Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Jan. 12, 2024, 7:55 a.m.	Jan. 12, 2024, 8:02 a.m.

Size	3.9MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, InnoSetup self-extracting archive
MD5	`eb7073f79738bc3871d8fdcdda2f6d07`
SHA256	`836702e8e9b5cc72d071836f7aece14f2f55103db492110feb3d1df399cb5a7e`
CRC32	`818D1B3C`
ssdeep	`98304:Ci5y4bUjbSiDmlFQh0GSRxSe5hbFSXQrUCngi+5PpkE:n5boj5D+yh0GSrSUbIALngrF`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file mzp_file_format - MZP(Delphi) file format ConfuserEx_Zero - Confuser .NET

tuc5.exe "C:\Users\test22\AppData\Local\Temp\tuc5.exe"
2544
- is-BUR5R.tmp "C:\Users\test22\AppData\Local\Temp\is-R5E0E.tmp\is-BUR5R.tmp" /SL4 $80178 "C:\Users\test22\AppData\Local\Temp\tuc5.exe" 3871317 52224
  2600
  - net.exe "C:\Windows\system32\net.exe" helpmsg 1113
    2712
    - net1.exe C:\Windows\system32\net1 helpmsg 1113
      2820
  - pcidevicechecker.exe "C:\Users\test22\AppData\Local\PCI Device Checker\pcidevicechecker.exe" -i
    2756
  - pcidevicechecker.exe "C:\Users\test22\AppData\Local\PCI Device Checker\pcidevicechecker.exe" -s
    2932

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
156.251.17.97	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA Jan. 12, 2024, 7:55 a.m.	computer_name: TEST22-PC	1	1	0

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Jan. 12, 2024, 7:55 a.m.			0	0

Command line console output was observed (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW Jan. 12, 2024, 7:55 a.m.	buffer: No mapping for the Unicode character exists in the target multi-byte code page. console_handle: 0x00000007	1	1	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Jan. 12, 2024, 7:55 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section	CODE
section	DATA
section	BSS

One or more processes crashed (50 out of 131074 events)

