2.8
中危
61 个模型检测该样本为恶意!
重新分析
更多

2bd5a5a663b3a2818136ba7f1b3c431c50de70e70416b9bcdce3fee23ee3353e

8a284bd4b467f47a0c7f32e9d5bb99ea.exe

分析耗时

72s

最近分析

文件大小

149.5KB
静态报毒 动态报毒 AI SCORE=85 AIDETECTVM ATTRIBUTE BANKERX BSCOPE BZFQP CONFIDENCE EGAI ELDORADO ENCPK FRGC GCPYEI GDSDA GENCIRC GOZI HIGH CONFIDENCE HIGHCONFIDENCE JU1@AMYZXUGI KRYPT KTSE MALICIOUS PE MALWARE2 MALWARE@#1M6VYBU1WJN6P R002C0DD320 R294003 S8321268 SUSGEN TH+V1Q52TJI TR2X TROJANBANKER UNSAFE URSNIF VBKRYPT WACATACRI ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba TrojanBanker:Win32/Ursnif.eede2416 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Kingsoft 20200429 2013.8.14.323
McAfee Trojan-FRGC!8A284BD4B467 20200429 6.0.6.653
Tencent Malware.Win32.Gencirc.114b33ce 20200429 1.0.0.1
Avast Win32:BankerX-gen [Trj] 20200428 18.4.3895.0
CrowdStrike win/malicious_confidence_70% (W) 20190702 1.0
静态指标
Queries for the computername (3 个事件)
Time & API Arguments Status Return Repeated
1619686165.626567
GetComputerNameW
computer_name:
failed 0 0
1619686165.626567
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619686175.922567
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
This executable has a PDB path (1 个事件)
pdb_path c:\Wrote\Sea\Atom\ShopOne.pdb
One or more processes crashed (50 out of 31168 个事件)
Time & API Arguments Status Return Repeated
1619686155.704567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1951 @ 0xe1951
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518536
registers.edi: 4194459
registers.eax: 0
registers.ebp: 4518560
registers.edx: 2130566132
registers.ebx: 917504
registers.esi: 0
registers.ecx: 3754360832
exception.instruction_r: 8b 0d a7 40 0e 00 2b 0d b3 40 0e 00 03 0d ab 40
exception.symbol: 8a284bd4b467f47a0c7f32e9d5bb99ea+0x1bf0
exception.instruction: mov ecx, dword ptr [0xe40a7]
exception.module: 8a284bd4b467f47a0c7f32e9d5bb99ea.exe
exception.exception_code: 0xc0000005
exception.offset: 7152
exception.address: 0xe1bf0
success 0 0
1619686155.704567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1951 @ 0xe1951
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518536
registers.edi: 4194459
registers.eax: 0
registers.ebp: 4518560
registers.edx: 2130566132
registers.ebx: 917504
registers.esi: 0
registers.ecx: 1952870227
exception.instruction_r: 2b 0d b3 40 0e 00 03 0d ab 40 0e 00 89 0d 08 31
exception.symbol: 8a284bd4b467f47a0c7f32e9d5bb99ea+0x1bf6
exception.instruction: sub ecx, dword ptr [0xe40b3]
exception.module: 8a284bd4b467f47a0c7f32e9d5bb99ea.exe
exception.exception_code: 0x80000004
exception.offset: 7158
exception.address: 0xe1bf6
success 0 0
1619686155.704567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1951 @ 0xe1951
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518536
registers.edi: 4194459
registers.eax: 0
registers.ebp: 4518560
registers.edx: 2130566132
registers.ebx: 917504
registers.esi: 0
registers.ecx: 1952870227
exception.instruction_r: 2b 0d b3 40 0e 00 03 0d ab 40 0e 00 89 0d 08 31
exception.symbol: 8a284bd4b467f47a0c7f32e9d5bb99ea+0x1bf6
exception.instruction: sub ecx, dword ptr [0xe40b3]
exception.module: 8a284bd4b467f47a0c7f32e9d5bb99ea.exe
exception.exception_code: 0xc0000005
exception.offset: 7158
exception.address: 0xe1bf6
success 0 0
1619686155.704567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1951 @ 0xe1951
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518536
registers.edi: 4194459
registers.eax: 0
registers.ebp: 4518560
registers.edx: 2130566132
registers.ebx: 917504
registers.esi: 0
registers.ecx: 317853199
exception.instruction_r: 03 0d ab 40 0e 00 89 0d 08 31 0e 00 5b c9 c3 51
