8.6
极危
59 个模型检测该样本为恶意!
重新分析
更多

c83638f4f7a2be7e116bd5efcae9df5522724b776f1334326aeadec2db16e000

967b0493c047e9224b5c3cef7dc76330.exe

分析耗时

213s

最近分析

文件大小

689.5KB
静态报毒 动态报毒 100% AI SCORE=89 AIDETECTVM ALI2000015 AUTOIT AVEMARIA AVSARHER BT8I9P CLASSIC CONFIDENCE DAQC DELF DELFINJECT DELPHILESS DKTZ DOWNLOADER34 EMOY FAREIT HIGH CONFIDENCE HNWLWG HPLOKI HTLZ KCLOUD KRYPTIK LOKIBOT MALWARE1 MALWARE@#3H9I3WAAA3Y7K PWSX RGW@AAXRS SCORE SMBD STATIC AI SUSGEN SUSPICIOUS PE TSCOPE TSPY UNSAFE WMGJA X2094 YIWK ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/DelfInject.ali2000015 20190527 0.3.0.5
Avast Win32:PWSX-gen [Trj] 20201228 21.1.5827.0
Baidu 20190318 1.0.0.2
Kingsoft Win32.Troj.Undef.(kcloud) 20201228 2017.9.26.565
McAfee Fareit-FTB!967B0493C047 20201228 6.0.6.653
Tencent Win32.Trojan-spy.Avemaria.Htlz 20201228 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (50 out of 78 个事件)
Time & API Arguments Status Return Repeated
1620832028.682626
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 35127108
registers.edi: 0
registers.eax: 0
registers.ebp: 35127176
registers.edx: 27
registers.ebx: 0
registers.esi: 0
registers.ecx: 620
exception.instruction_r: f7 f0 89 c9 33 c0 5a 59 59 64 89 10 e9 10 93 00
exception.symbol: 967b0493c047e9224b5c3cef7dc76330+0x5bd87
exception.instruction: div eax
exception.module: 967b0493c047e9224b5c3cef7dc76330.exe
exception.exception_code: 0xc0000094
exception.offset: 376199
exception.address: 0x45bd87
success 0 0
1620832030.995249
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x73aae97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x73aaea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x73aab25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x73aab4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x73aaac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x73aaaed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x73aa5511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x73aa559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74167f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74164de3
967b0493c047e9224b5c3cef7dc76330+0x40a4d @ 0x440a4d
967b0493c047e9224b5c3cef7dc76330+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfe6414ad
success 0 0
1620832029.745501
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 48561988
registers.edi: 0
registers.eax: 0
registers.ebp: 48562056
registers.edx: 27
registers.ebx: 0
registers.esi: 0
registers.ecx: 745
exception.instruction_r: f7 f0 89 c9 33 c0 5a 59 59 64 89 10 e9 10 93 00
exception.symbol: 967b0493c047e9224b5c3cef7dc76330+0x5bd87
exception.instruction: div eax
exception.module: 967b0493c047e9224b5c3cef7dc76330.exe
exception.exception_code: 0xc0000094
exception.offset: 376199
exception.address: 0x45bd87
success 0 0
1620832047.979501
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 49676100
registers.edi: 0
registers.eax: 0
registers.ebp: 49676168
registers.edx: 27
registers.ebx: 0
registers.esi: 0
registers.ecx: 979
exception.instruction_r: f7 f0 89 c9 33 c0 5a 59 59 64 89 10 e9 10 93 00
exception.symbol: 967b0493c047e9224b5c3cef7dc76330+0x5bd87
exception.instruction: div eax
exception.module: 967b0493c047e9224b5c3cef7dc76330.exe
exception.exception_code: 0xc0000094
exception.offset: 376199
exception.address: 0x45bd87
success 0 0
1620832048.276876
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x73a6e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x73a6ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x73a6b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x73a6b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x73a6ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x73a6aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x73a65511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x73a6559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74127f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74124de3
967b0493c047e9224b5c3cef7dc76330+0x40a4d @ 0x440a4d
967b0493c047e9224b5c3cef7dc76330+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfe6714ad
success 0 0
1620832048.245501
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 34275140
registers.edi: 0
registers.eax: 0
registers.ebp: 34275208
registers.edx: 27
registers.ebx: 0
registers.esi: 0
registers.ecx: 245
exception.instruction_r: f7 f0 89 c9 33 c0 5a 59 59 64 89 10 e9 10 93 00
exception.symbol: 967b0493c047e9224b5c3cef7dc76330+0x5bd87
exception.instruction: div eax
exception.module: 967b0493c047e9224b5c3cef7dc76330.exe
exception.exception_code: 0xc0000094
exception.offset: 376199
exception.address: 0x45bd87
success 0 0
1620832048.620751
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 48496452
registers.edi: 0
registers.eax: 0
registers.ebp: 48496520
registers.edx: 27
registers.ebx: 0
registers.esi: 0
registers.ecx: 620
exception.instruction_r: f7 f0 89 c9 33 c0 5a 59 59 64 89 10 e9 10 93 00
exception.symbol: 967b0493c047e9224b5c3cef7dc76330+0x5bd87
exception.instruction: div eax
exception.module: 967b0493c047e9224b5c3cef7dc76330.exe
exception.exception_code: 0xc0000094
exception.offset: 376199
exception.address: 0x45bd87
success 0 0
1620832049.292001
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7401e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7401ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7401b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7401b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7401ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7401aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x74015511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7401559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74177f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74174de3
967b0493c047e9224b5c3cef7dc76330+0x40a4d @ 0x440a4d
967b0493c047e9224b5c3cef7dc76330+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfd0114ad
success 0 0
1620832049.167626
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 34012996
registers.edi: 0
registers.eax: 0
registers.ebp: 34013064
registers.edx: 27
registers.ebx: 0
registers.esi: 0
registers.ecx: 167
exception.instruction_r: f7 f0 89 c9 33 c0 5a 59 59 64 89 10 e9 10 93 00
exception.symbol: 967b0493c047e9224b5c3cef7dc76330+0x5bd87
exception.instruction: div eax
exception.module: 967b0493c047e9224b5c3cef7dc76330.exe
exception.exception_code: 0xc0000094
exception.offset: 376199
exception.address: 0x45bd87
success 0 0
1620832052.292626
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 48430916
registers.edi: 0
registers.eax: 0
registers.ebp: 48430984
registers.edx: 27
registers.ebx: 0
registers.esi: 0
registers.ecx: 292
exception.instruction_r: f7 f0 89 c9 33 c0 5a 59 59 64 89 10 e9 10 93 00
exception.symbol: 967b0493c047e9224b5c3cef7dc76330+0x5bd87
exception.instruction: div eax
exception.module: 967b0493c047e9224b5c3cef7dc76330.exe
exception.exception_code: 0xc0000094
exception.offset: 376199
exception.address: 0x45bd87
success 0 0
1620832052.948374
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x73a6e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x73a6ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x73a6b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x73a6b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x73a6ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x73a6aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x73a65511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x73a6559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74127f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74124de3
967b0493c047e9224b5c3cef7dc76330+0x40a4d @ 0x440a4d
967b0493c047e9224b5c3cef7dc76330+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfe6914ad
success 0 0
1620832052.651001
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 36044612
registers.edi: 0
registers.eax: 0
registers.ebp: 36044680
registers.edx: 27
registers.ebx: 0
registers.esi: 0
registers.ecx: 651
exception.instruction_r: f7 f0 89 c9 33 c0 5a 59 59 64 89 10 e9 10 93 00
exception.symbol: 967b0493c047e9224b5c3cef7dc76330+0x5bd87
exception.instruction: div eax
exception.module: 967b0493c047e9224b5c3cef7dc76330.exe
exception.exception_code: 0xc0000094
exception.offset: 376199
exception.address: 0x45bd87
success 0 0
1620832053.948249
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 34144068
registers.edi: 0
registers.eax: 0
registers.ebp: 34144136
registers.edx: 27
registers.ebx: 0
registers.esi: 0
registers.ecx: 948
exception.instruction_r: f7 f0 89 c9 33 c0 5a 59 59 64 89 10 e9 10 93 00
exception.symbol: 967b0493c047e9224b5c3cef7dc76330+0x5bd87
exception.instruction: div eax
exception.module: 967b0493c047e9224b5c3cef7dc76330.exe
exception.exception_code: 0xc0000094
exception.offset: 376199
exception.address: 0x45bd87
success 0 0
1620832056.498375
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7401e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7401ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7401b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7401b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7401ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7401aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x74015511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7401559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74177f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74174de3
