3.4
中危
63 个模型检测该样本为恶意!
重新分析
更多

9889297cf2a9b72c6a6851adaf5b7051eb4fa2abaecdea32a34817f10c8ed7e0

76f1d4ca552032dfe6a1b3d1b7dd27f3.exe

分析耗时

72s

最近分析

文件大小

215.0KB
静态报毒 动态报毒 100% ADLF AFTC AI SCORE=86 ATTRIBUTE AZDEN BSCOPE CLOUD CONFIDENCE CTEL DLMT ELDORADO FH2HBSZKHXC FLCFWJ FQIR GENCIRC GENETIC GENKRYPTIK GNKT GOZI HIGH CONFIDENCE HIGHCONFIDENCE HW32 KRYPTIK KT@7ZHJ9H MALICIOUS PE NQ0@AAFONRPI R002C0DDN20 R248791 SCORE SUSGEN UNSAFE URSNIF ZEXAF ZPACK 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Ursnif-FQIR!76F1D4CA5520 20200607 6.0.6.653
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Alibaba TrojanSpy:Win32/Ursnif.5cf02f2d 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20200607 18.4.3895.0
Kingsoft 20200607 2013.8.14.323
Tencent Malware.Win32.Gencirc.10b1f6d6 20200607 1.0.0.1
静态指标
Queries for the computername (3 个事件)
Time & API Arguments Status Return Repeated
1620946656.840017
GetComputerNameW
computer_name:
failed 0 0
1620946656.840017
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620946667.059017
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
This executable has a PDB path (1 个事件)
pdb_path c:\Score\Modern\Fill\Piece\Centurytogether.pdb
One or more processes crashed (50 out of 43118 个事件)
Time & API Arguments Status Return Repeated
1620946632.059017
__exception__
stacktrace: 
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19a4 @ 0x4019a4
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637872
registers.edi: 35061914
registers.eax: 0
registers.ebp: 1637896
registers.edx: 2130566132
registers.ebx: 4194304
registers.esi: 0
registers.ecx: 3235119104
exception.instruction_r: 8b 0d c0 61 40 00 2b 0d cc 61 40 00 03 0d c4 61
exception.symbol: 76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1858
exception.instruction: mov ecx, dword ptr [0x4061c0]
exception.module: 76f1d4ca552032dfe6a1b3d1b7dd27f3.exe
exception.exception_code: 0xc0000005
exception.offset: 6232
exception.address: 0x401858
success 0 0
1620946632.059017
__exception__
stacktrace: 
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19a4 @ 0x4019a4
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637872
registers.edi: 35061914
registers.eax: 0
registers.ebp: 1637896
registers.edx: 2130566132
registers.ebx: 4194304
registers.esi: 0
registers.ecx: 1936876918
exception.instruction_r: 2b 0d cc 61 40 00 03 0d c4 61 40 00 89 0d 90 54
exception.symbol: 76f1d4ca552032dfe6a1b3d1b7dd27f3+0x185e
exception.instruction: sub ecx, dword ptr [0x4061cc]
exception.module: 76f1d4ca552032dfe6a1b3d1b7dd27f3.exe
exception.exception_code: 0x80000004
exception.offset: 6238
exception.address: 0x40185e
success 0 0
1620946632.059017
__exception__
stacktrace: 
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19a4 @ 0x4019a4
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637872
registers.edi: 35061914
registers.eax: 0
registers.ebp: 1637896
registers.edx: 2130566132
registers.ebx: 4194304
registers.esi: 0
registers.ecx: 1936876918
exception.instruction_r: 2b 0d cc 61 40 00 03 0d c4 61 40 00 89 0d 90 54
exception.symbol: 76f1d4ca552032dfe6a1b3d1b7dd27f3+0x185e
exception.instruction: sub ecx, dword ptr [0x4061cc]
exception.module: 76f1d4ca552032dfe6a1b3d1b7dd27f3.exe
exception.exception_code: 0xc0000005
exception.offset: 6238
exception.address: 0x40185e
success 0 0
1620946632.059017
__exception__
stacktrace: 
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19a4 @ 0x4019a4
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637872
registers.edi: 35061914
registers.eax: 0
registers.ebp: 1637896
registers.edx: 2130566132
registers.ebx: 4194304
registers.esi: 0
registers.ecx: 905838343
exception.instruction_r: 03 0d c4 61 40 00 89 0d 90 54 40 00 5b c9 c3 53
exception.symbol: 76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1864
exception.instruction: add ecx, dword ptr [0x4061c4]
exception.module: 76f1d4ca552032dfe6a1b3d1b7dd27f3.exe
exception.exception_code: 0x80000004
exception.offset: 6244
exception.address: 0x401864
success 0 0
1620946632.059017
__exception__
stacktrace: 
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19a4 @ 0x4019a4
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637872
registers.edi: 35061914
registers.eax: 0
registers.ebp: 1637896
registers.edx: 2130566132
registers.ebx: 4194304
registers.esi: 0
