7.0
高危
56 个模型检测该样本为恶意!
重新分析
更多

f4369bd3bcd98f957248c6c7c145328cf546de76b16f46b8c4cedc04299d1374

0690bf022657f5e7c1ea7179abf17779.exe

分析耗时

96s

最近分析

文件大小

778.0KB
静态报毒 动态报毒 100% AI SCORE=87 ALI2000015 BT23CY CLASSIC CONFIDENCE DELF DELFINJECT DELPHILESS ELDORADO EMOL EMOY FAREIT GENETIC HIGH CONFIDENCE HMKBXP IGENT INJUKE KRYPTIK LOKIBOT MALWARE@#1OFEDWCLRRFD4 R002C0DKU20 RATX SCORE STATIC AI SUSGEN SUSPICIOUS PE TSCOPE UNSAFE VJZAK WGW@AGDQVQGI X2085 ZELPHIF ZUSY 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/DelfInject.ali2000015 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:RATX-gen [Trj] 20201228 21.1.5827.0
Kingsoft 20201228 2017.9.26.565
McAfee Fareit-FVZ!0690BF022657 20201228 6.0.6.653
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (36 个事件)
Time & API Arguments Status Return Repeated
1619134512.414155
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 35848004
registers.edi: 0
registers.eax: 0
registers.ebp: 35848072
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 1969237513
exception.instruction_r: f7 f0 89 ff 89 ff 89 ff 89 ff 33 c0 5a 59 59 64
exception.symbol: 0690bf022657f5e7c1ea7179abf17779+0x6f991
exception.instruction: div eax
exception.module: 0690bf022657f5e7c1ea7179abf17779.exe
exception.exception_code: 0xc0000094
exception.offset: 457105
exception.address: 0x46f991
success 0 0
1619134514.617422
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7501e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7501ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7501b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7501b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7501ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7501aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x75015511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7501559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x75157f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x75154de3
0690bf022657f5e7c1ea7179abf17779+0x40a4d @ 0x440a4d
0690bf022657f5e7c1ea7179abf17779+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xff3e14ad
success 0 0
1619134513.609
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 34340676
registers.edi: 0
registers.eax: 0
registers.ebp: 34340744
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 1969237513
exception.instruction_r: f7 f0 89 ff 89 ff 89 ff 89 ff 33 c0 5a 59 59 64
exception.symbol: 0690bf022657f5e7c1ea7179abf17779+0x6f991
exception.instruction: div eax
exception.module: 0690bf022657f5e7c1ea7179abf17779.exe
exception.exception_code: 0xc0000094
exception.offset: 457105
exception.address: 0x46f991
success 0 0
1619147409.590375
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 34275140
registers.edi: 0
registers.eax: 0
registers.ebp: 34275208
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 1969237513
exception.instruction_r: f7 f0 89 ff 89 ff 89 ff 89 ff 33 c0 5a 59 59 64
exception.symbol: 0690bf022657f5e7c1ea7179abf17779+0x6f991
exception.instruction: div eax
exception.module: 0690bf022657f5e7c1ea7179abf17779.exe
exception.exception_code: 0xc0000094
exception.offset: 457105
exception.address: 0x46f991
success 0 0
1619147411.590502
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7509e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7509ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7509b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7509b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7509ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7509aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x75095511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7509559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x75107f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x75104de3
0690bf022657f5e7c1ea7179abf17779+0x40a4d @ 0x440a4d
0690bf022657f5e7c1ea7179abf17779+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xff3d14ad
success 0 0
1619147411.71575
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 35979076
registers.edi: 0
registers.eax: 0
registers.ebp: 35979144
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 1969237513
exception.instruction_r: f7 f0 89 ff 89 ff 89 ff 89 ff 33 c0 5a 59 59 64
exception.symbol: 0690bf022657f5e7c1ea7179abf17779+0x6f991
exception.instruction: div eax
exception.module: 0690bf022657f5e7c1ea7179abf17779.exe
exception.exception_code: 0xc0000094
exception.offset: 457105
exception.address: 0x46f991
success 0 0
1619147414.85625
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 34799428
registers.edi: 0
registers.eax: 0
registers.ebp: 34799496
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 1969237513
exception.instruction_r: f7 f0 89 ff 89 ff 89 ff 89 ff 33 c0 5a 59 59 64
exception.symbol: 0690bf022657f5e7c1ea7179abf17779+0x6f991
exception.instruction: div eax
exception.module: 0690bf022657f5e7c1ea7179abf17779.exe
exception.exception_code: 0xc0000094
exception.offset: 457105
exception.address: 0x46f991
success 0 0
1619147416.8875
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7501e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7501ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7501b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7501b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7501ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7501aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x75015511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7501559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x751a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x751a4de3
0690bf022657f5e7c1ea7179abf17779+0x40a4d @ 0x440a4d
0690bf022657f5e7c1ea7179abf17779+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfdc614ad
success 0 0
1619147417.137875
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 37093188
registers.edi: 0
registers.eax: 0
registers.ebp: 37093256
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 1969237513
exception.instruction_r: f7 f0 89 ff 89 ff 89 ff 89 ff 33 c0 5a 59 59 64
exception.symbol: 0690bf022657f5e7c1ea7179abf17779+0x6f991
exception.instruction: div eax
exception.module: 0690bf022657f5e7c1ea7179abf17779.exe
exception.exception_code: 0xc0000094
exception.offset: 457105
exception.address: 0x46f991
success 0 0
1619147420.324875
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 48955204
registers.edi: 0
registers.eax: 0
registers.ebp: 48955272
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 1969237513
exception.instruction_r: f7 f0 89 ff 89 ff 89 ff 89 ff 33 c0 5a 59 59 64
exception.symbol: 0690bf022657f5e7c1ea7179abf17779+0x6f991
exception.instruction: div eax
exception.module: 0690bf022657f5e7c1ea7179abf17779.exe
exception.exception_code: 0xc0000094
exception.offset: 457105
exception.address: 0x46f991
success 0 0
1619147423.262875
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x750ee97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x750eea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x750eb25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x750eb4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x750eac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x750eaed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x750e5511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x750e559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x75157f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x75154de3
