4.0
中危
59 个模型检测该样本为恶意!
重新分析
更多

eec9887fb0a1a6157c82c1319dd32e9750d616a4dc31cdbb29b2ff75028fcf04

4ea313151ad65a9eb770b60fd991de63.exe

分析耗时

72s

最近分析

文件大小

500.0KB
静态报毒 动态报毒 100% AGEN AI SCORE=86 AIDETECTVM AIEH ATTRIBUTE BSCOPE CONFIDENCE ECRA ELDORADO ENCPK FRGC FY0@AGP5WUAI FYHGPU GDSDA GENCIRC GOZI GWAJ HIGH CONFIDENCE HIGHCONFIDENCE KGS4DUKH2US KRYPTIK M5YDUA7X1E0 MALWARE1 MALWARE@#4SH0TAXOEQGB R + MAL R06EC0DI220 R289497 SCORE SUSGEN UNSAFE URSNIF ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Trojan-FRGC!4EA313151AD6 20201229 6.0.6.653
Alibaba TrojanSpy:Win32/Ursnif.42dbd0c9 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Ursnif-BK [Trj] 20201229 21.1.5827.0
Kingsoft 20201229 2017.9.26.565
Tencent Malware.Win32.Gencirc.10b9a898 20201229 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (3 个事件)
Time & API Arguments Status Return Repeated
1619427019.469727
GetComputerNameW
computer_name:
failed 0 0
1619427019.469727
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619427029.782727
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
This executable has a PDB path (1 个事件)
pdb_path c:\gas\among\stop\feedsit.pdb
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .gfids
One or more processes crashed (50 out of 31190 个事件)
Time & API Arguments Status Return Repeated
1619427008.204727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1951 @ 0x401951
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637784
registers.edi: 9765023
registers.eax: 0
registers.ebp: 1637808
registers.edx: 2130566132
registers.ebx: 4194304
registers.esi: 0
registers.ecx: 3237150720
exception.instruction_r: 8b 0d a7 40 40 00 2b 0d b3 40 40 00 03 0d ab 40
exception.symbol: 4ea313151ad65a9eb770b60fd991de63+0x1bf0
exception.instruction: mov ecx, dword ptr [0x4040a7]
exception.module: 4ea313151ad65a9eb770b60fd991de63.exe
exception.exception_code: 0xc0000005
exception.offset: 7152
exception.address: 0x401bf0
success 0 0
1619427008.204727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1951 @ 0x401951
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637784
registers.edi: 9765023
registers.eax: 0
registers.ebp: 1637808
registers.edx: 2130566132
registers.ebx: 4194304
registers.esi: 0
registers.ecx: 1952870227
exception.instruction_r: 2b 0d b3 40 40 00 03 0d ab 40 40 00 89 0d 08 31
exception.symbol: 4ea313151ad65a9eb770b60fd991de63+0x1bf6
exception.instruction: sub ecx, dword ptr [0x4040b3]
exception.module: 4ea313151ad65a9eb770b60fd991de63.exe
exception.exception_code: 0x80000004
exception.offset: 7158
exception.address: 0x401bf6
success 0 0
1619427008.204727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1951 @ 0x401951
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637784
registers.edi: 9765023
registers.eax: 0
registers.ebp: 1637808
registers.edx: 2130566132
registers.ebx: 4194304
registers.esi: 0
registers.ecx: 1952870227
exception.instruction_r: 2b 0d b3 40 40 00 03 0d ab 40 40 00 89 0d 08 31
exception.symbol: 4ea313151ad65a9eb770b60fd991de63+0x1bf6
exception.instruction: sub ecx, dword ptr [0x4040b3]
exception.module: 4ea313151ad65a9eb770b60fd991de63.exe
exception.exception_code: 0xc0000005
exception.offset: 7158
exception.address: 0x401bf6
success 0 0
1619427008.204727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1951 @ 0x401951
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637784
registers.edi: 9765023
registers.eax: 0
registers.ebp: 1637808
registers.edx: 2130566132
registers.ebx: 4194304
registers.esi: 0
registers.ecx: 317853199
exception.instruction_r: 03 0d ab 40 40 00 89 0d 08 31 40 00 5b c9 c3 51
exception.symbol: 4ea313151ad65a9eb770b60fd991de63+0x1bfc
exception.instruction: add ecx, dword ptr [0x4040ab]
exception.module: 4ea313151ad65a9eb770b60fd991de63.exe
exception.exception_code: 0x80000004
exception.offset: 7164
exception.address: 0x401bfc
success 0 0
1619427008.204727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1951 @ 0x401951
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637784
registers.edi: 9765023
registers.eax: 0
