AppData\Local\Temp\cdvcxsdme.exe"
filepath_r: C:\Users\test22\AppData\Local\Temp\cdvcxsdme.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x000002ac
1 1 0

CreateProcessInternalW

 thread_identifier: 2536
thread_handle: 0x000002a4
process_identifier: 2532
current_directory: C:\Users\test22\AppData\Local\Temp
filepath: C:\Users\test22\AppData\Local\Temp\vbndfgame.exe
track: 1
command_line: "C:\Users\test22\AppData\Local\Temp\vbndfgame.exe"
filepath_r: C:\Users\test22\AppData\Local\Temp\vbndfgame.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x00000298
1 1 0

CreateProcessInternalW

 thread_identifier: 2584
thread_handle: 0x00000230
process_identifier: 2580
current_directory:
filepath: C:\Users\test22\AppData\Local\Temp\zxcv.EXE
track: 1
command_line:
filepath_r: C:\Users\test22\AppData\Local\Temp\zxcv.EXE
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
inherit_handles: 0
process_handle: 0x0000022c
1 1 0

NtGetContextThread

 thread_handle: 0x00000230
1 0 0

NtUnmapViewOfSection

 base_address: 0x00400000
region_size: 4096
process_identifier: 2580
process_handle: 0x0000022c
1 0 0

NtMapViewOfSection

 section_handle: 0x000001f8
process_identifier: 2580
commit_size: 0
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
base_address: 0x00400000
allocation_type: 0 ()
section_offset: 0
view_size: 610304
process_handle: 0x0000022c
1 0 0

NtSetContextThread

 registers.eip: 4788224
registers.esp: 1638384
registers.edi: 0
registers.eax: 4450750
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 1999372740
thread_handle: 0x00000230
process_identifier: 2580
1 0 0

NtResumeThread

 thread_handle: 0x00000230
suspend_count: 1
process_identifier: 2580
1 0 0

CreateProcessInternalW

 thread_identifier: 2684
thread_handle: 0x00000114
process_identifier: 2680
current_directory:
filepath: C:\Users\test22\AppData\Local\Temp\cdvcxsdme.exe
track: 1
command_line:
filepath_r: C:\Users\test22\AppData\Local\Temp\cdvcxsdme.exe
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
inherit_handles: 0
process_handle: 0x0000011c
1 1 0

NtGetContextThread

 thread_handle: 0x00000114
1 0 0

NtUnmapViewOfSection

 base_address: 0x00400000
region_size: 4096
process_identifier: 2680
process_handle: 0x0000011c
1 0 0

NtMapViewOfSection

 section_handle: 0x000000e0
process_identifier: 2680
commit_size: 0
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
base_address: 0x00400000
allocation_type: 0 ()
section_offset: 0
view_size: 147456
process_handle: 0x0000011c
1 0 0

NtSetContextThread

 registers.eip: 4325376
registers.esp: 1638384
registers.edi: 0
registers.eax: 4302468
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 1999372740
thread_handle: 0x00000114
process_identifier: 2680
1 0 0

NtResumeThread

 thread_handle: 0x00000114
suspend_count: 1
process_identifier: 2680
1 0 0

CreateProcessInternalW

 thread_identifier: 2732
thread_handle: 0x00000114
process_identifier: 2728
current_directory:
filepath: C:\Users\test22\AppData\Local\Temp\vbndfgame.exe
track: 1
command_line:
filepath_r: C:\Users\test22\AppData\Local\Temp\vbndfgame.exe
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
inherit_handles: 0
process_handle: 0x0000011c
1 1 0

NtGetContextThread

 thread_handle: 0x00000114
1 0 0

NtUnmapViewOfSection

 base_address: 0x00400000
region_size: 4096
process_identifier: 2728
process_handle: 0x0000011c
1 0 0

NtMapViewOfSection

 section_handle: 0x000000e0
process_identifier: 2728
commit_size: 0
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
base_address: 0x00400000
allocation_type: 0 ()
section_offset: 0
view_size: 229376
process_handle: 0x0000011c
1 0 0

NtSetContextThread

 registers.eip: 4407296
registers.esp: 1638384
registers.edi: 0
registers.eax: 4291211
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 1999372740
thread_handle: 0x00000114
process_identifier: 2728
1 0 0

NtResumeThread

 thread_handle: 0x00000114
suspend_count: 1
process_identifier: 2728
1 0 0

NtResumeThread

 thread_handle: 0x00000144
suspend_count: 1
process_identifier: 2580
1 0 0

NtResumeThread

 thread_handle: 0x000000f0
suspend_count: 1
process_identifier: 2680
1 0 0
Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
DrWeb Trojan.Siggen15.29388
MicroWorld-eScan Gen:Variant.Razy.973568
FireEye Generic.mg.1d4043e95026d071
McAfee GenericRXQO-BR!1D4043E95026
Cylance Unsafe
Sangfor Riskware.Win32.Agent.ky
CrowdStrike win/malicious_confidence_90% (W)
Alibaba TrojanPSW:Win32/Azorult.4f7e4f61
K7GW Trojan ( 005895151 )
K7AntiVirus Trojan ( 005895151 )
BitDefenderTheta Gen:NN.ZevbaF.34236.qn0@aS1cM5q
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Injector.EQJC
APEX Malicious
Paloalto generic.ml
ClamAV Win.Trojan.VBGeneric-9903884-0
Kaspersky Trojan-PSW.Win32.Azorult.apyk
BitDefender Gen:Variant.Razy.973568
Avast Win32:MalwareX-gen [Trj]
Tencent Win32.Trojan.Razy.Dzka
Ad-Aware Gen:Variant.Razy.973568
Sophos Mal/Generic-S
TrendMicro TrojanSpy.Win32.AZORULT.YXBKCZ
McAfee-GW-Edition BehavesLike.Win32.Fareit.tc
Emsisoft Gen:Variant.Razy.973568 (B)
Ikarus Trojan.Win32.Injector
eGambit Unsafe.AI_Score_83%
Avira TR/Dropper.Gen
Kingsoft Win32.PSWTroj.Azorult.ap.(kcloud)
Microsoft Trojan:Win32/Woreflint.A!cl
Gridinsoft Ransom.Win32.Sabsik.sa
ViRobot Trojan.Win32.Z.Razy.1323008.D
GData Gen:Variant.Razy.973568
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.C4750388
ALYac Gen:Variant.Razy.973568
MAX malware (ai score=89)
Malwarebytes Trojan.Downloader
Rising Trojan.Injector!1.C6AF (CLASSIC)
SentinelOne Static AI - Malicious PE
Fortinet W32/EQJC!tr
AVG Win32:MalwareX-gen [Trj]
Cybereason malicious.95026d
Panda Trj/GdSda.A