10.6
0-day
52 个模型检测该样本为恶意!
重新分析
更多

f86c9804962e1889e0002741388ef1e4b7a140f12d634d4b2ebc0af9162bc097

9ae795a6a67c958c15d120c26efced30.exe

分析耗时

86s

最近分析

文件大小

371.0KB
静态报毒 动态报毒 AAHH AGENSLA AGENTTESLA AI SCORE=81 BTORSF CONFIDENCE ELDORADO ELIC FAREIT GDSDA GENERICKD GENKRYPTIK HIGH CONFIDENCE IGENT KRYPTIK MALICIOUS PE MALWARE@#3LAKTWKKL9JEX R06EC0PIA20 SCORE SONBOKLI STATIC AI SUSGEN TROJANPSW TROJANX TSCOPE UNSAFE WJMMQ XM0@ASNEYGB YMACCO ZEMSILF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FWH!9AE795A6A67C 20201228 6.0.6.653
Alibaba TrojanPSW:MSIL/Agensla.5a0eb63c 20190527 0.3.0.5
Avast Win32:TrojanX-gen [Trj] 20201228 21.1.5827.0
Baidu 20190318 1.0.0.2
Kingsoft 20201228 2017.9.26.565
Tencent 20201228 1.0.0.1
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
Queries for the computername (5 个事件)
Time & API Arguments Status Return Repeated
1619781074.130952
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619784179.596375
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619784182.800375
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619784185.393375
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619784186.550375
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Checks if process is being debugged by a debugger (4 个事件)
Time & API Arguments Status Return Repeated
1619781065.490952
IsDebuggerPresent
failed 0 0
1619781065.490952
IsDebuggerPresent
failed 0 0
1619784161.096375
IsDebuggerPresent
failed 0 0
1619784161.096375
IsDebuggerPresent
failed 0 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619781065.521952
GlobalMemoryStatusEx
success 1 0
One or more processes crashed (9 个事件)
Time & API Arguments Status Return Repeated
1619781066.677952
__exception__
stacktrace: 
mscorlib+0x230de1 @ 0x71e40de1
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73ec9424
StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73eb3f33
StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73eb3f92
GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73ec92c8
GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73ec9619
StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73eb3ea9
CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73ea0bf1
LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73f089e7
mscorlib+0x24e713 @ 0x71e5e713
mscorlib+0x24e4ea @ 0x71e5e4ea
mscorlib+0x23d314 @ 0x71e4d314
mscorlib+0x23cf95 @ 0x71e4cf95
mscorlib+0x23cd51 @ 0x71e4cd51
mscorlib+0x836a4f @ 0x72446a4f
mscorlib+0x25351b @ 0x71e6351b
0x8701ac
0x870120
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x4f8b DllRegisterServerInternal-0xe1f5 clr+0x23153 @ 0x73e93153
CoUninitializeEE+0x5004 DllRegisterServerInternal-0xe17c clr+0x231cc @ 0x73e931cc
CoUninitializeEE+0x5073 DllRegisterServerInternal-0xe10d clr+0x2323b @ 0x73e9323b
CoUninitializeEE+0x524d DllRegisterServerInternal-0xdf33 clr+0x23415 @ 0x73e93415
CoUninitializeEE+0x5392 DllRegisterServerInternal-0xddee clr+0x2355a @ 0x73e9355a
GetMetaDataInternalInterface+0x838a LogHelp_TerminateOnAssert-0x5ca6 clr+0x56db2 @ 0x73ec6db2
CoUninitializeEE+0x3d8d DllRegisterServerInternal-0xf3f3 clr+0x21f55 @ 0x73e91f55
0x20d0842
0x8700d6
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73e94c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73f5ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73f5cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73f5cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73f5d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73f5d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73fdaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x752655ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x754e7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x754e4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3133200
registers.edi: 36577356
registers.eax: 0
registers.ebp: 3133260
registers.edx: 9
registers.ebx: 36508564
registers.esi: 36550668
registers.ecx: 1945127358
exception.instruction_r: 83 78 04 00 77 05 e8 34 88 8b 73 0f b6 40 08 89
exception.instruction: cmp dword ptr [eax + 4], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x870501
success 0 0
1619781066.724952
__exception__
stacktrace: 
mscorlib+0x230de1 @ 0x71e40de1
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73ec9424
StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73eb3f33
StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73eb3f92
GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73ec92c8
GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73ec9619
StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73eb3ea9
CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73ea0bf1
LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73f089e7
mscorlib+0x24e713 @ 0x71e5e713
mscorlib+0x24e4ea @ 0x71e5e4ea
mscorlib+0x23d314 @ 0x71e4d314
mscorlib+0x23cf95 @ 0x71e4cf95
mscorlib+0x23cd51 @ 0x71e4cd51
mscorlib+0x23caba @ 0x71e4caba
mscorlib+0x2bba5a @ 0x71ecba5a
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73e94c21
LogHelp_TerminateOnAssert+0x42ba0 StrongNameErrorInfo-0x452fa clr+0x9f5f8 @ 0x73f0f5f8
LogHelp_TerminateOnAssert+0x42cf7 StrongNameErrorInfo-0x451a3 clr+0x9f74f @ 0x73f0f74f
mscorlib+0x2bb931 @ 0x71ecb931
mscorlib+0x2bbc18 @ 0x71ecbc18
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
LogHelp_TerminateOnAssert+0x31879 StrongNameErrorInfo-0x56621 clr+0x8e2d1 @ 0x73efe2d1
LogHelp_TerminateOnAssert+0x3197b StrongNameErrorInfo-0x5651f clr+0x8e3d3 @ 0x73efe3d3
mscorlib+0x843318 @ 0x72453318
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
GetCLRFunction+0x4d5 GetMetaDataPublicInterfaceFromInternal-0x9198 clr+0xec74f @ 0x73f5c74f
CopyPDBs+0x321b MetaDataGetDispenser-0x5ad9 clr+0xf9269 @ 0x73f69269
GetAddrOfContractShutoffFlag+0x10bc2 CorLaunchApplication-0x2ed06 clr+0x277842 @ 0x740e7842
AttachProfiler+0x42b0 LogHelp_LogAssert-0x15e9a clr+0x1e2e38 @ 0x74052e38
LogHelp_TerminateOnAssert+0x30167 StrongNameErrorInfo-0x57d33 clr+0x8cbbf @ 0x73efcbbf
LogHelp_TerminateOnAssert+0x302a6 StrongNameErrorInfo-0x57bf4 clr+0x8ccfe @ 0x73efccfe
RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x77d76ab9
RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x77d76a8b
New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x752f482b
KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x77d40143
mscorlib+0x230de1 @ 0x71e40de1
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73ec9424
StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73eb3f33
StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73eb3f92
GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73ec92c8
GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73ec9619
StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73eb3ea9
CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73ea0bf1
LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73f089e7
mscorlib+0x24e713 @ 0x71e5e713

registers.esp: 3122096
registers.edi: 36655260
registers.eax: 0
registers.ebp: 3122156
registers.edx: 9
registers.ebx: 36508564
registers.esi: 36550668
registers.ecx: 1945127358
exception.instruction_r: 83 78 04 00 77 05 e8 34 88 8b 73 0f b6 40 08 89
exception.instruction: cmp dword ptr [eax + 4], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x870501
success 0 0
1619781066.943952
__exception__
stacktrace: 
mscorlib+0x230de1 @ 0x71e40de1
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73ec9424
StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73eb3f33
StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73eb3f92
GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73ec92c8
GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73ec9619
StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73eb3ea9
CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73ea0bf1
LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73f089e7
mscorlib+0x24e713 @ 0x71e5e713
mscorlib+0x24e4ea @ 0x71e5e4ea
mscorlib+0x23d314 @ 0x71e4d314
mscorlib+0x23cf95 @ 0x71e4cf95
mscorlib+0x23cd51 @ 0x71e4cd51
mscorlib+0x23caba @ 0x71e4caba
mscorlib+0x2bba5a @ 0x71ecba5a
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73e94c21
LogHelp_TerminateOnAssert+0x42ba0 StrongNameErrorInfo-0x452fa clr+0x9f5f8 @ 0x73f0f5f8
LogHelp_TerminateOnAssert+0x42cf7 StrongNameErrorInfo-0x451a3 clr+0x9f74f @ 0x73f0f74f
mscorlib+0x2bb931 @ 0x71ecb931
mscorlib+0x2bbc18 @ 0x71ecbc18
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
LogHelp_TerminateOnAssert+0x31879 StrongNameErrorInfo-0x56621 clr+0x8e2d1 @ 0x73efe2d1
LogHelp_TerminateOnAssert+0x3197b StrongNameErrorInfo-0x5651f clr+0x8e3d3 @ 0x73efe3d3
mscorlib+0x843318 @ 0x72453318
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
GetCLRFunction+0x4d5 GetMetaDataPublicInterfaceFromInternal-0x9198 clr+0xec74f @ 0x73f5c74f
CopyPDBs+0x321b MetaDataGetDispenser-0x5ad9 clr+0xf9269 @ 0x73f69269
GetAddrOfContractShutoffFlag+0x10bc2 CorLaunchApplication-0x2ed06 clr+0x277842 @ 0x740e7842
AttachProfiler+0x42b0 LogHelp_LogAssert-0x15e9a clr+0x1e2e38 @ 0x74052e38
LogHelp_TerminateOnAssert+0x30167 StrongNameErrorInfo-0x57d33 clr+0x8cbbf @ 0x73efcbbf
LogHelp_TerminateOnAssert+0x302a6 StrongNameErrorInfo-0x57bf4 clr+0x8ccfe @ 0x73efccfe
RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x77d76ab9
RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x77d76a8b
New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x752f482b
KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x77d40143
mscorlib+0x230de1 @ 0x71e40de1
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73ec9424
StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73eb3f33
StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73eb3f92
GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73ec92c8
GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73ec9619
StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73eb3ea9
CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73ea0bf1
LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73f089e7
mscorlib+0x24e713 @ 0x71e5e713

registers.esp: 3122096
registers.edi: 36706308
registers.eax: 0
registers.ebp: 3122156
registers.edx: 9
registers.ebx: 36508564
registers.esi: 36550668
registers.ecx: 1945127358
exception.instruction_r: 83 78 04 00 77 05 e8 34 88 8b 73 0f b6 40 08 89
exception.instruction: cmp dword ptr [eax + 4], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x870501
success 0 0
1619781066.959952
__exception__
stacktrace: 
mscorlib+0x230de1 @ 0x71e40de1
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73ec9424
StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73eb3f33
StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73eb3f92
GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73ec92c8
GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73ec9619
StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73eb3ea9
CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73ea0bf1
LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73f089e7
mscorlib+0x24e713 @ 0x71e5e713
mscorlib+0x24e4ea @ 0x71e5e4ea
mscorlib+0x23d314 @ 0x71e4d314
mscorlib+0x23cf95 @ 0x71e4cf95
mscorlib+0x23cd51 @ 0x71e4cd51
mscorlib+0x23caba @ 0x71e4caba
mscorlib+0x2bba5a @ 0x71ecba5a
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73e94c21
LogHelp_TerminateOnAssert+0x42ba0 StrongNameErrorInfo-0x452fa clr+0x9f5f8 @ 0x73f0f5f8
LogHelp_TerminateOnAssert+0x42cf7 StrongNameErrorInfo-0x451a3 clr+0x9f74f @ 0x73f0f74f
mscorlib+0x2bb931 @ 0x71ecb931
mscorlib+0x2bbc18 @ 0x71ecbc18
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
LogHelp_TerminateOnAssert+0x31879 StrongNameErrorInfo-0x56621 clr+0x8e2d1 @ 0x73efe2d1
LogHelp_TerminateOnAssert+0x3197b StrongNameErrorInfo-0x5651f clr+0x8e3d3 @ 0x73efe3d3
mscorlib+0x843318 @ 0x72453318
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
GetCLRFunction+0x4d5 GetMetaDataPublicInterfaceFromInternal-0x9198 clr+0xec74f @ 0x73f5c74f
CopyPDBs+0x321b MetaDataGetDispenser-0x5ad9 clr+0xf9269 @ 0x73f69269
GetAddrOfContractShutoffFlag+0x10bc2 CorLaunchApplication-0x2ed06 clr+0x277842 @ 0x740e7842
AttachProfiler+0x42b0 LogHelp_LogAssert-0x15e9a clr+0x1e2e38 @ 0x74052e38
LogHelp_TerminateOnAssert+0x30167 StrongNameErrorInfo-0x57d33 clr+0x8cbbf @ 0x73efcbbf
LogHelp_TerminateOnAssert+0x302a6 StrongNameErrorInfo-0x57bf4 clr+0x8ccfe @ 0x73efccfe
RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x77d76ab9
RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x77d76a8b
New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x752f482b
KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x77d40143
mscorlib+0x230de1 @ 0x71e40de1
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73ec9424
StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73eb3f33
StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73eb3f92
GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73ec92c8
GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73ec9619
StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73eb3ea9
CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73ea0bf1
LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73f089e7
mscorlib+0x24e713 @ 0x71e5e713

registers.esp: 3122096
registers.edi: 36743956
registers.eax: 0
registers.ebp: 3122156
registers.edx: 9
registers.ebx: 36508564
registers.esi: 36550668
registers.ecx: 1945127358
exception.instruction_r: 83 78 04 00 77 05 e8 34 88 8b 73 0f b6 40 08 89
exception.instruction: cmp dword ptr [eax + 4], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x870501
success 0 0
1619781066.974952
__exception__
stacktrace: 
mscorlib+0x230de1 @ 0x71e40de1
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73ec9424
StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73eb3f33
StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73eb3f92
GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73ec92c8
GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73ec9619
StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73eb3ea9
CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73ea0bf1
LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73f089e7
mscorlib+0x24e713 @ 0x71e5e713
mscorlib+0x24e4ea @ 0x71e5e4ea
mscorlib+0x23d314 @ 0x71e4d314
mscorlib+0x23cf95 @ 0x71e4cf95
mscorlib+0x23cd51 @ 0x71e4cd51
mscorlib+0x23caba @ 0x71e4caba
mscorlib+0x2bba5a @ 0x71ecba5a
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73e94c21
LogHelp_TerminateOnAssert+0x42ba0 StrongNameErrorInfo-0x452fa clr+0x9f5f8 @ 0x73f0f5f8
LogHelp_TerminateOnAssert+0x42cf7 StrongNameErrorInfo-0x451a3 clr+0x9f74f @ 0x73f0f74f
mscorlib+0x2bb931 @ 0x71ecb931
mscorlib+0x2bbc18 @ 0x71ecbc18
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
LogHelp_TerminateOnAssert+0x31879 StrongNameErrorInfo-0x56621 clr+0x8e2d1 @ 0x73efe2d1
LogHelp_TerminateOnAssert+0x3197b StrongNameErrorInfo-0x5651f clr+0x8e3d3 @ 0x73efe3d3
mscorlib+0x843318 @ 0x72453318
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
GetCLRFunction+0x4d5 GetMetaDataPublicInterfaceFromInternal-0x9198 clr+0xec74f @ 0x73f5c74f
CopyPDBs+0x321b MetaDataGetDispenser-0x5ad9 clr+0xf9269 @ 0x73f69269
GetAddrOfContractShutoffFlag+0x10bc2 CorLaunchApplication-0x2ed06 clr+0x277842 @ 0x740e7842
AttachProfiler+0x42b0 LogHelp_LogAssert-0x15e9a clr+0x1e2e38 @ 0x74052e38
LogHelp_TerminateOnAssert+0x30167 StrongNameErrorInfo-0x57d33 clr+0x8cbbf @ 0x73efcbbf
LogHelp_TerminateOnAssert+0x302a6 StrongNameErrorInfo-0x57bf4 clr+0x8ccfe @ 0x73efccfe
RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x77d76ab9
RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x77d76a8b
New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x752f482b
KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x77d40143
mscorlib+0x230de1 @ 0x71e40de1
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73ec9424
StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73eb3f33
StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73eb3f92
GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73ec92c8
GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73ec9619
StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73eb3ea9
CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73ea0bf1
LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73f089e7
mscorlib+0x24e713 @ 0x71e5e713

registers.esp: 3122096
registers.edi: 36781412
registers.eax: 0
registers.ebp: 3122156
registers.edx: 9
registers.ebx: 36508564
registers.esi: 36550668
registers.ecx: 1945127358
exception.instruction_r: 83 78 04 00 77 05 e8 34 88 8b 73 0f b6 40 08 89
exception.instruction: cmp dword ptr [eax + 4], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x870501
success 0 0
1619781066.990952
__exception__
stacktrace: 
mscorlib+0x230de1 @ 0x71e40de1
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73ec9424
StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73eb3f33
StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73eb3f92
GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73ec92c8
GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73ec9619
StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73eb3ea9
CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73ea0bf1
LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73f089e7
mscorlib+0x24e713 @ 0x71e5e713
mscorlib+0x24e4ea @ 0x71e5e4ea
mscorlib+0x23d314 @ 0x71e4d314
mscorlib+0x23cf95 @ 0x71e4cf95
mscorlib+0x23cd51 @ 0x71e4cd51
mscorlib+0x836a4f @ 0x72446a4f
mscorlib+0x25351b @ 0x71e6351b
0x8701ac
0x870120
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x4f8b DllRegisterServerInternal-0xe1f5 clr+0x23153 @ 0x73e93153
CoUninitializeEE+0x5004 DllRegisterServerInternal-0xe17c clr+0x231cc @ 0x73e931cc
CoUninitializeEE+0x5073 DllRegisterServerInternal-0xe10d clr+0x2323b @ 0x73e9323b
CoUninitializeEE+0x524d DllRegisterServerInternal-0xdf33 clr+0x23415 @ 0x73e93415
CoUninitializeEE+0x5392 DllRegisterServerInternal-0xddee clr+0x2355a @ 0x73e9355a
GetMetaDataInternalInterface+0x838a LogHelp_TerminateOnAssert-0x5ca6 clr+0x56db2 @ 0x73ec6db2
CoUninitializeEE+0x3d8d DllRegisterServerInternal-0xf3f3 clr+0x21f55 @ 0x73e91f55
0x20d0842
0x8700d6
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73e94c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73f5ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73f5cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73f5cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73f5d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73f5d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73fdaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x752655ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x754e7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x754e4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3133200
