Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Sept. 20, 2023, 5:56 p.m.	Sept. 20, 2023, 6:02 p.m.

Size	10.0MB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`cc735bbb997be4520efb4943f2db3f6c`
SHA256	`08dcd62ba2989e93c04ce28b5619d9aae32d1fa40ea8003eb85d211be9772089`
CRC32	`A5FBD990`
ssdeep	`196608:2KZjbiVJHceRw3eP/0Z2xoZsnx8KZjbiVJHceRw3eP/0Z2xoZsnx7yr99Tz:LSb8eG00Z2xoZsxZSb8eG00Z2xoZsx7K`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Is_DotNET_EXE - (no description)

harbar.exe "C:\Users\test22\AppData\Local\Temp\harbar.exe"
2136
- toolspub2.exe "C:\Users\test22\AppData\Local\Temp\toolspub2.exe"
  2220
  - toolspub2.exe "C:\Users\test22\AppData\Local\Temp\toolspub2.exe"
    2464
- e0cbefcb1af40c7d4aff4aca26621a98.exe "C:\Users\test22\AppData\Local\Temp\e0cbefcb1af40c7d4aff4aca26621a98.exe"
  2268
- kos1.exe "C:\Users\test22\AppData\Local\Temp\kos1.exe"
  2316
  - kos.exe "C:\Users\test22\AppData\Local\Temp\kos.exe"
    2484
  - set16.exe "C:\Users\test22\AppData\Local\Temp\set16.exe"
    2388
    - is-IKD1U.tmp "C:\Users\test22\AppData\Local\Temp\is-Q1I35.tmp\is-IKD1U.tmp" /SL4 $20162 "C:\Users\test22\AppData\Local\Temp\set16.exe" 1232936 52224
      2604
      - previewer.exe "C:\Program Files (x86)\PA Previewer\previewer.exe" -i
        2764
      - net.exe "C:\Windows\system32\net.exe" helpmsg 8
        2692
        
        net1.exe C:\Windows\system32\net1 helpmsg 8
        2856
      - previewer.exe "C:\Program Files (x86)\PA Previewer\previewer.exe" -s
        2280
- 31839b57a4f11171d6abc8bbc4451ee4.exe "C:\Users\test22\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
  2408

Name	Response	Post-Analysis Lookup
iplogger.com	A 148.251.234.93	148.251.234.93

IP Address	Status	Action
148.251.234.93	Active	Moloch
164.124.101.2	Active	Moloch
193.42.32.61	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 148.251.234.93:443 -> 192.168.56.103:49184	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49184 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49184 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49185	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 148.251.234.93:443 -> 192.168.56.103:49186	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49185 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49185 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49186 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49186 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49188	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49188 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49188 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49189	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49189 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49189 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49193	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49193 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 148.251.234.93:443 -> 192.168.56.103:49181	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49193 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49181 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49181 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
UDP 192.168.56.103:50800 -> 164.124.101.2:53	2047719	ET INFO External IP Lookup Domain (iplogger .com in DNS lookup)	Device Retrieving External IP Address Detected
TCP 148.251.234.93:443 -> 192.168.56.103:49179	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49179 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49179 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49182	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49182 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49182 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49191	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49191 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49191 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49177	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49177 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49177 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49187	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 148.251.234.93:443 -> 192.168.56.103:49180	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49187 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49187 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49180 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49180 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49183	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 148.251.234.93:443 -> 192.168.56.103:49190	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49183 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49183 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49190 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49190 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49195	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49195 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49195 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49192	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49192 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49192 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49194	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49194 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49194 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA Sept. 20, 2023, 5:56 p.m.	computer_name: TEST22-PC	1	1	0

Checks if process is being debugged by a debugger (8 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Sept. 20, 2023, 5:56 p.m.			0	0
IsDebuggerPresent Sept. 20, 2023, 5:56 p.m.			0	0
IsDebuggerPresent Sept. 20, 2023, 5:56 p.m.			0	0
IsDebuggerPresent Sept. 20, 2023, 5:56 p.m.			0	0
IsDebuggerPresent Sept. 20, 2023, 5:56 p.m.			0	0
IsDebuggerPresent Sept. 20, 2023, 5:56 p.m.			0	0
IsDebuggerPresent Sept. 20, 2023, 5:56 p.m.			0	0
IsDebuggerPresent Sept. 20, 2023, 5:56 p.m.			0	0

Command line console output was observed (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW Sept. 20, 2023, 5:56 p.m.	buffer: Not enough storage is available to process this command. console_handle: 0x00000007	1	1	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 20, 2023, 5:56 p.m.		1	1	0

One or more processes crashed (50 out of 131073 events)

