9.2
极危
51 个模型检测该样本为恶意!
重新分析
更多

c62e5304821abc306872ea97c88a8d7dc800f7b63380b2cf89153c639de4704c

2b33e8c77430630bad364c1be8b052b2.exe

分析耗时

84s

最近分析

文件大小

3.6MB
静态报毒 动态报毒 AI SCORE=89 ARTEMIS ATTRIBUTE CERTIFICATE CGEK ENCDOC ENEV ERDH GENERICKD HIGH CONFIDENCE HIGHCONFIDENCE HTDCLP KILLPROC2 KRYPTIK MALCERT MALWARE@#2XN0PSYIHHQ0Z NCTNA NLHCJVGHZY PARALLAX PARALLAXRAT POSSILBE R06BC0GI520 SCORE STATIC AI SUSGEN SUSPICIOUS PE THREAT UNSAFE UNTRUSTED XAPARO 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
CrowdStrike 20190702 1.0
Alibaba Backdoor:Win32/Injector.0f3914af 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20201116 20.10.5736.0
Tencent 20201116 1.0.0.1
Kingsoft 20201116 2013.8.14.323
McAfee Artemis!2B33E8C77430 20201116 6.0.6.653
静态指标
Checks if process is being debugged by a debugger (1 个事件)
Time & API Arguments Status Return Repeated
1619346434.795626
IsDebuggerPresent
failed 0 0
This executable is signed
The executable contains unknown PE section names indicative of a packer (could be a false positive) (5 个事件)
section CODE
section DATA
section BSS
section SecureGa
section KVMRGTZT
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (50 out of 31839 个事件)
Time & API Arguments Status Return Repeated
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 8126464
registers.eax: 0
registers.ebp: 1638192
registers.edx: 1983904256
registers.ebx: 1983189538
registers.esi: 1983912052
registers.ecx: 1129530706
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 8192000
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 8257536
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 8323072
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 8585216
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 878523484
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 8650752
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 8716288
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 8781824
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 8847360
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 9240576
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 0
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 9306112
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 9371648
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 9437184
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 9502720
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 9568256
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 9633792
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 9699328
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 9764864
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 9830400
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 9895936
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 10027008
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 0
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 10092544
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 10158080
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 10223616
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 10289152
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 10354688
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 10420224
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 10485760
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 10551296
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 10616832
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 10682368
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 10747904
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 10813440
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 10878976
