6.8
高危
48 个模型检测该样本为恶意!
重新分析
更多

505aa5b6bf77290ec7ccdd2b24b8ff8ef779f01d57ad690f632d8b2736f2a8dd

5774817a431cf389bbbf1d9a2b48e9ad.exe

分析耗时

74s

最近分析

文件大小

2.7MB
静态报毒 动态报毒 5WV16N2HCLT AI SCORE=100 ATTRIBUTE AUTO AXBK DARKKOMET EJLC GDSDA GENERICRXKM GENKRYPTIK HIGH CONFIDENCE HIGHCONFIDENCE HPCYBE HPSGP JACARD KRYPT KRYPTIK MALWARE@#3DA6MRC37XAWT NGS94 PARALLAX POSSIBLETHREAT QQ0@AUYHWFEO SCORE SDBOT VIGUA W6CZK XAPARO ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Backdoor:Win32/GenKryptik.22d3ed9c 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20210114 21.1.5827.0
Kingsoft 20210115 2017.9.26.565
McAfee GenericRXKM-BA!5774817A431C 20210114 6.0.6.653
Tencent Win32.Trojan.Inject.Auto 20210115 1.0.0.1
CrowdStrike 20190702 1.0
静态指标
Checks if process is being debugged by a debugger (1 个事件)
Time & API Arguments Status Return Repeated
1619442421.155501
IsDebuggerPresent
failed 0 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (50 out of 32196 个事件)
Time & API Arguments Status Return Repeated
1619426982.799924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 135168
registers.eax: 0
registers.ebp: 1638196
registers.edx: 1983904256
registers.ebx: 1983189538
registers.esi: 1983912052
registers.ecx: 0
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.799924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 200704
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.799924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 266240
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.799924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 331776
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.815924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 397312
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.815924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 462848
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.815924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 528384
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.815924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 593920
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.815924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 659456
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.815924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 724992
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.815924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 790528
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.815924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 856064
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.815924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 921600
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.815924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 987136
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.815924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 1052672
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.815924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 1118208
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.815924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 1183744
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.815924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 1249280
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.815924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 1314816
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.815924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 1380352
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.815924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 1445888
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.815924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 1511424
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.815924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 1576960
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.815924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 1708032
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 0
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.815924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 1773568
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.830924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 1839104
