Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Jan. 6, 2024, 10:37 a.m.	Jan. 6, 2024, 10:45 a.m.

Size	4.6MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e0fa0f17c56c6ed4d29b3b6a69f99193`
SHA256	`8f6297ed40a76c797c49135dd5b20e2dbd0b01382dedfda91b69aa28f685400b`
CRC32	`D8EAE7E5`
ssdeep	`98304:QMGyVEWem1KIvfdNlk58Vh1eAMR0kdsqYDy4yZW1Pyj6B5E44dm8:jGyVEWfK8FNlk58NVi0kPZWdRm44dD`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file mzp_file_format - MZP(Delphi) file format

tuc6.exe "C:\Users\test22\AppData\Local\Temp\tuc6.exe"
2032
- tuc6.tmp "C:\Users\test22\AppData\Local\Temp\is-Q0N1Q.tmp\tuc6.tmp" /SL5="$30028,4532133,54272,C:\Users\test22\AppData\Local\Temp\tuc6.exe"
  2112
  - vbeditcontrol.exe "C:\Program Files (x86)\VB Edit Control CRT\vbeditcontrol" -i
    2208
  - vbeditcontrol.exe "C:\Program Files (x86)\VB Edit Control CRT\vbeditcontrol.exe" -s
    2436

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA Jan. 6, 2024, 10:37 a.m.	computer_name: TEST22-PC	1	1	0

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Jan. 6, 2024, 10:37 a.m.			0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section	CODE
section	DATA
section	BSS

One or more processes crashed (50 out of 131074 events)

