Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 24, 2023, 7:41 a.m.	Oct. 24, 2023, 7:43 a.m.

Size	11.5MB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`6020dace849357f1667a1943c8db7291`
SHA256	`ebf0fbb2d06f3a42839c341b052cfe7b8b4e0b7e93a5f37a3c426f27a762e63a`
CRC32	`421F3B68`
ssdeep	`196608:EduakRpFaUd+NYQdfrofYxotvu0GTF3tbw31e/NVMjVjmovD4IR87itwvgE:Ed1gaoQYQdfM3t2/Tbw3MFWj+S8Gtwvf`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Is_DotNET_EXE - (no description)

newmar.exe "C:\Users\test22\AppData\Local\Temp\newmar.exe"
2544
- toolspub2.exe "C:\Users\test22\AppData\Local\Temp\toolspub2.exe"
  2632
  - toolspub2.exe "C:\Users\test22\AppData\Local\Temp\toolspub2.exe"
    3056
- d21cbe21e38b385a41a68c5e6dd32f4c.exe "C:\Users\test22\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe"
  2684
- kos2.exe "C:\Users\test22\AppData\Local\Temp\kos2.exe"
  2728
  - set16.exe "C:\Users\test22\AppData\Local\Temp\set16.exe"
    2832
    - is-40P74.tmp "C:\Users\test22\AppData\Local\Temp\is-9EU1U.tmp\is-40P74.tmp" /SL4 $C0178 "C:\Users\test22\AppData\Local\Temp\set16.exe" 1281875 52224
      2948
      - net.exe "C:\Windows\system32\net.exe" helpmsg 20
        3028
        
        net1.exe C:\Windows\system32\net1 helpmsg 20
        2064
      - MyBurn.exe "C:\Program Files (x86)\MyBurn\MyBurn.exe" -i
        940
      - schtasks.exe "C:\Windows\system32\schtasks.exe" /Query
        2536
      - MyBurn.exe "C:\Program Files (x86)\MyBurn\MyBurn.exe" -s
        2580
  - K.exe "C:\Users\test22\AppData\Local\Temp\K.exe"
    2904
- latestX.exe "C:\Users\test22\AppData\Local\Temp\latestX.exe"
  2796

Name	Response	Post-Analysis Lookup
xmr-eu1.nanopool.org	A 51.15.58.224 A 51.255.34.118 A 51.68.143.81 A 212.47.253.124 A 163.172.154.142 A 51.15.65.182 A 135.125.238.108 A 51.15.193.130 A 51.68.190.80	135.125.238.108
iplogger.com	A 148.251.234.93	148.251.234.93
pastebin.com	A 172.67.34.170 A 104.20.67.143 A 104.20.68.143	104.20.67.143

IP Address	Status	Action
148.251.234.93	Active	Moloch
164.124.101.2	Active	Moloch
172.67.34.170	Active	Moloch
51.15.193.130	Active	Moloch
51.68.143.81	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.101:59002 -> 164.124.101.2:53	2047719	ET INFO External IP Lookup Domain (iplogger .com in DNS lookup)	Device Retrieving External IP Address Detected
TCP 148.251.234.93:443 -> 192.168.56.101:49184	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 148.251.234.93:443 -> 192.168.56.101:49182	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 148.251.234.93:443 -> 192.168.56.101:49181	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49184 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49182 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49181 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 148.251.234.93:443 -> 192.168.56.101:49194	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49182 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49184 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49181 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49194 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49194 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 148.251.234.93:443 -> 192.168.56.101:49188	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 148.251.234.93:443 -> 192.168.56.101:49185	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 148.251.234.93:443 -> 192.168.56.101:49187	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49188 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49188 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49187 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49187 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49185 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49185 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 148.251.234.93:443 -> 192.168.56.101:49180	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49180 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49180 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
UDP 192.168.56.101:54148 -> 164.124.101.2:53	2033268	ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org)	Potential Corporate Privacy Violation
TCP 148.251.234.93:443 -> 192.168.56.101:49183	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49183 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49183 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 148.251.234.93:443 -> 192.168.56.101:49193	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49193 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49193 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 148.251.234.93:443 -> 192.168.56.101:49197	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49197 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49197 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 148.251.234.93:443 -> 192.168.56.101:49196	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49196 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49196 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 148.251.234.93:443 -> 192.168.56.101:49199	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49199 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49199 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 148.251.234.93:443 -> 192.168.56.101:49198	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49198 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49198 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 148.251.234.93:443 -> 192.168.56.101:49200	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49190 -> 172.67.34.170:443	906200068	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner)	undefined
TCP 192.168.56.101:49200 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49200 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 148.251.234.93:443 -> 192.168.56.101:49195	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49195 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49195 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 148.251.234.93:443 -> 192.168.56.101:49177	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49177 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49177 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 148.251.234.93:443 -> 192.168.56.101:49186	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49186 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49186 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 148.251.234.93:443 -> 192.168.56.101:49192	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49192 -> 148.251.234.93:443	2047718	ET INFO External IP Lookup Domain (iplogger .com in TLS SNI)	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49192 -> 148.251.234.93:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLS 1.3 192.168.56.101:49189 51.15.193.130:14433	None	None	None
TLS 1.3 192.168.56.101:49190 172.67.34.170:443	None	None	None
TLS 1.3 192.168.56.101:49191 51.68.143.81:14433	None	None	None