registers.ecx: 905838343
exception.instruction_r: 03 0d c4 61 40 00 89 0d 90 54 40 00 5b c9 c3 53
exception.symbol: 76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1864
exception.instruction: add ecx, dword ptr [0x4061c4]
exception.module: 76f1d4ca552032dfe6a1b3d1b7dd27f3.exe
exception.exception_code: 0xc0000005
exception.offset: 6244
exception.address: 0x401864
success 0 0
1620946632.059017
__exception__
stacktrace: 
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19a4 @ 0x4019a4
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637872
registers.edi: 35061914
registers.eax: 0
registers.ebp: 1637896
registers.edx: 2130566132
registers.ebx: 4194304
registers.esi: 0
registers.ecx: 1936486000
exception.instruction_r: 89 0d 90 54 40 00 5b c9 c3 53 55 56 8b 35 08 40
exception.symbol: 76f1d4ca552032dfe6a1b3d1b7dd27f3+0x186a
exception.instruction: mov dword ptr [0x405490], ecx
exception.module: 76f1d4ca552032dfe6a1b3d1b7dd27f3.exe
exception.exception_code: 0x80000004
exception.offset: 6250
exception.address: 0x40186a
success 0 0
1620946632.059017
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637824
registers.edi: 35061914
registers.eax: 4218902
registers.ebp: 1637828
registers.edx: 2130566132
registers.ebx: 26537984
registers.esi: 4218903
registers.ecx: 1637844
exception.instruction_r: 8a 10 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f
exception.symbol: RtlInitAnsiStringEx+0x1f _aulldvrm-0xc6 ntdll+0x2f7ba
exception.instruction: mov dl, byte ptr [eax]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 194490
exception.address: 0x77d5f7ba
success 0 0
1620946632.059017
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637824
registers.edi: 35061914
registers.eax: 4218902
registers.ebp: 1637828
registers.edx: 2130565963
registers.ebx: 26537984
registers.esi: 4218903
registers.ecx: 1637844
exception.instruction_r: 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f 87 77
exception.symbol: RtlInitAnsiStringEx+0x21 _aulldvrm-0xc4 ntdll+0x2f7bc
exception.instruction: inc eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 194492
exception.address: 0x77d5f7bc
success 0 0
1620946632.059017
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637824
registers.edi: 35061914
registers.eax: 4218903
registers.ebp: 1637828
registers.edx: 2130565963
registers.ebx: 26537984
registers.esi: 4218903
registers.ecx: 1637844
exception.instruction_r: 8a 10 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f
exception.symbol: RtlInitAnsiStringEx+0x1f _aulldvrm-0xc6 ntdll+0x2f7ba
exception.instruction: mov dl, byte ptr [eax]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 194490
exception.address: 0x77d5f7ba
success 0 0
1620946632.059017
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637824
registers.edi: 35061914
registers.eax: 4218903
registers.ebp: 1637828
registers.edx: 2130565957
registers.ebx: 26537984
registers.esi: 4218903
registers.ecx: 1637844
exception.instruction_r: 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f 87 77
exception.symbol: RtlInitAnsiStringEx+0x21 _aulldvrm-0xc4 ntdll+0x2f7bc
exception.instruction: inc eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 194492
exception.address: 0x77d5f7bc
success 0 0
1620946632.059017
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637824
registers.edi: 35061914
registers.eax: 4218904
registers.ebp: 1637828
registers.edx: 2130565957
registers.ebx: 26537984
registers.esi: 4218903
registers.ecx: 1637844
exception.instruction_r: 8a 10 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f
exception.symbol: RtlInitAnsiStringEx+0x1f _aulldvrm-0xc6 ntdll+0x2f7ba
exception.instruction: mov dl, byte ptr [eax]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 194490
exception.address: 0x77d5f7ba
success 0 0
1620946632.059017
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637824
registers.edi: 35061914
registers.eax: 4218904
registers.ebp: 1637828
registers.edx: 2130565970
registers.ebx: 26537984
registers.esi: 4218903
registers.ecx: 1637844
exception.instruction_r: 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f 87 77
exception.symbol: RtlInitAnsiStringEx+0x21 _aulldvrm-0xc4 ntdll+0x2f7bc
exception.instruction: inc eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 194492
exception.address: 0x77d5f7bc
success 0 0