exception.symbol: 8a284bd4b467f47a0c7f32e9d5bb99ea+0x1bfc
exception.instruction: add ecx, dword ptr [0xe40ab]
exception.module: 8a284bd4b467f47a0c7f32e9d5bb99ea.exe
exception.exception_code: 0x80000004
exception.offset: 7164
exception.address: 0xe1bfc
success 0 0
1619686155.704567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1951 @ 0xe1951
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518536
registers.edi: 4194459
registers.eax: 0
registers.ebp: 4518560
registers.edx: 2130566132
registers.ebx: 917504
registers.esi: 0
registers.ecx: 317853199
exception.instruction_r: 03 0d ab 40 0e 00 89 0d 08 31 0e 00 5b c9 c3 51
exception.symbol: 8a284bd4b467f47a0c7f32e9d5bb99ea+0x1bfc
exception.instruction: add ecx, dword ptr [0xe40ab]
exception.module: 8a284bd4b467f47a0c7f32e9d5bb99ea.exe
exception.exception_code: 0xc0000005
exception.offset: 7164
exception.address: 0xe1bfc
success 0 0
1619686155.704567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1951 @ 0xe1951
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518536
registers.edi: 4194459
registers.eax: 0
registers.ebp: 4518560
registers.edx: 2130566132
registers.ebx: 917504
registers.esi: 0
registers.ecx: 2019848070
exception.instruction_r: 89 0d 08 31 0e 00 5b c9 c3 51 53 56 8b f0 8b 46
exception.symbol: 8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c02
exception.instruction: mov dword ptr [0xe3108], ecx
exception.module: 8a284bd4b467f47a0c7f32e9d5bb99ea.exe
exception.exception_code: 0x80000004
exception.offset: 7170
exception.address: 0xe1c02
success 0 0
1619686155.719567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518552
registers.edi: 4518608
registers.eax: 40539536
registers.ebp: 4518672
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 40539536
registers.ecx: 3754360832
exception.instruction_r: 8b 46 3c 8b 44 30 50 6a 04 05 ff 0f 00 00 68 00
exception.symbol: 8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c10
exception.instruction: mov eax, dword ptr [esi + 0x3c]
exception.module: 8a284bd4b467f47a0c7f32e9d5bb99ea.exe
exception.exception_code: 0xc0000005
exception.offset: 7184
exception.address: 0xe1c10
success 0 0
1619686155.719567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518552
registers.edi: 4518608
registers.eax: 256
registers.ebp: 4518672
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 40539536
registers.ecx: 3754360832
exception.instruction_r: 8b 44 30 50 6a 04 05 ff 0f 00 00 68 00 10 00 00
exception.symbol: 8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c13
exception.instruction: mov eax, dword ptr [eax + esi + 0x50]
exception.module: 8a284bd4b467f47a0c7f32e9d5bb99ea.exe
exception.exception_code: 0x80000004
exception.offset: 7187
exception.address: 0xe1c13
success 0 0
1619686155.719567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518552
registers.edi: 4518608
registers.eax: 256
registers.ebp: 4518672
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 40539536
registers.ecx: 3754360832
exception.instruction_r: 8b 44 30 50 6a 04 05 ff 0f 00 00 68 00 10 00 00
exception.symbol: 8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c13
exception.instruction: mov eax, dword ptr [eax + esi + 0x50]
exception.module: 8a284bd4b467f47a0c7f32e9d5bb99ea.exe
exception.exception_code: 0xc0000005
exception.offset: 7187
exception.address: 0xe1c13
success 0 0
1619686155.719567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518552
registers.edi: 4518608
registers.eax: 61440
registers.ebp: 4518672
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 40539536
registers.ecx: 3754360832
exception.instruction_r: 6a 04 05 ff 0f 00 00 68 00 10 00 00 25 00 f0 ff
