11.0
0-day
49 个模型检测该样本为恶意!
重新分析
更多

0cd149cb54dfc996372166e11752b2bfc2ba8ff2d6a5dd5bfb95d800b2498c46

4da451a6ad451750cadba0ad3b43bbeb.exe

分析耗时

237s

最近分析

文件大小

962.0KB
静态报毒 动态报毒 100% 8M0@AIPMYSI AI SCORE=82 ATTRIBUTE CONFIDENCE CRYSAN DEFG ELDORADO ELJM ELKI GENERICKD GENERICRXKU GENKRYPTIK HIGH CONFIDENCE HIGHCONFIDENCE JCDZD KCLOUD KRYPTIK MALICIOUS PE MALWARE@#1MIO1Z5BRDSDD NANOCORE PACKEDNET PWSX R066C0DIA20 R339131 SCORE STATIC AI SUSGEN UNSAFE ZEMSILF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee GenericRXKU-IF!4DA451A6AD45 20201211 6.0.6.653
Alibaba Backdoor:MSIL/GenKryptik.e459bec9 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:PWSX-gen [Trj] 20201210 21.1.5827.0
Kingsoft Win32.Hack.Undef.(kcloud) 20201211 2017.9.26.565
Tencent 20201211 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619464104.23475
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Checks if process is being debugged by a debugger (4 个事件)
Time & API Arguments Status Return Repeated
1619464059.10975
IsDebuggerPresent
failed 0 0
1619464059.10975
IsDebuggerPresent
failed 0 0
1619489619.75825
IsDebuggerPresent
failed 0 0
1619489619.75825
IsDebuggerPresent
failed 0 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1619489620.05525
CryptExportKey
crypto_handle: 0x005532c8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619489620.05525
CryptExportKey
crypto_handle: 0x005532c8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619489620.05525
CryptExportKey
crypto_handle: 0x00553388
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619464059.14075
GlobalMemoryStatusEx
success 1 0
One or more processes crashed (8 个事件)
Time & API Arguments Status Return Repeated
1619464079.65675
__exception__
stacktrace: 
mscorlib+0x230de1 @ 0x71e40de1
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73be9424
StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73bd3f33
StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73bd3f92
GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73be92c8
GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73be9619
StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73bd3ea9
CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73bc0bf1
LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73c289e7
mscorlib+0x24e713 @ 0x71e5e713
mscorlib+0x24e4ea @ 0x71e5e4ea
mscorlib+0x23d314 @ 0x71e4d314
mscorlib+0x23cf95 @ 0x71e4cf95
mscorlib+0x23cd51 @ 0x71e4cd51
mscorlib+0x836a4f @ 0x72446a4f
mscorlib+0x25351b @ 0x71e6351b
0xab01da
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x4f8b DllRegisterServerInternal-0xe1f5 clr+0x23153 @ 0x73bb3153
CoUninitializeEE+0x5004 DllRegisterServerInternal-0xe17c clr+0x231cc @ 0x73bb31cc
CoUninitializeEE+0x5073 DllRegisterServerInternal-0xe10d clr+0x2323b @ 0x73bb323b
CoUninitializeEE+0x524d DllRegisterServerInternal-0xdf33 clr+0x23415 @ 0x73bb3415
CoUninitializeEE+0x5392 DllRegisterServerInternal-0xddee clr+0x2355a @ 0x73bb355a
GetMetaDataInternalInterface+0x838a LogHelp_TerminateOnAssert-0x5ca6 clr+0x56db2 @ 0x73be6db2
CoUninitializeEE+0x3d8d DllRegisterServerInternal-0xf3f3 clr+0x21f55 @ 0x73bb1f55
0xb90842
0xab0196
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 2805012
registers.edi: 38806452
registers.eax: 0
registers.ebp: 2805048
registers.edx: 9
registers.ebx: 38736788
registers.esi: 38778904
registers.ecx: 1942112702
exception.instruction_r: 83 78 04 00 77 05 e8 4a 89 39 73 0f b6 40 08 89
exception.instruction: cmp dword ptr [eax + 4], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xab03eb
success 0 0
1619464080.20375
__exception__
stacktrace: 
mscorlib+0x230de1 @ 0x71e40de1
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73be9424
StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73bd3f33
StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73bd3f92
GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73be92c8
GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73be9619
StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73bd3ea9
CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73bc0bf1
LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73c289e7
mscorlib+0x24e713 @ 0x71e5e713
mscorlib+0x24e4ea @ 0x71e5e4ea
mscorlib+0x23d314 @ 0x71e4d314
mscorlib+0x23cf95 @ 0x71e4cf95
mscorlib+0x23cd51 @ 0x71e4cd51
mscorlib+0x23caba @ 0x71e4caba
mscorlib+0x2bba5a @ 0x71ecba5a
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
LogHelp_TerminateOnAssert+0x42ba0 StrongNameErrorInfo-0x452fa clr+0x9f5f8 @ 0x73c2f5f8
