5.0
中危
60 个模型检测该样本为恶意!
重新分析
更多

9f6ca81f9e658fca42b50aaacf38bb2aa842ae5ef28867883a69d4790f307fb4

8092baee3c9f70fad5f98c33212d660f.exe

分析耗时

48s

最近分析

文件大小

192.0KB
静态报毒 动态报毒 100% 8AMVQNABV8E AGEN AI SCORE=83 AIDETECTVM CONFIDENCE CRIDEX DOWNLOADER33 DRIDEX DRIXED GDSDA GENCIRC GENERICKDZ HIGH CONFIDENCE HNGSZI J+YZOXP7VI4 KCLOUD KRYPTIK KVMH008 MALICIOUS PE MALWARE2 MALWARE@#3TUS4GMRY55LX MKKM MU0@AKAINPGI PALLAS POSSIBLETHREAT R344316 S + TROJ SCORE STATIC AI TROJANX UNSAFE VIRUT ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Baidu 20190318 1.0.0.2
Avast Win32:TrojanX-gen [Trj] 20201209 21.1.5827.0
Alibaba TrojanDownloader:Win32/Dridex.94f7b10c 20190527 0.3.0.5
Kingsoft Win32.Heur.KVMH008.a.(kcloud) 20201210 2017.9.26.565
McAfee Drixed-FIY!8092BAEE3C9F 20201210 6.0.6.653
Tencent Malware.Win32.Gencirc.10cdde2e 20201210 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .rdar
One or more processes crashed (50 out of 65536 个事件)
Time & API Arguments Status Return Repeated
1619713573.699374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0x14551 @ 0x10014551
8092baee3c9f70fad5f98c33212d660f+0x254e @ 0x1000254e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637808
registers.edi: 260
registers.eax: 2010505254
registers.ebp: 1638240
registers.edx: 129161
registers.ebx: 3379230522
registers.esi: 0
registers.ecx: 2010505254
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.699374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0xbffb @ 0x1000bffb
8092baee3c9f70fad5f98c33212d660f+0x13dca @ 0x10013dca
8092baee3c9f70fad5f98c33212d660f+0x14551 @ 0x10014551
8092baee3c9f70fad5f98c33212d660f+0x254e @ 0x1000254e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637768
registers.edi: 128
registers.eax: 2010505254
registers.ebp: 1637804
registers.edx: 0
registers.ebx: 64
registers.esi: 36833232
registers.ecx: 128
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.699374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0xbffb @ 0x1000bffb
8092baee3c9f70fad5f98c33212d660f+0x13dca @ 0x10013dca
8092baee3c9f70fad5f98c33212d660f+0x14551 @ 0x10014551
8092baee3c9f70fad5f98c33212d660f+0x254e @ 0x1000254e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637768
registers.edi: 128
registers.eax: 2010505254
registers.ebp: 1637804
registers.edx: 0
registers.ebx: 64
registers.esi: 36833248
registers.ecx: 128
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.699374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0xbffb @ 0x1000bffb
8092baee3c9f70fad5f98c33212d660f+0x13dca @ 0x10013dca
8092baee3c9f70fad5f98c33212d660f+0x14551 @ 0x10014551
8092baee3c9f70fad5f98c33212d660f+0x254e @ 0x1000254e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637768
registers.edi: 128
registers.eax: 2010505254
registers.ebp: 1637804
registers.edx: 0
registers.ebx: 64
registers.esi: 36833264
registers.ecx: 128
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.699374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0xbffb @ 0x1000bffb
8092baee3c9f70fad5f98c33212d660f+0x13dca @ 0x10013dca
8092baee3c9f70fad5f98c33212d660f+0x14551 @ 0x10014551
8092baee3c9f70fad5f98c33212d660f+0x254e @ 0x1000254e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637768
registers.edi: 128
registers.eax: 2010505254
registers.ebp: 1637804
registers.edx: 0
registers.ebx: 64
registers.esi: 36833280
registers.ecx: 128
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.699374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0xbffb @ 0x1000bffb
8092baee3c9f70fad5f98c33212d660f+0x13dca @ 0x10013dca
8092baee3c9f70fad5f98c33212d660f+0x14551 @ 0x10014551
8092baee3c9f70fad5f98c33212d660f+0x254e @ 0x1000254e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637768
registers.edi: 128
registers.eax: 2010505254
registers.ebp: 1637804
registers.edx: 0
registers.ebx: 64
registers.esi: 36833296
registers.ecx: 128
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.699374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0xbffb @ 0x1000bffb
8092baee3c9f70fad5f98c33212d660f+0x13dca @ 0x10013dca
8092baee3c9f70fad5f98c33212d660f+0x14551 @ 0x10014551
