7.2
高危
36 个模型检测该样本为恶意!
重新分析
更多

4723ab5ed01fb642eb602ff59309d4d698e6011145ca1b757bb223b5a67fe159

79d702974c9b1588b1ad025fafad4d0a.exe

分析耗时

86s

最近分析

文件大小

2.2MB
静态报毒 动态报毒 AI SCORE=99 AKZF ARTEMIS ATTRIBUTE BSCOPE CONFIDENCE EJTJ HIGHCONFIDENCE IAITHX MALWARE@#236R2LP58R9FS NA0@AQVPBULO NA0@BQVPBULO PARALLAX PREDATOR R007H0CK620 SUSGEN UNSAFE XAPARO ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Backdoor:Win32/Generic.5b76dde2 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20201228 21.1.5827.0
Tencent Win32.Trojan.Malware.Akzf 20201228 1.0.0.1
Kingsoft 20201228 2017.9.26.565
McAfee Artemis!79D702974C9B 20201228 6.0.6.653
CrowdStrike win/malicious_confidence_60% (W) 20190702 1.0
静态指标
This executable has a PDB path (1 个事件)
pdb_path d:\PhoXo\bin\PhoXo.pdb
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section 3qClA
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name PNG
One or more processes crashed (50 out of 32008 个事件)
Time & API Arguments Status Return Repeated
1619670644.634751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 135168
registers.eax: 0
registers.ebp: 1638052
registers.edx: 1983904256
registers.ebx: 1983189538
registers.esi: 1983912052
registers.ecx: 0
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.634751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 200704
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.634751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 266240
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.634751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 331776
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.634751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 397312
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.634751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 462848
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.634751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 528384
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.634751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 593920
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.634751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 659456
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.634751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 724992
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.634751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 790528
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.634751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 856064
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.634751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 921600
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.634751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 987136
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.634751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 1052672
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.634751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 1118208
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.634751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 1183744
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.649751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 1249280
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.649751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 1314816
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.649751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 1380352
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.649751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 1445888
