Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 5, 2024, 11:04 a.m.	July 5, 2024, 11:06 a.m.

Size	4.4MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`7f69b1fa6c0a0fe8252b40794adc49c6`
SHA256	`68662d24f56c624dee35c36010f923a8bf8d14b8c779ad3dafe8dd6b81bb3431`
CRC32	`F6144EBA`
ssdeep	`98304:qEgDVCK+/UYWDr5WxSGu1ZU+dSKnNQ0AgaaroR4q5:eDVv+MYfu4QSKnNT18`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file mzp_file_format - MZP(Delphi) file format OS_Processor_Check_Zero - OS Processor Check

KuwaitSetupHockey.exe "C:\Users\test22\AppData\Local\Temp\KuwaitSetupHockey.exe"
2628
- KuwaitSetupHockey.tmp "C:\Users\test22\AppData\Local\Temp\is-70CNA.tmp\KuwaitSetupHockey.tmp" /SL5="$80178,3849412,851968,C:\Users\test22\AppData\Local\Temp\KuwaitSetupHockey.exe"
  2720
  - DataBase Kuwait.exe "C:\Program Files (x86)\Kuwait Ice Hockey DB\DataBase Kuwait.exe"
    2884
    - DataBase Kuwait.exe "C:\Program Files (x86)\Kuwait Ice Hockey DB\DataBase Kuwait.exe"
      2544
explorer.exe C:\Windows\Explorer.EXE
1452

Name	Response	Post-Analysis Lookup
ftpcluster.loopia.se	A 93.188.1.110	93.188.1.110
mysql682.loopia.se	CNAME s682.loopia.se A 93.188.1.8	93.188.1.8
mysql679.loopia.se	A 93.188.1.5 CNAME s679.loopia.se	93.188.1.5
www.srbreferee.com	A 93.188.2.53	93.188.2.53

IP Address	Status	Action
164.124.101.2	Active	Moloch
79.101.0.33	Active	Moloch
93.188.1.110	Active	Moloch
93.188.1.5	Active	Moloch
93.188.1.8	Active	Moloch
93.188.2.53	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 93.188.1.110:63686 -> 192.168.56.101:49193	2035480	ET HUNTING PE EXE Download over raw TCP	Misc activity
TCP 192.168.56.101:49193 -> 93.188.1.110:63686	2260003	SURICATA Applayer Protocol detection skipped	Generic Protocol Command Decode
TCP 192.168.56.101:49180 -> 93.188.1.110:61786	2260003	SURICATA Applayer Protocol detection skipped	Generic Protocol Command Decode
TCP 192.168.56.101:49181 -> 93.188.1.110:55469	2260003	SURICATA Applayer Protocol detection skipped	Generic Protocol Command Decode
TCP 192.168.56.101:49188 -> 93.188.1.110:49547	2260003	SURICATA Applayer Protocol detection skipped	Generic Protocol Command Decode
TCP 192.168.56.101:49182 -> 93.188.1.110:51703	2260003	SURICATA Applayer Protocol detection skipped	Generic Protocol Command Decode
TCP 192.168.56.101:49185 -> 93.188.1.110:57610	2260003	SURICATA Applayer Protocol detection skipped	Generic Protocol Command Decode
TCP 192.168.56.101:49186 -> 93.188.1.110:58507	2260003	SURICATA Applayer Protocol detection skipped	Generic Protocol Command Decode
TCP 93.188.1.110:60918 -> 192.168.56.101:49203	2035480	ET HUNTING PE EXE Download over raw TCP	Misc activity
TCP 192.168.56.101:49203 -> 93.188.1.110:60918	2260003	SURICATA Applayer Protocol detection skipped	Generic Protocol Command Decode
TCP 93.188.1.110:56787 -> 192.168.56.101:49202	2035480	ET HUNTING PE EXE Download over raw TCP	Misc activity
TCP 192.168.56.101:49202 -> 93.188.1.110:56787	2260003	SURICATA Applayer Protocol detection skipped	Generic Protocol Command Decode

Suricata TLS

No Suricata TLS

Queries for the computername (7 events)

Time & API	Arguments	Status	Return
GetComputerNameW July 5, 2024, 11:05 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 5, 2024, 11:05 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 5, 2024, 11:05 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 5, 2024, 11:05 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 5, 2024, 11:06 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 5, 2024, 11:06 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 5, 2024, 11:06 a.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent July 5, 2024, 11:04 a.m.			0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 5, 2024, 11:06 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 events)

section	.itext
section	.didata

One or more processes crashed (26 events)

