popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Geek_se.exe

Emotet Generic Malware Malicious Library UPX Malicious Packer Anti_VM PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Nov. 13, 2024, 2:04 p.m. Nov. 13, 2024, 2:25 p.m.
Size 4.8MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 61ed70e09d63d896181ba50d4b39c791
SHA256 9edaa519b106866364ef90c8c5f0fa056a95ef7b35b2ac18e04d8a6b608fdf52
CRC32 E8005A47
ssdeep 98304:RrBx69S11cQy5Z8wNuvjjMzgLRwaf5RPUyzdi9wWT+uKygsgBqW:RrB0gxy5ZbNkjjMzgLRB5RPpw9RKyUB7
PDB Path G:\Projects\uninstall-tool\Ready\geek.pdb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
47.236.122.191 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path G:\Projects\uninstall-tool\Ready\geek.pdb
section .sedata
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
geek_se+0x763ef2 @ 0xb63ef2
geek_se+0x792990 @ 0xb92990
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: eb 09 69 f8 6e 09 f8 46 55 c4 77 c3 e9 63 ff ff
exception.symbol: geek_se+0x6c04b2
exception.instruction: jmp 0xac04bd
exception.module: Geek_se.exe
exception.exception_code: 0x80000003
exception.offset: 7079090
exception.address: 0xac04b2
registers.esp: 1638008
registers.edi: 0
registers.eax: 0
registers.ebp: 1638052
registers.edx: 582600
registers.ebx: 5
registers.esi: 13353152
registers.ecx: 13353152
1 0 0

__exception__

 stacktrace: 

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        1637020
        

      
        registers.edi:
        1637020
        

      
        registers.eax:
        1574007
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        1637256
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        48823096
        

      
        registers.edi:
        48823096
        

      
        registers.eax:
        48759771
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        48823332
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        49871672
        

      
        registers.edi:
        49871672
        

      
        registers.eax:
        49808347
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        49871908
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        51968812
        

      
        registers.edi:
        51968812
        

      
        registers.eax:
        51905511
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        51969048
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        47774524
        

      
        registers.edi:
        47774524
        

      
        registers.eax:
        47711191
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        47774760
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        50920252
        

      
        registers.edi:
        50920252
        

      
        registers.eax:
        50856919
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        50920488
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        53279564
        

      
        registers.edi:
        53279564
        

      
        registers.eax:
        53216199
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227204
        

      
        registers.ebx:
        98811432
        

      
        registers.esi:
        53279800
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        50920252
        

      
        registers.edi:
        50920252
        

      
        registers.eax:
        50856919
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        50920488
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        47774524
        

      
        registers.edi:
        47774524
        

      
        registers.eax:
        47711191
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        47774760
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        48823096
        

      
        registers.edi:
        48823096
        

      
        registers.eax:
        48759771
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        48823332
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        51968812
        

      
        registers.edi:
        51968812
        

      
        registers.eax:
        51905511
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        51969048
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        49871672
        

      
        registers.edi:
        49871672
        

      
        registers.eax:
        49808347
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        49871908
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        47774524
        

      
        registers.edi:
        47774524
        

      
        registers.eax:
        47711191
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        47774760
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        51968812
        

      
        registers.edi:
        51968812
        

      
        registers.eax:
        51905511
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        51969048
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        49871672
        

      
        registers.edi:
        49871672
        

      
        registers.eax:
        49808347
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        49871908
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        50920252
        

      
        registers.edi:
        50920252
        

      
        registers.eax:
        50856919
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        50920488
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        48823096
        

      
        registers.edi:
        48823096
        

      
        registers.eax:
        48759771
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        48823332
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        53279564
        

      
        registers.edi:
        53279564
        

      
        registers.eax:
        53216199
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227204
        

      
        registers.ebx:
        98811432
        

      
        registers.esi:
        53279800
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        50920252
        

      
        registers.edi:
        50920252
        

      
        registers.eax:
        50856919
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        50920488
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        47774524
        

      
        registers.edi:
        47774524
        

      
        registers.eax:
        47711191
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        47774760
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        51968812
        

      
        registers.edi:
        51968812
        

      
        registers.eax:
        51905511
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        51969048
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        48823096
        