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.649751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 1511424
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.649751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 1576960
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.649751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 1773568
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 7078004
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.649751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 1839104
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.649751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 1904640
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.649751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 1970176
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.665751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 2494464
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 5570625
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.665751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 2625536
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 6226035
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.665751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 2691072
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.665751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 2756608
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.665751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 2822144
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.665751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 3149824
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 2337669003
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.665751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 3280896
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 779251572
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.665751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 3411968
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 5560
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.665751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 3805184
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 0
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.665751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 4067328
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 0
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.665751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 4132864
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.665751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 6623232
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 65537
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.665751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 6688768
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.665751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 6754304
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.665751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 6819840
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.681751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 6885376
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.681751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 6950912
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.681751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 7016448
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.681751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 7081984
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.681751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 7147520
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.681751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 7213056
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.681751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 7278592
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
1619670644.681751
__exception__
stacktrace: 
79d702974c9b1588b1ad025fafad4d0a+0x23c250 @ 0x63c250
79d702974c9b1588b1ad025fafad4d0a+0x149de8 @ 0x549de8
0xfffffffe
79d702974c9b1588b1ad025fafad4d0a+0x991d8 @ 0x4991d8

registers.esp: 1638040
registers.edi: 7344128
registers.eax: 0
registers.ebp: 1638052
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636916
registers.ecx: 1638264
exception.instruction_r: 8b 3f e9 20 03 00 00 5e b8 80 6d 15 74 35 ec 01
exception.symbol: 79d702974c9b1588b1ad025fafad4d0a+0x23c457
exception.instruction: mov edi, dword ptr [edi]
exception.module: 79d702974c9b1588b1ad025fafad4d0a.exe
exception.exception_code: 0xc0000005
exception.offset: 2344023
exception.address: 0x63c457
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1619670663.837751
NtAllocateVirtualMemory
process_identifier: 2228
region_size: 503808
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02600000
success 0 0
1619670663.868751
NtAllocateVirtualMemory
process_identifier: 2228
region_size: 1572864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02680000
success 0 0
1619670663.899751
NtProtectVirtualMemory
process_identifier: 2228
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619670700.399751
CreateProcessInternalW
thread_identifier: 2764
thread_handle: 0x000002ac
process_identifier: 2652
current_directory:
filepath: C:\Windows\SysWOW64\calc.exe
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\79d702974c9b1588b1ad025fafad4d0a.exe"
filepath_r: C:\Windows\SysWOW64\calc.exe
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x000002b0
inherit_handles: 1
success 1 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.9450392548960505 section {'size_of_data': '0x00025e00', 'virtual_address': '0x00217000', 'entropy': 7.9450392548960505, 'name': '3qClA', 'virtual_size': '0x00025db5'} description A section with a high entropy has been found
Repeatedly searches for a not-found process, you may want to run a web browser during analysis (19 个事件)
Time & API Arguments Status Return Repeated
1619670664.087751
Process32NextW
process_name: 79d702974c9b1588b1ad025fafad4d0a.exe
snapshot_handle: 0x00000104
process_identifier: 2228
failed 0 0
1619670664.212751
Process32NextW
process_name: 79d702974c9b1588b1ad025fafad4d0a.exe
snapshot_handle: 0x000000fc
process_identifier: 2228
failed 0 0
1619670664.368751
Process32NextW
process_name: 79d702974c9b1588b1ad025fafad4d0a.exe
snapshot_handle: 0x00000108
process_identifier: 2228
failed 0 0
1619670664.509751
Process32NextW
process_name: 79d702974c9b1588b1ad025fafad4d0a.exe
snapshot_handle: 0x0000010c
process_identifier: 2228
failed 0 0
1619670664.649751
Process32NextW
process_name: 79d702974c9b1588b1ad025fafad4d0a.exe
snapshot_handle: 0x00000110
process_identifier: 2228
failed 0 0
1619670664.790751
Process32NextW
process_name: 79d702974c9b1588b1ad025fafad4d0a.exe
snapshot_handle: 0x00000114
process_identifier: 2228
failed 0 0
1619670664.962751
Process32NextW
process_name: 79d702974c9b1588b1ad025fafad4d0a.exe
snapshot_handle: 0x00000118
process_identifier: 2228
failed 0 0
1619670665.087751
Process32NextW
process_name: 79d702974c9b1588b1ad025fafad4d0a.exe
snapshot_handle: 0x0000011c
process_identifier: 2228
failed 0 0
1619670665.243751
Process32NextW