Queries for the computername (2 events)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA Oct. 24, 2023, 7:41 a.m.	computer_name: TEST22-PC	1	1	0
GetComputerNameW Oct. 24, 2023, 7:42 a.m.	computer_name: TEST22-PC	1	1	0

Checks if process is being debugged by a debugger (8 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Oct. 24, 2023, 7:41 a.m.			0	0
IsDebuggerPresent Oct. 24, 2023, 7:41 a.m.			0	0
IsDebuggerPresent Oct. 24, 2023, 7:41 a.m.			0	0
IsDebuggerPresent Oct. 24, 2023, 7:41 a.m.			0	0
IsDebuggerPresent Oct. 24, 2023, 7:41 a.m.			0	0
IsDebuggerPresent Oct. 24, 2023, 7:41 a.m.			0	0
IsDebuggerPresent Oct. 24, 2023, 7:41 a.m.			0	0
IsDebuggerPresent Oct. 24, 2023, 7:41 a.m.			0	0

Command line console output was observed (50 out of 348 events)

Time & API	Arguments	Status	Return
WriteConsoleW Oct. 24, 2023, 7:41 a.m.	buffer: The system cannot find the device specified. console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: Folder: \ console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: TaskName console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: Next Run Time console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: Status console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: Adobe Flash Player Updater console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: Disabled console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: GoogleUpdateTaskMachineCore console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: Disabled console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: GoogleUpdateTaskMachineUA console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: Disabled console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: Folder: \Microsoft console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: TaskName console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: Next Run Time console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: Status console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: INFO: There are no scheduled tasks presently available at your access level. console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: Folder: \Microsoft\Windows console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: TaskName console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: Next Run Time console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: Status console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: INFO: There are no scheduled tasks presently available at your access level. console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: Folder: \Microsoft\Windows\Active Directory Rights Management Services Client console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: TaskName console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: Next Run Time console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: Status console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: AD RMS Rights Policy Template Management console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: Disabled console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: AD RMS Rights Policy Template Management console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: N/A console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: Ready console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: Folder: \Microsoft\Windows\AppID console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: TaskName console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: Next Run Time console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: Status console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: PolicyConverter console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: Disabled console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: VerifiedPublisherCertStoreCheck console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: Disabled console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: Folder: \Microsoft\Windows\Application Experience console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: TaskName console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: Next Run Time console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: Status console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: AitAgent console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: 2023-10-25 오전 2:30:00 console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: Unknown console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: ProgramDataUpdater console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: 2023-10-25 오전 12:30:00 console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: Unknown console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: Folder: \Microsoft\Windows\Autochk console_handle: 0x00000007	1	1
WriteConsoleW Oct. 24, 2023, 7:42 a.m.	buffer: TaskName console_handle: 0x00000007	1	1

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Oct. 24, 2023, 7:41 a.m.		1	1	0

One or more processes crashed (50 out of 131073 events)