LogHelp_TerminateOnAssert+0x42cf7 StrongNameErrorInfo-0x451a3 clr+0x9f74f @ 0x73c2f74f
mscorlib+0x2bb931 @ 0x71ecb931
mscorlib+0x2bbc18 @ 0x71ecbc18
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
LogHelp_TerminateOnAssert+0x31879 StrongNameErrorInfo-0x56621 clr+0x8e2d1 @ 0x73c1e2d1
LogHelp_TerminateOnAssert+0x3197b StrongNameErrorInfo-0x5651f clr+0x8e3d3 @ 0x73c1e3d3
mscorlib+0x843318 @ 0x72453318
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
GetCLRFunction+0x4d5 GetMetaDataPublicInterfaceFromInternal-0x9198 clr+0xec74f @ 0x73c7c74f
CopyPDBs+0x321b MetaDataGetDispenser-0x5ad9 clr+0xf9269 @ 0x73c89269
GetAddrOfContractShutoffFlag+0x10bc2 CorLaunchApplication-0x2ed06 clr+0x277842 @ 0x73e07842
AttachProfiler+0x42b0 LogHelp_LogAssert-0x15e9a clr+0x1e2e38 @ 0x73d72e38
LogHelp_TerminateOnAssert+0x30167 StrongNameErrorInfo-0x57d33 clr+0x8cbbf @ 0x73c1cbbf
LogHelp_TerminateOnAssert+0x302a6 StrongNameErrorInfo-0x57bf4 clr+0x8ccfe @ 0x73c1ccfe
RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x77d76ab9
RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x77d76a8b
New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x745b482b
KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x77d40143
mscorlib+0x230de1 @ 0x71e40de1
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73be9424
StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73bd3f33
StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73bd3f92
GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73be92c8
GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73be9619
StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73bd3ea9
CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73bc0bf1
LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73c289e7
mscorlib+0x24e713 @ 0x71e5e713

registers.esp: 2793924
registers.edi: 38884356
registers.eax: 0
registers.ebp: 2793960
registers.edx: 9
registers.ebx: 38736788
registers.esi: 38778904
registers.ecx: 1942112702
exception.instruction_r: 83 78 04 00 77 05 e8 4a 89 39 73 0f b6 40 08 89
exception.instruction: cmp dword ptr [eax + 4], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xab03eb
success 0 0
1619464084.07875
__exception__
stacktrace: 
mscorlib+0x230de1 @ 0x71e40de1
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73be9424
StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73bd3f33
StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73bd3f92
GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73be92c8
GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73be9619
StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73bd3ea9
CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73bc0bf1
LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73c289e7
mscorlib+0x24e713 @ 0x71e5e713
mscorlib+0x24e4ea @ 0x71e5e4ea
mscorlib+0x23d314 @ 0x71e4d314
mscorlib+0x23cf95 @ 0x71e4cf95
mscorlib+0x23cd51 @ 0x71e4cd51
mscorlib+0x23caba @ 0x71e4caba
mscorlib+0x2bba5a @ 0x71ecba5a
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
LogHelp_TerminateOnAssert+0x42ba0 StrongNameErrorInfo-0x452fa clr+0x9f5f8 @ 0x73c2f5f8
LogHelp_TerminateOnAssert+0x42cf7 StrongNameErrorInfo-0x451a3 clr+0x9f74f @ 0x73c2f74f
mscorlib+0x2bb931 @ 0x71ecb931
mscorlib+0x2bbc18 @ 0x71ecbc18
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
LogHelp_TerminateOnAssert+0x31879 StrongNameErrorInfo-0x56621 clr+0x8e2d1 @ 0x73c1e2d1
LogHelp_TerminateOnAssert+0x3197b StrongNameErrorInfo-0x5651f clr+0x8e3d3 @ 0x73c1e3d3
mscorlib+0x843318 @ 0x72453318
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
GetCLRFunction+0x4d5 GetMetaDataPublicInterfaceFromInternal-0x9198 clr+0xec74f @ 0x73c7c74f
CopyPDBs+0x321b MetaDataGetDispenser-0x5ad9 clr+0xf9269 @ 0x73c89269
GetAddrOfContractShutoffFlag+0x10bc2 CorLaunchApplication-0x2ed06 clr+0x277842 @ 0x73e07842
AttachProfiler+0x42b0 LogHelp_LogAssert-0x15e9a clr+0x1e2e38 @ 0x73d72e38
LogHelp_TerminateOnAssert+0x30167 StrongNameErrorInfo-0x57d33 clr+0x8cbbf @ 0x73c1cbbf
LogHelp_TerminateOnAssert+0x302a6 StrongNameErrorInfo-0x57bf4 clr+0x8ccfe @ 0x73c1ccfe
RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x77d76ab9
RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x77d76a8b
New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x745b482b
KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x77d40143
mscorlib+0x230de1 @ 0x71e40de1
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73be9424
StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73bd3f33
StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73bd3f92
GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73be92c8
GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73be9619
StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73bd3ea9
CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73bc0bf1
LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73c289e7
mscorlib+0x24e713 @ 0x71e5e713

registers.esp: 2793924
registers.edi: 38935348
registers.eax: 0
registers.ebp: 2793960
registers.edx: 9
registers.ebx: 38736788
registers.esi: 38778904
registers.ecx: 1942112702
exception.instruction_r: 83 78 04 00 77 05 e8 4a 89 39 73 0f b6 40 08 89
exception.instruction: cmp dword ptr [eax + 4], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xab03eb
success 0 0
1619464084.09375
__exception__
stacktrace: 
mscorlib+0x230de1 @ 0x71e40de1
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73be9424
StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73bd3f33
StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73bd3f92
GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73be92c8
GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73be9619
StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73bd3ea9
CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73bc0bf1
LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73c289e7
mscorlib+0x24e713 @ 0x71e5e713
mscorlib+0x24e4ea @ 0x71e5e4ea
mscorlib+0x23d314 @ 0x71e4d314
mscorlib+0x23cf95 @ 0x71e4cf95
mscorlib+0x23cd51 @ 0x71e4cd51
mscorlib+0x23caba @ 0x71e4caba
mscorlib+0x2bba5a @ 0x71ecba5a
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
LogHelp_TerminateOnAssert+0x42ba0 StrongNameErrorInfo-0x452fa clr+0x9f5f8 @ 0x73c2f5f8
LogHelp_TerminateOnAssert+0x42cf7 StrongNameErrorInfo-0x451a3 clr+0x9f74f @ 0x73c2f74f
mscorlib+0x2bb931 @ 0x71ecb931
mscorlib+0x2bbc18 @ 0x71ecbc18
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
LogHelp_TerminateOnAssert+0x31879 StrongNameErrorInfo-0x56621 clr+0x8e2d1 @ 0x73c1e2d1
LogHelp_TerminateOnAssert+0x3197b StrongNameErrorInfo-0x5651f clr+0x8e3d3 @ 0x73c1e3d3
mscorlib+0x843318 @ 0x72453318
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
GetCLRFunction+0x4d5 GetMetaDataPublicInterfaceFromInternal-0x9198 clr+0xec74f @ 0x73c7c74f
CopyPDBs+0x321b MetaDataGetDispenser-0x5ad9 clr+0xf9269 @ 0x73c89269
GetAddrOfContractShutoffFlag+0x10bc2 CorLaunchApplication-0x2ed06 clr+0x277842 @ 0x73e07842
AttachProfiler+0x42b0 LogHelp_LogAssert-0x15e9a clr+0x1e2e38 @ 0x73d72e38
LogHelp_TerminateOnAssert+0x30167 StrongNameErrorInfo-0x57d33 clr+0x8cbbf @ 0x73c1cbbf
LogHelp_TerminateOnAssert+0x302a6 StrongNameErrorInfo-0x57bf4 clr+0x8ccfe @ 0x73c1ccfe
RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x77d76ab9
RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x77d76a8b
New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x745b482b
KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x77d40143
mscorlib+0x230de1 @ 0x71e40de1
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73be9424
StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73bd3f33
StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73bd3f92
GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73be92c8
GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73be9619
StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73bd3ea9
CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73bc0bf1
LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73c289e7
mscorlib+0x24e713 @ 0x71e5e713

registers.esp: 2793924
registers.edi: 38972852
registers.eax: 0
registers.ebp: 2793960
registers.edx: 9
registers.ebx: 38736788
registers.esi: 38778904
registers.ecx: 1942112702
exception.instruction_r: 83 78 04 00 77 05 e8 4a 89 39 73 0f b6 40 08 89
exception.instruction: cmp dword ptr [eax + 4], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xab03eb
success 0 0
1619464084.09375
__exception__
stacktrace: 
mscorlib+0x230de1 @ 0x71e40de1
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73be9424
StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73bd3f33
StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73bd3f92
GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73be92c8
GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73be9619
StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73bd3ea9
CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73bc0bf1
LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73c289e7
mscorlib+0x24e713 @ 0x71e5e713
mscorlib+0x24e4ea @ 0x71e5e4ea
mscorlib+0x23d314 @ 0x71e4d314
mscorlib+0x23cf95 @ 0x71e4cf95
mscorlib+0x23cd51 @ 0x71e4cd51
mscorlib+0x23caba @ 0x71e4caba
mscorlib+0x2bba5a @ 0x71ecba5a
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
LogHelp_TerminateOnAssert+0x42ba0 StrongNameErrorInfo-0x452fa clr+0x9f5f8 @ 0x73c2f5f8
LogHelp_TerminateOnAssert+0x42cf7 StrongNameErrorInfo-0x451a3 clr+0x9f74f @ 0x73c2f74f
mscorlib+0x2bb931 @ 0x71ecb931
mscorlib+0x2bbc18 @ 0x71ecbc18
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
LogHelp_TerminateOnAssert+0x31879 StrongNameErrorInfo-0x56621 clr+0x8e2d1 @ 0x73c1e2d1
LogHelp_TerminateOnAssert+0x3197b StrongNameErrorInfo-0x5651f clr+0x8e3d3 @ 0x73c1e3d3
mscorlib+0x843318 @ 0x72453318
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
GetCLRFunction+0x4d5 GetMetaDataPublicInterfaceFromInternal-0x9198 clr+0xec74f @ 0x73c7c74f
CopyPDBs+0x321b MetaDataGetDispenser-0x5ad9 clr+0xf9269 @ 0x73c89269
GetAddrOfContractShutoffFlag+0x10bc2 CorLaunchApplication-0x2ed06 clr+0x277842 @ 0x73e07842
AttachProfiler+0x42b0 LogHelp_LogAssert-0x15e9a clr+0x1e2e38 @ 0x73d72e38
LogHelp_TerminateOnAssert+0x30167 StrongNameErrorInfo-0x57d33 clr+0x8cbbf @ 0x73c1cbbf
LogHelp_TerminateOnAssert+0x302a6 StrongNameErrorInfo-0x57bf4 clr+0x8ccfe @ 0x73c1ccfe
RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x77d76ab9
RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x77d76a8b
New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x745b482b
KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x77d40143
mscorlib+0x230de1 @ 0x71e40de1
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73be9424
StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73bd3f33
StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73bd3f92
GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73be92c8
GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73be9619
StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73bd3ea9
CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73bc0bf1
LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73c289e7
mscorlib+0x24e713 @ 0x71e5e713

registers.esp: 2793924
registers.edi: 39010164
registers.eax: 0
registers.ebp: 2793960
registers.edx: 9
registers.ebx: 38736788
registers.esi: 38778904
registers.ecx: 1942112702
exception.instruction_r: 83 78 04 00 77 05 e8 4a 89 39 73 0f b6 40 08 89
exception.instruction: cmp dword ptr [eax + 4], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xab03eb
success 0 0
1619464084.31275
__exception__
stacktrace: 
mscorlib+0x230de1 @ 0x71e40de1
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73be9424
StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73bd3f33
StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73bd3f92
GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73be92c8
GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73be9619
StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73bd3ea9
CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73bc0bf1
LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73c289e7
mscorlib+0x24e713 @ 0x71e5e713
mscorlib+0x24e4ea @ 0x71e5e4ea
mscorlib+0x23d314 @ 0x71e4d314
mscorlib+0x23cf95 @ 0x71e4cf95
mscorlib+0x23cd51 @ 0x71e4cd51
mscorlib+0x836a4f @ 0x72446a4f
mscorlib+0x25351b @ 0x71e6351b
0xab01da
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x4f8b DllRegisterServerInternal-0xe1f5 clr+0x23153 @ 0x73bb3153
CoUninitializeEE+0x5004 DllRegisterServerInternal-0xe17c clr+0x231cc @ 0x73bb31cc
CoUninitializeEE+0x5073 DllRegisterServerInternal-0xe10d clr+0x2323b @ 0x73bb323b
CoUninitializeEE+0x524d DllRegisterServerInternal-0xdf33 clr+0x23415 @ 0x73bb3415
CoUninitializeEE+0x5392 DllRegisterServerInternal-0xddee clr+0x2355a @ 0x73bb355a
GetMetaDataInternalInterface+0x838a LogHelp_TerminateOnAssert-0x5ca6 clr+0x56db2 @ 0x73be6db2
CoUninitializeEE+0x3d8d DllRegisterServerInternal-0xf3f3 clr+0x21f55 @ 0x73bb1f55
0xb90842
0xab0196
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 2805012
registers.edi: 39054368
registers.eax: 0
registers.ebp: 2805048
registers.edx: 9
registers.ebx: 38736788
registers.esi: 38778904
registers.ecx: 1942112702
exception.instruction_r: 83 78 04 00 77 05 e8 4a 89 39 73 0f b6 40 08 89
exception.instruction: cmp dword ptr [eax + 4], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xab03eb
success 0 0