8092baee3c9f70fad5f98c33212d660f+0x254e @ 0x1000254e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637768
registers.edi: 128
registers.eax: 2010505254
registers.ebp: 1637804
registers.edx: 0
registers.ebx: 64
registers.esi: 36833312
registers.ecx: 128
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.699374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0xbffb @ 0x1000bffb
8092baee3c9f70fad5f98c33212d660f+0x13dca @ 0x10013dca
8092baee3c9f70fad5f98c33212d660f+0x14551 @ 0x10014551
8092baee3c9f70fad5f98c33212d660f+0x254e @ 0x1000254e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637768
registers.edi: 128
registers.eax: 2010505254
registers.ebp: 1637804
registers.edx: 0
registers.ebx: 64
registers.esi: 36833328
registers.ecx: 128
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.699374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0xbffb @ 0x1000bffb
8092baee3c9f70fad5f98c33212d660f+0x13dca @ 0x10013dca
8092baee3c9f70fad5f98c33212d660f+0x14551 @ 0x10014551
8092baee3c9f70fad5f98c33212d660f+0x254e @ 0x1000254e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637768
registers.edi: 128
registers.eax: 2010505254
registers.ebp: 1637804
registers.edx: 0
registers.ebx: 64
registers.esi: 36833344
registers.ecx: 128
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.699374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0xbffb @ 0x1000bffb
8092baee3c9f70fad5f98c33212d660f+0x13dca @ 0x10013dca
8092baee3c9f70fad5f98c33212d660f+0x14551 @ 0x10014551
8092baee3c9f70fad5f98c33212d660f+0x254e @ 0x1000254e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637768
registers.edi: 128
registers.eax: 2010505254
registers.ebp: 1637804
registers.edx: 0
registers.ebx: 64
registers.esi: 36833360
registers.ecx: 128
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.699374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0xbffb @ 0x1000bffb
8092baee3c9f70fad5f98c33212d660f+0x13dca @ 0x10013dca
8092baee3c9f70fad5f98c33212d660f+0x14551 @ 0x10014551
8092baee3c9f70fad5f98c33212d660f+0x254e @ 0x1000254e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637768
registers.edi: 128
registers.eax: 2010505254
registers.ebp: 1637804
registers.edx: 0
registers.ebx: 64
registers.esi: 36833376
registers.ecx: 128
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.699374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0xbffb @ 0x1000bffb
8092baee3c9f70fad5f98c33212d660f+0x13dca @ 0x10013dca
8092baee3c9f70fad5f98c33212d660f+0x14551 @ 0x10014551
8092baee3c9f70fad5f98c33212d660f+0x254e @ 0x1000254e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637768
registers.edi: 128
registers.eax: 2010505254
registers.ebp: 1637804
registers.edx: 0
registers.ebx: 64
registers.esi: 36833392
registers.ecx: 128
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.699374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0xbffb @ 0x1000bffb
8092baee3c9f70fad5f98c33212d660f+0x13dca @ 0x10013dca
8092baee3c9f70fad5f98c33212d660f+0x14551 @ 0x10014551
8092baee3c9f70fad5f98c33212d660f+0x254e @ 0x1000254e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637768
registers.edi: 128
registers.eax: 2010505254
registers.ebp: 1637804
registers.edx: 0
registers.ebx: 64
registers.esi: 36833408
registers.ecx: 128
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.699374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0xbffb @ 0x1000bffb
8092baee3c9f70fad5f98c33212d660f+0x13dca @ 0x10013dca
8092baee3c9f70fad5f98c33212d660f+0x14551 @ 0x10014551
8092baee3c9f70fad5f98c33212d660f+0x254e @ 0x1000254e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637768
registers.edi: 128
registers.eax: 2010505254
registers.ebp: 1637804
registers.edx: 0
registers.ebx: 64
registers.esi: 36833424
registers.ecx: 128
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.699374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0xbffb @ 0x1000bffb
8092baee3c9f70fad5f98c33212d660f+0x13dca @ 0x10013dca
8092baee3c9f70fad5f98c33212d660f+0x14551 @ 0x10014551