967b0493c047e9224b5c3cef7dc76330+0x40a4d @ 0x440a4d
967b0493c047e9224b5c3cef7dc76330+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfcf514ad
success 0 0
1620832056.484564
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 49348420
registers.edi: 0
registers.eax: 0
registers.ebp: 49348488
registers.edx: 27
registers.ebx: 0
registers.esi: 0
registers.ecx: 489
exception.instruction_r: f7 f0 89 c9 33 c0 5a 59 59 64 89 10 e9 10 93 00
exception.symbol: 967b0493c047e9224b5c3cef7dc76330+0x5bd87
exception.instruction: div eax
exception.module: 967b0493c047e9224b5c3cef7dc76330.exe
exception.exception_code: 0xc0000094
exception.offset: 376199
exception.address: 0x45bd87
success 0 0
1620832061.61375
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 34799428
registers.edi: 0
registers.eax: 0
registers.ebp: 34799496
registers.edx: 27
registers.ebx: 0
registers.esi: 0
registers.ecx: 679
exception.instruction_r: f7 f0 89 c9 33 c0 5a 59 59 64 89 10 e9 10 93 00
exception.symbol: 967b0493c047e9224b5c3cef7dc76330+0x5bd87
exception.instruction: div eax
exception.module: 967b0493c047e9224b5c3cef7dc76330.exe
exception.exception_code: 0xc0000094
exception.offset: 376199
exception.address: 0x45bd87
success 0 0
1620832066.982875
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x73a6e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x73a6ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x73a6b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x73a6b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x73a6ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x73a6aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x73a65511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x73a6559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74127f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74124de3
967b0493c047e9224b5c3cef7dc76330+0x40a4d @ 0x440a4d
967b0493c047e9224b5c3cef7dc76330+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfcc114ad
success 0 0
1620832066.673249
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 34799428
registers.edi: 0
registers.eax: 0
registers.ebp: 34799496
registers.edx: 27
registers.ebx: 0
registers.esi: 0
registers.ecx: 681
exception.instruction_r: f7 f0 89 c9 33 c0 5a 59 59 64 89 10 e9 10 93 00
exception.symbol: 967b0493c047e9224b5c3cef7dc76330+0x5bd87
exception.instruction: div eax
exception.module: 967b0493c047e9224b5c3cef7dc76330.exe
exception.exception_code: 0xc0000094
exception.offset: 376199
exception.address: 0x45bd87
success 0 0
1620832071.148059
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 50265924
registers.edi: 0
registers.eax: 0
registers.ebp: 50265992
registers.edx: 27
registers.ebx: 0
registers.esi: 0
registers.ecx: 230
exception.instruction_r: f7 f0 89 c9 33 c0 5a 59 59 64 89 10 e9 10 93 00
exception.symbol: 967b0493c047e9224b5c3cef7dc76330+0x5bd87
exception.instruction: div eax
exception.module: 967b0493c047e9224b5c3cef7dc76330.exe
exception.exception_code: 0xc0000094
exception.offset: 376199
exception.address: 0x45bd87
success 0 0
1620832072.73221
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7401e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7401ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7401b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7401b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7401ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7401aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x74015511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7401559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74177f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74174de3
967b0493c047e9224b5c3cef7dc76330+0x40a4d @ 0x440a4d
967b0493c047e9224b5c3cef7dc76330+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfe8014ad
success 0 0
1620832072.56174
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 48693060
registers.edi: 0
registers.eax: 0
registers.ebp: 48693128
registers.edx: 27
registers.ebx: 0
registers.esi: 0
registers.ecx: 629
exception.instruction_r: f7 f0 89 c9 33 c0 5a 59 59 64 89 10 e9 10 93 00
exception.symbol: 967b0493c047e9224b5c3cef7dc76330+0x5bd87
exception.instruction: div eax
exception.module: 967b0493c047e9224b5c3cef7dc76330.exe
exception.exception_code: 0xc0000094
exception.offset: 376199
exception.address: 0x45bd87
success 0 0
1620832078.490164
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 34078532
registers.edi: 0
registers.eax: 0
registers.ebp: 34078600
registers.edx: 27
registers.ebx: 0
registers.esi: 0
registers.ecx: 509
exception.instruction_r: f7 f0 89 c9 33 c0 5a 59 59 64 89 10 e9 10 93 00
exception.symbol: 967b0493c047e9224b5c3cef7dc76330+0x5bd87
exception.instruction: div eax
exception.module: 967b0493c047e9224b5c3cef7dc76330.exe
exception.exception_code: 0xc0000094
exception.offset: 376199
exception.address: 0x45bd87
success 0 0
1620832080.780316
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x73a6e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x73a6ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x73a6b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x73a6b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x73a6ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x73a6aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x73a65511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x73a6559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74127f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74124de3
967b0493c047e9224b5c3cef7dc76330+0x40a4d @ 0x440a4d
967b0493c047e9224b5c3cef7dc76330+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfe7614ad
success 0 0
1620832079.253222
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 50069316
registers.edi: 0
registers.eax: 0
registers.ebp: 50069384
registers.edx: 27
registers.ebx: 0
registers.esi: 0
registers.ecx: 265
exception.instruction_r: f7 f0 89 c9 33 c0 5a 59 59 64 89 10 e9 10 93 00
exception.symbol: 967b0493c047e9224b5c3cef7dc76330+0x5bd87
exception.instruction: div eax
exception.module: 967b0493c047e9224b5c3cef7dc76330.exe
exception.exception_code: 0xc0000094
exception.offset: 376199
exception.address: 0x45bd87
success 0 0
1620832083.228054
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 49479492
registers.edi: 0
registers.eax: 0
registers.ebp: 49479560
registers.edx: 28
registers.ebx: 0
registers.esi: 0
registers.ecx: 258
exception.instruction_r: f7 f0 89 c9 33 c0 5a 59 59 64 89 10 e9 10 93 00
exception.symbol: 967b0493c047e9224b5c3cef7dc76330+0x5bd87
exception.instruction: div eax
exception.module: 967b0493c047e9224b5c3cef7dc76330.exe
exception.exception_code: 0xc0000094
exception.offset: 376199
exception.address: 0x45bd87
success 0 0
1620832084.413301
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7401e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7401ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7401b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7401b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7401ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7401aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x74015511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7401559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74177f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74174de3
967b0493c047e9224b5c3cef7dc76330+0x40a4d @ 0x440a4d
967b0493c047e9224b5c3cef7dc76330+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfe7d14ad
success 0 0
1620832084.256691
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 34012996
registers.edi: 0
registers.eax: 0
registers.ebp: 34013064
registers.edx: 28
registers.ebx: 0
registers.esi: 0
registers.ecx: 277
exception.instruction_r: f7 f0 89 c9 33 c0 5a 59 59 64 89 10 e9 10 93 00
exception.symbol: 967b0493c047e9224b5c3cef7dc76330+0x5bd87
exception.instruction: div eax
exception.module: 967b0493c047e9224b5c3cef7dc76330.exe
exception.exception_code: 0xc0000094
exception.offset: 376199
exception.address: 0x45bd87
success 0 0
1620832088.323271
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 34078532
registers.edi: 0
registers.eax: 0
registers.ebp: 34078600
registers.edx: 28
registers.ebx: 0
registers.esi: 0
registers.ecx: 354
exception.instruction_r: f7 f0 89 c9 33 c0 5a 59 59 64 89 10 e9 10 93 00
exception.symbol: 967b0493c047e9224b5c3cef7dc76330+0x5bd87
exception.instruction: div eax
exception.module: 967b0493c047e9224b5c3cef7dc76330.exe
exception.exception_code: 0xc0000094
exception.offset: 376199
exception.address: 0x45bd87
success 0 0
1620832095.434332
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x739ae97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x739aea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x739ab25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x739ab4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x739aac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x739aaed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x739a5511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x739a559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74067f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74064de3
