popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

minda.exe

Emotet Gen1 .NET framework(MSIL) Malicious Library Confuser .NET UPX Malicious Packer Admin Tool (Sysinternals etc ...) PE64 AntiDebug dll PE File OS Processor Check CHM Format PE32 MZP Format .NET EXE AntiVM DLL DllRegisterServer
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Oct. 9, 2023, 12:35 p.m. Oct. 9, 2023, 12:37 p.m.
Size 13.4MB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 c7f2b50a51b84d1108430e3fb119d0d4
SHA256 31c5da8614998e7836aaf3c70559f7710edbd4b536b840e0c63babfdc95c5921
CRC32 95B1EBDC
ssdeep 196608:aIgCXUXYGU2MYWZ3mpejjiAN8YrOmSIFIuHB+q9LOKd/VT7cRRbYc:JgCkX1SZ3pniIzl7XhZLOKd/Wz
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Is_DotNET_EXE - (no description)

Name Response Post-Analysis Lookup
xmr-eu1.nanopool.org
A 51.15.58.224
A 51.255.34.118
A 51.68.143.81
A 212.47.253.124
A 163.172.154.142
A 51.15.65.182
A 135.125.238.108
A 51.15.193.130
A 51.68.190.80
51.68.143.81
iplogger.com
A 148.251.234.93
148.251.234.93
pastebin.com
A 104.20.67.143
A 172.67.34.170
A 104.20.68.143
104.20.68.143
IP Address Status Action
104.20.67.143 Active Moloch
148.251.234.93 Active Moloch
163.172.154.142 Active Moloch
164.124.101.2 Active Moloch
212.47.253.124 Active Moloch
5.42.65.39 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 148.251.234.93:443 -> 192.168.56.103:49175 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49175 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49175 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49180 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49180 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49180 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49184 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49184 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49184 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49186 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49186 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49186 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
UDP 192.168.56.103:52760 -> 164.124.101.2:53 2047719 ET INFO External IP Lookup Domain (iplogger .com in DNS lookup) Device Retrieving External IP Address Detected
TCP 148.251.234.93:443 -> 192.168.56.103:49182 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49182 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49182 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49183 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49183 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49183 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49185 -> 5.42.65.39:80 2044244 ET MALWARE Win32/Stealc Requesting browsers Config from C2 Malware Command and Control Activity Detected
TCP 5.42.65.39:80 -> 192.168.56.103:49185 2044245 ET MALWARE Win32/Stealc Active C2 Responding with browsers Config Malware Command and Control Activity Detected
TCP 192.168.56.103:49185 -> 5.42.65.39:80 2044246 ET MALWARE Win32/Stealc Requesting plugins Config from C2 Malware Command and Control Activity Detected
TCP 5.42.65.39:80 -> 192.168.56.103:49185 2044247 ET MALWARE Win32/Stealc Active C2 Responding with plugins Config Malware Command and Control Activity Detected
TCP 192.168.56.103:49185 -> 5.42.65.39:80 2044248 ET MALWARE Win32/Stealc Submitting System Information to C2 Malware Command and Control Activity Detected
TCP 192.168.56.103:49185 -> 5.42.65.39:80 2027250 ET INFO Dotted Quad Host DLL Request Potentially Bad Traffic
TCP 192.168.56.103:49185 -> 5.42.65.39:80 2044301 ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity A suspicious filename was detected
TCP 5.42.65.39:80 -> 192.168.56.103:49185 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 5.42.65.39:80 -> 192.168.56.103:49185 2016538 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download Potentially Bad Traffic
TCP 148.251.234.93:443 -> 192.168.56.103:49190 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49190 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49190 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49202 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49202 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49202 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49204 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49204 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49204 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49207 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49207 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49207 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49209 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49209 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49209 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49210 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49210 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49210 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49216 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49216 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49216 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49213 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49213 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49213 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49197 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49197 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
UDP 192.168.56.103:50800 -> 164.124.101.2:53 2033268 ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org) Potential Corporate Privacy Violation
TCP 192.168.56.103:49206 -> 104.20.67.143:443 906200068 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner) undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49211 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49211 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49211 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49212 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49212 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49212 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49214 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49214 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49214 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 148.251.234.93:443 -> 192.168.56.103:49215 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49215 -> 148.251.234.93:443 2047718 ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49215 -> 148.251.234.93:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49185 -> 5.42.65.39:80 2027250 ET INFO Dotted Quad Host DLL Request Potentially Bad Traffic
TCP 192.168.56.103:49185 -> 5.42.65.39:80 2044303 ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity A suspicious filename was detected
TCP 192.168.56.103:49185 -> 5.42.65.39:80 2027250 ET INFO Dotted Quad Host DLL Request Potentially Bad Traffic
TCP 192.168.56.103:49185 -> 5.42.65.39:80 2044302 ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity A suspicious filename was detected
TCP 192.168.56.103:49185 -> 5.42.65.39:80 2027250 ET INFO Dotted Quad Host DLL Request Potentially Bad Traffic
TCP 192.168.56.103:49185 -> 5.42.65.39:80 2027250 ET INFO Dotted Quad Host DLL Request Potentially Bad Traffic
TCP 192.168.56.103:49185 -> 5.42.65.39:80 2044305 ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity A suspicious filename was detected
TCP 192.168.56.103:49185 -> 5.42.65.39:80 2027250 ET INFO Dotted Quad Host DLL Request Potentially Bad Traffic
TCP 192.168.56.103:49185 -> 5.42.65.39:80 2044306 ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity A suspicious filename was detected
TCP 192.168.56.103:49185 -> 5.42.65.39:80 2027250 ET INFO Dotted Quad Host DLL Request Potentially Bad Traffic
TCP 192.168.56.103:49185 -> 5.42.65.39:80 2044307 ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity A suspicious filename was detected

Suricata TLS

Flow Issuer Subject Fingerprint
TLS 1.3
192.168.56.103:49208
212.47.253.124:14433 		None None None
TLS 1.3
192.168.56.103:49206
104.20.67.143:443 		None None None
TLS 1.3
192.168.56.103:49205
163.172.154.142:14433 		None None None

Time & API Arguments Status Return Repeated

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: Not enough storage is available to process this command.
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: Could Not Find C:\ProgramData\*.dll & exit
console_handle: 0x0000000b
1 1 0

WriteConsoleW

 buffer: Waiting for 5
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: seconds, press a key to continue ...
console_handle: 0x00000007
1 1 0
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
is-7m1n6+0x3d65a @ 0x43d65a
is-7m1n6+0x3ca6b @ 0x43ca6b
is-7m1n6+0x884b0 @ 0x4884b0
is-7m1n6+0x75f02 @ 0x475f02
is-7m1n6+0x8c071 @ 0x48c071
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: f7 37 89 06 e9 dd 07 00 00 8b 06 33 d2 8a 17 8b
exception.symbol: is-7m1n6+0x3a94f
exception.instruction: div dword ptr [edi]
exception.module: is-7M1N6.tmp
exception.exception_code: 0xc0000094
exception.offset: 239951
exception.address: 0x43a94f
registers.esp: 1637788
registers.edi: 32788660
registers.eax: 5698
registers.ebp: 1637868
registers.edx: 0
registers.ebx: 1
registers.esi: 32788644
registers.ecx: 32788660
1 0 0