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.830924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 1904640
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.830924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 2428928
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 5570625
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.830924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 2494464
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.830924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 2691072
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 0
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.830924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 2756608
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.830924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 2822144
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.830924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 2887680
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.830924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 2953216
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.830924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 3018752
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.830924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 3084288
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.830924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 3149824
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.830924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 3215360
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.830924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 3608576
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 779251572
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.830924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 3674112
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.830924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 3805184
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 46776
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.830924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 4067328
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 0
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.830924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 7016448
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 0
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.830924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 7147520
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 2504597036
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.830924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 7213056
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.830924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 7278592
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.830924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 7344128
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.846924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 7409664
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.846924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 7475200
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
1619426982.846924
__exception__
stacktrace: 
5774817a431cf389bbbf1d9a2b48e9ad+0xbb4ed @ 0x4bb4ed
5774817a431cf389bbbf1d9a2b48e9ad+0x56f85 @ 0x456f85
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638184
registers.edi: 7540736
registers.eax: 0
registers.ebp: 1638196
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637060
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 d2 fb ff
exception.symbol: 5774817a431cf389bbbf1d9a2b48e9ad+0xbaca0
exception.instruction: mov edi, dword ptr [edi]
exception.module: 5774817a431cf389bbbf1d9a2b48e9ad.exe
exception.exception_code: 0xc0000005
exception.offset: 765088
exception.address: 0x4baca0
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (4 个事件)
Time & API Arguments Status Return Repeated
1619426981.596924
NtAllocateVirtualMemory
process_identifier: 2996
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e0000
success 0 0
1619426998.205924
NtAllocateVirtualMemory