Time & API	Arguments	Status
__exception__ July 5, 2024, 11:05 a.m.	stacktrace: TMethodImplementationIntercept+0x4daad8 dbkFCallWrapperAddr-0x41d958 database kuwait+0x546ce8 @ 0x946ce8 TMethodImplementationIntercept+0x4e053d dbkFCallWrapperAddr-0x417ef3 database kuwait+0x54c74d @ 0x94c74d TMethodImplementationIntercept+0x4da704 dbkFCallWrapperAddr-0x41dd2c database kuwait+0x546914 @ 0x946914 TMethodImplementationIntercept+0x51d0d0 dbkFCallWrapperAddr-0x3db360 database kuwait+0x5892e0 @ 0x9892e0 TMethodImplementationIntercept+0x5207a2 dbkFCallWrapperAddr-0x3d7c8e database kuwait+0x58c9b2 @ 0x98c9b2 TMethodImplementationIntercept+0x51c454 dbkFCallWrapperAddr-0x3dbfdc database kuwait+0x588664 @ 0x988664 TMethodImplementationIntercept+0x6334ad dbkFCallWrapperAddr-0x2c4f83 database kuwait+0x69f6bd @ 0xa9f6bd TMethodImplementationIntercept+0x633f57 dbkFCallWrapperAddr-0x2c44d9 database kuwait+0x6a0167 @ 0xaa0167 TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe461b dbkFCallWrapperAddr-0x813e15 database kuwait+0x15082b @ 0x55082b TMethodImplementationIntercept+0x63ab6 dbkFCallWrapperAddr-0x89497a database kuwait+0xcfcc6 @ 0x4cfcc6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x7585965e SendMessageW+0x4c GetAncestor-0xc0 user32+0x196c5 @ 0x758596c5 TMethodImplementationIntercept+0x1e7d65 dbkFCallWrapperAddr-0x7106cb database kuwait+0x253f75 @ 0x653f75 TMethodImplementationIntercept+0xe4c35 dbkFCallWrapperAddr-0x8137fb database kuwait+0x150e45 @ 0x550e45 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe461b dbkFCallWrapperAddr-0x813e15 database kuwait+0x15082b @ 0x55082b TMethodImplementationIntercept+0x63ab6 dbkFCallWrapperAddr-0x89497a database kuwait+0xcfcc6 @ 0x4cfcc6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75856de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75856e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x76f2011a TMethodImplementationIntercept+0x1eeaff dbkFCallWrapperAddr-0x709931 database kuwait+0x25ad0f @ 0x65ad0f TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe461b dbkFCallWrapperAddr-0x813e15 database kuwait+0x15082b @ 0x55082b TMethodImplementationIntercept+0x63ab6 dbkFCallWrapperAddr-0x89497a database kuwait+0xcfcc6 @ 0x4cfcc6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75856de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75856e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x76f2011a TMethodImplementationIntercept+0xe0469 dbkFCallWrapperAddr-0x817fc7 database kuwait+0x14c679 @ 0x54c679 TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe00a3 dbkFCallWrapperAddr-0x81838d database kuwait+0x14c2b3 @ 0x54c2b3 TMethodImplementationIntercept+0xe43c6 dbkFCallWrapperAddr-0x81406a database kuwait+0x1505d6 @ 0x5505d6 TMethodImplementationIntercept+0xe44d5 dbkFCallWrapperAddr-0x813f5b database kuwait+0x1506e5 @ 0x5506e5 TMethodImplementationIntercept+0xe71df dbkFCallWrapperAddr-0x811251 database kuwait+0x1533ef @ 0x5533ef TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe00a3 dbkFCallWrapperAddr-0x81838d database kuwait+0x14c2b3 @ 0x54c2b3 TMethodImplementationIntercept+0xdea53 dbkFCallWrapperAddr-0x8199dd database kuwait+0x14ac63 @ 0x54ac63 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634096 registers.edi: 9748144 registers.eax: 1634096 registers.ebp: 1634176 registers.edx: 0 registers.ebx: 9574401 registers.esi: 43839296 registers.ecx: 7	1
__exception__ July 5, 2024, 11:05 a.m.	stacktrace: TMethodImplementationIntercept+0x4daad8 dbkFCallWrapperAddr-0x41d958 database kuwait+0x546ce8 @ 0x946ce8 TMethodImplementationIntercept+0x4e053d dbkFCallWrapperAddr-0x417ef3 database kuwait+0x54c74d @ 0x94c74d TMethodImplementationIntercept+0x4da704 dbkFCallWrapperAddr-0x41dd2c database kuwait+0x546914 @ 0x946914 TMethodImplementationIntercept+0x51d0d0 dbkFCallWrapperAddr-0x3db360 database kuwait+0x5892e0 @ 0x9892e0 TMethodImplementationIntercept+0x51c1c7 dbkFCallWrapperAddr-0x3dc269 database kuwait+0x5883d7 @ 0x9883d7 TMethodImplementationIntercept+0x51c2ef dbkFCallWrapperAddr-0x3dc141 database kuwait+0x5884ff @ 0x9884ff TMethodImplementationIntercept+0x6332fa dbkFCallWrapperAddr-0x2c5136 database kuwait+0x69f50a @ 0xa9f50a TMethodImplementationIntercept+0x6334ff dbkFCallWrapperAddr-0x2c4f31 database kuwait+0x69f70f @ 0xa9f70f TMethodImplementationIntercept+0x633f57 dbkFCallWrapperAddr-0x2c44d9 database kuwait+0x6a0167 @ 0xaa0167 TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe461b dbkFCallWrapperAddr-0x813e15 database kuwait+0x15082b @ 0x55082b TMethodImplementationIntercept+0x63ab6 dbkFCallWrapperAddr-0x89497a database kuwait+0xcfcc6 @ 0x4cfcc6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x7585965e SendMessageW+0x4c GetAncestor-0xc0 user32+0x196c5 @ 0x758596c5 TMethodImplementationIntercept+0x1e7d65 dbkFCallWrapperAddr-0x7106cb database kuwait+0x253f75 @ 0x653f75 TMethodImplementationIntercept+0xe4c35 dbkFCallWrapperAddr-0x8137fb database kuwait+0x150e45 @ 0x550e45 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe461b dbkFCallWrapperAddr-0x813e15 database kuwait+0x15082b @ 0x55082b TMethodImplementationIntercept+0x63ab6 dbkFCallWrapperAddr-0x89497a database kuwait+0xcfcc6 @ 0x4cfcc6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75856de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75856e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x76f2011a TMethodImplementationIntercept+0x1eeaff dbkFCallWrapperAddr-0x709931 database kuwait+0x25ad0f @ 0x65ad0f TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe461b dbkFCallWrapperAddr-0x813e15 database kuwait+0x15082b @ 0x55082b TMethodImplementationIntercept+0x63ab6 dbkFCallWrapperAddr-0x89497a database kuwait+0xcfcc6 @ 0x4cfcc6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75856de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75856e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x76f2011a TMethodImplementationIntercept+0xe0469 dbkFCallWrapperAddr-0x817fc7 database kuwait+0x14c679 @ 0x54c679 TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe00a3 dbkFCallWrapperAddr-0x81838d database kuwait+0x14c2b3 @ 0x54c2b3 TMethodImplementationIntercept+0xe43c6 dbkFCallWrapperAddr-0x81406a database kuwait+0x1505d6 @ 0x5505d6 TMethodImplementationIntercept+0xe44d5 dbkFCallWrapperAddr-0x813f5b database kuwait+0x1506e5 @ 0x5506e5 TMethodImplementationIntercept+0xe71df dbkFCallWrapperAddr-0x811251 database kuwait+0x1533ef @ 0x5533ef TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe00a3 dbkFCallWrapperAddr-0x81838d database kuwait+0x14c2b3 @ 0x54c2b3 TMethodImplementationIntercept+0xdea53 dbkFCallWrapperAddr-0x8199dd database kuwait+0x14ac63 @ 0x54ac63 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634048 registers.edi: 9748144 registers.eax: 1634048 registers.ebp: 1634128 registers.edx: 0 registers.ebx: 9574401 registers.esi: 43840736 registers.ecx: 7	1
__exception__ July 5, 2024, 11:05 a.m.	stacktrace: TMethodImplementationIntercept+0x4daad8 dbkFCallWrapperAddr-0x41d958 database kuwait+0x546ce8 @ 0x946ce8 TMethodImplementationIntercept+0x4e053d dbkFCallWrapperAddr-0x417ef3 database kuwait+0x54c74d @ 0x94c74d TMethodImplementationIntercept+0x4da704 dbkFCallWrapperAddr-0x41dd2c database kuwait+0x546914 @ 0x946914 TMethodImplementationIntercept+0x51d0d0 dbkFCallWrapperAddr-0x3db360 database kuwait+0x5892e0 @ 0x9892e0 TMethodImplementationIntercept+0x51c1c7 dbkFCallWrapperAddr-0x3dc269 database kuwait+0x5883d7 @ 0x9883d7 TMethodImplementationIntercept+0x51c2ef dbkFCallWrapperAddr-0x3dc141 database kuwait+0x5884ff @ 0x9884ff TMethodImplementationIntercept+0x6332fa dbkFCallWrapperAddr-0x2c5136 database kuwait+0x69f50a @ 0xa9f50a TMethodImplementationIntercept+0x633517 dbkFCallWrapperAddr-0x2c4f19 database kuwait+0x69f727 @ 0xa9f727 TMethodImplementationIntercept+0x633f57 dbkFCallWrapperAddr-0x2c44d9 database kuwait+0x6a0167 @ 0xaa0167 TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe461b dbkFCallWrapperAddr-0x813e15 database kuwait+0x15082b @ 0x55082b TMethodImplementationIntercept+0x63ab6 dbkFCallWrapperAddr-0x89497a database kuwait+0xcfcc6 @ 0x4cfcc6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x7585965e SendMessageW+0x4c GetAncestor-0xc0 user32+0x196c5 @ 0x758596c5 TMethodImplementationIntercept+0x1e7d65 dbkFCallWrapperAddr-0x7106cb database kuwait+0x253f75 @ 0x653f75 TMethodImplementationIntercept+0xe4c35 dbkFCallWrapperAddr-0x8137fb database kuwait+0x150e45 @ 0x550e45 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe461b dbkFCallWrapperAddr-0x813e15 database kuwait+0x15082b @ 0x55082b TMethodImplementationIntercept+0x63ab6 dbkFCallWrapperAddr-0x89497a database kuwait+0xcfcc6 @ 0x4cfcc6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75856de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75856e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x76f2011a TMethodImplementationIntercept+0x1eeaff dbkFCallWrapperAddr-0x709931 database kuwait+0x25ad0f @ 0x65ad0f TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe461b dbkFCallWrapperAddr-0x813e15 database kuwait+0x15082b @ 0x55082b TMethodImplementationIntercept+0x63ab6 