0690bf022657f5e7c1ea7179abf17779+0x40a4d @ 0x440a4d
0690bf022657f5e7c1ea7179abf17779+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xff4114ad
success 0 0
1619147422.216125
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 34340676
registers.edi: 0
registers.eax: 0
registers.ebp: 34340744
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 1969237513
exception.instruction_r: f7 f0 89 ff 89 ff 89 ff 89 ff 33 c0 5a 59 59 64
exception.symbol: 0690bf022657f5e7c1ea7179abf17779+0x6f991
exception.instruction: div eax
exception.module: 0690bf022657f5e7c1ea7179abf17779.exe
exception.exception_code: 0xc0000094
exception.offset: 457105
exception.address: 0x46f991
success 0 0
1619147426.809875
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 50003780
registers.edi: 0
registers.eax: 0
registers.ebp: 50003848
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 1969237513
exception.instruction_r: f7 f0 89 ff 89 ff 89 ff 89 ff 33 c0 5a 59 59 64
exception.symbol: 0690bf022657f5e7c1ea7179abf17779+0x6f991
exception.instruction: div eax
exception.module: 0690bf022657f5e7c1ea7179abf17779.exe
exception.exception_code: 0xc0000094
exception.offset: 457105
exception.address: 0x46f991
success 0 0
1619147428.199375
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7501e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7501ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7501b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7501b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7501ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7501aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x75015511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7501559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x751a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x751a4de3
0690bf022657f5e7c1ea7179abf17779+0x40a4d @ 0x440a4d
0690bf022657f5e7c1ea7179abf17779+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xff5214ad
success 0 0
1619147428.93425
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 48758596
registers.edi: 0
registers.eax: 0
registers.ebp: 48758664
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 1969237513
exception.instruction_r: f7 f0 89 ff 89 ff 89 ff 89 ff 33 c0 5a 59 59 64
exception.symbol: 0690bf022657f5e7c1ea7179abf17779+0x6f991
exception.instruction: div eax
exception.module: 0690bf022657f5e7c1ea7179abf17779.exe
exception.exception_code: 0xc0000094
exception.offset: 457105
exception.address: 0x46f991
success 0 0
1619147432.590875
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 35782468
registers.edi: 0
registers.eax: 0
registers.ebp: 35782536
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 1969237513
exception.instruction_r: f7 f0 89 ff 89 ff 89 ff 89 ff 33 c0 5a 59 59 64
exception.symbol: 0690bf022657f5e7c1ea7179abf17779+0x6f991
exception.instruction: div eax
exception.module: 0690bf022657f5e7c1ea7179abf17779.exe
exception.exception_code: 0xc0000094
exception.offset: 457105
exception.address: 0x46f991
success 0 0
1619147434.779
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x750ee97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x750eea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x750eb25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x750eb4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x750eac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x750eaed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x750e5511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x750e559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x75157f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x75154de3
0690bf022657f5e7c1ea7179abf17779+0x40a4d @ 0x440a4d
0690bf022657f5e7c1ea7179abf17779+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 232
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 232
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfdb114ad
success 0 0
1619147434.888
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 49545028
registers.edi: 0
registers.eax: 0
registers.ebp: 49545096
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 1969237513
exception.instruction_r: f7 f0 89 ff 89 ff 89 ff 89 ff 33 c0 5a 59 59 64
exception.symbol: 0690bf022657f5e7c1ea7179abf17779+0x6f991
exception.instruction: div eax
exception.module: 0690bf022657f5e7c1ea7179abf17779.exe
exception.exception_code: 0xc0000094
exception.offset: 457105
exception.address: 0x46f991
success 0 0
1619147439.24675
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 49217348
registers.edi: 0
registers.eax: 0
registers.ebp: 49217416
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 1969237513
exception.instruction_r: f7 f0 89 ff 89 ff 89 ff 89 ff 33 c0 5a 59 59 64
exception.symbol: 0690bf022657f5e7c1ea7179abf17779+0x6f991
exception.instruction: div eax
exception.module: 0690bf022657f5e7c1ea7179abf17779.exe
exception.exception_code: 0xc0000094
exception.offset: 457105
exception.address: 0x46f991
success 0 0
1619147440.935
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7501e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7501ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7501b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7501b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7501ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7501aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x75015511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7501559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x751a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x751a4de3
0690bf022657f5e7c1ea7179abf17779+0x40a4d @ 0x440a4d
0690bf022657f5e7c1ea7179abf17779+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xff3214ad
success 0 0
1619147440.96575
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 35127108
registers.edi: 0
registers.eax: 0
registers.ebp: 35127176
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 1969237513
exception.instruction_r: f7 f0 89 ff 89 ff 89 ff 89 ff 33 c0 5a 59 59 64
exception.symbol: 0690bf022657f5e7c1ea7179abf17779+0x6f991
exception.instruction: div eax
exception.module: 0690bf022657f5e7c1ea7179abf17779.exe
exception.exception_code: 0xc0000094
exception.offset: 457105
exception.address: 0x46f991
success 0 0
1619147443.934502
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 50528068
registers.edi: 0
registers.eax: 0
registers.ebp: 50528136
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 1969237513
exception.instruction_r: f7 f0 89 ff 89 ff 89 ff 89 ff 33 c0 5a 59 59 64
exception.symbol: 0690bf022657f5e7c1ea7179abf17779+0x6f991
exception.instruction: div eax
exception.module: 0690bf022657f5e7c1ea7179abf17779.exe
exception.exception_code: 0xc0000094
exception.offset: 457105
exception.address: 0x46f991
success 0 0
1619147445.434502
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x750ee97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x750eea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x750eb25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x750eb4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x750eac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x750eaed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x750e5511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x750e559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x75157f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x75154de3