1620946632.059017
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637824
registers.edi: 35061914
registers.eax: 4218905
registers.ebp: 1637828
registers.edx: 2130565970
registers.ebx: 26537984
registers.esi: 4218903
registers.ecx: 1637844
exception.instruction_r: 8a 10 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f
exception.symbol: RtlInitAnsiStringEx+0x1f _aulldvrm-0xc6 ntdll+0x2f7ba
exception.instruction: mov dl, byte ptr [eax]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 194490
exception.address: 0x77d5f7ba
success 0 0
1620946632.059017
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637824
registers.edi: 35061914
registers.eax: 4218905
registers.ebp: 1637828
registers.edx: 2130565966
registers.ebx: 26537984
registers.esi: 4218903
registers.ecx: 1637844
exception.instruction_r: 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f 87 77
exception.symbol: RtlInitAnsiStringEx+0x21 _aulldvrm-0xc4 ntdll+0x2f7bc
exception.instruction: inc eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 194492
exception.address: 0x77d5f7bc
success 0 0
1620946632.059017
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637824
registers.edi: 35061914
registers.eax: 4218906
registers.ebp: 1637828
registers.edx: 2130565966
registers.ebx: 26537984
registers.esi: 4218903
registers.ecx: 1637844
exception.instruction_r: 8a 10 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f
exception.symbol: RtlInitAnsiStringEx+0x1f _aulldvrm-0xc6 ntdll+0x2f7ba
exception.instruction: mov dl, byte ptr [eax]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 194490
exception.address: 0x77d5f7ba
success 0 0
1620946632.059017
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637824
registers.edi: 35061914
registers.eax: 4218906
registers.ebp: 1637828
registers.edx: 2130565957
registers.ebx: 26537984
registers.esi: 4218903
registers.ecx: 1637844
exception.instruction_r: 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f 87 77
exception.symbol: RtlInitAnsiStringEx+0x21 _aulldvrm-0xc4 ntdll+0x2f7bc
exception.instruction: inc eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 194492
exception.address: 0x77d5f7bc
success 0 0
1620946632.059017
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637824
registers.edi: 35061914
registers.eax: 4218907
registers.ebp: 1637828
registers.edx: 2130565957
registers.ebx: 26537984
registers.esi: 4218903
registers.ecx: 1637844
exception.instruction_r: 8a 10 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f
exception.symbol: RtlInitAnsiStringEx+0x1f _aulldvrm-0xc6 ntdll+0x2f7ba
exception.instruction: mov dl, byte ptr [eax]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 194490
exception.address: 0x77d5f7ba
success 0 0
1620946632.059017
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637824
registers.edi: 35061914
registers.eax: 4218907
registers.ebp: 1637828
registers.edx: 2130565964
registers.ebx: 26537984
registers.esi: 4218903
registers.ecx: 1637844
exception.instruction_r: 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f 87 77
exception.symbol: RtlInitAnsiStringEx+0x21 _aulldvrm-0xc4 ntdll+0x2f7bc
exception.instruction: inc eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 194492
exception.address: 0x77d5f7bc
success 0 0
1620946632.059017
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637824
registers.edi: 35061914
registers.eax: 4218908
registers.ebp: 1637828
registers.edx: 2130565964
registers.ebx: 26537984
registers.esi: 4218903
registers.ecx: 1637844
exception.instruction_r: 8a 10 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f
exception.symbol: RtlInitAnsiStringEx+0x1f _aulldvrm-0xc6 ntdll+0x2f7ba
exception.instruction: mov dl, byte ptr [eax]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 194490
exception.address: 0x77d5f7ba
success 0 0
1620946632.059017
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637824
registers.edi: 35061914
registers.eax: 4218908
registers.ebp: 1637828
registers.edx: 2130565939
registers.ebx: 26537984
registers.esi: 4218903
registers.ecx: 1637844
exception.instruction_r: 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f 87 77
exception.symbol: RtlInitAnsiStringEx+0x21 _aulldvrm-0xc4 ntdll+0x2f7bc
exception.instruction: inc eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 194492
exception.address: 0x77d5f7bc