registers.edi: 36825760
registers.eax: 0
registers.ebp: 3133260
registers.edx: 9
registers.ebx: 36508564
registers.esi: 36550668
registers.ecx: 1945127358
exception.instruction_r: 83 78 04 00 77 05 e8 34 88 8b 73 0f b6 40 08 89
exception.instruction: cmp dword ptr [eax + 4], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x870501
success 0 0
1619781067.005952
__exception__
stacktrace: 
mscorlib+0x230de1 @ 0x71e40de1
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73ec9424
StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73eb3f33
StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73eb3f92
GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73ec92c8
GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73ec9619
StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73eb3ea9
CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73ea0bf1
LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73f089e7
mscorlib+0x24e713 @ 0x71e5e713
mscorlib+0x24e4ea @ 0x71e5e4ea
mscorlib+0x23d314 @ 0x71e4d314
mscorlib+0x23cf95 @ 0x71e4cf95
mscorlib+0x23cd51 @ 0x71e4cd51
mscorlib+0x836a4f @ 0x72446a4f
mscorlib+0x25351b @ 0x71e6351b
0x8701ac
0x870120
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x4f8b DllRegisterServerInternal-0xe1f5 clr+0x23153 @ 0x73e93153
CoUninitializeEE+0x5004 DllRegisterServerInternal-0xe17c clr+0x231cc @ 0x73e931cc
CoUninitializeEE+0x5073 DllRegisterServerInternal-0xe10d clr+0x2323b @ 0x73e9323b
CoUninitializeEE+0x524d DllRegisterServerInternal-0xdf33 clr+0x23415 @ 0x73e93415
CoUninitializeEE+0x5392 DllRegisterServerInternal-0xddee clr+0x2355a @ 0x73e9355a
GetMetaDataInternalInterface+0x838a LogHelp_TerminateOnAssert-0x5ca6 clr+0x56db2 @ 0x73ec6db2
CoUninitializeEE+0x3d8d DllRegisterServerInternal-0xf3f3 clr+0x21f55 @ 0x73e91f55
0x20d0842
0x8700d6
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73e94c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73f5ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73f5cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73f5cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73f5d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73f5d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73fdaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x752655ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x754e7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x754e4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3133200
registers.edi: 36829132
registers.eax: 0
registers.ebp: 3133260
registers.edx: 9
registers.ebx: 36508564
registers.esi: 36550668
registers.ecx: 1945127358
exception.instruction_r: 83 78 04 00 77 05 e8 34 88 8b 73 0f b6 40 08 89
exception.instruction: cmp dword ptr [eax + 4], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x870501
success 0 0
1619781067.005952
__exception__
stacktrace: 
mscorlib+0x230de1 @ 0x71e40de1
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73ec9424
StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73eb3f33
StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73eb3f92
GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73ec92c8
GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73ec9619
StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73eb3ea9
CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73ea0bf1
LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73f089e7
mscorlib+0x24e713 @ 0x71e5e713
mscorlib+0x24e4ea @ 0x71e5e4ea
mscorlib+0x23d314 @ 0x71e4d314
mscorlib+0x23cf95 @ 0x71e4cf95
mscorlib+0x23cd51 @ 0x71e4cd51
mscorlib+0x836a4f @ 0x72446a4f
mscorlib+0x25351b @ 0x71e6351b
0x8701ac
0x870120
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x4f8b DllRegisterServerInternal-0xe1f5 clr+0x23153 @ 0x73e93153
CoUninitializeEE+0x5004 DllRegisterServerInternal-0xe17c clr+0x231cc @ 0x73e931cc
CoUninitializeEE+0x5073 DllRegisterServerInternal-0xe10d clr+0x2323b @ 0x73e9323b
CoUninitializeEE+0x524d DllRegisterServerInternal-0xdf33 clr+0x23415 @ 0x73e93415
CoUninitializeEE+0x5392 DllRegisterServerInternal-0xddee clr+0x2355a @ 0x73e9355a
GetMetaDataInternalInterface+0x838a LogHelp_TerminateOnAssert-0x5ca6 clr+0x56db2 @ 0x73ec6db2
CoUninitializeEE+0x3d8d DllRegisterServerInternal-0xf3f3 clr+0x21f55 @ 0x73e91f55
0x20d0842
0x8700d6