      
        registers.edi:
        48823096
        

      
        registers.eax:
        48759771
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        48823332
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        49871672
        

      
        registers.edi:
        49871672
        

      
        registers.eax:
        49808347
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        49871908
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        47774524
        

      
        registers.edi:
        47774524
        

      
        registers.eax:
        47711191
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        47774760
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        50920252
        

      
        registers.edi:
        50920252
        

      
        registers.eax:
        50856919
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        50920488
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        51968812
        

      
        registers.edi:
        51968812
        

      
        registers.eax:
        51905511
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        51969048
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        48823096
        

      
        registers.edi:
        48823096
        

      
        registers.eax:
        48759771
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        48823332
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        49871672
        

      
        registers.edi:
        49871672
        

      
        registers.eax:
        49808347
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        49871908
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        53279564
        

      
        registers.edi:
        53279564
        

      
        registers.eax:
        53216199
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227204
        

      
        registers.ebx:
        98811432
        

      
        registers.esi:
        53279800
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        47774524
        

      
        registers.edi:
        47774524
        

      
        registers.eax:
        47711191
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        47774760
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        50920252
        

      
        registers.edi:
        50920252
        

      
        registers.eax:
        50856919
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        50920488
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        48823096
        

      
        registers.edi:
        48823096
        

      
        registers.eax:
        48759771
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        48823332
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        51968812
        

      
        registers.edi:
        51968812
        

      
        registers.eax:
        51905511
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        51969048
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        49871672
        

      
        registers.edi:
        49871672
        

      
        registers.eax:
        49808347
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        49871908
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        47774524
        

      
        registers.edi:
        47774524
        

      
        registers.eax:
        47711191
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        47774760
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        50920252
        

      
        registers.edi:
        50920252
        

      
        registers.eax:
        50856919
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        50920488
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        51968812
        

      
        registers.edi:
        51968812
        

      
        registers.eax:
        51905511
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        51969048
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        48823096
        

      
        registers.edi:
        48823096
        

      
        registers.eax:
        48759771
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        48823332
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        49871672
        

      
        registers.edi:
        49871672
        

      
        registers.eax:
        49808347
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        49871908
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        53279564
        

      
        registers.edi:
        53279564
        

      
        registers.eax:
        53216199
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227204
        

      
        registers.ebx:
        98811432
        

      
        registers.esi:
        53279800
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        50920252
        

      
        registers.edi:
        50920252
        

      
        registers.eax:
        50856919
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        50920488
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        47774524
        

      
        registers.edi:
        47774524
        

      
        registers.eax:
        47711191
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        47774760
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        48823096
        

      
        registers.edi:
        48823096
        

      
        registers.eax:
        48759771
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        48823332
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        51968812
        

      
        registers.edi:
        51968812
        

      
        registers.eax:
        51905511
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        51969048
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        49871672
        

      
        registers.edi:
        49871672
        

      
        registers.eax:
        49808347
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        49871908
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        47774524
        

      
        registers.edi:
        47774524
        

      
        registers.eax:
        47711191
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        47774760
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        50920252
        

      
        registers.edi:
        50920252
        

      
        registers.eax:
        50856919
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        50920488
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        51968812
        

      
        registers.edi:
        51968812
        

      
        registers.eax:
        51905511
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        51969048
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        e9 d2 f7 ff ff 8a 04 24 e9 2a 01 00 00 66 0f b3
        

      
        exception.symbol:
        geek_se+0x6e9c38
        

      
        exception.instruction:
        jmp 0xae940f
        

      
        exception.module:
        Geek_se.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        7248952
        

      
        exception.address:
        0xae9c38
        

      
    
  
    
      
        registers.esp:
        48823096
        

      
        registers.edi:
        48823096
        

      
        registers.eax:
        48759771
        

      
        registers.ebp:
        11451641
        

      
        registers.edx:
        11227171
        

      
        registers.ebx:
        2178750439
        

      
        registers.esi:
        48823332
        

      
        registers.ecx:
        665287361
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    

                                    
                                        

                                            Time & API
                                            Arguments
                                            Status
                                            Return
                                            Repeated
                                        

                                    

                                

                                

                                    