success 0 0
1620946632.059017
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637824
registers.edi: 35061914
registers.eax: 4218909
registers.ebp: 1637828
registers.edx: 2130565939
registers.ebx: 26537984
registers.esi: 4218903
registers.ecx: 1637844
exception.instruction_r: 8a 10 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f
exception.symbol: RtlInitAnsiStringEx+0x1f _aulldvrm-0xc6 ntdll+0x2f7ba
exception.instruction: mov dl, byte ptr [eax]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 194490
exception.address: 0x77d5f7ba
success 0 0
1620946632.059017
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637824
registers.edi: 35061914
registers.eax: 4218909
registers.ebp: 1637828
registers.edx: 2130565938
registers.ebx: 26537984
registers.esi: 4218903
registers.ecx: 1637844
exception.instruction_r: 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f 87 77
exception.symbol: RtlInitAnsiStringEx+0x21 _aulldvrm-0xc4 ntdll+0x2f7bc
exception.instruction: inc eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 194492
exception.address: 0x77d5f7bc
success 0 0
1620946632.059017
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637824
registers.edi: 35061914
registers.eax: 4218910
registers.ebp: 1637828
registers.edx: 2130565938
registers.ebx: 26537984
registers.esi: 4218903
registers.ecx: 1637844
exception.instruction_r: 8a 10 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f
exception.symbol: RtlInitAnsiStringEx+0x1f _aulldvrm-0xc6 ntdll+0x2f7ba
exception.instruction: mov dl, byte ptr [eax]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 194490
exception.address: 0x77d5f7ba
success 0 0
1620946632.059017
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637824
registers.edi: 35061914
registers.eax: 4218910
registers.ebp: 1637828
registers.edx: 2130565934
registers.ebx: 26537984
registers.esi: 4218903
registers.ecx: 1637844
exception.instruction_r: 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f 87 77
exception.symbol: RtlInitAnsiStringEx+0x21 _aulldvrm-0xc4 ntdll+0x2f7bc
exception.instruction: inc eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 194492
exception.address: 0x77d5f7bc
success 0 0
1620946632.059017
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637824
registers.edi: 35061914
registers.eax: 4218911
registers.ebp: 1637828
registers.edx: 2130565934
registers.ebx: 26537984
registers.esi: 4218903
registers.ecx: 1637844
exception.instruction_r: 8a 10 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f
exception.symbol: RtlInitAnsiStringEx+0x1f _aulldvrm-0xc6 ntdll+0x2f7ba
exception.instruction: mov dl, byte ptr [eax]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 194490
exception.address: 0x77d5f7ba
success 0 0
1620946632.059017
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637824
registers.edi: 35061914
registers.eax: 4218911
registers.ebp: 1637828
registers.edx: 2130565956
registers.ebx: 26537984
registers.esi: 4218903
registers.ecx: 1637844
exception.instruction_r: 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f 87 77
exception.symbol: RtlInitAnsiStringEx+0x21 _aulldvrm-0xc4 ntdll+0x2f7bc
exception.instruction: inc eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 194492
exception.address: 0x77d5f7bc
success 0 0
1620946632.059017
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637824
registers.edi: 35061914
registers.eax: 4218912
registers.ebp: 1637828
registers.edx: 2130565956
registers.ebx: 26537984
registers.esi: 4218903
registers.ecx: 1637844
exception.instruction_r: 8a 10 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f
exception.symbol: RtlInitAnsiStringEx+0x1f _aulldvrm-0xc6 ntdll+0x2f7ba
exception.instruction: mov dl, byte ptr [eax]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 194490
exception.address: 0x77d5f7ba
success 0 0
1620946632.059017
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637824
registers.edi: 35061914
registers.eax: 4218912
registers.ebp: 1637828
registers.edx: 2130565964
registers.ebx: 26537984
registers.esi: 4218903
registers.ecx: 1637844
exception.instruction_r: 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f 87 77
exception.symbol: RtlInitAnsiStringEx+0x21 _aulldvrm-0xc4 ntdll+0x2f7bc
exception.instruction: inc eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 194492