process_identifier: 2996
region_size: 503808
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x006d0000
success 0 0
1619426998.237924
NtAllocateVirtualMemory
process_identifier: 2996
region_size: 1572864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x030e0000
success 0 0
1619426998.268924
NtProtectVirtualMemory
process_identifier: 2996
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619427008.409924
CreateProcessInternalW
thread_identifier: 2864
thread_handle: 0x000002a4
process_identifier: 3000
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\5774817a431cf389bbbf1d9a2b48e9ad.exe
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\5774817a431cf389bbbf1d9a2b48e9ad.exe"
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\5774817a431cf389bbbf1d9a2b48e9ad.exe
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x000002a8
inherit_handles: 1
success 1 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.942323360458551 section {'size_of_data': '0x00025800', 'virtual_address': '0x00096000', 'entropy': 7.942323360458551, 'name': '', 'virtual_size': '0x00026000'} description A section with a high entropy has been found
Repeatedly searches for a not-found process, you may want to run a web browser during analysis (19 个事件)
Time & API Arguments Status Return Repeated
1619426998.471924
Process32NextW
process_name: 5774817a431cf389bbbf1d9a2b48e9ad.exe
snapshot_handle: 0x000000c8
process_identifier: 2996
failed 0 0
1619426998.627924
Process32NextW
process_name: 5774817a431cf389bbbf1d9a2b48e9ad.exe
snapshot_handle: 0x000000cc
process_identifier: 2996
failed 0 0
1619426998.768924
Process32NextW
process_name: 5774817a431cf389bbbf1d9a2b48e9ad.exe
snapshot_handle: 0x000000d0
process_identifier: 2996
failed 0 0
1619426998.909924
Process32NextW
process_name: 5774817a431cf389bbbf1d9a2b48e9ad.exe
snapshot_handle: 0x000000d4
process_identifier: 2996
failed 0 0
1619426999.065924
Process32NextW
process_name: 5774817a431cf389bbbf1d9a2b48e9ad.exe
snapshot_handle: 0x000000d8
process_identifier: 2996
failed 0 0
1619426999.221924
Process32NextW
process_name: 5774817a431cf389bbbf1d9a2b48e9ad.exe
snapshot_handle: 0x000000dc
process_identifier: 2996
failed 0 0
1619426999.362924
Process32NextW
process_name: 5774817a431cf389bbbf1d9a2b48e9ad.exe
snapshot_handle: 0x000000e0
process_identifier: 2996
failed 0 0
1619426999.518924
Process32NextW
process_name: 5774817a431cf389bbbf1d9a2b48e9ad.exe
snapshot_handle: 0x000000e4
process_identifier: 2996
failed 0 0
1619426999.674924
Process32NextW
process_name: 5774817a431cf389bbbf1d9a2b48e9ad.exe
snapshot_handle: 0x000000e8
process_identifier: 2996
failed 0 0
1619426999.815924
Process32NextW
process_name: 5774817a431cf389bbbf1d9a2b48e9ad.exe
snapshot_handle: 0x000000ec
process_identifier: 2996
failed 0 0
1619427000.002924
Process32NextW
process_name: 5774817a431cf389bbbf1d9a2b48e9ad.exe
snapshot_handle: 0x000000f0
process_identifier: 2996
failed 0 0
1619427000.159924
Process32NextW
process_name: 5774817a431cf389bbbf1d9a2b48e9ad.exe
snapshot_handle: 0x000000f4
process_identifier: 2996
failed 0 0
1619427000.299924
Process32NextW
process_name: 5774817a431cf389bbbf1d9a2b48e9ad.exe
snapshot_handle: 0x000000f8
process_identifier: 2996
failed 0 0
1619427000.455924
Process32NextW
process_name: 5774817a431cf389bbbf1d9a2b48e9ad.exe
snapshot_handle: 0x000000fc
process_identifier: 2996
failed 0 0
1619427000.612924
Process32NextW
process_name: 5774817a431cf389bbbf1d9a2b48e9ad.exe
snapshot_handle: 0x00000100
process_identifier: 2996
failed 0 0
1619427000.752924
Process32NextW
process_name: 5774817a431cf389bbbf1d9a2b48e9ad.exe
snapshot_handle: 0x00000104
process_identifier: 2996
failed 0 0
1619427000.893924
Process32NextW
process_name: 5774817a431cf389bbbf1d9a2b48e9ad.exe
snapshot_handle: 0x00000108
process_identifier: 2996
failed 0 0
1619427001.018924
Process32NextW
process_name: 5774817a431cf389bbbf1d9a2b48e9ad.exe
snapshot_handle: 0x0000010c
process_identifier: 2996
failed 0 0
1619427001.205924
Process32NextW
process_name: 5774817a431cf389bbbf1d9a2b48e9ad.exe
snapshot_handle: 0x00000110
process_identifier: 2996
failed 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Allocates execute permission to another process indicative of possible code injection (5 个事件)
