Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	March 20, 2024, 7:55 a.m.	March 20, 2024, 8:06 a.m.

Size	1.9MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`86c2ded51a3ad876245df827a115d8da`
SHA256	`e1bb37e9940955024cfb28f359da135788a97438853156ffc978e14f39a7f277`
CRC32	`124EAA8D`
ssdeep	`49152:32iGFB6xLUbL29RsAfg1yw2nnSsWpQeM9niqDtGyoU6eVXeURgml:m9UxIuVnsQnQ65XfRgml`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) mzp_file_format - MZP(Delphi) file format Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file

june.exe "C:\Users\test22\AppData\Local\Temp\june.exe"
1440
- june.tmp "C:\Users\test22\AppData\Local\Temp\is-C76VR.tmp\june.tmp" /SL5="$30028,1683401,54272,C:\Users\test22\AppData\Local\Temp\june.exe"
  2120
  - rcpcpruler.exe "C:\Users\test22\AppData\Local\RCP SPRuler\rcpcpruler.exe" -i
    2220
  - rcpcpruler.exe "C:\Users\test22\AppData\Local\RCP SPRuler\rcpcpruler.exe" -s
    2456

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
104.26.4.15	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA March 20, 2024, 7:55 a.m.	computer_name: TEST22-PC	1	1	0

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent March 20, 2024, 7:55 a.m.			0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section	CODE
section	DATA
section	BSS

One or more processes crashed (50 out of 131075 events)