Time & API	Arguments	Status
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: tuc6+0x40c02 @ 0x440c02 tuc6+0x42a47 @ 0x442a47 tuc6+0x48110 @ 0x448110 tuc6+0x3e015 @ 0x43e015 tuc6+0x3cf4b @ 0x43cf4b tuc6+0x933f2 @ 0x4933f2 tuc6+0x7f424 @ 0x47f424 tuc6+0x97316 @ 0x497316 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 06 c7 45 fc fe ff ff ff 85 db 0f 85 97 34 00 exception.symbol: WNetCloseEnum+0x14 WNetOpenEnumW-0x11c mpr+0x2dea exception.instruction: mov eax, dword ptr [esi] exception.module: mpr.dll exception.exception_code: 0xc0000005 exception.offset: 11754 exception.address: 0x74412dea registers.esp: 1637604 registers.edi: 31167828 registers.eax: 1637632 registers.ebp: 1637648 registers.edx: 44 registers.ebx: 0 registers.esi: 44 registers.ecx: 0	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: tuc6+0x3db3a @ 0x43db3a tuc6+0x3cf4b @ 0x43cf4b tuc6+0x933f2 @ 0x4933f2 tuc6+0x7f424 @ 0x47f424 tuc6+0x97316 @ 0x497316 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: f7 37 89 06 e9 dd 07 00 00 8b 06 33 d2 8a 17 8b exception.symbol: tuc6+0x3ae2f exception.instruction: div dword ptr [edi] exception.module: tuc6.tmp exception.exception_code: 0xc0000094 exception.offset: 241199 exception.address: 0x43ae2f registers.esp: 1637776 registers.edi: 31163216 registers.eax: 28913707 registers.ebp: 1637856 registers.edx: 0 registers.ebx: 1 registers.esi: 31163208 registers.ecx: 31163216	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1543f5 @ 0x5543f5 vbeditcontrol+0x1760ce @ 0x5760ce vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638008 registers.edi: 5000312 registers.eax: 1971253248 registers.ebp: 1638048 registers.edx: 1971253248 registers.ebx: 0 registers.esi: 0 registers.ecx: 1971253248	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1543f5 @ 0x5543f5 vbeditcontrol+0x1760ce @ 0x5760ce vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638008 registers.edi: 5000312 registers.eax: 1971249152 registers.ebp: 1638048 registers.edx: 1971249152 registers.ebx: 0 registers.esi: 0 registers.ecx: 1971249152	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1543f5 @ 0x5543f5 vbeditcontrol+0x1760ce @ 0x5760ce vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638008 registers.edi: 5000312 registers.eax: 1971245056 registers.ebp: 1638048 registers.edx: 1971245056 registers.ebx: 0 registers.esi: 0 registers.ecx: 1971245056	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1543f5 @ 0x5543f5 vbeditcontrol+0x1760ce @ 0x5760ce vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638008 registers.edi: 5000312 registers.eax: 1971240960 registers.ebp: 1638048 registers.edx: 1971240960 registers.ebx: 0 registers.esi: 0 registers.ecx: 1971240960	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1543f5 @ 0x5543f5 vbeditcontrol+0x1760ce @ 0x5760ce vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638008 registers.edi: 5000312 registers.eax: 1971236864 registers.ebp: 1638048 registers.edx: 1971236864 registers.ebx: 0 registers.esi: 0 registers.ecx: 1971236864	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1543f5 @ 0x5543f5 vbeditcontrol+0x1760ce @ 0x5760ce vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638008 registers.edi: 5000312 registers.eax: 1971232768 registers.ebp: 1638048 registers.edx: 1971232768 registers.ebx: 0 registers.esi: 0 registers.ecx: 1971232768	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1543f5 @ 0x5543f5 vbeditcontrol+0x1760ce @ 0x5760ce vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638008 registers.edi: 5000312 registers.eax: 1971228672 registers.ebp: 1638048 registers.edx: 1971228672 registers.ebx: 0 registers.esi: 0 registers.ecx: 1971228672	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1543f5 @ 0x5543f5 vbeditcontrol+0x1760ce @ 0x5760ce vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638008 registers.edi: 5000312 registers.eax: 1971224576 registers.ebp: 1638048 registers.edx: 1971224576 registers.ebx: 0 registers.esi: 0 registers.ecx: 1971224576	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1543f5 @ 0x5543f5 vbeditcontrol+0x1760ce @ 0x5760ce vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638008 registers.edi: 5000312 registers.eax: 1971220480 registers.ebp: 1638048 registers.edx: 1971220480 registers.ebx: 0 registers.esi: 0 registers.ecx: 1971220480	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1543f5 @ 0x5543f5 vbeditcontrol+0x1760ce @ 0x5760ce vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638008 registers.edi: 5000312 registers.eax: 1971216384 registers.ebp: 1638048 registers.edx: 1971216384 registers.ebx: 0 registers.esi: 0 registers.ecx: 1971216384	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1543f5 @ 0x5543f5 vbeditcontrol+0x1760ce @ 0x5760ce vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638008 registers.edi: 5000312 registers.eax: 1971212288 registers.ebp: 1638048 registers.edx: 1971212288 registers.ebx: 0 registers.esi: 0 registers.ecx: 1971212288	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1543f5 @ 0x5543f5 vbeditcontrol+0x1760ce @ 0x5760ce vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638008 registers.edi: 5000312 registers.eax: 1971208192 registers.ebp: 1638048 registers.edx: 1971208192 registers.ebx: 0 registers.esi: 0 registers.ecx: 1971208192	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1543f5 @ 0x5543f5 vbeditcontrol+0x1760ce @ 0x5760ce vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638008 registers.edi: 5000312 registers.eax: 1971204096 registers.ebp: 1638048 registers.edx: 1971204096 registers.ebx: 0 registers.esi: 0 registers.ecx: 1971204096	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1543f5 @ 0x5543f5 vbeditcontrol+0x1760ce @ 0x5760ce vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638008 registers.edi: 5000312 registers.eax: 