8092baee3c9f70fad5f98c33212d660f+0x254e @ 0x1000254e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637768
registers.edi: 128
registers.eax: 2010505254
registers.ebp: 1637804
registers.edx: 0
registers.ebx: 64
registers.esi: 36833440
registers.ecx: 128
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.699374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0xbffb @ 0x1000bffb
8092baee3c9f70fad5f98c33212d660f+0x13dca @ 0x10013dca
8092baee3c9f70fad5f98c33212d660f+0x14551 @ 0x10014551
8092baee3c9f70fad5f98c33212d660f+0x254e @ 0x1000254e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637768
registers.edi: 128
registers.eax: 2010505254
registers.ebp: 1637804
registers.edx: 0
registers.ebx: 64
registers.esi: 36833456
registers.ecx: 128
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.699374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0xbffb @ 0x1000bffb
8092baee3c9f70fad5f98c33212d660f+0x13dca @ 0x10013dca
8092baee3c9f70fad5f98c33212d660f+0x14551 @ 0x10014551
8092baee3c9f70fad5f98c33212d660f+0x254e @ 0x1000254e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637768
registers.edi: 128
registers.eax: 2010505254
registers.ebp: 1637804
registers.edx: 0
registers.ebx: 64
registers.esi: 36833472
registers.ecx: 128
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.715374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0x1430b @ 0x1001430b
8092baee3c9f70fad5f98c33212d660f+0x254e @ 0x1000254e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637024
registers.edi: 1024
registers.eax: 2010505254
registers.ebp: 1638084
registers.edx: 0
registers.ebx: 1638104
registers.esi: 23
registers.ecx: 1024
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.715374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0x254e @ 0x1000254e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638068
registers.edi: 388
registers.eax: 2010505254
registers.ebp: 1638256
registers.edx: 0
registers.ebx: 1983119360
registers.esi: 784896
registers.ecx: 388
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.715374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0xbf2b @ 0x1000bf2b
8092baee3c9f70fad5f98c33212d660f+0x1441f @ 0x1001441f
8092baee3c9f70fad5f98c33212d660f+0x254e @ 0x1000254e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638028
registers.edi: 64
registers.eax: 2010505254
registers.ebp: 1638064
registers.edx: 0
registers.ebx: 64
registers.esi: 36836712
registers.ecx: 64
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.715374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0xbf2b @ 0x1000bf2b
8092baee3c9f70fad5f98c33212d660f+0x1441f @ 0x1001441f
8092baee3c9f70fad5f98c33212d660f+0x254e @ 0x1000254e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638028
registers.edi: 64
registers.eax: 2010505254
registers.ebp: 1638064
registers.edx: 0
registers.ebx: 64
registers.esi: 36836736
registers.ecx: 64
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.715374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0xbf2b @ 0x1000bf2b
8092baee3c9f70fad5f98c33212d660f+0x1441f @ 0x1001441f
8092baee3c9f70fad5f98c33212d660f+0x254e @ 0x1000254e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638028
registers.edi: 64
registers.eax: 2010505254
registers.ebp: 1638064
registers.edx: 0
registers.ebx: 64
registers.esi: 36836760
registers.ecx: 64
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.715374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0xbf2b @ 0x1000bf2b
8092baee3c9f70fad5f98c33212d660f+0x1441f @ 0x1001441f
8092baee3c9f70fad5f98c33212d660f+0x254e @ 0x1000254e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638028
registers.edi: 64
registers.eax: 2010505254
registers.ebp: 1638064
registers.edx: 0
registers.ebx: 64
registers.esi: 36836784
registers.ecx: 64
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.715374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0xbf2b @ 0x1000bf2b
8092baee3c9f70fad5f98c33212d660f+0x1441f @ 0x1001441f
8092baee3c9f70fad5f98c33212d660f+0x254e @ 0x1000254e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638028
registers.edi: 64
registers.eax: 2010505254
registers.ebp: 1638064