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73e94c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73f5ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73f5cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73f5cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73f5d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73f5d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73fdaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x752655ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x754e7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x754e4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3133200
registers.edi: 36832500
registers.eax: 0
registers.ebp: 3133260
registers.edx: 9
registers.ebx: 36508564
registers.esi: 36550668
registers.ecx: 1945127358
exception.instruction_r: 83 78 04 00 77 05 e8 34 88 8b 73 0f b6 40 08 89
exception.instruction: cmp dword ptr [eax + 4], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x870501
success 0 0
1619784185.128375
__exception__
stacktrace: 
0x9a02b5
0x258f146
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73e94c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73f5ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73f5cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73f5cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73f5d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73f5d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73fdaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x752655ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x754e7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x754e4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3993876
registers.edi: 41385348
registers.eax: 0
registers.ebp: 3993920
registers.edx: 8
registers.ebx: 0
registers.esi: 1765992946
registers.ecx: 0
exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc 69 c6 1a 30 10 ea
exception.instruction: mov eax, dword ptr [ecx]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x9a3a37
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (50 out of 164 个事件)
Time & API Arguments Status Return Repeated
1619781064.818952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x004d0000
success 0 0
1619781064.818952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004e0000
success 0 0
1619781065.318952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 1966080
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01f30000
success 0 0
1619781065.318952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x020d0000
success 0 0
1619781065.427952
NtProtectVirtualMemory
process_identifier: 368
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73e71000
success 0 0
1619781065.490952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 458752
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00860000
success 0 0
1619781065.490952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00890000
success 0 0
1619781065.490952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0056a000
success 0 0
1619781065.490952
NtProtectVirtualMemory
process_identifier: 368
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73e72000
success 0 0
1619781065.490952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00562000
success 0 0
1619781065.849952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00572000
success 0 0
1619781066.037952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00595000
success 0 0
1619781066.037952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0059b000
success 0 0
1619781066.037952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00597000
success 0 0
1619781066.084952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00573000
success 0 0
1619781066.084952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00574000
success 0 0
1619781066.084952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00575000
success 0 0
1619781066.115952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0057c000
success 0 0
1619781066.412952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00576000
success 0 0
1619781066.427952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00577000
success 0 0
1619781066.443952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00578000
success 0 0
1619781066.521952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00579000
success 0 0
1619781066.552952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00870000
success 0 0
1619781067.052952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0058a000
success 0 0
1619781067.052952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00587000
success 0 0