Time & API	Arguments	Status
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: is-bur5r+0x40672 @ 0x440672 is-bur5r+0x424b7 @ 0x4424b7 is-bur5r+0x47b24 @ 0x447b24 is-bur5r+0x3da85 @ 0x43da85 is-bur5r+0x3c9bb @ 0x43c9bb is-bur5r+0x874cc @ 0x4874cc is-bur5r+0x750c4 @ 0x4750c4 is-bur5r+0x8b184 @ 0x48b184 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 06 c7 45 fc fe ff ff ff 85 db 0f 85 97 34 00 exception.symbol: WNetCloseEnum+0x14 WNetOpenEnumW-0x11c mpr+0x2dea exception.instruction: mov eax, dword ptr [esi] exception.module: mpr.dll exception.exception_code: 0xc0000005 exception.offset: 11754 exception.address: 0x73bf2dea registers.esp: 1637616 registers.edi: 36331716 registers.eax: 1637644 registers.ebp: 1637660 registers.edx: 44 registers.ebx: 0 registers.esi: 44 registers.ecx: 0	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: is-bur5r+0x3d5aa @ 0x43d5aa is-bur5r+0x3c9bb @ 0x43c9bb is-bur5r+0x874cc @ 0x4874cc is-bur5r+0x750c4 @ 0x4750c4 is-bur5r+0x8b184 @ 0x48b184 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: f7 37 89 06 e9 dd 07 00 00 8b 06 33 d2 8a 17 8b exception.symbol: is-bur5r+0x3a89f exception.instruction: div dword ptr [edi] exception.module: is-BUR5R.tmp exception.exception_code: 0xc0000094 exception.offset: 239775 exception.address: 0x43a89f registers.esp: 1637788 registers.edi: 36327172 registers.eax: 16860220 registers.ebp: 1637868 registers.edx: 0 registers.ebx: 1 registers.esi: 36327164 registers.ecx: 36327172	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x194857 @ 0x594857 pcidevicechecker+0x1d6c73 @ 0x5d6c73 pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638008 registers.edi: 0 registers.eax: 1968959488 registers.ebp: 1638048 registers.edx: 1968959488 registers.ebx: 0 registers.esi: 7614168 registers.ecx: 1968959488	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x194857 @ 0x594857 pcidevicechecker+0x1d6c73 @ 0x5d6c73 pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638008 registers.edi: 0 registers.eax: 1968955392 registers.ebp: 1638048 registers.edx: 1968955392 registers.ebx: 0 registers.esi: 7614168 registers.ecx: 1968955392	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x194857 @ 0x594857 pcidevicechecker+0x1d6c73 @ 0x5d6c73 pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638008 registers.edi: 0 registers.eax: 1968951296 registers.ebp: 1638048 registers.edx: 1968951296 registers.ebx: 0 registers.esi: 7614168 registers.ecx: 1968951296	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x194857 @ 0x594857 pcidevicechecker+0x1d6c73 @ 0x5d6c73 pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638008 registers.edi: 0 registers.eax: 1968947200 registers.ebp: 1638048 registers.edx: 1968947200 registers.ebx: 0 registers.esi: 7614168 registers.ecx: 1968947200	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x194857 @ 0x594857 pcidevicechecker+0x1d6c73 @ 0x5d6c73 pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638008 registers.edi: 0 registers.eax: 1968943104 registers.ebp: 1638048 registers.edx: 1968943104 registers.ebx: 0 registers.esi: 7614168 registers.ecx: 1968943104	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x194857 @ 0x594857 pcidevicechecker+0x1d6c73 @ 0x5d6c73 pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638008 registers.edi: 0 registers.eax: 1968939008 registers.ebp: 1638048 registers.edx: 1968939008 registers.ebx: 0 registers.esi: 7614168 registers.ecx: 1968939008	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x194857 @ 0x594857 pcidevicechecker+0x1d6c73 @ 0x5d6c73 pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638008 registers.edi: 0 registers.eax: 1968934912 registers.ebp: 1638048 registers.edx: 1968934912 registers.ebx: 0 registers.esi: 7614168 registers.ecx: 1968934912	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x194857 @ 0x594857 pcidevicechecker+0x1d6c73 @ 0x5d6c73 pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638008 registers.edi: 0 registers.eax: 1968930816 registers.ebp: 1638048 registers.edx: 1968930816 registers.ebx: 0 registers.esi: 7614168 registers.ecx: 1968930816	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x194857 @ 0x594857 pcidevicechecker+0x1d6c73 @ 0x5d6c73 pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638008 registers.edi: 0 registers.eax: 1968926720 registers.ebp: 1638048 registers.edx: 1968926720 registers.ebx: 0 registers.esi: 7614168 registers.ecx: 1968926720	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x194857 @ 0x594857 pcidevicechecker+0x1d6c73 @ 0x5d6c73 pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638008 registers.edi: 0 registers.eax: 1968922624 registers.ebp: 1638048 registers.edx: 1968922624 registers.ebx: 0 registers.esi: 7614168 registers.ecx: 1968922624	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x194857 @ 0x594857 pcidevicechecker+0x1d6c73 @ 0x5d6c73 pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638008 registers.edi: 0 registers.eax: 1968918528 registers.ebp: 1638048 registers.edx: 1968918528 registers.ebx: 0 registers.esi: 7614168 registers.ecx: 1968918528	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x194857 @ 0x594857 pcidevicechecker+0x1d6c73 @ 0x5d6c73 pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638008 registers.edi: 0 registers.eax: 1968914432 registers.ebp: 1638048 registers.edx: 1968914432 registers.ebx: 0 registers.esi: 7614168 registers.ecx: 1968914432	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x194857 @ 0x594857 pcidevicechecker+0x1d6c73 @ 0x5d6c73 pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638008 registers.edi: 0 registers.eax: 1968910336 registers.ebp: 1638048 registers.edx: 1968910336 registers.ebx: 0 registers.esi: 7614168 registers.ecx: 1968910336	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x194857 @ 0x594857 pcidevicechecker+0x1d6c73 @ 0x5d6c73 pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638008 registers.edi: 0 registers.eax: 1968906240 registers.ebp: 1638048 