exception.symbol: 8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c17
exception.instruction: push 4
exception.module: 8a284bd4b467f47a0c7f32e9d5bb99ea.exe
exception.exception_code: 0x80000004
exception.offset: 7191
exception.address: 0xe1c17
success 0 0
1619686155.719567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518532
registers.edi: 4518608
registers.eax: 9371648
registers.ebp: 4518536
registers.edx: 40539536
registers.ebx: 9371648
registers.esi: 40539536
registers.ecx: 3754360832
exception.instruction_r: 8b 42 3c 03 c2 0f b7 48 14 53 0f b7 58 06 56 57
exception.symbol: 8a284bd4b467f47a0c7f32e9d5bb99ea+0x1007
exception.instruction: mov eax, dword ptr [edx + 0x3c]
exception.module: 8a284bd4b467f47a0c7f32e9d5bb99ea.exe
exception.exception_code: 0xc0000005
exception.offset: 4103
exception.address: 0xe1007
success 0 0
1619686155.719567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518532
registers.edi: 4518608
registers.eax: 256
registers.ebp: 4518536
registers.edx: 40539536
registers.ebx: 9371648
registers.esi: 40539536
registers.ecx: 3754360832
exception.instruction_r: 03 c2 0f b7 48 14 53 0f b7 58 06 56 57 8b 78 3c
exception.symbol: 8a284bd4b467f47a0c7f32e9d5bb99ea+0x100a
exception.instruction: add eax, edx
exception.module: 8a284bd4b467f47a0c7f32e9d5bb99ea.exe
exception.exception_code: 0x80000004
exception.offset: 4106
exception.address: 0xe100a
success 0 0
1619686155.719567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518532
registers.edi: 4518608
registers.eax: 40539792
registers.ebp: 4518536
registers.edx: 40539536
registers.ebx: 9371648
registers.esi: 40539536
registers.ecx: 3754360832
exception.instruction_r: 0f b7 48 14 53 0f b7 58 06 56 57 8b 78 3c 8d 74
exception.symbol: 8a284bd4b467f47a0c7f32e9d5bb99ea+0x100c
exception.instruction: movzx ecx, word ptr [eax + 0x14]
exception.module: 8a284bd4b467f47a0c7f32e9d5bb99ea.exe
exception.exception_code: 0xc0000005
exception.offset: 4108
exception.address: 0xe100c
success 0 0
1619686155.719567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518532
registers.edi: 4518608
registers.eax: 40539792
registers.ebp: 4518536
registers.edx: 40539536
registers.ebx: 9371648
registers.esi: 40539536
registers.ecx: 224
exception.instruction_r: 53 0f b7 58 06 56 57 8b 78 3c 8d 74 01 18 0f b7
exception.symbol: 8a284bd4b467f47a0c7f32e9d5bb99ea+0x1010
exception.instruction: push ebx
exception.module: 8a284bd4b467f47a0c7f32e9d5bb99ea.exe
exception.exception_code: 0x80000004
exception.offset: 4112
exception.address: 0xe1010
success 0 0
1619686155.719567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518528
registers.edi: 4518608
registers.eax: 40539792
registers.ebp: 4518536
registers.edx: 40539536
registers.ebx: 9371648
registers.esi: 40539536
registers.ecx: 224
exception.instruction_r: 0f b7 58 06 56 57 8b 78 3c 8d 74 01 18 0f b7 48
exception.symbol: 8a284bd4b467f47a0c7f32e9d5bb99ea+0x1011
exception.instruction: movzx ebx, word ptr [eax + 6]
exception.module: 8a284bd4b467f47a0c7f32e9d5bb99ea.exe
exception.exception_code: 0xc0000005
exception.offset: 4113
exception.address: 0xe1011
success 0 0
1619686155.719567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518528
registers.edi: 4518608
registers.eax: 40539792
registers.ebp: 4518536
registers.edx: 40539536
registers.ebx: 5
registers.esi: 40539536
registers.ecx: 224
exception.instruction_r: 56 57 8b 78 3c 8d 74 01 18 0f b7 48 04 8b 40 54
exception.symbol: 8a284bd4b467f47a0c7f32e9d5bb99ea+0x1015
exception.instruction: push esi
exception.module: 8a284bd4b467f47a0c7f32e9d5bb99ea.exe
exception.exception_code: 0x80000004