registers.ebp: 1637808
registers.edx: 2130566132
registers.ebx: 4194304
registers.esi: 0
registers.ecx: 317853199
exception.instruction_r: 03 0d ab 40 40 00 89 0d 08 31 40 00 5b c9 c3 51
exception.symbol: 4ea313151ad65a9eb770b60fd991de63+0x1bfc
exception.instruction: add ecx, dword ptr [0x4040ab]
exception.module: 4ea313151ad65a9eb770b60fd991de63.exe
exception.exception_code: 0xc0000005
exception.offset: 7164
exception.address: 0x401bfc
success 0 0
1619427008.204727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1951 @ 0x401951
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637784
registers.edi: 9765023
registers.eax: 0
registers.ebp: 1637808
registers.edx: 2130566132
registers.ebx: 4194304
registers.esi: 0
registers.ecx: 2019848070
exception.instruction_r: 89 0d 08 31 40 00 5b c9 c3 51 53 56 8b f0 8b 46
exception.symbol: 4ea313151ad65a9eb770b60fd991de63+0x1c02
exception.instruction: mov dword ptr [0x403108], ecx
exception.module: 4ea313151ad65a9eb770b60fd991de63.exe
exception.exception_code: 0x80000004
exception.offset: 7170
exception.address: 0x401c02
success 0 0
1619427008.219727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637800
registers.edi: 1637856
registers.eax: 36214160
registers.ebp: 1637924
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 36214160
registers.ecx: 3237150720
exception.instruction_r: 8b 46 3c 8b 44 30 50 6a 04 05 ff 0f 00 00 68 00
exception.symbol: 4ea313151ad65a9eb770b60fd991de63+0x1c10
exception.instruction: mov eax, dword ptr [esi + 0x3c]
exception.module: 4ea313151ad65a9eb770b60fd991de63.exe
exception.exception_code: 0xc0000005
exception.offset: 7184
exception.address: 0x401c10
success 0 0
1619427008.219727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637800
registers.edi: 1637856
registers.eax: 256
registers.ebp: 1637924
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 36214160
registers.ecx: 3237150720
exception.instruction_r: 8b 44 30 50 6a 04 05 ff 0f 00 00 68 00 10 00 00
exception.symbol: 4ea313151ad65a9eb770b60fd991de63+0x1c13
exception.instruction: mov eax, dword ptr [eax + esi + 0x50]
exception.module: 4ea313151ad65a9eb770b60fd991de63.exe
exception.exception_code: 0x80000004
exception.offset: 7187
exception.address: 0x401c13
success 0 0
1619427008.219727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637800
registers.edi: 1637856
registers.eax: 256
registers.ebp: 1637924
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 36214160
registers.ecx: 3237150720
exception.instruction_r: 8b 44 30 50 6a 04 05 ff 0f 00 00 68 00 10 00 00
exception.symbol: 4ea313151ad65a9eb770b60fd991de63+0x1c13
exception.instruction: mov eax, dword ptr [eax + esi + 0x50]
exception.module: 4ea313151ad65a9eb770b60fd991de63.exe
exception.exception_code: 0xc0000005
exception.offset: 7187
exception.address: 0x401c13
success 0 0
1619427008.219727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637800
registers.edi: 1637856
registers.eax: 61440
registers.ebp: 1637924
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 36214160
registers.ecx: 3237150720
exception.instruction_r: 6a 04 05 ff 0f 00 00 68 00 10 00 00 25 00 f0 ff
exception.symbol: 4ea313151ad65a9eb770b60fd991de63+0x1c17
exception.instruction: push 4
exception.module: 4ea313151ad65a9eb770b60fd991de63.exe
exception.exception_code: 0x80000004
exception.offset: 7191
exception.address: 0x401c17
success 0 0
1619427008.219727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637780
registers.edi: 1637856
registers.eax: 5767168
registers.ebp: 1637784
registers.edx: 36214160
registers.ebx: 5767168
registers.esi: 36214160
registers.ecx: 3237150720
exception.instruction_r: 8b 42 3c 03 c2 0f b7 48 14 53 0f b7 58 06 56 57
exception.symbol: 4ea313151ad65a9eb770b60fd991de63+0x1007
exception.instruction: mov eax, dword ptr [edx + 0x3c]
exception.module: 4ea313151ad65a9eb770b60fd991de63.exe
exception.exception_code: 0xc0000005
exception.offset: 4103
exception.address: 0x401007
success 0 0
1619427008.219727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637780
registers.edi: 1637856