registers.edx: 0
registers.ebx: 64
registers.esi: 36836808
registers.ecx: 64
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.715374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0xbf2b @ 0x1000bf2b
8092baee3c9f70fad5f98c33212d660f+0x1441f @ 0x1001441f
8092baee3c9f70fad5f98c33212d660f+0x254e @ 0x1000254e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638028
registers.edi: 64
registers.eax: 2010505254
registers.ebp: 1638064
registers.edx: 0
registers.ebx: 64
registers.esi: 36836832
registers.ecx: 64
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.715374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0xbf2b @ 0x1000bf2b
8092baee3c9f70fad5f98c33212d660f+0x1441f @ 0x1001441f
8092baee3c9f70fad5f98c33212d660f+0x254e @ 0x1000254e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638028
registers.edi: 64
registers.eax: 2010505254
registers.ebp: 1638064
registers.edx: 0
registers.ebx: 64
registers.esi: 36836856
registers.ecx: 64
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.715374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0xbf2b @ 0x1000bf2b
8092baee3c9f70fad5f98c33212d660f+0x1441f @ 0x1001441f
8092baee3c9f70fad5f98c33212d660f+0x254e @ 0x1000254e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638028
registers.edi: 64
registers.eax: 2010505254
registers.ebp: 1638064
registers.edx: 0
registers.ebx: 64
registers.esi: 36836880
registers.ecx: 64
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.715374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0xbf2b @ 0x1000bf2b
8092baee3c9f70fad5f98c33212d660f+0x1441f @ 0x1001441f
8092baee3c9f70fad5f98c33212d660f+0x254e @ 0x1000254e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638028
registers.edi: 64
registers.eax: 2010505254
registers.ebp: 1638064
registers.edx: 0
registers.ebx: 64
registers.esi: 36836904
registers.ecx: 64
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.715374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0xbf2b @ 0x1000bf2b
8092baee3c9f70fad5f98c33212d660f+0x1441f @ 0x1001441f
8092baee3c9f70fad5f98c33212d660f+0x254e @ 0x1000254e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638028
registers.edi: 64
registers.eax: 2010505254
registers.ebp: 1638064
registers.edx: 0
registers.ebx: 64
registers.esi: 36836928
registers.ecx: 64
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.715374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0xbf2b @ 0x1000bf2b
8092baee3c9f70fad5f98c33212d660f+0x1441f @ 0x1001441f
8092baee3c9f70fad5f98c33212d660f+0x254e @ 0x1000254e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638028
registers.edi: 64
registers.eax: 2010505254
registers.ebp: 1638064
registers.edx: 0
registers.ebx: 64
registers.esi: 36836952
registers.ecx: 64
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.715374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0xbf2b @ 0x1000bf2b
8092baee3c9f70fad5f98c33212d660f+0x1441f @ 0x1001441f
8092baee3c9f70fad5f98c33212d660f+0x254e @ 0x1000254e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638028
registers.edi: 64
registers.eax: 2010505254
registers.ebp: 1638064
registers.edx: 0
registers.ebx: 64
registers.esi: 36836976
registers.ecx: 64
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.715374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0xbf2b @ 0x1000bf2b
8092baee3c9f70fad5f98c33212d660f+0x1441f @ 0x1001441f
8092baee3c9f70fad5f98c33212d660f+0x254e @ 0x1000254e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638028
registers.edi: 64
registers.eax: 2010505254
registers.ebp: 1638064
registers.edx: 0
registers.ebx: 64
registers.esi: 36837000
registers.ecx: 64
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.715374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0xbf2b @ 0x1000bf2b
8092baee3c9f70fad5f98c33212d660f+0x1441f @ 0x1001441f
8092baee3c9f70fad5f98c33212d660f+0x254e @ 0x1000254e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638028
registers.edi: 64
registers.eax: 2010505254
registers.ebp: 1638064
registers.edx: 0
registers.ebx: 64
registers.esi: 36837024
registers.ecx: 64