exception.address: 0x77d5f7bc
success 0 0
1620946632.059017
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637824
registers.edi: 35061914
registers.eax: 4218913
registers.ebp: 1637828
registers.edx: 2130565964
registers.ebx: 26537984
registers.esi: 4218903
registers.ecx: 1637844
exception.instruction_r: 8a 10 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f
exception.symbol: RtlInitAnsiStringEx+0x1f _aulldvrm-0xc6 ntdll+0x2f7ba
exception.instruction: mov dl, byte ptr [eax]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 194490
exception.address: 0x77d5f7ba
success 0 0
1620946632.059017
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637824
registers.edi: 35061914
registers.eax: 4218913
registers.ebp: 1637828
registers.edx: 2130565964
registers.ebx: 26537984
registers.esi: 4218903
registers.ecx: 1637844
exception.instruction_r: 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f 87 77
exception.symbol: RtlInitAnsiStringEx+0x21 _aulldvrm-0xc4 ntdll+0x2f7bc
exception.instruction: inc eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 194492
exception.address: 0x77d5f7bc
success 0 0
1620946632.059017
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637824
registers.edi: 35061914
registers.eax: 4218914
registers.ebp: 1637828
registers.edx: 2130565964
registers.ebx: 26537984
registers.esi: 4218903
registers.ecx: 1637844
exception.instruction_r: 8a 10 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f
exception.symbol: RtlInitAnsiStringEx+0x1f _aulldvrm-0xc6 ntdll+0x2f7ba
exception.instruction: mov dl, byte ptr [eax]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 194490
exception.address: 0x77d5f7ba
success 0 0
1620946632.059017
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637824
registers.edi: 35061914
registers.eax: 4218914
registers.ebp: 1637828
registers.edx: 2130565888
registers.ebx: 26537984
registers.esi: 4218903
registers.ecx: 1637844
exception.instruction_r: 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f 87 77
exception.symbol: RtlInitAnsiStringEx+0x21 _aulldvrm-0xc4 ntdll+0x2f7bc
exception.instruction: inc eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 194492
exception.address: 0x77d5f7bc
success 0 0
1620946632.059017
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637740
registers.edi: 1637844
registers.eax: 12
registers.ebp: 1637744
registers.edx: 0
registers.ebx: 0
registers.esi: 132
registers.ecx: 4218902
exception.instruction_r: 0f b6 31 48 41 66 83 3c 75 00 4b e3 77 00 74 06
exception.symbol: RtlUlonglongByteSwap+0xa922 RtlFreeOemString-0x16fb8 ntdll+0x87d12
exception.instruction: movzx esi, byte ptr [ecx]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 556306
exception.address: 0x77db7d12
success 0 0
1620946632.075017
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637740
registers.edi: 1637844
registers.eax: 12
registers.ebp: 1637744
registers.edx: 0
registers.ebx: 0
registers.esi: 75
registers.ecx: 4218902
exception.instruction_r: 48 41 66 83 3c 75 00 4b e3 77 00 74 06 85 c0 74
exception.symbol: RtlUlonglongByteSwap+0xa925 RtlFreeOemString-0x16fb5 ntdll+0x87d15
exception.instruction: dec eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 556309
exception.address: 0x77db7d15
success 0 0
1620946632.075017
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637740
registers.edi: 1637844
registers.eax: 11
registers.ebp: 1637744
registers.edx: 2
registers.ebx: 0
registers.esi: 75
registers.ecx: 4218903
exception.instruction_r: 0f b6 31 48 41 66 83 3c 75 00 4b e3 77 00 74 06
exception.symbol: RtlUlonglongByteSwap+0xa922 RtlFreeOemString-0x16fb8 ntdll+0x87d12
exception.instruction: movzx esi, byte ptr [ecx]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 556306
exception.address: 0x77db7d12
success 0 0
1620946632.075017
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637740
registers.edi: 1637844
registers.eax: 11
registers.ebp: 1637744
registers.edx: 2
registers.ebx: 0
registers.esi: 69
registers.ecx: 4218903
exception.instruction_r: 48 41 66 83 3c 75 00 4b e3 77 00 74 06 85 c0 74
exception.symbol: RtlUlonglongByteSwap+0xa925 RtlFreeOemString-0x16fb5 ntdll+0x87d15
exception.instruction: dec eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 556309
exception.address: 0x77db7d15
success 0 0
1620946632.075017