registers.eax: 256
registers.ebp: 1637784
registers.edx: 36214160
registers.ebx: 5767168
registers.esi: 36214160
registers.ecx: 3237150720
exception.instruction_r: 03 c2 0f b7 48 14 53 0f b7 58 06 56 57 8b 78 3c
exception.symbol: 4ea313151ad65a9eb770b60fd991de63+0x100a
exception.instruction: add eax, edx
exception.module: 4ea313151ad65a9eb770b60fd991de63.exe
exception.exception_code: 0x80000004
exception.offset: 4106
exception.address: 0x40100a
success 0 0
1619427008.219727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637780
registers.edi: 1637856
registers.eax: 36214416
registers.ebp: 1637784
registers.edx: 36214160
registers.ebx: 5767168
registers.esi: 36214160
registers.ecx: 3237150720
exception.instruction_r: 0f b7 48 14 53 0f b7 58 06 56 57 8b 78 3c 8d 74
exception.symbol: 4ea313151ad65a9eb770b60fd991de63+0x100c
exception.instruction: movzx ecx, word ptr [eax + 0x14]
exception.module: 4ea313151ad65a9eb770b60fd991de63.exe
exception.exception_code: 0xc0000005
exception.offset: 4108
exception.address: 0x40100c
success 0 0
1619427008.219727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637780
registers.edi: 1637856
registers.eax: 36214416
registers.ebp: 1637784
registers.edx: 36214160
registers.ebx: 5767168
registers.esi: 36214160
registers.ecx: 224
exception.instruction_r: 53 0f b7 58 06 56 57 8b 78 3c 8d 74 01 18 0f b7
exception.symbol: 4ea313151ad65a9eb770b60fd991de63+0x1010
exception.instruction: push ebx
exception.module: 4ea313151ad65a9eb770b60fd991de63.exe
exception.exception_code: 0x80000004
exception.offset: 4112
exception.address: 0x401010
success 0 0
1619427008.219727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637776
registers.edi: 1637856
registers.eax: 36214416
registers.ebp: 1637784
registers.edx: 36214160
registers.ebx: 5767168
registers.esi: 36214160
registers.ecx: 224
exception.instruction_r: 0f b7 58 06 56 57 8b 78 3c 8d 74 01 18 0f b7 48
exception.symbol: 4ea313151ad65a9eb770b60fd991de63+0x1011
exception.instruction: movzx ebx, word ptr [eax + 6]
exception.module: 4ea313151ad65a9eb770b60fd991de63.exe
exception.exception_code: 0xc0000005
exception.offset: 4113
exception.address: 0x401011
success 0 0
1619427008.219727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637776
registers.edi: 1637856
registers.eax: 36214416
registers.ebp: 1637784
registers.edx: 36214160
registers.ebx: 5
registers.esi: 36214160
registers.ecx: 224
exception.instruction_r: 56 57 8b 78 3c 8d 74 01 18 0f b7 48 04 8b 40 54
exception.symbol: 4ea313151ad65a9eb770b60fd991de63+0x1015
exception.instruction: push esi
exception.module: 4ea313151ad65a9eb770b60fd991de63.exe
exception.exception_code: 0x80000004
exception.offset: 4117
exception.address: 0x401015
success 0 0
1619427008.219727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637768
registers.edi: 1637856
registers.eax: 36214416
registers.ebp: 1637784
registers.edx: 36214160
registers.ebx: 5
registers.esi: 36214160
registers.ecx: 224
exception.instruction_r: 8b 78 3c 8d 74 01 18 0f b7 48 04 8b 40 54 50 52
exception.symbol: 4ea313151ad65a9eb770b60fd991de63+0x1017
exception.instruction: mov edi, dword ptr [eax + 0x3c]
exception.module: 4ea313151ad65a9eb770b60fd991de63.exe
exception.exception_code: 0xc0000005
exception.offset: 4119
exception.address: 0x401017
success 0 0
1619427008.219727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637768
registers.edi: 512
registers.eax: 36214416
registers.ebp: 1637784
registers.edx: 36214160
registers.ebx: 5
registers.esi: 36214160
registers.ecx: 224
exception.instruction_r: 8d 74 01 18 0f b7 48 04 8b 40 54 50 52 ff 75 08
exception.symbol: 4ea313151ad65a9eb770b60fd991de63+0x101a
exception.instruction: lea esi, dword ptr [ecx + eax + 0x18]
exception.module: 4ea313151ad65a9eb770b60fd991de63.exe
exception.exception_code: 0x80000004
exception.offset: 4122
exception.address: 0x40101a
success 0 0
1619427008.219727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637768
registers.edi: 512
registers.eax: 36214416
registers.ebp: 1637784
registers.edx: 36214160
registers.ebx: 5