registers.edx: 1968906240 registers.ebx: 0 registers.esi: 7614168 registers.ecx: 1968906240	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x194857 @ 0x594857 pcidevicechecker+0x1d6c73 @ 0x5d6c73 pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638008 registers.edi: 0 registers.eax: 1968902144 registers.ebp: 1638048 registers.edx: 1968902144 registers.ebx: 0 registers.esi: 7614168 registers.ecx: 1968902144	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x1d8561 @ 0x5d8561 pcidevicechecker+0x1cd363 @ 0x5cd363 pcidevicechecker+0x1d6c7d @ 0x5d6c7d pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638016 registers.edi: 4371 registers.eax: 134217728 registers.ebp: 1638056 registers.edx: 35 registers.ebx: 0 registers.esi: 134217728 registers.ecx: 1995571744	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x1d8561 @ 0x5d8561 pcidevicechecker+0x1cd363 @ 0x5cd363 pcidevicechecker+0x1d6c7d @ 0x5d6c7d pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638016 registers.edi: 4371 registers.eax: 134221824 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134221824 registers.ecx: 1638264	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x1d8561 @ 0x5d8561 pcidevicechecker+0x1cd363 @ 0x5cd363 pcidevicechecker+0x1d6c7d @ 0x5d6c7d pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638016 registers.edi: 4371 registers.eax: 134225920 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134225920 registers.ecx: 1638264	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x1d8561 @ 0x5d8561 pcidevicechecker+0x1cd363 @ 0x5cd363 pcidevicechecker+0x1d6c7d @ 0x5d6c7d pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638016 registers.edi: 4371 registers.eax: 134230016 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134230016 registers.ecx: 1638264	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x1d8561 @ 0x5d8561 pcidevicechecker+0x1cd363 @ 0x5cd363 pcidevicechecker+0x1d6c7d @ 0x5d6c7d pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638016 registers.edi: 4371 registers.eax: 134234112 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134234112 registers.ecx: 1638264	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x1d8561 @ 0x5d8561 pcidevicechecker+0x1cd363 @ 0x5cd363 pcidevicechecker+0x1d6c7d @ 0x5d6c7d pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638016 registers.edi: 4371 registers.eax: 134238208 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134238208 registers.ecx: 1638264	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x1d8561 @ 0x5d8561 pcidevicechecker+0x1cd363 @ 0x5cd363 pcidevicechecker+0x1d6c7d @ 0x5d6c7d pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638016 registers.edi: 4371 registers.eax: 134242304 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134242304 registers.ecx: 1638264	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x1d8561 @ 0x5d8561 pcidevicechecker+0x1cd363 @ 0x5cd363 pcidevicechecker+0x1d6c7d @ 0x5d6c7d pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638016 registers.edi: 4371 registers.eax: 134246400 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134246400 registers.ecx: 1638264	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x1d8561 @ 0x5d8561 pcidevicechecker+0x1cd363 @ 0x5cd363 pcidevicechecker+0x1d6c7d @ 0x5d6c7d pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638016 registers.edi: 4371 registers.eax: 134250496 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134250496 registers.ecx: 1638264	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x1d8561 @ 0x5d8561 pcidevicechecker+0x1cd363 @ 0x5cd363 pcidevicechecker+0x1d6c7d @ 0x5d6c7d pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638016 registers.edi: 4371 registers.eax: 134254592 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134254592 registers.ecx: 1638264	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x1d8561 @ 0x5d8561 pcidevicechecker+0x1cd363 @ 0x5cd363 pcidevicechecker+0x1d6c7d @ 0x5d6c7d pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638016 registers.edi: 4371 registers.eax: 134258688 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134258688 registers.ecx: 1638264	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x1d8561 @ 0x5d8561 pcidevicechecker+0x1cd363 @ 0x5cd363 pcidevicechecker+0x1d6c7d @ 0x5d6c7d pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638016 registers.edi: 4371 registers.eax: 134262784 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134262784 registers.ecx: 1638264	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x1d8561 @ 0x5d8561 pcidevicechecker+0x1cd363 @ 0x5cd363 pcidevicechecker+0x1d6c7d @ 0x5d6c7d pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638016 registers.edi: 4371 registers.eax: 134266880 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134266880 registers.ecx: 1638264	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x1d8561 @ 0x5d8561 pcidevicechecker+0x1cd363 @ 0x5cd363 pcidevicechecker+0x1d6c7d @ 0x5d6c7d pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638016 registers.edi: 4371 registers.eax: 134270976 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134270976 registers.ecx: 1638264	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x1d8561 @ 0x5d8561 pcidevicechecker+0x1cd363 @ 0x5cd363 pcidevicechecker+0x1d6c7d @ 0x5d6c7d pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638016 registers.edi: 4371 registers.eax: 134275072 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134275072 registers.ecx: 1638264	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x1d8561 @ 0x5d8561 pcidevicechecker+0x1cd363 @ 0x5cd363 pcidevicechecker+0x1d6c7d @ 0x5d6c7d pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638016 registers.edi: 4371 registers.eax: 134279168 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134279168 registers.ecx: 1638264	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x1d8561 @ 0x5d8561 pcidevicechecker+0x1cd363 @ 0x5cd363 pcidevicechecker+0x1d6c7d @ 0x5d6c7d pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638016 registers.edi: 4371 registers.eax: 134283264 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134283264 registers.ecx: 1638264	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x1d8561 @ 0x5d8561 pcidevicechecker+0x1cd363 @ 0x5cd363 pcidevicechecker+0x1d6c7d @ 0x5d6c7d pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638016 registers.edi: 4371 registers.eax: 134287360 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134287360 registers.ecx: 1638264	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x1d8561 @ 0x5d8561 pcidevicechecker+0x1cd363 @ 0x5cd363 pcidevicechecker+0x1d6c7d @ 0x5d6c7d pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638016 registers.edi: 4371 registers.eax: 134291456 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134291456 registers.ecx: 1638264	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x1d8561 @ 0x5d8561 pcidevicechecker+0x1cd363 @ 0x5cd363 pcidevicechecker+0x1d6c7d @ 0x5d6c7d pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638016 registers.edi: 4371 registers.eax: 134295552 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134295552 registers.ecx: 1638264	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x1d8561 @ 0x5d8561 pcidevicechecker+0x1cd363 @ 0x5cd363 pcidevicechecker+0x1d6c7d @ 0x5d6c7d pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638016 registers.edi: 4371 registers.eax: 134299648 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134299648 registers.ecx: 1638264	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x1d8561 @ 0x5d8561 pcidevicechecker+0x1cd363 @ 0x5cd363 pcidevicechecker+0x1d6c7d @ 0x5d6c7d pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638016 registers.edi: 4371 registers.eax: 134303744 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134303744 registers.ecx: 1638264	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x1d8561 @ 0x5d8561 pcidevicechecker+0x1cd363 @ 0x5cd363 pcidevicechecker+0x1d6c7d @ 0x5d6c7d pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638016 registers.edi: 4371 registers.eax: 134307840 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134307840 registers.ecx: 1638264	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x1d8561 @ 0x5d8561 pcidevicechecker+0x1cd363 @ 0x5cd363 pcidevicechecker+0x1d6c7d @ 0x5d6c7d pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638016 registers.edi: 4371 registers.eax: 134311936 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134311936 registers.ecx: 1638264	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x1d8561 @ 0x5d8561 pcidevicechecker+0x1cd363 @ 0x5cd363 pcidevicechecker+0x1d6c7d @ 0x5d6c7d pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638016 registers.edi: 4371 registers.eax: 134316032 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134316032 registers.ecx: 1638264	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x1d8561 @ 0x5d8561 pcidevicechecker+0x1cd363 @ 0x5cd363 pcidevicechecker+0x1d6c7d @ 0x5d6c7d pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638016 registers.edi: 4371 registers.eax: 134320128 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134320128 registers.ecx: 1638264	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x1d8561 @ 0x5d8561 pcidevicechecker+0x1cd363 @ 0x5cd363 pcidevicechecker+0x1d6c7d @ 0x5d6c7d pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638016 registers.edi: 4371 registers.eax: 134324224 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134324224 registers.ecx: 1638264	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x1d8561 @ 0x5d8561 pcidevicechecker+0x1cd363 @ 0x5cd363 pcidevicechecker+0x1d6c7d @ 0x5d6c7d pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638016 registers.edi: 4371 registers.eax: 134328320 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134328320 registers.ecx: 1638264	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x1d8561 @ 0x5d8561 pcidevicechecker+0x1cd363 @ 0x5cd363 pcidevicechecker+0x1d6c7d @ 0x5d6c7d pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638016 registers.edi: 4371 registers.eax: 134332416 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134332416 registers.ecx: 1638264	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x1d8561 @ 0x5d8561 pcidevicechecker+0x1cd363 @ 0x5cd363 pcidevicechecker+0x1d6c7d @ 0x5d6c7d pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638016 registers.edi: 4371 registers.eax: 134336512 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134336512 registers.ecx: 1638264	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x1d8561 @ 0x5d8561 pcidevicechecker+0x1cd363 @ 0x5cd363 pcidevicechecker+0x1d6c7d @ 0x5d6c7d pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638016 registers.edi: 4371 registers.eax: 134340608 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134340608 registers.ecx: 1638264	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x1d8561 @ 0x5d8561 pcidevicechecker+0x1cd363 @ 0x5cd363 pcidevicechecker+0x1d6c7d @ 0x5d6c7d pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638016 registers.edi: 4371 registers.eax: 134344704 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134344704 registers.ecx: 1638264	1
__exception__ Jan. 12, 2024, 7:55 a.m.	stacktrace: pcidevicechecker+0x1d8561 @ 0x5d8561 pcidevicechecker+0x1cd363 @ 0x5cd363 pcidevicechecker+0x1d6c7d @ 0x5d6c7d pcidevicechecker+0xb34ea @ 0x4b34ea BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 30 8b 04 24 50 54 58 05 04 00 00 00 56 be 04 exception.symbol: pcidevicechecker+0x1d526f exception.instruction: push dword ptr [eax] exception.module: pcidevicechecker.exe exception.exception_code: 0xc0000005 exception.offset: 1921647 exception.address: 0x5d526f registers.esp: 1638016 registers.edi: 4371 registers.eax: 134348800 registers.ebp: 1638056 registers.edx: 0 registers.ebx: 0 registers.esi: 134348800 registers.ecx: 1638264	1