__exception__

 stacktrace: 
previewer+0x1ac024 @ 0x5ac024
previewer+0x190cd2 @ 0x590cd2
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637760
registers.edi: 1638104
registers.eax: 1971253248
registers.ebp: 1637800
registers.edx: 7601
registers.ebx: 2130567168
registers.esi: 1971253248
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x1ac024 @ 0x5ac024
previewer+0x190cd2 @ 0x590cd2
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637760
registers.edi: 1638104
registers.eax: 1971249152
registers.ebp: 1637800
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 1971249152
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x1ac024 @ 0x5ac024
previewer+0x190cd2 @ 0x590cd2
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637760
registers.edi: 1638104
registers.eax: 1971245056
registers.ebp: 1637800
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 1971245056
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x1ac024 @ 0x5ac024
previewer+0x190cd2 @ 0x590cd2
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637760
registers.edi: 1638104
registers.eax: 1971240960
registers.ebp: 1637800
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 1971240960
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x1ac024 @ 0x5ac024
previewer+0x190cd2 @ 0x590cd2
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637760
registers.edi: 1638104
registers.eax: 1971236864
registers.ebp: 1637800
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 1971236864
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x1ac024 @ 0x5ac024
previewer+0x190cd2 @ 0x590cd2
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637760
registers.edi: 1638104
registers.eax: 1971232768
registers.ebp: 1637800
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 1971232768
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x1ac024 @ 0x5ac024
previewer+0x190cd2 @ 0x590cd2
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637760
registers.edi: 1638104
registers.eax: 1971228672
registers.ebp: 1637800
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 1971228672
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x1ac024 @ 0x5ac024
previewer+0x190cd2 @ 0x590cd2
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637760
registers.edi: 1638104
registers.eax: 1971224576
registers.ebp: 1637800
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 1971224576
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x1ac024 @ 0x5ac024
previewer+0x190cd2 @ 0x590cd2
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637760
registers.edi: 1638104
registers.eax: 1971220480
registers.ebp: 1637800
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 1971220480
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x1ac024 @ 0x5ac024
previewer+0x190cd2 @ 0x590cd2
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637760
registers.edi: 1638104
registers.eax: 1971216384
registers.ebp: 1637800
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 1971216384
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x1ac024 @ 0x5ac024
previewer+0x190cd2 @ 0x590cd2
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637760
registers.edi: 1638104
registers.eax: 1971212288
registers.ebp: 1637800
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 1971212288
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x1ac024 @ 0x5ac024
previewer+0x190cd2 @ 0x590cd2
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637760
registers.edi: 1638104
registers.eax: 1971208192
registers.ebp: 1637800
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 1971208192
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x1ac024 @ 0x5ac024
previewer+0x190cd2 @ 0x590cd2
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637760
registers.edi: 1638104
registers.eax: 1971204096
registers.ebp: 1637800
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 1971204096
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x1ac024 @ 0x5ac024
previewer+0x190cd2 @ 0x590cd2
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637760
registers.edi: 1638104
registers.eax: 1971200000
registers.ebp: 1637800
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 1971200000
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x1ac024 @ 0x5ac024
previewer+0x190cd2 @ 0x590cd2
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637760
registers.edi: 1638104
registers.eax: 1971195904
registers.ebp: 1637800
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 1971195904
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x19021a @ 0x59021a
previewer+0x1d2bc0 @ 0x5d2bc0
previewer+0x1afd36 @ 0x5afd36
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637728
registers.edi: 1638104
registers.eax: 184549376
registers.ebp: 1637768
registers.edx: 828023454
registers.ebx: 3537309792
registers.esi: 184549376
registers.ecx: 4294903528
1 0 0