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.715374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0xbf2b @ 0x1000bf2b
8092baee3c9f70fad5f98c33212d660f+0x1441f @ 0x1001441f
8092baee3c9f70fad5f98c33212d660f+0x254e @ 0x1000254e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638028
registers.edi: 64
registers.eax: 2010505254
registers.ebp: 1638064
registers.edx: 0
registers.ebx: 64
registers.esi: 36837048
registers.ecx: 64
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.715374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0xbf2b @ 0x1000bf2b
8092baee3c9f70fad5f98c33212d660f+0x1441f @ 0x1001441f
8092baee3c9f70fad5f98c33212d660f+0x254e @ 0x1000254e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638028
registers.edi: 64
registers.eax: 2010505254
registers.ebp: 1638064
registers.edx: 0
registers.ebx: 64
registers.esi: 36837072
registers.ecx: 64
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.715374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0x25fb @ 0x100025fb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637796
registers.edi: 0
registers.eax: 1983867560
registers.ebp: 1638264
registers.edx: 1637477
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 1983867560
exception.instruction_r: cc c3 c7 05 95 61 02 10 00 00 00 00 c7 05 8d 61
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0x266d
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 9837
exception.address: 0x1000266d
success 0 0
1619713573.715374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0x21747 @ 0x10021747
8092baee3c9f70fad5f98c33212d660f+0xe1db @ 0x1000e1db
8092baee3c9f70fad5f98c33212d660f+0x26bb @ 0x100026bb
8092baee3c9f70fad5f98c33212d660f+0x25fb @ 0x100025fb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637696
registers.edi: 4
registers.eax: 1985273620
registers.ebp: 1637728
registers.edx: 1637463
registers.ebx: 1637744
registers.esi: 0
registers.ecx: 1637724
exception.instruction_r: cc c3 85 c0 75 09 e8 02 23 ff ff 85 c0 75 44 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0x217a3
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 137123
exception.address: 0x100217a3
success 0 0
1619713573.715374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0x21747 @ 0x10021747
8092baee3c9f70fad5f98c33212d660f+0xe1db @ 0x1000e1db
8092baee3c9f70fad5f98c33212d660f+0x26bb @ 0x100026bb
8092baee3c9f70fad5f98c33212d660f+0x25fb @ 0x100025fb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637700
registers.edi: 4
registers.eax: 1985273800
registers.ebp: 1637728
registers.edx: 1637485
registers.ebx: 1637744
registers.esi: 2932608
registers.ecx: 1985273800
exception.instruction_r: cc c3 85 f6 74 1d 83 fe ff 74 18 68 ea 9e a1 f8
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0x217cc
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 137164
exception.address: 0x100217cc
success 0 0
1619713573.715374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0x21747 @ 0x10021747
8092baee3c9f70fad5f98c33212d660f+0xe1db @ 0x1000e1db
8092baee3c9f70fad5f98c33212d660f+0x26bb @ 0x100026bb
8092baee3c9f70fad5f98c33212d660f+0x25fb @ 0x100025fb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637704
registers.edi: 4
registers.eax: 1985274148
registers.ebp: 1637728
registers.edx: 1637492
registers.ebx: 1637744
registers.esi: 2932608
registers.ecx: 1985274148
exception.instruction_r: cc c3 5e 5f 5b 8b e5 5d c3 57 6a 00 53 e8 81 9e
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0x217ed
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 137197
exception.address: 0x100217ed
success 0 0
1619713573.715374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0xe1ff @ 0x1000e1ff
8092baee3c9f70fad5f98c33212d660f+0x26bb @ 0x100026bb
8092baee3c9f70fad5f98c33212d660f+0x25fb @ 0x100025fb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637708
registers.edi: 64
registers.eax: 2010505254
registers.ebp: 1637744
registers.edx: 36836712
registers.ebx: 64
registers.esi: 1638204
registers.ecx: 64
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0xb2d1