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 10944512
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 11010048
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 11075584
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 11141120
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 11206656
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 11272192
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 11337728
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 11403264
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 11468800
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 13369344
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 256
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 13434880
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 13500416
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 13565952
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 13631488
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 13697024
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
1619340440.1095
__exception__
stacktrace: 
2b33e8c77430630bad364c1be8b052b2+0x1c1d07 @ 0x5c1d07
2b33e8c77430630bad364c1be8b052b2+0x1137c8 @ 0x5137c8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638180
registers.edi: 13762560
registers.eax: 0
registers.ebp: 1638192
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637056
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00
exception.symbol: 2b33e8c77430630bad364c1be8b052b2+0x1c6858
exception.instruction: mov edi, dword ptr [edi]
exception.module: 2b33e8c77430630bad364c1be8b052b2.exe
exception.exception_code: 0xc0000005
exception.offset: 1861720
exception.address: 0x5c6858
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (4 个事件)
Time & API Arguments Status Return Repeated
1619340434.0625
NtAllocateVirtualMemory
process_identifier: 2988
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e0000
success 0 0
1619340447.2505
NtAllocateVirtualMemory
process_identifier: 2988
region_size: 503808
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02300000
success 0 0
1619340447.2505
NtAllocateVirtualMemory
process_identifier: 2988
region_size: 1572864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x033c0000
success 0 0
1619340447.2655
NtProtectVirtualMemory
process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619340448.2505
CreateProcessInternalW
thread_identifier: 1760
thread_handle: 0x000002ac
process_identifier: 1632
current_directory:
filepath: C:\Windows\SysWOW64\cmd.exe
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\2b33e8c77430630bad364c1be8b052b2.exe"
filepath_r: C:\Windows\SysWOW64\cmd.exe
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x000002b0
inherit_handles: 1
success 1 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (4 个事件)
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.875781208524624 section {'size_of_data': '0x00034600', 'virtual_address': '0x00198000', 'entropy': 7.875781208524624, 'name': 'SecureGa', 'virtual_size': '0x00035000'} description A section with a high entropy has been found
Repeatedly searches for a not-found process, you may want to run a web browser during analysis (20 个事件)
Time & API Arguments Status Return Repeated
1619340447.3595
Process32NextW
process_name: 2b33e8c77430630bad364c1be8b052b2.exe
snapshot_handle: 0x000000ec
process_identifier: 2988
failed 0 0
1619340447.3755
Process32NextW
process_name: 2b33e8c77430630bad364c1be8b052b2.exe
snapshot_handle: 0x000000f0
process_identifier: 2988
failed 0 0
1619340447.3755
Process32NextW
process_name: 2b33e8c77430630bad364c1be8b052b2.exe
snapshot_handle: 0x000000f4