Time & API	Arguments	Status
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: acmStreamClose+0x11 acmDriverID-0x21b4 msacm32+0x4873 @ 0x742a4873 june+0x40c42 @ 0x440c42 june+0x42a87 @ 0x442a87 june+0x48150 @ 0x448150 june+0x3e055 @ 0x43e055 june+0x3cf8b @ 0x43cf8b june+0x8ed0c @ 0x48ed0c june+0x7b393 @ 0x47b393 june+0x92a60 @ 0x492a60 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 02 0f 94 c1 8b c1 eb be 90 90 90 90 90 8b ff exception.instruction: cmp eax, dword ptr [edx] exception.exception_code: 0xc0000005 exception.symbol: acmStreamSize+0x123 acmStreamClose-0x51 msacm32+0x4811 exception.address: 0x742a4811 registers.esp: 1637588 registers.edi: 30519976 registers.eax: 3 registers.ebp: 1637632 registers.edx: 3193 registers.ebx: 8 registers.esi: 3193 registers.ecx: 0	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: june+0x40c42 @ 0x440c42 june+0x42a87 @ 0x442a87 june+0x48150 @ 0x448150 june+0x3e055 @ 0x43e055 june+0x3cf8b @ 0x43cf8b june+0x8ed0c @ 0x48ed0c june+0x7b393 @ 0x47b393 june+0x92a60 @ 0x492a60 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 06 c7 45 fc fe ff ff ff 85 db 0f 85 97 34 00 exception.symbol: WNetCloseEnum+0x14 WNetOpenEnumW-0x11c mpr+0x2dea exception.instruction: mov eax, dword ptr [esi] exception.module: mpr.dll exception.exception_code: 0xc0000005 exception.offset: 11754 exception.address: 0x74412dea registers.esp: 1637612 registers.edi: 30520044 registers.eax: 1637640 registers.ebp: 1637656 registers.edx: 44 registers.ebx: 0 registers.esi: 44 registers.ecx: 0	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: june+0x3db7a @ 0x43db7a june+0x3cf8b @ 0x43cf8b june+0x8ed0c @ 0x48ed0c june+0x7b393 @ 0x47b393 june+0x92a60 @ 0x492a60 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: f7 37 89 06 e9 dd 07 00 00 8b 06 33 d2 8a 17 8b exception.symbol: june+0x3ae6f exception.instruction: div dword ptr [edi] exception.module: june.tmp exception.exception_code: 0xc0000094 exception.offset: 241263 exception.address: 0x43ae6f registers.esp: 1637784 registers.edi: 30541940 registers.eax: 25311111 registers.ebp: 1637864 registers.edx: 0 registers.ebx: 1 registers.esi: 30541932 registers.ecx: 30541940	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x17a38 @ 0x417a38 rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 06 c7 45 fc fe ff ff ff 85 db 0f 85 97 34 00 exception.symbol: WNetCloseEnum+0x14 WNetOpenEnumW-0x11c mpr+0x2dea exception.instruction: mov eax, dword ptr [esi] exception.module: MPR.dll exception.exception_code: 0xc0000005 exception.offset: 11754 exception.address: 0x74412dea registers.esp: 1638032 registers.edi: 1969461956 registers.eax: 1638060 registers.ebp: 1638076 registers.edx: 582600 registers.ebx: 0 registers.esi: 5 registers.ecx: 1466433536	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x1d9825 @ 0x5d9825 rcpcpruler+0x1c890d @ 0x5c890d rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638000 registers.edi: 0 registers.eax: 1971253248 registers.ebp: 1638052 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x1d9825 @ 0x5d9825 rcpcpruler+0x1c890d @ 0x5c890d rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638000 registers.edi: 0 registers.eax: 1971249152 registers.ebp: 1638052 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x1d9825 @ 0x5d9825 rcpcpruler+0x1c890d @ 0x5c890d rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638000 registers.edi: 0 registers.eax: 1971245056 registers.ebp: 1638052 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x1d9825 @ 0x5d9825 rcpcpruler+0x1c890d @ 0x5c890d rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638000 registers.edi: 0 registers.eax: 1971240960 registers.ebp: 1638052 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x1d9825 @ 0x5d9825 rcpcpruler+0x1c890d @ 0x5c890d rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638000 registers.edi: 0 registers.eax: 1971236864 registers.ebp: 1638052 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x1d9825 @ 0x5d9825 rcpcpruler+0x1c890d @ 0x5c890d rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638000 registers.edi: 0 registers.eax: 1971232768 registers.ebp: 1638052 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x1d9825 @ 0x5d9825 rcpcpruler+0x1c890d @ 0x5c890d rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638000 registers.edi: 0 registers.eax: 1971228672 registers.ebp: 1638052 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x1d9825 @ 0x5d9825 rcpcpruler+0x1c890d @ 0x5c890d rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638000 registers.edi: 0 registers.eax: 1971224576 registers.ebp: 1638052 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x1d9825 @ 0x5d9825 rcpcpruler+0x1c890d @ 0x5c890d rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638000 registers.edi: 0 registers.eax: 1971220480 registers.ebp: 1638052 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x1d9825 @ 0x5d9825 rcpcpruler+0x1c890d @ 0x5c890d rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638000 registers.edi: 0 registers.eax: 1971216384 registers.ebp: 1638052 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x1d9825 @ 0x5d9825 rcpcpruler+0x1c890d @ 0x5c890d rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638000 registers.edi: 0 registers.eax: 1971212288 registers.ebp: 1638052 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x1d9825 @ 0x5d9825 rcpcpruler+0x1c890d @ 0x5c890d rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638000 registers.edi: 0 registers.eax: 1971208192 registers.ebp: 1638052 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x1d9825 @ 0x5d9825 rcpcpruler+0x1c890d @ 0x5c890d rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638000 registers.edi: 0 registers.eax: 1971204096 registers.ebp: 1638052 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x1d9825 @ 0x5d9825 rcpcpruler+0x1c890d @ 0x5c890d rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638000 registers.edi: 0 registers.eax: 1971200000 registers.ebp: 1638052 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x1d9825 @ 0x5d9825 rcpcpruler+0x1c890d @ 0x5c890d rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638000 registers.edi: 0 registers.eax: 1971195904 registers.ebp: 1638052 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x18ac0d @ 0x58ac0d rcpcpruler+0x13cb09 @ 0x53cb09 rcpcpruler+0x1cebac @ 0x5cebac rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638008 registers.edi: 12690 registers.eax: 134217728 registers.ebp: 1638060 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 134217728 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x18ac0d @ 0x58ac0d rcpcpruler+0x13cb09 @ 0x53cb09 rcpcpruler+0x1cebac @ 0x5cebac rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638008 registers.edi: 12690 registers.eax: 134221824 registers.ebp: 1638060 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 134221824 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x18ac0d @ 0x58ac0d rcpcpruler+0x13cb09 @ 0x53cb09 rcpcpruler+0x1cebac @ 0x5cebac rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638008 registers.edi: 12690 registers.eax: 134225920 registers.ebp: 1638060 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 134225920 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x18ac0d @ 0x58ac0d rcpcpruler+0x13cb09 @ 0x53cb09 rcpcpruler+0x1cebac @ 0x5cebac rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638008 registers.edi: 12690 registers.eax: 134230016 registers.ebp: 1638060 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 134230016 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x18ac0d @ 0x58ac0d rcpcpruler+0x13cb09 @ 0x53cb09 rcpcpruler+0x1cebac @ 0x5cebac rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638008 registers.edi: 12690 registers.eax: 134234112 registers.ebp: 1638060 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 134234112 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x18ac0d @ 0x58ac0d rcpcpruler+0x13cb09 @ 0x53cb09 rcpcpruler+0x1cebac @ 0x5cebac rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638008 registers.edi: 12690 registers.eax: 134238208 registers.ebp: 1638060 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 134238208 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x18ac0d @ 0x58ac0d rcpcpruler+0x13cb09 @ 0x53cb09 rcpcpruler+0x1cebac @ 0x5cebac rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638008 registers.edi: 12690 registers.eax: 134242304 registers.ebp: 1638060 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 134242304 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x18ac0d @ 0x58ac0d rcpcpruler+0x13cb09 @ 0x53cb09 rcpcpruler+0x1cebac @ 0x5cebac rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638008 registers.edi: 12690 registers.eax: 134246400 registers.ebp: 1638060 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 134246400 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x18ac0d @ 0x58ac0d rcpcpruler+0x13cb09 @ 0x53cb09 rcpcpruler+0x1cebac @ 0x5cebac rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638008 registers.edi: 12690 registers.eax: 134250496 registers.ebp: 1638060 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 134250496 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x18ac0d @ 0x58ac0d rcpcpruler+0x13cb09 @ 0x53cb09 rcpcpruler+0x1cebac @ 0x5cebac rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638008 registers.edi: 12690 registers.eax: 134254592 registers.ebp: 1638060 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 134254592 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x18ac0d @ 0x58ac0d rcpcpruler+0x13cb09 @ 0x53cb09 rcpcpruler+0x1cebac @ 0x5cebac rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638008 registers.edi: 12690 registers.eax: 134258688 registers.ebp: 1638060 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 134258688 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x18ac0d @ 0x58ac0d rcpcpruler+0x13cb09 @ 0x53cb09 rcpcpruler+0x1cebac @ 0x5cebac rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638008 registers.edi: 12690 registers.eax: 134262784 registers.ebp: 1638060 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 134262784 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x18ac0d @ 0x58ac0d rcpcpruler+0x13cb09 @ 0x53cb09 rcpcpruler+0x1cebac @ 0x5cebac rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638008 registers.edi: 12690 registers.eax: 134266880 registers.ebp: 1638060 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 134266880 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x18ac0d @ 0x58ac0d rcpcpruler+0x13cb09 @ 0x53cb09 rcpcpruler+0x1cebac @ 0x5cebac rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638008 registers.edi: 12690 registers.eax: 134270976 registers.ebp: 1638060 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 134270976 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x18ac0d @ 0x58ac0d rcpcpruler+0x13cb09 @ 0x53cb09 rcpcpruler+0x1cebac @ 0x5cebac rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638008 registers.edi: 12690 registers.eax: 134275072 registers.ebp: 1638060 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 134275072 