0690bf022657f5e7c1ea7179abf17779+0x40a4d @ 0x440a4d
0690bf022657f5e7c1ea7179abf17779+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xff1e14ad
success 0 0
1619147445.825125
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 33816388
registers.edi: 0
registers.eax: 0
registers.ebp: 33816456
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 1969237513
exception.instruction_r: f7 f0 89 ff 89 ff 89 ff 89 ff 33 c0 5a 59 59 64
exception.symbol: 0690bf022657f5e7c1ea7179abf17779+0x6f991
exception.instruction: div eax
exception.module: 0690bf022657f5e7c1ea7179abf17779.exe
exception.exception_code: 0xc0000094
exception.offset: 457105
exception.address: 0x46f991
success 0 0
1619147448.21525
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 36437828
registers.edi: 0
registers.eax: 0
registers.ebp: 36437896
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 1969237513
exception.instruction_r: f7 f0 89 ff 89 ff 89 ff 89 ff 33 c0 5a 59 59 64
exception.symbol: 0690bf022657f5e7c1ea7179abf17779+0x6f991
exception.instruction: div eax
exception.module: 0690bf022657f5e7c1ea7179abf17779.exe
exception.exception_code: 0xc0000094
exception.offset: 457105
exception.address: 0x46f991
success 0 0
1619147449.715875
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7501e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7501ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7501b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7501b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7501ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7501aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x75015511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7501559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x751a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x751a4de3
0690bf022657f5e7c1ea7179abf17779+0x40a4d @ 0x440a4d
0690bf022657f5e7c1ea7179abf17779+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xff3d14ad
success 0 0
1619147450.028625
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 34209604
registers.edi: 0
registers.eax: 0
registers.ebp: 34209672
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 1969237513
exception.instruction_r: f7 f0 89 ff 89 ff 89 ff 89 ff 33 c0 5a 59 59 64
exception.symbol: 0690bf022657f5e7c1ea7179abf17779+0x6f991
exception.instruction: div eax
exception.module: 0690bf022657f5e7c1ea7179abf17779.exe
exception.exception_code: 0xc0000094
exception.offset: 457105
exception.address: 0x46f991
success 0 0
1619147452.35675
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 34340676
registers.edi: 0
registers.eax: 0
registers.ebp: 34340744
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 1969237513
exception.instruction_r: f7 f0 89 ff 89 ff 89 ff 89 ff 33 c0 5a 59 59 64
exception.symbol: 0690bf022657f5e7c1ea7179abf17779+0x6f991
exception.instruction: div eax
exception.module: 0690bf022657f5e7c1ea7179abf17779.exe
exception.exception_code: 0xc0000094
exception.offset: 457105
exception.address: 0x46f991
success 0 0
1619147453.88725
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x750ee97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x750eea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x750eb25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x750eb4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x750eac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x750eaed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x750e5511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x750e559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x75157f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x75154de3
0690bf022657f5e7c1ea7179abf17779+0x40a4d @ 0x440a4d
0690bf022657f5e7c1ea7179abf17779+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfda514ad
success 0 0
1619147453.746375
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 34733892
registers.edi: 0
registers.eax: 0
registers.ebp: 34733960
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 1969237513
exception.instruction_r: f7 f0 89 ff 89 ff 89 ff 89 ff 33 c0 5a 59 59 64
exception.symbol: 0690bf022657f5e7c1ea7179abf17779+0x6f991
exception.instruction: div eax
exception.module: 0690bf022657f5e7c1ea7179abf17779.exe
exception.exception_code: 0xc0000094
exception.offset: 457105
exception.address: 0x46f991
success 0 0
1619147456.73175
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 48299844
registers.edi: 0
registers.eax: 0
registers.ebp: 48299912
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 1969237513
exception.instruction_r: f7 f0 89 ff 89 ff 89 ff 89 ff 33 c0 5a 59 59 64
exception.symbol: 0690bf022657f5e7c1ea7179abf17779+0x6f991
exception.instruction: div eax
exception.module: 0690bf022657f5e7c1ea7179abf17779.exe
exception.exception_code: 0xc0000094
exception.offset: 457105
exception.address: 0x46f991
success 0 0
1619147458.30925
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7501e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7501ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7501b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7501b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7501ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7501aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x75015511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7501559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x751a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x751a4de3
0690bf022657f5e7c1ea7179abf17779+0x40a4d @ 0x440a4d
0690bf022657f5e7c1ea7179abf17779+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfda314ad
success 0 0
1619147458.824375
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 35585860
registers.edi: 0
registers.eax: 0
registers.ebp: 35585928
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 1969237513
exception.instruction_r: f7 f0 89 ff 89 ff 89 ff 89 ff 33 c0 5a 59 59 64
exception.symbol: 0690bf022657f5e7c1ea7179abf17779+0x6f991
exception.instruction: div eax
exception.module: 0690bf022657f5e7c1ea7179abf17779.exe
exception.exception_code: 0xc0000094
exception.offset: 457105
exception.address: 0x46f991
success 0 0
1619147461.372125
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 49151812
registers.edi: 0
registers.eax: 0
registers.ebp: 49151880
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 1969237513
exception.instruction_r: f7 f0 89 ff 89 ff 89 ff 89 ff 33 c0 5a 59 59 64
exception.symbol: 0690bf022657f5e7c1ea7179abf17779+0x6f991
exception.instruction: div eax
exception.module: 0690bf022657f5e7c1ea7179abf17779.exe
exception.exception_code: 0xc0000094
exception.offset: 457105
exception.address: 0x46f991
success 0 0
1619147462.528625
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x750ee97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x750eea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x750eb25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x750eb4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x750eac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x750eaed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x750e5511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x750e559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x75157f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x75154de3
0690bf022657f5e7c1ea7179abf17779+0x40a4d @ 0x440a4d