Time & API Arguments Status Return Repeated
1619427008.596924
NtAllocateVirtualMemory
process_identifier: 3000
region_size: 147456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002a8
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619427008.612924
NtAllocateVirtualMemory
process_identifier: 3000
region_size: 147456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002a8
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
success 0 0
1619427008.627924
NtProtectVirtualMemory
process_identifier: 3000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002a8
base_address: 0x77d4f000
success 0 0
1619427008.643924
NtAllocateVirtualMemory
process_identifier: 3000
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002a8
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x001e0000
success 0 0
1619427008.643924
NtAllocateVirtualMemory
process_identifier: 3000
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002a8
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x001f0000
success 0 0
Attempts to remove evidence of file being downloaded from the Internet (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\:Zone.Identifier
Executed a process and injected code into it, probably while unpacking (8 个事件)
Time & API Arguments Status Return Repeated
1619427008.409924
CreateProcessInternalW
thread_identifier: 2864
thread_handle: 0x000002a4
process_identifier: 3000
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\5774817a431cf389bbbf1d9a2b48e9ad.exe
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\5774817a431cf389bbbf1d9a2b48e9ad.exe"
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\5774817a431cf389bbbf1d9a2b48e9ad.exe
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x000002a8
inherit_handles: 1
success 1 0
1619427008.409924
NtGetContextThread
thread_handle: 0x000002a4
success 0 0
1619427008.596924
NtAllocateVirtualMemory
process_identifier: 3000
region_size: 147456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002a8
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619427008.612924
NtUnmapViewOfSection
process_identifier: 3000
region_size: 356352
process_handle: 0x000002a8
base_address: 0x00400000
success 0 0
1619427008.612924
NtUnmapViewOfSection
process_identifier: 3000
region_size: 2004156416
process_handle: 0x000002a8
base_address: 0x00400000
failed 3221225497 0
1619427008.612924
NtAllocateVirtualMemory
process_identifier: 3000
region_size: 147456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002a8
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
success 0 0
1619427008.643924
NtAllocateVirtualMemory
process_identifier: 3000
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002a8
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x001e0000
success 0 0
1619427008.643924
NtAllocateVirtualMemory
process_identifier: 3000
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002a8
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x001f0000
success 0 0
File has been identified by 48 AntiVirus engines on VirusTotal as malicious (48 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Jacard.182535
ALYac Backdoor.RAT.Parallax
Malwarebytes Spyware.KeyLogger
Sangfor Malware
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Backdoor:Win32/GenKryptik.22d3ed9c
K7GW Riskware ( 0040eff71 )
Cybereason malicious.a431cf
Arcabit Trojan.Jacard.D2C907
Cyren W32/Trojan.AXBK-5222
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Trojan-gen
Kaspersky HEUR:Backdoor.Win32.Xaparo.gen
BitDefender Gen:Variant.Jacard.182535
NANO-Antivirus Trojan.Win32.Xaparo.hpcybe
Paloalto generic.ml
Rising Backdoor.Xaparo!8.11758 (TFE:4:5Wv16N2HclT)
Ad-Aware Gen:Variant.Jacard.182535
Emsisoft Gen:Variant.Jacard.182535 (B)
Comodo Malware@#3da6mrc37xawt
F-Secure Trojan.TR/Kryptik.hpsgp
DrWeb BackDoor.Rat.268
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition BehavesLike.Win32.Sdbot.vz
Sophos Mal/Generic-S
Webroot W32.Trojan.Gen
Avira TR/Kryptik.hpsgp
MAX malware (ai score=100)
Antiy-AVL Trojan[Backdoor]/Win32.DarkKomet
Gridinsoft Trojan.Win32.Kryptik.ba
Microsoft PUA:Win32/Vigua.A
AegisLab Trojan.Win32.Xaparo.m!c
ZoneAlarm HEUR:Backdoor.Win32.Xaparo.gen
GData Gen:Variant.Jacard.182535
Cynet Malicious (score: 100)
McAfee GenericRXKM-BA!5774817A431C
VBA32 Backdoor.Xaparo