__exception__

 stacktrace: 
previewer+0x19021a @ 0x59021a
previewer+0x1d2bc0 @ 0x5d2bc0
previewer+0x1afd36 @ 0x5afd36
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637728
registers.edi: 1638104
registers.eax: 184553472
registers.ebp: 1637768
registers.edx: 0
registers.ebx: 3537309792
registers.esi: 184553472
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x19021a @ 0x59021a
previewer+0x1d2bc0 @ 0x5d2bc0
previewer+0x1afd36 @ 0x5afd36
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637728
registers.edi: 1638104
registers.eax: 184557568
registers.ebp: 1637768
registers.edx: 0
registers.ebx: 3537309792
registers.esi: 184557568
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x19021a @ 0x59021a
previewer+0x1d2bc0 @ 0x5d2bc0
previewer+0x1afd36 @ 0x5afd36
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637728
registers.edi: 1638104
registers.eax: 184561664
registers.ebp: 1637768
registers.edx: 0
registers.ebx: 3537309792
registers.esi: 184561664
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x19021a @ 0x59021a
previewer+0x1d2bc0 @ 0x5d2bc0
previewer+0x1afd36 @ 0x5afd36
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637728
registers.edi: 1638104
registers.eax: 184565760
registers.ebp: 1637768
registers.edx: 0
registers.ebx: 3537309792
registers.esi: 184565760
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x19021a @ 0x59021a
previewer+0x1d2bc0 @ 0x5d2bc0
previewer+0x1afd36 @ 0x5afd36
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637728
registers.edi: 1638104
registers.eax: 184569856
registers.ebp: 1637768
registers.edx: 0
registers.ebx: 3537309792
registers.esi: 184569856
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x19021a @ 0x59021a
previewer+0x1d2bc0 @ 0x5d2bc0
previewer+0x1afd36 @ 0x5afd36
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637728
registers.edi: 1638104
registers.eax: 184573952
registers.ebp: 1637768
registers.edx: 0
registers.ebx: 3537309792
registers.esi: 184573952
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x19021a @ 0x59021a
previewer+0x1d2bc0 @ 0x5d2bc0
previewer+0x1afd36 @ 0x5afd36
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637728
registers.edi: 1638104
registers.eax: 184578048
registers.ebp: 1637768
registers.edx: 0
registers.ebx: 3537309792
registers.esi: 184578048
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x19021a @ 0x59021a
previewer+0x1d2bc0 @ 0x5d2bc0
previewer+0x1afd36 @ 0x5afd36
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637728
registers.edi: 1638104
registers.eax: 184582144
registers.ebp: 1637768
registers.edx: 0
registers.ebx: 3537309792
registers.esi: 184582144
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x19021a @ 0x59021a
previewer+0x1d2bc0 @ 0x5d2bc0
previewer+0x1afd36 @ 0x5afd36
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637728
registers.edi: 1638104
registers.eax: 184586240
registers.ebp: 1637768
registers.edx: 0
registers.ebx: 3537309792
registers.esi: 184586240
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x19021a @ 0x59021a
previewer+0x1d2bc0 @ 0x5d2bc0
previewer+0x1afd36 @ 0x5afd36
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637728
registers.edi: 1638104
registers.eax: 184590336
registers.ebp: 1637768
registers.edx: 0
registers.ebx: 3537309792
registers.esi: 184590336
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x19021a @ 0x59021a
previewer+0x1d2bc0 @ 0x5d2bc0
previewer+0x1afd36 @ 0x5afd36
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637728
registers.edi: 1638104
registers.eax: 184594432
registers.ebp: 1637768
registers.edx: 0
registers.ebx: 3537309792
registers.esi: 184594432
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x19021a @ 0x59021a
previewer+0x1d2bc0 @ 0x5d2bc0
previewer+0x1afd36 @ 0x5afd36
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637728
registers.edi: 1638104
registers.eax: 184598528
registers.ebp: 1637768
registers.edx: 0
registers.ebx: 3537309792
registers.esi: 184598528
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x19021a @ 0x59021a
previewer+0x1d2bc0 @ 0x5d2bc0
previewer+0x1afd36 @ 0x5afd36
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637728
registers.edi: 1638104
registers.eax: 184602624
registers.ebp: 1637768
registers.edx: 0
registers.ebx: 3537309792
registers.esi: 184602624
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x19021a @ 0x59021a
previewer+0x1d2bc0 @ 0x5d2bc0
previewer+0x1afd36 @ 0x5afd36
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637728
registers.edi: 1638104
registers.eax: 184606720
registers.ebp: 1637768
registers.edx: 0
registers.ebx: 3537309792
registers.esi: 184606720
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x19021a @ 0x59021a
previewer+0x1d2bc0 @ 0x5d2bc0
previewer+0x1afd36 @ 0x5afd36
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637728
registers.edi: 1638104
registers.eax: 184610816
registers.ebp: 1637768
registers.edx: 0
registers.ebx: 3537309792
registers.esi: 184610816
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x19021a @ 0x59021a
previewer+0x1d2bc0 @ 0x5d2bc0
previewer+0x1afd36 @ 0x5afd36
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637728
registers.edi: 1638104
registers.eax: 184614912
registers.ebp: 1637768
registers.edx: 0
registers.ebx: 3537309792
registers.esi: 184614912
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x19021a @ 0x59021a
previewer+0x1d2bc0 @ 0x5d2bc0
previewer+0x1afd36 @ 0x5afd36
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637728
registers.edi: 1638104
registers.eax: 184619008
registers.ebp: 1637768
registers.edx: 0
registers.ebx: 3537309792
registers.esi: 184619008
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x19021a @ 0x59021a
previewer+0x1d2bc0 @ 0x5d2bc0
previewer+0x1afd36 @ 0x5afd36
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637728
registers.edi: 1638104
registers.eax: 184623104
registers.ebp: 1637768
registers.edx: 0
registers.ebx: 3537309792
registers.esi: 184623104
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x19021a @ 0x59021a
previewer+0x1d2bc0 @ 0x5d2bc0
previewer+0x1afd36 @ 0x5afd36
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637728
registers.edi: 1638104
registers.eax: 184627200
registers.ebp: 1637768
registers.edx: 0
registers.ebx: 3537309792
registers.esi: 184627200
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x19021a @ 0x59021a
previewer+0x1d2bc0 @ 0x5d2bc0
previewer+0x1afd36 @ 0x5afd36
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637728
registers.edi: 1638104
registers.eax: 184631296
registers.ebp: 1637768
registers.edx: 0
registers.ebx: 3537309792
registers.esi: 184631296
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x19021a @ 0x59021a
previewer+0x1d2bc0 @ 0x5d2bc0
previewer+0x1afd36 @ 0x5afd36
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637728
registers.edi: 1638104
registers.eax: 184635392
registers.ebp: 1637768
registers.edx: 0
registers.ebx: 3537309792
registers.esi: 184635392
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x19021a @ 0x59021a
previewer+0x1d2bc0 @ 0x5d2bc0
previewer+0x1afd36 @ 0x5afd36
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637728
registers.edi: 1638104
registers.eax: 184639488
registers.ebp: 1637768
registers.edx: 0
registers.ebx: 3537309792
registers.esi: 184639488
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x19021a @ 0x59021a
previewer+0x1d2bc0 @ 0x5d2bc0
previewer+0x1afd36 @ 0x5afd36
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637728
registers.edi: 1638104
registers.eax: 184643584
registers.ebp: 1637768
registers.edx: 0
registers.ebx: 3537309792
registers.esi: 184643584
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x19021a @ 0x59021a
previewer+0x1d2bc0 @ 0x5d2bc0
previewer+0x1afd36 @ 0x5afd36
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637728
registers.edi: 1638104
registers.eax: 184647680
registers.ebp: 1637768
registers.edx: 0
registers.ebx: 3537309792
registers.esi: 184647680
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x19021a @ 0x59021a
previewer+0x1d2bc0 @ 0x5d2bc0
previewer+0x1afd36 @ 0x5afd36
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637728
registers.edi: 1638104
registers.eax: 184651776
registers.ebp: 1637768
registers.edx: 0
registers.ebx: 3537309792
registers.esi: 184651776
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x19021a @ 0x59021a
previewer+0x1d2bc0 @ 0x5d2bc0
previewer+0x1afd36 @ 0x5afd36
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637728
registers.edi: 1638104
registers.eax: 184655872
registers.ebp: 1637768
registers.edx: 0
registers.ebx: 3537309792
registers.esi: 184655872
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x19021a @ 0x59021a
previewer+0x1d2bc0 @ 0x5d2bc0
previewer+0x1afd36 @ 0x5afd36
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637728
registers.edi: 1638104
registers.eax: 184659968
registers.ebp: 1637768
registers.edx: 0
registers.ebx: 3537309792
registers.esi: 184659968
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x19021a @ 0x59021a
previewer+0x1d2bc0 @ 0x5d2bc0
previewer+0x1afd36 @ 0x5afd36
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637728
registers.edi: 1638104
registers.eax: 184664064
registers.ebp: 1637768
registers.edx: 0
registers.ebx: 3537309792
registers.esi: 184664064
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x19021a @ 0x59021a
previewer+0x1d2bc0 @ 0x5d2bc0
previewer+0x1afd36 @ 0x5afd36
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637728
registers.edi: 1638104
registers.eax: 184668160
registers.ebp: 1637768
registers.edx: 0
registers.ebx: 3537309792
registers.esi: 184668160
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x19021a @ 0x59021a
previewer+0x1d2bc0 @ 0x5d2bc0
previewer+0x1afd36 @ 0x5afd36
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637728
registers.edi: 1638104
registers.eax: 184672256
registers.ebp: 1637768
registers.edx: 0
registers.ebx: 3537309792
registers.esi: 184672256
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x19021a @ 0x59021a
previewer+0x1d2bc0 @ 0x5d2bc0
previewer+0x1afd36 @ 0x5afd36
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637728
registers.edi: 1638104
registers.eax: 184676352
registers.ebp: 1637768
registers.edx: 0
registers.ebx: 3537309792
registers.esi: 184676352
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x19021a @ 0x59021a
previewer+0x1d2bc0 @ 0x5d2bc0
previewer+0x1afd36 @ 0x5afd36
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637728
registers.edi: 1638104
registers.eax: 184680448
registers.ebp: 1637768
registers.edx: 0
registers.ebx: 3537309792
registers.esi: 184680448
registers.ecx: 1638264
1 0 0