Time & API	Arguments	Status
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: is-40p74+0x3d5aa @ 0x43d5aa is-40p74+0x3c9bb @ 0x43c9bb is-40p74+0x874cc @ 0x4874cc is-40p74+0x750c4 @ 0x4750c4 is-40p74+0x8b184 @ 0x48b184 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: f7 37 89 06 e9 dd 07 00 00 8b 06 33 d2 8a 17 8b exception.symbol: is-40p74+0x3a89f exception.instruction: div dword ptr [edi] exception.module: is-40P74.tmp exception.exception_code: 0xc0000094 exception.offset: 239775 exception.address: 0x43a89f registers.esp: 1637788 registers.edi: 10621108 registers.eax: 1042 registers.ebp: 1637868 registers.edx: 0 registers.ebx: 1 registers.esi: 10621092 registers.ecx: 10621108	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1d1737 @ 0x5d1737 myburn+0x1dbbaf @ 0x5dbbaf myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638052 registers.edi: 4651000 registers.eax: 1968959488 registers.ebp: 1638092 registers.edx: 7601 registers.ebx: 2130567168 registers.esi: 1968959488 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1d1737 @ 0x5d1737 myburn+0x1dbbaf @ 0x5dbbaf myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638052 registers.edi: 4651000 registers.eax: 1968955392 registers.ebp: 1638092 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1968955392 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1d1737 @ 0x5d1737 myburn+0x1dbbaf @ 0x5dbbaf myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638052 registers.edi: 4651000 registers.eax: 1968951296 registers.ebp: 1638092 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1968951296 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1d1737 @ 0x5d1737 myburn+0x1dbbaf @ 0x5dbbaf myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638052 registers.edi: 4651000 registers.eax: 1968947200 registers.ebp: 1638092 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1968947200 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1d1737 @ 0x5d1737 myburn+0x1dbbaf @ 0x5dbbaf myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638052 registers.edi: 4651000 registers.eax: 1968943104 registers.ebp: 1638092 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1968943104 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1d1737 @ 0x5d1737 myburn+0x1dbbaf @ 0x5dbbaf myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638052 registers.edi: 4651000 registers.eax: 1968939008 registers.ebp: 1638092 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1968939008 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1d1737 @ 0x5d1737 myburn+0x1dbbaf @ 0x5dbbaf myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638052 registers.edi: 4651000 registers.eax: 1968934912 registers.ebp: 1638092 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1968934912 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1d1737 @ 0x5d1737 myburn+0x1dbbaf @ 0x5dbbaf myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638052 registers.edi: 4651000 registers.eax: 1968930816 registers.ebp: 1638092 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1968930816 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1d1737 @ 0x5d1737 myburn+0x1dbbaf @ 0x5dbbaf myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638052 registers.edi: 4651000 registers.eax: 1968926720 registers.ebp: 1638092 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1968926720 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1d1737 @ 0x5d1737 myburn+0x1dbbaf @ 0x5dbbaf myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638052 registers.edi: 4651000 registers.eax: 1968922624 registers.ebp: 1638092 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1968922624 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1d1737 @ 0x5d1737 myburn+0x1dbbaf @ 0x5dbbaf myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638052 registers.edi: 4651000 registers.eax: 1968918528 registers.ebp: 1638092 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1968918528 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1d1737 @ 0x5d1737 myburn+0x1dbbaf @ 0x5dbbaf myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638052 registers.edi: 4651000 registers.eax: 1968914432 registers.ebp: 1638092 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1968914432 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1d1737 @ 0x5d1737 myburn+0x1dbbaf @ 0x5dbbaf myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638052 registers.edi: 4651000 registers.eax: 1968910336 registers.ebp: 1638092 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1968910336 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1d1737 @ 0x5d1737 myburn+0x1dbbaf @ 0x5dbbaf myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638052 registers.edi: 4651000 registers.eax: 1968906240 registers.ebp: 1638092 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1968906240 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1d1737 @ 0x5d1737 myburn+0x1dbbaf @ 0x5dbbaf myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638052 registers.edi: 4651000 registers.eax: 1968902144 registers.ebp: 1638092 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 1968902144 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1dd8d1 @ 0x5dd8d1 myburn+0x20c67e @ 0x60c67e myburn+0x1ddf48 @ 0x5ddf48 myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638028 registers.edi: 4128 registers.eax: 134217728 registers.ebp: 1638068 registers.edx: 1621605242 registers.ebx: 3164500807 registers.esi: 134217728 registers.ecx: 4294903528	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1dd8d1 @ 0x5dd8d1 myburn+0x20c67e @ 0x60c67e myburn+0x1ddf48 @ 0x5ddf48 myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638028 registers.edi: 4128 registers.eax: 134221824 registers.ebp: 1638068 registers.edx: 0 registers.ebx: 3164500807 registers.esi: 134221824 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1dd8d1 @ 0x5dd8d1 myburn+0x20c67e @ 0x60c67e myburn+0x1ddf48 @ 0x5ddf48 myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638028 registers.edi: 4128 registers.eax: 134225920 registers.ebp: 1638068 registers.edx: 0 registers.ebx: 3164500807 registers.esi: 134225920 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1dd8d1 @ 0x5dd8d1 myburn+0x20c67e @ 0x60c67e myburn+0x1ddf48 @ 0x5ddf48 myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638028 registers.edi: 4128 registers.eax: 134230016 registers.ebp: 1638068 registers.edx: 0 registers.ebx: 3164500807 registers.esi: 134230016 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1dd8d1 @ 0x5dd8d1 myburn+0x20c67e @ 0x60c67e myburn+0x1ddf48 @ 0x5ddf48 myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638028 registers.edi: 4128 registers.eax: 134234112 registers.ebp: 1638068 registers.edx: 0 registers.ebx: 3164500807 registers.esi: 134234112 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1dd8d1 @ 0x5dd8d1 myburn+0x20c67e @ 0x60c67e myburn+0x1ddf48 @ 0x5ddf48 myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638028 registers.edi: 4128 registers.eax: 134238208 registers.ebp: 1638068 registers.edx: 0 registers.ebx: 3164500807 registers.esi: 134238208 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1dd8d1 @ 0x5dd8d1 myburn+0x20c67e @ 0x60c67e myburn+0x1ddf48 @ 0x5ddf48 myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638028 registers.edi: 4128 registers.eax: 134242304 registers.ebp: 1638068 registers.edx: 0 registers.ebx: 3164500807 registers.esi: 134242304 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1dd8d1 @ 0x5dd8d1 myburn+0x20c67e @ 0x60c67e myburn+0x1ddf48 @ 0x5ddf48 myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638028 registers.edi: 4128 registers.eax: 134246400 registers.ebp: 1638068 registers.edx: 0 registers.ebx: 3164500807 registers.esi: 134246400 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1dd8d1 @ 0x5dd8d1 myburn+0x20c67e @ 0x60c67e myburn+0x1ddf48 @ 0x5ddf48 myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638028 registers.edi: 4128 registers.eax: 134250496 registers.ebp: 1638068 registers.edx: 0 registers.ebx: 3164500807 registers.esi: 134250496 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1dd8d1 @ 0x5dd8d1 myburn+0x20c67e @ 0x60c67e myburn+0x1ddf48 @ 0x5ddf48 myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638028 registers.edi: 4128 registers.eax: 134254592 registers.ebp: 1638068 registers.edx: 0 registers.ebx: 3164500807 registers.esi: 134254592 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1dd8d1 @ 0x5dd8d1 myburn+0x20c67e @ 0x60c67e myburn+0x1ddf48 @ 0x5ddf48 myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638028 registers.edi: 4128 registers.eax: 134258688 registers.ebp: 1638068 registers.edx: 0 registers.ebx: 3164500807 registers.esi: 134258688 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1dd8d1 @ 0x5dd8d1 myburn+0x20c67e @ 0x60c67e myburn+0x1ddf48 @ 0x5ddf48 myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638028 registers.edi: 4128 registers.eax: 134262784 registers.ebp: 1638068 registers.edx: 0 registers.ebx: 3164500807 registers.esi: 134262784 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1dd8d1 @ 0x5dd8d1 myburn+0x20c67e @ 0x60c67e myburn+0x1ddf48 @ 0x5ddf48 myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638028 registers.edi: 4128 registers.eax: 134266880 registers.ebp: 1638068 registers.edx: 0 registers.ebx: 3164500807 registers.esi: 134266880 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1dd8d1 @ 0x5dd8d1 myburn+0x20c67e @ 0x60c67e myburn+0x1ddf48 @ 0x5ddf48 myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638028 registers.edi: 4128 registers.eax: 134270976 registers.ebp: 1638068 registers.edx: 0 registers.ebx: 3164500807 registers.esi: 134270976 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1dd8d1 @ 0x5dd8d1 myburn+0x20c67e @ 0x60c67e myburn+0x1ddf48 @ 0x5ddf48 myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638028 registers.edi: 4128 registers.eax: 134275072 registers.ebp: 1638068 registers.edx: 0 registers.ebx: 3164500807 registers.esi: 134275072 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1dd8d1 @ 0x5dd8d1 myburn+0x20c67e @ 0x60c67e myburn+0x1ddf48 @ 0x5ddf48 myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638028 registers.edi: 4128 registers.eax: 134279168 registers.ebp: 1638068 registers.edx: 0 registers.ebx: 3164500807 registers.esi: 134279168 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1dd8d1 @ 0x5dd8d1 myburn+0x20c67e @ 0x60c67e myburn+0x1ddf48 @ 0x5ddf48 myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638028 registers.edi: 4128 registers.eax: 134283264 registers.ebp: 1638068 registers.edx: 0 registers.ebx: 3164500807 registers.esi: 134283264 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1dd8d1 @ 0x5dd8d1 myburn+0x20c67e @ 0x60c67e myburn+0x1ddf48 @ 0x5ddf48 myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638028 registers.edi: 4128 registers.eax: 134287360 registers.ebp: 1638068 registers.edx: 0 registers.ebx: 3164500807 registers.esi: 134287360 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1dd8d1 @ 0x5dd8d1 myburn+0x20c67e @ 0x60c67e myburn+0x1ddf48 @ 0x5ddf48 myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638028 registers.edi: 4128 registers.eax: 134291456 registers.ebp: 1638068 registers.edx: 0 registers.ebx: 3164500807 registers.esi: 134291456 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1dd8d1 @ 0x5dd8d1 myburn+0x20c67e @ 0x60c67e myburn+0x1ddf48 @ 0x5ddf48 myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638028 registers.edi: 4128 registers.eax: 134295552 registers.ebp: 1638068 registers.edx: 0 registers.ebx: 3164500807 registers.esi: 134295552 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1dd8d1 @ 0x5dd8d1 myburn+0x20c67e @ 0x60c67e myburn+0x1ddf48 @ 0x5ddf48 myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638028 registers.edi: 4128 registers.eax: 134299648 registers.ebp: 1638068 registers.edx: 0 registers.ebx: 3164500807 registers.esi: 134299648 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1dd8d1 @ 0x5dd8d1 myburn+0x20c67e @ 0x60c67e myburn+0x1ddf48 @ 0x5ddf48 myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638028 registers.edi: 4128 registers.eax: 134303744 registers.ebp: 1638068 registers.edx: 0 registers.ebx: 3164500807 registers.esi: 134303744 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1dd8d1 @ 0x5dd8d1 myburn+0x20c67e @ 0x60c67e myburn+0x1ddf48 @ 0x5ddf48 myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638028 registers.edi: 4128 registers.eax: 134307840 registers.ebp: 1638068 registers.edx: 0 registers.ebx: 3164500807 registers.esi: 134307840 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1dd8d1 @ 0x5dd8d1 myburn+0x20c67e @ 0x60c67e myburn+0x1ddf48 @ 0x5ddf48 myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638028 registers.edi: 4128 registers.eax: 134311936 registers.ebp: 1638068 registers.edx: 0 registers.ebx: 3164500807 registers.esi: 134311936 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1dd8d1 @ 0x5dd8d1 myburn+0x20c67e @ 0x60c67e myburn+0x1ddf48 @ 0x5ddf48 myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638028 registers.edi: 4128 registers.eax: 134316032 registers.ebp: 1638068 registers.edx: 0 registers.ebx: 3164500807 registers.esi: 134316032 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1dd8d1 @ 0x5dd8d1 myburn+0x20c67e @ 0x60c67e myburn+0x1ddf48 @ 0x5ddf48 myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638028 registers.edi: 4128 registers.eax: 134320128 registers.ebp: 1638068 registers.edx: 0 registers.ebx: 3164500807 registers.esi: 134320128 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1dd8d1 @ 0x5dd8d1 myburn+0x20c67e @ 0x60c67e myburn+0x1ddf48 @ 0x5ddf48 myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638028 registers.edi: 4128 registers.eax: 134324224 registers.ebp: 1638068 registers.edx: 0 registers.ebx: 3164500807 registers.esi: 134324224 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1dd8d1 @ 0x5dd8d1 myburn+0x20c67e @ 0x60c67e myburn+0x1ddf48 @ 0x5ddf48 myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638028 registers.edi: 4128 registers.eax: 134328320 registers.ebp: 1638068 registers.edx: 0 registers.ebx: 3164500807 registers.esi: 134328320 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1dd8d1 @ 0x5dd8d1 myburn+0x20c67e @ 0x60c67e myburn+0x1ddf48 @ 0x5ddf48 myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638028 registers.edi: 4128 registers.eax: 134332416 registers.ebp: 1638068 registers.edx: 0 registers.ebx: 3164500807 registers.esi: 134332416 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1dd8d1 @ 0x5dd8d1 myburn+0x20c67e @ 0x60c67e myburn+0x1ddf48 @ 0x5ddf48 myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638028 registers.edi: 4128 registers.eax: 134336512 registers.ebp: 1638068 registers.edx: 0 registers.ebx: 3164500807 registers.esi: 134336512 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1dd8d1 @ 0x5dd8d1 myburn+0x20c67e @ 0x60c67e myburn+0x1ddf48 @ 0x5ddf48 myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638028 registers.edi: 4128 registers.eax: 134340608 registers.ebp: 1638068 registers.edx: 0 registers.ebx: 3164500807 registers.esi: 134340608 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1dd8d1 @ 0x5dd8d1 myburn+0x20c67e @ 0x60c67e myburn+0x1ddf48 @ 0x5ddf48 myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638028 registers.edi: 4128 registers.eax: 134344704 registers.ebp: 1638068 registers.edx: 0 registers.ebx: 3164500807 registers.esi: 134344704 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1dd8d1 @ 0x5dd8d1 myburn+0x20c67e @ 0x60c67e myburn+0x1ddf48 @ 0x5ddf48 myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638028 registers.edi: 4128 registers.eax: 134348800 registers.ebp: 1638068 registers.edx: 0 registers.ebx: 3164500807 registers.esi: 134348800 registers.ecx: 1638264	1
__exception__ Oct. 24, 2023, 7:41 a.m.	stacktrace: myburn+0x1dd8d1 @ 0x5dd8d1 myburn+0x20c67e @ 0x60c67e myburn+0x1ddf48 @ 0x5ddf48 myburn+0x637e8 @ 0x4637e8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 ff 34 24 8b 04 24 81 c4 04 00 00 00 51 89 exception.symbol: myburn+0x19863b exception.instruction: push dword ptr [eax] exception.module: MyBurn.exe exception.exception_code: 0xc0000005 exception.offset: 1672763 exception.address: 0x59863b registers.esp: 1638028 registers.edi: 4128 registers.eax: 134352896 registers.ebp: 1638068 registers.edx: 0 registers.ebx: 3164500807 registers.esi: 134352896 registers.ecx: 1638264	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Allocates read-write-execute memory (usually to unpack itself) (50 out of 102 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2544 region_size: 2228224 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ab0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2544 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c90000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2544 region_size: 2162688 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00cd0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2544 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ea0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2544 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00542000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2544 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00785000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2544 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0078b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2544 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00787000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2544 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0055c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2544 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00bc0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2544 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0054a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2632 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 77824 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0090e000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2632 region_size: 36864 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2684 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4161536 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026a0000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2684 region_size: 9351168 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02aa0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2728 region_size: 458752 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00330000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2728 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00360000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2728 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2728 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2728 region_size: 720896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004c0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2728 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00530000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2728 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003d2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2728 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00405000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2728 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2728 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00407000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2728 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003ec000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2728 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00520000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2728 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003da000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 36864 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00401000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 20480 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040e000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x70491000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x70454000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x70492000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2904 region_size: 1179648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000006c0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2904 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000760000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3a31000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef40cb000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2904 region_size: 2031616 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000be0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2904 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000d50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3a32000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3a32000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3a32000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3a32000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3a32000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3a32000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3a32000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 2904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3a32000 process_handle: 0xffffffffffffffff	1