Time & API	Arguments	Status
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: is-ikd1u+0x3d65a @ 0x43d65a is-ikd1u+0x3ca6b @ 0x43ca6b is-ikd1u+0x884b0 @ 0x4884b0 is-ikd1u+0x75f02 @ 0x475f02 is-ikd1u+0x8c071 @ 0x48c071 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: f7 37 89 06 e9 dd 07 00 00 8b 06 33 d2 8a 17 8b exception.symbol: is-ikd1u+0x3a94f exception.instruction: div dword ptr [edi] exception.module: is-IKD1U.tmp exception.exception_code: 0xc0000094 exception.offset: 239951 exception.address: 0x43a94f registers.esp: 1637788 registers.edi: 33378484 registers.eax: 5698 registers.ebp: 1637868 registers.edx: 0 registers.ebx: 1 registers.esi: 33378468 registers.ecx: 33378484	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x1ac024 @ 0x5ac024 previewer+0x190cd2 @ 0x590cd2 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637760 registers.edi: 1638104 registers.eax: 1971253248 registers.ebp: 1637800 registers.edx: 7601 registers.ebx: 2130567168 registers.esi: 1971253248 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x1ac024 @ 0x5ac024 previewer+0x190cd2 @ 0x590cd2 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637760 registers.edi: 1638104 registers.eax: 1971249152 registers.ebp: 1637800 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971249152 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x1ac024 @ 0x5ac024 previewer+0x190cd2 @ 0x590cd2 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637760 registers.edi: 1638104 registers.eax: 1971245056 registers.ebp: 1637800 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971245056 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x1ac024 @ 0x5ac024 previewer+0x190cd2 @ 0x590cd2 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637760 registers.edi: 1638104 registers.eax: 1971240960 registers.ebp: 1637800 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971240960 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x1ac024 @ 0x5ac024 previewer+0x190cd2 @ 0x590cd2 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637760 registers.edi: 1638104 registers.eax: 1971236864 registers.ebp: 1637800 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971236864 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x1ac024 @ 0x5ac024 previewer+0x190cd2 @ 0x590cd2 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637760 registers.edi: 1638104 registers.eax: 1971232768 registers.ebp: 1637800 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971232768 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x1ac024 @ 0x5ac024 previewer+0x190cd2 @ 0x590cd2 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637760 registers.edi: 1638104 registers.eax: 1971228672 registers.ebp: 1637800 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971228672 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x1ac024 @ 0x5ac024 previewer+0x190cd2 @ 0x590cd2 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637760 registers.edi: 1638104 registers.eax: 1971224576 registers.ebp: 1637800 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971224576 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x1ac024 @ 0x5ac024 previewer+0x190cd2 @ 0x590cd2 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637760 registers.edi: 1638104 registers.eax: 1971220480 registers.ebp: 1637800 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971220480 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x1ac024 @ 0x5ac024 previewer+0x190cd2 @ 0x590cd2 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637760 registers.edi: 1638104 registers.eax: 1971216384 registers.ebp: 1637800 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971216384 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x1ac024 @ 0x5ac024 previewer+0x190cd2 @ 0x590cd2 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637760 registers.edi: 1638104 registers.eax: 1971212288 registers.ebp: 1637800 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971212288 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x1ac024 @ 0x5ac024 previewer+0x190cd2 @ 0x590cd2 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637760 registers.edi: 1638104 registers.eax: 1971208192 registers.ebp: 1637800 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971208192 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x1ac024 @ 0x5ac024 previewer+0x190cd2 @ 0x590cd2 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637760 registers.edi: 1638104 registers.eax: 1971204096 registers.ebp: 1637800 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971204096 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x1ac024 @ 0x5ac024 previewer+0x190cd2 @ 0x590cd2 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637760 registers.edi: 1638104 registers.eax: 1971200000 registers.ebp: 1637800 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971200000 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x1ac024 @ 0x5ac024 previewer+0x190cd2 @ 0x590cd2 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637760 registers.edi: 1638104 registers.eax: 1971195904 registers.ebp: 1637800 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1971195904 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x19021a @ 0x59021a previewer+0x1d2bc0 @ 0x5d2bc0 previewer+0x1afd36 @ 0x5afd36 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637728 registers.edi: 1638104 registers.eax: 184549376 registers.ebp: 1637768 registers.edx: 828023454 registers.ebx: 3537309792 registers.esi: 184549376 registers.ecx: 4294903528	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x19021a @ 0x59021a previewer+0x1d2bc0 @ 0x5d2bc0 previewer+0x1afd36 @ 0x5afd36 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637728 registers.edi: 1638104 registers.eax: 184553472 registers.ebp: 1637768 registers.edx: 0 registers.ebx: 3537309792 registers.esi: 184553472 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x19021a @ 0x59021a previewer+0x1d2bc0 @ 0x5d2bc0 previewer+0x1afd36 @ 0x5afd36 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637728 registers.edi: 1638104 registers.eax: 184557568 registers.ebp: 1637768 registers.edx: 0 registers.ebx: 3537309792 registers.esi: 184557568 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x19021a @ 0x59021a previewer+0x1d2bc0 @ 0x5d2bc0 previewer+0x1afd36 @ 0x5afd36 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637728 registers.edi: 1638104 registers.eax: 184561664 registers.ebp: 1637768 registers.edx: 0 registers.ebx: 3537309792 registers.esi: 184561664 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x19021a @ 0x59021a previewer+0x1d2bc0 @ 0x5d2bc0 previewer+0x1afd36 @ 0x5afd36 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637728 registers.edi: 1638104 registers.eax: 184565760 registers.ebp: 1637768 registers.edx: 0 registers.ebx: 3537309792 registers.esi: 184565760 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x19021a @ 0x59021a previewer+0x1d2bc0 @ 0x5d2bc0 previewer+0x1afd36 @ 0x5afd36 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637728 registers.edi: 1638104 registers.eax: 184569856 registers.ebp: 1637768 registers.edx: 0 registers.ebx: 3537309792 registers.esi: 184569856 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x19021a @ 0x59021a previewer+0x1d2bc0 @ 0x5d2bc0 previewer+0x1afd36 @ 0x5afd36 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637728 registers.edi: 1638104 registers.eax: 184573952 registers.ebp: 1637768 registers.edx: 0 registers.ebx: 3537309792 registers.esi: 184573952 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x19021a @ 0x59021a previewer+0x1d2bc0 @ 0x5d2bc0 previewer+0x1afd36 @ 0x5afd36 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637728 registers.edi: 1638104 registers.eax: 184578048 registers.ebp: 1637768 registers.edx: 0 registers.ebx: 3537309792 registers.esi: 184578048 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x19021a @ 0x59021a previewer+0x1d2bc0 @ 0x5d2bc0 previewer+0x1afd36 @ 0x5afd36 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637728 registers.edi: 1638104 registers.eax: 184582144 registers.ebp: 1637768 registers.edx: 0 registers.ebx: 3537309792 registers.esi: 184582144 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x19021a @ 0x59021a previewer+0x1d2bc0 @ 0x5d2bc0 previewer+0x1afd36 @ 0x5afd36 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637728 registers.edi: 1638104 registers.eax: 184586240 registers.ebp: 1637768 registers.edx: 0 registers.ebx: 3537309792 registers.esi: 184586240 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x19021a @ 0x59021a previewer+0x1d2bc0 @ 0x5d2bc0 previewer+0x1afd36 @ 0x5afd36 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637728 registers.edi: 1638104 registers.eax: 184590336 registers.ebp: 1637768 registers.edx: 0 registers.ebx: 3537309792 registers.esi: 184590336 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x19021a @ 0x59021a previewer+0x1d2bc0 @ 0x5d2bc0 previewer+0x1afd36 @ 0x5afd36 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637728 registers.edi: 1638104 registers.eax: 184594432 registers.ebp: 1637768 registers.edx: 0 registers.ebx: 3537309792 registers.esi: 184594432 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x19021a @ 0x59021a previewer+0x1d2bc0 @ 0x5d2bc0 previewer+0x1afd36 @ 0x5afd36 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637728 registers.edi: 1638104 registers.eax: 184598528 registers.ebp: 1637768 registers.edx: 0 registers.ebx: 3537309792 registers.esi: 184598528 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x19021a @ 0x59021a previewer+0x1d2bc0 @ 0x5d2bc0 previewer+0x1afd36 @ 0x5afd36 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637728 registers.edi: 1638104 registers.eax: 184602624 registers.ebp: 1637768 registers.edx: 0 registers.ebx: 3537309792 registers.esi: 184602624 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x19021a @ 0x59021a previewer+0x1d2bc0 @ 0x5d2bc0 previewer+0x1afd36 @ 0x5afd36 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637728 registers.edi: 1638104 registers.eax: 184606720 registers.ebp: 1637768 registers.edx: 0 registers.ebx: 3537309792 registers.esi: 184606720 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x19021a @ 0x59021a previewer+0x1d2bc0 @ 0x5d2bc0 previewer+0x1afd36 @ 0x5afd36 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637728 registers.edi: 1638104 registers.eax: 184610816 registers.ebp: 1637768 registers.edx: 0 registers.ebx: 3537309792 registers.esi: 184610816 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x19021a @ 0x59021a previewer+0x1d2bc0 @ 0x5d2bc0 previewer+0x1afd36 @ 0x5afd36 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637728 registers.edi: 1638104 registers.eax: 184614912 registers.ebp: 1637768 registers.edx: 0 registers.ebx: 3537309792 registers.esi: 184614912 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x19021a @ 0x59021a previewer+0x1d2bc0 @ 0x5d2bc0 previewer+0x1afd36 @ 0x5afd36 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637728 registers.edi: 1638104 registers.eax: 184619008 registers.ebp: 1637768 registers.edx: 0 registers.ebx: 3537309792 registers.esi: 184619008 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x19021a @ 0x59021a previewer+0x1d2bc0 @ 0x5d2bc0 previewer+0x1afd36 @ 0x5afd36 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637728 registers.edi: 1638104 registers.eax: 184623104 registers.ebp: 1637768 registers.edx: 0 registers.ebx: 3537309792 registers.esi: 184623104 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x19021a @ 0x59021a previewer+0x1d2bc0 @ 0x5d2bc0 previewer+0x1afd36 @ 0x5afd36 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637728 registers.edi: 1638104 registers.eax: 184627200 registers.ebp: 1637768 registers.edx: 0 registers.ebx: 3537309792 registers.esi: 184627200 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x19021a @ 0x59021a previewer+0x1d2bc0 @ 0x5d2bc0 previewer+0x1afd36 @ 0x5afd36 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637728 registers.edi: 1638104 registers.eax: 184631296 registers.ebp: 1637768 registers.edx: 0 registers.ebx: 3537309792 registers.esi: 184631296 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x19021a @ 0x59021a previewer+0x1d2bc0 @ 0x5d2bc0 previewer+0x1afd36 @ 0x5afd36 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637728 registers.edi: 1638104 registers.eax: 184635392 registers.ebp: 1637768 registers.edx: 0 registers.ebx: 3537309792 registers.esi: 184635392 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x19021a @ 0x59021a previewer+0x1d2bc0 @ 0x5d2bc0 previewer+0x1afd36 @ 0x5afd36 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637728 registers.edi: 1638104 registers.eax: 184639488 registers.ebp: 1637768 registers.edx: 0 registers.ebx: 3537309792 registers.esi: 184639488 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x19021a @ 0x59021a previewer+0x1d2bc0 @ 0x5d2bc0 previewer+0x1afd36 @ 0x5afd36 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637728 registers.edi: 1638104 registers.eax: 184643584 registers.ebp: 1637768 registers.edx: 0 registers.ebx: 3537309792 registers.esi: 184643584 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x19021a @ 0x59021a previewer+0x1d2bc0 @ 0x5d2bc0 previewer+0x1afd36 @ 0x5afd36 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637728 registers.edi: 1638104 registers.eax: 184647680 registers.ebp: 1637768 registers.edx: 0 registers.ebx: 3537309792 registers.esi: 184647680 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x19021a @ 0x59021a previewer+0x1d2bc0 @ 0x5d2bc0 previewer+0x1afd36 @ 0x5afd36 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637728 registers.edi: 1638104 registers.eax: 184651776 registers.ebp: 1637768 registers.edx: 0 registers.ebx: 3537309792 registers.esi: 184651776 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x19021a @ 0x59021a previewer+0x1d2bc0 @ 0x5d2bc0 previewer+0x1afd36 @ 0x5afd36 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637728 registers.edi: 1638104 registers.eax: 184655872 registers.ebp: 1637768 registers.edx: 0 registers.ebx: 3537309792 registers.esi: 184655872 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x19021a @ 0x59021a previewer+0x1d2bc0 @ 0x5d2bc0 previewer+0x1afd36 @ 0x5afd36 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637728 registers.edi: 1638104 registers.eax: 184659968 registers.ebp: 1637768 registers.edx: 0 registers.ebx: 3537309792 registers.esi: 184659968 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x19021a @ 0x59021a previewer+0x1d2bc0 @ 0x5d2bc0 previewer+0x1afd36 @ 0x5afd36 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637728 registers.edi: 1638104 registers.eax: 184664064 registers.ebp: 1637768 registers.edx: 0 registers.ebx: 3537309792 registers.esi: 184664064 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x19021a @ 0x59021a previewer+0x1d2bc0 @ 0x5d2bc0 previewer+0x1afd36 @ 0x5afd36 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637728 registers.edi: 1638104 registers.eax: 184668160 registers.ebp: 1637768 registers.edx: 0 registers.ebx: 3537309792 registers.esi: 184668160 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x19021a @ 0x59021a previewer+0x1d2bc0 @ 0x5d2bc0 previewer+0x1afd36 @ 0x5afd36 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637728 registers.edi: 1638104 registers.eax: 184672256 registers.ebp: 1637768 registers.edx: 0 registers.ebx: 3537309792 registers.esi: 184672256 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x19021a @ 0x59021a previewer+0x1d2bc0 @ 0x5d2bc0 previewer+0x1afd36 @ 0x5afd36 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637728 registers.edi: 1638104 registers.eax: 184676352 registers.ebp: 1637768 registers.edx: 0 registers.ebx: 3537309792 registers.esi: 184676352 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x19021a @ 0x59021a previewer+0x1d2bc0 @ 0x5d2bc0 previewer+0x1afd36 @ 0x5afd36 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637728 registers.edi: 1638104 registers.eax: 184680448 registers.ebp: 1637768 registers.edx: 0 registers.ebx: 3537309792 registers.esi: 184680448 registers.ecx: 1638264	1