process_name: 79d702974c9b1588b1ad025fafad4d0a.exe
snapshot_handle: 0x00000120
process_identifier: 2228
failed 0 0
1619670665.399751
Process32NextW
process_name: 79d702974c9b1588b1ad025fafad4d0a.exe
snapshot_handle: 0x00000124
process_identifier: 2228
failed 0 0
1619670665.540751
Process32NextW
process_name: 79d702974c9b1588b1ad025fafad4d0a.exe
snapshot_handle: 0x00000128
process_identifier: 2228
failed 0 0
1619670665.696751
Process32NextW
process_name: 79d702974c9b1588b1ad025fafad4d0a.exe
snapshot_handle: 0x0000012c
process_identifier: 2228
failed 0 0
1619670665.837751
Process32NextW
process_name: 79d702974c9b1588b1ad025fafad4d0a.exe
snapshot_handle: 0x00000130
process_identifier: 2228
failed 0 0
1619670665.962751
Process32NextW
process_name: 79d702974c9b1588b1ad025fafad4d0a.exe
snapshot_handle: 0x00000134
process_identifier: 2228
failed 0 0
1619670666.118751
Process32NextW
process_name: 79d702974c9b1588b1ad025fafad4d0a.exe
snapshot_handle: 0x00000138
process_identifier: 2228
failed 0 0
1619670666.259751
Process32NextW
process_name: 79d702974c9b1588b1ad025fafad4d0a.exe
snapshot_handle: 0x0000013c
process_identifier: 2228
failed 0 0
1619670666.399751
Process32NextW
process_name: 79d702974c9b1588b1ad025fafad4d0a.exe
snapshot_handle: 0x00000140
process_identifier: 2228
failed 0 0
1619670666.556751
Process32NextW
process_name: 79d702974c9b1588b1ad025fafad4d0a.exe
snapshot_handle: 0x00000144
process_identifier: 2228
failed 0 0
1619670666.696751
Process32NextW
process_name: 79d702974c9b1588b1ad025fafad4d0a.exe
snapshot_handle: 0x00000148
process_identifier: 2228
failed 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Allocates execute permission to another process indicative of possible code injection (4 个事件)
Time & API Arguments Status Return Repeated
1619670700.743751
NtAllocateVirtualMemory
process_identifier: 2652
region_size: 147456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002b0
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
success 0 0
1619670700.759751
NtProtectVirtualMemory
process_identifier: 2652
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002b0
base_address: 0x77d4f000
success 0 0
1619670700.774751
NtAllocateVirtualMemory
process_identifier: 2652
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002b0
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000b0000
success 0 0
1619670700.774751
NtAllocateVirtualMemory
process_identifier: 2652
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002b0
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000c0000
success 0 0
Potential code injection by writing to the memory of another process (3 个事件)
Time & API Arguments Status Return Repeated
1619670700.915751
WriteProcessMemory
process_identifier: 2652
buffer: C:\Users\Administrator.Oskar-PC\AppData\Roaming\
process_handle: 0x000002b0
base_address: 0x000c0000
success 1 0
1619670700.915751
WriteProcessMemory
process_identifier: 2652
buffer:
process_handle: 0x000002b0
base_address: 0x77e30234
success 1 0
1619670700.915751
WriteProcessMemory
process_identifier: 2652
buffer: 
process_handle: 0x000002b0
base_address: 0x77e30230
success 1 0
Attempts to remove evidence of file being downloaded from the Internet (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\:Zone.Identifier
Executed a process and injected code into it, probably while unpacking (8 个事件)
Time & API Arguments Status Return Repeated
1619670700.399751
CreateProcessInternalW
thread_identifier: 2764
thread_handle: 0x000002ac
process_identifier: 2652
current_directory:
filepath: C:\Windows\SysWOW64\calc.exe
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\79d702974c9b1588b1ad025fafad4d0a.exe"