process_identifier: 2988
failed 0 0
1619340447.3905
Process32NextW
process_name: 2b33e8c77430630bad364c1be8b052b2.exe
snapshot_handle: 0x000000f8
process_identifier: 2988
failed 0 0
1619340447.4065
Process32NextW
process_name: 2b33e8c77430630bad364c1be8b052b2.exe
snapshot_handle: 0x000000fc
process_identifier: 2988
failed 0 0
1619340447.4065
Process32NextW
process_name: 2b33e8c77430630bad364c1be8b052b2.exe
snapshot_handle: 0x00000100
process_identifier: 2988
failed 0 0
1619340447.4225
Process32NextW
process_name: 2b33e8c77430630bad364c1be8b052b2.exe
snapshot_handle: 0x00000104
process_identifier: 2988
failed 0 0
1619340447.4225
Process32NextW
process_name: 2b33e8c77430630bad364c1be8b052b2.exe
snapshot_handle: 0x00000108
process_identifier: 2988
failed 0 0
1619340447.4375
Process32NextW
process_name: 2b33e8c77430630bad364c1be8b052b2.exe
snapshot_handle: 0x0000010c
process_identifier: 2988
failed 0 0
1619340447.4535
Process32NextW
process_name: 2b33e8c77430630bad364c1be8b052b2.exe
snapshot_handle: 0x00000110
process_identifier: 2988
failed 0 0
1619340447.4535
Process32NextW
process_name: 2b33e8c77430630bad364c1be8b052b2.exe
snapshot_handle: 0x00000114
process_identifier: 2988
failed 0 0
1619340447.4685
Process32NextW
process_name: 2b33e8c77430630bad364c1be8b052b2.exe
snapshot_handle: 0x00000118
process_identifier: 2988
failed 0 0
1619340447.4685
Process32NextW
process_name: 2b33e8c77430630bad364c1be8b052b2.exe
snapshot_handle: 0x0000011c
process_identifier: 2988
failed 0 0
1619340447.4845
Process32NextW
process_name: 2b33e8c77430630bad364c1be8b052b2.exe
snapshot_handle: 0x00000120
process_identifier: 2988
failed 0 0
1619340447.4845
Process32NextW
process_name: 2b33e8c77430630bad364c1be8b052b2.exe
snapshot_handle: 0x00000124
process_identifier: 2988
failed 0 0
1619340447.5005
Process32NextW
process_name: 2b33e8c77430630bad364c1be8b052b2.exe
snapshot_handle: 0x00000128
process_identifier: 2988
failed 0 0
1619340447.5155
Process32NextW
process_name: 2b33e8c77430630bad364c1be8b052b2.exe
snapshot_handle: 0x0000012c
process_identifier: 2988
failed 0 0
1619340447.5155
Process32NextW
process_name: 2b33e8c77430630bad364c1be8b052b2.exe
snapshot_handle: 0x00000130
process_identifier: 2988
failed 0 0
1619340447.5315
Process32NextW
process_name: 2b33e8c77430630bad364c1be8b052b2.exe
snapshot_handle: 0x00000134
process_identifier: 2988
failed 0 0
1619340447.5315
Process32NextW
process_name: 2b33e8c77430630bad364c1be8b052b2.exe
snapshot_handle: 0x00000138
process_identifier: 2988
failed 0 0
网络通信
Allocates execute permission to another process indicative of possible code injection (4 个事件)
Time & API Arguments Status Return Repeated
1619340448.2655
NtAllocateVirtualMemory
process_identifier: 1632
region_size: 147456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002b0
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
success 0 0
1619340448.2655
NtProtectVirtualMemory
process_identifier: 1632
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002b0
base_address: 0x77d4f000
success 0 0
1619340448.2655
NtAllocateVirtualMemory
process_identifier: 1632
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002b0
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000b0000
success 0 0
1619340448.2655
NtAllocateVirtualMemory
process_identifier: 1632
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002b0
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000c0000
success 0 0
Potential code injection by writing to the memory of another process (3 个事件)
Time & API Arguments Status Return Repeated
1619340448.2655
WriteProcessMemory
process_identifier: 1632
buffer: C:\Users\Administrator.Oskar-PC\AppData\Roaming\