967b0493c047e9224b5c3cef7dc76330+0x40a4d @ 0x440a4d
967b0493c047e9224b5c3cef7dc76330+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfcc114ad
success 0 0
1620832095.220768
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 34864964
registers.edi: 0
registers.eax: 0
registers.ebp: 34865032
registers.edx: 28
registers.ebx: 0
registers.esi: 0
registers.ecx: 233
exception.instruction_r: f7 f0 89 c9 33 c0 5a 59 59 64 89 10 e9 10 93 00
exception.symbol: 967b0493c047e9224b5c3cef7dc76330+0x5bd87
exception.instruction: div eax
exception.module: 967b0493c047e9224b5c3cef7dc76330.exe
exception.exception_code: 0xc0000094
exception.offset: 376199
exception.address: 0x45bd87
success 0 0
1620832098.805318
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 48693060
registers.edi: 0
registers.eax: 0
registers.ebp: 48693128
registers.edx: 28
registers.ebx: 0
registers.esi: 0
registers.ecx: 827
exception.instruction_r: f7 f0 89 c9 33 c0 5a 59 59 64 89 10 e9 10 93 00
exception.symbol: 967b0493c047e9224b5c3cef7dc76330+0x5bd87
exception.instruction: div eax
exception.module: 967b0493c047e9224b5c3cef7dc76330.exe
exception.exception_code: 0xc0000094
exception.offset: 376199
exception.address: 0x45bd87
success 0 0
1620832102.808957
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x73f5e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x73f5ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x73f5b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x73f5b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x73f5ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x73f5aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x73f55511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x73f5559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74067f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74064de3
967b0493c047e9224b5c3cef7dc76330+0x40a4d @ 0x440a4d
967b0493c047e9224b5c3cef7dc76330+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfe7914ad
success 0 0
1620832102.781674
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 48234308
registers.edi: 0
registers.eax: 0
registers.ebp: 48234376
registers.edx: 28
registers.ebx: 0
registers.esi: 0
registers.ecx: 319
exception.instruction_r: f7 f0 89 c9 33 c0 5a 59 59 64 89 10 e9 10 93 00
exception.symbol: 967b0493c047e9224b5c3cef7dc76330+0x5bd87
exception.instruction: div eax
exception.module: 967b0493c047e9224b5c3cef7dc76330.exe
exception.exception_code: 0xc0000094
exception.offset: 376199
exception.address: 0x45bd87
success 0 0
1620832105.902855
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 48758596
registers.edi: 0
registers.eax: 0
registers.ebp: 48758664
registers.edx: 28
registers.ebx: 0
registers.esi: 0
registers.ecx: 921
exception.instruction_r: f7 f0 89 c9 33 c0 5a 59 59 64 89 10 e9 10 93 00
exception.symbol: 967b0493c047e9224b5c3cef7dc76330+0x5bd87
exception.instruction: div eax
exception.module: 967b0493c047e9224b5c3cef7dc76330.exe
exception.exception_code: 0xc0000094
exception.offset: 376199
exception.address: 0x45bd87
success 0 0
1620832109.263414
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x739ae97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x739aea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x739ab25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x739ab4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x739aac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x739aaed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x739a5511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x739a559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74067f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74064de3
967b0493c047e9224b5c3cef7dc76330+0x40a4d @ 0x440a4d
967b0493c047e9224b5c3cef7dc76330+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfe6a14ad
success 0 0
1620832107.296262
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 34406212
registers.edi: 0
registers.eax: 0
registers.ebp: 34406280
registers.edx: 28
registers.ebx: 0
registers.esi: 0
registers.ecx: 302
exception.instruction_r: f7 f0 89 c9 33 c0 5a 59 59 64 89 10 e9 10 93 00
exception.symbol: 967b0493c047e9224b5c3cef7dc76330+0x5bd87
exception.instruction: div eax
exception.module: 967b0493c047e9224b5c3cef7dc76330.exe
exception.exception_code: 0xc0000094
exception.offset: 376199
exception.address: 0x45bd87
success 0 0
1620832113.260568
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 34144068
registers.edi: 0
registers.eax: 0
registers.ebp: 34144136
registers.edx: 28
registers.ebx: 0
registers.esi: 0
registers.ecx: 265
exception.instruction_r: f7 f0 89 c9 33 c0 5a 59 59 64 89 10 e9 10 93 00
exception.symbol: 967b0493c047e9224b5c3cef7dc76330+0x5bd87
exception.instruction: div eax
exception.module: 967b0493c047e9224b5c3cef7dc76330.exe
exception.exception_code: 0xc0000094
exception.offset: 376199
exception.address: 0x45bd87
success 0 0
1620832116.729749
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x73f5e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x73f5ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x73f5b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x73f5b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x73f5ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x73f5aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x73f55511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x73f5559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74067f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74064de3
967b0493c047e9224b5c3cef7dc76330+0x40a4d @ 0x440a4d
967b0493c047e9224b5c3cef7dc76330+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfe6814ad
success 0 0
1620832116.527594
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 35061572
registers.edi: 0
registers.eax: 0
registers.ebp: 35061640
registers.edx: 28
registers.ebx: 0
registers.esi: 0
registers.ecx: 533
exception.instruction_r: f7 f0 89 c9 33 c0 5a 59 59 64 89 10 e9 10 93 00
exception.symbol: 967b0493c047e9224b5c3cef7dc76330+0x5bd87
exception.instruction: div eax
exception.module: 967b0493c047e9224b5c3cef7dc76330.exe
exception.exception_code: 0xc0000094
exception.offset: 376199
exception.address: 0x45bd87
success 0 0
1620832119.760255
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 48889668
registers.edi: 0
registers.eax: 0
registers.ebp: 48889736
registers.edx: 28
registers.ebx: 0
registers.esi: 0
registers.ecx: 758
exception.instruction_r: f7 f0 89 c9 33 c0 5a 59 59 64 89 10 e9 10 93 00
exception.symbol: 967b0493c047e9224b5c3cef7dc76330+0x5bd87
exception.instruction: div eax
exception.module: 967b0493c047e9224b5c3cef7dc76330.exe
exception.exception_code: 0xc0000094
exception.offset: 376199
exception.address: 0x45bd87
success 0 0
1620832121.130651
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x739ae97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x739aea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x739ab25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x739ab4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x739aac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x739aaed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x739a5511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x739a559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74067f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74064de3
967b0493c047e9224b5c3cef7dc76330+0x40a4d @ 0x440a4d
967b0493c047e9224b5c3cef7dc76330+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfcd714ad
success 0 0
1620832120.942972
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 36044612
registers.edi: 0
registers.eax: 0
registers.ebp: 36044680
registers.edx: 28
registers.ebx: 0
registers.esi: 0
registers.ecx: 940
exception.instruction_r: f7 f0 89 c9 33 c0 5a 59 59 64 89 10 e9 10 93 00
exception.symbol: 967b0493c047e9224b5c3cef7dc76330+0x5bd87
exception.instruction: div eax
exception.module: 967b0493c047e9224b5c3cef7dc76330.exe
exception.exception_code: 0xc0000094
exception.offset: 376199
exception.address: 0x45bd87
success 0 0
1620832122.504555
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 50003780
registers.edi: 0
registers.eax: 0
registers.ebp: 50003848
registers.edx: 28
registers.ebx: 0
registers.esi: 0
registers.ecx: 502
exception.instruction_r: f7 f0 89 c9 33 c0 5a 59 59 64 89 10 e9 10 93 00
exception.symbol: 967b0493c047e9224b5c3cef7dc76330+0x5bd87
exception.instruction: div eax
exception.module: 967b0493c047e9224b5c3cef7dc76330.exe
exception.exception_code: 0xc0000094
exception.offset: 376199
exception.address: 0x45bd87
success 0 0
1620832124.749739
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x73f5e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x73f5ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x73f5b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x73f5b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x73f5ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x73f5aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x73f55511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x73f5559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74067f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74064de3