dbkFCallWrapperAddr-0x89497a database kuwait+0xcfcc6 @ 0x4cfcc6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75856de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75856e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x76f2011a TMethodImplementationIntercept+0xe0469 dbkFCallWrapperAddr-0x817fc7 database kuwait+0x14c679 @ 0x54c679 TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe00a3 dbkFCallWrapperAddr-0x81838d database kuwait+0x14c2b3 @ 0x54c2b3 TMethodImplementationIntercept+0xe43c6 dbkFCallWrapperAddr-0x81406a database kuwait+0x1505d6 @ 0x5505d6 TMethodImplementationIntercept+0xe44d5 dbkFCallWrapperAddr-0x813f5b database kuwait+0x1506e5 @ 0x5506e5 TMethodImplementationIntercept+0xe71df dbkFCallWrapperAddr-0x811251 database kuwait+0x1533ef @ 0x5533ef TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe00a3 dbkFCallWrapperAddr-0x81838d database kuwait+0x14c2b3 @ 0x54c2b3 TMethodImplementationIntercept+0xdea53 dbkFCallWrapperAddr-0x8199dd database kuwait+0x14ac63 @ 0x54ac63 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634048 registers.edi: 9748144 registers.eax: 1634048 registers.ebp: 1634128 registers.edx: 0 registers.ebx: 9574401 registers.esi: 43840736 registers.ecx: 7	1
__exception__ July 5, 2024, 11:05 a.m.	stacktrace: TMethodImplementationIntercept+0x4daad8 dbkFCallWrapperAddr-0x41d958 database kuwait+0x546ce8 @ 0x946ce8 TMethodImplementationIntercept+0x4e053d dbkFCallWrapperAddr-0x417ef3 database kuwait+0x54c74d @ 0x94c74d TMethodImplementationIntercept+0x4da704 dbkFCallWrapperAddr-0x41dd2c database kuwait+0x546914 @ 0x946914 TMethodImplementationIntercept+0x51d0d0 dbkFCallWrapperAddr-0x3db360 database kuwait+0x5892e0 @ 0x9892e0 TMethodImplementationIntercept+0x51c1c7 dbkFCallWrapperAddr-0x3dc269 database kuwait+0x5883d7 @ 0x9883d7 TMethodImplementationIntercept+0x51c2ef dbkFCallWrapperAddr-0x3dc141 database kuwait+0x5884ff @ 0x9884ff TMethodImplementationIntercept+0x6332fa dbkFCallWrapperAddr-0x2c5136 database kuwait+0x69f50a @ 0xa9f50a TMethodImplementationIntercept+0x633547 dbkFCallWrapperAddr-0x2c4ee9 database kuwait+0x69f757 @ 0xa9f757 TMethodImplementationIntercept+0x633f57 dbkFCallWrapperAddr-0x2c44d9 database kuwait+0x6a0167 @ 0xaa0167 TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe461b dbkFCallWrapperAddr-0x813e15 database kuwait+0x15082b @ 0x55082b TMethodImplementationIntercept+0x63ab6 dbkFCallWrapperAddr-0x89497a database kuwait+0xcfcc6 @ 0x4cfcc6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x7585965e SendMessageW+0x4c GetAncestor-0xc0 user32+0x196c5 @ 0x758596c5 TMethodImplementationIntercept+0x1e7d65 dbkFCallWrapperAddr-0x7106cb database kuwait+0x253f75 @ 0x653f75 TMethodImplementationIntercept+0xe4c35 dbkFCallWrapperAddr-0x8137fb database kuwait+0x150e45 @ 0x550e45 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe461b dbkFCallWrapperAddr-0x813e15 database kuwait+0x15082b @ 0x55082b TMethodImplementationIntercept+0x63ab6 dbkFCallWrapperAddr-0x89497a database kuwait+0xcfcc6 @ 0x4cfcc6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75856de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75856e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x76f2011a TMethodImplementationIntercept+0x1eeaff dbkFCallWrapperAddr-0x709931 database kuwait+0x25ad0f @ 0x65ad0f TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe461b dbkFCallWrapperAddr-0x813e15 database kuwait+0x15082b @ 0x55082b TMethodImplementationIntercept+0x63ab6 dbkFCallWrapperAddr-0x89497a database kuwait+0xcfcc6 @ 0x4cfcc6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75856de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75856e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x76f2011a TMethodImplementationIntercept+0xe0469 dbkFCallWrapperAddr-0x817fc7 database kuwait+0x14c679 @ 0x54c679 TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe00a3 dbkFCallWrapperAddr-0x81838d database kuwait+0x14c2b3 @ 0x54c2b3 TMethodImplementationIntercept+0xe43c6 dbkFCallWrapperAddr-0x81406a database kuwait+0x1505d6 @ 0x5505d6 TMethodImplementationIntercept+0xe44d5 dbkFCallWrapperAddr-0x813f5b database kuwait+0x1506e5 @ 0x5506e5 TMethodImplementationIntercept+0xe71df dbkFCallWrapperAddr-0x811251 database kuwait+0x1533ef @ 0x5533ef TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe00a3 dbkFCallWrapperAddr-0x81838d database kuwait+0x14c2b3 @ 0x54c2b3 TMethodImplementationIntercept+0xdea53 dbkFCallWrapperAddr-0x8199dd database kuwait+0x14ac63 @ 0x54ac63 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634048 registers.edi: 9748144 registers.eax: 1634048 registers.ebp: 1634128 registers.edx: 0 registers.ebx: 9574401 registers.esi: 43840736 registers.ecx: 7	1
__exception__ July 5, 2024, 11:05 a.m.	stacktrace: TMethodImplementationIntercept+0x4daad8 dbkFCallWrapperAddr-0x41d958 database kuwait+0x546ce8 @ 0x946ce8 TMethodImplementationIntercept+0x4e053d dbkFCallWrapperAddr-0x417ef3 database kuwait+0x54c74d @ 0x94c74d TMethodImplementationIntercept+0x4da704 dbkFCallWrapperAddr-0x41dd2c database kuwait+0x546914 @ 0x946914 TMethodImplementationIntercept+0x51d0d0 dbkFCallWrapperAddr-0x3db360 database kuwait+0x5892e0 @ 0x9892e0 TMethodImplementationIntercept+0x51c1c7 dbkFCallWrapperAddr-0x3dc269 database kuwait+0x5883d7 @ 0x9883d7 TMethodImplementationIntercept+0x51c2ef dbkFCallWrapperAddr-0x3dc141 database kuwait+0x5884ff @ 0x9884ff TMethodImplementationIntercept+0x6332fa dbkFCallWrapperAddr-0x2c5136 database kuwait+0x69f50a @ 0xa9f50a TMethodImplementationIntercept+0x63355f dbkFCallWrapperAddr-0x2c4ed1 database kuwait+0x69f76f @ 0xa9f76f TMethodImplementationIntercept+0x633f57 dbkFCallWrapperAddr-0x2c44d9 database kuwait+0x6a0167 @ 0xaa0167 TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe461b dbkFCallWrapperAddr-0x813e15 database kuwait+0x15082b @ 0x55082b TMethodImplementationIntercept+0x63ab6 dbkFCallWrapperAddr-0x89497a database kuwait+0xcfcc6 @ 0x4cfcc6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x7585965e SendMessageW+0x4c GetAncestor-0xc0 user32+0x196c5 @ 0x758596c5 TMethodImplementationIntercept+0x1e7d65 dbkFCallWrapperAddr-0x7106cb database kuwait+0x253f75 @ 0x653f75 TMethodImplementationIntercept+0xe4c35 dbkFCallWrapperAddr-0x8137fb database kuwait+0x150e45 @ 0x550e45 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe461b dbkFCallWrapperAddr-0x813e15 database kuwait+0x15082b @ 0x55082b TMethodImplementationIntercept+0x63ab6 dbkFCallWrapperAddr-0x89497a database kuwait+0xcfcc6 @ 0x4cfcc6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75856de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75856e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x76f2011a TMethodImplementationIntercept+0x1eeaff dbkFCallWrapperAddr-0x709931 database kuwait+0x25ad0f @ 0x65ad0f TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe461b dbkFCallWrapperAddr-0x813e15 database kuwait+0x15082b @ 0x55082b TMethodImplementationIntercept+0x63ab6 dbkFCallWrapperAddr-0x89497a database kuwait+0xcfcc6 @ 0x4cfcc6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75856de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75856e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x76f2011a TMethodImplementationIntercept+0xe0469 dbkFCallWrapperAddr-0x817fc7 database kuwait+0x14c679 @ 0x54c679 TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe00a3 dbkFCallWrapperAddr-0x81838d database kuwait+0x14c2b3 @ 0x54c2b3 TMethodImplementationIntercept+0xe43c6 dbkFCallWrapperAddr-0x81406a database kuwait+0x1505d6 @ 0x5505d6 TMethodImplementationIntercept+0xe44d5 dbkFCallWrapperAddr-0x813f5b database kuwait+0x1506e5 @ 0x5506e5 TMethodImplementationIntercept+0xe71df dbkFCallWrapperAddr-0x811251 database kuwait+0x1533ef @ 0x5533ef TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe00a3 dbkFCallWrapperAddr-0x81838d database kuwait+0x14c2b3 @ 0x54c2b3 TMethodImplementationIntercept+0xdea53 dbkFCallWrapperAddr-0x8199dd database kuwait+0x14ac63 @ 0x54ac63 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634048 registers.edi: 9748144 registers.eax: 1634048 registers.ebp: 1634128 registers.edx: 0 registers.ebx: 9574401 registers.esi: 43840736 registers.ecx: 7	1
__exception__ July 5, 2024, 11:05 a.m.	stacktrace: TMethodImplementationIntercept+0x4daad8 dbkFCallWrapperAddr-0x41d958 database kuwait+0x546ce8 @ 0x946ce8 TMethodImplementationIntercept+0x4e053d dbkFCallWrapperAddr-0x417ef3 database kuwait+0x54c74d @ 0x94c74d TMethodImplementationIntercept+0x4da704 dbkFCallWrapperAddr-0x41dd2c database kuwait+0x546914 @ 0x946914 TMethodImplementationIntercept+0x51d0d0 dbkFCallWrapperAddr-0x3db360 database kuwait+0x5892e0 @ 0x9892e0 TMethodImplementationIntercept+0x51c1c7 dbkFCallWrapperAddr-0x3dc269 database kuwait+0x5883d7 @ 0x9883d7 TMethodImplementationIntercept+0x51c2ef dbkFCallWrapperAddr-0x3dc141 database kuwait+0x5884ff @ 0x9884ff TMethodImplementationIntercept+0x6332fa dbkFCallWrapperAddr-0x2c5136 database kuwait+0x69f50a @ 0xa9f50a TMethodImplementationIntercept+0x633577 dbkFCallWrapperAddr-0x2c4eb9 database kuwait+0x69f787 @ 0xa9f787 TMethodImplementationIntercept+0x633f57 