Creates executable files on the filesystem (10 events)

file	C:\Users\test22\AppData\Local\Temp\latestX.exe
file	C:\Users\test22\AppData\Local\Temp\set16.exe
file	C:\Program Files (x86)\MyBurn\MyBurn.exe
file	C:\Users\test22\AppData\Local\Temp\is-48DGV.tmp\_isetup\_shfoldr.dll
file	C:\Users\test22\AppData\Local\Temp\toolspub2.exe
file	C:\Users\test22\AppData\Local\Temp\is-48DGV.tmp\_isdecmp.dll
file	C:\Users\test22\AppData\Local\Temp\K.exe
file	C:\Users\test22\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
file	C:\Users\test22\AppData\Local\Temp\is-48DGV.tmp\_iscrypt.dll
file	C:\Users\test22\AppData\Local\Temp\kos2.exe

Creates a suspicious process (1 event)

cmdline

"C:\Windows\system32\schtasks.exe" /Query

Drops a binary and executes it (6 events)

file	C:\Users\test22\AppData\Local\Temp\toolspub2.exe
file	C:\Users\test22\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
file	C:\Users\test22\AppData\Local\Temp\kos2.exe
file	C:\Users\test22\AppData\Local\Temp\latestX.exe
file	C:\Users\test22\AppData\Local\Temp\set16.exe
file	C:\Users\test22\AppData\Local\Temp\K.exe