967b0493c047e9224b5c3cef7dc76330+0x40a4d @ 0x440a4d
967b0493c047e9224b5c3cef7dc76330+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfe8014ad
success 0 0
1620832124.762544
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 34275140
registers.edi: 0
registers.eax: 0
registers.ebp: 34275208
registers.edx: 28
registers.ebx: 0
registers.esi: 0
registers.ecx: 761
exception.instruction_r: f7 f0 89 c9 33 c0 5a 59 59 64 89 10 e9 10 93 00
exception.symbol: 967b0493c047e9224b5c3cef7dc76330+0x5bd87
exception.instruction: div eax
exception.module: 967b0493c047e9224b5c3cef7dc76330.exe
exception.exception_code: 0xc0000094
exception.offset: 376199
exception.address: 0x45bd87
success 0 0
1620832125.916458
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 49151812
registers.edi: 0
registers.eax: 0
registers.ebp: 49151880
registers.edx: 28
registers.ebx: 0
registers.esi: 0
registers.ecx: 913
exception.instruction_r: f7 f0 89 c9 33 c0 5a 59 59 64 89 10 e9 10 93 00
exception.symbol: 967b0493c047e9224b5c3cef7dc76330+0x5bd87
exception.instruction: div eax
exception.module: 967b0493c047e9224b5c3cef7dc76330.exe
exception.exception_code: 0xc0000094
exception.offset: 376199
exception.address: 0x45bd87
success 0 0
1620832129.358689
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x739ae97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x739aea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x739ab25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x739ab4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x739aac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x739aaed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x739a5511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x739a559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74067f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74064de3
967b0493c047e9224b5c3cef7dc76330+0x40a4d @ 0x440a4d
967b0493c047e9224b5c3cef7dc76330+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfe5514ad
success 0 0
1620832129.184332
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 49938244
registers.edi: 0
registers.eax: 0
registers.ebp: 49938312
registers.edx: 28
registers.ebx: 0
registers.esi: 0
registers.ecx: 168
exception.instruction_r: f7 f0 89 c9 33 c0 5a 59 59 64 89 10 e9 10 93 00
exception.symbol: 967b0493c047e9224b5c3cef7dc76330+0x5bd87
exception.instruction: div eax
exception.module: 967b0493c047e9224b5c3cef7dc76330.exe
exception.exception_code: 0xc0000094
exception.offset: 376199
exception.address: 0x45bd87
success 0 0
1620832131.445675
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 48561988
registers.edi: 0
registers.eax: 0
registers.ebp: 48562056
registers.edx: 28
registers.ebx: 0
registers.esi: 0
registers.ecx: 433
exception.instruction_r: f7 f0 89 c9 33 c0 5a 59 59 64 89 10 e9 10 93 00
exception.symbol: 967b0493c047e9224b5c3cef7dc76330+0x5bd87
exception.instruction: div eax
exception.module: 967b0493c047e9224b5c3cef7dc76330.exe
exception.exception_code: 0xc0000094
exception.offset: 376199
exception.address: 0x45bd87
success 0 0
1620832135.375301
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x739ae97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x739aea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x739ab25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x739ab4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x739aac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x739aaed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x739a5511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x739a559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74067f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74064de3
967b0493c047e9224b5c3cef7dc76330+0x40a4d @ 0x440a4d
967b0493c047e9224b5c3cef7dc76330+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfcbf14ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (50 out of 858 个事件)
Time & API Arguments Status Return Repeated
1620832028.432626
NtAllocateVirtualMemory
process_identifier: 2764
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003d0000
success 0 0
1620832028.682626
NtProtectVirtualMemory
process_identifier: 2764
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 40960
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0045b000
success 0 0
1620832028.698626
NtAllocateVirtualMemory
process_identifier: 2764
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00760000
success 0 0
1620832029.729249
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1620832029.760249
NtAllocateVirtualMemory
process_identifier: 2116
region_size: 1703936
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01e30000
success 0 0
1620832029.760249
NtAllocateVirtualMemory
process_identifier: 2116
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01f90000
success 0 0
1620832029.760249
NtAllocateVirtualMemory
process_identifier: 2116
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01d50000
success 0 0
1620832029.760249
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 118784
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01d52000
success 0 0
1620832030.339249
NtAllocateVirtualMemory
process_identifier: 2116
region_size: 1441792
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01e30000
success 0 0
1620832030.339249
NtAllocateVirtualMemory
process_identifier: 2116
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01f50000
success 0 0
1620832030.964249
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e22000
success 0 0
1620832030.964249
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1620832030.964249
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e22000
success 0 0
1620832030.964249
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1620832030.964249
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e22000
success 0 0
1620832030.964249
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1620832030.964249
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e22000
success 0 0
1620832030.964249
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1620832030.964249
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e22000
success 0 0
1620832030.964249
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1620832030.964249
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e22000
success 0 0
1620832030.964249
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1620832030.964249
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e22000
success 0 0
1620832030.964249
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1620832030.964249
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e22000
success 0 0
1620832030.964249
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1620832030.964249
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e22000
success 0 0
1620832030.964249
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1620832030.964249
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e22000
success 0 0
1620832030.964249
NtProtectVirtualMemory
process_identifier: 2116
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1620832029.745501
NtAllocateVirtualMemory
process_identifier: 2632
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00370000
success 0 0
1620832029.745501
NtProtectVirtualMemory
process_identifier: 2632
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 40960
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0045b000
success 0 0
1620832029.745501
NtAllocateVirtualMemory
process_identifier: 2632
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01fb0000
success 0 0
1620832047.964501
NtAllocateVirtualMemory
process_identifier: 2316
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003d0000
success 0 0
1620832047.979501
NtProtectVirtualMemory
process_identifier: 2316
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 40960
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0045b000
success 0 0
1620832047.979501
NtAllocateVirtualMemory
process_identifier: 2316
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00750000
success 0 0
1620832048.198876
NtProtectVirtualMemory
process_identifier: 3048
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1620832048.198876
NtAllocateVirtualMemory
process_identifier: 3048
region_size: 786432
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01d70000
success 0 0
1620832048.198876
NtAllocateVirtualMemory
process_identifier: 3048
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01df0000
success 0 0
1620832048.198876
NtAllocateVirtualMemory
process_identifier: 3048
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x004c0000
success 0 0
1620832048.198876
NtProtectVirtualMemory
process_identifier: 3048
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 118784
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x004c2000
success 0 0
1620832048.214876
NtAllocateVirtualMemory
process_identifier: 3048
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01d70000
success 0 0
1620832048.214876
NtAllocateVirtualMemory
process_identifier: 3048
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01d80000
success 0 0
1620832048.276876
NtProtectVirtualMemory
process_identifier: 3048
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e52000