__exception__

 stacktrace: 
previewer+0x19021a @ 0x59021a
previewer+0x1d2bc0 @ 0x5d2bc0
previewer+0x1afd36 @ 0x5afd36
previewer+0x63560 @ 0x463560
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: ff 30 ff 34 24 58 55 89 e5 81 c5 04 00 00 00 57
exception.symbol: previewer+0x12013c
exception.instruction: push dword ptr [eax]
exception.module: previewer.exe
exception.exception_code: 0xc0000005
exception.offset: 1179964
exception.address: 0x52013c
registers.esp: 1637728
registers.edi: 1638104
registers.eax: 184684544
registers.ebp: 1637768
registers.edx: 0
registers.ebx: 3537309792
registers.esi: 184684544
registers.ecx: 1638264
1 0 0
suspicious_features POST method with no referer header, POST method with no useragent header, Connection to IP address suspicious_request POST http://5.42.65.39/bed95ea4798a5204.php
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://5.42.65.39/a03c8956ff198333/sqlite3.dll
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://5.42.65.39/a03c8956ff198333/freebl3.dll
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://5.42.65.39/a03c8956ff198333/mozglue.dll
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://5.42.65.39/a03c8956ff198333/msvcp140.dll
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://5.42.65.39/a03c8956ff198333/nss3.dll
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://5.42.65.39/a03c8956ff198333/softokn3.dll
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://5.42.65.39/a03c8956ff198333/vcruntime140.dll
request POST http://5.42.65.39/bed95ea4798a5204.php
request GET http://5.42.65.39/a03c8956ff198333/sqlite3.dll
request GET http://5.42.65.39/a03c8956ff198333/freebl3.dll
request GET http://5.42.65.39/a03c8956ff198333/mozglue.dll
request GET http://5.42.65.39/a03c8956ff198333/msvcp140.dll
request GET http://5.42.65.39/a03c8956ff198333/nss3.dll
request GET http://5.42.65.39/a03c8956ff198333/softokn3.dll
request GET http://5.42.65.39/a03c8956ff198333/vcruntime140.dll
request POST http://5.42.65.39/bed95ea4798a5204.php
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2056
region_size: 1310720
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x012d0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2056
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x013d0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73f31000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73f32000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2056
region_size: 1507328
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02c90000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2056
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02dc0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2056
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01172000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2056
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x011a5000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2056
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x011ab000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2056
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x011a7000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2056
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0118c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2056
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x013a0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2056
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0117a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2140
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 77824
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x023de000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2140
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003b0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4161536
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04100000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2192
region_size: 9351168
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04500000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2236
region_size: 1114112
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00340000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00410000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73f31000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73f32000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2236
region_size: 1835008
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00b00000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00c80000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003a2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003d5000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003db000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003d7000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003bc000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00470000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003aa000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2372
region_size: 655360
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000580000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2372
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000005a0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2372
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef35d1000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2372
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3c6b000
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2372
region_size: 1835008
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000022e0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2372
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000002420000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2372
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef35d2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2372
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef35d2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2372
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef35d2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2372
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef35d2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2372
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef35d2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2372
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef35d2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2372
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef35d2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2372
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef35d2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2372
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef35d2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2372
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef35d2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2372
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef35d2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2372
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef35d4000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2372
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef35d4000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2372
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef35d4000
process_handle: 0xffffffffffffffff
1 0 0
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\Local Extension Settings\cjmkndjhnagcfbpiemnkdpomccnjblmj\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\OriginTrials\Local Extension Settings\lpilbniiabackdjcionkobglmddfbcjo\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\TLSDeprecationConfig\4\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Subresource Filter\Local Extension Settings\bmikpgodpkclnkgmnpphehdgcimmided\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\WidevineCdm\Local Extension Settings\jhfjfclepacoldmjmkmdlmganfaalklb\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\th\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\FontLookupTableCache\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\000003.log\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\RecoveryImproved\Local Extension Settings\naepdomgkenhinolocfifgehidddafch\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Module Info Cache\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\FontLookupTableCache\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\pnacl\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\uk\messages.json\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\TLSDeprecationConfig\Local Extension Settings\epapihdplajcdnnkdeiahlgigofloibg\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\FileTypePolicies\Local Extension Settings\djclckkglechooblngghdinmeemkbgci\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\FileTypePolicies\Local Extension Settings\oeljdldpnmdbchonielidgobddffflal\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\zh_CN\messages.json\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Last Version\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Channel IDs\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\Local Extension Settings\gjagmgiddbbciopjhllkdnddhcglnemk\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\es_419\messages.json\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal\Local Extension Settings\oeljdldpnmdbchonielidgobddffflal\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel\Local Extension Settings\fooolghllnmhmmndgjiamiiodkpenpbb\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\lo\messages.json\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\03019df3fd85a69a8ebd1facc6da9ba73e469774fe77f579fc5a08b8328c1d6b.sth\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\PepperFlash\Local Extension Settings\lpilbniiabackdjcionkobglmddfbcjo\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Module Info Cache\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\GPUCache\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_2\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments\Local Extension Settings\aijcbedoijmgnlmjeegjaglmepbmpkpi\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments\Local Extension Settings\pdadjkfkgcafgbceimcpbkalnfnepbnk\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\GrShaderCache\Local Extension Settings\gjagmgiddbbciopjhllkdnddhcglnemk\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\FileTypePolicies\52\manifest.json\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\ka\messages.json\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Last Browser\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State\Local Extension Settings\djclckkglechooblngghdinmeemkbgci\CURRENT
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales\hr\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\_locales\sk\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba\CURRENT
file C:\Users\test22\AppData\Local\Temp\kos1.exe
file C:\Users\test22\AppData\Local\Temp\is-367AH.tmp\_isetup\_iscrypt.dll
file C:\Users\test22\AppData\Local\Temp\is-367AH.tmp\_isetup\_shfoldr.dll
file C:\Users\test22\AppData\Local\Temp\set16.exe
file C:\ProgramData\vcruntime140.dll
file C:\ProgramData\msvcp140.dll
file C:\Program Files (x86)\PA Previewer\previewer.exe
file C:\Users\test22\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
file C:\ProgramData\nss3.dll
file C:\Users\test22\AppData\Local\Temp\kos.exe
file C:\Users\test22\AppData\Local\Temp\latestX.exe
file C:\Users\test22\AppData\Local\Temp\Setup.exe
file C:\Users\test22\AppData\Local\Temp\toolspub2.exe
file C:\ProgramData\freebl3.dll
file C:\Users\test22\AppData\Local\Temp\is-367AH.tmp\_isetup\_isdecmp.dll
file C:\ProgramData\mozglue.dll
file C:\ProgramData\softokn3.dll
cmdline C:\Windows\System32\cmd.exe /c timeout /t 5 & del /f /q "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" & del "C:\ProgramData\*.dll"" & exit
cmdline "C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" & del "C:\ProgramData\*.dll"" & exit
file C:\Users\test22\AppData\Local\Temp\toolspub2.exe
file C:\Users\test22\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
file C:\Users\test22\AppData\Local\Temp\kos1.exe
file C:\Users\test22\AppData\Local\Temp\Setup.exe
file C:\Users\test22\AppData\Local\Temp\latestX.exe
file C:\Users\test22\AppData\Local\Temp\set16.exe
file C:\Users\test22\AppData\Local\Temp\kos.exe
file C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
file C:\Users\test22\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
file C:\Users\test22\AppData\Local\Temp\toolspub2.exe
file C:\Users\test22\AppData\Local\Temp\is-367AH.tmp\_isetup\_isdecmp.dll
file C:\Users\test22\AppData\Local\Temp\kos.exe
file C:\Users\test22\AppData\Local\Temp\is-367AH.tmp\_isetup\_shfoldr.dll
file C:\Users\test22\AppData\Local\Temp\is-367AH.tmp\_isetup\_iscrypt.dll
file C:\Users\test22\AppData\Local\Temp\Setup.exe
file C:\Users\test22\AppData\Local\Temp\kos1.exe
file C:\Users\test22\AppData\Local\Temp\is-367AH.tmp\_isetup\_RegDLL.tmp
file C:\Users\test22\AppData\Local\Temp\set16.exe
Time & API Arguments Status Return Repeated