__exception__ Sept. 20, 2023, 5:56 p.m.	stacktrace: previewer+0x19021a @ 0x59021a previewer+0x1d2bc0 @ 0x5d2bc0 previewer+0x1afd36 @ 0x5afd36 previewer+0x63560 @ 0x463560 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57 exception.symbol: previewer+0x12013c exception.instruction: push dword ptr [eax] exception.module: previewer.exe exception.exception_code: 0xc0000005 exception.offset: 1179964 exception.address: 0x52013c registers.esp: 1637728 registers.edi: 1638104 registers.eax: 184684544 registers.ebp: 1637768 registers.edx: 0 registers.ebx: 3537309792 registers.esi: 184684544 registers.ecx: 1638264	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Allocates read-write-execute memory (usually to unpack itself) (50 out of 90 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2136 region_size: 1769472 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00770000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2136 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f11000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f12000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2136 region_size: 524288 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00540000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2136 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00580000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2136 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003f2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2136 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00425000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2136 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0042b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2136 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00427000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2136 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2136 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2136 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003fa000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2220 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 77824 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0081c000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2220 region_size: 36864 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2268 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4161536 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02710000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2268 region_size: 9351168 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02b10000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2316 region_size: 720896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003b0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2316 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00420000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2316 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f11000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2316 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f12000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2316 region_size: 327680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2316 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00580000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2316 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00292000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2316 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003c5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2316 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003cb000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2316 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003c7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2316 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002ac000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2316 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00410000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2316 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0029a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2408 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4161536 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02680000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2408 region_size: 9351168 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02a80000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2484 region_size: 1638400 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000006c0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2484 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000007d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2484 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef2d81000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2484 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef341b000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2484 region_size: 2097152 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000d90000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2484 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000f10000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2484 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef2d82000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2484 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef2d82000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2484 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef2d82000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2484 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef2d82000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2484 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef2d82000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2484 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef2d82000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2484 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef2d82000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2484 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef2d82000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2484 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef2d82000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2484 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef2d82000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2484 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef2d82000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2484 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef2d84000 process_handle: 0xffffffffffffffff	1