success 0 0
1620832048.276876
NtProtectVirtualMemory
process_identifier: 3048
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1620832048.276876
NtProtectVirtualMemory
process_identifier: 3048
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e52000
success 0 0
1620832048.276876
NtProtectVirtualMemory
process_identifier: 3048
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1620832048.276876
NtProtectVirtualMemory
process_identifier: 3048
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e52000
success 0 0
1620832048.276876
NtProtectVirtualMemory
process_identifier: 3048
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1620832048.276876
NtProtectVirtualMemory
process_identifier: 3048
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01e52000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (50 out of 59 个事件)
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.421369329332998 section {'size_of_data': '0x0003da00', 'virtual_address': '0x00075000', 'entropy': 7.421369329332998, 'name': '.rsrc', 'virtual_size': '0x0003d950'} description A section with a high entropy has been found
entropy 0.35802469135802467 description Overall entropy of this PE file is high
Expresses interest in specific running processes (1 个事件)
process 967b0493c047e9224b5c3cef7dc76330.exe
Repeatedly searches for a not-found process, you may want to run a web browser during analysis (50 out of 51 个事件)
Time & API Arguments Status Return Repeated
1620832028.698626
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x000000f8
process_identifier: 2764
failed 0 0
1620832047.792501
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x0000038c
process_identifier: 2632
failed 0 0
1620832047.979501
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x000000f8
process_identifier: 2316
failed 0 0
1620832048.479501
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x00000104
process_identifier: 200
failed 0 0
1620832048.620751
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x000000f8
process_identifier: 3040
failed 0 0
1620832050.385626
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x00000128
process_identifier: 1812
failed 0 0
1620832052.292626
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x000000f8
process_identifier: 3204
failed 0 0
1620832053.760001
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x00000124
process_identifier: 3364
failed 0 0
1620832053.948249
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x000000f8
process_identifier: 3468
failed 0 0
1620832060.328564
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x00000180
process_identifier: 3616
failed 0 0
1620832061.61375
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x000000f8
process_identifier: 3792
failed 0 0
1620832070.126249
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x0000014c
process_identifier: 3876
failed 0 0
1620832071.148059
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x000000fc
process_identifier: 3984
failed 0 0
1620832077.23274
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x00000198
process_identifier: 2268
failed 0 0
1620832078.490164
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x000000f8
process_identifier: 3324
failed 0 0
1620832082.206222
Process32NextW
process_name: mscorsvw.exe
snapshot_handle: 0x00000168
process_identifier: 3700
failed 0 0
1620832083.228054
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x000000f8
process_identifier: 3248
failed 0 0
1620832087.100691
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x00000164
process_identifier: 3692
failed 0 0
1620832088.338271
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x000000f8
process_identifier: 4028
failed 0 0
1620832097.986768
Process32NextW
process_name: is32bit.exe
snapshot_handle: 0x00000160
process_identifier: 3500
failed 0 0
1620832098.805318
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x000000f8
process_identifier: 3680
failed 0 0
1620832104.765674
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x00000144
process_identifier: 3752
failed 0 0
1620832105.902855
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x000000f8
process_identifier: 3808
failed 0 0
1620832112.671262
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x000001c4
process_identifier: 376
failed 0 0
1620832113.275568
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x000000f8
process_identifier: 3436
failed 0 0
1620832119.589594
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x00000164
process_identifier: 2200
failed 0 0
1620832119.760255
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x000000f8
process_identifier: 3784
failed 0 0
1620832122.363972
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x00000130
process_identifier: 2120
failed 0 0
1620832122.520555
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x000000f8
process_identifier: 1708
failed 0 0
1620832125.762544
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x00000120
process_identifier: 3660
failed 0 0
1620832125.931458
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x000000f8
process_identifier: 4084
failed 0 0
1620832131.606332
Process32NextW
process_name: mscorsvw.exe
snapshot_handle: 0x00000154
process_identifier: 3228
failed 0 0
1620832131.445675
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x000000f8
process_identifier: 1316
failed 0 0
1620832139.71559
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x000001c4
process_identifier: 3600
failed 0 0
1620832138.853514
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x000000f8
process_identifier: 2228
failed 0 0
1620832145.957871
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x000001c0
process_identifier: 2224
failed 0 0
1620832145.143582
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x000000f8
process_identifier: 4220
failed 0 0
1620832152.387109
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x000001c8
process_identifier: 4360
failed 0 0
1620832151.81927
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x000000f8
process_identifier: 4568
failed 0 0
1620832157.433813
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x00000188
process_identifier: 4724
failed 0 0
1620832157.446106
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x000000f8
process_identifier: 4868
failed 0 0
1620832163.907995
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x00000174
process_identifier: 5028
failed 0 0
1620832164.140075
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x000000f8
process_identifier: 4176
failed 0 0
1620832171.439455
Process32NextW
process_name: GoogleUpdate.exe
snapshot_handle: 0x0000015c
process_identifier: 4584
failed 0 0
1620832171.821628
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x000000f8
process_identifier: 4600
failed 0 0
1620832178.801186
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x00000190
process_identifier: 3280
failed 0 0
1620832179.653585
Process32NextW
process_name: searchprotocolhost.exe
snapshot_handle: 0x000000fc
process_identifier: 4296
failed 0 0
1620832183.671742
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x00000134
process_identifier: 3636
failed 0 0
1620832184.185287
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x000000f8
process_identifier: 5096
failed 0 0
1620832189.112482
Process32NextW
process_name: 967b0493c047e9224b5c3cef7dc76330.exe
snapshot_handle: 0x00000140
process_identifier: 3596
failed 0 0
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 113.108.239.196
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (50 out of 52 个事件)
Process injection Process 2764 called NtSetContextThread to modify thread in remote process 2116
Process injection Process 2316 called NtSetContextThread to modify thread in remote process 3048
Process injection Process 3040 called NtSetContextThread to modify thread in remote process 2168
Process injection Process 3204 called NtSetContextThread to modify thread in remote process 3304
Process injection Process 3468 called NtSetContextThread to modify thread in remote process 3540
Process injection Process 3736 called NtSetContextThread to modify thread in remote process 3812
Process injection Process 3984 called NtSetContextThread to modify thread in remote process 4056
Process injection Process 3324 called NtSetContextThread to modify thread in remote process 3408
Process injection Process 3248 called NtSetContextThread to modify thread in remote process 3776
Process injection Process 4028 called NtSetContextThread to modify thread in remote process 2648
Process injection Process 2976 called NtSetContextThread to modify thread in remote process 1364
Process injection Process 3808 called NtSetContextThread to modify thread in remote process 3076
Process injection Process 3436 called NtSetContextThread to modify thread in remote process 2428
Process injection Process 3784 called NtSetContextThread to modify thread in remote process 2140
Process injection Process 1708 called NtSetContextThread to modify thread in remote process 1872
Process injection Process 4084 called NtSetContextThread to modify thread in remote process 3840
Process injection Process 1316 called NtSetContextThread to modify thread in remote process 2864
Process injection Process 2228 called NtSetContextThread to modify thread in remote process 2548