filepath_r: C:\Windows\SysWOW64\calc.exe
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x000002b0
inherit_handles: 1
success 1 0
1619670700.415751
NtGetContextThread
thread_handle: 0x000002ac
success 0 0
1619670700.743751
NtAllocateVirtualMemory
process_identifier: 2652
region_size: 147456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002b0
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
success 0 0
1619670700.774751
NtAllocateVirtualMemory
process_identifier: 2652
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002b0
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000b0000
success 0 0
1619670700.774751
NtAllocateVirtualMemory
process_identifier: 2652
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002b0
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000c0000
success 0 0
1619670700.915751
WriteProcessMemory
process_identifier: 2652
buffer: C:\Users\Administrator.Oskar-PC\AppData\Roaming\
process_handle: 0x000002b0
base_address: 0x000c0000
success 1 0
1619670700.915751
WriteProcessMemory
process_identifier: 2652
buffer:
process_handle: 0x000002b0
base_address: 0x77e30234
success 1 0
1619670700.915751
WriteProcessMemory
process_identifier: 2652
buffer: 
process_handle: 0x000002b0
base_address: 0x77e30230
success 1 0
File has been identified by 36 AntiVirus engines on VirusTotal as malicious (36 个事件)
MicroWorld-eScan Gen:Malware.Heur.2.nA0@bqVPBUlO
FireEye Gen:Malware.Heur.2.nA0@bqVPBUlO
ALYac Backdoor.RAT.Parallax
Cylance Unsafe
Alibaba Backdoor:Win32/Generic.5b76dde2
Cybereason malicious.74c9b1
Arcabit Gen:Malware.Heur.2.E276CF
BitDefenderTheta Gen:NN.ZexaF.34700.nA0@aqVPBUlO
Cyren W32/Trojan.EJTJ-1905
Symantec ML.Attribute.HighConfidence
Avast Win32:Malware-gen
Kaspersky Backdoor.Win32.Xaparo.jl
BitDefender Gen:Malware.Heur.2.nA0@bqVPBUlO
NANO-Antivirus Trojan.Win32.Xaparo.iaithx
Paloalto generic.ml
Tencent Win32.Trojan.Malware.Akzf
Ad-Aware Gen:Malware.Heur.2.nA0@bqVPBUlO
Comodo Malware@#236r2lp58r9fs
DrWeb BackDoor.Rat.268
McAfee-GW-Edition BehavesLike.Win32.Dropper.vh
Emsisoft Gen:Malware.Heur.2.nA0@bqVPBUlO (B)
MAX malware (ai score=99)
Gridinsoft Malware.Win32.Gen.ba
Microsoft Trojan:Win32/Predator!MTB
AegisLab Trojan.Multi.Generic.4!c
ZoneAlarm Backdoor.Win32.Xaparo.jl
GData Gen:Malware.Heur.2.nA0@bqVPBUlO
AhnLab-V3 Malware/Win32.Generic.C4109656
McAfee Artemis!79D702974C9B
VBA32 BScope.Backdoor.Rat
Malwarebytes Trojan.Injector
TrendMicro-HouseCall TROJ_GEN.R007H0CK620
MaxSecure Trojan.Malware.1728101.susgen
AVG Win32:Malware-gen
CrowdStrike win/malicious_confidence_60% (W)
Qihoo-360 Generic/Trojan.84d
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2014-09-10 16:39:06

Imports

Library KERNEL32.dll:
0x55d168 GetStartupInfoW
0x55d174 IsDebuggerPresent
0x55d178 ExitThread
0x55d17c CreateThread
0x55d180 HeapFree
0x55d188 HeapAlloc
0x55d18c RtlUnwind
0x55d190 RaiseException
0x55d194 HeapReAlloc
0x55d198 ExitProcess
0x55d19c HeapSize
0x55d1a0 GetStdHandle
0x55d1a4 GetModuleFileNameA
0x55d1b0 GetCommandLineW
0x55d1b4 SetHandleCount
0x55d1b8 GetFileType
0x55d1bc GetStartupInfoA
0x55d1c0 HeapCreate
0x55d1c4 VirtualFree
0x55d1cc GetCPInfo
0x55d1d0 GetACP
0x55d1d4 GetOEMCP
0x55d1d8 IsValidCodePage
0x55d1dc LCMapStringA
0x55d1e0 VirtualAlloc
0x55d1e4 GetConsoleCP
0x55d1e8 GetConsoleMode
0x55d1ec GetTimeFormatA
0x55d1f0 GetDateFormatA
0x55d1fc GetLocaleInfoA
0x55d200 GetStringTypeA
0x55d204 GetStringTypeW
0x55d208 SetStdHandle
0x55d20c WriteConsoleA
0x55d210 GetConsoleOutputCP
0x55d214 WriteConsoleW
0x55d220 GetDriveTypeA
0x55d224 GetProcessHeap
0x55d228 CreateFileA
0x55d230 SetErrorMode
0x55d234 DeleteFileA