Creates executable files on the filesystem (10 events)

file	C:\Users\test22\AppData\Local\Temp\kos1.exe
file	C:\Users\test22\AppData\Local\Temp\is-ECB0B.tmp\_isetup\_isdecmp.dll
file	C:\Users\test22\AppData\Local\Temp\set16.exe
file	C:\Users\test22\AppData\Local\Temp\e0cbefcb1af40c7d4aff4aca26621a98.exe
file	C:\Program Files (x86)\PA Previewer\previewer.exe
file	C:\Users\test22\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
file	C:\Users\test22\AppData\Local\Temp\is-ECB0B.tmp\_isetup\_shfoldr.dll
file	C:\Users\test22\AppData\Local\Temp\kos.exe
file	C:\Users\test22\AppData\Local\Temp\is-ECB0B.tmp\_isetup\_iscrypt.dll
file	C:\Users\test22\AppData\Local\Temp\toolspub2.exe

Drops a binary and executes it (6 events)

file	C:\Users\test22\AppData\Local\Temp\toolspub2.exe
file	C:\Users\test22\AppData\Local\Temp\e0cbefcb1af40c7d4aff4aca26621a98.exe
file	C:\Users\test22\AppData\Local\Temp\kos1.exe
file	C:\Users\test22\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
file	C:\Users\test22\AppData\Local\Temp\set16.exe
file	C:\Users\test22\AppData\Local\Temp\kos.exe

Drops an executable to the user AppData folder (10 events)

file	C:\Users\test22\AppData\Local\Temp\e0cbefcb1af40c7d4aff4aca26621a98.exe
file	C:\Users\test22\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
file	C:\Users\test22\AppData\Local\Temp\toolspub2.exe
file	C:\Users\test22\AppData\Local\Temp\is-ECB0B.tmp\_isetup\_isdecmp.dll
file	C:\Users\test22\AppData\Local\Temp\kos.exe
file	C:\Users\test22\AppData\Local\Temp\is-ECB0B.tmp\_isetup\_shfoldr.dll
file	C:\Users\test22\AppData\Local\Temp\is-ECB0B.tmp\_isetup\_iscrypt.dll
file	C:\Users\test22\AppData\Local\Temp\kos1.exe
file	C:\Users\test22\AppData\Local\Temp\is-ECB0B.tmp\_isetup\_RegDLL.tmp
file	C:\Users\test22\AppData\Local\Temp\set16.exe

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2388 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 36864 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x00401000 process_handle: 0xffffffff	1	0	0