0690bf022657f5e7c1ea7179abf17779+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xff3a14ad
success 0 0
1619147462.8565
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 35454788
registers.edi: 0
registers.eax: 0
registers.ebp: 35454856
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 1969237513
exception.instruction_r: f7 f0 89 ff 89 ff 89 ff 89 ff 33 c0 5a 59 59 64
exception.symbol: 0690bf022657f5e7c1ea7179abf17779+0x6f991
exception.instruction: div eax
exception.module: 0690bf022657f5e7c1ea7179abf17779.exe
exception.exception_code: 0xc0000094
exception.offset: 457105
exception.address: 0x46f991
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (50 out of 397 个事件)
Time & API Arguments Status Return Repeated
1619134512.211155
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003d0000
success 0 0
1619134512.414155
NtProtectVirtualMemory
process_identifier: 2200
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 36864
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0046f000
success 0 0
1619134512.414155
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x007f0000
success 0 0
1619134513.398422
NtProtectVirtualMemory
process_identifier: 2420
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619134513.445422
NtAllocateVirtualMemory
process_identifier: 2420
region_size: 1245184
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01e90000
success 0 0
1619134513.445422
NtAllocateVirtualMemory
process_identifier: 2420
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01f80000
success 0 0
1619134513.476422
NtAllocateVirtualMemory
process_identifier: 2420
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x004c0000
success 0 0
1619134513.476422
NtProtectVirtualMemory
process_identifier: 2420
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 118784
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x004c2000
success 0 0
1619134513.945422
NtAllocateVirtualMemory
process_identifier: 2420
region_size: 655360
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01d60000
success 0 0
1619134513.945422
NtAllocateVirtualMemory
process_identifier: 2420
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01dc0000
success 0 0
1619134514.585422
NtProtectVirtualMemory
process_identifier: 2420
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e82000
success 0 0
1619134514.585422
NtProtectVirtualMemory
process_identifier: 2420
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619134514.585422
NtProtectVirtualMemory
process_identifier: 2420
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e82000
success 0 0
1619134514.585422
NtProtectVirtualMemory
process_identifier: 2420
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619134514.585422
NtProtectVirtualMemory
process_identifier: 2420
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e82000
success 0 0
1619134514.585422
NtProtectVirtualMemory
process_identifier: 2420
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619134514.585422
NtProtectVirtualMemory
process_identifier: 2420
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e82000
success 0 0
1619134514.585422
NtProtectVirtualMemory
process_identifier: 2420
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619134514.585422
NtProtectVirtualMemory
process_identifier: 2420
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e82000
success 0 0
1619134514.585422
NtProtectVirtualMemory
process_identifier: 2420
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619134514.585422
NtProtectVirtualMemory
process_identifier: 2420
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e82000
success 0 0
1619134514.585422
NtProtectVirtualMemory
process_identifier: 2420
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619134514.585422
NtProtectVirtualMemory
process_identifier: 2420
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e82000
success 0 0
1619134514.585422
NtProtectVirtualMemory
process_identifier: 2420
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619134514.585422
NtProtectVirtualMemory
process_identifier: 2420
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e82000
success 0 0
1619134514.585422
NtProtectVirtualMemory
process_identifier: 2420
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619134514.585422
NtProtectVirtualMemory
process_identifier: 2420
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e82000
success 0 0
1619134514.585422
NtProtectVirtualMemory
process_identifier: 2420
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619134514.585422
NtProtectVirtualMemory
process_identifier: 2420
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e82000
success 0 0
1619134514.585422
NtProtectVirtualMemory
process_identifier: 2420
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619134513.515
NtAllocateVirtualMemory
process_identifier: 2740
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e0000
success 0 0
1619134513.609
NtProtectVirtualMemory
process_identifier: 2740
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 36864
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0046f000
success 0 0
1619134513.64
NtAllocateVirtualMemory
process_identifier: 2740
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00570000
success 0 0
1619147409.496375
NtAllocateVirtualMemory
process_identifier: 1380
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003f0000
success 0 0
1619147409.590375
NtProtectVirtualMemory
process_identifier: 1380
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 36864
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0046f000
success 0 0
1619147409.590375
NtAllocateVirtualMemory
process_identifier: 1380
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x020c0000
success 0 0
1619147411.168502
NtProtectVirtualMemory
process_identifier: 3000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619147411.199502
NtAllocateVirtualMemory
process_identifier: 3000
region_size: 2162688
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01e80000
success 0 0
1619147411.199502
NtAllocateVirtualMemory
process_identifier: 3000
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02050000
success 0 0
1619147411.199502
NtAllocateVirtualMemory
process_identifier: 3000
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003c0000
success 0 0
1619147411.199502
NtProtectVirtualMemory
process_identifier: 3000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 118784
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x003c2000
success 0 0
1619147411.293502
NtAllocateVirtualMemory
process_identifier: 3000
region_size: 2162688
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x02090000
success 0 0
1619147411.293502
NtAllocateVirtualMemory
process_identifier: 3000
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02260000
success 0 0
1619147411.528502
NtProtectVirtualMemory
process_identifier: 3000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e72000
success 0 0
1619147411.528502
NtProtectVirtualMemory
process_identifier: 3000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619147411.528502
NtProtectVirtualMemory
process_identifier: 3000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e72000
success 0 0
1619147411.528502
NtProtectVirtualMemory
process_identifier: 3000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619147411.528502
NtProtectVirtualMemory
process_identifier: 3000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e72000