1619464084.32875
__exception__
stacktrace: 
mscorlib+0x230de1 @ 0x71e40de1
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73be9424
StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73bd3f33
StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73bd3f92
GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73be92c8
GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73be9619
StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73bd3ea9
CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73bc0bf1
LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73c289e7
mscorlib+0x24e713 @ 0x71e5e713
mscorlib+0x24e4ea @ 0x71e5e4ea
mscorlib+0x23d314 @ 0x71e4d314
mscorlib+0x23cf95 @ 0x71e4cf95
mscorlib+0x23cd51 @ 0x71e4cd51
mscorlib+0x836a4f @ 0x72446a4f
mscorlib+0x25351b @ 0x71e6351b
0xab01da
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x4f8b DllRegisterServerInternal-0xe1f5 clr+0x23153 @ 0x73bb3153
CoUninitializeEE+0x5004 DllRegisterServerInternal-0xe17c clr+0x231cc @ 0x73bb31cc
CoUninitializeEE+0x5073 DllRegisterServerInternal-0xe10d clr+0x2323b @ 0x73bb323b
CoUninitializeEE+0x524d DllRegisterServerInternal-0xdf33 clr+0x23415 @ 0x73bb3415
CoUninitializeEE+0x5392 DllRegisterServerInternal-0xddee clr+0x2355a @ 0x73bb355a
GetMetaDataInternalInterface+0x838a LogHelp_TerminateOnAssert-0x5ca6 clr+0x56db2 @ 0x73be6db2
CoUninitializeEE+0x3d8d DllRegisterServerInternal-0xf3f3 clr+0x21f55 @ 0x73bb1f55
0xb90842
0xab0196
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 2805012
registers.edi: 39057740
registers.eax: 0
registers.ebp: 2805048
registers.edx: 9
registers.ebx: 38736788
registers.esi: 38778904
registers.ecx: 1942112702
exception.instruction_r: 83 78 04 00 77 05 e8 4a 89 39 73 0f b6 40 08 89
exception.instruction: cmp dword ptr [eax + 4], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xab03eb
success 0 0
1619464084.34375
__exception__
stacktrace: 
mscorlib+0x230de1 @ 0x71e40de1
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73be9424
StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73bd3f33
StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73bd3f92
GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73be92c8
GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73be9619
StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73bd3ea9
CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73bc0bf1
LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73c289e7
mscorlib+0x24e713 @ 0x71e5e713
mscorlib+0x24e4ea @ 0x71e5e4ea
mscorlib+0x23d314 @ 0x71e4d314
mscorlib+0x23cf95 @ 0x71e4cf95
mscorlib+0x23cd51 @ 0x71e4cd51
mscorlib+0x836a4f @ 0x72446a4f
mscorlib+0x25351b @ 0x71e6351b
0xab01da
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x4f8b DllRegisterServerInternal-0xe1f5 clr+0x23153 @ 0x73bb3153
CoUninitializeEE+0x5004 DllRegisterServerInternal-0xe17c clr+0x231cc @ 0x73bb31cc
CoUninitializeEE+0x5073 DllRegisterServerInternal-0xe10d clr+0x2323b @ 0x73bb323b
CoUninitializeEE+0x524d DllRegisterServerInternal-0xdf33 clr+0x23415 @ 0x73bb3415
CoUninitializeEE+0x5392 DllRegisterServerInternal-0xddee clr+0x2355a @ 0x73bb355a
GetMetaDataInternalInterface+0x838a LogHelp_TerminateOnAssert-0x5ca6 clr+0x56db2 @ 0x73be6db2
CoUninitializeEE+0x3d8d DllRegisterServerInternal-0xf3f3 clr+0x21f55 @ 0x73bb1f55
0xb90842
0xab0196
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 2805012
registers.edi: 39061108
registers.eax: 0
registers.ebp: 2805048
registers.edx: 9
registers.ebx: 38736788
registers.esi: 38778904
registers.ecx: 1942112702
exception.instruction_r: 83 78 04 00 77 05 e8 4a 89 39 73 0f b6 40 08 89
exception.instruction: cmp dword ptr [eax + 4], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xab03eb
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (50 out of 404 个事件)
Time & API Arguments Status Return Repeated
1619464056.64075
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 589824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x004c0000
success 0 0
1619464056.64075
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00510000
success 0 0
1619464058.24975
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 1835008
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00a10000
success 0 0
1619464058.24975
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00b90000
success 0 0
1619464058.71875
NtProtectVirtualMemory
process_identifier: 2772
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73b91000
success 0 0
1619464059.10975