0x55d238 MoveFileA
0x55d23c FindNextFileA
0x55d240 FindFirstFileA
0x55d244 GetFileSizeEx
0x55d258 GlobalFlags
0x55d260 lstrlenA
0x55d264 TlsFree
0x55d268 LocalReAlloc
0x55d26c TlsSetValue
0x55d270 TlsAlloc
0x55d274 GlobalHandle
0x55d278 GlobalReAlloc
0x55d27c TlsGetValue
0x55d280 LocalAlloc
0x55d284 GetShortPathNameW
0x55d28c DuplicateHandle
0x55d290 SetEndOfFile
0x55d294 UnlockFile
0x55d298 LockFile
0x55d29c FlushFileBuffers
0x55d2a0 SetFilePointer
0x55d2a4 GetThreadLocale
0x55d2a8 GetStringTypeExW
0x55d2b4 GetModuleHandleA
0x55d2b8 GetDiskFreeSpaceW
0x55d2bc GetFullPathNameW
0x55d2c0 GetFileTime
0x55d2c4 SetFileTime
0x55d2c8 GlobalGetAtomNameW
0x55d2cc GetCurrentThread
0x55d2d8 lstrcmpA
0x55d2dc GetLocaleInfoW
0x55d2e0 CompareStringA
0x55d2e4 FreeResource
0x55d2e8 GetCurrentThreadId
0x55d2ec GlobalAddAtomW
0x55d2f0 GlobalFindAtomW
0x55d2f4 GlobalDeleteAtom
0x55d2f8 GetVersionExW
0x55d2fc CompareStringW
0x55d300 LoadLibraryA
0x55d304 lstrcmpW
0x55d308 GetVersionExA
0x55d30c GetCurrentProcessId
0x55d310 VerifyVersionInfoW
0x55d314 VerSetConditionMask
0x55d318 GetNativeSystemInfo
0x55d320 SetEvent
0x55d324 CreateEventW
0x55d328 GetCurrentProcess
0x55d330 FindFirstFileW
0x55d334 FindNextFileW
0x55d338 FindClose
0x55d33c LocalFree
0x55d340 FormatMessageW
0x55d344 SetLastError
0x55d348 GetModuleHandleW
0x55d34c GetFileAttributesW
0x55d350 lstrcpyW
0x55d35c CopyFileW
0x55d360 lstrcmpiW
0x55d364 GetTempPathW
0x55d368 GetTempFileNameW
0x55d36c MultiByteToWideChar
0x55d37c InterlockedExchange
0x55d380 lstrcpynW
0x55d384 lstrlenW
0x55d388 MoveFileExW
0x55d38c MoveFileW
0x55d390 Sleep
0x55d394 TerminateProcess
0x55d398 OpenProcess
0x55d39c GetLastError
0x55d3a0 SetFileAttributesW
0x55d3a4 WriteFile
0x55d3a8 CreateFileW
0x55d3ac GetFileSize
0x55d3b0 ReadFile
0x55d3b4 MulDiv
0x55d3bc TerminateThread
0x55d3cc LoadLibraryW
0x55d3d0 GetProcAddress
0x55d3d4 FreeLibrary
0x55d3d8 GetTickCount
0x55d3dc WideCharToMultiByte
0x55d3e0 GlobalAlloc
0x55d3e4 GlobalLock
0x55d3e8 GlobalUnlock
0x55d3ec GlobalFree
0x55d3f0 WaitForSingleObject
0x55d3f4 CloseHandle
0x55d3fc GetModuleFileNameW
0x55d400 DeleteFileW
0x55d404 FindResourceW
0x55d408 LoadResource
0x55d40c LockResource
0x55d410 SizeofResource
0x55d414 LCMapStringW
0x55d418 CreateDirectoryW
Library USER32.dll:
0x55d4bc InsertMenuItemW
0x55d4c0 CreatePopupMenu
0x55d4c4 ShowOwnedPopups
0x55d4c8 LoadAcceleratorsW
0x55d4cc DestroyMenu
0x55d4d0 PostQuitMessage
0x55d4d4 RedrawWindow
0x55d4e0 GetActiveWindow
0x55d4e4 DrawMenuBar
0x55d4e8 DefMDIChildProcW
0x55d4ec DefFrameProcW
0x55d4f0 SetMenuItemBitmaps
0x55d4f8 LoadBitmapW
0x55d4fc EnableMenuItem
0x55d500 MoveWindow
0x55d504 SetWindowTextW
0x55d508 IsDialogMessageW
0x55d50c SetDlgItemTextW
0x55d510 SendDlgItemMessageW
0x55d514 SendDlgItemMessageA
0x55d518 WinHelpW
0x55d51c IsChild
0x55d520 SetWindowsHookExW
0x55d524 CallNextHookEx
0x55d528 GetClassLongW
0x55d52c SetPropW
0x55d530 GetPropW
0x55d534 RemovePropW
0x55d538 GetFocus
0x55d53c SetFocus
0x55d544 GetWindowTextW
0x55d548 GetForegroundWindow
0x55d54c BeginDeferWindowPos
0x55d550 EndDeferWindowPos
0x55d554 GetTopWindow
0x55d558 UnhookWindowsHookEx
0x55d55c GetMessageTime
0x55d560 GetMessagePos
0x55d564 MapWindowPoints
0x55d568 ScrollWindow
0x55d56c TrackPopupMenu
0x55d570 SetMenu
0x55d574 SetScrollRange
0x55d578 GetScrollRange
0x55d57c SetScrollPos
0x55d580 GetScrollPos
0x55d584 ShowScrollBar
0x55d588 GetClassInfoExW
0x55d58c GetClassInfoW
0x55d590 RegisterClassW
0x55d594 DeferWindowPos
0x55d598 GetScrollInfo
0x55d59c SetScrollInfo
0x55d5a0 CallWindowProcW
0x55d5a4 GetMenu
0x55d5ac IsIconic
0x55d5b0 GetWindowPlacement
0x55d5b4 GetWindow