Drops an executable to the user AppData folder (8 events)

file	C:\Users\test22\AppData\Local\Temp\toolspub2.exe
file	C:\Users\test22\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
file	C:\Users\test22\AppData\Local\Temp\K.exe
file	C:\Users\test22\AppData\Local\Temp\is-48DGV.tmp\_isetup\_shfoldr.dll
file	C:\Users\test22\AppData\Local\Temp\is-48DGV.tmp\_isdecmp.dll
file	C:\Users\test22\AppData\Local\Temp\is-48DGV.tmp\_iscrypt.dll
file	C:\Users\test22\AppData\Local\Temp\set16.exe
file	C:\Users\test22\AppData\Local\Temp\kos2.exe

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses Oct. 24, 2023, 7:41 a.m.	flags: 15 family: 0		111	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00b7d400', u'virtual_address': u'0x00002000', u'entropy': 7.9367533847328415, u'name': u'.text', u'virtual_size': u'0x00b7d204'}

entropy

7.93675338473

description

A section with a high entropy has been found

entropy

0.999830033144

description

Overall entropy of this PE file is high

Yara rule detected in process memory (7 events)

description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Bypass DEP	rule	disable_dep

Queries for potentially installed applications (4 events)

Time & API	Arguments	Return
RegOpenKeyExA Oct. 24, 2023, 7:41 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\MyBurn_is1 base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00000001 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyBurn_is1	2
RegOpenKeyExA Oct. 24, 2023, 7:41 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\MyBurn_is1 base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000001 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyBurn_is1	2
RegOpenKeyExA Oct. 24, 2023, 7:41 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\MyBurn_is1 base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00000008 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyBurn_is1	2
RegOpenKeyExA Oct. 24, 2023, 7:41 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\MyBurn_is1 base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000008 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyBurn_is1	2

Uses Windows utilities for basic Windows functionality (2 events)

cmdline	"C:\Windows\system32\schtasks.exe" /Query
cmdline	"C:\Windows\system32\net.exe" helpmsg 20

Allocates execute permission to another process indicative of possible code injection (1 event)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 3056 region_size: 36864 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000009c	1	0	0

Detects Avast Antivirus through the presence of a library (2 events)

Time & API	Arguments	Status	Return	Repeated
LdrGetDllHandle Oct. 24, 2023, 7:41 a.m.	module_name: snxhk module_address: 0x00000000 stack_pivoted: 0		3221225781	0
LdrGetDllHandle Oct. 24, 2023, 7:41 a.m.	module_name: snxhk module_address: 0x00000000 stack_pivoted: 0		3221225781	0

Potential code injection by writing to the memory of another process (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteProcessMemory Oct. 24, 2023, 7:41 a.m.	buffer: @ base_address: 0x7efde008 process_identifier: 3056 process_handle: 0x0000009c	1	1	0

Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2632 called NtSetContextThread to modify thread in remote process 3056
NtSetContextThread Oct. 24, 2023, 7:41 a.m.	registers.eip: 1995571652 registers.esp: 1638384 registers.edi: 0 registers.eax: 4206040 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x00000098 process_identifier: 3056	1	0	0

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2632 resumed a thread in remote process 3056
NtResumeThread Oct. 24, 2023, 7:41 a.m.	thread_handle: 0x00000098 suspend_count: 1 process_identifier: 3056	1	0	0

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ Oct. 24, 2023, 7:42 a.m.	tid: 1964 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

Executed a process and injected code into it, probably while unpacking (40 events)