process_handle: 0x000002b0
base_address: 0x000c0000
success 1 0
1619340448.2655
WriteProcessMemory
process_identifier: 1632
buffer:
process_handle: 0x000002b0
base_address: 0x77e30234
success 1 0
1619340448.2655
WriteProcessMemory
process_identifier: 1632
buffer: 
process_handle: 0x000002b0
base_address: 0x77e30230
success 1 0
Attempts to remove evidence of file being downloaded from the Internet (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\:Zone.Identifier
Generates some ICMP traffic
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 172.217.24.14:443
Executed a process and injected code into it, probably while unpacking (8 个事件)
Time & API Arguments Status Return Repeated
1619340448.2505
CreateProcessInternalW
thread_identifier: 1760
thread_handle: 0x000002ac
process_identifier: 1632
current_directory:
filepath: C:\Windows\SysWOW64\cmd.exe
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\2b33e8c77430630bad364c1be8b052b2.exe"
filepath_r: C:\Windows\SysWOW64\cmd.exe
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x000002b0
inherit_handles: 1
success 1 0
1619340448.2505
NtGetContextThread
thread_handle: 0x000002ac
success 0 0
1619340448.2655
NtAllocateVirtualMemory
process_identifier: 1632
region_size: 147456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002b0
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
success 0 0
1619340448.2655
NtAllocateVirtualMemory
process_identifier: 1632
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002b0
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000b0000
success 0 0
1619340448.2655
NtAllocateVirtualMemory
process_identifier: 1632
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002b0
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000c0000
success 0 0
1619340448.2655
WriteProcessMemory
process_identifier: 1632
buffer: C:\Users\Administrator.Oskar-PC\AppData\Roaming\
process_handle: 0x000002b0
base_address: 0x000c0000
success 1 0
1619340448.2655
WriteProcessMemory
process_identifier: 1632
buffer:
process_handle: 0x000002b0
base_address: 0x77e30234
success 1 0
1619340448.2655
WriteProcessMemory
process_identifier: 1632
buffer: 
process_handle: 0x000002b0
base_address: 0x77e30230
success 1 0
File has been identified by 51 AntiVirus engines on VirusTotal as malicious (50 out of 51 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.34423191
FireEye Trojan.GenericKD.34423191
CAT-QuickHeal Backdoor.Xaparo
ALYac Backdoor.RAT.Parallax
Cylance Unsafe
Zillya Backdoor.Xaparo.Win32.48
Alibaba Backdoor:Win32/Injector.0f3914af
K7GW Trojan ( 0056d47f1 )
K7AntiVirus Trojan ( 0056d47f1 )
Arcabit Trojan.Generic.D20D4197
Invincea Mal/Generic-S
Cyren W32/Trojan.CGEK-3724
Symantec ML.Attribute.HighConfidence
TrendMicro-HouseCall TROJ_GEN.R06BC0GI520
Paloalto generic.ml
Kaspersky HEUR:Backdoor.Win32.Xaparo.gen
BitDefender Trojan.GenericKD.34423191
NANO-Antivirus Trojan.Win32.Xaparo.htdclp
ViRobot Trojan.Win32.Z.Xaparo.3795488
Avast Win32:Malware-gen
Ad-Aware Trojan.GenericKD.34423191
Sophos Mal/Generic-S
Comodo Malware@#2xn0psyihhq0z
F-Secure Trojan.TR/Injector.nctna
DrWeb Trojan.KillProc2.11503
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R06BC0GI520
McAfee-GW-Edition Artemis!Trojan
SentinelOne Static AI - Suspicious PE
Emsisoft MalCert.A (A)
APEX Malicious
Jiangmin Backdoor.Xaparo.bz
Avira TR/Injector.nctna
Gridinsoft Trojan.Win32.Kryptik.oa
Microsoft TrojanDownloader:O97M/EncDoc.FE!MTB
ZoneAlarm HEUR:Backdoor.Win32.Xaparo.gen
GData Trojan.GenericKD.34423191
Cynet Malicious (score: 85)
McAfee Artemis!2B33E8C77430
MAX malware (ai score=89)
VBA32 Backdoor.Xaparo
Malwarebytes Backdoor.ParallaxRat
ESET-NOD32 a variant of Win32/Injector.ENEV