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 2293760
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00bd0000
success 0 0
1619464059.10975
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00dc0000
success 0 0
1619464059.10975
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0056a000
success 0 0
1619464059.12475
NtProtectVirtualMemory
process_identifier: 2772
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73b92000
success 0 0
1619464059.12475
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00562000
success 0 0
1619464065.48475
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00572000
success 0 0
1619464065.93775
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00595000
success 0 0
1619464065.93775
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0059b000
success 0 0
1619464065.93775
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00597000
success 0 0
1619464066.48475
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00573000
success 0 0
1619464066.48475
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00574000
success 0 0
1619464066.53175
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00575000
success 0 0
1619464066.68775
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0057c000
success 0 0
1619464067.42175
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00ab0000
success 0 0
1619464071.65675
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00577000
success 0 0
1619464072.14075
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00579000
success 0 0
1619464075.46875
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00af0000
success 0 0
1619464075.46875
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00af1000
success 0 0
1619464084.70375
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0058a000
success 0 0
1619464084.70375
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00587000
success 0 0
1619464085.09375
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00af2000
success 0 0
1619464085.24975
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00af3000
success 0 0
1619464085.24975
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00af4000
success 0 0
1619464085.70375
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00af5000
success 0 0
1619464085.87475
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00586000
success 0 0
1619464086.20375
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00af6000
success 0 0
1619464086.29675
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00af7000
success 0 0
1619464092.07875
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00af8000
success 0 0
1619464092.42175
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00af9000
success 0 0
1619464092.65675
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00afa000
success 0 0
1619464092.65675
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00afb000
success 0 0
1619464092.65675
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00afc000
success 0 0
1619464092.65675
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00afd000
success 0 0
1619464093.53175
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00ab1000
success 0 0
1619464093.85975
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00afe000
success 0 0
1619464094.21875
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00563000
success 0 0
1619464094.42175
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00aff000
success 0 0
1619464094.89075
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00ab2000
success 0 0
1619464095.21875
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x04630000
success 0 0
1619464095.37475
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00ab8000
success 0 0
1619464095.51575
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0056c000
success 0 0
1619464096.82875
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0057d000
success 0 0
1619464096.89075
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00ab9000
success 0 0
1619464096.90675
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x04631000
success 0 0
1619464096.90675
NtAllocateVirtualMemory
process_identifier: 2772
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00aba000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.807294614232748 section {'size_of_data': '0x000d1200', 'virtual_address': '0x00002000', 'entropy': 7.807294614232748, 'name': '.text', 'virtual_size': '0x000d1034'} description A section with a high entropy has been found