Process injection Process 4220 called NtSetContextThread to modify thread in remote process 4292
Process injection Process 4568 called NtSetContextThread to modify thread in remote process 4640
Process injection Process 4868 called NtSetContextThread to modify thread in remote process 4940
Process injection Process 4176 called NtSetContextThread to modify thread in remote process 4240
Process injection Process 4600 called NtSetContextThread to modify thread in remote process 4704
Process injection Process 4464 called NtSetContextThread to modify thread in remote process 4608
Process injection Process 5096 called NtSetContextThread to modify thread in remote process 2776
Time & API Arguments Status Return Repeated
1620832029.448626
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2116
success 0 0
1620832048.026501
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3048
success 0 0
1620832048.979751
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2168
success 0 0
1620832052.479626
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3304
success 0 0
1620832054.573249
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3540
success 0 0
1620832064.87975
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3812
success 0 0
1620832071.367059
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 4056
success 0 0
1620832078.599164
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3408
success 0 0
1620832083.462054
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3776
success 0 0
1620832088.916271
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2648
success 0 0
1620832098.899318
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1364
success 0 0
1620832106.214855
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3076
success 0 0
1620832115.338568
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2428
success 0 0
1620832120.088255
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2140
success 0 0
1620832122.707555
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1872
success 0 0
1620832127.072458
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3840
success 0 0
1620832131.945675
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2864
success 0 0
1620832139.931514
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2548
success 0 0
1620832145.237582
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 4292
success 0 0
1620832153.28727
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 4640
success 0 0
1620832157.587106
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 4940
success 0 0
1620832164.968075
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 4240
success 0 0
1620832172.914628
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 4704
success 0 0
1620832180.060585
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 4608
success 0 0
1620832184.263287
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2776
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (50 out of 52 个事件)
Process injection Process 2764 resumed a thread in remote process 2116
Process injection Process 2316 resumed a thread in remote process 3048
Process injection Process 3040 resumed a thread in remote process 2168
Process injection Process 3204 resumed a thread in remote process 3304
Process injection Process 3468 resumed a thread in remote process 3540
Process injection Process 3736 resumed a thread in remote process 3812
Process injection Process 3984 resumed a thread in remote process 4056
Process injection Process 3324 resumed a thread in remote process 3408
Process injection Process 3248 resumed a thread in remote process 3776
Process injection Process 4028 resumed a thread in remote process 2648
Process injection Process 2976 resumed a thread in remote process 1364
Process injection Process 3808 resumed a thread in remote process 3076
Process injection Process 3436 resumed a thread in remote process 2428
Process injection Process 3784 resumed a thread in remote process 2140
Process injection Process 1708 resumed a thread in remote process 1872
Process injection Process 4084 resumed a thread in remote process 3840
Process injection Process 1316 resumed a thread in remote process 2864
Process injection Process 2228 resumed a thread in remote process 2548
Process injection Process 4220 resumed a thread in remote process 4292
Process injection Process 4568 resumed a thread in remote process 4640
Process injection Process 4868 resumed a thread in remote process 4940
Process injection Process 4176 resumed a thread in remote process 4240
Process injection Process 4600 resumed a thread in remote process 4704
Process injection Process 4464 resumed a thread in remote process 4608
Process injection Process 5096 resumed a thread in remote process 2776
Time & API Arguments Status Return Repeated
1620832029.542626
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 2116
success 0 0
1620832048.057501
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 3048
success 0 0
1620832049.026751
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 2168
success 0 0
1620832052.510626
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 3304
success 0 0
1620832056.167249
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 3540
success 0 0
1620832065.97375
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 3812
success 0 0
1620832071.758059
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 4056
success 0 0
1620832078.959164
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 3408
success 0 0
1620832083.806054
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 3776
success 0 0
1620832089.979271
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 2648
success 0 0
1620832099.743318
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 1364
success 0 0
1620832106.949855
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 3076
success 0 0
1620832116.103568
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 2428
success 0 0
1620832120.807255
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 2140
success 0 0
1620832124.629555
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 1872
success 0 0
1620832127.978458
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 3840
success 0 0
1620832134.429675
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 2864
success 0 0
1620832141.009514
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 2548
success 0 0
1620832146.830582
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 4292
success 0 0
1620832153.42827
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 4640
success 0 0
1620832160.571106
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 4940
success 0 0
1620832168.390075
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 4240
success 0 0
1620832174.117628
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 4704
success 0 0
1620832181.638585
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 4608
success 0 0
1620832186.216287
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 2776
success 0 0
Executed a process and injected code into it, probably while unpacking (50 out of 207 个事件)
Time & API Arguments Status Return Repeated
1620832029.339626
CreateProcessInternalW
thread_identifier: 2008
thread_handle: 0x000000fc
process_identifier: 2116
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\967b0493c047e9224b5c3cef7dc76330.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000100
inherit_handles: 0
success 1 0
1620832029.339626
NtUnmapViewOfSection
process_identifier: 2116
region_size: 4096
process_handle: 0x00000100
base_address: 0x00400000
success 0 0
1620832029.339626
NtMapViewOfSection
section_handle: 0x00000108
process_identifier: 2116
commit_size: 520192
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000100
allocation_type: 0 ()
section_offset: 0
view_size: 520192
base_address: 0x00400000
success 0 0
1620832029.448626
NtGetContextThread
thread_handle: 0x000000fc
success 0 0
1620832029.448626
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2116
success 0 0
1620832029.542626
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 2116
success 0 0
1620832029.589626
CreateProcessInternalW
thread_identifier: 2760
thread_handle: 0x00000104
process_identifier: 2632
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\967b0493c047e9224b5c3cef7dc76330.exe" 2 2116 22900578
filepath_r:
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x0000010c
inherit_handles: 0
success 1 0
1620832047.839501
CreateProcessInternalW
thread_identifier: 3068
thread_handle: 0x00000390
process_identifier: 2316
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\967b0493c047e9224b5c3cef7dc76330.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\967b0493c047e9224b5c3cef7dc76330.exe
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000394
inherit_handles: 0
success 1 0
1620832048.010501
CreateProcessInternalW
thread_identifier: 2856
thread_handle: 0x000000fc
process_identifier: 3048
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\967b0493c047e9224b5c3cef7dc76330.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000100
inherit_handles: 0
success 1 0
1620832048.010501
NtUnmapViewOfSection
process_identifier: 3048