success 0 0
1619147411.528502
NtProtectVirtualMemory
process_identifier: 3000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619147411.528502
NtProtectVirtualMemory
process_identifier: 3000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e72000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (34 个事件)
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.493170557258836 section {'size_of_data': '0x0003ee00', 'virtual_address': '0x0008a000', 'entropy': 7.493170557258836, 'name': '.rsrc', 'virtual_size': '0x0003ed9c'} description A section with a high entropy has been found
entropy 0.3236808236808237 description Overall entropy of this PE file is high
Expresses interest in specific running processes (1 个事件)
process 0690bf022657f5e7c1ea7179abf17779.exe
Repeatedly searches for a not-found process, you may want to run a web browser during analysis (24 个事件)
Time & API Arguments Status Return Repeated
1619134512.414155
Process32NextW
process_name: 0690bf022657f5e7c1ea7179abf17779.exe
snapshot_handle: 0x000000fc
process_identifier: 2200
failed 0 0
1619134519.515
Process32NextW
process_name: 0690bf022657f5e7c1ea7179abf17779.exe
snapshot_handle: 0x000001a8
process_identifier: 2740
failed 0 0
1619147409.606375
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x000000fc
process_identifier: 2636
failed 0 0
1619147414.29375
Process32NextW
process_name: 0690bf022657f5e7c1ea7179abf17779.exe
snapshot_handle: 0x00000150
process_identifier: 2116
failed 0 0
1619147414.99625
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x000000fc
process_identifier: 1464
failed 0 0
1619147419.668875
Process32NextW
process_name: 0690bf022657f5e7c1ea7179abf17779.exe
snapshot_handle: 0x00000134
process_identifier: 2632
failed 0 0
1619147420.356875
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x000000fc
process_identifier: 2988
failed 0 0
1619147426.044125
Process32NextW
process_name: 0690bf022657f5e7c1ea7179abf17779.exe
snapshot_handle: 0x0000014c
process_identifier: 2104
failed 0 0
1619147426.824875
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x000000fc
process_identifier: 2944
failed 0 0
1619147431.34025
Process32NextW
process_name: 0690bf022657f5e7c1ea7179abf17779.exe
snapshot_handle: 0x00000140
process_identifier: 3096
failed 0 0
1619147432.637875
Process32NextW
process_name: 0690bf022657f5e7c1ea7179abf17779.exe
snapshot_handle: 0x000000fc
process_identifier: 3216
failed 0 0
1619147438.607
Process32NextW
process_name: dllhost.exe
snapshot_handle: 0x00000144
process_identifier: 3604
failed 0 0
1619147439.26275
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x000000fc
process_identifier: 3700
failed 0 0
1619147443.66875
Process32NextW
process_name: 0690bf022657f5e7c1ea7179abf17779.exe
snapshot_handle: 0x0000013c
process_identifier: 3780
failed 0 0
1619147443.949502
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x000000fc
process_identifier: 3940
failed 0 0
1619147447.622125
Process32NextW
process_name: 0690bf022657f5e7c1ea7179abf17779.exe
snapshot_handle: 0x00000130
process_identifier: 4024
failed 0 0
1619147448.24625
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x000000fc
process_identifier: 2652
failed 0 0
1619147451.903625
Process32NextW
process_name: 0690bf022657f5e7c1ea7179abf17779.exe
snapshot_handle: 0x00000128
process_identifier: 3256
failed 0 0
1619147452.37175
Process32NextW
process_name: 0690bf022657f5e7c1ea7179abf17779.exe
snapshot_handle: 0x000000fc
process_identifier: 3500
failed 0 0
1619147456.153375
Process32NextW
process_name: 0690bf022657f5e7c1ea7179abf17779.exe
snapshot_handle: 0x00000140
process_identifier: 3760
failed 0 0
1619147456.77875
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x000000fc
process_identifier: 3952
failed 0 0
1619147460.824375
Process32NextW
process_name: 0690bf022657f5e7c1ea7179abf17779.exe
snapshot_handle: 0x00000134
process_identifier: 4076
failed 0 0
1619147461.372125
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x000000fc
process_identifier: 3300
failed 0 0
1619147466.1065
Process32NextW
process_name: mscorsvw.exe
snapshot_handle: 0x00000140
process_identifier: 3816
failed 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (24 个事件)
Process injection Process 2200 called NtSetContextThread to modify thread in remote process 2420
Process injection Process 1380 called NtSetContextThread to modify thread in remote process 3000
Process injection Process 1712 called NtSetContextThread to modify thread in remote process 1108
Process injection Process 1056 called NtSetContextThread to modify thread in remote process 2228
Process injection Process 1868 called NtSetContextThread to modify thread in remote process 1396
Process injection Process 3216 called NtSetContextThread to modify thread in remote process 3288
Process injection Process 3640 called NtSetContextThread to modify thread in remote process 3720
Process injection Process 3888 called NtSetContextThread to modify thread in remote process 3964
Process injection Process 3136 called NtSetContextThread to modify thread in remote process 3188
Process injection Process 3500 called NtSetContextThread to modify thread in remote process 3676
Process injection Process 3612 called NtSetContextThread to modify thread in remote process 3996
Process injection Process 2168 called NtSetContextThread to modify thread in remote process 1760
Time & API Arguments Status Return Repeated
1619134512.617155
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2420
success 0 0
1619147410.356375
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3000
success 0 0
1619147415.80925
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1108
success 0 0
1619147420.809875
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2228
success 0 0
1619147427.074875
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1396
success 0 0
1619147433.231875
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3288
success 0 0
1619147439.55975
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3720
success 0 0
1619147444.184502
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3964
success 0 0
1619147448.80925
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3188
success 0 0
1619147452.74675
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3676
success 0 0
1619147457.26275
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3996
success 0 0
1619147461.529125
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1760
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (24 个事件)
Process injection Process 2200 resumed a thread in remote process 2420
Process injection Process 1380 resumed a thread in remote process 3000
Process injection Process 1712 resumed a thread in remote process 1108
Process injection Process 1056 resumed a thread in remote process 2228
Process injection Process 1868 resumed a thread in remote process 1396
Process injection Process 3216 resumed a thread in remote process 3288
Process injection Process 3640 resumed a thread in remote process 3720
Process injection Process 3888 resumed a thread in remote process 3964
Process injection Process 3136 resumed a thread in remote process 3188
Process injection Process 3500 resumed a thread in remote process 3676
Process injection Process 3612 resumed a thread in remote process 3996
Process injection Process 2168 resumed a thread in remote process 1760
Time & API Arguments Status Return Repeated