0x55d5b8 GetLastActivePopup
0x55d5bc MessageBoxW
0x55d5c0 WindowFromPoint
0x55d5c4 IsWindowEnabled
0x55d5c8 GetMenuState
0x55d5cc GetMenuStringW
0x55d5d0 InsertMenuW
0x55d5d4 SetWindowPos
0x55d5d8 LoadIconW
0x55d5dc GetKeyState
0x55d5e0 GetCursor
0x55d5e4 DrawTextW
0x55d5e8 DrawIcon
0x55d5ec IsZoomed
0x55d5f0 GetCursorPos
0x55d5f4 DeleteMenu
0x55d5f8 SetMenuItemInfoW
0x55d5fc SetMenuInfo
0x55d600 GetMenuInfo
0x55d604 FlashWindow
0x55d608 IsWindowVisible
0x55d60c FindWindowExW
0x55d610 SetRectEmpty
0x55d614 DestroyIcon
0x55d618 RemoveMenu
0x55d61c AppendMenuW
0x55d620 GetMenuItemID
0x55d624 GetMenuItemCount
0x55d628 CheckMenuItem
0x55d62c ModifyMenuW
0x55d630 OffsetRect
0x55d634 PostMessageW
0x55d638 KillTimer
0x55d63c SetTimer
0x55d640 IntersectRect
0x55d644 ScreenToClient
0x55d648 GetSysColorBrush
0x55d64c GetClassNameW
0x55d650 SetForegroundWindow
0x55d654 SetActiveWindow
0x55d658 BringWindowToTop
0x55d65c EnumChildWindows
0x55d660 GetDlgCtrlID
0x55d668 GetSubMenu
0x55d66c LoadMenuW
0x55d670 AdjustWindowRectEx
0x55d674 GetWindowRect
0x55d678 GetSystemMetrics
0x55d67c PtInRect
0x55d680 ReuseDDElParam
0x55d684 UnpackDDElParam
0x55d688 SetRect
0x55d68c ClientToScreen
0x55d690 LockWindowUpdate
0x55d694 GetDCEx
0x55d698 UnregisterClassW
0x55d69c EmptyClipboard
0x55d6a0 SetClipboardData
0x55d6a4 CharUpperW
0x55d6a8 SetParent
0x55d6ac GetSystemMenu
0x55d6b0 GetMenuItemInfoW
0x55d6b4 SetWindowRgn
0x55d6b8 EndPaint
0x55d6bc BeginPaint
0x55d6c0 GetWindowDC
0x55d6c4 GrayStringW
0x55d6c8 DrawTextExW
0x55d6cc TabbedTextOutW
0x55d6d0 TranslateMessage
0x55d6d4 ValidateRect
0x55d6d8 GetNextDlgTabItem
0x55d6e0 EqualRect
0x55d6e8 CopyRect
0x55d6ec EnableWindow
0x55d6f0 UnionRect
0x55d6f4 SetCursor
0x55d6f8 InflateRect
0x55d6fc LoadCursorW
0x55d700 CreateWindowExW
0x55d704 GetDesktopWindow
0x55d708 GetMessageW
0x55d70c DispatchMessageW
0x55d710 DestroyWindow
0x55d714 UpdateLayeredWindow
0x55d718 UpdateWindow
0x55d71c SetWindowLongW
0x55d720 RegisterClassExW
0x55d724 DefWindowProcW
0x55d728 SendNotifyMessageW
0x55d72c GetWindowLongW
0x55d730 CloseClipboard
0x55d734 GetClipboardData
0x55d738 OpenClipboard
0x55d744 PeekMessageW
0x55d748 GetDlgItem
0x55d74c ShowWindow
0x55d750 FillRect
0x55d754 FrameRect
0x55d758 GetSysColor
0x55d75c GetParent
0x55d760 DrawFrameControl
0x55d764 GetAncestor
0x55d768 GetClientRect
0x55d76c TrackMouseEvent
0x55d770 IsWindow
0x55d774 SetCapture
0x55d778 GetCapture
0x55d77c ReleaseCapture
0x55d780 IsRectEmpty
0x55d784 GetDC
0x55d788 ReleaseDC
0x55d78c InvalidateRect
0x55d790 SendMessageW
0x55d794 EndDialog
Library GDI32.dll:
0x55d04c GetPixel
0x55d050 StartDocW
0x55d054 PtVisible
0x55d058 RectVisible
0x55d05c TextOutW
0x55d060 Escape
0x55d064 SetViewportOrgEx
0x55d068 OffsetViewportOrgEx
0x55d06c SetViewportExtEx
0x55d070 ScaleViewportExtEx
0x55d074 SetWindowExtEx
0x55d078 ScaleWindowExtEx
0x55d07c CreateSolidBrush
0x55d080 CreateEllipticRgn
0x55d084 LPtoDP
0x55d088 StartPage
0x55d08c EndPage
0x55d090 SetAbortProc
0x55d094 AbortDoc
0x55d098 EndDoc
0x55d09c RestoreDC
0x55d0a0 SaveDC
0x55d0a4 SelectClipRgn
0x55d0a8 MoveToEx
0x55d0ac LineTo
0x55d0b0 IntersectClipRect
0x55d0b4 ExcludeClipRect
0x55d0b8 SetMapMode
0x55d0bc BitBlt
0x55d0c0 DPtoLP
0x55d0c4 CombineRgn
0x55d0c8 SetRectRgn
0x55d0cc CreateRectRgn
0x55d0d0 ExtTextOutW
0x55d0d4 StretchDIBits
0x55d0d8 CreateFontW
0x55d0dc GetCharWidthW
0x55d0e0 PatBlt
0x55d0ec GetTextMetricsW
0x55d0f0 CreateBitmap
0x55d0f4 SetBkColor
0x55d0f8 GetClipBox
0x55d0fc CreateDCW
0x55d100 GetBkColor
0x55d104 EnumFontFamiliesExW
0x55d108 SetTextColor
0x55d10c SetROP2
0x55d110 RoundRect
0x55d114 Ellipse
0x55d118 Rectangle
0x55d11c Polyline