exception.offset: 4117
exception.address: 0xe1015
success 0 0
1619686155.719567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518520
registers.edi: 4518608
registers.eax: 40539792
registers.ebp: 4518536
registers.edx: 40539536
registers.ebx: 5
registers.esi: 40539536
registers.ecx: 224
exception.instruction_r: 8b 78 3c 8d 74 01 18 0f b7 48 04 8b 40 54 50 52
exception.symbol: 8a284bd4b467f47a0c7f32e9d5bb99ea+0x1017
exception.instruction: mov edi, dword ptr [eax + 0x3c]
exception.module: 8a284bd4b467f47a0c7f32e9d5bb99ea.exe
exception.exception_code: 0xc0000005
exception.offset: 4119
exception.address: 0xe1017
success 0 0
1619686155.719567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518520
registers.edi: 512
registers.eax: 40539792
registers.ebp: 4518536
registers.edx: 40539536
registers.ebx: 5
registers.esi: 40539536
registers.ecx: 224
exception.instruction_r: 8d 74 01 18 0f b7 48 04 8b 40 54 50 52 ff 75 08
exception.symbol: 8a284bd4b467f47a0c7f32e9d5bb99ea+0x101a
exception.instruction: lea esi, dword ptr [ecx + eax + 0x18]
exception.module: 8a284bd4b467f47a0c7f32e9d5bb99ea.exe
exception.exception_code: 0x80000004
exception.offset: 4122
exception.address: 0xe101a
success 0 0
1619686155.719567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518520
registers.edi: 512
registers.eax: 40539792
registers.ebp: 4518536
registers.edx: 40539536
registers.ebx: 5
registers.esi: 40540040
registers.ecx: 224
exception.instruction_r: 0f b7 48 04 8b 40 54 50 52 ff 75 08 89 5d fc e8
exception.symbol: 8a284bd4b467f47a0c7f32e9d5bb99ea+0x101e
exception.instruction: movzx ecx, word ptr [eax + 4]
exception.module: 8a284bd4b467f47a0c7f32e9d5bb99ea.exe
exception.exception_code: 0xc0000005
exception.offset: 4126
exception.address: 0xe101e
success 0 0
1619686155.719567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518520
registers.edi: 512
registers.eax: 40539792
registers.ebp: 4518536
registers.edx: 40539536
registers.ebx: 5
registers.esi: 40540040
registers.ecx: 332
exception.instruction_r: 8b 40 54 50 52 ff 75 08 89 5d fc e8 ca 0d 00 00
exception.symbol: 8a284bd4b467f47a0c7f32e9d5bb99ea+0x1022
exception.instruction: mov eax, dword ptr [eax + 0x54]
exception.module: 8a284bd4b467f47a0c7f32e9d5bb99ea.exe
exception.exception_code: 0x80000004
exception.offset: 4130
exception.address: 0xe1022
success 0 0
1619686155.719567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518520
registers.edi: 512
registers.eax: 40539792
registers.ebp: 4518536
registers.edx: 40539536
registers.ebx: 5
registers.esi: 40540040
registers.ecx: 332
exception.instruction_r: 8b 40 54 50 52 ff 75 08 89 5d fc e8 ca 0d 00 00
exception.symbol: 8a284bd4b467f47a0c7f32e9d5bb99ea+0x1022
exception.instruction: mov eax, dword ptr [eax + 0x54]
exception.module: 8a284bd4b467f47a0c7f32e9d5bb99ea.exe
exception.exception_code: 0xc0000005
exception.offset: 4130
exception.address: 0xe1022
success 0 0
1619686155.719567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518520
registers.edi: 512
registers.eax: 1024
registers.ebp: 4518536
registers.edx: 40539536
registers.ebx: 5
registers.esi: 40540040
registers.ecx: 332
exception.instruction_r: 50 52 ff 75 08 89 5d fc e8 ca 0d 00 00 83 c4 0c
exception.symbol: 8a284bd4b467f47a0c7f32e9d5bb99ea+0x1025
exception.instruction: push eax
exception.module: 8a284bd4b467f47a0c7f32e9d5bb99ea.exe
exception.exception_code: 0x80000004
exception.offset: 4133
exception.address: 0xe1025
success 0 0
1619686155.719567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1032 @ 0xe1032
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518492
registers.edi: 9371648