1971200000 registers.ebp: 1638048 registers.edx: 1971200000 registers.ebx: 0 registers.esi: 0 registers.ecx: 1971200000	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1543f5 @ 0x5543f5 vbeditcontrol+0x1760ce @ 0x5760ce vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638008 registers.edi: 5000312 registers.eax: 1971195904 registers.ebp: 1638048 registers.edx: 1971195904 registers.ebx: 0 registers.esi: 0 registers.ecx: 1971195904	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1a81ac @ 0x5a81ac vbeditcontrol+0x17988a @ 0x57988a vbeditcontrol+0x14bf07 @ 0x54bf07 vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638016 registers.edi: 273 registers.eax: 134217728 registers.ebp: 1638056 registers.edx: 35 registers.ebx: 0 registers.esi: 134217728 registers.ecx: 2005598752	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1a81ac @ 0x5a81ac vbeditcontrol+0x17988a @ 0x57988a vbeditcontrol+0x14bf07 @ 0x54bf07 vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638016 registers.edi: 273 registers.eax: 134221824 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134221824 registers.ecx: 1638264	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1a81ac @ 0x5a81ac vbeditcontrol+0x17988a @ 0x57988a vbeditcontrol+0x14bf07 @ 0x54bf07 vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638016 registers.edi: 273 registers.eax: 134225920 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134225920 registers.ecx: 1638264	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1a81ac @ 0x5a81ac vbeditcontrol+0x17988a @ 0x57988a vbeditcontrol+0x14bf07 @ 0x54bf07 vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638016 registers.edi: 273 registers.eax: 134230016 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134230016 registers.ecx: 1638264	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1a81ac @ 0x5a81ac vbeditcontrol+0x17988a @ 0x57988a vbeditcontrol+0x14bf07 @ 0x54bf07 vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638016 registers.edi: 273 registers.eax: 134234112 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134234112 registers.ecx: 1638264	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1a81ac @ 0x5a81ac vbeditcontrol+0x17988a @ 0x57988a vbeditcontrol+0x14bf07 @ 0x54bf07 vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638016 registers.edi: 273 registers.eax: 134238208 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134238208 registers.ecx: 1638264	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1a81ac @ 0x5a81ac vbeditcontrol+0x17988a @ 0x57988a vbeditcontrol+0x14bf07 @ 0x54bf07 vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638016 registers.edi: 273 registers.eax: 134242304 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134242304 registers.ecx: 1638264	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1a81ac @ 0x5a81ac vbeditcontrol+0x17988a @ 0x57988a vbeditcontrol+0x14bf07 @ 0x54bf07 vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638016 registers.edi: 273 registers.eax: 134246400 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134246400 registers.ecx: 1638264	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1a81ac @ 0x5a81ac vbeditcontrol+0x17988a @ 0x57988a vbeditcontrol+0x14bf07 @ 0x54bf07 vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638016 registers.edi: 273 registers.eax: 134250496 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134250496 registers.ecx: 1638264	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1a81ac @ 0x5a81ac vbeditcontrol+0x17988a @ 0x57988a vbeditcontrol+0x14bf07 @ 0x54bf07 vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638016 registers.edi: 273 registers.eax: 134254592 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134254592 registers.ecx: 1638264	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1a81ac @ 0x5a81ac vbeditcontrol+0x17988a @ 0x57988a vbeditcontrol+0x14bf07 @ 0x54bf07 vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638016 registers.edi: 273 registers.eax: 134258688 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134258688 registers.ecx: 1638264	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1a81ac @ 0x5a81ac vbeditcontrol+0x17988a @ 0x57988a vbeditcontrol+0x14bf07 @ 0x54bf07 vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638016 registers.edi: 273 registers.eax: 134262784 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134262784 registers.ecx: 1638264	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1a81ac @ 0x5a81ac vbeditcontrol+0x17988a @ 0x57988a vbeditcontrol+0x14bf07 @ 0x54bf07 vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638016 registers.edi: 273 registers.eax: 134266880 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134266880 registers.ecx: 1638264	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1a81ac @ 0x5a81ac vbeditcontrol+0x17988a @ 0x57988a vbeditcontrol+0x14bf07 @ 0x54bf07 vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638016 registers.edi: 273 registers.eax: 134270976 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134270976 registers.ecx: 1638264	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1a81ac @ 0x5a81ac vbeditcontrol+0x17988a @ 0x57988a vbeditcontrol+0x14bf07 @ 0x54bf07 vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638016 registers.edi: 273 registers.eax: 134275072 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134275072 registers.ecx: 1638264	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1a81ac @ 0x5a81ac vbeditcontrol+0x17988a @ 0x57988a vbeditcontrol+0x14bf07 @ 0x54bf07 vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638016 registers.edi: 273 registers.eax: 134279168 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134279168 registers.ecx: 1638264	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1a81ac @ 0x5a81ac vbeditcontrol+0x17988a @ 0x57988a vbeditcontrol+0x14bf07 @ 0x54bf07 vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638016 registers.edi: 273 registers.eax: 134283264 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134283264 registers.ecx: 1638264	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1a81ac @ 0x5a81ac vbeditcontrol+0x17988a @ 0x57988a vbeditcontrol+0x14bf07 @ 0x54bf07 vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638016 registers.edi: 273 registers.eax: 134287360 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134287360 registers.ecx: 1638264	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1a81ac @ 0x5a81ac vbeditcontrol+0x17988a @ 0x57988a vbeditcontrol+0x14bf07 @ 0x54bf07 vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638016 registers.edi: 273 registers.eax: 134291456 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134291456 registers.ecx: 1638264	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1a81ac @ 0x5a81ac vbeditcontrol+0x17988a @ 0x57988a vbeditcontrol+0x14bf07 @ 0x54bf07 vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638016 registers.edi: 273 registers.eax: 134295552 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134295552 registers.ecx: 1638264	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1a81ac @ 0x5a81ac vbeditcontrol+0x17988a @ 0x57988a vbeditcontrol+0x14bf07 @ 0x54bf07 vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638016 registers.edi: 273 registers.eax: 134299648 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134299648 registers.ecx: 1638264	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1a81ac @ 0x5a81ac vbeditcontrol+0x17988a @ 0x57988a vbeditcontrol+0x14bf07 @ 0x54bf07 vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638016 registers.edi: 273 registers.eax: 134303744 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134303744 registers.ecx: 1638264	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1a81ac @ 0x5a81ac vbeditcontrol+0x17988a @ 0x57988a vbeditcontrol+0x14bf07 @ 0x54bf07 vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638016 registers.edi: 273 registers.eax: 134307840 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134307840 registers.ecx: 1638264	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1a81ac @ 0x5a81ac vbeditcontrol+0x17988a @ 0x57988a vbeditcontrol+0x14bf07 @ 0x54bf07 vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638016 registers.edi: 273 registers.eax: 134311936 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134311936 registers.ecx: 1638264	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1a81ac @ 0x5a81ac vbeditcontrol+0x17988a @ 0x57988a vbeditcontrol+0x14bf07 @ 0x54bf07 vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638016 registers.edi: 273 registers.eax: 134316032 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134316032 registers.ecx: 1638264	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1a81ac @ 0x5a81ac vbeditcontrol+0x17988a @ 0x57988a vbeditcontrol+0x14bf07 @ 0x54bf07 vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638016 registers.edi: 273 registers.eax: 134320128 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134320128 registers.ecx: 1638264	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1a81ac @ 0x5a81ac vbeditcontrol+0x17988a @ 0x57988a vbeditcontrol+0x14bf07 @ 0x54bf07 vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638016 registers.edi: 273 registers.eax: 134324224 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134324224 registers.ecx: 1638264	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1a81ac @ 0x5a81ac vbeditcontrol+0x17988a @ 0x57988a vbeditcontrol+0x14bf07 @ 0x54bf07 vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638016 registers.edi: 273 registers.eax: 134328320 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134328320 registers.ecx: 1638264	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1a81ac @ 0x5a81ac vbeditcontrol+0x17988a @ 0x57988a vbeditcontrol+0x14bf07 @ 0x54bf07 vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638016 registers.edi: 273 registers.eax: 134332416 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134332416 registers.ecx: 1638264	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1a81ac @ 0x5a81ac vbeditcontrol+0x17988a @ 0x57988a vbeditcontrol+0x14bf07 @ 0x54bf07 vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638016 registers.edi: 273 registers.eax: 134336512 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134336512 registers.ecx: 1638264	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1a81ac @ 0x5a81ac vbeditcontrol+0x17988a @ 0x57988a vbeditcontrol+0x14bf07 @ 0x54bf07 vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638016 registers.edi: 273 registers.eax: 134340608 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134340608 registers.ecx: 1638264	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1a81ac @ 0x5a81ac vbeditcontrol+0x17988a @ 0x57988a vbeditcontrol+0x14bf07 @ 0x54bf07 vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638016 registers.edi: 273 registers.eax: 134344704 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134344704 registers.ecx: 1638264	1
__exception__ Jan. 6, 2024, 10:37 a.m.	stacktrace: vbeditcontrol+0x1a81ac @ 0x5a81ac vbeditcontrol+0x17988a @ 0x57988a vbeditcontrol+0x14bf07 @ 0x54bf07 vbeditcontrol+0xc10ca @ 0x4c10ca BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 55 89 04 24 89 e0 05 04 00 00 exception.symbol: vbeditcontrol+0x155098 exception.instruction: push dword ptr [eax] exception.module: vbeditcontrol.exe exception.exception_code: 0xc0000005 exception.offset: 1396888 exception.address: 0x555098 registers.esp: 1638016 registers.edi: 273 registers.eax: 134348800 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134348800 registers.ecx: 1638264	1