Rising Backdoor.Xaparo!8.11758 (TFE:5:nlhCJvGhZy)
Ikarus Possilbe-Threat.Untrusted.Certificate
MaxSecure Trojan.Malware.74932715.susgen
Fortinet W32/Xaparo.ERDH!tr.bdr
AVG Win32:Malware-gen
Panda Trj/CI.A
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x5191b4 VirtualFree
0x5191b8 VirtualAlloc
0x5191bc LocalFree
0x5191c0 LocalAlloc
0x5191c4 GetVersion
0x5191c8 GetCurrentThreadId
0x5191d4 VirtualQuery
0x5191d8 WideCharToMultiByte
0x5191e0 MultiByteToWideChar
0x5191e4 lstrlenA
0x5191e8 lstrcpynA
0x5191ec LoadLibraryExA
0x5191f0 GetThreadLocale
0x5191f4 GetStartupInfoA
0x5191f8 GetProcAddress
0x5191fc GetModuleHandleA
0x519200 GetModuleFileNameA
0x519204 GetLocaleInfoA
0x519208 GetLastError
0x519210 GetCommandLineA
0x519214 FreeLibrary
0x519218 FindFirstFileA
0x51921c FindClose
0x519220 ExitProcess
0x519224 ExitThread
0x519228 CreateThread
0x51922c WriteFile
0x519234 SetFilePointer
0x519238 SetEndOfFile
0x51923c RtlUnwind
0x519240 ReadFile
0x519244 RaiseException
0x519248 GetStdHandle
0x51924c GetFileSize
0x519250 GetFileType
0x519254 CreateFileA
0x519258 CloseHandle
Library user32.dll:
0x519260 GetKeyboardType
0x519264 LoadStringA
0x519268 MessageBoxA
0x51926c CharNextA
Library advapi32.dll:
0x519274 RegQueryValueExA
0x519278 RegOpenKeyExA
0x51927c RegCloseKey
Library oleaut32.dll:
0x519284 SysFreeString
0x519288 SysReAllocStringLen
0x51928c SysAllocStringLen
Library kernel32.dll:
0x519294 TlsSetValue
0x519298 TlsGetValue
0x51929c LocalAlloc
0x5192a0 GetModuleHandleA
Library advapi32.dll:
0x5192a8 RegSetValueExA
0x5192ac RegQueryValueExA
0x5192b0 RegOpenKeyExA
0x5192b4 RegFlushKey
0x5192b8 RegCreateKeyExA
0x5192bc RegCloseKey
Library kernel32.dll:
0x5192c4 lstrcpyA
0x5192cc WriteFile
0x5192d0 WaitForSingleObject
0x5192d4 VirtualQuery
0x5192d8 VirtualAlloc
0x5192dc Sleep
0x5192e0 SizeofResource
0x5192e4 SetThreadLocale
0x5192e8 SetFilePointer
0x5192ec SetEvent
0x5192f0 SetErrorMode
0x5192f4 SetEndOfFile
0x5192f8 ResumeThread
0x5192fc ResetEvent
0x519300 ReadFile
0x519304 MultiByteToWideChar
0x519308 MulDiv
0x51930c LockResource
0x519310 LoadResource
0x519314 LoadLibraryA
0x519320 GlobalUnlock
0x519324 GlobalReAlloc
0x519328 GlobalHandle
0x51932c GlobalLock
0x519330 GlobalFree
0x519334 GlobalFindAtomA
0x519338 GlobalDeleteAtom
0x51933c GlobalAlloc
0x519340 GlobalAddAtomA
0x519344 GetVersionExA
0x519348 GetVersion
0x51934c GetTickCount
0x519350 GetThreadLocale
0x519354 GetSystemInfo
0x519358 GetStringTypeExA
0x51935c GetStdHandle
0x519360 GetProfileStringA
0x519364 GetProcAddress
0x51936c GetModuleHandleA
0x519370 GetModuleFileNameA
0x519374 GetLocaleInfoA
0x519378 GetLocalTime
0x51937c GetLastError
0x519380 GetFullPathNameA
0x519384 GetFileAttributesA
0x519388 GetExitCodeThread
0x51938c GetDiskFreeSpaceA
0x519390 GetDateFormatA
0x519394 GetCurrentThreadId
0x519398 GetCurrentProcessId
0x51939c GetCPInfo
0x5193a0 GetACP
0x5193a4 FreeResource
0x5193ac InterlockedExchange
0x5193b4 FreeLibrary
0x5193b8 FormatMessageA
0x5193bc FindResourceA
0x5193c0 FindFirstFileA
0x5193c4 FindClose
0x5193d0 EnumCalendarInfoA
0x5193dc CreateThread
0x5193e0 CreateFileA
0x5193e4 CreateEventA
0x5193e8 CompareStringA
0x5193ec CloseHandle
Library version.dll:
0x5193f4 VerQueryValueA
0x5193fc GetFileVersionInfoA
Library gdi32.dll:
0x519404 UnrealizeObject
0x519408 StretchDIBits
0x51940c StretchBlt
0x519410 StartPage
0x519414 StartDocA
0x519418 SetWindowOrgEx
0x51941c SetWinMetaFileBits
0x519420 SetViewportOrgEx
0x519424 SetTextColor
0x519428 SetStretchBltMode
0x51942c SetROP2
0x519430 SetPixel
0x519434 SetEnhMetaFileBits
0x519438 SetDIBColorTable
0x51943c SetBrushOrgEx
0x519440 SetBkMode
0x519444 SetBkColor
0x519448 SetAbortProc