Time & API	Arguments	Status	Return
NtResumeThread Oct. 24, 2023, 7:41 a.m.	thread_handle: 0x000000dc suspend_count: 1 process_identifier: 2544	1	0
NtResumeThread Oct. 24, 2023, 7:41 a.m.	thread_handle: 0x0000014c suspend_count: 1 process_identifier: 2544	1	0
NtResumeThread Oct. 24, 2023, 7:41 a.m.	thread_handle: 0x00000188 suspend_count: 1 process_identifier: 2544	1	0
NtResumeThread Oct. 24, 2023, 7:41 a.m.	thread_handle: 0x00000204 suspend_count: 1 process_identifier: 2544	1	0
CreateProcessInternalW Oct. 24, 2023, 7:41 a.m.	thread_identifier: 2636 thread_handle: 0x00000394 process_identifier: 2632 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Users\test22\AppData\Local\Temp\toolspub2.exe track: 1 command_line: "C:\Users\test22\AppData\Local\Temp\toolspub2.exe" filepath_r: C:\Users\test22\AppData\Local\Temp\toolspub2.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x0000039c	1	1
NtResumeThread Oct. 24, 2023, 7:41 a.m.	thread_handle: 0x00000328 suspend_count: 1 process_identifier: 2544	1	0
NtGetContextThread Oct. 24, 2023, 7:41 a.m.	thread_handle: 0x000000e0	1	0
NtGetContextThread Oct. 24, 2023, 7:41 a.m.	thread_handle: 0x000000e0	1	0
NtResumeThread Oct. 24, 2023, 7:41 a.m.	thread_handle: 0x000000e0 suspend_count: 1 process_identifier: 2544	1	0
NtResumeThread Oct. 24, 2023, 7:41 a.m.	thread_handle: 0x0000039c suspend_count: 1 process_identifier: 2544	1	0
CreateProcessInternalW Oct. 24, 2023, 7:41 a.m.	thread_identifier: 2688 thread_handle: 0x000003a8 process_identifier: 2684 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Users\test22\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe track: 1 command_line: "C:\Users\test22\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe" filepath_r: C:\Users\test22\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x000003c4	1	1
NtResumeThread Oct. 24, 2023, 7:41 a.m.	thread_handle: 0x000003ac suspend_count: 1 process_identifier: 2544	1	0
CreateProcessInternalW Oct. 24, 2023, 7:41 a.m.	thread_identifier: 2732 thread_handle: 0x000003b4 process_identifier: 2728 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Users\test22\AppData\Local\Temp\kos2.exe track: 1 command_line: "C:\Users\test22\AppData\Local\Temp\kos2.exe" filepath_r: C:\Users\test22\AppData\Local\Temp\kos2.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x000003dc	1	1
NtResumeThread Oct. 24, 2023, 7:41 a.m.	thread_handle: 0x000003c4 suspend_count: 1 process_identifier: 2544	1	0
CreateProcessInternalW Oct. 24, 2023, 7:41 a.m.	thread_identifier: 2800 thread_handle: 0x000003cc process_identifier: 2796 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Users\test22\AppData\Local\Temp\latestX.exe track: 1 command_line: "C:\Users\test22\AppData\Local\Temp\latestX.exe" filepath_r: C:\Users\test22\AppData\Local\Temp\latestX.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x000003f4	1	1
CreateProcessInternalW Oct. 24, 2023, 7:41 a.m.	thread_identifier: 3060 thread_handle: 0x00000098 process_identifier: 3056 current_directory: filepath: C:\Users\test22\AppData\Local\Temp\toolspub2.exe track: 1 command_line: "C:\Users\test22\AppData\Local\Temp\toolspub2.exe" filepath_r: C:\Users\test22\AppData\Local\Temp\toolspub2.exe stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x0000009c	1	1
NtGetContextThread Oct. 24, 2023, 7:41 a.m.	thread_handle: 0x00000098	1	0
NtUnmapViewOfSection Oct. 24, 2023, 7:41 a.m.	base_address: 0x00400000 region_size: 4096 process_identifier: 3056 process_handle: 0x0000009c	1	0
NtAllocateVirtualMemory Oct. 24, 2023, 7:41 a.m.	process_identifier: 3056 region_size: 36864 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000009c	1	0
WriteProcessMemory Oct. 24, 2023, 7:41 a.m.	buffer: @ base_address: 0x7efde008 process_identifier: 3056 process_handle: 0x0000009c	1	1
NtSetContextThread Oct. 24, 2023, 7:41 a.m.	registers.eip: 1995571652 registers.esp: 1638384 registers.edi: 0 registers.eax: 4206040 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x00000098 process_identifier: 3056	1	0
NtResumeThread Oct. 24, 2023, 7:41 a.m.	thread_handle: 0x00000098 suspend_count: 1 process_identifier: 3056	1	0
NtResumeThread Oct. 24, 2023, 7:41 a.m.	thread_handle: 0x000000dc suspend_count: 1 process_identifier: 2728	1	0
NtResumeThread Oct. 24, 2023, 7:41 a.m.	thread_handle: 0x0000014c suspend_count: 1 process_identifier: 2728	1	0
NtResumeThread Oct. 24, 2023, 7:41 a.m.	thread_handle: 0x000001a8 suspend_count: 1 process_identifier: 2728	1	0
NtResumeThread Oct. 24, 2023, 7:41 a.m.	thread_handle: 0x00000348 suspend_count: 1 process_identifier: 2728	1	0
CreateProcessInternalW Oct. 24, 2023, 7:41 a.m.	thread_identifier: 2836 thread_handle: 0x00000394 process_identifier: 2832 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Users\test22\AppData\Local\Temp\set16.exe track: 1 command_line: "C:\Users\test22\AppData\Local\Temp\set16.exe" filepath_r: C:\Users\test22\AppData\Local\Temp\set16.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x0000039c	1	1
NtResumeThread Oct. 24, 2023, 7:41 a.m.	thread_handle: 0x000002e4 suspend_count: 1 process_identifier: 2728	1	0
CreateProcessInternalW Oct. 24, 2023, 7:41 a.m.	thread_identifier: 2908 thread_handle: 0x0000039c process_identifier: 2904 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Users\test22\AppData\Local\Temp\K.exe track: 1 command_line: "C:\Users\test22\AppData\Local\Temp\K.exe" filepath_r: C:\Users\test22\AppData\Local\Temp\K.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x000003b4	1	1
CreateProcessInternalW Oct. 24, 2023, 7:41 a.m.	thread_identifier: 2952 thread_handle: 0x00000128 process_identifier: 2948 current_directory: filepath: track: 1 command_line: "C:\Users\test22\AppData\Local\Temp\is-9EU1U.tmp\is-40P74.tmp" /SL4 $C0178 "C:\Users\test22\AppData\Local\Temp\set16.exe" 1281875 52224 filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 0 process_handle: 0x00000124	1	1
NtResumeThread Oct. 24, 2023, 7:41 a.m.	thread_handle: 0x00000000000000c4 suspend_count: 1 process_identifier: 2904	1	0
NtResumeThread Oct. 24, 2023, 7:41 a.m.	thread_handle: 0x0000000000000134 suspend_count: 1 process_identifier: 2904	1	0
NtResumeThread Oct. 24, 2023, 7:41 a.m.	thread_handle: 0x0000000000000170 suspend_count: 1 process_identifier: 2904	1	0
NtResumeThread Oct. 24, 2023, 7:41 a.m.	thread_handle: 0x0000000000000324 suspend_count: 1 process_identifier: 2904	1	0
NtResumeThread Oct. 24, 2023, 7:41 a.m.	thread_handle: 0x0000018c suspend_count: 1 process_identifier: 2948	1	0
CreateProcessInternalW Oct. 24, 2023, 7:41 a.m.	thread_identifier: 3032 thread_handle: 0x0000028c process_identifier: 3028 current_directory: C:\Windows\system32 filepath: track: 1 command_line: "C:\Windows\system32\net.exe" helpmsg 20 filepath_r: stack_pivoted: 0 creation_flags: 67108864 (CREATE_DEFAULT_ERROR_MODE) inherit_handles: 0 process_handle: 0x00000294	1	1
CreateProcessInternalW Oct. 24, 2023, 7:41 a.m.	thread_identifier: 1964 thread_handle: 0x00000294 process_identifier: 940 current_directory: C:\Program Files (x86)\MyBurn filepath: track: 1 command_line: "C:\Program Files (x86)\MyBurn\MyBurn.exe" -i filepath_r: stack_pivoted: 0 creation_flags: 67108864 (CREATE_DEFAULT_ERROR_MODE) inherit_handles: 0 process_handle: 0x0000028c	1	1
CreateProcessInternalW Oct. 24, 2023, 7:42 a.m.	thread_identifier: 2532 thread_handle: 0x0000028c process_identifier: 2536 current_directory: C:\Windows\system32 filepath: track: 1 command_line: "C:\Windows\system32\schtasks.exe" /Query filepath_r: stack_pivoted: 0 creation_flags: 67108864 (CREATE_DEFAULT_ERROR_MODE) inherit_handles: 0 process_handle: 0x0000029c	1	1
CreateProcessInternalW Oct. 24, 2023, 7:42 a.m.	thread_identifier: 2572 thread_handle: 0x0000029c process_identifier: 2580 current_directory: C:\Program Files (x86)\MyBurn filepath: track: 1 command_line: "C:\Program Files (x86)\MyBurn\MyBurn.exe" -s filepath_r: stack_pivoted: 0 creation_flags: 67108864 (CREATE_DEFAULT_ERROR_MODE) inherit_handles: 0 process_handle: 0x0000028c	1	1
CreateProcessInternalW Oct. 24, 2023, 7:41 a.m.	thread_identifier: 2068 thread_handle: 0x0000013c process_identifier: 2064 current_directory: filepath: track: 1 command_line: C:\Windows\system32\net1 helpmsg 20 filepath_r: stack_pivoted: 0 creation_flags: 32 (NORMAL_PRIORITY_CLASS) inherit_handles: 1 process_handle: 0x00000140	1	1