entropy 0.8699947997919917 description Overall entropy of this PE file is high
Checks for the Locally Unique Identifier on the system for a suspicious privilege (2 个事件)
Time & API Arguments Status Return Repeated
1619464096.39075
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619489619.88325
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
Terminates another process (1 个事件)
Time & API Arguments Status Return Repeated
1619464146.29675
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 2772
process_handle: 0x000002f8
failed 0 0
网络通信
One or more of the buffers contains an embedded PE file (1 个事件)
buffer Buffer with sha1: ad58916000b7d59aef99e7811c783edc18f965f8
Allocates execute permission to another process indicative of possible code injection (1 个事件)
Time & API Arguments Status Return Repeated
1619464136.26575
NtAllocateVirtualMemory
process_identifier: 2256
region_size: 720896
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002d0
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
success 0 0
Attempts to identify installed AV products by installation directory (4 个事件)
file C:\Program Files\AVAST Software
file C:\Program Files (x86)\AVAST Software
file C:\Program Files\Kaspersky Lab
file C:\Program Files (x86)\Kaspersky Lab
Installs itself for autorun at Windows startup (1 个事件)
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\regasm reg_value "C:\Users\Administrator.Oskar-PC\AppData\Local\regasm.exe"
Potential code injection by writing to the memory of another process (4 个事件)
Time & API Arguments Status Return Repeated
1619464136.26575
WriteProcessMemory
process_identifier: 2256
buffer: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PEL[ÔÏà 0ž .¼ À @  @…à» KÀ 8à  H.text4œ ž  `.rsrc8À   @@.reloc à ¦ @B
process_handle: 0x000002d0
base_address: 0x00400000
success 1 0
1619464136.31275
WriteProcessMemory
process_identifier: 2256
buffer:  €8€P€h€€ À ¬äLà êä¬4VS_VERSION_INFO½ïþ?DVarFileInfo$Translation° StringFileInfoè000004b0Comments"CompanyName*FileDescription0FileVersion1.0.0.0"InternalName&LegalCopyright*LegalTrademarks*OriginalFilename"ProductName4ProductVersion1.0.0.08Assembly Version1.0.0.0<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
process_handle: 0x000002d0
base_address: 0x004ac000
success 1 0
1619464136.31275
WriteProcessMemory
process_identifier: 2256
buffer: ° 0<
process_handle: 0x000002d0
base_address: 0x004ae000
success 1 0
1619464136.31275
WriteProcessMemory
process_identifier: 2256
buffer: @
process_handle: 0x000002d0
base_address: 0x7efde008
success 1 0
Code injection by writing an executable or DLL to the memory of another process (1 个事件)
Time & API Arguments Status Return Repeated
1619464136.26575
WriteProcessMemory
process_identifier: 2256
buffer: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PEL[ÔÏà 0ž .¼ À @  @…à» KÀ 8à  H.text4œ ž  `.rsrc8À   @@.reloc à ¦ @B
process_handle: 0x000002d0
base_address: 0x00400000
success 1 0
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2772 called NtSetContextThread to modify thread in remote process 2256
Time & API Arguments Status Return Repeated
1619464136.31275
NtSetContextThread
thread_handle: 0x000002dc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4897838
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2256
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2772 resumed a thread in remote process 2256
Time & API Arguments Status Return Repeated
1619464138.54675
NtResumeThread
thread_handle: 0x000002dc
suspend_count: 1
process_identifier: 2256
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 172.217.24.14:443
Executed a process and injected code into it, probably while unpacking (18 个事件)
Time & API Arguments Status Return Repeated
1619464059.10975
NtResumeThread
thread_handle: 0x000000d8
suspend_count: 1
process_identifier: 2772
success 0 0
1619464059.12475
NtResumeThread
thread_handle: 0x00000120
suspend_count: 1
process_identifier: 2772
success 0 0
1619464059.15675
NtResumeThread
thread_handle: 0x0000015c
suspend_count: 1
process_identifier: 2772
success 0 0
1619464102.32875
NtResumeThread
thread_handle: 0x0000024c
suspend_count: 1
process_identifier: 2772
success 0 0
1619464103.62475
NtResumeThread
thread_handle: 0x000002b8
suspend_count: 1
process_identifier: 2772
success 0 0
1619464136.26575
CreateProcessInternalW
thread_identifier: 1728
thread_handle: 0x000002dc
process_identifier: 2256