0x51944c SelectPalette
0x519450 SelectObject
0x519454 SelectClipRgn
0x519458 SaveDC
0x51945c RestoreDC
0x519460 Rectangle
0x519464 RectVisible
0x519468 RealizePalette
0x51946c Polyline
0x519470 PlayEnhMetaFile
0x519474 PatBlt
0x519478 MoveToEx
0x51947c MaskBlt
0x519480 LineTo
0x519484 IntersectClipRect
0x519488 GetWindowOrgEx
0x51948c GetWinMetaFileBits
0x519490 GetTextMetricsA
0x519494 GetTextExtentPointA
0x5194a4 GetStockObject
0x5194a8 GetPixel
0x5194ac GetPaletteEntries
0x5194b0 GetObjectA
0x5194bc GetEnhMetaFileBits
0x5194c0 GetDeviceCaps
0x5194c4 GetDIBits
0x5194c8 GetDIBColorTable
0x5194cc GetDCOrgEx
0x5194d4 GetClipBox
0x5194d8 GetBrushOrgEx
0x5194dc GetBitmapBits
0x5194e0 GdiFlush
0x5194e4 ExtTextOutA
0x5194e8 ExtCreatePen
0x5194ec ExcludeClipRect
0x5194f0 EndPage
0x5194f4 EndDoc
0x5194f8 Ellipse
0x5194fc DeleteObject
0x519500 DeleteEnhMetaFile
0x519504 DeleteDC
0x519508 CreateSolidBrush
0x51950c CreateRectRgn
0x519510 CreatePolygonRgn
0x519514 CreatePenIndirect
0x519518 CreatePen
0x51951c CreatePalette
0x519520 CreateICA
0x519528 CreateFontIndirectA
0x51952c CreateDIBitmap
0x519530 CreateDIBSection
0x519534 CreateDCA
0x519538 CreateCompatibleDC
0x519540 CreateBrushIndirect
0x519544 CreateBitmap
0x519548 CopyEnhMetaFileA
0x51954c BitBlt
0x519550 Arc
Library user32.dll:
0x519558 CreateWindowExA
0x51955c WindowFromPoint
0x519560 WinHelpA
0x519564 WaitMessage
0x519568 UpdateLayeredWindow
0x51956c UpdateWindow
0x519570 UnregisterClassA
0x519574 UnhookWindowsHookEx
0x519578 TranslateMessage
0x519580 TrackPopupMenu
0x519588 ShowWindow
0x51958c ShowScrollBar
0x519590 ShowOwnedPopups
0x519594 ShowCursor
0x519598 SetWindowRgn
0x51959c SetWindowsHookExA
0x5195a0 SetWindowTextA
0x5195a4 SetWindowPos
0x5195a8 SetWindowPlacement
0x5195ac SetWindowLongA
0x5195b0 SetTimer
0x5195b4 SetScrollRange
0x5195b8 SetScrollPos
0x5195bc SetScrollInfo
0x5195c0 SetRect
0x5195c4 SetPropA
0x5195c8 SetParent
0x5195cc SetMenuItemInfoA
0x5195d0 SetMenu
0x5195d4 SetKeyboardState
0x5195d8 SetForegroundWindow
0x5195dc SetFocus
0x5195e0 SetCursorPos
0x5195e4 SetCursor
0x5195e8 SetClipboardData
0x5195ec SetClassLongA
0x5195f0 SetCapture
0x5195f4 SetActiveWindow
0x5195f8 SendMessageA
0x5195fc ScrollWindow
0x519600 ScreenToClient
0x519604 RemovePropA
0x519608 RemoveMenu
0x51960c ReleaseDC
0x519610 ReleaseCapture
0x51961c RegisterClassA
0x519620 RedrawWindow
0x519624 PtInRect
0x519628 PostQuitMessage
0x51962c PostMessageA
0x519630 PeekMessageA
0x519634 OpenClipboard
0x519638 OffsetRect
0x51963c OemToCharA
0x519644 MoveWindow
0x519648 MessageBoxA
0x51964c MessageBeep
0x519650 MapWindowPoints
0x519654 MapVirtualKeyA
0x519658 LoadStringA
0x51965c LoadKeyboardLayoutA
0x519660 LoadIconA
0x519664 LoadCursorA
0x519668 LoadBitmapA
0x51966c KillTimer
0x519670 IsZoomed
0x519674 IsWindowVisible
0x519678 IsWindowEnabled
0x51967c IsWindow
0x519680 IsRectEmpty
0x519684 IsIconic
0x519688 IsDialogMessageA
0x519690 IsChild
0x519694 IsCharAlphaNumericA
0x519698 IsCharAlphaA
0x51969c InvalidateRect
0x5196a0 IntersectRect
0x5196a4 InsertMenuItemA
0x5196a8 InsertMenuA
0x5196ac InflateRect
0x5196b4 GetWindowTextA
0x5196b8 GetWindowRect
0x5196bc GetWindowPlacement
0x5196c0 GetWindowLongA
0x5196c4 GetWindowDC
0x5196c8 GetTopWindow
0x5196cc GetSystemMetrics
0x5196d0 GetSystemMenu
0x5196d4 GetSysColorBrush
0x5196d8 GetSysColor
0x5196dc GetSubMenu
0x5196e0 GetScrollRange
0x5196e4 GetScrollPos
0x5196e8 GetScrollInfo
0x5196ec GetPropA
0x5196f0 GetParent
0x5196f4 GetWindow
0x5196f8 GetNextDlgTabItem
0x5196fc GetMenuStringA
0x519700 GetMenuState
0x519704 GetMenuItemInfoA
0x519708 GetMenuItemID
0x51970c GetMenuItemCount
0x519710 GetMenu
0x519714 GetLastActivePopup