dbkFCallWrapperAddr-0x2c44d9 database kuwait+0x6a0167 @ 0xaa0167 TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe461b dbkFCallWrapperAddr-0x813e15 database kuwait+0x15082b @ 0x55082b TMethodImplementationIntercept+0x63ab6 dbkFCallWrapperAddr-0x89497a database kuwait+0xcfcc6 @ 0x4cfcc6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x7585965e SendMessageW+0x4c GetAncestor-0xc0 user32+0x196c5 @ 0x758596c5 TMethodImplementationIntercept+0x1e7d65 dbkFCallWrapperAddr-0x7106cb database kuwait+0x253f75 @ 0x653f75 TMethodImplementationIntercept+0xe4c35 dbkFCallWrapperAddr-0x8137fb database kuwait+0x150e45 @ 0x550e45 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe461b dbkFCallWrapperAddr-0x813e15 database kuwait+0x15082b @ 0x55082b TMethodImplementationIntercept+0x63ab6 dbkFCallWrapperAddr-0x89497a database kuwait+0xcfcc6 @ 0x4cfcc6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75856de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75856e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x76f2011a TMethodImplementationIntercept+0x1eeaff dbkFCallWrapperAddr-0x709931 database kuwait+0x25ad0f @ 0x65ad0f TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe461b dbkFCallWrapperAddr-0x813e15 database kuwait+0x15082b @ 0x55082b TMethodImplementationIntercept+0x63ab6 dbkFCallWrapperAddr-0x89497a database kuwait+0xcfcc6 @ 0x4cfcc6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75856de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75856e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x76f2011a TMethodImplementationIntercept+0xe0469 dbkFCallWrapperAddr-0x817fc7 database kuwait+0x14c679 @ 0x54c679 TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe00a3 dbkFCallWrapperAddr-0x81838d database kuwait+0x14c2b3 @ 0x54c2b3 TMethodImplementationIntercept+0xe43c6 dbkFCallWrapperAddr-0x81406a database kuwait+0x1505d6 @ 0x5505d6 TMethodImplementationIntercept+0xe44d5 dbkFCallWrapperAddr-0x813f5b database kuwait+0x1506e5 @ 0x5506e5 TMethodImplementationIntercept+0xe71df dbkFCallWrapperAddr-0x811251 database kuwait+0x1533ef @ 0x5533ef TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe00a3 dbkFCallWrapperAddr-0x81838d database kuwait+0x14c2b3 @ 0x54c2b3 TMethodImplementationIntercept+0xdea53 dbkFCallWrapperAddr-0x8199dd database kuwait+0x14ac63 @ 0x54ac63 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634048 registers.edi: 9748144 registers.eax: 1634048 registers.ebp: 1634128 registers.edx: 0 registers.ebx: 9574401 registers.esi: 43840736 registers.ecx: 7	1
__exception__ July 5, 2024, 11:05 a.m.	stacktrace: TMethodImplementationIntercept+0x4daad8 dbkFCallWrapperAddr-0x41d958 database kuwait+0x546ce8 @ 0x946ce8 TMethodImplementationIntercept+0x4e053d dbkFCallWrapperAddr-0x417ef3 database kuwait+0x54c74d @ 0x94c74d TMethodImplementationIntercept+0x4da704 dbkFCallWrapperAddr-0x41dd2c database kuwait+0x546914 @ 0x946914 TMethodImplementationIntercept+0x51d0d0 dbkFCallWrapperAddr-0x3db360 database kuwait+0x5892e0 @ 0x9892e0 TMethodImplementationIntercept+0x51c1c7 dbkFCallWrapperAddr-0x3dc269 database kuwait+0x5883d7 @ 0x9883d7 TMethodImplementationIntercept+0x51c2ef dbkFCallWrapperAddr-0x3dc141 database kuwait+0x5884ff @ 0x9884ff TMethodImplementationIntercept+0x6332fa dbkFCallWrapperAddr-0x2c5136 database kuwait+0x69f50a @ 0xa9f50a TMethodImplementationIntercept+0x63358f dbkFCallWrapperAddr-0x2c4ea1 database kuwait+0x69f79f @ 0xa9f79f TMethodImplementationIntercept+0x633f57 dbkFCallWrapperAddr-0x2c44d9 database kuwait+0x6a0167 @ 0xaa0167 TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe461b dbkFCallWrapperAddr-0x813e15 database kuwait+0x15082b @ 0x55082b TMethodImplementationIntercept+0x63ab6 dbkFCallWrapperAddr-0x89497a database kuwait+0xcfcc6 @ 0x4cfcc6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x7585965e SendMessageW+0x4c GetAncestor-0xc0 user32+0x196c5 @ 0x758596c5 TMethodImplementationIntercept+0x1e7d65 dbkFCallWrapperAddr-0x7106cb database kuwait+0x253f75 @ 0x653f75 TMethodImplementationIntercept+0xe4c35 dbkFCallWrapperAddr-0x8137fb database kuwait+0x150e45 @ 0x550e45 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe461b dbkFCallWrapperAddr-0x813e15 database kuwait+0x15082b @ 0x55082b TMethodImplementationIntercept+0x63ab6 dbkFCallWrapperAddr-0x89497a database kuwait+0xcfcc6 @ 0x4cfcc6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75856de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75856e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x76f2011a TMethodImplementationIntercept+0x1eeaff dbkFCallWrapperAddr-0x709931 database kuwait+0x25ad0f @ 0x65ad0f TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe461b dbkFCallWrapperAddr-0x813e15 database kuwait+0x15082b @ 0x55082b TMethodImplementationIntercept+0x63ab6 dbkFCallWrapperAddr-0x89497a database kuwait+0xcfcc6 @ 0x4cfcc6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75856de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75856e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x76f2011a TMethodImplementationIntercept+0xe0469 dbkFCallWrapperAddr-0x817fc7 database kuwait+0x14c679 @ 0x54c679 TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe00a3 dbkFCallWrapperAddr-0x81838d database kuwait+0x14c2b3 @ 0x54c2b3 TMethodImplementationIntercept+0xe43c6 dbkFCallWrapperAddr-0x81406a database kuwait+0x1505d6 @ 0x5505d6 TMethodImplementationIntercept+0xe44d5 dbkFCallWrapperAddr-0x813f5b database kuwait+0x1506e5 @ 0x5506e5 TMethodImplementationIntercept+0xe71df dbkFCallWrapperAddr-0x811251 database kuwait+0x1533ef @ 0x5533ef TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe00a3 dbkFCallWrapperAddr-0x81838d database kuwait+0x14c2b3 @ 0x54c2b3 TMethodImplementationIntercept+0xdea53 dbkFCallWrapperAddr-0x8199dd database kuwait+0x14ac63 @ 0x54ac63 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634048 registers.edi: 9748144 registers.eax: 1634048 registers.ebp: 1634128 registers.edx: 0 registers.ebx: 9574401 registers.esi: 43840736 registers.ecx: 7	1
__exception__ July 5, 2024, 11:05 a.m.	stacktrace: TMethodImplementationIntercept+0x4daad8 dbkFCallWrapperAddr-0x41d958 database kuwait+0x546ce8 @ 0x946ce8 TMethodImplementationIntercept+0x4e053d dbkFCallWrapperAddr-0x417ef3 database kuwait+0x54c74d @ 0x94c74d TMethodImplementationIntercept+0x4da704 dbkFCallWrapperAddr-0x41dd2c database kuwait+0x546914 @ 0x946914 TMethodImplementationIntercept+0x51d0d0 dbkFCallWrapperAddr-0x3db360 database kuwait+0x5892e0 @ 0x9892e0 TMethodImplementationIntercept+0x51c1c7 dbkFCallWrapperAddr-0x3dc269 database kuwait+0x5883d7 @ 0x9883d7 TMethodImplementationIntercept+0x51c2ef dbkFCallWrapperAddr-0x3dc141 database kuwait+0x5884ff @ 0x9884ff TMethodImplementationIntercept+0x6332fa dbkFCallWrapperAddr-0x2c5136 database kuwait+0x69f50a @ 0xa9f50a TMethodImplementationIntercept+0x6335a7 dbkFCallWrapperAddr-0x2c4e89 database kuwait+0x69f7b7 @ 0xa9f7b7 TMethodImplementationIntercept+0x633f57 dbkFCallWrapperAddr-0x2c44d9 database kuwait+0x6a0167 @ 0xaa0167 TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe461b dbkFCallWrapperAddr-0x813e15 database kuwait+0x15082b @ 0x55082b TMethodImplementationIntercept+0x63ab6 dbkFCallWrapperAddr-0x89497a database kuwait+0xcfcc6 @ 0x4cfcc6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x7585965e SendMessageW+0x4c GetAncestor-0xc0 user32+0x196c5 @ 0x758596c5 TMethodImplementationIntercept+0x1e7d65 dbkFCallWrapperAddr-0x7106cb database kuwait+0x253f75 @ 0x653f75 TMethodImplementationIntercept+0xe4c35 dbkFCallWrapperAddr-0x8137fb database kuwait+0x150e45 @ 0x550e45 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe461b dbkFCallWrapperAddr-0x813e15 database kuwait+0x15082b @ 0x55082b TMethodImplementationIntercept+0x63ab6 dbkFCallWrapperAddr-0x89497a database kuwait+0xcfcc6 @ 0x4cfcc6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75856de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75856e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x76f2011a TMethodImplementationIntercept+0x1eeaff dbkFCallWrapperAddr-0x709931 database kuwait+0x25ad0f @ 0x65ad0f TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe461b dbkFCallWrapperAddr-0x813e15 database kuwait+0x15082b @ 0x55082b TMethodImplementationIntercept+0x63ab6 dbkFCallWrapperAddr-0x89497a database kuwait+0xcfcc6 @ 0x4cfcc6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75856de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75856e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x76f2011a TMethodImplementationIntercept+0xe0469 dbkFCallWrapperAddr-0x817fc7 database kuwait+0x14c679 @ 0x54c679 TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe00a3 dbkFCallWrapperAddr-0x81838d database kuwait+0x14c2b3 @ 0x54c2b3 TMethodImplementationIntercept+0xe43c6 dbkFCallWrapperAddr-0x81406a database kuwait+0x1505d6 @ 0x5505d6 TMethodImplementationIntercept+0xe44d5 dbkFCallWrapperAddr-0x813f5b database kuwait+0x1506e5 @ 0x5506e5 TMethodImplementationIntercept+0xe71df dbkFCallWrapperAddr-0x811251 database kuwait+0x1533ef @ 0x5533ef TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe00a3 dbkFCallWrapperAddr-0x81838d