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x18ac0d @ 0x58ac0d rcpcpruler+0x13cb09 @ 0x53cb09 rcpcpruler+0x1cebac @ 0x5cebac rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638008 registers.edi: 12690 registers.eax: 134279168 registers.ebp: 1638060 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 134279168 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x18ac0d @ 0x58ac0d rcpcpruler+0x13cb09 @ 0x53cb09 rcpcpruler+0x1cebac @ 0x5cebac rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638008 registers.edi: 12690 registers.eax: 134283264 registers.ebp: 1638060 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 134283264 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x18ac0d @ 0x58ac0d rcpcpruler+0x13cb09 @ 0x53cb09 rcpcpruler+0x1cebac @ 0x5cebac rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638008 registers.edi: 12690 registers.eax: 134287360 registers.ebp: 1638060 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 134287360 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x18ac0d @ 0x58ac0d rcpcpruler+0x13cb09 @ 0x53cb09 rcpcpruler+0x1cebac @ 0x5cebac rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638008 registers.edi: 12690 registers.eax: 134291456 registers.ebp: 1638060 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 134291456 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x18ac0d @ 0x58ac0d rcpcpruler+0x13cb09 @ 0x53cb09 rcpcpruler+0x1cebac @ 0x5cebac rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638008 registers.edi: 12690 registers.eax: 134295552 registers.ebp: 1638060 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 134295552 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x18ac0d @ 0x58ac0d rcpcpruler+0x13cb09 @ 0x53cb09 rcpcpruler+0x1cebac @ 0x5cebac rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638008 registers.edi: 12690 registers.eax: 134299648 registers.ebp: 1638060 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 134299648 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x18ac0d @ 0x58ac0d rcpcpruler+0x13cb09 @ 0x53cb09 rcpcpruler+0x1cebac @ 0x5cebac rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638008 registers.edi: 12690 registers.eax: 134303744 registers.ebp: 1638060 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 134303744 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x18ac0d @ 0x58ac0d rcpcpruler+0x13cb09 @ 0x53cb09 rcpcpruler+0x1cebac @ 0x5cebac rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638008 registers.edi: 12690 registers.eax: 134307840 registers.ebp: 1638060 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 134307840 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x18ac0d @ 0x58ac0d rcpcpruler+0x13cb09 @ 0x53cb09 rcpcpruler+0x1cebac @ 0x5cebac rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638008 registers.edi: 12690 registers.eax: 134311936 registers.ebp: 1638060 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 134311936 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x18ac0d @ 0x58ac0d rcpcpruler+0x13cb09 @ 0x53cb09 rcpcpruler+0x1cebac @ 0x5cebac rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638008 registers.edi: 12690 registers.eax: 134316032 registers.ebp: 1638060 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 134316032 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x18ac0d @ 0x58ac0d rcpcpruler+0x13cb09 @ 0x53cb09 rcpcpruler+0x1cebac @ 0x5cebac rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638008 registers.edi: 12690 registers.eax: 134320128 registers.ebp: 1638060 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 134320128 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x18ac0d @ 0x58ac0d rcpcpruler+0x13cb09 @ 0x53cb09 rcpcpruler+0x1cebac @ 0x5cebac rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638008 registers.edi: 12690 registers.eax: 134324224 registers.ebp: 1638060 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 134324224 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x18ac0d @ 0x58ac0d rcpcpruler+0x13cb09 @ 0x53cb09 rcpcpruler+0x1cebac @ 0x5cebac rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638008 registers.edi: 12690 registers.eax: 134328320 registers.ebp: 1638060 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 134328320 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x18ac0d @ 0x58ac0d rcpcpruler+0x13cb09 @ 0x53cb09 rcpcpruler+0x1cebac @ 0x5cebac rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638008 registers.edi: 12690 registers.eax: 134332416 registers.ebp: 1638060 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 134332416 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x18ac0d @ 0x58ac0d rcpcpruler+0x13cb09 @ 0x53cb09 rcpcpruler+0x1cebac @ 0x5cebac rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638008 registers.edi: 12690 registers.eax: 134336512 registers.ebp: 1638060 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 134336512 registers.ecx: 11	1
__exception__ March 20, 2024, 7:55 a.m.	stacktrace: rcpcpruler+0x18ac0d @ 0x58ac0d rcpcpruler+0x13cb09 @ 0x53cb09 rcpcpruler+0x1cebac @ 0x5cebac rcpcpruler+0xb80c8 @ 0x4b80c8 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: ff 30 ff 34 24 58 56 54 5e 81 c6 04 00 00 00 81 exception.symbol: rcpcpruler+0x13cc08 exception.instruction: push dword ptr [eax] exception.module: rcpcpruler.exe exception.exception_code: 0xc0000005 exception.offset: 1297416 exception.address: 0x53cc08 registers.esp: 1638008 registers.edi: 12690 registers.eax: 134340608 registers.ebp: 1638060 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 134340608 registers.ecx: 11	1