ESET-NOD32 a variant of Win32/GenKryptik.EJLC
Tencent Win32.Trojan.Inject.Auto
Yandex Trojan.GenKryptik!W6cZK/NgS94
Ikarus Trojan.Win32.Krypt
Fortinet PossibleThreat.MU
BitDefenderTheta Gen:NN.ZelphiF.34760.QQ0@auyhwfeO
AVG Win32:Trojan-gen
Panda Trj/GdSda.A
Qihoo-360 Win32/Backdoor.ed6
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x45a128 VirtualFree
0x45a12c VirtualAlloc
0x45a130 LocalFree
0x45a134 LocalAlloc
0x45a138 GetVersion
0x45a13c GetCurrentThreadId
0x45a148 VirtualQuery
0x45a14c WideCharToMultiByte
0x45a150 MultiByteToWideChar
0x45a154 lstrlenA
0x45a158 lstrcpynA
0x45a15c LoadLibraryExA
0x45a160 GetThreadLocale
0x45a164 GetStartupInfoA
0x45a168 GetProcAddress
0x45a16c GetModuleHandleA
0x45a170 GetModuleFileNameA
0x45a174 GetLocaleInfoA
0x45a178 GetCommandLineA
0x45a17c FreeLibrary
0x45a180 FindFirstFileA
0x45a184 FindClose
0x45a188 ExitProcess
0x45a18c WriteFile
0x45a194 RtlUnwind
0x45a198 RaiseException
0x45a19c GetStdHandle
Library user32.dll:
0x45a1a4 GetKeyboardType
0x45a1a8 LoadStringA
0x45a1ac MessageBoxA
0x45a1b0 CharNextA
Library advapi32.dll:
0x45a1b8 RegQueryValueExA
0x45a1bc RegOpenKeyExA
0x45a1c0 RegCloseKey
Library oleaut32.dll:
0x45a1c8 SysFreeString
0x45a1cc SysReAllocStringLen
0x45a1d0 SysAllocStringLen
Library kernel32.dll:
0x45a1d8 TlsSetValue
0x45a1dc TlsGetValue
0x45a1e0 LocalAlloc
0x45a1e4 GetModuleHandleA
Library advapi32.dll:
0x45a1ec RegQueryValueExA
0x45a1f0 RegOpenKeyExA
0x45a1f4 RegCloseKey
Library kernel32.dll:
0x45a1fc lstrcpyA
0x45a200 WriteFile
0x45a204 WaitForSingleObject
0x45a208 VirtualQuery
0x45a20c VirtualAlloc
0x45a210 Sleep
0x45a214 SizeofResource
0x45a218 SetThreadLocale
0x45a21c SetFilePointer
0x45a220 SetEvent
0x45a224 SetErrorMode
0x45a228 SetEndOfFile
0x45a22c ResetEvent
0x45a230 ReadFile
0x45a234 MulDiv
0x45a238 LockResource
0x45a23c LoadResource
0x45a240 LoadLibraryA
0x45a24c GlobalUnlock
0x45a250 GlobalReAlloc
0x45a254 GlobalHandle
0x45a258 GlobalLock
0x45a25c GlobalFree
0x45a260 GlobalFindAtomA
0x45a264 GlobalDeleteAtom
0x45a268 GlobalAlloc
0x45a26c GlobalAddAtomA
0x45a270 GetVersionExA
0x45a274 GetVersion
0x45a278 GetTickCount
0x45a27c GetThreadLocale
0x45a280 GetSystemInfo
0x45a284 GetStringTypeExA
0x45a288 GetStdHandle
0x45a28c GetProcAddress
0x45a290 GetModuleHandleA
0x45a294 GetModuleFileNameA
0x45a298 GetLocaleInfoA
0x45a29c GetLocalTime
0x45a2a0 GetLastError
0x45a2a4 GetFullPathNameA
0x45a2a8 GetDiskFreeSpaceA
0x45a2ac GetDateFormatA
0x45a2b0 GetCurrentThreadId
0x45a2b4 GetCurrentProcessId
0x45a2b8 GetCPInfo
0x45a2bc GetACP
0x45a2c0 FreeResource
0x45a2c4 InterlockedExchange
0x45a2c8 FreeLibrary
0x45a2cc FormatMessageA
0x45a2d0 FindResourceA
0x45a2d4 EnumCalendarInfoA
0x45a2e0 CreateThread
0x45a2e4 CreateFileA
0x45a2e8 CreateEventA
0x45a2ec CompareStringA
0x45a2f0 CloseHandle
Library version.dll:
0x45a2f8 VerQueryValueA
0x45a300 GetFileVersionInfoA
Library gdi32.dll:
0x45a308 UnrealizeObject
0x45a30c StretchBlt
0x45a310 SetWindowOrgEx
0x45a314 SetWinMetaFileBits
0x45a318 SetViewportOrgEx
0x45a31c SetTextColor
0x45a320 SetStretchBltMode
0x45a324 SetROP2
0x45a328 SetPixel
0x45a32c SetEnhMetaFileBits
0x45a330 SetDIBColorTable
0x45a334 SetBrushOrgEx
0x45a338 SetBkMode
0x45a33c SetBkColor
0x45a340 SelectPalette
0x45a344 SelectObject
0x45a348 SelectClipRgn
0x45a34c SaveDC
0x45a350 RestoreDC
0x45a354 Rectangle
0x45a358 RectVisible
0x45a35c RealizePalette
0x45a360 PlayEnhMetaFile
0x45a364 PatBlt
0x45a368 MoveToEx
0x45a36c MaskBlt
0x45a370 LineTo
0x45a374 IntersectClipRect
0x45a378 GetWindowOrgEx
0x45a37c GetWinMetaFileBits
0x45a380 GetTextMetricsA
0x45a384 GetTextExtentPointA
0x45a390 GetStockObject
0x45a394 GetPixel
0x45a398 GetPaletteEntries
0x45a39c GetObjectA
0x45a3a8 GetEnhMetaFileBits
0x45a3ac GetDeviceCaps
0x45a3b0 GetDIBits
0x45a3b4 GetDIBColorTable
0x45a3b8 GetDCOrgEx
0x45a3c0 GetClipBox
0x45a3c4 GetBrushOrgEx
0x45a3c8 GetBitmapBits
0x45a3cc ExcludeClipRect
0x45a3d0 DeleteObject
0x45a3d4 DeleteEnhMetaFile
0x45a3d8 DeleteDC
0x45a3dc CreateSolidBrush
0x45a3e0 CreatePenIndirect
0x45a3e4 CreatePalette
0x45a3ec CreateFontIndirectA
0x45a3f0 CreateDIBitmap
0x45a3f4 CreateDIBSection
0x45a3f8 CreateCompatibleDC
0x45a400 CreateBrushIndirect
0x45a404 CreateBitmap
0x45a408 CopyEnhMetaFileA
0x45a40c BitBlt
Library user32.dll:
0x45a414 CreateWindowExA