database kuwait+0x14c2b3 @ 0x54c2b3 TMethodImplementationIntercept+0xdea53 dbkFCallWrapperAddr-0x8199dd database kuwait+0x14ac63 @ 0x54ac63 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634048 registers.edi: 9748144 registers.eax: 1634048 registers.ebp: 1634128 registers.edx: 0 registers.ebx: 9574401 registers.esi: 43840736 registers.ecx: 7	1
__exception__ July 5, 2024, 11:05 a.m.	stacktrace: TMethodImplementationIntercept+0x4daad8 dbkFCallWrapperAddr-0x41d958 database kuwait+0x546ce8 @ 0x946ce8 TMethodImplementationIntercept+0x4e053d dbkFCallWrapperAddr-0x417ef3 database kuwait+0x54c74d @ 0x94c74d TMethodImplementationIntercept+0x4da704 dbkFCallWrapperAddr-0x41dd2c database kuwait+0x546914 @ 0x946914 TMethodImplementationIntercept+0x51d0d0 dbkFCallWrapperAddr-0x3db360 database kuwait+0x5892e0 @ 0x9892e0 TMethodImplementationIntercept+0x51c1c7 dbkFCallWrapperAddr-0x3dc269 database kuwait+0x5883d7 @ 0x9883d7 TMethodImplementationIntercept+0x51c2ef dbkFCallWrapperAddr-0x3dc141 database kuwait+0x5884ff @ 0x9884ff TMethodImplementationIntercept+0x6337fe dbkFCallWrapperAddr-0x2c4c32 database kuwait+0x69fa0e @ 0xa9fa0e TMethodImplementationIntercept+0x633f57 dbkFCallWrapperAddr-0x2c44d9 database kuwait+0x6a0167 @ 0xaa0167 TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe461b dbkFCallWrapperAddr-0x813e15 database kuwait+0x15082b @ 0x55082b TMethodImplementationIntercept+0x63ab6 dbkFCallWrapperAddr-0x89497a database kuwait+0xcfcc6 @ 0x4cfcc6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x7585965e SendMessageW+0x4c GetAncestor-0xc0 user32+0x196c5 @ 0x758596c5 TMethodImplementationIntercept+0x1e7d65 dbkFCallWrapperAddr-0x7106cb database kuwait+0x253f75 @ 0x653f75 TMethodImplementationIntercept+0xe4c35 dbkFCallWrapperAddr-0x8137fb database kuwait+0x150e45 @ 0x550e45 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe461b dbkFCallWrapperAddr-0x813e15 database kuwait+0x15082b @ 0x55082b TMethodImplementationIntercept+0x63ab6 dbkFCallWrapperAddr-0x89497a database kuwait+0xcfcc6 @ 0x4cfcc6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75856de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75856e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x76f2011a TMethodImplementationIntercept+0x1eeaff dbkFCallWrapperAddr-0x709931 database kuwait+0x25ad0f @ 0x65ad0f TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe461b dbkFCallWrapperAddr-0x813e15 database kuwait+0x15082b @ 0x55082b TMethodImplementationIntercept+0x63ab6 dbkFCallWrapperAddr-0x89497a database kuwait+0xcfcc6 @ 0x4cfcc6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75856de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75856e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x76f2011a TMethodImplementationIntercept+0xe0469 dbkFCallWrapperAddr-0x817fc7 database kuwait+0x14c679 @ 0x54c679 TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe00a3 dbkFCallWrapperAddr-0x81838d database kuwait+0x14c2b3 @ 0x54c2b3 TMethodImplementationIntercept+0xe43c6 dbkFCallWrapperAddr-0x81406a database kuwait+0x1505d6 @ 0x5505d6 TMethodImplementationIntercept+0xe44d5 dbkFCallWrapperAddr-0x813f5b database kuwait+0x1506e5 @ 0x5506e5 TMethodImplementationIntercept+0xe71df dbkFCallWrapperAddr-0x811251 database kuwait+0x1533ef @ 0x5533ef TMethodImplementationIntercept+0xe5050 dbkFCallWrapperAddr-0x8133e0 database kuwait+0x151260 @ 0x551260 TMethodImplementationIntercept+0x1eb662 dbkFCallWrapperAddr-0x70cdce database kuwait+0x257872 @ 0x657872 TMethodImplementationIntercept+0xe00a3 dbkFCallWrapperAddr-0x81838d database kuwait+0x14c2b3 @ 0x54c2b3 TMethodImplementationIntercept+0xdea53 dbkFCallWrapperAddr-0x8199dd database kuwait+0x14ac63 @ 0x54ac63 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634124 registers.edi: 9748144 registers.eax: 1634124 registers.ebp: 1634204 registers.edx: 0 registers.ebx: 9574401 registers.esi: 43840736 registers.ecx: 7	1
__exception__ July 5, 2024, 11:05 a.m.	stacktrace: TMethodImplementationIntercept+0x382474 dbkFCallWrapperAddr-0x575fbc database kuwait+0x3ee684 @ 0x7ee684 TMethodImplementationIntercept+0x38187a dbkFCallWrapperAddr-0x576bb6 database kuwait+0x3eda8a @ 0x7eda8a exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1637320 registers.edi: 34 registers.eax: 1637320 registers.ebp: 1637400 registers.edx: 0 registers.ebx: 87980056 registers.esi: 1049 registers.ecx: 7	1
__exception__ July 5, 2024, 11:05 a.m.	stacktrace: TMethodImplementationIntercept+0x3abfac dbkFCallWrapperAddr-0x54c484 database kuwait+0x4181bc @ 0x8181bc TMethodImplementationIntercept+0x3abe8b dbkFCallWrapperAddr-0x54c5a5 database kuwait+0x41809b @ 0x81809b TMethodImplementationIntercept+0x34f50f dbkFCallWrapperAddr-0x5a8f21 database kuwait+0x3bb71f @ 0x7bb71f TMethodImplementationIntercept+0x3d18bd dbkFCallWrapperAddr-0x526b73 database kuwait+0x43dacd @ 0x83dacd TMethodImplementationIntercept+0x352873 dbkFCallWrapperAddr-0x5a5bbd database kuwait+0x3bea83 @ 0x7bea83 TMethodImplementationIntercept+0x34f828 dbkFCallWrapperAddr-0x5a8c08 database kuwait+0x3bba38 @ 0x7bba38 TMethodImplementationIntercept+0x1ea0af dbkFCallWrapperAddr-0x70e381 database kuwait+0x2562bf @ 0x6562bf TMethodImplementationIntercept+0x1e9ccb dbkFCallWrapperAddr-0x70e765 database kuwait+0x255edb @ 0x655edb TMethodImplementationIntercept+0x1e9c7c dbkFCallWrapperAddr-0x70e7b4 database kuwait+0x255e8c @ 0x655e8c TMethodImplementationIntercept+0x1f51dd dbkFCallWrapperAddr-0x703253 database kuwait+0x2613ed @ 0x6613ed TMethodImplementationIntercept+0x8d5af8 dbkFCallWrapperAddr-0x22938 database kuwait+0x941d08 @ 0xd41d08 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1637508 registers.edi: 8437276 registers.eax: 1637508 registers.ebp: 1637588 registers.edx: 0 registers.ebx: 8470564 registers.esi: 1049 registers.ecx: 7	1
__exception__ July 5, 2024, 11:06 a.m.	stacktrace: TMethodImplementationIntercept+0x382474 dbkFCallWrapperAddr-0x575fbc database kuwait+0x3ee684 @ 0x7ee684 TMethodImplementationIntercept+0x38187a dbkFCallWrapperAddr-0x576bb6 database kuwait+0x3eda8a @ 0x7eda8a exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1637332 registers.edi: 32 registers.eax: 1637332 registers.ebp: 1637412 registers.edx: 0 registers.ebx: 87983248 registers.esi: 1049 registers.ecx: 7	1
__exception__ July 5, 2024, 11:06 a.m.	stacktrace: TMethodImplementationIntercept+0x3abfac dbkFCallWrapperAddr-0x54c484 database kuwait+0x4181bc @ 0x8181bc TMethodImplementationIntercept+0x3abe8b dbkFCallWrapperAddr-0x54c5a5 database kuwait+0x41809b @ 0x81809b TMethodImplementationIntercept+0x34f50f dbkFCallWrapperAddr-0x5a8f21 database kuwait+0x3bb71f @ 0x7bb71f TMethodImplementationIntercept+0x3d18bd dbkFCallWrapperAddr-0x526b73 database kuwait+0x43dacd @ 0x83dacd TMethodImplementationIntercept+0x352873 dbkFCallWrapperAddr-0x5a5bbd database kuwait+0x3bea83 @ 0x7bea83 TMethodImplementationIntercept+0x34f1c4 dbkFCallWrapperAddr-0x5a926c database kuwait+0x3bb3d4 @ 0x7bb3d4 TMethodImplementationIntercept+0x491f2 dbkFCallWrapperAddr-0x8af23e database kuwait+0xb5402 @ 0x4b5402 TMethodImplementationIntercept+0x1e9b9f dbkFCallWrapperAddr-0x70e891 database kuwait+0x255daf @ 0x655daf TMethodImplementationIntercept+0x1f51dd dbkFCallWrapperAddr-0x703253 database kuwait+0x2613ed @ 0x6613ed TMethodImplementationIntercept+0x8d5b31 dbkFCallWrapperAddr-0x228ff database kuwait+0x941d41 @ 0xd41d41 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1637520 registers.edi: 8437276 registers.eax: 1637520 registers.ebp: 1637600 registers.edx: 0 registers.ebx: 8470564 registers.esi: 1049 registers.ecx: 7	1
__exception__ July 5, 2024, 11:06 a.m.	stacktrace: 0x320033 exception.instruction_r: 3b 78 04 75 f5 85 c0 75 2d 8b c6 e8 49 00 00 00 exception.symbol: __dbk_fcall_wrapper+0x1ecc3 TMethodImplementationIntercept-0x3b979 database kuwait+0x30897 exception.instruction: cmp edi, dword ptr [eax + 4] exception.module: DataBase Kuwait.exe exception.exception_code: 0xc0000005 exception.offset: 198807 exception.address: 0x430897 registers.esp: 1635372 registers.edi: 2888 registers.eax: 2314781827 registers.ebp: 1635392 registers.edx: 1635392 registers.ebx: 3 registers.esi: 6357100 registers.ecx: 189321216	1
__exception__ July 5, 2024, 11:06 a.m.	stacktrace: 0x320033 exception.instruction_r: 3b 78 04 75 f5 85 c0 75 2d 8b c6 e8 49 00 00 00 exception.symbol: __dbk_fcall_wrapper+0x1ecc3 TMethodImplementationIntercept-0x3b979 database kuwait+0x30897 exception.instruction: cmp edi, dword ptr [eax + 4] exception.module: DataBase Kuwait.exe exception.exception_code: 0xc0000005 exception.offset: 198807 exception.address: 0x430897 registers.esp: 1633152 registers.edi: 2888 registers.eax: 2314781827 registers.ebp: 1633172 registers.edx: 1633172 registers.ebx: 3 registers.esi: 6357100 registers.ecx: 189321216	1
__exception__ July 5, 2024, 11:06 a.m.	stacktrace: __dbk_fcall_wrapper-0x7fdc database kuwait+0x9bf8 @ 0x409bf8 __dbk_fcall_wrapper-0x7ba7 database kuwait+0xa02d @ 0x40a02d exception.instruction_r: 8b 08 ff 51 fc c3 e8 ef ff ff ff c3 8b c0 83 c0 exception.symbol: __dbk_fcall_wrapper-0x97aa database kuwait+0x842a