  
NtAllocateVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      region_size:
      
        
          458752
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x00bf0000
        
      
      
      

    
  
    
      allocation_type:
      
        
          8192
        
      
      
        (MEM_RESERVE)
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtAllocateVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      region_size:
      
        
          4096
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x00c20000
        
      
      
      

    
  
    
      allocation_type:
      
        
          4096
        
      
      
        (MEM_COMMIT)
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtAllocateVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      region_size:
      
        
          1576960
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x02820000
        
      
      
      

    
  
    
      allocation_type:
      
        
          4096
        
      
      
        (MEM_COMMIT)
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          65536
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x76f20000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtAllocateVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      region_size:
      
        
          1048576
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      allocation_type:
      
        
          8192
        
      
      
        (MEM_RESERVE)
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtAllocateVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      region_size:
      
        
          294912
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      allocation_type:
      
        
          4096
        
      
      
        (MEM_COMMIT)
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          24576
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x759aa000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2556
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x026e0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    
                                        
                                    
                                        
                                            section
                                            {u'size_of_data': u'0x003a1800', u'virtual_address': u'0x00001000', u'entropy': 7.999961377636853, u'name': u'.text', u'virtual_size': u'0x006b4000'}
                                        
                                    
                                        
                                            entropy
                                            7.99996137764
                                        
                                    
                                        
                                            description
                                            A section with a high entropy has been found
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                    
                                        
                                            section
                                            {u'size_of_data': u'0x000e3200', u'virtual_address': u'0x006b5000', u'entropy': 7.622147112015549, u'name': u'.sedata', u'virtual_size': u'0x000e4000'}
                                        
                                    
                                        
                                            entropy
                                            7.62214711202
                                        
                                    
                                        
                                            description
                                            A section with a high entropy has been found
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                    
                                        
                                            section
                                            {u'size_of_data': u'0x00001000', u'virtual_address': u'0x007e2000', u'entropy': 7.980612495857726, u'name': u'.sedata', u'virtual_size': u'0x00001000'}
                                        
                                    
                                        
                                            entropy
                                            7.98061249586
                                        
                                    
                                        
                                            description
                                            A section with a high entropy has been found
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                    
                                        
                                            entropy
                                            0.941541276942
                                        
                                    
                                        
                                            description
                                            Overall entropy of this PE file is high
                                        
                                    
                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    
                                        
                                            host
                                            47.236.122.191
                                        
                                    
                                        
                                    
                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    dead_host
                                    47.236.122.191:7900
                                    
                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    Bkav
                                    W32.AIDetectMalware
                                    
                                


                            

                        

                            

                                

                                    Lionic
                                    Hacktool.Win32.Generic.lvTx
                                    
                                


                            

                        

                            

                                

                                    Cynet
                                    Malicious (score: 100)
                                    
                                


                            

                        

                            

                                

                                    Skyhigh
                                    BehavesLike.Win32.Generic.rc
                                    
                                


                            

                        

                            

                                

                                    ALYac
                                    Trojan.GenericKD.74336931
                                    
                                


                            

                        

                            

                                

                                    Cylance
                                    Unsafe
                                    
                                


                            

                        

                            

                                

                                    VIPRE
                                    Trojan.GenericKD.74336931
                                    
                                


                            

                        

                            

                                

                                    CrowdStrike
                                    win/malicious_confidence_100% (W)
                                    
                                


                            

                        

                            

                                

                                    BitDefender
                                    Trojan.GenericKD.74336931
                                    
                                


                            

                        

                            

                                

                                    K7GW
                                    Trojan ( 005239691 )
                                    
                                


                            

                        

                            

                                

                                    K7AntiVirus
                                    Trojan ( 005239691 )
                                    
                                


                            

                        

                            

                                

                                    Arcabit
                                    Trojan.Generic.D46E4AA3
                                    
                                


                            

                        

                            

                                

                                    VirIT
                                    Trojan.Win32.Genus.WSJ
                                    
                                


                            

                        

                            

                                

                                    Symantec
                                    ML.Attribute.HighConfidence
                                    
                                


                            

                        

                            

                                

                                    Elastic
                                    malicious (high confidence)
                                    
                                


                            

                        

                            

                                