registers.eax: 40540560
registers.ebp: 4518500
registers.edx: 0
registers.ebx: 5
registers.esi: 40539536
registers.ecx: 256
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619686155.719567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1032 @ 0xe1032
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518492
registers.edi: 9371652
registers.eax: 40540560
registers.ebp: 4518500
registers.edx: 0
registers.ebx: 5
registers.esi: 40539540
registers.ecx: 255
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619686155.719567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1032 @ 0xe1032
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518492
registers.edi: 9371652
registers.eax: 40540560
registers.ebp: 4518500
registers.edx: 0
registers.ebx: 5
registers.esi: 40539540
registers.ecx: 255
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619686155.719567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1032 @ 0xe1032
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518492
registers.edi: 9371656
registers.eax: 40540560
registers.ebp: 4518500
registers.edx: 0
registers.ebx: 5
registers.esi: 40539544
registers.ecx: 254
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619686155.719567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1032 @ 0xe1032
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518492
registers.edi: 9371656
registers.eax: 40540560
registers.ebp: 4518500
registers.edx: 0
registers.ebx: 5
registers.esi: 40539544
registers.ecx: 254
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619686155.719567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1032 @ 0xe1032
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518492
registers.edi: 9371660
registers.eax: 40540560
registers.ebp: 4518500
registers.edx: 0
registers.ebx: 5
registers.esi: 40539548
registers.ecx: 253
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619686155.719567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1032 @ 0xe1032
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518492
registers.edi: 9371660
registers.eax: 40540560
registers.ebp: 4518500
registers.edx: 0
registers.ebx: 5
registers.esi: 40539548
registers.ecx: 253
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619686155.719567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1032 @ 0xe1032
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518492
registers.edi: 9371664
registers.eax: 40540560
registers.ebp: 4518500
registers.edx: 0
registers.ebx: 5
registers.esi: 40539552
registers.ecx: 252
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619686155.719567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1032 @ 0xe1032
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518492
registers.edi: 9371664
registers.eax: 40540560
registers.ebp: 4518500
registers.edx: 0
registers.ebx: 5
registers.esi: 40539552
registers.ecx: 252
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619686155.719567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1032 @ 0xe1032
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518492
registers.edi: 9371668
registers.eax: 40540560
registers.ebp: 4518500
registers.edx: 0
registers.ebx: 5
registers.esi: 40539556
registers.ecx: 251
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619686155.719567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1032 @ 0xe1032
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518492
registers.edi: 9371668
registers.eax: 40540560
registers.ebp: 4518500
registers.edx: 0
registers.ebx: 5
registers.esi: 40539556
registers.ecx: 251