exception.instruction: mov ecx, dword ptr [eax] exception.module: DataBase Kuwait.exe exception.exception_code: 0xc0000005 exception.offset: 33834 exception.address: 0x40842a registers.esp: 1631336 registers.edi: 1633532 registers.eax: 94495872 registers.ebp: 1633556 registers.edx: 1631233 registers.ebx: 4234227 registers.esi: 0 registers.ecx: 1633564	1
__exception__ July 5, 2024, 11:06 a.m.	stacktrace: __dbk_fcall_wrapper-0x7ba7 database kuwait+0xa02d @ 0x40a02d exception.instruction_r: 8b 08 ff 51 fc c3 e8 ef ff ff ff c3 8b c0 83 c0 exception.symbol: __dbk_fcall_wrapper-0x97aa database kuwait+0x842a exception.instruction: mov ecx, dword ptr [eax] exception.module: DataBase Kuwait.exe exception.exception_code: 0xc0000005 exception.offset: 33834 exception.address: 0x40842a registers.esp: 1628520 registers.edi: 0 registers.eax: 44414408 registers.ebp: 1635712 registers.edx: 1 registers.ebx: 0 registers.esi: 0 registers.ecx: 1633564	1
__exception__ July 5, 2024, 11:06 a.m.	stacktrace: TMethodImplementationIntercept+0x63ab6 dbkFCallWrapperAddr-0x89497a database kuwait+0xcfcc6 @ 0x4cfcc6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75856de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75856e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x76f2011a gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetCursor+0x2ff DrawStateW-0x265 user32+0x3f9df @ 0x7587f9df GetCursor+0xa4 DrawStateW-0x4c0 user32+0x3f784 @ 0x7587f784 GetCursor+0x1a9 DrawStateW-0x3bb user32+0x3f889 @ 0x7587f889 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x7585965e SetKeyboardState+0xbbd CliImmSetHotKey-0x12c9e user32+0x4206f @ 0x7588206f DialogBoxIndirectParamAorW+0xf7 SetDlgItemTextW-0x55 user32+0x3cf4b @ 0x7587cf4b SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x758af73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x758afa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x758afb1f New_user32_MessageBoxTimeoutW@24+0x5e New_user32_RegisterHotKey@16-0x159 @ 0x735576de MessageBoxTimeoutA+0x76 MessageBoxIndirectA-0x33 user32+0x6fb9e @ 0x758afb9e New_user32_MessageBoxTimeoutA@24+0x137 New_user32_MessageBoxTimeoutW@24-0x80 @ 0x73557600 MessageBoxExA+0x1b MessageBoxExW-0x9 user32+0x6fcf1 @ 0x758afcf1 MessageBoxA+0x18 MessageBoxW-0x9 user32+0x6fd36 @ 0x758afd36 __dbk_fcall_wrapper-0x7c69 database kuwait+0x9f6b @ 0x409f6b exception.instruction_r: 8b 43 4c ff 53 48 33 c0 5a 59 59 64 89 10 68 4a exception.symbol: TMethodImplementationIntercept+0xe4615 dbkFCallWrapperAddr-0x813e1b database kuwait+0x150825 exception.instruction: mov eax, dword ptr [ebx + 0x4c] exception.module: DataBase Kuwait.exe exception.exception_code: 0xc0000005 exception.offset: 1378341 exception.address: 0x550825 registers.esp: 1624476 registers.edi: 0 registers.eax: 0 registers.ebp: 1624516 registers.edx: 1624524 registers.ebx: 68520048 registers.esi: 16650171 registers.ecx: 16650176	1
__exception__ July 5, 2024, 11:06 a.m.	stacktrace: TMethodImplementationIntercept+0xe462d dbkFCallWrapperAddr-0x813e03 database kuwait+0x15083d @ 0x55083d TMethodImplementationIntercept+0x63ab6 dbkFCallWrapperAddr-0x89497a database kuwait+0xcfcc6 @ 0x4cfcc6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75856de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75856e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x76f2011a gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetCursor+0x2ff DrawStateW-0x265 user32+0x3f9df @ 0x7587f9df GetCursor+0xa4 DrawStateW-0x4c0 user32+0x3f784 @ 0x7587f784 GetCursor+0x1a9 DrawStateW-0x3bb user32+0x3f889 @ 0x7587f889 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x7585965e SetKeyboardState+0xbbd CliImmSetHotKey-0x12c9e user32+0x4206f @ 0x7588206f DialogBoxIndirectParamAorW+0xf7 SetDlgItemTextW-0x55 user32+0x3cf4b @ 0x7587cf4b SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x758af73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x758afa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x758afb1f New_user32_MessageBoxTimeoutW@24+0x5e New_user32_RegisterHotKey@16-0x159 @ 0x735576de MessageBoxTimeoutA+0x76 MessageBoxIndirectA-0x33 user32+0x6fb9e @ 0x758afb9e New_user32_MessageBoxTimeoutA@24+0x137 New_user32_MessageBoxTimeoutW@24-0x80 @ 0x73557600 MessageBoxExA+0x1b MessageBoxExW-0x9 user32+0x6fcf1 @ 0x758afcf1 MessageBoxA+0x18 MessageBoxW-0x9 user32+0x6fd36 @ 0x758afd36 __dbk_fcall_wrapper-0x7c69 database kuwait+0x9f6b @ 0x409f6b exception.instruction_r: 8b 43 08 89 04 24 e8 4d 27 f5 ff 8b 04 24 e8 45 exception.symbol: TMethodImplementationIntercept+0x4a3b8 dbkFCallWrapperAddr-0x8ae078 database kuwait+0xb65c8 exception.instruction: mov eax, dword ptr [ebx + 8] exception.module: DataBase Kuwait.exe exception.exception_code: 0xc0000005 exception.offset: 746952 exception.address: 0x4b65c8 registers.esp: 1621592 registers.edi: 1624476 registers.eax: 44343312 registers.ebp: 1621616 registers.edx: 16723000 registers.ebx: 44343312 registers.esi: 0 registers.ecx: 5572680	1
__exception__ July 5, 2024, 11:06 a.m.	stacktrace: RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x76f56a8b KiUserApcDispatcher+0x9d KiUserCallbackDispatcher-0x17 ntdll+0x100d5 @ 0x76f200d5 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x76f56a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x7355482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 TMethodImplementationIntercept+0x63ab6 dbkFCallWrapperAddr-0x89497a database kuwait+0xcfcc6 @ 0x4cfcc6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75856de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75856e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x76f2011a gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetCursor+0x2ff DrawStateW-0x265 user32+0x3f9df @ 0x7587f9df GetCursor+0xa4 DrawStateW-0x4c0 user32+0x3f784 @ 0x7587f784 GetCursor+0x1a9 DrawStateW-0x3bb user32+0x3f889 @ 0x7587f889 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x7585965e SetKeyboardState+0xbbd CliImmSetHotKey-0x12c9e user32+0x4206f @ 0x7588206f DialogBoxIndirectParamAorW+0xf7 SetDlgItemTextW-0x55 user32+0x3cf4b @ 0x7587cf4b SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x758af73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x758afa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x758afb1f New_user32_MessageBoxTimeoutW@24+0x5e New_user32_RegisterHotKey@16-0x159 @ 0x735576de MessageBoxTimeoutA+0x76 MessageBoxIndirectA-0x33 user32+0x6fb9e @ 0x758afb9e New_user32_MessageBoxTimeoutA@24+0x137 New_user32_MessageBoxTimeoutW@24-0x80 @ 0x73557600 MessageBoxExA+0x1b MessageBoxExW-0x9 user32+0x6fcf1 @ 0x758afcf1 MessageBoxA+0x18 MessageBoxW-0x9 user32+0x6fd36 @ 0x758afd36 __dbk_fcall_wrapper-0x7c69 database kuwait+0x9f6b @ 0x409f6b exception.instruction_r: 8b 08 ff 51 fc c3 e8 ef ff ff ff c3 8b c0 83 c0 exception.symbol: __dbk_fcall_wrapper-0x97aa database kuwait+0x842a exception.instruction: mov ecx, dword ptr [eax] exception.module: DataBase Kuwait.exe exception.exception_code: 0xc0000005 exception.offset: 33834 exception.address: 0x40842a registers.esp: 1618772 registers.edi: 0 registers.eax: 68520124 registers.ebp: 1621708 registers.edx: 1 registers.ebx: 0 registers.esi: 0 registers.ecx: 1621628	1
__exception__ July 5, 2024, 11:06 a.m.	stacktrace: TMethodImplementationIntercept+0x63ab6 dbkFCallWrapperAddr-0x89497a database kuwait+0xcfcc6 @ 0x4cfcc6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75856de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75856e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x76f2011a gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetCursor+0x2ff DrawStateW-0x265 user32+0x3f9df @ 0x7587f9df GetCursor+0xa4 DrawStateW-0x4c0 user32+0x3f784 @ 0x7587f784 GetCursor+0x1a9 DrawStateW-0x3bb user32+0x3f889 @ 0x7587f889 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x7585965e SetKeyboardState+0xbbd CliImmSetHotKey-0x12c9e user32+0x4206f @ 0x7588206f DialogBoxIndirectParamAorW+0xf7 SetDlgItemTextW-0x55 user32+0x3cf4b @ 0x7587cf4b SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x758af73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x758afa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x758afb1f New_user32_MessageBoxTimeoutW@24+0x5e New_user32_RegisterHotKey@16-0x159 @ 0x735576de MessageBoxTimeoutA+0x76 MessageBoxIndirectA-0x33 user32+0x6fb9e @ 0x758afb9e New_user32_MessageBoxTimeoutA@24+0x137 New_user32_MessageBoxTimeoutW@24-0x80 @ 0x73557600 MessageBoxExA+0x1b MessageBoxExW-0x9 user32+0x6fcf1 @ 0x758afcf1 MessageBoxA+0x18 MessageBoxW-0x9 user32+0x6fd36 @ 0x758afd36 __dbk_fcall_wrapper-0x7c69 database kuwait+0x9f6b @ 0x409f6b exception.instruction_r: 8b 80 c8 00 00 00 8b 58 08 4b 85 db 7c 32 43 33 exception.symbol: TMethodImplementationIntercept+0x1f3f10 dbkFCallWrapperAddr-0x704520 database kuwait+0x260120 exception.instruction: mov eax, dword ptr [eax + 0xc8] exception.module: DataBase Kuwait.exe exception.exception_code: 0xc0000005 exception.offset: 2490656 exception.address: 0x660120 registers.esp: 1624420 registers.edi: 0 registers.eax: 44194272 registers.ebp: 1624516 registers.edx: 0 registers.ebx: 0 