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637740
registers.edi: 1637844
registers.eax: 10
registers.ebp: 1637744
registers.edx: 4
registers.ebx: 0
registers.esi: 69
registers.ecx: 4218904
exception.instruction_r: 0f b6 31 48 41 66 83 3c 75 00 4b e3 77 00 74 06
exception.symbol: RtlUlonglongByteSwap+0xa922 RtlFreeOemString-0x16fb8 ntdll+0x87d12
exception.instruction: movzx esi, byte ptr [ecx]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 556306
exception.address: 0x77db7d12
success 0 0
1620946632.075017
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637740
registers.edi: 1637844
registers.eax: 10
registers.ebp: 1637744
registers.edx: 4
registers.ebx: 0
registers.esi: 82
registers.ecx: 4218904
exception.instruction_r: 48 41 66 83 3c 75 00 4b e3 77 00 74 06 85 c0 74
exception.symbol: RtlUlonglongByteSwap+0xa925 RtlFreeOemString-0x16fb5 ntdll+0x87d15
exception.instruction: dec eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 556309
exception.address: 0x77db7d15
success 0 0
1620946632.075017
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637740
registers.edi: 1637844
registers.eax: 9
registers.ebp: 1637744
registers.edx: 6
registers.ebx: 0
registers.esi: 82
registers.ecx: 4218905
exception.instruction_r: 0f b6 31 48 41 66 83 3c 75 00 4b e3 77 00 74 06
exception.symbol: RtlUlonglongByteSwap+0xa922 RtlFreeOemString-0x16fb8 ntdll+0x87d12
exception.instruction: movzx esi, byte ptr [ecx]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 556306
exception.address: 0x77db7d12
success 0 0
1620946632.075017
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637740
registers.edi: 1637844
registers.eax: 9
registers.ebp: 1637744
registers.edx: 6
registers.ebx: 0
registers.esi: 78
registers.ecx: 4218905
exception.instruction_r: 48 41 66 83 3c 75 00 4b e3 77 00 74 06 85 c0 74
exception.symbol: RtlUlonglongByteSwap+0xa925 RtlFreeOemString-0x16fb5 ntdll+0x87d15
exception.instruction: dec eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 556309
exception.address: 0x77db7d15
success 0 0
1620946632.075017
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637740
registers.edi: 1637844
registers.eax: 8
registers.ebp: 1637744
registers.edx: 8
registers.ebx: 0
registers.esi: 78
registers.ecx: 4218906
exception.instruction_r: 0f b6 31 48 41 66 83 3c 75 00 4b e3 77 00 74 06
exception.symbol: RtlUlonglongByteSwap+0xa922 RtlFreeOemString-0x16fb8 ntdll+0x87d12
exception.instruction: movzx esi, byte ptr [ecx]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 556306
exception.address: 0x77db7d12
success 0 0
1620946632.075017
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637740
registers.edi: 1637844
registers.eax: 8
registers.ebp: 1637744
registers.edx: 8
registers.ebx: 0
registers.esi: 69
registers.ecx: 4218906
exception.instruction_r: 48 41 66 83 3c 75 00 4b e3 77 00 74 06 85 c0 74
exception.symbol: RtlUlonglongByteSwap+0xa925 RtlFreeOemString-0x16fb5 ntdll+0x87d15
exception.instruction: dec eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 556309
exception.address: 0x77db7d15
success 0 0
1620946632.075017
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637740
registers.edi: 1637844
registers.eax: 7
registers.ebp: 1637744
registers.edx: 10
registers.ebx: 0
registers.esi: 69
registers.ecx: 4218907
exception.instruction_r: 0f b6 31 48 41 66 83 3c 75 00 4b e3 77 00 74 06
exception.symbol: RtlUlonglongByteSwap+0xa922 RtlFreeOemString-0x16fb8 ntdll+0x87d12
exception.instruction: movzx esi, byte ptr [ecx]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 556306
exception.address: 0x77db7d12
success 0 0
1620946632.075017
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637740
registers.edi: 1637844
registers.eax: 7
registers.ebp: 1637744
registers.edx: 10
registers.ebx: 0
registers.esi: 76
registers.ecx: 4218907
exception.instruction_r: 48 41 66 83 3c 75 00 4b e3 77 00 74 06 85 c0 74
exception.symbol: RtlUlonglongByteSwap+0xa925 RtlFreeOemString-0x16fb5 ntdll+0x87d15
exception.instruction: dec eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 556309
exception.address: 0x77db7d15
success 0 0
1620946632.075017
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637740
registers.edi: 1637844
registers.eax: 6
registers.ebp: 1637744
registers.edx: 12
registers.ebx: 0
registers.esi: 76
registers.ecx: 4218908