ShellExecuteExW

 show_type: 0
filepath_r: C:\Windows\system32\cmd.exe
parameters: /c timeout /t 5 & del /f /q "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" & del "C:\ProgramData\*.dll"" & exit
filepath: C:\Windows\System32\cmd.exe
1 1 0
Time & API Arguments Status Return Repeated

Process32NextW

 snapshot_handle: 0x000002d0
process_name: pw.exe
process_identifier: 1904
1 1 0

Process32NextW

 snapshot_handle: 0x000002d0
process_name: taskhost.exe
process_identifier: 1880
1 1 0

Process32NextW

 snapshot_handle: 0x000002d0
process_name: SearchProtocolHost.exe
process_identifier: 300
1 1 0

Process32NextW

 snapshot_handle: 0x000002d0
process_name: SearchFilterHost.exe
process_identifier: 1508
1 1 0

Process32NextW

 snapshot_handle: 0x000002d0
process_name: kos.exe
process_identifier: 2372
1 1 0

Process32NextW

 snapshot_handle: 0x000002d0
process_name: mscorsvw.exe
process_identifier: 3004
1 1 0

Process32NextW

 snapshot_handle: 0x000002d0
process_name: svchost.exe
process_identifier: 3028
1 1 0

Process32NextW

 snapshot_handle: 0x000002d0
process_name: mscorsvw.exe
process_identifier: 840
1 1 0

Process32NextW

 snapshot_handle: 0x000002d0
process_name: InstallUtil.exe
process_identifier: 2084
1 1 0

Process32NextW

 snapshot_handle: 0x000002d0
process_name: sppsvc.exe
process_identifier: 2244
1 1 0

Process32NextW

 snapshot_handle: 0x000002d0
process_name: cmd.exe
process_identifier: 2660
1 1 0

Process32NextW

 snapshot_handle: 0x000002d0
process_name: conhost.exe
process_identifier: 2668
1 1 0

Process32NextW

 snapshot_handle: 0x000002d0
process_name: pw.exe
process_identifier: 2728
1 1 0

Process32NextW

 snapshot_handle: 0x000002d0
process_name: taskeng.exe
process_identifier: 1348
1 1 0

Process32NextW

 snapshot_handle: 0x000002d0
process_name: updater.exe
process_identifier: 2272
1 1 0
Time & API Arguments Status Return Repeated

GetAdaptersAddresses

 flags: 15
family: 0
111 0
Time & API Arguments Status Return Repeated

InternetReadFile

 buffer: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PEL×Ýc’¿à! &  @ àa0: Ð ˆ* Ð 0 ¨@ <   Ð.text„% & `P`.data|'@ (, @`À.rdatapDp FT @`@.bss(À €`À.edataˆ*Ð ,š @0@.idataÐ Æ @0À.CRT, Ô @0À.tls Ö @0À.rsrc¨0 Ø @0À.reloc<@ >Þ @0B/48€  @@B/19RȐ Ê" @B/31]'`(ì @B/45š-.@B/57\ À B@0B/70#ÐN@B/81
request_handle: 0x00cc000c
1 1 0

InternetReadFile

 buffer: MZx@xº´ Í!¸LÍ!This program cannot be run in DOS mode.$PELó4cà"! 4pÐ Ëý @AH S› Ȑ xF P/  ð#”   ¤ @.text•  `.rdataÄ @@.data<F0  @À.00cfg€  @@.rsrcx  @@.relocð#  $" @B
request_handle: 0x00cc000c
1 1 0

InternetReadFile

 buffer: MZx@xº´ Í!¸LÍ!This program cannot be run in DOS mode.$PEL¤4cà"! ¶^À¹€ jª @A`ãWä·, ° P/0 ØAS¼øhРì¼ÜäZ.textaµ¶ `.rdata” Ð º@@.dataDàÄ@À.00cfg È@@.tls Ê@À.rsrc° Ì@@.relocØA0 BÖ@B
request_handle: 0x00cc000c
1 1 0

InternetReadFile

 buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $ٓ1Cò_ò_ò_)n°Ÿò_”ŠÌ‹ò_ò^"ò_Ϛ^žò_Ϛ\•ò_Ϛ[Óò_ϚZÑò_Ϛ_œò_Ϛ œò_Ϛ]œò_Richò_PEL‚ê0]à"! (‚`Ù@ ð,à@Ag‚Ïèr ðœèA°¬=`x8¸w@päÀc@.text’&( `.dataH)@,@À.idata¬pD@@.didat4X@À.rsrcð Z@@.reloc¬=°>^@B
request_handle: 0x00cc000c
1 1 0