registers.esi: 16650210 registers.ecx: 16650215	1
__exception__ July 5, 2024, 11:06 a.m.	stacktrace: gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75856de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75856e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x76f2011a gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetCursor+0x2ff DrawStateW-0x265 user32+0x3f9df @ 0x7587f9df GetCursor+0xa4 DrawStateW-0x4c0 user32+0x3f784 @ 0x7587f784 GetCursor+0x1a9 DrawStateW-0x3bb user32+0x3f889 @ 0x7587f889 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x7585965e SetKeyboardState+0xbbd CliImmSetHotKey-0x12c9e user32+0x4206f @ 0x7588206f DialogBoxIndirectParamAorW+0xf7 SetDlgItemTextW-0x55 user32+0x3cf4b @ 0x7587cf4b SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x758af73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x758afa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x758afb1f New_user32_MessageBoxTimeoutW@24+0x5e New_user32_RegisterHotKey@16-0x159 @ 0x735576de MessageBoxTimeoutA+0x76 MessageBoxIndirectA-0x33 user32+0x6fb9e @ 0x758afb9e New_user32_MessageBoxTimeoutA@24+0x137 New_user32_MessageBoxTimeoutW@24-0x80 @ 0x73557600 MessageBoxExA+0x1b MessageBoxExW-0x9 user32+0x6fcf1 @ 0x758afcf1 MessageBoxA+0x18 MessageBoxW-0x9 user32+0x6fd36 @ 0x758afd36 __dbk_fcall_wrapper-0x7c69 database kuwait+0x9f6b @ 0x409f6b exception.instruction_r: 8b 86 90 01 00 00 50 e8 c6 63 db ff 89 43 0c 83 exception.symbol: TMethodImplementationIntercept+0x1f4f0a dbkFCallWrapperAddr-0x703526 database kuwait+0x26111a exception.instruction: mov eax, dword ptr [esi + 0x190] exception.module: DataBase Kuwait.exe exception.exception_code: 0xc0000005 exception.offset: 2494746 exception.address: 0x66111a registers.esp: 1624476 registers.edi: 28 registers.eax: 1 registers.ebp: 1624540 registers.edx: 1624524 registers.ebx: 1624524 registers.esi: 44194272 registers.ecx: 16650228	1
__exception__ July 5, 2024, 11:06 a.m.	stacktrace: TMethodImplementationIntercept+0x63ab6 dbkFCallWrapperAddr-0x89497a database kuwait+0xcfcc6 @ 0x4cfcc6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75856de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75856e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x76f2011a gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetCursor+0x2ff DrawStateW-0x265 user32+0x3f9df @ 0x7587f9df GetCursor+0xa4 DrawStateW-0x4c0 user32+0x3f784 @ 0x7587f784 GetCursor+0x1a9 DrawStateW-0x3bb user32+0x3f889 @ 0x7587f889 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x7585965e SetKeyboardState+0xbbd CliImmSetHotKey-0x12c9e user32+0x4206f @ 0x7588206f DialogBoxIndirectParamAorW+0xf7 SetDlgItemTextW-0x55 user32+0x3cf4b @ 0x7587cf4b SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x758af73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x758afa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x758afb1f New_user32_MessageBoxTimeoutW@24+0x5e New_user32_RegisterHotKey@16-0x159 @ 0x735576de MessageBoxTimeoutA+0x76 MessageBoxIndirectA-0x33 user32+0x6fb9e @ 0x758afb9e New_user32_MessageBoxTimeoutA@24+0x137 New_user32_MessageBoxTimeoutW@24-0x80 @ 0x73557600 MessageBoxExA+0x1b MessageBoxExW-0x9 user32+0x6fcf1 @ 0x758afcf1 MessageBoxA+0x18 MessageBoxW-0x9 user32+0x6fd36 @ 0x758afd36 __dbk_fcall_wrapper-0x7c69 database kuwait+0x9f6b @ 0x409f6b exception.instruction_r: 8b 40 44 50 e8 fe 9f e3 ff 89 43 0c 5f 5e 5b 59 exception.symbol: TMethodImplementationIntercept+0x1712d5 dbkFCallWrapperAddr-0x78715b database kuwait+0x1dd4e5 exception.instruction: mov eax, dword ptr [eax + 0x44] exception.module: DataBase Kuwait.exe exception.exception_code: 0xc0000005 exception.offset: 1955045 exception.address: 0x5dd4e5 registers.esp: 1624488 registers.edi: 0 registers.eax: 44505952 registers.ebp: 1624516 registers.edx: 1624524 registers.ebx: 1624524 registers.esi: 28 registers.ecx: 78775093	1
__exception__ July 5, 2024, 11:06 a.m.	stacktrace: TMethodImplementationIntercept+0x63ab6 dbkFCallWrapperAddr-0x89497a database kuwait+0xcfcc6 @ 0x4cfcc6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x758577c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x7585788a DialogBoxIndirectParamW+0x20a DialogBoxIndirectParamAorW-0x57 user32+0x3cdfd @ 0x7587cdfd DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x7587cf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x758af73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x758afa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x758afb1f New_user32_MessageBoxTimeoutW@24+0x5e New_user32_RegisterHotKey@16-0x159 @ 0x735576de MessageBoxTimeoutA+0x76 MessageBoxIndirectA-0x33 user32+0x6fb9e @ 0x758afb9e New_user32_MessageBoxTimeoutA@24+0x137 New_user32_MessageBoxTimeoutW@24-0x80 @ 0x73557600 MessageBoxExA+0x1b MessageBoxExW-0x9 user32+0x6fcf1 @ 0x758afcf1 MessageBoxA+0x18 MessageBoxW-0x9 user32+0x6fd36 @ 0x758afd36 __dbk_fcall_wrapper-0x7c69 database kuwait+0x9f6b @ 0x409f6b exception.instruction_r: 8b 43 4c ff 53 48 33 c0 5a 59 59 64 89 10 68 4a exception.symbol: TMethodImplementationIntercept+0xe4615 dbkFCallWrapperAddr-0x813e1b database kuwait+0x150825 exception.instruction: mov eax, dword ptr [ebx + 0x4c] exception.module: DataBase Kuwait.exe exception.exception_code: 0xc0000005 exception.offset: 1378341 exception.address: 0x550825 registers.esp: 1625268 registers.edi: 0 registers.eax: 0 registers.ebp: 1625308 registers.edx: 1625316 registers.ebx: 68520048 registers.esi: 16650171 registers.ecx: 16650176	1
__exception__ July 5, 2024, 11:06 a.m.	stacktrace: TMethodImplementationIntercept+0xe462d dbkFCallWrapperAddr-0x813e03 database kuwait+0x15083d @ 0x55083d TMethodImplementationIntercept+0x63ab6 dbkFCallWrapperAddr-0x89497a database kuwait+0xcfcc6 @ 0x4cfcc6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x758577c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x7585788a DialogBoxIndirectParamW+0x20a DialogBoxIndirectParamAorW-0x57 user32+0x3cdfd @ 0x7587cdfd DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x7587cf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x758af73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x758afa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x758afb1f New_user32_MessageBoxTimeoutW@24+0x5e New_user32_RegisterHotKey@16-0x159 @ 0x735576de MessageBoxTimeoutA+0x76 MessageBoxIndirectA-0x33 user32+0x6fb9e @ 0x758afb9e New_user32_MessageBoxTimeoutA@24+0x137 New_user32_MessageBoxTimeoutW@24-0x80 @ 0x73557600 MessageBoxExA+0x1b MessageBoxExW-0x9 user32+0x6fcf1 @ 0x758afcf1 MessageBoxA+0x18 MessageBoxW-0x9 user32+0x6fd36 @ 0x758afd36 __dbk_fcall_wrapper-0x7c69 database kuwait+0x9f6b @ 0x409f6b exception.instruction_r: 8b 43 08 89 04 24 e8 4d 27 f5 ff 8b 04 24 e8 45 exception.symbol: TMethodImplementationIntercept+0x4a3b8 dbkFCallWrapperAddr-0x8ae078 database kuwait+0xb65c8 exception.instruction: mov eax, dword ptr [ebx + 8] exception.module: DataBase Kuwait.exe exception.exception_code: 0xc0000005 exception.offset: 746952 exception.address: 0x4b65c8 registers.esp: 1622388 registers.edi: 1625268 registers.eax: 44343312 registers.ebp: 1622412 registers.edx: 16723000 registers.ebx: 44343312 registers.esi: 0 registers.ecx: 5572680	1
__exception__ July 5, 2024, 11:06 a.m.	stacktrace: RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x76f56a8b __dbk_fcall_wrapper-0x80d6 database kuwait+0x9afe @ 0x409afe RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x76f56a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x7355482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 TMethodImplementationIntercept+0x63ab6 dbkFCallWrapperAddr-0x89497a database kuwait+0xcfcc6 @ 0x4cfcc6 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x758577c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x7585788a DialogBoxIndirectParamW+0x20a DialogBoxIndirectParamAorW-0x57 user32+0x3cdfd @ 0x7587cdfd DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x7587cf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x758af73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x758afa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x758afb1f New_user32_MessageBoxTimeoutW@24+0x5e New_user32_RegisterHotKey@16-0x159 @ 0x735576de MessageBoxTimeoutA+0x76 MessageBoxIndirectA-0x33 user32+0x6fb9e @ 0x758afb9e New_user32_MessageBoxTimeoutA@24+0x137 New_user32_MessageBoxTimeoutW@24-0x80 @ 0x73557600 MessageBoxExA+0x1b MessageBoxExW-0x9 user32+0x6fcf1 @ 0x758afcf1 MessageBoxA+0x18 MessageBoxW-0x9 user32+0x6fd36 @ 0x758afd36 __dbk_fcall_wrapper-0x7c69 database kuwait+0x9f6b @ 0x409f6b exception.instruction_r: 8b 08 ff 51 fc c3 e8 ef ff ff ff c3 8b c0 83 c0 exception.symbol: __dbk_fcall_wrapper-0x97aa database kuwait+0x842a exception.instruction: mov ecx, dword ptr [eax] exception.module: DataBase Kuwait.exe exception.exception_code: 0xc0000005 exception.offset: 33834 exception.address: 0x40842a registers.esp: 1619572 registers.edi: 0 registers.eax: 68520124 registers.ebp: 1622504 registers.edx: 1 registers.ebx: 0 registers.esi: 0 registers.ecx: 1622424	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Performs some HTTP requests (1 event)