File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 events)

Bkav	W32.Common.034D7818
Lionic	Trojan.Win32.ShortLoader.4!c
MicroWorld-eScan	IL:Trojan.MSILZilla.9891
FireEye	Generic.mg.6020dace849357f1
CAT-QuickHeal	TrojanDownloader.MSIL
Skyhigh	BehavesLike.Win32.Generic.wc
ALYac	IL:Trojan.MSILZilla.9891
Malwarebytes	Trojan.Crypt.MSIL.Generic
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Ransomware ( 005a8b921 )
Alibaba	TrojanDownloader:MSIL/Mokes.aa65faff
K7GW	Ransomware ( 005a8b921 )
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	IL:Trojan.MSILZilla.D26A3
BitDefenderTheta	Gen:NN.ZemsilF.36792.@p0@au0RZBc
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Agent.UZA
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan-Downloader.MSIL.ShortLoader.gen
BitDefender	IL:Trojan.MSILZilla.9891
NANO-Antivirus	Trojan.Win32.ShortLoader.kcmmrk
Avast	Win32:DropperX-gen [Drp]
Tencent	Malware.Win32.Gencirc.13f2f3ab
Emsisoft	IL:Trojan.MSILZilla.9891 (B)
F-Secure	Trojan.TR/Agent.qqfle
DrWeb	Trojan.MulDropNET.43
VIPRE	IL:Trojan.MSILZilla.9891
TrendMicro	Trojan.Win32.SMOKELOADER.YXDJUZ
Trapmine	malicious.high.ml.score
Sophos	Troj/ILAgent-I
Ikarus	Trojan.MSIL.Krypt
Webroot	W32.Trojan.MSILZilla
Google	Detected
Avira	TR/AD.CloudGenRKIT.tugmc
Antiy-AVL	Trojan/MSIL.Mokes
Gridinsoft	Trojan.Win32.Glupteba.bot
Microsoft	Trojan:MSIL/Mokes.B!MTB
ZoneAlarm	HEUR:Trojan-Downloader.MSIL.ShortLoader.gen
GData	IL:Trojan.MSILZilla.9891
Varist	W32/MSIL_Kryptik.FFY.gen!Eldorado
AhnLab-V3	Malware/Win.Generic.C4478643
McAfee	GenericRXPU-AM!6020DACE8493
MAX	malware (ai score=85)
VBA32	Trojan.MSIL.Injector.gen
Cylance	unsafe
Panda	Trj/GdSda.A
TrendMicro-HouseCall	Trojan.Win32.SMOKELOADER.YXDJUZ
Rising	Trojan.AntiVM!1.CF63 (CLASSIC)

newmar.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All