registers.esi: 36214664
registers.ecx: 224
exception.instruction_r: 0f b7 48 04 8b 40 54 50 52 ff 75 08 89 5d fc e8
exception.symbol: 4ea313151ad65a9eb770b60fd991de63+0x101e
exception.instruction: movzx ecx, word ptr [eax + 4]
exception.module: 4ea313151ad65a9eb770b60fd991de63.exe
exception.exception_code: 0xc0000005
exception.offset: 4126
exception.address: 0x40101e
success 0 0
1619427008.235727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637768
registers.edi: 512
registers.eax: 36214416
registers.ebp: 1637784
registers.edx: 36214160
registers.ebx: 5
registers.esi: 36214664
registers.ecx: 332
exception.instruction_r: 8b 40 54 50 52 ff 75 08 89 5d fc e8 ca 0d 00 00
exception.symbol: 4ea313151ad65a9eb770b60fd991de63+0x1022
exception.instruction: mov eax, dword ptr [eax + 0x54]
exception.module: 4ea313151ad65a9eb770b60fd991de63.exe
exception.exception_code: 0x80000004
exception.offset: 4130
exception.address: 0x401022
success 0 0
1619427008.235727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637768
registers.edi: 512
registers.eax: 36214416
registers.ebp: 1637784
registers.edx: 36214160
registers.ebx: 5
registers.esi: 36214664
registers.ecx: 332
exception.instruction_r: 8b 40 54 50 52 ff 75 08 89 5d fc e8 ca 0d 00 00
exception.symbol: 4ea313151ad65a9eb770b60fd991de63+0x1022
exception.instruction: mov eax, dword ptr [eax + 0x54]
exception.module: 4ea313151ad65a9eb770b60fd991de63.exe
exception.exception_code: 0xc0000005
exception.offset: 4130
exception.address: 0x401022
success 0 0
1619427008.235727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637768
registers.edi: 512
registers.eax: 1024
registers.ebp: 1637784
registers.edx: 36214160
registers.ebx: 5
registers.esi: 36214664
registers.ecx: 332
exception.instruction_r: 50 52 ff 75 08 89 5d fc e8 ca 0d 00 00 83 c4 0c
exception.symbol: 4ea313151ad65a9eb770b60fd991de63+0x1025
exception.instruction: push eax
exception.module: 4ea313151ad65a9eb770b60fd991de63.exe
exception.exception_code: 0x80000004
exception.offset: 4133
exception.address: 0x401025
success 0 0
1619427008.235727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1032 @ 0x401032
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637740
registers.edi: 5767168
registers.eax: 36215184
registers.ebp: 1637748
registers.edx: 0
registers.ebx: 5
registers.esi: 36214160
registers.ecx: 256
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619427008.235727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1032 @ 0x401032
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637740
registers.edi: 5767172
registers.eax: 36215184
registers.ebp: 1637748
registers.edx: 0
registers.ebx: 5
registers.esi: 36214164
registers.ecx: 255
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619427008.235727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1032 @ 0x401032
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637740
registers.edi: 5767172
registers.eax: 36215184
registers.ebp: 1637748
registers.edx: 0
registers.ebx: 5
registers.esi: 36214164
registers.ecx: 255
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619427008.235727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1032 @ 0x401032
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637740
registers.edi: 5767176
registers.eax: 36215184
registers.ebp: 1637748
registers.edx: 0
registers.ebx: 5
registers.esi: 36214168
registers.ecx: 254
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619427008.235727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1032 @ 0x401032
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637740
registers.edi: 5767176
registers.eax: 36215184
registers.ebp: 1637748
registers.edx: 0
registers.ebx: 5
registers.esi: 36214168
registers.ecx: 254
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619427008.235727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1032 @ 0x401032
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637740
registers.edi: 5767180
registers.eax: 36215184
registers.ebp: 1637748
registers.edx: 0
registers.ebx: 5
registers.esi: 36214172