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses Sept. 20, 2023, 5:57 p.m.	flags: 15 family: 0		111	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00a03000', u'virtual_address': u'0x00002000', u'entropy': 7.964635152293677, u'name': u'.text', u'virtual_size': u'0x00a02eb4'}

entropy

7.96463515229

description

A section with a high entropy has been found

entropy

0.999804954164

description

Overall entropy of this PE file is high

Checks for the Locally Unique Identifier on the system for a suspicious privilege (2 events)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW Sept. 20, 2023, 5:56 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0
LookupPrivilegeValueW Sept. 20, 2023, 6 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Yara rule detected in process memory (7 events)

description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Bypass DEP	rule	disable_dep

Queries for potentially installed applications (4 events)

Time & API	Arguments	Return
RegOpenKeyExA Sept. 20, 2023, 5:56 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\PA Previewer_is1 base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00000001 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\PA Previewer_is1	2
RegOpenKeyExA Sept. 20, 2023, 5:56 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\PA Previewer_is1 base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000001 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PA Previewer_is1	2
RegOpenKeyExA Sept. 20, 2023, 5:56 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\PA Previewer_is1 base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00000008 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\PA Previewer_is1	2
RegOpenKeyExA Sept. 20, 2023, 5:56 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\PA Previewer_is1 base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000008 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PA Previewer_is1	2

Uses Windows utilities for basic Windows functionality (1 event)

cmdline

"C:\Windows\system32\net.exe" helpmsg 8

Communicates with host for which no DNS query was performed (1 event)

host

193.42.32.61

Allocates execute permission to another process indicative of possible code injection (1 event)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2464 region_size: 36864 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000080	1	0	0

Detects Avast Antivirus through the presence of a library (2 events)

Time & API	Arguments	Status	Return	Repeated
LdrGetDllHandle Sept. 20, 2023, 5:56 p.m.	module_name: snxhk module_address: 0x00000000 stack_pivoted: 0		3221225781	0
LdrGetDllHandle Sept. 20, 2023, 5:56 p.m.	module_name: snxhk module_address: 0x00000000 stack_pivoted: 0		3221225781	0

Potential code injection by writing to the memory of another process (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteProcessMemory Sept. 20, 2023, 5:56 p.m.	buffer: @ base_address: 0x7efde008 process_identifier: 2464 process_handle: 0x00000080	1	1	0

Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2220 called NtSetContextThread to modify thread in remote process 2464
NtSetContextThread Sept. 20, 2023, 5:56 p.m.	registers.eip: 2005598660 registers.esp: 1638384 registers.edi: 0 registers.eax: 4206040 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x0000007c process_identifier: 2464	1	0	0

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2220 resumed a thread in remote process 2464
NtResumeThread Sept. 20, 2023, 5:56 p.m.	thread_handle: 0x0000007c suspend_count: 1 process_identifier: 2464	1	0	0

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ Sept. 20, 2023, 5:57 p.m.	tid: 2768 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

Executed a process and injected code into it, probably while unpacking (36 events)