InternetReadFile

 buffer: MZx@xº´ Í!¸LÍ!This program cannot be run in DOS mode.$PELÐ4cà"! Ø.`£pl- @Aä&úÞÄ@Px P/`\°ð |Ê\€&@.text‰×Ø `.rdatalïððÜ@@.dataDRà.Ì@À.00cfg@ú@@.rsrcxPü@@.reloc\` @B
request_handle: 0x00cc000c
1 1 0

InternetReadFile

 buffer: MZx@xº´ Í!¸LÍ!This program cannot be run in DOS mode.$PELó4cà"! ÌðPÏSg@ADvS—wð°€ÀP/ÀÈ58qà {Œ.text&ËÌ `.rdataÔ«à¬Ð@@.data˜ |@À.00cfg „@@.rsrc€°†@@.relocÈ5À6Š@B
request_handle: 0x00cc000c
1 1 0

InternetReadFile

 buffer: MZÿÿ¸@躴 Í!¸LÍ!This program cannot be run in DOS mode. $ÀÅäՄ¤Š†„¤Š†„¤Š†08e††¤Š†Ü†¤Š†„¤‹†¬¤Š†Ö̉‡—¤Š†Ö̎‡¤Š†Ö̏‡Ÿ¤Š†Ö̊‡…¤Š†ÖÌu†…¤Š†Ö̈‡…¤Š†Rich„¤Š†PEL|ê0]à"! ސÙð 0Ôm@Aàã ¸ŒúðA  € 8¸ @´.textôÜÞ `.dataôðâ@À.idata„ä@@.rsrcê@@.reloc  î@B
request_handle: 0x00cc000c
1 1 0
section {u'size_of_data': u'0x00d6d000', u'virtual_address': u'0x00002000', u'entropy': 7.818273797855834, u'name': u'.text', u'virtual_size': u'0x00d6ce54'} entropy 7.81827379786 description A section with a high entropy has been found
entropy 0.999854545455 description Overall entropy of this PE file is high
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Bypass DEP rule disable_dep
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule DebuggerException__SetConsoleCtrl
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
Time & API Arguments Status Return Repeated

RegOpenKeyExA

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\PA Previewer_is1
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00000001
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\PA Previewer_is1
2 0

RegOpenKeyExA

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\PA Previewer_is1
base_handle: 0x80000002
key_handle: 0x00000000
options: 0
access: 0x00000001
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PA Previewer_is1
2 0

RegOpenKeyExA

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\PA Previewer_is1
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00000008
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\PA Previewer_is1
2 0

RegOpenKeyExA

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\PA Previewer_is1
base_handle: 0x80000002
key_handle: 0x00000000
options: 0
access: 0x00000008
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PA Previewer_is1
2 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
base_handle: 0x80000002
key_handle: 0x000002d0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko)
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko)
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office15.PROPLUSR
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office15.PROPLUSR
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PA Previewer_is1
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PA Previewer_is1
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180131F0}
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180131F0}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0015-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0015-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0016-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0016-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0018-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0018-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0019-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0019-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001A-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001A-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001B-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001B-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-040C-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-040C-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-0C0A-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-0C0A-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-002C-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-002C-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0044-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0044-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-006E-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-006E-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0090-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0090-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00A1-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00A1-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00BA-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00BA-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00E1-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00E1-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00E2-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00E2-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0115-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0115-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0117-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0117-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExA

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-012B-0409-0000-0000000FF1CE}
base_handle: 0x80000002
key_handle: 0x000002d4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-012B-0409-0000-0000000FF1CE}
1 0 0
cmdline C:\Windows\System32\cmd.exe /c timeout /t 5 & del /f /q "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" & del "C:\ProgramData\*.dll"" & exit
cmdline "C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" & del "C:\ProgramData\*.dll"" & exit
cmdline "C:\Windows\system32\net.exe" helpmsg 8
host 5.42.65.39
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2680
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00400000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0x00000080
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2084
region_size: 2281472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00400000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0x000002a0
1 0 0
registry HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString
Time & API Arguments Status Return Repeated

LdrGetDllHandle

 module_name: snxhk
module_address: 0x00000000
stack_pivoted: 0
3221225781 0

LdrGetDllHandle

 module_name: snxhk
module_address: 0x00000000
stack_pivoted: 0
3221225781 0
Time & API Arguments Status Return Repeated

WriteProcessMemory

 buffer: @
base_address: 0x7efde008
process_identifier: 2680
process_handle: 0x00000080
1 1 0

WriteProcessMemory

 buffer: MZÿÿ¸@ິ Í!¸LÍ!This program cannot be run in DOS mode. $¼A¯Þø Áø Áø Á—V_û ÁñXBû ÁñXRú ÁxYÀŒû Áø Àñ Á—Vnõ Á—V\ù ÁRichø ÁPEL÷Ùeà  ,z!p @@Ð"@ v< "t@,.text/*, à.rdata€7@80@@.data7!€@À.relocx- ".h@B
base_address: 0x00400000
process_identifier: 2084
process_handle: 0x000002a0
1 1 0

WriteProcessMemory

 buffer: @
base_address: 0x7efde008
process_identifier: 2084
process_handle: 0x000002a0
1 1 0
Time & API Arguments Status Return Repeated

WriteProcessMemory

 buffer: MZÿÿ¸@ິ Í!¸LÍ!This program cannot be run in DOS mode. $¼A¯Þø Áø Áø Á—V_û ÁñXBû ÁñXRú ÁxYÀŒû Áø Àñ Á—Vnõ Á—V\ù ÁRichø ÁPEL÷Ùeà  ,z!p @@Ð"@ v< "t@,.text/*, à.rdata€7@80@@.data7!€@À.relocx- ".h@B
base_address: 0x00400000
process_identifier: 2084
process_handle: 0x000002a0
1 1 0
Time & API Arguments Status Return Repeated

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: 7-Zip 20.02 alpha
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe AIR
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: EditPlus
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Chrome
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: ????? ?? 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Mozilla Thunderbird 78.4.0 (x86 ko)
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko)\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Professional Plus 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office15.PROPLUSR\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: PA Previewer 9.8
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PA Previewer_is1\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe AIR
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: HttpWatch Professional 9.3.39
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: ????? ?? 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Java 8 Update 131
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180131F0}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Java Auto Updater
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Google Update Helper
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Access MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0015-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Excel MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0016-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft PowerPoint MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0018-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Publisher MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0019-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Outlook MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001A-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Word MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001B-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proofing Tools 2013 - English
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Outils de vérification linguistique 2013 de Microsoft Office - Français
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-040C-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proofing Tools 2013 - Español
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-0C0A-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proofing (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-002C-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft InfoPath MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0044-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Shared MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-006E-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft DCF MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0090-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft OneNote MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00A1-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Groove MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00BA-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office OSM MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00E1-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office OSM UX MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00E2-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Shared Setup Metadata MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0115-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Access Setup Metadata MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0117-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Lync MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-012B-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Professional Plus 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{91150000-0011-0000-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe Flash Player 13 ActiveX
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe Flash Player 13 NPAPI
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe Acrobat Reader DC MUI
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\DisplayName
1 0 0