0x55d120 CreatePatternBrush
0x55d124 SetPixel
0x55d128 GetDeviceCaps
0x55d12c SetBrushOrgEx
0x55d130 StretchBlt
0x55d134 GetStockObject
0x55d13c CreateFontIndirectW
0x55d140 CreateDIBSection
0x55d144 SetDIBColorTable
0x55d148 GetObjectW
0x55d14c CreateCompatibleDC
0x55d150 SetBkMode
0x55d154 SetStretchBltMode
0x55d158 DeleteDC
0x55d15c DeleteObject
0x55d160 SelectObject
Library MSIMG32.dll:
0x55d420 AlphaBlend
Library COMDLG32.dll:
0x55d044 GetFileTitleW
Library WINSPOOL.DRV:
0x55d7e4 ClosePrinter
0x55d7e8 GetJobW
0x55d7ec OpenPrinterW
0x55d7f0 DocumentPropertiesW
Library ADVAPI32.dll:
0x55d000 RegEnumKeyW
0x55d004 RegDeleteValueW
0x55d008 RegCreateKeyW
0x55d00c GetFileSecurityW
0x55d010 SetFileSecurityW
0x55d014 RegQueryValueW
0x55d018 RegOpenKeyW
0x55d01c RegSetValueExW
0x55d020 RegDeleteKeyW
0x55d024 RegOpenKeyExW
0x55d028 RegQueryValueExW
0x55d02c RegSetValueW
0x55d030 RegCreateKeyExW
0x55d034 RegCloseKey
Library SHELL32.dll:
0x55d448 SHGetFolderPathW
0x55d44c ShellExecuteW
0x55d454 SHBrowseForFolderW
0x55d45c SHFileOperationW
0x55d460 DragFinish
0x55d464 DragQueryFileW
0x55d468 SHGetFileInfoW
0x55d46c ExtractIconW
0x55d470 DragAcceptFiles
Library SHLWAPI.dll:
0x55d478 PathRemoveFileSpecW
0x55d47c StrToIntW
0x55d480 PathAddBackslashW
0x55d484 PathAppendW
0x55d488 PathUnquoteSpacesW
0x55d48c StrCmpIW
0x55d490 StrStrIW
0x55d494 SHDeleteKeyW
0x55d498 PathIsDirectoryW
0x55d4a0 PathFindFileNameW
0x55d4a8 PathFindExtensionW
0x55d4ac PathIsUNCW
0x55d4b0 PathFileExistsW
0x55d4b4 PathStripToRootW
Library ole32.dll:
0x55d93c CoUninitialize
0x55d940 CoTaskMemFree
0x55d944 CLSIDFromProgID
0x55d948 CoCreateInstance
0x55d94c OleRun
0x55d950 CoInitialize
0x55d958 CoInitializeEx
Library OLEAUT32.dll:
0x55d428 VariantClear
0x55d42c VariantInit
0x55d430 SysFreeString
0x55d434 SysAllocString
0x55d438 SysAllocStringLen
0x55d43c VariantChangeType
0x55d440 GetErrorInfo
Library urlmon.dll:
Library gdiplus.dll:
0x55d80c GdipFree
0x55d810 GdipDisposeImage
0x55d814 GdipAlloc
0x55d818 GdipCloneImage
0x55d820 GdipBitmapLockBits
0x55d824 GdipSetImagePalette
0x55d838 GdipGetPropertySize
0x55d844 GdipGetImageWidth
0x55d848 GdipGetImageHeight
0x55d854 GdipGetImageFlags
0x55d874 GdipDrawPolygonI
0x55d878 GdipSetPropertyItem
0x55d87c GdipCreatePen1
0x55d880 GdipFillPolygonI
0x55d884 GdipDeleteBrush
0x55d888 GdipCloneBrush
0x55d88c GdipCreateSolidFill
0x55d894 GdipDeleteGraphics
0x55d898 GdipCreateFromHDC
0x55d8a0 GdipFillRectangleI
0x55d8a4 GdipDrawImageRectI
0x55d8a8 GdipCreatePath
0x55d8ac GdipDeletePath
0x55d8b0 GdipAddPathPolygon
0x55d8b8 GdipAddPathLine
0x55d8c0 GdipSetPenMode
0x55d8c4 GdipSetPenDashStyle
0x55d8cc GdipSetPenStartCap
0x55d8d4 GdipSetPenEndCap
0x55d8d8 GdipDrawLineI
0x55d8dc GdipDrawRectangleI
0x55d8e0 GdipFillEllipseI
0x55d8e4 GdipDrawEllipseI
0x55d904 GdipMeasureString
0x55d908 GdipCreateFont
0x55d918 GdipDeleteFont
0x55d920 GdipDrawString
0x55d924 GdipBitmapGetPixel
0x55d928 GdipSaveImageToFile
0x55d92c GdiplusShutdown
0x55d930 GdiplusStartup
0x55d934 GdipDeletePen
Library UxTheme.dll:
0x55d79c OpenThemeData
0x55d7a0 DrawThemeBackground
0x55d7a4 CloseThemeData
Library VERSION.dll:
0x55d7ac VerQueryValueW
0x55d7b0 GetFileVersionInfoW
Library WININET.dll:
0x55d7bc HttpQueryInfoW
0x55d7c0 InternetReadFile
0x55d7c4 InternetCrackUrlW
0x55d7c8 InternetOpenW
0x55d7cc InternetSetOptionW
0x55d7d0 InternetConnectW
0x55d7d4 HttpOpenRequestW
0x55d7d8 HttpSendRequestW
0x55d7dc InternetCloseHandle
Library WS2_32.dll:
0x55d7f8 htonl
0x55d7fc htons
0x55d800 ntohs
0x55d804 ntohl

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58370 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.