Time & API	Arguments	Status	Return
NtResumeThread Sept. 20, 2023, 5:56 p.m.	thread_handle: 0x000000dc suspend_count: 1 process_identifier: 2136	1	0
NtResumeThread Sept. 20, 2023, 5:56 p.m.	thread_handle: 0x00000150 suspend_count: 1 process_identifier: 2136	1	0
NtResumeThread Sept. 20, 2023, 5:56 p.m.	thread_handle: 0x00000194 suspend_count: 1 process_identifier: 2136	1	0
NtResumeThread Sept. 20, 2023, 5:56 p.m.	thread_handle: 0x0000020c suspend_count: 1 process_identifier: 2136	1	0
CreateProcessInternalW Sept. 20, 2023, 5:56 p.m.	thread_identifier: 2224 thread_handle: 0x0000039c process_identifier: 2220 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Users\test22\AppData\Local\Temp\toolspub2.exe track: 1 command_line: "C:\Users\test22\AppData\Local\Temp\toolspub2.exe" filepath_r: C:\Users\test22\AppData\Local\Temp\toolspub2.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x000003a4	1	1
NtResumeThread Sept. 20, 2023, 5:56 p.m.	thread_handle: 0x00000340 suspend_count: 1 process_identifier: 2136	1	0
NtResumeThread Sept. 20, 2023, 5:56 p.m.	thread_handle: 0x000003a4 suspend_count: 1 process_identifier: 2136	1	0
CreateProcessInternalW Sept. 20, 2023, 5:56 p.m.	thread_identifier: 2272 thread_handle: 0x000003b0 process_identifier: 2268 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Users\test22\AppData\Local\Temp\e0cbefcb1af40c7d4aff4aca26621a98.exe track: 1 command_line: "C:\Users\test22\AppData\Local\Temp\e0cbefcb1af40c7d4aff4aca26621a98.exe" filepath_r: C:\Users\test22\AppData\Local\Temp\e0cbefcb1af40c7d4aff4aca26621a98.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x000003cc	1	1
NtResumeThread Sept. 20, 2023, 5:56 p.m.	thread_handle: 0x000003b4 suspend_count: 1 process_identifier: 2136	1	0
CreateProcessInternalW Sept. 20, 2023, 5:56 p.m.	thread_identifier: 2320 thread_handle: 0x000003bc process_identifier: 2316 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Users\test22\AppData\Local\Temp\kos1.exe track: 1 command_line: "C:\Users\test22\AppData\Local\Temp\kos1.exe" filepath_r: C:\Users\test22\AppData\Local\Temp\kos1.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x000003e4	1	1
NtResumeThread Sept. 20, 2023, 5:56 p.m.	thread_handle: 0x000003cc suspend_count: 1 process_identifier: 2136	1	0
CreateProcessInternalW Sept. 20, 2023, 5:56 p.m.	thread_identifier: 2412 thread_handle: 0x000003d4 process_identifier: 2408 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Users\test22\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe track: 1 command_line: "C:\Users\test22\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe" filepath_r: C:\Users\test22\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x000003fc	1	1
CreateProcessInternalW Sept. 20, 2023, 5:56 p.m.	thread_identifier: 2468 thread_handle: 0x0000007c process_identifier: 2464 current_directory: filepath: C:\Users\test22\AppData\Local\Temp\toolspub2.exe track: 1 command_line: "C:\Users\test22\AppData\Local\Temp\toolspub2.exe" filepath_r: C:\Users\test22\AppData\Local\Temp\toolspub2.exe stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000080	1	1
NtGetContextThread Sept. 20, 2023, 5:56 p.m.	thread_handle: 0x0000007c	1	0
NtUnmapViewOfSection Sept. 20, 2023, 5:56 p.m.	base_address: 0x00400000 region_size: 4096 process_identifier: 2464 process_handle: 0x00000080	1	0
NtAllocateVirtualMemory Sept. 20, 2023, 5:56 p.m.	process_identifier: 2464 region_size: 36864 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000080	1	0
WriteProcessMemory Sept. 20, 2023, 5:56 p.m.	buffer: @ base_address: 0x7efde008 process_identifier: 2464 process_handle: 0x00000080	1	1
NtSetContextThread Sept. 20, 2023, 5:56 p.m.	registers.eip: 2005598660 registers.esp: 1638384 registers.edi: 0 registers.eax: 4206040 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x0000007c process_identifier: 2464	1	0
NtResumeThread Sept. 20, 2023, 5:56 p.m.	thread_handle: 0x0000007c suspend_count: 1 process_identifier: 2464	1	0
NtResumeThread Sept. 20, 2023, 5:56 p.m.	thread_handle: 0x000000dc suspend_count: 1 process_identifier: 2316	1	0
NtResumeThread Sept. 20, 2023, 5:56 p.m.	thread_handle: 0x0000014c suspend_count: 1 process_identifier: 2316	1	0
NtResumeThread Sept. 20, 2023, 5:56 p.m.	thread_handle: 0x000001ac suspend_count: 1 process_identifier: 2316	1	0
NtResumeThread Sept. 20, 2023, 5:56 p.m.	thread_handle: 0x00000374 suspend_count: 1 process_identifier: 2316	1	0
CreateProcessInternalW Sept. 20, 2023, 5:56 p.m.	thread_identifier: 2392 thread_handle: 0x0000039c process_identifier: 2388 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Users\test22\AppData\Local\Temp\set16.exe track: 1 command_line: "C:\Users\test22\AppData\Local\Temp\set16.exe" filepath_r: C:\Users\test22\AppData\Local\Temp\set16.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x000003a4	1	1
NtResumeThread Sept. 20, 2023, 5:56 p.m.	thread_handle: 0x00000310 suspend_count: 1 process_identifier: 2316	1	0
CreateProcessInternalW Sept. 20, 2023, 5:56 p.m.	thread_identifier: 2488 thread_handle: 0x000003a4 process_identifier: 2484 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Users\test22\AppData\Local\Temp\kos.exe track: 1 command_line: "C:\Users\test22\AppData\Local\Temp\kos.exe" filepath_r: C:\Users\test22\AppData\Local\Temp\kos.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x000003bc	1	1
NtResumeThread Sept. 20, 2023, 5:56 p.m.	thread_handle: 0x00000000000000c4 suspend_count: 1 process_identifier: 2484	1	0
NtResumeThread Sept. 20, 2023, 5:56 p.m.	thread_handle: 0x0000000000000134 suspend_count: 1 process_identifier: 2484	1	0
NtResumeThread Sept. 20, 2023, 5:56 p.m.	thread_handle: 0x000000000000017c suspend_count: 1 process_identifier: 2484	1	0
NtResumeThread Sept. 20, 2023, 5:57 p.m.	thread_handle: 0x0000000000000324 suspend_count: 1 process_identifier: 2484	1	0
CreateProcessInternalW Sept. 20, 2023, 5:56 p.m.	thread_identifier: 2608 thread_handle: 0x00000128 process_identifier: 2604 current_directory: filepath: track: 1 command_line: "C:\Users\test22\AppData\Local\Temp\is-Q1I35.tmp\is-IKD1U.tmp" /SL4 $20162 "C:\Users\test22\AppData\Local\Temp\set16.exe" 1232936 52224 filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000124	1	1
NtResumeThread Sept. 20, 2023, 5:56 p.m.	thread_handle: 0x000001a8 suspend_count: 1 process_identifier: 2604	1	0
CreateProcessInternalW Sept. 20, 2023, 5:56 p.m.	thread_identifier: 2696 thread_handle: 0x00000280 process_identifier: 2692 current_directory: C:\Windows\system32 filepath: track: 1 command_line: "C:\Windows\system32\net.exe" helpmsg 8 filepath_r: stack_pivoted: 0 creation_flags: 67108864 (CREATE_DEFAULT_ERROR_MODE) inherit_handles: 0 process_handle: 0x00000298	1	1
CreateProcessInternalW Sept. 20, 2023, 5:56 p.m.	thread_identifier: 2768 thread_handle: 0x00000298 process_identifier: 2764 current_directory: C:\Program Files (x86)\PA Previewer filepath: track: 1 command_line: "C:\Program Files (x86)\PA Previewer\previewer.exe" -i filepath_r: stack_pivoted: 0 creation_flags: 67108864 (CREATE_DEFAULT_ERROR_MODE) inherit_handles: 0 process_handle: 0x00000280	1	1
CreateProcessInternalW Sept. 20, 2023, 5:57 p.m.	thread_identifier: 2288 thread_handle: 0x00000280 process_identifier: 2280 current_directory: C:\Program Files (x86)\PA Previewer filepath: track: 1 command_line: "C:\Program Files (x86)\PA Previewer\previewer.exe" -s filepath_r: stack_pivoted: 0 creation_flags: 67108864 (CREATE_DEFAULT_ERROR_MODE) inherit_handles: 0 process_handle: 0x00000298	1	1
CreateProcessInternalW Sept. 20, 2023, 5:56 p.m.	thread_identifier: 2860 thread_handle: 0x00000140 process_identifier: 2856 current_directory: filepath: track: 1 command_line: C:\Windows\system32\net1 helpmsg 8 filepath_r: stack_pivoted: 0 creation_flags: 32 (NORMAL_PRIORITY_CLASS) inherit_handles: 1 process_handle: 0x00000144	1	1