0x519718 GetKeyboardState
0x519720 GetKeyboardLayout
0x519724 GetKeyState
0x519728 GetKeyNameTextA
0x51972c GetIconInfo
0x519730 GetForegroundWindow
0x519734 GetFocus
0x519738 GetDlgItem
0x51973c GetDesktopWindow
0x519740 GetDCEx
0x519744 GetDC
0x519748 GetCursorPos
0x51974c GetCursor
0x519750 GetClipboardData
0x519754 GetClientRect
0x519758 GetClassNameA
0x51975c GetClassInfoA
0x519760 GetCapture
0x519764 GetActiveWindow
0x519768 FrameRect
0x51976c FindWindowA
0x519770 FillRect
0x519774 EqualRect
0x519778 EnumWindows
0x51977c EnumThreadWindows
0x519784 EndPaint
0x519788 EnableWindow
0x51978c EnableScrollBar
0x519790 EnableMenuItem
0x519794 EmptyClipboard
0x519798 DrawTextExA
0x51979c DrawTextA
0x5197a0 DrawMenuBar
0x5197a4 DrawIconEx
0x5197a8 DrawIcon
0x5197ac DrawFrameControl
0x5197b0 DrawFocusRect
0x5197b4 DrawEdge
0x5197b8 DispatchMessageA
0x5197bc DestroyWindow
0x5197c0 DestroyMenu
0x5197c4 DestroyIcon
0x5197c8 DestroyCursor
0x5197cc DeleteMenu
0x5197d0 DefWindowProcA
0x5197d4 DefMDIChildProcA
0x5197d8 DefFrameProcA
0x5197dc CreatePopupMenu
0x5197e0 CreateMenu
0x5197e4 CreateIcon
0x5197e8 CloseClipboard
0x5197ec ClientToScreen
0x5197f0 CheckMenuItem
0x5197f4 CallWindowProcA
0x5197f8 CallNextHookEx
0x5197fc BeginPaint
0x519800 CharNextA
0x519804 CharLowerBuffA
0x519808 CharLowerA
0x51980c CharUpperBuffA
0x519810 CharUpperA
0x519814 CharToOemA
0x519818 AdjustWindowRectEx
Library ole32.dll:
0x519824 IsEqualGUID
Library kernel32.dll:
0x51982c Sleep
Library oleaut32.dll:
0x519834 SafeArrayPtrOfIndex
0x519838 SafeArrayPutElement
0x51983c SafeArrayGetElement
0x519844 SafeArrayAccessData
0x519848 SafeArrayGetUBound
0x51984c SafeArrayGetLBound
0x519850 SafeArrayCreate
0x519854 VariantChangeType
0x519858 VariantCopyInd
0x51985c VariantCopy
0x519860 VariantClear
0x519864 VariantInit
Library ole32.dll:
0x519870 DoDragDrop
0x519874 RevokeDragDrop
0x519878 RegisterDragDrop
0x51987c OleUninitialize
0x519880 OleInitialize
0x519884 CoUninitialize
0x519888 CoInitialize
Library oleaut32.dll:
0x519890 GetErrorInfo
0x519894 SysFreeString
Library shell32.dll:
0x519914 ShellExecuteA
0x519918 SHGetFileInfoA
Library gdiplus.dll:
0x519948 GdipCreateTexture
0x51994c GdipResetClip
0x519950 GdipAddPathPolygon
0x519954 GdipBitmapGetPixel
0x519968 GdipDeleteRegion
0x519974 GdipSetClipRegion
0x519978 GdipSetPenDashStyle
0x51997c GdipGetImageHeight
0x519980 GdipGetImageWidth
0x519984 GdipDisposeImage
0x519990 GdipFillPath
0x519994 GdipDrawLine
0x519998 GdipDrawRectangle
0x5199a0 GdipDrawImageRect
0x5199a4 GdipDrawImageI
0x5199b8 GdipMeasureString
0x5199bc GdipDrawString
0x5199c0 GdipDeleteFont
0x5199c4 GdipCreateFont
0x5199d0 GdipGraphicsClear
0x5199d4 GdipFillRectangle
0x5199d8 GdipDrawPath
0x5199e8 GdipReleaseDC
0x5199ec GdipGetDC
0x5199f0 GdipDeleteGraphics
0x5199f4 GdipCreateFromHDC
0x5199f8 GdipDeletePen
0x5199fc GdipDrawEllipse
0x519a00 GdipCreatePen1
0x519a18 GdipResetPath
0x519a24 GdipCreateSolidFill
0x519a2c GdipDeleteBrush
0x519a30 GdipAddPathEllipse
0x519a34 GdipAddPathArc
0x519a38 GdipAddPathLine
0x519a3c GdipClosePathFigure
0x519a40 GdipDeletePath
0x519a44 GdipCreatePath
0x519a48 GdipFillEllipse
0x519a4c GdiplusShutdown
0x519a50 GdiplusStartup
0x519a54 GdipFree
0x519a58 GdipAlloc

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 54178 114.114.114.114 53
192.168.56.101 57236 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 58970 114.114.114.114 53
192.168.56.101 60088 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 60221 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 62191 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50002 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.