1619134513.383155
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 2420
success 0 0
1619147410.965375
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 3000
success 0 0
1619147416.34025
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 1108
success 0 0
1619147421.668875
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 2228
success 0 0
1619147427.465875
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 1396
success 0 0
1619147433.824875
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 3288
success 0 0
1619147440.21575
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 3720
success 0 0
1619147444.481502
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 3964
success 0 0
1619147449.30925
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 3188
success 0 0
1619147453.26275
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 3676
success 0 0
1619147457.66875
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 3996
success 0 0
1619147461.919125
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 1760
success 0 0
Executed a process and injected code into it, probably while unpacking (50 out of 96 个事件)
Time & API Arguments Status Return Repeated
1619134512.586155
CreateProcessInternalW
thread_identifier: 152
thread_handle: 0x00000100
process_identifier: 2420
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\0690bf022657f5e7c1ea7179abf17779.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000104
inherit_handles: 0
success 1 0
1619134512.586155
NtUnmapViewOfSection
process_identifier: 2420
region_size: 4096
process_handle: 0x00000104
base_address: 0x00400000
success 0 0
1619134512.586155
NtMapViewOfSection
section_handle: 0x0000010c
process_identifier: 2420
commit_size: 520192
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000104
allocation_type: 0 ()
section_offset: 0
view_size: 520192
base_address: 0x00400000
success 0 0
1619134512.617155
NtGetContextThread
thread_handle: 0x00000100
success 0 0
1619134512.617155
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2420
success 0 0
1619134513.383155
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 2420
success 0 0
1619134513.445155
CreateProcessInternalW
thread_identifier: 2116
thread_handle: 0x00000108
process_identifier: 2740
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\0690bf022657f5e7c1ea7179abf17779.exe" 2 2420 33686953
filepath_r:
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000118
inherit_handles: 0
success 1 0
1619134519.624
CreateProcessInternalW
thread_identifier: 2264
thread_handle: 0x000001ac
process_identifier: 1380
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\0690bf022657f5e7c1ea7179abf17779.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\0690bf022657f5e7c1ea7179abf17779.exe
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x000001b0
inherit_handles: 0
success 1 0
1619147410.231375
CreateProcessInternalW
thread_identifier: 2632
thread_handle: 0x00000100
process_identifier: 3000
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\0690bf022657f5e7c1ea7179abf17779.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000104
inherit_handles: 0
success 1 0
1619147410.231375
NtUnmapViewOfSection
process_identifier: 3000
region_size: 4096
process_handle: 0x00000104
base_address: 0x00400000
success 0 0
1619147410.262375
NtMapViewOfSection
section_handle: 0x0000010c
process_identifier: 3000
commit_size: 520192
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000104
allocation_type: 0 ()
section_offset: 0
view_size: 520192
base_address: 0x00400000
success 0 0
1619147410.356375
NtGetContextThread
thread_handle: 0x00000100
success 0 0
1619147410.356375
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3000
success 0 0
1619147410.965375
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 3000
success 0 0
1619147411.106375
CreateProcessInternalW
thread_identifier: 2228
thread_handle: 0x00000108
process_identifier: 2116
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\0690bf022657f5e7c1ea7179abf17779.exe" 2 3000 33695187
filepath_r:
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000118
inherit_handles: 0
success 1 0
1619147414.44975
CreateProcessInternalW
thread_identifier: 2008
thread_handle: 0x00000154
process_identifier: 1712
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\0690bf022657f5e7c1ea7179abf17779.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\0690bf022657f5e7c1ea7179abf17779.exe
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000158
inherit_handles: 0
success 1 0
1619147415.74625
CreateProcessInternalW
thread_identifier: 1760
thread_handle: 0x00000100
process_identifier: 1108
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\0690bf022657f5e7c1ea7179abf17779.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000104
inherit_handles: 0
success 1 0
1619147415.74625
NtUnmapViewOfSection
process_identifier: 1108
region_size: 4096
process_handle: 0x00000104
base_address: 0x00400000
success 0 0
1619147415.77825
NtMapViewOfSection
section_handle: 0x0000010c
process_identifier: 1108
commit_size: 520192
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000104
allocation_type: 0 ()
section_offset: 0
view_size: 520192
base_address: 0x00400000
success 0 0
1619147415.80925
NtGetContextThread
thread_handle: 0x00000100
success 0 0
1619147415.80925
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1108
success 0 0
1619147416.34025
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 1108
success 0 0
1619147416.41825
CreateProcessInternalW
thread_identifier: 1804
thread_handle: 0x00000108
process_identifier: 2632
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\0690bf022657f5e7c1ea7179abf17779.exe" 2 1108 33700562
filepath_r:
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000118
inherit_handles: 0
success 1 0
1619147419.809875
CreateProcessInternalW
thread_identifier: 1868
thread_handle: 0x00000138
process_identifier: 1056
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\0690bf022657f5e7c1ea7179abf17779.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\0690bf022657f5e7c1ea7179abf17779.exe
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x0000013c
inherit_handles: 0
success 1 0
1619147420.715875
CreateProcessInternalW
thread_identifier: 1760
thread_handle: 0x00000100
process_identifier: 2228
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\0690bf022657f5e7c1ea7179abf17779.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000104
inherit_handles: 0
success 1 0
1619147420.715875
NtUnmapViewOfSection
process_identifier: 2228
region_size: 4096
process_handle: 0x00000104
base_address: 0x00400000
success 0 0
1619147420.762875
NtMapViewOfSection
section_handle: 0x0000010c
process_identifier: 2228
commit_size: 520192
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000104
allocation_type: 0 ()
section_offset: 0
view_size: 520192
base_address: 0x00400000
success 0 0
1619147420.809875
NtGetContextThread
thread_handle: 0x00000100
success 0 0
1619147420.809875
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2228
success 0 0
1619147421.668875
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 2228
success 0 0
1619147421.840875
CreateProcessInternalW
thread_identifier: 2956
thread_handle: 0x00000108
process_identifier: 2104
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\0690bf022657f5e7c1ea7179abf17779.exe" 2 2228 33705890
filepath_r:
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000118
inherit_handles: 0
success 1 0
1619147426.341125
CreateProcessInternalW
thread_identifier: 152
thread_handle: 0x00000150
process_identifier: 1868
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\0690bf022657f5e7c1ea7179abf17779.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\0690bf022657f5e7c1ea7179abf17779.exe
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000154
inherit_handles: 0
success 1 0
1619147427.028875
CreateProcessInternalW
thread_identifier: 3008
thread_handle: 0x00000100
process_identifier: 1396
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\0690bf022657f5e7c1ea7179abf17779.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000104
inherit_handles: 0
success 1 0
1619147427.028875
NtUnmapViewOfSection
process_identifier: 1396
region_size: 4096
process_handle: 0x00000104
base_address: 0x00400000
success 0 0
1619147427.028875
NtMapViewOfSection
section_handle: 0x0000010c
process_identifier: 1396
commit_size: 520192
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000104
allocation_type: 0 ()
section_offset: 0
view_size: 520192
base_address: 0x00400000
success 0 0
1619147427.074875
NtGetContextThread
thread_handle: 0x00000100
success 0 0
1619147427.074875
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1396
success 0 0
1619147427.465875
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 1396
success 0 0
1619147428.168875
CreateProcessInternalW
thread_identifier: 3100
thread_handle: 0x00000108
process_identifier: 3096
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\0690bf022657f5e7c1ea7179abf17779.exe" 2 1396 33711687
filepath_r:
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000118
inherit_handles: 0
success 1 0
1619147431.79325
CreateProcessInternalW
thread_identifier: 3220
thread_handle: 0x00000144
process_identifier: 3216
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\0690bf022657f5e7c1ea7179abf17779.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\0690bf022657f5e7c1ea7179abf17779.exe
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000148
inherit_handles: 0
success 1 0
1619147433.168875
CreateProcessInternalW
thread_identifier: 3292
thread_handle: 0x00000100
process_identifier: 3288
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\0690bf022657f5e7c1ea7179abf17779.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000104
inherit_handles: 0
success 1 0
1619147433.168875
NtUnmapViewOfSection
process_identifier: 3288
region_size: 4096
process_handle: 0x00000104
base_address: 0x00400000
success 0 0
1619147433.168875
NtMapViewOfSection
section_handle: 0x0000010c
process_identifier: 3288
commit_size: 520192
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000104
allocation_type: 0 ()
section_offset: 0
view_size: 520192
base_address: 0x00400000
success 0 0
1619147433.231875
NtGetContextThread
thread_handle: 0x00000100
success 0 0
1619147433.231875
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3288
success 0 0
1619147433.824875
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 3288
success 0 0
1619147433.996875
CreateProcessInternalW
thread_identifier: 3356
thread_handle: 0x00000108
process_identifier: 3352
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\0690bf022657f5e7c1ea7179abf17779.exe" 2 3288 33718046
filepath_r:
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000118
inherit_handles: 0
success 1 0
1619147438.654
CreateProcessInternalW
thread_identifier: 3644
thread_handle: 0x00000148
process_identifier: 3640
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\0690bf022657f5e7c1ea7179abf17779.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\0690bf022657f5e7c1ea7179abf17779.exe
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x0000014c
inherit_handles: 0
success 1 0
1619147439.48175
CreateProcessInternalW
thread_identifier: 3724
thread_handle: 0x00000100
process_identifier: 3720
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\0690bf022657f5e7c1ea7179abf17779.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000104
inherit_handles: 0
success 1 0
1619147439.48175
NtUnmapViewOfSection
process_identifier: 3720
region_size: 4096
process_handle: 0x00000104
base_address: 0x00400000
success 0 0
File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Zusy.308671
FireEye Generic.mg.0690bf022657f5e7
CAT-QuickHeal Trojan.Injuke
ALYac Gen:Variant.Zusy.308671
Cylance Unsafe
Sangfor Malware
K7AntiVirus Trojan ( 0056eb231 )
Alibaba Trojan:Win32/DelfInject.ali2000015
K7GW Trojan ( 0056eb231 )
Cybereason malicious.22657f
Arcabit Trojan.Zusy.D4B5BF
BitDefenderTheta Gen:NN.ZelphiF.34700.WGW@aGDQVQgi
Cyren W32/Injector.ABY.gen!Eldorado
Symantec Infostealer.Lokibot!43
APEX Malicious
Avast Win32:RATX-gen [Trj]
Kaspersky HEUR:Trojan.Win32.Injuke.gen
BitDefender Gen:Variant.Zusy.308671
NANO-Antivirus Trojan.Win32.Injuke.hmkbxp
Paloalto generic.ml
AegisLab Trojan.Multi.Generic.4!c
Ad-Aware Gen:Variant.Zusy.308671
Emsisoft Gen:Variant.Zusy.308671 (B)
Comodo Malware@#1ofedwclrrfd4
F-Secure Trojan.TR/Kryptik.vjzak
DrWeb Trojan.PWS.Stealer.28799
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R002C0DKU20
McAfee-GW-Edition BehavesLike.Win32.Fareit.bc
Sophos Mal/Generic-S
SentinelOne Static AI - Suspicious PE
Webroot W32.Trojan.Gen
Avira TR/Kryptik.vjzak
Antiy-AVL Trojan/Win32.Injuke
Microsoft PWS:Win32/Fareit.ART!MTB
ZoneAlarm HEUR:Trojan.Win32.Injuke.gen
GData Gen:Variant.Zusy.308671
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2085
Acronis suspicious
McAfee Fareit-FVZ!0690BF022657
MAX malware (ai score=87)
VBA32 TScope.Trojan.Delf
Malwarebytes Spyware.Agent
ESET-NOD32 a variant of Win32/Injector.EMOL
TrendMicro-HouseCall TROJ_GEN.R002C0DKU20
Rising Trojan.Injector!1.C97E (CLASSIC)
Yandex Trojan.Igent.bT23cy.9
Ikarus Trojan.Inject
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x47c164 VirtualFree
0x47c168 VirtualAlloc
0x47c16c LocalFree
0x47c170 LocalAlloc
0x47c174 GetVersion
0x47c178 GetCurrentThreadId
0x47c184 VirtualQuery
0x47c188 WideCharToMultiByte
0x47c18c MultiByteToWideChar
0x47c190 lstrlenA
0x47c194 lstrcpynA
0x47c198 LoadLibraryExA
0x47c19c GetThreadLocale
0x47c1a0 GetStartupInfoA
0x47c1a4 GetProcAddress
0x47c1a8 GetModuleHandleA
0x47c1ac GetModuleFileNameA
0x47c1b0 GetLocaleInfoA
0x47c1b4 GetCommandLineA
0x47c1b8 FreeLibrary
0x47c1bc FindFirstFileA
0x47c1c0 FindClose
0x47c1c4 ExitProcess
0x47c1c8 WriteFile
0x47c1d0 RtlUnwind
0x47c1d4 RaiseException
0x47c1d8 GetStdHandle
Library user32.dll:
0x47c1e0 GetKeyboardType
0x47c1e4 LoadStringA
0x47c1e8 MessageBoxA
0x47c1ec CharNextA
Library advapi32.dll:
0x47c1f4 RegQueryValueExA
0x47c1f8 RegOpenKeyExA
0x47c1fc RegCloseKey
Library oleaut32.dll:
0x47c204 SysFreeString
0x47c208 SysReAllocStringLen
0x47c20c SysAllocStringLen
Library kernel32.dll:
0x47c214 TlsSetValue
0x47c218 TlsGetValue
0x47c21c LocalAlloc
0x47c220 GetModuleHandleA
Library advapi32.dll:
0x47c228 RegQueryValueExA
0x47c22c RegOpenKeyExA
0x47c230 RegCloseKey
Library kernel32.dll:
0x47c238 lstrcpyA
0x47c23c WriteFile
0x47c240 WaitForSingleObject
0x47c244 VirtualQuery
0x47c248 VirtualProtectEx
0x47c24c VirtualAlloc
0x47c250 Sleep
0x47c254 SizeofResource
0x47c258 SetThreadLocale
0x47c25c SetFilePointer
0x47c260 SetEvent
0x47c264 SetErrorMode
0x47c268 SetEndOfFile
0x47c26c ResetEvent
0x47c270 ReadFile
0x47c274 MultiByteToWideChar
0x47c278 MulDiv
0x47c27c LockResource