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 45777
exception.address: 0x1000b2d1
success 0 0
1619713573.715374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0x21747 @ 0x10021747
8092baee3c9f70fad5f98c33212d660f+0xe21c @ 0x1000e21c
8092baee3c9f70fad5f98c33212d660f+0x26bb @ 0x100026bb
8092baee3c9f70fad5f98c33212d660f+0x25fb @ 0x100025fb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637696
registers.edi: 4
registers.eax: 1985273620
registers.ebp: 1637728
registers.edx: 36836712
registers.ebx: 1637744
registers.esi: 0
registers.ecx: 1637724
exception.instruction_r: cc c3 85 c0 75 09 e8 02 23 ff ff 85 c0 75 44 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0x217a3
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 137123
exception.address: 0x100217a3
success 0 0
1619713573.715374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0x21747 @ 0x10021747
8092baee3c9f70fad5f98c33212d660f+0xe21c @ 0x1000e21c
8092baee3c9f70fad5f98c33212d660f+0x26bb @ 0x100026bb
8092baee3c9f70fad5f98c33212d660f+0x25fb @ 0x100025fb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637700
registers.edi: 4
registers.eax: 1985273800
registers.ebp: 1637728
registers.edx: 36836712
registers.ebx: 1637744
registers.esi: 2933568
registers.ecx: 3
exception.instruction_r: cc c3 85 f6 74 1d 83 fe ff 74 18 68 ea 9e a1 f8
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0x217cc
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 137164
exception.address: 0x100217cc
success 0 0
1619713573.715374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0x21747 @ 0x10021747
8092baee3c9f70fad5f98c33212d660f+0xe21c @ 0x1000e21c
8092baee3c9f70fad5f98c33212d660f+0x26bb @ 0x100026bb
8092baee3c9f70fad5f98c33212d660f+0x25fb @ 0x100025fb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637704
registers.edi: 4
registers.eax: 1985274148
registers.ebp: 1637728
registers.edx: 36836712
registers.ebx: 1637744
registers.esi: 2933568
registers.ecx: 4
exception.instruction_r: cc c3 5e 5f 5b 8b e5 5d c3 57 6a 00 53 e8 81 9e
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0x217ed
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 137197
exception.address: 0x100217ed
success 0 0
1619713573.715374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0x21747 @ 0x10021747
8092baee3c9f70fad5f98c33212d660f+0xe21c @ 0x1000e21c
8092baee3c9f70fad5f98c33212d660f+0x26bb @ 0x100026bb
8092baee3c9f70fad5f98c33212d660f+0x25fb @ 0x100025fb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637696
registers.edi: 4
registers.eax: 1985273620
registers.ebp: 1637728
registers.edx: 36836712
registers.ebx: 1637744
registers.esi: 0
registers.ecx: 1637724
exception.instruction_r: cc c3 85 c0 75 09 e8 02 23 ff ff 85 c0 75 44 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0x217a3
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 137123
exception.address: 0x100217a3
success 0 0
1619713573.715374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0x21747 @ 0x10021747
8092baee3c9f70fad5f98c33212d660f+0xe21c @ 0x1000e21c
8092baee3c9f70fad5f98c33212d660f+0x26bb @ 0x100026bb
8092baee3c9f70fad5f98c33212d660f+0x25fb @ 0x100025fb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637700
registers.edi: 4
registers.eax: 1985273800
registers.ebp: 1637728
registers.edx: 36836712
registers.ebx: 1637744
registers.esi: 2933568
registers.ecx: 3
exception.instruction_r: cc c3 85 f6 74 1d 83 fe ff 74 18 68 ea 9e a1 f8
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0x217cc
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 137164
exception.address: 0x100217cc
success 0 0
1619713573.715374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0x21747 @ 0x10021747
8092baee3c9f70fad5f98c33212d660f+0xe21c @ 0x1000e21c
8092baee3c9f70fad5f98c33212d660f+0x26bb @ 0x100026bb
8092baee3c9f70fad5f98c33212d660f+0x25fb @ 0x100025fb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637704
registers.edi: 4
registers.eax: 1985274148
registers.ebp: 1637728
registers.edx: 36836712
registers.ebx: 1637744
registers.esi: 2933568
registers.ecx: 4
exception.instruction_r: cc c3 5e 5f 5b 8b e5 5d c3 57 6a 00 53 e8 81 9e