region_size: 4096
process_handle: 0x00000100
base_address: 0x00400000
success 0 0
1620832048.010501
NtMapViewOfSection
section_handle: 0x00000108
process_identifier: 3048
commit_size: 520192
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000100
allocation_type: 0 ()
section_offset: 0
view_size: 520192
base_address: 0x00400000
success 0 0
1620832048.026501
NtGetContextThread
thread_handle: 0x000000fc
success 0 0
1620832048.026501
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3048
success 0 0
1620832048.057501
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 3048
success 0 0
1620832048.089501
CreateProcessInternalW
thread_identifier: 1948
thread_handle: 0x00000104
process_identifier: 200
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\967b0493c047e9224b5c3cef7dc76330.exe" 2 3048 22919093
filepath_r:
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000114
inherit_handles: 0
success 1 0
1620832048.479501
CreateProcessInternalW
thread_identifier: 2268
thread_handle: 0x00000108
process_identifier: 3040
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\967b0493c047e9224b5c3cef7dc76330.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\967b0493c047e9224b5c3cef7dc76330.exe
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x0000010c
inherit_handles: 0
success 1 0
1620832048.698751
CreateProcessInternalW
thread_identifier: 176
thread_handle: 0x000000fc
process_identifier: 2168
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\967b0493c047e9224b5c3cef7dc76330.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000100
inherit_handles: 0
success 1 0
1620832048.698751
NtUnmapViewOfSection
process_identifier: 2168
region_size: 4096
process_handle: 0x00000100
base_address: 0x00400000
success 0 0
1620832048.698751
NtMapViewOfSection
section_handle: 0x00000108
process_identifier: 2168
commit_size: 520192
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000100
allocation_type: 0 ()
section_offset: 0
view_size: 520192
base_address: 0x00400000
success 0 0
1620832048.979751
NtGetContextThread
thread_handle: 0x000000fc
success 0 0
1620832048.979751
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2168
success 0 0
1620832049.026751
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 2168
success 0 0
1620832049.042751
CreateProcessInternalW
thread_identifier: 1324
thread_handle: 0x00000104
process_identifier: 1812
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\967b0493c047e9224b5c3cef7dc76330.exe" 2 2168 22920062
filepath_r:
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000114
inherit_handles: 0
success 1 0
1620832052.151626
CreateProcessInternalW
thread_identifier: 3208
thread_handle: 0x0000012c
process_identifier: 3204
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\967b0493c047e9224b5c3cef7dc76330.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\967b0493c047e9224b5c3cef7dc76330.exe
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000130
inherit_handles: 0
success 1 0
1620832052.339626
CreateProcessInternalW
thread_identifier: 3308
thread_handle: 0x000000fc
process_identifier: 3304
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\967b0493c047e9224b5c3cef7dc76330.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000100
inherit_handles: 0
success 1 0
1620832052.339626
NtUnmapViewOfSection
process_identifier: 3304
region_size: 4096
process_handle: 0x00000100
base_address: 0x00400000
success 0 0
1620832052.339626
NtMapViewOfSection
section_handle: 0x00000108
process_identifier: 3304
commit_size: 520192
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000100
allocation_type: 0 ()
section_offset: 0
view_size: 520192
base_address: 0x00400000
success 0 0
1620832052.479626
NtGetContextThread
thread_handle: 0x000000fc
success 0 0
1620832052.479626
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3304
success 0 0
1620832052.510626
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 3304
success 0 0
1620832052.510626
CreateProcessInternalW
thread_identifier: 3368
thread_handle: 0x00000104
process_identifier: 3364
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\967b0493c047e9224b5c3cef7dc76330.exe" 2 3304 22923546
filepath_r:
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000114
inherit_handles: 0
success 1 0
1620832053.792001
CreateProcessInternalW
thread_identifier: 3472
thread_handle: 0x00000128
process_identifier: 3468
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\967b0493c047e9224b5c3cef7dc76330.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\967b0493c047e9224b5c3cef7dc76330.exe
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x0000012c
inherit_handles: 0
success 1 0
1620832054.026249
CreateProcessInternalW
thread_identifier: 3544
thread_handle: 0x000000fc
process_identifier: 3540
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\967b0493c047e9224b5c3cef7dc76330.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000100
inherit_handles: 0
success 1 0
1620832054.026249
NtUnmapViewOfSection
process_identifier: 3540
region_size: 4096
process_handle: 0x00000100
base_address: 0x00400000
success 0 0
1620832054.026249
NtMapViewOfSection
section_handle: 0x00000108
process_identifier: 3540
commit_size: 520192
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000100
allocation_type: 0 ()
section_offset: 0
view_size: 520192
base_address: 0x00400000
success 0 0
1620832054.573249
NtGetContextThread
thread_handle: 0x000000fc
success 0 0
1620832054.573249
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3540
success 0 0
1620832056.167249
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 3540
success 0 0
1620832056.198249
CreateProcessInternalW
thread_identifier: 3620
thread_handle: 0x00000104
process_identifier: 3616
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\967b0493c047e9224b5c3cef7dc76330.exe" 2 3540 22927203
filepath_r:
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000114
inherit_handles: 0
success 1 0
1620832060.344564
CreateProcessInternalW
thread_identifier: 3740
thread_handle: 0x00000184
process_identifier: 3736
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\967b0493c047e9224b5c3cef7dc76330.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\967b0493c047e9224b5c3cef7dc76330.exe
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000188
inherit_handles: 0
success 1 0
1620832061.66075
CreateProcessInternalW
thread_identifier: 3816
thread_handle: 0x000000fc
process_identifier: 3812
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\967b0493c047e9224b5c3cef7dc76330.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000100
inherit_handles: 0
success 1 0
1620832061.66075
NtUnmapViewOfSection
process_identifier: 3812
region_size: 4096
process_handle: 0x00000100
base_address: 0x00400000
success 0 0
1620832061.66075
NtMapViewOfSection
section_handle: 0x00000108
process_identifier: 3812
commit_size: 520192
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000100
allocation_type: 0 ()
section_offset: 0
view_size: 520192
base_address: 0x00400000
success 0 0
1620832064.87975
NtGetContextThread
thread_handle: 0x000000fc
success 0 0
1620832064.87975
NtSetContextThread
thread_handle: 0x000000fc
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708160
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3812
success 0 0
1620832065.97375
NtResumeThread
thread_handle: 0x000000fc
suspend_count: 1
process_identifier: 3812
success 0 0
1620832066.02075
CreateProcessInternalW
thread_identifier: 3880
thread_handle: 0x00000104
process_identifier: 3876
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\967b0493c047e9224b5c3cef7dc76330.exe" 2 3812 22936578
filepath_r:
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000114
inherit_handles: 0
success 1 0
1620832070.158249
CreateProcessInternalW
thread_identifier: 3988
thread_handle: 0x00000150
process_identifier: 3984
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\967b0493c047e9224b5c3cef7dc76330.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\967b0493c047e9224b5c3cef7dc76330.exe
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000154
inherit_handles: 0
success 1 0
1620832071.195059
CreateProcessInternalW
thread_identifier: 4060
thread_handle: 0x00000100
process_identifier: 4056
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\967b0493c047e9224b5c3cef7dc76330.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000104
inherit_handles: 0
success 1 0
1620832071.195059
NtUnmapViewOfSection
process_identifier: 4056
region_size: 4096
process_handle: 0x00000104
base_address: 0x00400000
success 0 0
File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
DrWeb Trojan.DownLoader34.24896
MicroWorld-eScan Trojan.Delf.FareIt.Gen.7
FireEye Generic.mg.967b0493c047e922
ALYac Trojan.Delf.FareIt.Gen.7
Cylance Unsafe
Sangfor Malware
K7AntiVirus Trojan ( 005690671 )
Alibaba Trojan:Win32/DelfInject.ali2000015
K7GW Trojan ( 005690671 )
Cybereason malicious.3c047e
Arcabit Trojan.Delf.FareIt.Gen.7
BitDefenderTheta Gen:NN.ZelphiF.34700.RGW@aaXrs!bi
Cyren W32/Trojan.YIWK-2138
Symantec Infostealer.Lokibot!43
ESET-NOD32 a variant of Win32/Injector.EMOY
APEX Malicious
Paloalto generic.ml
ClamAV Win.Malware.Daqc-6598201-0
Kaspersky HEUR:Trojan-Spy.Win32.AveMaria.gen
BitDefender Trojan.Delf.FareIt.Gen.7