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619686155.719567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1032 @ 0xe1032
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518492
registers.edi: 9371672
registers.eax: 40540560
registers.ebp: 4518500
registers.edx: 0
registers.ebx: 5
registers.esi: 40539560
registers.ecx: 250
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619686155.719567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1032 @ 0xe1032
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518492
registers.edi: 9371672
registers.eax: 40540560
registers.ebp: 4518500
registers.edx: 0
registers.ebx: 5
registers.esi: 40539560
registers.ecx: 250
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619686155.719567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1032 @ 0xe1032
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518492
registers.edi: 9371676
registers.eax: 40540560
registers.ebp: 4518500
registers.edx: 0
registers.ebx: 5
registers.esi: 40539564
registers.ecx: 249
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619686155.719567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1032 @ 0xe1032
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518492
registers.edi: 9371676
registers.eax: 40540560
registers.ebp: 4518500
registers.edx: 0
registers.ebx: 5
registers.esi: 40539564
registers.ecx: 249
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619686155.719567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1032 @ 0xe1032
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518492
registers.edi: 9371680
registers.eax: 40540560
registers.ebp: 4518500
registers.edx: 0
registers.ebx: 5
registers.esi: 40539568
registers.ecx: 248
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619686155.719567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1032 @ 0xe1032
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518492
registers.edi: 9371680
registers.eax: 40540560
registers.ebp: 4518500
registers.edx: 0
registers.ebx: 5
registers.esi: 40539568
registers.ecx: 248
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619686155.719567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1032 @ 0xe1032
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518492
registers.edi: 9371684
registers.eax: 40540560
registers.ebp: 4518500
registers.edx: 0
registers.ebx: 5
registers.esi: 40539572
registers.ecx: 247
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619686155.719567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1032 @ 0xe1032
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518492
registers.edi: 9371684
registers.eax: 40540560
registers.ebp: 4518500
registers.edx: 0
registers.ebx: 5
registers.esi: 40539572
registers.ecx: 247
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619686155.735567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1032 @ 0xe1032
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518492
registers.edi: 9371688
registers.eax: 40540560
registers.ebp: 4518500
registers.edx: 0
registers.ebx: 5
registers.esi: 40539576
registers.ecx: 246
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619686155.735567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1032 @ 0xe1032
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518492
registers.edi: 9371688
registers.eax: 40540560
registers.ebp: 4518500
registers.edx: 0
registers.ebx: 5
registers.esi: 40539576
registers.ecx: 246
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619686155.735567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1032 @ 0xe1032
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518492
registers.edi: 9371692