request

GET http://www.srbreferee.com/CheckNET.php

Allocates read-write-execute memory (usually to unpack itself) (17 events)

Time & API	Arguments	Status
NtProtectVirtualMemory July 5, 2024, 11:04 a.m.	process_identifier: 2628 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 5, 2024, 11:04 a.m.	process_identifier: 2628 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 745472 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00401000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 5, 2024, 11:04 a.m.	process_identifier: 2628 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004c4000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 5, 2024, 11:04 a.m.	process_identifier: 2628 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 94208 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004c6000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 5, 2024, 11:04 a.m.	process_identifier: 2628 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72dd2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 5, 2024, 11:04 a.m.	process_identifier: 2720 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72dd2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 5, 2024, 11:04 a.m.	process_identifier: 2720 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a20000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 5, 2024, 10:58 a.m.	process_identifier: 1452 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000004730000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 5, 2024, 11:05 a.m.	process_identifier: 2884 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72dd2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 5, 2024, 11:05 a.m.	process_identifier: 2884 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00fe0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 5, 2024, 11:05 a.m.	process_identifier: 2884 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x049c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 5, 2024, 11:05 a.m.	process_identifier: 2884 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04b20000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 5, 2024, 11:06 a.m.	process_identifier: 2884 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04440000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory July 5, 2024, 11:05 a.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72dd2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 5, 2024, 11:05 a.m.	process_identifier: 2544 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02d20000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 5, 2024, 11:06 a.m.	process_identifier: 2544 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04ff0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 5, 2024, 11:06 a.m.	process_identifier: 2544 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05c80000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (2 events)

Time & API	Arguments	Status	Return	Repeated
GetDiskFreeSpaceExW July 5, 2024, 11:04 a.m.	total_number_of_free_bytes: 0 free_bytes_available: 0 root_path: C:\Program Files (x86)\Kuwait Ice Hockey DB\ total_number_of_bytes: 70694213480		0	0
GetDiskFreeSpaceExW July 5, 2024, 11:04 a.m.	total_number_of_free_bytes: 0 free_bytes_available: 13315825664 root_path: C:\Program Files (x86)\ total_number_of_bytes: 34252779520	1	1	0

Creates executable files on the filesystem (4 events)

file	C:\Users\test22\Documents\Zapisnik_ONLine\ssleay32.dll
file	C:\Program Files (x86)\Kuwait Ice Hockey DB\DataBase Kuwait.exe
file	C:\Users\test22\Documents\Zapisnik_ONLine\libeay32.dll
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kuwait Ice Hockey DB.lnk

Creates a shortcut to an executable file (1 event)

file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kuwait Ice Hockey DB.lnk

Drops a binary and executes it (1 event)

file	C:\Program Files (x86)\Kuwait Ice Hockey DB\DataBase Kuwait.exe

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\is-70CNA.tmp\KuwaitSetupHockey.tmp

An executable file was downloaded by the process database kuwait.exe (1 event)

Time & API	Arguments	Status	Return	Repeated
recv July 5, 2024, 11:06 a.m.	buffer: MZÿÿ¸@ðº´ Í!¸LÍ!This program cannot be run in DOS mode. $à·D¤Öâ¤Öâ¤Öâ¦Öâ®fÖâ®w°Öâ®q§Öâ¤Öãn×â®aÖâ®p¥Öâ®v¥Öâ®s¥ÖâRich¤ÖâPELÜÏö[à! ÔlÙ4ðßd0)Ä<00@ ,0÷0@ðô.textÚÒÔ `.rdata°ÕðÖØ@@.data¤[Ð@®@À.rsrc00î@@.reloc3@4ô@B3ÀÃÌÌÌÌÌÌÌÌÌÌÌÌÌ3À\|$ÀH%P÷ÃÌÌÌÌÌÌÌÌÌÌÌÌ¸P÷ÃÌÌÌÌÌÌÌÌÌÌ3À\|$ÀH%È÷ÃÌÌÌÌÌÌÌÌÌÌÌÌVÇpqX¶D3À÷F^t&9t9¤u¸ÇsÃRQèþÄÃÌÌÌÌÌÌÌÌÌÌÌÌÌVt$~4 !uFHdQ@jjVÿÒÄÇF4!!FHdQDVÿÒÄ^ÃÌÌÌÌÌÌÌ¸ èÆSUl$,E4V3öWÇD$PÇD$,ÿÿÿÿt$$t$ t$=!u9µ\| =!uÇE4!EL$(Qh@jh!ÇP0h!UÿÒÄø\|$9t$(ÿ#E@µD$4D$}h»h<øh é ¶¶PÁá received: 1460 socket: 768	1	1460	0

Queries for potentially installed applications (4 events)

Time & API	Arguments	Return
RegOpenKeyExW July 5, 2024, 11:04 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{14570A78-25CF-4C4B-86E4-D6DFFDA8C567}_is1 base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000001 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{14570A78-25CF-4C4B-86E4-D6DFFDA8C567}_is1	2
RegOpenKeyExW July 5, 2024, 11:05 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{14570A78-25CF-4C4B-86E4-D6DFFDA8C567}_is1 base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000001 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{14570A78-25CF-4C4B-86E4-D6DFFDA8C567}_is1	2
RegOpenKeyExW July 5, 2024, 11:05 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{14570A78-25CF-4C4B-86E4-D6DFFDA8C567}_is1 base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00000001 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{14570A78-25CF-4C4B-86E4-D6DFFDA8C567}_is1	2
RegOpenKeyExW July 5, 2024, 11:05 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{14570A78-25CF-4C4B-86E4-D6DFFDA8C567}_is1 base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000101 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{14570A78-25CF-4C4B-86E4-D6DFFDA8C567}_is1	2

One or more of the buffers contains an embedded PE file (2 events)

buffer	Buffer with sha1: cbd8d7e17aaff18cd18ff6d3c9c105b0a752cd7f
buffer	Buffer with sha1: cb0e1a9f064055d4195177317185cea763f80642

Communicates with host for which no DNS query was performed (1 event)

host

79.101.0.33

Deletes executed files from disk (1 event)

file	C:\Program Files (x86)\Kuwait Ice Hockey DB\DataBase Kuwait.exe

Detects the presence of Wine emulator (1 event)

Time & API	Arguments	Status	Return	Repeated
LdrGetProcedureAddress July 5, 2024, 11:05 a.m.	ordinal: 0 function_address: 0x002f26c8 function_name: wine_get_version module: ntdll module_address: 0x76f10000		3221225785	0

Generates some ICMP traffic

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (9 events)

dead_host	93.188.1.110:56787
dead_host	93.188.1.110:61786
dead_host	93.188.1.110:55469
dead_host	93.188.1.110:51703
dead_host	93.188.1.110:63686
dead_host	93.188.1.110:60918
dead_host	93.188.1.110:58507
dead_host	93.188.1.110:57610
dead_host	93.188.1.110:49547

KuwaitSetupHockey.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All