NANO-Antivirus Riskware.Win32.Delf.hnwlwg
Avast Win32:PWSX-gen [Trj]
Rising Trojan.Injector!1.C97E (CLASSIC)
Ad-Aware Trojan.Delf.FareIt.Gen.7
Sophos Mal/Generic-S
Comodo Malware@#3h9i3waaa3y7k
F-Secure Trojan.TR/Injector.wmgja
VIPRE Trojan.Win32.Generic!BT
TrendMicro TSPY_HPLOKI.SMBD
McAfee-GW-Edition BehavesLike.Win32.Fareit.jc
Emsisoft Trojan.Delf.FareIt.Gen.7 (B)
Ikarus Trojan-Dropper.Win32.Autoit
Jiangmin Backdoor.MSIL.dktz
Avira TR/Injector.wmgja
Antiy-AVL Trojan[Spy]/Win32.AveMaria
Kingsoft Win32.Troj.Undef.(kcloud)
Microsoft PWS:Win32/Fareit.AQ!MTB
AegisLab Trojan.Win32.AveMaria.l!c
ZoneAlarm HEUR:Trojan.Win32.Kryptik.gen
GData Trojan.Delf.FareIt.Gen.7
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2094
Acronis suspicious
McAfee Fareit-FTB!967B0493C047
MAX malware (ai score=89)
VBA32 TScope.Trojan.Delf
Malwarebytes Trojan.MalPack.DLF
TrendMicro-HouseCall TSPY_HPLOKI.SMBD
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.110:443
dead_host 172.217.160.78:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x46913c VirtualFree
0x469140 VirtualAlloc
0x469144 LocalFree
0x469148 LocalAlloc
0x46914c GetVersion
0x469150 GetCurrentThreadId
0x46915c VirtualQuery
0x469160 WideCharToMultiByte
0x469164 MultiByteToWideChar
0x469168 lstrlenA
0x46916c lstrcpynA
0x469170 LoadLibraryExA
0x469174 GetThreadLocale
0x469178 GetStartupInfoA
0x46917c GetProcAddress
0x469180 GetModuleHandleA
0x469184 GetModuleFileNameA
0x469188 GetLocaleInfoA
0x46918c GetCommandLineA
0x469190 FreeLibrary
0x469194 FindFirstFileA
0x469198 FindClose
0x46919c ExitProcess
0x4691a0 WriteFile
0x4691a8 RtlUnwind
0x4691ac RaiseException
0x4691b0 GetStdHandle
Library user32.dll:
0x4691b8 GetKeyboardType
0x4691bc LoadStringA
0x4691c0 MessageBoxA
0x4691c4 CharNextA
Library advapi32.dll:
0x4691cc RegQueryValueExA
0x4691d0 RegOpenKeyExA
0x4691d4 RegCloseKey
Library oleaut32.dll:
0x4691dc SysFreeString
0x4691e0 SysReAllocStringLen
0x4691e4 SysAllocStringLen
Library kernel32.dll:
0x4691ec TlsSetValue
0x4691f0 TlsGetValue
0x4691f4 LocalAlloc
0x4691f8 GetModuleHandleA
Library advapi32.dll:
0x469200 RegQueryValueExA
0x469204 RegOpenKeyExA
0x469208 RegCloseKey
Library kernel32.dll:
0x469210 lstrcpyA
0x469214 WriteFile
0x469218 WaitForSingleObject
0x46921c VirtualQuery
0x469220 VirtualProtectEx
0x469224 VirtualAlloc
0x469228 Sleep
0x46922c SizeofResource
0x469230 SetThreadLocale
0x469234 SetFilePointer
0x469238 SetEvent
0x46923c SetErrorMode
0x469240 SetEndOfFile
0x469244 ResetEvent
0x469248 ReadFile
0x46924c MulDiv
0x469250 LockResource
0x469254 LoadResource
0x469258 LoadLibraryA
0x469264 GlobalUnlock
0x469268 GlobalReAlloc
0x46926c GlobalHandle
0x469270 GlobalLock
0x469274 GlobalFree
0x469278 GlobalFindAtomA
0x46927c GlobalDeleteAtom
0x469280 GlobalAlloc
0x469284 GlobalAddAtomA
0x469288 GetVersionExA
0x46928c GetVersion
0x469290 GetTickCount
0x469294 GetThreadLocale
0x469298 GetSystemInfo
0x46929c GetStringTypeExA
0x4692a0 GetStdHandle
0x4692a4 GetProcAddress
0x4692a8 GetModuleHandleA
0x4692ac GetModuleFileNameA
0x4692b0 GetLocaleInfoA
0x4692b4 GetLocalTime
0x4692b8 GetLastError
0x4692bc GetFullPathNameA
0x4692c0 GetFileAttributesA
0x4692c4 GetDiskFreeSpaceA
0x4692c8 GetDateFormatA
0x4692cc GetCurrentThreadId
0x4692d0 GetCurrentProcessId
0x4692d4 GetCurrentProcess
0x4692d8 GetCPInfo
0x4692dc GetACP
0x4692e0 FreeResource
0x4692e4 InterlockedExchange
0x4692e8 FreeLibrary
0x4692ec FormatMessageA
0x4692f0 FindResourceA
0x4692f4 FindFirstFileA
0x4692f8 FindClose
0x469304 EnumCalendarInfoA
0x469310 CreateThread
0x469314 CreateFileA
0x469318 CreateEventA
0x46931c CompareStringA
0x469320 CloseHandle
Library version.dll:
0x469328 VerQueryValueA
0x469330 GetFileVersionInfoA
Library gdi32.dll:
0x469338 UnrealizeObject
0x46933c StretchBlt
0x469340 SetWindowOrgEx
0x469344 SetWinMetaFileBits
0x469348 SetViewportOrgEx
0x46934c SetTextColor
0x469350 SetStretchBltMode
0x469354 SetROP2
0x469358 SetPixel
0x46935c SetEnhMetaFileBits
0x469360 SetDIBColorTable
0x469364 SetBrushOrgEx
0x469368 SetBkMode
0x46936c SetBkColor
0x469370 SelectPalette
0x469374 SelectObject
0x469378 SaveDC
0x46937c RestoreDC
0x469380 Rectangle
0x469384 RectVisible
0x469388 RealizePalette
0x46938c Polyline
0x469390 PlayEnhMetaFile
0x469394 PatBlt
0x469398 MoveToEx
0x46939c MaskBlt
0x4693a0 LineTo
0x4693a4 IntersectClipRect
0x4693a8 GetWindowOrgEx
0x4693ac GetWinMetaFileBits
0x4693b0 GetTextMetricsA
0x4693bc GetStockObject
0x4693c0 GetPixel
0x4693c4 GetPaletteEntries
0x4693c8 GetObjectA
0x4693d4 GetEnhMetaFileBits
0x4693d8 GetDeviceCaps
0x4693dc GetDIBits
0x4693e0 GetDIBColorTable
0x4693e4 GetDCOrgEx
0x4693ec GetClipBox
0x4693f0 GetBrushOrgEx
0x4693f4 GetBitmapBits
0x4693f8 ExcludeClipRect
0x4693fc DeleteObject
0x469400 DeleteEnhMetaFile
0x469404 DeleteDC
0x469408 CreateSolidBrush
0x46940c CreatePenIndirect
0x469410 CreatePen
0x469414 CreatePalette
0x46941c CreateFontIndirectA
0x469420 CreateDIBitmap
0x469424 CreateDIBSection
0x469428 CreateCompatibleDC
0x469430 CreateBrushIndirect
0x469434 CreateBitmap
0x469438 CopyEnhMetaFileA
0x46943c BitBlt
Library user32.dll:
0x469444 CreateWindowExA
0x469448 WindowFromPoint
0x46944c WinHelpA
0x469450 WaitMessage
0x469454 ValidateRect
0x469458 UpdateWindow
0x46945c UnregisterClassA
0x469460 UnhookWindowsHookEx
0x469464 TranslateMessage
0x46946c TrackPopupMenu
0x469474 ShowWindow
0x469478 ShowScrollBar
0x46947c ShowOwnedPopups
0x469480 ShowCursor
0x469484 SetWindowsHookExA
0x469488 SetWindowPos
0x46948c SetWindowPlacement
0x469490 SetWindowLongA
0x469494 SetTimer
0x469498 SetScrollRange
0x46949c SetScrollPos
0x4694a0 SetScrollInfo
0x4694a4 SetRect
0x4694a8 SetPropA
0x4694ac SetParent
0x4694b0 SetMenuItemInfoA
0x4694b4 SetMenu
0x4694b8 SetForegroundWindow
0x4694bc SetFocus
0x4694c0 SetCursor
0x4694c4 SetClassLongA
0x4694c8 SetCapture
0x4694cc SetActiveWindow
0x4694d0 SendMessageA
0x4694d4 ScrollWindow
0x4694d8 ScreenToClient
0x4694dc RemovePropA
0x4694e0 RemoveMenu
0x4694e4 ReleaseDC
0x4694e8 ReleaseCapture
0x4694f4 RegisterClassA
0x4694f8 RedrawWindow
0x4694fc PtInRect
0x469500 PostQuitMessage
0x469504 PostMessageA
0x469508 PeekMessageA
0x46950c OffsetRect
0x469510 OemToCharA
0x469514 MessageBoxA
0x469518 MapWindowPoints
0x46951c MapVirtualKeyA
0x469520 LoadStringA
0x469524 LoadKeyboardLayoutA
0x469528 LoadIconA
0x46952c LoadCursorA
0x469530 LoadBitmapA
0x469534 KillTimer
0x469538 IsZoomed
0x46953c IsWindowVisible
0x469540 IsWindowEnabled
0x469544 IsWindow
0x469548 IsRectEmpty
0x46954c IsIconic
0x469550 IsDialogMessageA
0x469554 IsChild
0x469558 InvalidateRect
0x46955c IntersectRect
0x469560 InsertMenuItemA
0x469564 InsertMenuA
0x469568 InflateRect
0x469570 GetWindowTextA
0x469574 GetWindowRect
0x469578 GetWindowPlacement
0x46957c GetWindowLongA
0x469580 GetWindowDC
0x469584 GetTopWindow
0x469588 GetSystemMetrics
0x46958c GetSystemMenu
0x469590 GetSysColorBrush
0x469594 GetSysColor
0x469598 GetSubMenu
0x46959c GetScrollRange
0x4695a0 GetScrollPos
0x4695a4 GetScrollInfo
0x4695a8 GetPropA
0x4695ac GetParent
0x4695b0 GetWindow
0x4695b4 GetMenuStringA
0x4695b8 GetMenuState
0x4695bc GetMenuItemInfoA
0x4695c0 GetMenuItemID
0x4695c4 GetMenuItemCount
0x4695c8 GetMenu
0x4695cc GetLastActivePopup
0x4695d0 GetKeyboardState
0x4695d8 GetKeyboardLayout
0x4695dc GetKeyState
0x4695e0 GetKeyNameTextA
0x4695e4 GetIconInfo
0x4695e8 GetForegroundWindow
0x4695ec GetFocus
0x4695f0 GetDlgItem
0x4695f4 GetDesktopWindow
0x4695f8 GetDCEx
0x4695fc GetDC
0x469600 GetCursorPos
0x469604 GetCursor
0x469608 GetClipboardData
0x46960c GetClientRect
0x469610 GetClassNameA
0x469614 GetClassInfoA
0x469618 GetCapture
0x46961c GetActiveWindow
0x469620 FrameRect
0x469624 FindWindowA
0x469628 FillRect
0x46962c EqualRect
0x469630 EnumWindows
0x469634 EnumThreadWindows
0x469638 EndPaint
0x46963c EnableWindow
0x469640 EnableScrollBar
0x469644 EnableMenuItem
0x469648 DrawTextA
0x46964c DrawMenuBar
0x469650 DrawIconEx
0x469654 DrawIcon
0x469658 DrawFrameControl
0x46965c DrawEdge
0x469660 DispatchMessageA
0x469664 DestroyWindow
0x469668 DestroyMenu
0x46966c DestroyIcon
0x469670 DestroyCursor
0x469674 DeleteMenu
0x469678 DefWindowProcA
0x46967c DefMDIChildProcA
0x469680 DefFrameProcA
0x469684 CreatePopupMenu
0x469688 CreateMenu
0x46968c CreateIcon
0x469690 ClientToScreen
0x469694 CheckMenuItem
0x469698 CallWindowProcA
0x46969c CallNextHookEx
0x4696a0 BeginPaint
0x4696a4 CharNextA
0x4696a8 CharLowerBuffA
0x4696ac CharLowerA
0x4696b0 CharToOemA
0x4696b4 AdjustWindowRectEx
Library kernel32.dll:
0x4696c0 Sleep
Library oleaut32.dll:
0x4696c8 SafeArrayPtrOfIndex
0x4696cc SafeArrayGetUBound
0x4696d0 SafeArrayGetLBound
0x4696d4 SafeArrayCreate
0x4696d8 VariantChangeType
0x4696dc VariantCopy
0x4696e0 VariantClear
0x4696e4 VariantInit
Library comctl32.dll:
0x4696f4 ImageList_Write
0x4696f8 ImageList_Read
0x469708 ImageList_DragMove
0x46970c ImageList_DragLeave
0x469710 ImageList_DragEnter
0x469714 ImageList_EndDrag
0x469718 ImageList_BeginDrag
0x46971c ImageList_Remove
0x469720 ImageList_DrawEx
0x469724 ImageList_Replace
0x469728 ImageList_Draw
0x469738 ImageList_Add
0x469740 ImageList_Destroy
0x469744 ImageList_Create
0x469748 InitCommonControls
Library comdlg32.dll:
0x469750 GetSaveFileNameA
0x469754 GetOpenFileNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.