registers.eax: 40540560
registers.ebp: 4518500
registers.edx: 0
registers.ebx: 5
registers.esi: 40539580
registers.ecx: 245
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619686155.735567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1032 @ 0xe1032
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518492
registers.edi: 9371692
registers.eax: 40540560
registers.ebp: 4518500
registers.edx: 0
registers.ebx: 5
registers.esi: 40539580
registers.ecx: 245
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619686155.735567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1032 @ 0xe1032
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518492
registers.edi: 9371696
registers.eax: 40540560
registers.ebp: 4518500
registers.edx: 0
registers.ebx: 5
registers.esi: 40539584
registers.ecx: 244
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619686155.735567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1032 @ 0xe1032
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518492
registers.edi: 9371696
registers.eax: 40540560
registers.ebp: 4518500
registers.edx: 0
registers.ebx: 5
registers.esi: 40539584
registers.ecx: 244
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619686155.735567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1032 @ 0xe1032
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518492
registers.edi: 9371700
registers.eax: 40540560
registers.ebp: 4518500
registers.edx: 0
registers.ebx: 5
registers.esi: 40539588
registers.ecx: 243
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619686155.735567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1032 @ 0xe1032
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518492
registers.edi: 9371700
registers.eax: 40540560
registers.ebp: 4518500
registers.edx: 0
registers.ebx: 5
registers.esi: 40539588
registers.ecx: 243
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619686155.735567
__exception__
stacktrace: 
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1032 @ 0xe1032
8a284bd4b467f47a0c7f32e9d5bb99ea+0x1c3e @ 0xe1c3e
8a284bd4b467f47a0c7f32e9d5bb99ea+0x11cf @ 0xe11cf
8a284bd4b467f47a0c7f32e9d5bb99ea+0x14ab2 @ 0xf4ab2
0x200020

registers.esp: 4518492
registers.edi: 9371704
registers.eax: 40540560
registers.ebp: 4518500
registers.edx: 0
registers.ebx: 5
registers.esi: 40539592
registers.ecx: 242
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (4 个事件)
Time & API Arguments Status Return Repeated
1619686155.704567
NtProtectVirtualMemory
process_identifier: 1108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 20480
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00105000
success 0 0
1619686155.704567
NtAllocateVirtualMemory
process_identifier: 1108
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00320000
success 0 0
1619686155.704567
NtAllocateVirtualMemory
process_identifier: 1108
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00330000
success 0 0
1619686155.704567
NtAllocateVirtualMemory
process_identifier: 1108
region_size: 147456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x008f0000
success 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 61 AntiVirus engines on VirusTotal as malicious (50 out of 61 个事件)
Bkav W32.AIDetectVM.malware2
DrWeb Trojan.Gozi.572
MicroWorld-eScan Trojan.Agent.EGAI
CAT-QuickHeal Trojan.WacatacRI.S8321268
ALYac Trojan.Agent.EGAI
Cylance Unsafe
AegisLab Trojan.Win32.Ursnif.tr2x
Sangfor Malware
K7AntiVirus Trojan ( 005596c01 )
Alibaba TrojanBanker:Win32/Ursnif.eede2416
K7GW Trojan ( 005596c01 )
Cybereason malicious.4b467f
Arcabit Trojan.Agent.EGAI
TrendMicro TROJ_GEN.R002C0DD320