registers.ecx: 253
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619427008.235727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1032 @ 0x401032
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637740
registers.edi: 5767180
registers.eax: 36215184
registers.ebp: 1637748
registers.edx: 0
registers.ebx: 5
registers.esi: 36214172
registers.ecx: 253
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619427008.235727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1032 @ 0x401032
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637740
registers.edi: 5767184
registers.eax: 36215184
registers.ebp: 1637748
registers.edx: 0
registers.ebx: 5
registers.esi: 36214176
registers.ecx: 252
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619427008.235727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1032 @ 0x401032
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637740
registers.edi: 5767184
registers.eax: 36215184
registers.ebp: 1637748
registers.edx: 0
registers.ebx: 5
registers.esi: 36214176
registers.ecx: 252
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619427008.235727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1032 @ 0x401032
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637740
registers.edi: 5767188
registers.eax: 36215184
registers.ebp: 1637748
registers.edx: 0
registers.ebx: 5
registers.esi: 36214180
registers.ecx: 251
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619427008.235727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1032 @ 0x401032
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637740
registers.edi: 5767188
registers.eax: 36215184
registers.ebp: 1637748
registers.edx: 0
registers.ebx: 5
registers.esi: 36214180
registers.ecx: 251
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619427008.235727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1032 @ 0x401032
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637740
registers.edi: 5767192
registers.eax: 36215184
registers.ebp: 1637748
registers.edx: 0
registers.ebx: 5
registers.esi: 36214184
registers.ecx: 250
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619427008.235727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1032 @ 0x401032
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637740
registers.edi: 5767192
registers.eax: 36215184
registers.ebp: 1637748
registers.edx: 0
registers.ebx: 5
registers.esi: 36214184
registers.ecx: 250
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619427008.235727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1032 @ 0x401032
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637740
registers.edi: 5767196
registers.eax: 36215184
registers.ebp: 1637748
registers.edx: 0
registers.ebx: 5
registers.esi: 36214188
registers.ecx: 249
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619427008.235727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1032 @ 0x401032
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637740
registers.edi: 5767196
registers.eax: 36215184
registers.ebp: 1637748
registers.edx: 0
registers.ebx: 5
registers.esi: 36214188
registers.ecx: 249
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619427008.235727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1032 @ 0x401032
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637740
registers.edi: 5767200
registers.eax: 36215184
registers.ebp: 1637748
registers.edx: 0
registers.ebx: 5
registers.esi: 36214192
registers.ecx: 248
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619427008.235727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1032 @ 0x401032
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637740
registers.edi: 5767200
registers.eax: 36215184
registers.ebp: 1637748
registers.edx: 0
registers.ebx: 5
registers.esi: 36214192
registers.ecx: 248
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619427008.235727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1032 @ 0x401032
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637740
registers.edi: 5767204
registers.eax: 36215184