                                    ESET-NOD32
                                    a variant of Win32/Packed.NoobyProtect.G suspicious
                                    
                                


                            

                        

                            

                                

                                    APEX
                                    Malicious
                                    
                                


                            

                        

                            

                                

                                    Avast
                                    Win32:Evo-gen [Trj]
                                    
                                


                            

                        

                            

                                

                                    Kaspersky
                                    Trojan.Win32.Shelm.aqkv
                                    
                                


                            

                        

                            

                                

                                    Alibaba
                                    Trojan:Win32/Shelm.c1fb020f
                                    
                                


                            

                        

                            

                                

                                    MicroWorld-eScan
                                    Trojan.GenericKD.74336931
                                    
                                


                            

                        

                            

                                

                                    Rising
                                    Trojan.Shelm!8.166E5 (CLOUD)
                                    
                                


                            

                        

                            

                                

                                    Emsisoft
                                    Trojan.GenericKD.74336931 (B)
                                    
                                


                            

                        

                            

                                

                                    F-Secure
                                    Trojan.TR/Meterpreter.qhfne
                                    
                                


                            

                        

                            

                                

                                    Zillya
                                    Trojan.Shelm.Win32.5835
                                    
                                


                            

                        

                            

                                

                                    TrendMicro
                                    Backdoor.Win32.SWRORT.YXEJSZ
                                    
                                


                            

                        

                            

                                

                                    McAfeeD
                                    ti!9EDAA519B106
                                    
                                


                            

                        

                            

                                

                                    Trapmine
                                    malicious.high.ml.score
                                    
                                


                            

                        

                            

                                

                                    CTX
                                    exe.trojan.noobyprotect
                                    
                                


                            

                        

                            

                                

                                    Sophos
                                    Mal/Generic-S
                                    
                                


                            

                        

                            

                                

                                    SentinelOne
                                    Static AI - Malicious PE
                                    
                                


                            

                        

                            

                                

                                    FireEye
                                    Generic.mg.61ed70e09d63d896
                                    
                                


                            

                        

                            

                                

                                    Google
                                    Detected
                                    
                                


                            

                        

                            

                                

                                    Avira
                                    TR/Meterpreter.qhfne
                                    
                                


                            

                        

                            

                                

                                    Antiy-AVL
                                    GrayWare/Win32.SafeGuard.a
                                    
                                


                            

                        

                            

                                

                                    Kingsoft
                                    Win32.Troj.Unknown.a
                                    
                                


                            

                        

                            

                                

                                    Gridinsoft
                                    Trojan.Heur!.03010421
                                    
                                


                            

                        

                            

                                

                                    Xcitium
                                    TrojWare.Win32.Amtar.KNB@4wlm66
                                    
                                


                            

                        

                            

                                

                                    Microsoft
                                    Trojan:Win32/Meterpreter!rfn
                                    
                                


                            

                        

                            

                                

                                    ViRobot
                                    Trojan.Win.Z.Noobyprotect.5057520
                                    
                                


                            

                        

                            

                                

                                    GData
                                    Win32.Packed.NoobyProtect.B
                                    
                                


                            

                        

                            

                                

                                    Varist
                                    W32/Trojan.HPC.gen!Eldorado
                                    
                                


                            

                        

                            

                                

                                    AhnLab-V3
                                    Malware/Win.Generic.R646845
                                    
                                


                            

                        

                            

                                

                                    McAfee
                                    Artemis!61ED70E09D63
                                    
                                


                            

                        

                            

                                

                                    DeepInstinct
                                    MALICIOUS
                                    
                                


                            

                        

                            

                                

                                    VBA32
                                    TScope.Malware-Cryptor.SB
                                    
                                


                            

                        

                            

                                

                                    Ikarus
                                    PUA.NoobyProtect
                                    
                                


                            

                        

                            

                                

                                    TrendMicro-HouseCall
                                    Backdoor.Win32.SWRORT.YXEJSZ
                                    
                                


                            

                        

                            

                                

                                    Tencent
                                    Malware.Win32.Gencirc.11ca094d
                                    
                                


                            

                        

                            

                                

                                    Yandex
                                    Trojan.Shelm!PbJfkS7mO2A