Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Dec. 19, 2022, 4:12 p.m.	Dec. 19, 2022, 4:14 p.m.

Size	370.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6a7892ece7e8bf85628e0e769560b7cb`
SHA256	`363dd986f98ab17b465354c93bd6f2b391b81593887dc88a0818d3d07264f844`
CRC32	`A6970A52`
ssdeep	`6144:jCLq2MPPV3Jhe4iyIh9zt41PRPWftYjyeI++cjSO1xhr5n1uBNK2VCGMv9T2lhY6:jClg93P1IhZ2nPSuW++8B1B1AvVCK`
PDB Path	C:\fotimefo_toculis\mozofokutuj.pdb
Yara	IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file

build2.exe "C:\Users\test22\AppData\Local\Temp\build2.exe"
2548

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

C:\fotimefo_toculis\mozofokutuj.pdb

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1
__exception__ Dec. 19, 2022, 4:12 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df build2+0x3142 @ 0x403142 build2+0x3682 @ 0x403682 build2+0x3d8b @ 0x403d8b BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1634692 registers.edi: 6422528 registers.eax: 4294967288 registers.ebp: 1634744 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2552	1

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Dec. 19, 2022, 4:12 p.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 200704 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0064a000 process_handle: 0xffffffff	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00031a00', u'virtual_address': u'0x00014000', u'entropy': 7.963218240206417, u'name': u'.data', u'virtual_size': u'0x0004cc28'}

entropy

7.96321824021

description

A section with a high entropy has been found

entropy

0.537212449256

description

Overall entropy of this PE file is high

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ Dec. 19, 2022, 4:12 p.m.	tid: 2552 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 events)

Bkav	W32.DaisyBuesjjI.Trojan
Lionic	Trojan.Win32.Bandra.4!c
tehtris	Generic.Malware
MicroWorld-eScan	Trojan.Generic.32498066
FireEye	Generic.mg.6a7892ece7e8bf85
ALYac	Trojan.Generic.32498066
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0059b9cf1 )
Alibaba	Trojan:Win32/Redline.420e00bd
K7GW	Trojan ( 0059b9cf1 )
Cybereason	malicious.719218
Arcabit	Trojan.Generic.D1EFE192
Cyren	W32/Kryptik.IFU.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Kryptik.HRXU
Cynet	Malicious (score: 100)
APEX	Malicious
ClamAV	Win.Packed.Ransomx-9980514-0
Kaspersky	HEUR:Trojan-Banker.Win32.Bandra.gen
BitDefender	Trojan.Generic.32498066
NANO-Antivirus	Trojan.Win32.Bandra.jtvnyd
Avast	Win32:PWSX-gen [Trj]
Tencent	Win32.Trojan-Banker.Bandra.Edhl
Ad-Aware	Trojan.Generic.32498066
Emsisoft	Trojan.Generic.32498066 (B)
VIPRE	Trojan.Generic.32498066
TrendMicro	TrojanSpy.Win32.VIDAR.YXCLMZ
McAfee-GW-Edition	BehavesLike.Win32.Lockbit.fc
Trapmine	malicious.high.ml.score
Sophos	Mal/Generic-S + Troj/Krypt-TG
Ikarus	Trojan-Ransom.StopCrypt
Webroot	W32.Trojan.Gen
Avira	TR/Crypt.Agent.otqlv
MAX	malware (ai score=87)
Antiy-AVL	Trojan[Banker]/Win32.Bandra
Kingsoft	Win32.Troj.Banker.(kcloud)
Gridinsoft	Ransom.Win32.STOP.sa
Microsoft	Trojan:Win32/Raccoon.RG!MTB
GData	Win32.Trojan-Stealer.Arkei.AKEMOO
Google	Detected
AhnLab-V3	Trojan/Win.RedLine.R541799
Acronis	suspicious
McAfee	RDN/PWS-Banker
VBA32	TrojanDownloader.Smoke
Malwarebytes	Crytex.Virus.FileInfector.DDS
TrendMicro-HouseCall	TrojanSpy.Win32.VIDAR.YXCLMZ
Rising	Trojan.Generic@AI.100 (RDML:gwQ7bVLCHMSyDhzrM1IcnQ)
Yandex	Trojan.Kryptik!Y9pgnvmMfSc

build2.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All