0x45a418 WindowFromPoint
0x45a41c WinHelpA
0x45a420 WaitMessage
0x45a424 UpdateWindow
0x45a428 UnregisterClassA
0x45a42c UnhookWindowsHookEx
0x45a430 TranslateMessage
0x45a438 TrackPopupMenu
0x45a440 ShowWindow
0x45a444 ShowScrollBar
0x45a448 ShowOwnedPopups
0x45a44c ShowCursor
0x45a450 SetWindowsHookExA
0x45a454 SetWindowTextA
0x45a458 SetWindowPos
0x45a45c SetWindowPlacement
0x45a460 SetWindowLongA
0x45a464 SetTimer
0x45a468 SetScrollRange
0x45a46c SetScrollPos
0x45a470 SetScrollInfo
0x45a474 SetRect
0x45a478 SetPropA
0x45a47c SetParent
0x45a480 SetMenuItemInfoA
0x45a484 SetMenu
0x45a488 SetForegroundWindow
0x45a48c SetFocus
0x45a490 SetCursor
0x45a494 SetClipboardData
0x45a498 SetClassLongA
0x45a49c SetCapture
0x45a4a0 SetActiveWindow
0x45a4a4 SendMessageA
0x45a4a8 ScrollWindow
0x45a4ac ScreenToClient
0x45a4b0 RemovePropA
0x45a4b4 RemoveMenu
0x45a4b8 ReleaseDC
0x45a4bc ReleaseCapture
0x45a4c8 RegisterClassA
0x45a4cc RedrawWindow
0x45a4d0 PtInRect
0x45a4d4 PostQuitMessage
0x45a4d8 PostMessageA
0x45a4dc PeekMessageA
0x45a4e0 OpenClipboard
0x45a4e4 OffsetRect
0x45a4e8 OemToCharA
0x45a4ec MessageBoxA
0x45a4f0 MessageBeep
0x45a4f4 MapWindowPoints
0x45a4f8 MapVirtualKeyA
0x45a4fc LoadStringA
0x45a500 LoadKeyboardLayoutA
0x45a504 LoadIconA
0x45a508 LoadCursorA
0x45a50c LoadBitmapA
0x45a510 KillTimer
0x45a514 IsZoomed
0x45a518 IsWindowVisible
0x45a51c IsWindowEnabled
0x45a520 IsWindow
0x45a524 IsRectEmpty
0x45a528 IsIconic
0x45a52c IsDialogMessageA
0x45a530 IsChild
0x45a534 InvalidateRect
0x45a538 IntersectRect
0x45a53c InsertMenuItemA
0x45a540 InsertMenuA
0x45a544 InflateRect
0x45a54c GetWindowTextA
0x45a550 GetWindowRect
0x45a554 GetWindowPlacement
0x45a558 GetWindowLongA
0x45a55c GetWindowDC
0x45a560 GetTopWindow
0x45a564 GetSystemMetrics
0x45a568 GetSystemMenu
0x45a56c GetSysColorBrush
0x45a570 GetSysColor
0x45a574 GetSubMenu
0x45a578 GetScrollRange
0x45a57c GetScrollPos
0x45a580 GetScrollInfo
0x45a584 GetPropA
0x45a588 GetParent
0x45a58c GetWindow
0x45a590 GetMenuStringA
0x45a594 GetMenuState
0x45a598 GetMenuItemInfoA
0x45a59c GetMenuItemID
0x45a5a0 GetMenuItemCount
0x45a5a4 GetMenu
0x45a5a8 GetLastActivePopup
0x45a5ac GetKeyboardState
0x45a5b4 GetKeyboardLayout
0x45a5b8 GetKeyState
0x45a5bc GetKeyNameTextA
0x45a5c0 GetIconInfo
0x45a5c4 GetForegroundWindow
0x45a5c8 GetFocus
0x45a5cc GetDesktopWindow
0x45a5d0 GetDCEx
0x45a5d4 GetDC
0x45a5d8 GetCursorPos
0x45a5dc GetCursor
0x45a5e0 GetClipboardData
0x45a5e4 GetClientRect
0x45a5e8 GetClassNameA
0x45a5ec GetClassInfoA
0x45a5f0 GetCapture
0x45a5f4 GetActiveWindow
0x45a5f8 FrameRect
0x45a5fc FindWindowA
0x45a600 FillRect
0x45a604 EqualRect
0x45a608 EnumWindows
0x45a60c EnumThreadWindows
0x45a610 EndPaint
0x45a614 EndDeferWindowPos
0x45a618 EnableWindow
0x45a61c EnableScrollBar
0x45a620 EnableMenuItem
0x45a624 EmptyClipboard
0x45a628 DrawTextA
0x45a62c DrawMenuBar
0x45a630 DrawIconEx
0x45a634 DrawIcon
0x45a638 DrawFrameControl
0x45a63c DrawEdge
0x45a640 DispatchMessageA
0x45a644 DestroyWindow
0x45a648 DestroyMenu
0x45a64c DestroyIcon
0x45a650 DestroyCursor
0x45a654 DeleteMenu
0x45a658 DeferWindowPos
0x45a65c DefWindowProcA
0x45a660 DefMDIChildProcA
0x45a664 DefFrameProcA
0x45a668 CreatePopupMenu
0x45a66c CreateMenu
0x45a670 CreateIcon
0x45a674 CloseClipboard
0x45a678 ClientToScreen
0x45a67c CheckMenuItem
0x45a680 CallWindowProcA
0x45a684 CallNextHookEx
0x45a688 BeginPaint
0x45a68c BeginDeferWindowPos
0x45a690 CharNextA
0x45a694 CharLowerBuffA
0x45a698 CharLowerA
0x45a69c CharUpperBuffA
0x45a6a0 CharToOemA
0x45a6a4 AdjustWindowRectEx
Library kernel32.dll:
0x45a6b0 Sleep
Library oleaut32.dll:
0x45a6b8 SafeArrayPtrOfIndex
0x45a6bc SafeArrayGetUBound
0x45a6c0 SafeArrayGetLBound
0x45a6c4 SafeArrayCreate
0x45a6c8 VariantChangeType
0x45a6cc VariantCopy
0x45a6d0 VariantClear
0x45a6d4 VariantInit

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 50433 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 53500 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 54260 114.114.114.114 53
192.168.56.101 54991 114.114.114.114 53
192.168.56.101 55169 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 56743 114.114.114.114 53
192.168.56.101 57367 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 58070 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.