Allocates read-write-execute memory (usually to unpack itself) (15 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Jan. 12, 2024, 7:55 a.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 12, 2024, 7:55 a.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 36864 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00401000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 12, 2024, 7:55 a.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 20480 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040e000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 12, 2024, 7:55 a.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72dd1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 12, 2024, 7:55 a.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x732d4000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 12, 2024, 7:55 a.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72dd2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2024, 7:55 a.m.	process_identifier: 2600 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 12, 2024, 7:55 a.m.	process_identifier: 2600 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72dd1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 12, 2024, 7:55 a.m.	process_identifier: 2600 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x732d4000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 12, 2024, 7:55 a.m.	process_identifier: 2600 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72dd2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 12, 2024, 7:55 a.m.	process_identifier: 2600 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72ac1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 12, 2024, 7:55 a.m.	process_identifier: 2600 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75b71000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 12, 2024, 7:55 a.m.	process_identifier: 2600 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73bb1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 12, 2024, 7:55 a.m.	process_identifier: 2756 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72911000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 12, 2024, 7:56 a.m.	process_identifier: 2932 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x728f1000 process_handle: 0xffffffff	1

Creates executable files on the filesystem (3 events)

file	C:\Users\test22\AppData\Local\PCI Device Checker\pcidevicechecker.exe
file	C:\Users\test22\AppData\Local\Temp\is-2PAID.tmp\_isetup\_shfoldr.dll
file	C:\Users\test22\AppData\Local\Temp\is-2PAID.tmp\_iscrypt.dll