registers.ebp: 1637748
registers.edx: 0
registers.ebx: 5
registers.esi: 36214196
registers.ecx: 247
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619427008.235727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1032 @ 0x401032
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637740
registers.edi: 5767204
registers.eax: 36215184
registers.ebp: 1637748
registers.edx: 0
registers.ebx: 5
registers.esi: 36214196
registers.ecx: 247
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619427008.235727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1032 @ 0x401032
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637740
registers.edi: 5767208
registers.eax: 36215184
registers.ebp: 1637748
registers.edx: 0
registers.ebx: 5
registers.esi: 36214200
registers.ecx: 246
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619427008.235727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1032 @ 0x401032
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637740
registers.edi: 5767208
registers.eax: 36215184
registers.ebp: 1637748
registers.edx: 0
registers.ebx: 5
registers.esi: 36214200
registers.ecx: 246
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619427008.235727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1032 @ 0x401032
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637740
registers.edi: 5767212
registers.eax: 36215184
registers.ebp: 1637748
registers.edx: 0
registers.ebx: 5
registers.esi: 36214204
registers.ecx: 245
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619427008.235727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1032 @ 0x401032
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637740
registers.edi: 5767212
registers.eax: 36215184
registers.ebp: 1637748
registers.edx: 0
registers.ebx: 5
registers.esi: 36214204
registers.ecx: 245
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619427008.235727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1032 @ 0x401032
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637740
registers.edi: 5767216
registers.eax: 36215184
registers.ebp: 1637748
registers.edx: 0
registers.ebx: 5
registers.esi: 36214208
registers.ecx: 244
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619427008.235727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1032 @ 0x401032
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637740
registers.edi: 5767216
registers.eax: 36215184
registers.ebp: 1637748
registers.edx: 0
registers.ebx: 5
registers.esi: 36214208
registers.ecx: 244
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619427008.235727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1032 @ 0x401032
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637740
registers.edi: 5767220
registers.eax: 36215184
registers.ebp: 1637748
registers.edx: 0
registers.ebx: 5
registers.esi: 36214212
registers.ecx: 243
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619427008.235727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1032 @ 0x401032
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637740
registers.edi: 5767220
registers.eax: 36215184
registers.ebp: 1637748
registers.edx: 0
registers.ebx: 5
registers.esi: 36214212
registers.ecx: 243
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619427008.235727
__exception__
stacktrace: 
4ea313151ad65a9eb770b60fd991de63+0x1032 @ 0x401032
4ea313151ad65a9eb770b60fd991de63+0x1c3e @ 0x401c3e
4ea313151ad65a9eb770b60fd991de63+0x11cf @ 0x4011cf
4ea313151ad65a9eb770b60fd991de63+0x479db @ 0x4479db

registers.esp: 1637740
registers.edi: 5767224
registers.eax: 36215184
registers.ebp: 1637748
registers.edx: 0
registers.ebx: 5
registers.esi: 36214216
registers.ecx: 242
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1619427008.204727
NtAllocateVirtualMemory
process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00550000
success 0 0
1619427008.204727
NtAllocateVirtualMemory
process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00560000
success 0 0
1619427008.204727
NtAllocateVirtualMemory
process_identifier: 2196