RegQueryValueExA

 key_handle: 0x000002d4
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\DisplayName
1 0 0
file C:\Users\test22\AppData\Roaming\Thunderbird\profiles.ini
Process injection Process 2140 called NtSetContextThread to modify thread in remote process 2680
Process injection Process 2292 called NtSetContextThread to modify thread in remote process 2084
Time & API Arguments Status Return Repeated

NtSetContextThread

 registers.eip: 2005598660
registers.esp: 1638384
registers.edi: 0
registers.eax: 4206040
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
thread_handle: 0x0000007c
process_identifier: 2680
1 0 0

NtSetContextThread

 registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4262256
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
thread_handle: 0x0000029c
process_identifier: 2084
1 0 0
Process injection Process 2140 resumed a thread in remote process 2680
Process injection Process 2292 resumed a thread in remote process 2084
Process injection Process 2084 resumed a thread in remote process 2960
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x0000007c
suspend_count: 1
process_identifier: 2680
1 0 0

NtResumeThread

 thread_handle: 0x0000029c
suspend_count: 1
process_identifier: 2084
1 0 0

NtResumeThread

 thread_handle: 0x00000480
suspend_count: 1
process_identifier: 2960
1 0 0
Time & API Arguments Status Return Repeated

__anomaly__

 tid: 2736
message: Encountered 65537 exceptions, quitting.
subcategory: exception
function_name:
1 0 0
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x000000dc
suspend_count: 1
process_identifier: 2056
1 0 0

NtResumeThread

 thread_handle: 0x00000150
suspend_count: 1
process_identifier: 2056
1 0 0

NtResumeThread

 thread_handle: 0x00000194
suspend_count: 1
process_identifier: 2056
1 0 0

NtResumeThread

 thread_handle: 0x0000020c
suspend_count: 1
process_identifier: 2056
1 0 0

CreateProcessInternalW

 thread_identifier: 2144
thread_handle: 0x0000039c
process_identifier: 2140
current_directory: C:\Users\test22\AppData\Local\Temp
filepath: C:\Users\test22\AppData\Local\Temp\toolspub2.exe
track: 1
command_line: "C:\Users\test22\AppData\Local\Temp\toolspub2.exe"
filepath_r: C:\Users\test22\AppData\Local\Temp\toolspub2.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x000003a4
1 1 0

NtResumeThread

 thread_handle: 0x00000340
suspend_count: 1
process_identifier: 2056
1 0 0

NtGetContextThread

 thread_handle: 0x000000e0
1 0 0

NtGetContextThread

 thread_handle: 0x000000e0
1 0 0

NtResumeThread

 thread_handle: 0x000000e0
suspend_count: 1
process_identifier: 2056
1 0 0

NtResumeThread

 thread_handle: 0x000003a4
suspend_count: 1
process_identifier: 2056
1 0 0

CreateProcessInternalW

 thread_identifier: 2196
thread_handle: 0x000003b0
process_identifier: 2192
current_directory: C:\Users\test22\AppData\Local\Temp
filepath: C:\Users\test22\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
track: 1
command_line: "C:\Users\test22\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
filepath_r: C:\Users\test22\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x000003cc
1 1 0

NtResumeThread

 thread_handle: 0x000003b4
suspend_count: 1
process_identifier: 2056
1 0 0

CreateProcessInternalW

 thread_identifier: 2240
thread_handle: 0x000003bc
process_identifier: 2236
current_directory: C:\Users\test22\AppData\Local\Temp
filepath: C:\Users\test22\AppData\Local\Temp\kos1.exe
track: 1
command_line: "C:\Users\test22\AppData\Local\Temp\kos1.exe"
filepath_r: C:\Users\test22\AppData\Local\Temp\kos1.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x000003e4
1 1 0

NtResumeThread

 thread_handle: 0x000003cc
suspend_count: 1
process_identifier: 2056
1 0 0

CreateProcessInternalW

 thread_identifier: 2296
thread_handle: 0x000003d4
process_identifier: 2292
current_directory: C:\Users\test22\AppData\Local\Temp
filepath: C:\Users\test22\AppData\Local\Temp\Setup.exe
track: 1
command_line: "C:\Users\test22\AppData\Local\Temp\Setup.exe"
filepath_r: C:\Users\test22\AppData\Local\Temp\Setup.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x000003fc
1 1 0

NtResumeThread

 thread_handle: 0x000003e4
suspend_count: 1
process_identifier: 2056
1 0 0

CreateProcessInternalW

 thread_identifier: 2516
thread_handle: 0x000003d4
process_identifier: 2512
current_directory: C:\Users\test22\AppData\Local\Temp
filepath: C:\Users\test22\AppData\Local\Temp\latestX.exe
track: 1
command_line: "C:\Users\test22\AppData\Local\Temp\latestX.exe"
filepath_r: C:\Users\test22\AppData\Local\Temp\latestX.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x00000420
1 1 0

CreateProcessInternalW

 thread_identifier: 2684
thread_handle: 0x0000007c
process_identifier: 2680
current_directory:
filepath: C:\Users\test22\AppData\Local\Temp\toolspub2.exe
track: 1
command_line: "C:\Users\test22\AppData\Local\Temp\toolspub2.exe"
filepath_r: C:\Users\test22\AppData\Local\Temp\toolspub2.exe
stack_pivoted: 0
creation_flags: 134217732 (CREATE_NO_WINDOW|CREATE_SUSPENDED)
inherit_handles: 0
process_handle: 0x00000080
1 1 0

NtGetContextThread

 thread_handle: 0x0000007c
1 0 0

NtUnmapViewOfSection

 base_address: 0x00400000
region_size: 4096
process_identifier: 2680
process_handle: 0x00000080
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2680
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00400000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0x00000080
1 0 0

WriteProcessMemory

 buffer: @
base_address: 0x7efde008
process_identifier: 2680
process_handle: 0x00000080
1 1 0

NtSetContextThread

 registers.eip: 2005598660
registers.esp: 1638384
registers.edi: 0
registers.eax: 4206040
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
thread_handle: 0x0000007c
process_identifier: 2680
1 0 0