Drops an executable to the user AppData folder (2 events)

file	C:\Users\test22\AppData\Local\Temp\is-2PAID.tmp\_isetup\_shfoldr.dll
file	C:\Users\test22\AppData\Local\Temp\is-2PAID.tmp\_iscrypt.dll

Checks for the Locally Unique Identifier on the system for a suspicious privilege (2 events)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW Jan. 12, 2024, 7:56 a.m.	system_name: privilege_name: SeRestorePrivilege	1	1	0
LookupPrivilegeValueW Jan. 12, 2024, 7:56 a.m.	system_name: privilege_name: SeBackupPrivilege	1	1	0

Queries for potentially installed applications (4 events)

Time & API	Arguments	Return
RegOpenKeyExA Jan. 12, 2024, 7:55 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\PCI Device Checker_is1 base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00000001 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\PCI Device Checker_is1	2
RegOpenKeyExA Jan. 12, 2024, 7:55 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\PCI Device Checker_is1 base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000001 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PCI Device Checker_is1	2
RegOpenKeyExA Jan. 12, 2024, 7:55 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\PCI Device Checker_is1 base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00000008 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\PCI Device Checker_is1	2
RegOpenKeyExA Jan. 12, 2024, 7:55 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\PCI Device Checker_is1 base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000008 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PCI Device Checker_is1	2

Uses Windows utilities for basic Windows functionality (1 event)

cmdline

"C:\Windows\system32\net.exe" helpmsg 1113

Communicates with host for which no DNS query was performed (1 event)

host

156.251.17.97

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ Jan. 12, 2024, 7:56 a.m.	tid: 2760 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

File has been identified by 25 AntiVirus engines on VirusTotal as malicious (25 events)

Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (moderate confidence)
Skyhigh	BehavesLike.Win32.ObfuscatedPoly.wc
Cylance	unsafe
VIPRE	Gen:Heur.Munp.1
Sangfor	Trojan.Win32.Agent.Vwvq
BitDefender	Gen:Heur.Munp.1
Arcabit	Trojan.Munp.1
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win32/TrojanDropper.Agent.SLC
McAfee	Artemis!EB7073F79738
Avast	FileRepMalware [Adw]
Kaspersky	UDS:DangerousObject.Multi.Generic
MicroWorld-eScan	Gen:Heur.Munp.1
Emsisoft	Gen:Heur.Munp.1 (B)
Sophos	Generic Reputation PUA (PUA)
Webroot	W32.Malware.Gen
Kingsoft	Win32.Troj.Unknown.a
Microsoft	Trojan:Win32/Emotet!ml
ZoneAlarm	UDS:DangerousObject.Multi.Generic
GData	Win32.Trojan.PSE.SRMNXW
DeepInstinct	MALICIOUS
Malwarebytes	Floxif.Virus.FileInfector.DDS
Fortinet	W32/Agent.SLC!tr
AVG	FileRepMalware [Adw]

tuc5.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All