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0x217ed
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 137197
exception.address: 0x100217ed
success 0 0
1619713573.715374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0x21747 @ 0x10021747
8092baee3c9f70fad5f98c33212d660f+0xe21c @ 0x1000e21c
8092baee3c9f70fad5f98c33212d660f+0x26bb @ 0x100026bb
8092baee3c9f70fad5f98c33212d660f+0x25fb @ 0x100025fb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637696
registers.edi: 4
registers.eax: 1985273620
registers.ebp: 1637728
registers.edx: 36836712
registers.ebx: 1637744
registers.esi: 0
registers.ecx: 1637724
exception.instruction_r: cc c3 85 c0 75 09 e8 02 23 ff ff 85 c0 75 44 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0x217a3
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 137123
exception.address: 0x100217a3
success 0 0
1619713573.715374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0x21747 @ 0x10021747
8092baee3c9f70fad5f98c33212d660f+0xe21c @ 0x1000e21c
8092baee3c9f70fad5f98c33212d660f+0x26bb @ 0x100026bb
8092baee3c9f70fad5f98c33212d660f+0x25fb @ 0x100025fb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637700
registers.edi: 4
registers.eax: 1985273800
registers.ebp: 1637728
registers.edx: 36836712
registers.ebx: 1637744
registers.esi: 2933568
registers.ecx: 3
exception.instruction_r: cc c3 85 f6 74 1d 83 fe ff 74 18 68 ea 9e a1 f8
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0x217cc
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 137164
exception.address: 0x100217cc
success 0 0
1619713573.715374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0x21747 @ 0x10021747
8092baee3c9f70fad5f98c33212d660f+0xe21c @ 0x1000e21c
8092baee3c9f70fad5f98c33212d660f+0x26bb @ 0x100026bb
8092baee3c9f70fad5f98c33212d660f+0x25fb @ 0x100025fb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637704
registers.edi: 4
registers.eax: 1985274148
registers.ebp: 1637728
registers.edx: 36836712
registers.ebx: 1637744
registers.esi: 2933568
registers.ecx: 4
exception.instruction_r: cc c3 5e 5f 5b 8b e5 5d c3 57 6a 00 53 e8 81 9e
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0x217ed
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 137197
exception.address: 0x100217ed
success 0 0
1619713573.715374
__exception__
stacktrace: 
8092baee3c9f70fad5f98c33212d660f+0x21747 @ 0x10021747
8092baee3c9f70fad5f98c33212d660f+0xe21c @ 0x1000e21c
8092baee3c9f70fad5f98c33212d660f+0x26bb @ 0x100026bb
8092baee3c9f70fad5f98c33212d660f+0x25fb @ 0x100025fb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637696
registers.edi: 4
registers.eax: 1985273620
registers.ebp: 1637728
registers.edx: 36836712
registers.ebx: 1637744
registers.esi: 0
registers.ecx: 1637724
exception.instruction_r: cc c3 85 c0 75 09 e8 02 23 ff ff 85 c0 75 44 56
exception.symbol: 8092baee3c9f70fad5f98c33212d660f+0x217a3
exception.instruction: int3
exception.module: 8092baee3c9f70fad5f98c33212d660f.exe
exception.exception_code: 0x80000003
exception.offset: 137123
exception.address: 0x100217a3
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619713573.668374
NtAllocateVirtualMemory
process_identifier: 1888
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x022b0000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (3 个事件)
entropy 7.959817218561944 section {'size_of_data': '0x00019000', 'virtual_address': '0x00004000', 'entropy': 7.959817218561944, 'name': '.rdata', 'virtual_size': '0x00018ae6'} description A section with a high entropy has been found
entropy 7.845101776107687 section {'size_of_data': '0x00011000', 'virtual_address': '0x0001d000', 'entropy': 7.845101776107687, 'name': '.data', 'virtual_size': '0x00010aa3'} description A section with a high entropy has been found
entropy 0.8936170212765957 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Tries to unhook Windows functions monitored by Cuckoo (1 个事件)
Time & API Arguments Status Return Repeated
1619713590.402374
__anomaly__
subcategory: exception
tid: 1916
message: Encountered 65537 exceptions, quitting.