exception.instruction_r: 0f b6 31 48 41 66 83 3c 75 00 4b e3 77 00 74 06
exception.symbol: RtlUlonglongByteSwap+0xa922 RtlFreeOemString-0x16fb8 ntdll+0x87d12
exception.instruction: movzx esi, byte ptr [ecx]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 556306
exception.address: 0x77db7d12
success 0 0
1620946632.075017
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637740
registers.edi: 1637844
registers.eax: 6
registers.ebp: 1637744
registers.edx: 12
registers.ebx: 0
registers.esi: 51
registers.ecx: 4218908
exception.instruction_r: 48 41 66 83 3c 75 00 4b e3 77 00 74 06 85 c0 74
exception.symbol: RtlUlonglongByteSwap+0xa925 RtlFreeOemString-0x16fb5 ntdll+0x87d15
exception.instruction: dec eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 556309
exception.address: 0x77db7d15
success 0 0
1620946632.075017
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637740
registers.edi: 1637844
registers.eax: 5
registers.ebp: 1637744
registers.edx: 14
registers.ebx: 0
registers.esi: 51
registers.ecx: 4218909
exception.instruction_r: 0f b6 31 48 41 66 83 3c 75 00 4b e3 77 00 74 06
exception.symbol: RtlUlonglongByteSwap+0xa922 RtlFreeOemString-0x16fb8 ntdll+0x87d12
exception.instruction: movzx esi, byte ptr [ecx]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 556306
exception.address: 0x77db7d12
success 0 0
1620946632.075017
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637740
registers.edi: 1637844
registers.eax: 5
registers.ebp: 1637744
registers.edx: 14
registers.ebx: 0
registers.esi: 50
registers.ecx: 4218909
exception.instruction_r: 48 41 66 83 3c 75 00 4b e3 77 00 74 06 85 c0 74
exception.symbol: RtlUlonglongByteSwap+0xa925 RtlFreeOemString-0x16fb5 ntdll+0x87d15
exception.instruction: dec eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 556309
exception.address: 0x77db7d15
success 0 0
1620946632.075017
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637740
registers.edi: 1637844
registers.eax: 4
registers.ebp: 1637744
registers.edx: 16
registers.ebx: 0
registers.esi: 50
registers.ecx: 4218910
exception.instruction_r: 0f b6 31 48 41 66 83 3c 75 00 4b e3 77 00 74 06
exception.symbol: RtlUlonglongByteSwap+0xa922 RtlFreeOemString-0x16fb8 ntdll+0x87d12
exception.instruction: movzx esi, byte ptr [ecx]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 556306
exception.address: 0x77db7d12
success 0 0
1620946632.075017
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1309 @ 0x401309
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x19b1 @ 0x4019b1
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1bc8 @ 0x401bc8
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x24fca @ 0x424fca
76f1d4ca552032dfe6a1b3d1b7dd27f3+0x1b3c @ 0x401b3c
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637740
registers.edi: 1637844
registers.eax: 4
registers.ebp: 1637744
registers.edx: 16
registers.ebx: 0
registers.esi: 46
registers.ecx: 4218910
exception.instruction_r: 48 41 66 83 3c 75 00 4b e3 77 00 74 06 85 c0 74
exception.symbol: RtlUlonglongByteSwap+0xa925 RtlFreeOemString-0x16fb5 ntdll+0x87d15
exception.instruction: dec eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 556309
exception.address: 0x77db7d15
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1620946632.044017
NtAllocateVirtualMemory
process_identifier: 2340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01d70000
success 0 0
1620946632.044017
NtAllocateVirtualMemory
process_identifier: 2340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01d80000
success 0 0
1620946632.044017
NtAllocateVirtualMemory
process_identifier: 2340
region_size: 176128
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01d90000
success 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Manipulates memory of a non-child process indicative of process injection (2 个事件)
Process injection Process 2340 manipulating memory of non-child process 2340
Time & API Arguments Status Return Repeated
1620946632.184017
NtMapViewOfSection
section_handle: 0x00000090
process_identifier: 2340
commit_size: 0
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000084
allocation_type: 0 ()
section_offset: 0
view_size: 110592
base_address: 0x01dd0000
success 0 0
File has been identified by 63 AntiVirus engines on VirusTotal as malicious (50 out of 63 个事件)
Bkav HW32.Packed.