Allocates read-write-execute memory (usually to unpack itself) (4 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Jan. 6, 2024, 10:37 a.m.	process_identifier: 2032 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 6, 2024, 10:37 a.m.	process_identifier: 2032 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 40960 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00401000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 6, 2024, 10:37 a.m.	process_identifier: 2032 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 20480 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040f000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 6, 2024, 10:37 a.m.	process_identifier: 2112 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Creates executable files on the filesystem (4 events)

file	C:\Users\test22\AppData\Local\Temp\is-L67OL.tmp\_isetup\_isdecmp.dll
file	C:\Users\test22\AppData\Local\Temp\is-L67OL.tmp\_isetup\_iscrypt.dll
file	C:\Program Files (x86)\VB Edit Control CRT\vbeditcontrol.exe
file	C:\Users\test22\AppData\Local\Temp\is-L67OL.tmp\_isetup\_shfoldr.dll

Drops an executable to the user AppData folder (5 events)

file	C:\Users\test22\AppData\Local\Temp\is-Q0N1Q.tmp\tuc6.tmp
file	C:\Users\test22\AppData\Local\Temp\is-L67OL.tmp\_isetup\_shfoldr.dll
file	C:\Users\test22\AppData\Local\Temp\is-L67OL.tmp\_isetup\_iscrypt.dll
file	C:\Users\test22\AppData\Local\Temp\is-L67OL.tmp\_isetup\_isdecmp.dll
file	C:\Users\test22\AppData\Local\Temp\is-L67OL.tmp\_isetup\_RegDLL.tmp

Queries for potentially installed applications (4 events)

Time & API	Arguments	Return
RegOpenKeyExA Jan. 6, 2024, 10:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\VB Edit Control CRT_is1 base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00000001 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\VB Edit Control CRT_is1	2
RegOpenKeyExA Jan. 6, 2024, 10:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\VB Edit Control CRT_is1 base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000001 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\VB Edit Control CRT_is1	2
RegOpenKeyExA Jan. 6, 2024, 10:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\VB Edit Control CRT_is1 base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00000008 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\VB Edit Control CRT_is1	2
RegOpenKeyExA Jan. 6, 2024, 10:37 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\VB Edit Control CRT_is1 base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000008 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\VB Edit Control CRT_is1	2

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ Jan. 6, 2024, 10:37 a.m.	tid: 2212 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

File has been identified by 34 AntiVirus engines on VirusTotal as malicious (34 events)

Lionic	Trojan.Win32.Ekstak.4!c
Skyhigh	BehavesLike.Win32.ObfuscatedPoly.rc
McAfee	Artemis!E0FA0F17C56C
Cylance	unsafe
Sangfor	Dropper.Win32.Ekstak.V3i9
K7AntiVirus	Trojan ( 005722fe1 )
K7GW	Trojan ( 005722fe1 )
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win32/TrojanDropper.Agent.SLC
Cynet	Malicious (score: 99)
Kaspersky	Trojan.Win32.Ekstak.aurfy
Avast	Win32:Malware-gen
Tencent	Win32.Trojan.Ekstak.Ydkl
Sophos	Mal/Generic-S
F-Secure	Trojan.TR/Drop.Agent.gleqd
DrWeb	Trojan.Siggen23.1455
TrendMicro	Trojan.Win32.PRIVATELOADER.YXEAAZ
Ikarus	Trojan-Dropper.Win32.Agent
Varist	W32/Agent.TWDG-6598
Avira	TR/Drop.Agent.gleqd
Kingsoft	Win32.Trojan.Ekstak.a
Microsoft	Trojan:Win32/ICLoader.JL!MTB
Gridinsoft	Trojan.Win32.Agent.ca
ZoneAlarm	Trojan.Win32.Ekstak.aurfy
GData	Win32.Trojan.Agent.PC5DAW
Google	Detected
AhnLab-V3	Trojan/Win.Malware-gen.R630244
Malwarebytes	Generic.Malware/Suspicious
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	Trojan.Win32.PRIVATELOADER.YXEAAZ
Fortinet	W32/Agent.SLC!tr
AVG	Win32:Malware-gen
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

tuc6.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All