region_size: 147456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00570000
success 0 0
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 172.217.24.14
host 203.208.41.65
host 203.208.41.98
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 192.168.56.101:49177
File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.Agent.ECRA
FireEye Generic.mg.4ea313151ad65a9e
CAT-QuickHeal TrojanSpy.Ursnif
McAfee Trojan-FRGC!4EA313151AD6
Cylance Unsafe
Sangfor Malware
K7AntiVirus Trojan ( 00556f931 )
Alibaba TrojanSpy:Win32/Ursnif.42dbd0c9
K7GW Trojan ( 00556f931 )
Cybereason malicious.51ad65
Arcabit Trojan.Agent.ECRA
Cyren W32/S-a92b1dd7!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Ursnif-BK [Trj]
Kaspersky Trojan-Spy.Win32.Ursnif.aieh
BitDefender Trojan.Agent.ECRA
NANO-Antivirus Trojan.Win32.Ursnif.fyhgpu
Paloalto generic.ml
Rising Spyware.Ursnif!8.1DEF (TFE:5:KgS4dUkh2US)
Ad-Aware Trojan.Agent.ECRA
TACHYON Trojan-Spy/W32.Ursnif.512000.C
Emsisoft Trojan.Agent.ECRA (B)
Comodo Malware@#4sh0taxoeqgb
F-Secure Heuristic.HEUR/AGEN.1124056
DrWeb Trojan.Gozi.572
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R06EC0DI220
McAfee-GW-Edition BehavesLike.Win32.Trojan.hh
Sophos Mal/Generic-R + Mal/EncPk-AOY
Jiangmin TrojanSpy.Ursnif.cot
eGambit Unsafe.AI_Score_99%
Avira HEUR/AGEN.1124056
Antiy-AVL Trojan[Spy]/Win32.Ursnif
Microsoft TrojanSpy:Win32/Ursnif.F!MTB
AegisLab Trojan.Win32.Ursnif.l!c
ZoneAlarm Trojan-Spy.Win32.Ursnif.aieh
GData Trojan.Agent.ECRA
Cynet Malicious (score: 90)
AhnLab-V3 Trojan/Win32.Ursnif.R289497
Acronis suspicious
BitDefenderTheta Gen:NN.ZexaF.34700.Fy0@aGp5wUai
ALYac Trojan.Agent.ECRA
MAX malware (ai score=86)
VBA32 BScope.TrojanSpy.Ursnif
Malwarebytes Trojan.Ursnif
ESET-NOD32 a variant of Win32/Kryptik.GWAJ
TrendMicro-HouseCall TROJ_GEN.R06EC0DI220
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2017-08-28 21:21:53

Imports

Library KERNEL32.dll:
0x45e008 CreateFileW
0x45e00c Sleep
0x45e010 TlsAlloc
0x45e014 CloseHandle
0x45e018 HeapAlloc
0x45e020 GetModuleFileNameW
0x45e024 GetFileSize
0x45e02c GetProcessHeap
0x45e030 CreateProcessW
0x45e034 TlsGetValue
0x45e038 GetTickCount
0x45e03c VirtualProtectEx
0x45e040 FindNextFileW
0x45e044 FindFirstFileExW
0x45e048 FindClose
0x45e04c GetCommandLineW
0x45e050 WideCharToMultiByte
0x45e05c EncodePointer
0x45e060 DecodePointer
0x45e064 MultiByteToWideChar
0x45e068 SetLastError
0x45e070 CreateEventW
0x45e074 TlsSetValue
0x45e078 TlsFree
0x45e080 GetModuleHandleW
0x45e084 GetProcAddress
0x45e088 LCMapStringW
0x45e08c GetLocaleInfoW
0x45e090 GetStringTypeW
0x45e094 GetCPInfo
0x45e098 SetEvent
0x45e09c ResetEvent
0x45e0ac GetCurrentProcess
0x45e0b0 TerminateProcess
0x45e0b8 IsDebuggerPresent
0x45e0c0 GetCurrentProcessId
0x45e0c4 GetCurrentThreadId
0x45e0c8 InitializeSListHead
0x45e0cc RaiseException
0x45e0d0 RtlUnwind
0x45e0d4 GetLastError
0x45e0d8 FreeLibrary
0x45e0dc LoadLibraryExW
0x45e0e0 HeapValidate
0x45e0e4 GetSystemInfo
0x45e0e8 GetFileType
0x45e0ec GetModuleFileNameA
0x45e0f0 GetModuleHandleExW
0x45e0f4 DuplicateHandle
0x45e0f8 ExitProcess
0x45e0fc GetStdHandle
0x45e100 WriteFile
0x45e104 GetACP
0x45e108 IsValidLocale
0x45e10c GetUserDefaultLCID
0x45e110 EnumSystemLocalesW
0x45e114 HeapFree
0x45e118 HeapReAlloc
0x45e11c HeapSize
0x45e124 GetConsoleCP
0x45e128 GetConsoleMode
0x45e12c SetStdHandle
0x45e130 SetEndOfFile
0x45e134 ReadFile
0x45e138 ReadConsoleW
0x45e13c SetFilePointerEx
0x45e140 OutputDebugStringA
0x45e144 OutputDebugStringW
0x45e148 WriteConsoleW
0x45e14c CreateThread
0x45e150 FlushFileBuffers
0x45e154 IsValidCodePage
0x45e158 GetOEMCP
0x45e164 GetCommandLineA
0x45e168 GetStartupInfoW
Library ole32.dll:
0x45e178 CoCreateInstance
0x45e17c CoUninitialize
0x45e180 CoInitialize
0x45e184 CLSIDFromString
Library SHLWAPI.dll:
0x45e170 PathMakePrettyW
Library ADVAPI32.dll:
0x45e000 SystemFunction036

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51809 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 60124 239.255.255.250 3702
192.168.56.101 62194 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.