Allocates read-write-execute memory (usually to unpack itself) (4 events)

Time & API	Arguments	Status
NtProtectVirtualMemory March 20, 2024, 7:55 a.m.	process_identifier: 1440 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 20, 2024, 7:55 a.m.	process_identifier: 1440 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 40960 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00401000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 20, 2024, 7:55 a.m.	process_identifier: 1440 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 20480 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040f000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 20, 2024, 7:55 a.m.	process_identifier: 2120 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00590000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Creates executable files on the filesystem (3 events)

file	C:\Users\test22\AppData\Local\Temp\is-6GRMF.tmp\_isetup\_shfoldr.dll
file	C:\Users\test22\AppData\Local\Temp\is-6GRMF.tmp\_isetup\_iscrypt.dll
file	C:\Users\test22\AppData\Local\RCP SPRuler\rcpcpruler.exe

Drops an executable to the user AppData folder (5 events)

file	C:\Users\test22\AppData\Local\RCP SPRuler\libgcc_s_dw2-1.dll
file	C:\Users\test22\AppData\Local\Temp\is-6GRMF.tmp\_isetup\_shfoldr.dll
file	C:\Users\test22\AppData\Local\Temp\is-6GRMF.tmp\_isetup\_iscrypt.dll
file	C:\Users\test22\AppData\Local\Temp\is-C76VR.tmp\june.tmp
file	C:\Users\test22\AppData\Local\Temp\is-6GRMF.tmp\_isetup\_RegDLL.tmp

File has been identified by 7 AntiVirus engines on VirusTotal as malicious (7 events)

Cynet	Malicious (score: 99)
ESET-NOD32	a variant of Win32/TrojanDropper.Agent.SLC
Kaspersky	VHO:Trojan.Win32.Convagent.gen
F-Secure	Heuristic.HEUR/AGEN.1372994
Ikarus	Trojan.Win32.Crypt
Avira	HEUR/AGEN.1372994
ZoneAlarm	VHO:Trojan.Win32.Convagent.gen

Queries for potentially installed applications (4 events)

Time & API	Arguments	Return
RegOpenKeyExA March 20, 2024, 7:55 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\RCP SPRuler_is1 base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00000001 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCP SPRuler_is1	2
RegOpenKeyExA March 20, 2024, 7:55 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\RCP SPRuler_is1 base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000001 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCP SPRuler_is1	2
RegOpenKeyExA March 20, 2024, 7:55 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\RCP SPRuler_is1 base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00000008 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCP SPRuler_is1	2
RegOpenKeyExA March 20, 2024, 7:55 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\RCP SPRuler_is1 base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000008 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RCP SPRuler_is1	2

Communicates with host for which no DNS query was performed (1 event)

host

104.26.4.15

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ March 20, 2024, 7:56 a.m.	tid: 2224 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

june.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All