function_name:
success 0 0
File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.68539
Qihoo-360 Win32/Trojan.fc8
ALYac Trojan.GenericKDZ.68539
Cylance Unsafe
Zillya Trojan.Kryptik.Win32.2105921
Sangfor Malware
K7AntiVirus Trojan ( 005669021 )
BitDefender Trojan.GenericKDZ.68539
K7GW Trojan ( 005669021 )
Cybereason malicious.58c20c
Cyren W32/Trojan.MKKM-3212
Symantec Packed.Generic.553
APEX Malicious
Avast Win32:TrojanX-gen [Trj]
Kaspersky HEUR:Trojan-Downloader.Win32.Cridex.vho
Alibaba TrojanDownloader:Win32/Dridex.94f7b10c
NANO-Antivirus Trojan.Win32.Cridex.hngszi
AegisLab Trojan.Win32.Cridex.a!c
Rising Downloader.Cridex!8.F70 (TFE:2:8aMVqNAbv8E)
Ad-Aware Trojan.GenericKDZ.68539
Emsisoft Trojan.GenericKDZ.68539 (B)
Comodo Malware@#3tus4gmry55lx
F-Secure Heuristic.HEUR/AGEN.1138488
DrWeb Trojan.DownLoader33.61023
VIPRE LooksLike.Win32.Dridex.e (v)
McAfee-GW-Edition BehavesLike.Win32.Virut.cc
FireEye Generic.mg.8092baee3c9f70fa
Sophos Mal/Generic-S + Troj/Dridex-ADN
Ikarus Trojan.Win32.Crypt
Jiangmin TrojanDownloader.Cridex.up
Webroot W32.Cridex
Avira HEUR/AGEN.1138488
MAX malware (ai score=83)
Antiy-AVL Trojan[Downloader]/Win32.Cridex
Kingsoft Win32.Heur.KVMH008.a.(kcloud)
Microsoft Trojan:Win32/Dridex.ARJ!MTB
Gridinsoft Trojan.Heur!.02052021
Arcabit Trojan.Generic.D10BBB
ZoneAlarm HEUR:Trojan-Downloader.Win32.Cridex.vho
GData Trojan.GenericKDZ.68539
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Dridex.R344316
Acronis suspicious
McAfee Drixed-FIY!8092BAEE3C9F
VBA32 TrojanDownloader.Cridex
Malwarebytes Trojan.Dridex
Panda Trj/GdSda.A
Zoner Trojan.Win32.94611
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.78:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-07-09 09:57:42

Imports

Library RPCRT4.dll:
Library Secur32.dll:
0x100040ac DeleteSecurityContext
0x100040b0 GetComputerObjectNameA
Library GDI32.dll:
0x1000401c SetViewportOrgEx
0x10004020 CreatePatternBrush
0x10004024 RemoveFontResourceW
Library ADVAPI32.dll:
0x10004000 OpenServiceW
0x10004004 SetNamedSecurityInfoW
Library SHLWAPI.dll:
0x10004098 UrlGetLocationA
0x1000409c PathGetArgsW
0x100040a0 PathRemoveExtensionA
0x100040a4 SHRegQueryUSValueW
Library ESENT.dll:
0x10004014 JetCommitTransaction
Library USER32.dll:
0x100040b8 CopyImage
0x100040bc IsCharUpperA
0x100040c0 ArrangeIconicWindows
0x100040c4 GetMenuItemInfoA
0x100040c8 MessageBoxIndirectW
0x100040cc NotifyWinEvent
0x100040d8 UnregisterClassA
Library WININET.dll:
Library KERNEL32.dll:
0x10004038 TerminateThread
0x1000403c LoadLibraryW
0x10004040 LoadLibraryA
0x10004044 CloseHandle
0x10004048 GetModuleFileNameA
0x1000404c HeapValidate
0x10004050 OpenSemaphoreA
0x10004054 EraseTape
0x10004058 SetConsoleWindowInfo
0x1000405c GetTapePosition
0x10004060 GetProcAddress
0x10004064 GetLastError
Library MPRAPI.dll:
Library IPHLPAPI.DLL:
0x1000402c GetNetworkParams
0x10004030 GetTcpStatistics
Library OLEAUT32.dll:
0x10004074 SafeArrayCreateVector
0x10004078 VarDecFromR8
Library pdh.dll:
0x10004108 PdhParseCounterPathW
Library ole32.dll:
Library SETUPAPI.dll:
0x10004090 SetupGetSourceInfoW
Library WINSPOOL.DRV:
0x100040ec AddPrinterW
Library CRYPT32.dll:
Library msvcrt.dll:
0x100040f4 strcoll

Exports

Ordinal Address Name
1 0x1001c2f3 mvbFp6

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49236 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.