BitDefenderTheta Gen:NN.ZexaF.34108.ju1@amYzxugi
Cyren W32/VBKrypt.ABU.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 Win32/Spy.Ursnif.CT
TrendMicro-HouseCall TROJ_GEN.R002C0DD320
Paloalto generic.ml
GData Trojan.Agent.EGAI
Kaspersky Trojan-Banker.Win32.Gozi.gcq
BitDefender Trojan.Agent.EGAI
NANO-Antivirus Trojan.Win32.Ursnif.gcpyei
SUPERAntiSpyware Trojan.Agent/Gen-MalPack
Rising Spyware.Ursnif!8.1DEF (KTSE)
Ad-Aware Trojan.Agent.EGAI
Emsisoft Trojan.Agent.EGAI (B)
Comodo Malware@#1m6vybu1wjn6p
F-Secure Trojan.TR/AD.Ursnif.bzfqp
VIPRE Trojan.Win32.Generic!BT
Invincea heuristic
McAfee-GW-Edition Trojan-FRGC!8A284BD4B467
FireEye Generic.mg.8a284bd4b467f47a
Sophos Mal/EncPk-AOY
Ikarus Trojan.Win32.Krypt
Jiangmin TrojanSpy.Ursnif.csd
Avira TR/AD.Ursnif.bzfqp
MAX malware (ai score=85)
Antiy-AVL Trojan[Spy]/Win32.Ursnif
Microsoft Trojan:Win32/Ursnif.A!MTB
Endgame malicious (high confidence)
ViRobot Trojan.Win32.Z.Ursnif.153089.G
ZoneAlarm Trojan-Banker.Win32.Gozi.gcq
AhnLab-V3 Trojan/Win32.Agent.R294003
Acronis suspicious
McAfee Trojan-FRGC!8A284BD4B467
TACHYON Banker/W32.Gozi.153089
VBA32 BScope.Trojan.Gozi
Malwarebytes Trojan.MalPack
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2012-10-09 17:55:17

Imports

Library KERNEL32.dll:
0x41e03c GetCurrentThreadId
0x41e040 CloseHandle
0x41e044 LocalFree
0x41e048 CreateThread
0x41e04c CompareStringW
0x41e050 VirtualProtect
0x41e054 HeapSize
0x41e058 LoadLibraryW
0x41e05c RtlUnwind
0x41e064 HeapReAlloc
0x41e068 GetStringTypeW
0x41e06c LCMapStringW
0x41e070 GetSystemInfo
0x41e074 RemoveDirectoryW
0x41e078 LocalAlloc
0x41e07c GetDiskFreeSpaceW
0x41e084 GetModuleFileNameW
0x41e088 GetFileAttributesW
0x41e08c WriteConsoleW
0x41e090 Sleep
0x41e094 ReadFile
0x41e098 MultiByteToWideChar
0x41e09c GetProcessHeap
0x41e0a0 SetEndOfFile
0x41e0a4 SetFilePointer
0x41e0a8 GetConsoleMode
0x41e0ac GetConsoleCP
0x41e0b0 RaiseException
0x41e0b4 WideCharToMultiByte
0x41e0b8 GetSystemDirectoryW
0x41e0bc CreateProcessW
0x41e0c4 ExitProcess
0x41e0c8 GetTimeFormatA
0x41e0cc GetDateFormatA
0x41e0d0 GetLastError
0x41e0d4 GetCommandLineW
0x41e0d8 HeapSetInformation
0x41e0dc GetStartupInfoW
0x41e0e0 TerminateProcess
0x41e0e4 GetCurrentProcess
0x41e0f0 IsDebuggerPresent
0x41e0f4 GetFileType
0x41e0f8 CreateFileA
0x41e0fc CreateFileW
0x41e100 EncodePointer
0x41e104 TlsAlloc
0x41e108 TlsGetValue
0x41e10c TlsSetValue
0x41e110 DecodePointer
0x41e114 TlsFree
0x41e11c GetModuleHandleW
0x41e120 SetLastError
0x41e128 GetProcAddress
0x41e12c GetCPInfo
0x41e130 GetACP
0x41e134 GetOEMCP
0x41e138 IsValidCodePage
0x41e13c HeapFree
0x41e144 HeapAlloc
0x41e148 SetStdHandle
0x41e158 SetHandleCount
0x41e15c GetStdHandle
0x41e164 WriteFile
0x41e170 HeapCreate
0x41e178 GetTickCount
0x41e17c GetCurrentProcessId
Library USER32.dll:
0x41e194 GetClassInfoExW
0x41e198 CallWindowProcW
0x41e19c ReleaseCapture
0x41e1a0 GetCursorPos
0x41e1a4 EndDialog
0x41e1ac CloseClipboard
0x41e1b0 GetMessageW
0x41e1b4 GetFocus
0x41e1b8 GetAncestor
0x41e1bc SetFocus
0x41e1c0 RegisterClassExW
0x41e1c4 LoadIconW
0x41e1c8 OffsetRect
0x41e1cc GetWindowLongW
0x41e1d0 AppendMenuW
Library COMCTL32.dll:
0x41e018
0x41e01c ImageList_DragLeave
0x41e020 _TrackMouseEvent
Library COMDLG32.dll:
0x41e028 GetOpenFileNameW
0x41e02c ReplaceTextW
0x41e030 GetSaveFileNameW
0x41e034 GetFileTitleW
Library ole32.dll:
0x41e1d8 CoCreateInstance
0x41e1dc CoUninitialize
0x41e1e0 CoInitialize
0x41e1e4 CoTaskMemFree
0x41e1e8 CoTaskMemAlloc
Library SHLWAPI.dll:
0x41e18c PathSkipRootW
Library AVIFIL32.dll:
0x41e000 AVIStreamRelease
0x41e004 AVIFileInit
0x41e010 AVIFileExit

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.