File has been identified by 48 AntiVirus engines on VirusTotal as malicious (48 events)

Lionic	Trojan.Win32.ShortLoader.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	IL:Trojan.MSILZilla.9891
McAfee	GenericRXOO-YN!CC735BBB997B
Cylance	unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Ransomware ( 005a8b921 )
Alibaba	TrojanDownloader:MSIL/Mokes.2cbae3be
K7GW	Ransomware ( 005a8b921 )
Cybereason	malicious.42dd43
Cyren	W32/MSIL_Kryptik.FFY.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Agent.UZA
Cynet	Malicious (score: 100)
APEX	Malicious
Kaspersky	HEUR:Trojan-Downloader.MSIL.ShortLoader.gen
BitDefender	IL:Trojan.MSILZilla.9891
Avast	Win32:DropperX-gen [Drp]
Rising	Trojan.AntiVM!1.CF63 (CLASSIC)
Emsisoft	IL:Trojan.MSILZilla.9891 (B)
DrWeb	Trojan.MulDropNET.43
VIPRE	IL:Trojan.MSILZilla.9891
TrendMicro	TROJ_GEN.R06EC0DIK23
McAfee-GW-Edition	BehavesLike.Win32.Generic.vc
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.cc735bbb997be452
Sophos	Troj/ILAgent-I
Ikarus	Win32.Outbreak
GData	IL:Trojan.MSILZilla.9891
Arcabit	IL:Trojan.MSILZilla.D26A3
ZoneAlarm	HEUR:Trojan-Downloader.MSIL.ShortLoader.gen
Microsoft	Trojan:MSIL/Mokes.B!MTB
Google	Detected
AhnLab-V3	Malware/Win.Generic.C4478643
ALYac	IL:Trojan.MSILZilla.9891
MAX	malware (ai score=87)
VBA32	Trojan.MSIL.Injector.gen
Malwarebytes	Trojan.Crypt.MSIL.Generic
Panda	Trj/GdSda.A
TrendMicro-HouseCall	TROJ_GEN.R06EC0DIK23
Tencent	Msil.Trojan-Downloader.Shortloader.Szfl
SentinelOne	Static AI - Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/GenKryptik.FFMZ!tr
BitDefenderTheta	Gen:NN.ZemsilF.36662.@p0@aC6r1yh
AVG	Win32:DropperX-gen [Drp]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

harbar.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All