NtResumeThread

 thread_handle: 0x0000007c
suspend_count: 1
process_identifier: 2680
1 0 0

NtResumeThread

 thread_handle: 0x000000dc
suspend_count: 1
process_identifier: 2236
1 0 0

NtResumeThread

 thread_handle: 0x0000014c
suspend_count: 1
process_identifier: 2236
1 0 0

NtResumeThread

 thread_handle: 0x000001a8
suspend_count: 1
process_identifier: 2236
1 0 0

NtResumeThread

 thread_handle: 0x000001e4
suspend_count: 1
process_identifier: 2236
1 0 0

CreateProcessInternalW

 thread_identifier: 2324
thread_handle: 0x00000374
process_identifier: 2320
current_directory: C:\Users\test22\AppData\Local\Temp
filepath: C:\Users\test22\AppData\Local\Temp\set16.exe
track: 1
command_line: "C:\Users\test22\AppData\Local\Temp\set16.exe"
filepath_r: C:\Users\test22\AppData\Local\Temp\set16.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x0000037c
1 1 0

NtResumeThread

 thread_handle: 0x00000314
suspend_count: 1
process_identifier: 2236
1 0 0

CreateProcessInternalW

 thread_identifier: 2376
thread_handle: 0x0000037c
process_identifier: 2372
current_directory: C:\Users\test22\AppData\Local\Temp
filepath: C:\Users\test22\AppData\Local\Temp\kos.exe
track: 1
command_line: "C:\Users\test22\AppData\Local\Temp\kos.exe"
filepath_r: C:\Users\test22\AppData\Local\Temp\kos.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x000003bc
1 1 0

NtResumeThread

 thread_handle: 0x00000000000000c4
suspend_count: 1
process_identifier: 2372
1 0 0

NtResumeThread

 thread_handle: 0x0000000000000138
suspend_count: 1
process_identifier: 2372
1 0 0

NtResumeThread

 thread_handle: 0x0000000000000178
suspend_count: 1
process_identifier: 2372
1 0 0

NtResumeThread

 thread_handle: 0x0000000000000320
suspend_count: 1
process_identifier: 2372
1 0 0

CreateProcessInternalW

 thread_identifier: 2556
thread_handle: 0x00000128
process_identifier: 2552
current_directory:
filepath:
track: 1
command_line: "C:\Users\test22\AppData\Local\Temp\is-M59F3.tmp\is-7M1N6.tmp" /SL4 $30160 "C:\Users\test22\AppData\Local\Temp\set16.exe" 1232936 52224
filepath_r:
stack_pivoted: 0
creation_flags: 0 ()
inherit_handles: 0
process_handle: 0x00000124
1 1 0

NtResumeThread

 thread_handle: 0x0000017c
suspend_count: 1
process_identifier: 2292
1 0 0

NtResumeThread

 thread_handle: 0x000001ec
suspend_count: 1
process_identifier: 2292
1 0 0

NtResumeThread

 thread_handle: 0x0000022c
suspend_count: 1
process_identifier: 2292
1 0 0

CreateProcessInternalW

 thread_identifier: 2152
thread_handle: 0x0000029c
process_identifier: 2084
current_directory:
filepath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
track: 1
command_line:
filepath_r: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
stack_pivoted: 0
creation_flags: 134217732 (CREATE_NO_WINDOW|CREATE_SUSPENDED)
inherit_handles: 0
process_handle: 0x000002a0
1 1 0

NtGetContextThread

 thread_handle: 0x0000029c
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2084
region_size: 2281472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00400000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0x000002a0
1 0 0

WriteProcessMemory

 buffer: MZÿÿ¸@ິ Í!¸LÍ!This program cannot be run in DOS mode. $¼A¯Þø Áø Áø Á—V_û ÁñXBû ÁñXRú ÁxYÀŒû Áø Àñ Á—Vnõ Á—V\ù ÁRichø ÁPEL÷Ùeà  ,z!p @@Ð"@ v< "t@,.text/*, à.rdata€7@80@@.data7!€@À.relocx- ".h@B
base_address: 0x00400000
process_identifier: 2084
process_handle: 0x000002a0
1 1 0

WriteProcessMemory

 buffer:
base_address: 0x00401000
process_identifier: 2084
process_handle: 0x000002a0
1 1 0

WriteProcessMemory

 buffer:
base_address: 0x00414000
process_identifier: 2084
process_handle: 0x000002a0
1 1 0

WriteProcessMemory

 buffer:
base_address: 0x0062a000
process_identifier: 2084
process_handle: 0x000002a0
1 1 0

WriteProcessMemory

 buffer: @
base_address: 0x7efde008
process_identifier: 2084
process_handle: 0x000002a0
1 1 0

NtSetContextThread

 registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4262256
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
thread_handle: 0x0000029c
process_identifier: 2084
1 0 0

NtResumeThread

 thread_handle: 0x0000029c
suspend_count: 1
process_identifier: 2084
1 0 0

NtResumeThread

 thread_handle: 0x000001a8
suspend_count: 1
process_identifier: 2552
1 0 0
Elastic malicious (high confidence)
MicroWorld-eScan IL:Trojan.MSILZilla.9891
FireEye Generic.mg.c7f2b50a51b84d11
ALYac IL:Trojan.MSILZilla.9891
Cylance unsafe
Sangfor Trojan.Win32.Save.a
K7AntiVirus Ransomware ( 005a8b921 )
K7GW Ransomware ( 005a8b921 )
Cybereason malicious.be6ab8
Arcabit IL:Trojan.MSILZilla.D26A3
BitDefenderTheta Gen:NN.ZemsilF.36738.@p0@a88aV7o
Cyren W32/MSIL_Kryptik.FFY.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/Agent.UZA
Cynet Malicious (score: 100)
APEX Malicious
Kaspersky HEUR:Trojan-Downloader.MSIL.ShortLoader.gen
BitDefender IL:Trojan.MSILZilla.9891
Avast Win32:DropperX-gen [Drp]
Tencent Msil.Trojan-Downloader.Shortloader.Zchl
Sophos Troj/ILAgent-I
DrWeb Trojan.MulDropNET.43
VIPRE IL:Trojan.MSILZilla.9891
McAfee-GW-Edition BehavesLike.Win32.Generic.tc
Trapmine malicious.high.ml.score
Emsisoft IL:Trojan.MSILZilla.9891 (B)
Ikarus Trojan.MSIL.Agent
Microsoft Trojan:MSIL/Mokes.B!MTB
ZoneAlarm HEUR:Trojan-Downloader.MSIL.ShortLoader.gen
GData IL:Trojan.MSILZilla.9891
Google Detected
AhnLab-V3 Malware/Win.Generic.C4478643
McAfee GenericRXPI-VQ!C7F2B50A51B8
MAX malware (ai score=84)
VBA32 Trojan.MSIL.Injector.gen
Malwarebytes Trojan.Crypt.MSIL.Generic
Rising Trojan.AntiVM!1.CF63 (CLASSIC)
SentinelOne Static AI - Malicious PE
Fortinet MSIL/GenKryptik.FFMZ!tr
AVG Win32:DropperX-gen [Drp]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)