MicroWorld-eScan Trojan.Agent.DLMT
CAT-QuickHeal TrojanSpy.Ursnif
McAfee Ursnif-FQIR!76F1D4CA5520
Cylance Unsafe
Zillya Trojan.Ursnif.Win32.4750
Sangfor Malware
CrowdStrike win/malicious_confidence_100% (W)
Alibaba TrojanSpy:Win32/Ursnif.5cf02f2d
K7GW Trojan ( 00542d4c1 )
K7AntiVirus Trojan ( 00542d4c1 )
Arcabit Trojan.Agent.DLMT
TrendMicro TROJ_GEN.R002C0DDN20
F-Prot W32/S-7553b91f!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Trojan-gen
ClamAV Win.Dropper.Ursnif-7346507-0
Kaspersky Trojan-Spy.Win32.Ursnif.aftc
BitDefender Trojan.Agent.DLMT
NANO-Antivirus Trojan.Win32.Ursnif.flcfwj
Paloalto generic.ml
AegisLab Trojan.Win32.Ursnif.4!c
Rising Trojan.Kryptik!1.B52D (CLOUD)
Endgame malicious (high confidence)
Sophos Mal/Generic-S
Comodo TrojWare.Win32.Azden.KT@7zhj9h
F-Secure Trojan.TR/Crypt.ZPACK.adlf
DrWeb BackDoor.Gozi.151
VIPRE Trojan.Win32.Generic!BT
Invincea heuristic
McAfee-GW-Edition BehavesLike.Win32.Ursnif.dh
FireEye Generic.mg.76f1d4ca552032df
Emsisoft Trojan.Agent.DLMT (B)
SentinelOne DFI - Malicious PE
Cyren W32/S-7553b91f!Eldorado
Jiangmin TrojanSpy.Ursnif.bxr
Webroot W32.Trojan.Gen
Avira TR/Crypt.ZPACK.adlf
eGambit Unsafe.AI_Score_99%
MAX malware (ai score=86)
Antiy-AVL Trojan[Spy]/Win32.Ursnif
Microsoft Trojan:Win32/Ursnif.AO!MTB
ViRobot Trojan.Win32.Z.Ursnif.220160.CM
ZoneAlarm Trojan-Spy.Win32.Ursnif.aftc
GData Trojan.Agent.DLMT
AhnLab-V3 Trojan/Win32.Ursnif.R248791
VBA32 BScope.TrojanSpy.Ursnif
ALYac Trojan.Agent.DLMT
TACHYON Trojan-Spy/W32.Ursnif.220160.B
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2011-12-12 20:18:35

Imports

Library KERNEL32.dll:
0x426020 CloseHandle
0x426024 GetModuleHandleA
0x426028 MultiByteToWideChar
0x42602c LCMapStringW
0x426030 HeapSize
0x426034 RtlUnwind
0x426038 IsValidCodePage
0x42603c GetOEMCP
0x426040 GetACP
0x426044 GetCPInfo
0x426048 GetProcAddress
0x42604c ReadFile
0x426050 Sleep
0x426054 GetFileSize
0x426058 GetStringTypeW
0x42605c CreateFileA
0x426060 LoadLibraryW
0x426068 GetLastError
0x42606c HeapFree
0x426070 HeapAlloc
0x426074 GetCommandLineA
0x426078 HeapSetInformation
0x42607c GetStartupInfoW
0x426080 TerminateProcess
0x426084 GetCurrentProcess
0x426090 IsDebuggerPresent
0x426098 HeapCreate
0x42609c GetModuleHandleW
0x4260a0 ExitProcess
0x4260a4 DecodePointer
0x4260a8 WriteFile
0x4260ac GetStdHandle
0x4260b0 GetModuleFileNameW
0x4260b4 EncodePointer
0x4260b8 GetModuleFileNameA
0x4260c0 WideCharToMultiByte
0x4260c8 SetHandleCount
0x4260d0 GetFileType
0x4260d4 TlsAlloc
0x4260d8 TlsGetValue
0x4260dc TlsSetValue
0x4260e0 TlsFree
0x4260e8 SetLastError
0x4260ec GetCurrentThreadId
0x4260f8 GetTickCount
0x4260fc GetCurrentProcessId
0x426104 RaiseException
0x42610c HeapReAlloc
Library USER32.dll:
0x426114 CheckMenuItem
0x426118 LoadImageA
0x42611c DispatchMessageA
0x426120 GetAncestor
0x426124 CheckMenuRadioItem
0x426128 SetCursor
0x42612c GetClassNameA
0x426130 GetDlgItemInt
0x426134 InsertMenuItemA
0x426138 IsWindowEnabled
0x42613c DrawIcon
0x426140 GetScrollRange
0x426144 SetDlgItemInt
Library GDI32.dll:
0x426000 SelectClipRgn
0x426004 CreateRectRgn
0x426008 GetPixel
0x42600c GetStockObject
0x426010 CreateFontA
Library dbghelp.dll:
0x42615c MiniDumpWriteDump
Library WINTRUST.dll:
0x426150 WinVerifyTrust

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.