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\4da451a6ad451750cadba0ad3b43bbeb.exe
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\4da451a6ad451750cadba0ad3b43bbeb.exe"
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\4da451a6ad451750cadba0ad3b43bbeb.exe
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x000002d0
inherit_handles: 0
success 1 0
1619464136.26575
NtGetContextThread
thread_handle: 0x000002dc
success 0 0
1619464136.26575
NtAllocateVirtualMemory
process_identifier: 2256
region_size: 720896
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002d0
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
success 0 0
1619464136.26575
WriteProcessMemory
process_identifier: 2256
buffer: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PEL[ÔÏà 0ž .¼ À @  @…à» KÀ 8à  H.text4œ ž  `.rsrc8À   @@.reloc à ¦ @B
process_handle: 0x000002d0
base_address: 0x00400000
success 1 0
1619464136.26575
WriteProcessMemory
process_identifier: 2256
buffer:
process_handle: 0x000002d0
base_address: 0x00402000
success 1 0
1619464136.31275
WriteProcessMemory
process_identifier: 2256
buffer:  €8€P€h€€ À ¬äLà êä¬4VS_VERSION_INFO½ïþ?DVarFileInfo$Translation° StringFileInfoè000004b0Comments"CompanyName*FileDescription0FileVersion1.0.0.0"InternalName&LegalCopyright*LegalTrademarks*OriginalFilename"ProductName4ProductVersion1.0.0.08Assembly Version1.0.0.0<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
process_handle: 0x000002d0
base_address: 0x004ac000
success 1 0
1619464136.31275
WriteProcessMemory
process_identifier: 2256
buffer: ° 0<
process_handle: 0x000002d0
base_address: 0x004ae000
success 1 0
1619464136.31275
WriteProcessMemory
process_identifier: 2256
buffer: @
process_handle: 0x000002d0
base_address: 0x7efde008
success 1 0
1619464136.31275
NtSetContextThread
thread_handle: 0x000002dc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4897838
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2256
success 0 0
1619464138.54675
NtResumeThread
thread_handle: 0x000002dc
suspend_count: 1
process_identifier: 2256
success 0 0
1619489619.75825
NtResumeThread
thread_handle: 0x000000d8
suspend_count: 1
process_identifier: 2256
success 0 0
1619489619.75825
NtResumeThread
thread_handle: 0x00000120
suspend_count: 1
process_identifier: 2256
success 0 0
1619489619.77425
NtResumeThread
thread_handle: 0x00000160
suspend_count: 1
process_identifier: 2256
success 0 0
File has been identified by 49 AntiVirus engines on VirusTotal as malicious (49 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.43245039
FireEye Generic.mg.4da451a6ad451750
McAfee GenericRXKU-IF!4DA451A6AD45
K7AntiVirus Trojan ( 00567a1f1 )
Alibaba Backdoor:MSIL/GenKryptik.e459bec9
K7GW Trojan ( 00567a1f1 )
Cybereason malicious.bc2f7d
Arcabit Trojan.Generic.D293DDEF
Cyren W32/MSIL_Troj.VE.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Backdoor.MSIL.Crysan.gen
BitDefender Trojan.GenericKD.43245039
Avast Win32:PWSX-gen [Trj]
Ad-Aware Trojan.GenericKD.43245039
Sophos Mal/Generic-S
Comodo Malware@#1mio1z5brdsdd
F-Secure Trojan.TR/Kryptik.jcdzd
DrWeb Trojan.PackedNET.316
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R066C0DIA20
McAfee-GW-Edition BehavesLike.Win32.Generic.dc
Emsisoft Trojan.GenericKD.43245039 (B)
Ikarus Trojan.Inject
Jiangmin Backdoor.MSIL.defg
eGambit Unsafe.AI_Score_100%
Avira TR/Kryptik.jcdzd
MAX malware (ai score=82)
Antiy-AVL Trojan[Backdoor]/MSIL.Crysan
Kingsoft Win32.Hack.Undef.(kcloud)
Gridinsoft Trojan.Win32.Downloader.dd!ni
Microsoft Backdoor:MSIL/Nanocore!MTB
ZoneAlarm HEUR:Backdoor.MSIL.Crysan.gen
GData Trojan.GenericKD.43245039
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Kryptik.R339131
BitDefenderTheta Gen:NN.ZemsilF.34670.8m0@aiPMYSi
ALYac Trojan.GenericKD.43245039
Malwarebytes Spyware.Agent
ESET-NOD32 a variant of MSIL/GenKryptik.ELKI
TrendMicro-HouseCall TROJ_GEN.R066C0DIA20
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.121218.susgen
Fortinet MSIL/GenKryptik.ELJM!tr
AVG Win32:PWSX-gen [Trj]
CrowdStrike win/malicious_confidence_100% (W)
Qihoo-360 Generic/Backdoor.c00
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-05-29 10:32:30

Imports

Library mscoree.dll:
0x402000 _CorExeMain

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49193 203.208.40.66 update.googleapis.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 54178 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60221 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.