0x47c280 LoadResource
0x47c284 LoadLibraryA
0x47c290 GlobalUnlock
0x47c294 GlobalSize
0x47c298 GlobalReAlloc
0x47c29c GlobalHandle
0x47c2a0 GlobalLock
0x47c2a4 GlobalFree
0x47c2a8 GlobalFindAtomA
0x47c2ac GlobalDeleteAtom
0x47c2b0 GlobalAlloc
0x47c2b4 GlobalAddAtomA
0x47c2b8 GetVersionExA
0x47c2bc GetVersion
0x47c2c0 GetUserDefaultLCID
0x47c2c4 GetTickCount
0x47c2c8 GetThreadLocale
0x47c2cc GetSystemInfo
0x47c2d0 GetStringTypeExA
0x47c2d4 GetStdHandle
0x47c2d8 GetProcAddress
0x47c2dc GetModuleHandleA
0x47c2e0 GetModuleFileNameA
0x47c2e4 GetLocaleInfoA
0x47c2e8 GetLocalTime
0x47c2ec GetLastError
0x47c2f0 GetFullPathNameA
0x47c2f4 GetFileAttributesA
0x47c2f8 GetDiskFreeSpaceA
0x47c2fc GetDateFormatA
0x47c300 GetCurrentThreadId
0x47c304 GetCurrentProcessId
0x47c308 GetCurrentProcess
0x47c30c GetComputerNameA
0x47c310 GetCPInfo
0x47c314 GetACP
0x47c318 FreeResource
0x47c31c InterlockedExchange
0x47c320 FreeLibrary
0x47c324 FormatMessageA
0x47c328 FindResourceA
0x47c32c FindFirstFileA
0x47c330 FindClose
0x47c33c EnumCalendarInfoA
0x47c348 CreateThread
0x47c34c CreateFileA
0x47c350 CreateEventA
0x47c354 CompareStringA
0x47c358 CloseHandle
Library version.dll:
0x47c360 VerQueryValueA
0x47c368 GetFileVersionInfoA
Library gdi32.dll:
0x47c370 UnrealizeObject
0x47c374 StretchBlt
0x47c378 SetWindowOrgEx
0x47c37c SetWinMetaFileBits
0x47c380 SetViewportOrgEx
0x47c384 SetTextColor
0x47c388 SetStretchBltMode
0x47c38c SetROP2
0x47c390 SetPixel
0x47c394 SetMapMode
0x47c398 SetEnhMetaFileBits
0x47c39c SetDIBColorTable
0x47c3a0 SetBrushOrgEx
0x47c3a4 SetBkMode
0x47c3a8 SetBkColor
0x47c3ac SetArcDirection
0x47c3b0 SelectPalette
0x47c3b4 SelectObject
0x47c3b8 SelectClipRgn
0x47c3bc SaveDC
0x47c3c0 RestoreDC
0x47c3c4 Rectangle
0x47c3c8 RectVisible
0x47c3cc RealizePalette
0x47c3d0 Polyline
0x47c3d4 PlayEnhMetaFile
0x47c3d8 PatBlt
0x47c3dc MoveToEx
0x47c3e0 MaskBlt
0x47c3e4 LineTo
0x47c3e8 LPtoDP
0x47c3ec IntersectClipRect
0x47c3f0 GetWindowOrgEx
0x47c3f4 GetWinMetaFileBits
0x47c3f8 GetTextMetricsA
0x47c404 GetStockObject
0x47c408 GetPixel
0x47c40c GetPaletteEntries
0x47c410 GetObjectA
0x47c420 GetEnhMetaFileBits
0x47c424 GetDeviceCaps
0x47c428 GetDIBits
0x47c42c GetDIBColorTable
0x47c430 GetDCOrgEx
0x47c438 GetClipRgn
0x47c43c GetClipBox
0x47c440 GetBrushOrgEx
0x47c444 GetBitmapBits
0x47c448 ExcludeClipRect
0x47c44c DeleteObject
0x47c450 DeleteEnhMetaFile
0x47c454 DeleteDC
0x47c458 CreateSolidBrush
0x47c45c CreateRectRgn
0x47c460 CreatePenIndirect
0x47c464 CreatePen
0x47c468 CreatePalette
0x47c470 CreateFontIndirectA
0x47c474 CreateEnhMetaFileA
0x47c478 CreateDIBitmap
0x47c47c CreateDIBSection
0x47c480 CreateCompatibleDC
0x47c488 CreateBrushIndirect
0x47c48c CreateBitmap
0x47c490 CopyEnhMetaFileA
0x47c494 CloseEnhMetaFile
0x47c498 BitBlt
Library user32.dll:
0x47c4a0 CreateWindowExA
0x47c4a4 WindowFromPoint
0x47c4a8 WinHelpA
0x47c4ac WaitMessage
0x47c4b0 ValidateRect
0x47c4b4 UpdateWindow
0x47c4b8 UnregisterClassA
0x47c4bc UnhookWindowsHookEx
0x47c4c0 TranslateMessage
0x47c4c8 TrackPopupMenu
0x47c4d0 ShowWindow
0x47c4d4 ShowScrollBar
0x47c4d8 ShowOwnedPopups
0x47c4dc ShowCursor
0x47c4e0 SetWindowsHookExA
0x47c4e4 SetWindowPos
0x47c4e8 SetWindowPlacement
0x47c4ec SetWindowLongA
0x47c4f0 SetTimer
0x47c4f4 SetScrollRange
0x47c4f8 SetScrollPos
0x47c4fc SetScrollInfo
0x47c500 SetRect
0x47c504 SetPropA
0x47c508 SetParent
0x47c50c SetMenuItemInfoA
0x47c510 SetMenu
0x47c514 SetForegroundWindow
0x47c518 SetFocus
0x47c51c SetCursor
0x47c520 SetClassLongA
0x47c524 SetCapture
0x47c528 SetActiveWindow
0x47c52c SendMessageA
0x47c530 ScrollWindow
0x47c534 ScreenToClient
0x47c538 RemovePropA
0x47c53c RemoveMenu
0x47c540 ReleaseDC
0x47c544 ReleaseCapture
0x47c550 RegisterClassA
0x47c554 RedrawWindow
0x47c558 PtInRect
0x47c55c PostQuitMessage
0x47c560 PostMessageA
0x47c564 PeekMessageA
0x47c568 OffsetRect
0x47c56c OemToCharA
0x47c570 MessageBoxA
0x47c574 MapWindowPoints
0x47c578 MapVirtualKeyA
0x47c57c LoadStringA
0x47c580 LoadKeyboardLayoutA
0x47c584 LoadIconA
0x47c588 LoadCursorA
0x47c58c LoadBitmapA
0x47c590 KillTimer
0x47c594 IsZoomed
0x47c598 IsWindowVisible
0x47c59c IsWindowEnabled
0x47c5a0 IsWindow
0x47c5a4 IsRectEmpty
0x47c5a8 IsIconic
0x47c5ac IsDialogMessageA
0x47c5b0 IsChild
0x47c5b4 InvalidateRect
0x47c5b8 IntersectRect
0x47c5bc InsertMenuItemA
0x47c5c0 InsertMenuA
0x47c5c4 InflateRect
0x47c5cc GetWindowTextA
0x47c5d0 GetWindowRect
0x47c5d4 GetWindowPlacement
0x47c5d8 GetWindowLongA
0x47c5dc GetWindowDC
0x47c5e0 GetTopWindow
0x47c5e4 GetSystemMetrics
0x47c5e8 GetSystemMenu
0x47c5ec GetSysColorBrush
0x47c5f0 GetSysColor
0x47c5f4 GetSubMenu
0x47c5f8 GetScrollRange
0x47c5fc GetScrollPos
0x47c600 GetScrollInfo
0x47c604 GetPropA
0x47c608 GetParent
0x47c60c GetWindow
0x47c610 GetMessageTime
0x47c614 GetMenuStringA
0x47c618 GetMenuState
0x47c61c GetMenuItemInfoA
0x47c620 GetMenuItemID
0x47c624 GetMenuItemCount
0x47c628 GetMenu
0x47c62c GetLastActivePopup
0x47c630 GetKeyboardState
0x47c638 GetKeyboardLayout
0x47c63c GetKeyState
0x47c640 GetKeyNameTextA
0x47c644 GetIconInfo
0x47c648 GetForegroundWindow
0x47c64c GetFocus
0x47c650 GetDlgItem
0x47c654 GetDesktopWindow
0x47c658 GetDCEx
0x47c65c GetDC
0x47c660 GetCursorPos
0x47c664 GetCursor
0x47c668 GetClipboardData
0x47c66c GetClientRect
0x47c670 GetClassNameA
0x47c674 GetClassInfoA
0x47c678 GetCapture
0x47c67c GetActiveWindow
0x47c680 FrameRect
0x47c684 FindWindowA
0x47c688 FillRect
0x47c68c EqualRect
0x47c690 EnumWindows
0x47c694 EnumThreadWindows
0x47c698 EndPaint
0x47c69c EnableWindow
0x47c6a0 EnableScrollBar
0x47c6a4 EnableMenuItem
0x47c6a8 DrawTextA
0x47c6ac DrawMenuBar
0x47c6b0 DrawIconEx
0x47c6b4 DrawIcon
0x47c6b8 DrawFrameControl
0x47c6bc DrawFocusRect
0x47c6c0 DrawEdge
0x47c6c4 DispatchMessageA
0x47c6c8 DestroyWindow
0x47c6cc DestroyMenu
0x47c6d0 DestroyIcon
0x47c6d4 DestroyCursor
0x47c6d8 DeleteMenu
0x47c6dc DefWindowProcA
0x47c6e0 DefMDIChildProcA
0x47c6e4 DefFrameProcA
0x47c6e8 CreatePopupMenu
0x47c6ec CreateMenu
0x47c6f0 CreateIcon
0x47c6f4 ClientToScreen
0x47c6f8 CheckMenuItem
0x47c6fc CallWindowProcA
0x47c700 CallNextHookEx
0x47c704 BeginPaint
0x47c708 CharNextA
0x47c70c CharLowerBuffA
0x47c710 CharLowerA
0x47c714 CharToOemA
0x47c718 AdjustWindowRectEx
Library kernel32.dll:
0x47c724 Sleep
Library oleaut32.dll:
0x47c72c SafeArrayPtrOfIndex
0x47c730 SafeArrayGetUBound
0x47c734 SafeArrayGetLBound
0x47c738 SafeArrayCreate
0x47c73c VariantChangeType
0x47c740 VariantCopy
0x47c744 VariantClear
0x47c748 VariantInit
Library ole32.dll:
0x47c754 IsAccelerator
0x47c758 OleDraw
0x47c760 CoTaskMemFree
0x47c764 ProgIDFromCLSID
0x47c768 StringFromCLSID
0x47c76c CoCreateInstance
0x47c770 CoGetClassObject
0x47c774 CoUninitialize
0x47c778 CoInitialize
0x47c77c IsEqualGUID
Library oleaut32.dll:
0x47c784 GetErrorInfo
0x47c788 GetActiveObject
0x47c78c SysFreeString
Library comctl32.dll:
0x47c79c ImageList_Write
0x47c7a0 ImageList_Read
0x47c7b0 ImageList_DragMove
0x47c7b4 ImageList_DragLeave
0x47c7b8 ImageList_DragEnter
0x47c7bc ImageList_EndDrag
0x47c7c0 ImageList_BeginDrag
0x47c7c4 ImageList_Remove
0x47c7c8 ImageList_DrawEx
0x47c7cc ImageList_Replace
0x47c7d0 ImageList_Draw
0x47c7e0 ImageList_Add
0x47c7e8 ImageList_Destroy
0x47c7ec ImageList_Create
0x47c7f0 InitCommonControls
Library comdlg32.dll:
0x47c7f8 GetSaveFileNameA
0x47c7fc GetOpenFileNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58370 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.