1619781067.146952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02060000
success 0 0
1619781067.162952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02061000
success 0 0
1619781067.162952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02062000
success 0 0
1619781067.287952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02063000
success 0 0
1619781067.334952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00586000
success 0 0
1619781067.396952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02064000
success 0 0
1619781067.474952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02065000
success 0 0
1619781067.474952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02066000
success 0 0
1619781067.490952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02067000
success 0 0
1619781067.490952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02068000
success 0 0
1619781067.490952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02069000
success 0 0
1619781067.490952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0206a000
success 0 0
1619781072.490952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00871000
success 0 0
1619781073.552952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0206b000
success 0 0
1619781073.568952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0206c000
success 0 0
1619781073.568952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0206d000
success 0 0
1619781073.584952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0206e000
success 0 0
1619781073.584952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0206f000
success 0 0
1619781073.584952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00872000
success 0 0
1619781073.599952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00873000
success 0 0
1619781073.599952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x048d0000
success 0 0
1619781073.615952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00563000
success 0 0
1619781073.630952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x048d1000
success 0 0
1619781073.630952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x048ef000
success 0 0
1619781073.630952
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x048e0000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.6480117941658134 section {'size_of_data': '0x0005c200', 'virtual_address': '0x00002000', 'entropy': 7.6480117941658134, 'name': '.text', 'virtual_size': '0x0005c1b4'} description A section with a high entropy has been found
entropy 0.9946018893387314 description Overall entropy of this PE file is high
Checks for the Locally Unique Identifier on the system for a suspicious privilege (2 个事件)
Time & API Arguments Status Return Repeated
1619781073.677952
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619784162.862375
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
Terminates another process (3 个事件)
Time & API Arguments Status Return Repeated
1619781123.787952
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 368
process_handle: 0x000002ac
failed 0 0
1619784179.003375
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 368
process_handle: 0x00000234
failed 0 0
1619784179.003375
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 368
process_handle: 0x00000234
failed 3221225738 0
网络通信
One or more of the buffers contains an embedded PE file (1 个事件)
buffer Buffer with sha1: 6644a387648fbced1de7f7b18bf47715203ab556
Communicates with host for which no DNS query was performed (3 个事件)
host 172.217.24.14
host 203.208.41.65
host 203.208.41.66
Allocates execute permission to another process indicative of possible code injection (1 个事件)
Time & API Arguments Status Return Repeated
1619781104.990952
NtAllocateVirtualMemory
process_identifier: 2944
region_size: 335872
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002bc
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
success 0 0
Attempts to identify installed AV products by installation directory (2 个事件)
file C:\Program Files\AVAST Software
file C:\Program Files (x86)\AVAST Software
Potential code injection by writing to the memory of another process (4 个事件)
Time & API Arguments Status Return Repeated
1619781104.990952
WriteProcessMemory
process_identifier: 2944
buffer: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELR%Â^à  ª®È à@  @…XÈSà@  H.text´¨ ª `.rsrc@à¬@@.reloc ²@B
process_handle: 0x000002bc
base_address: 0x00400000
success 1 0
1619781105.005952
WriteProcessMemory
process_identifier: 2944
buffer:  €P€8€€h€ à´Tãê´4VS_VERSION_INFO½ïþ?DVarFileInfo$Translation°StringFileInfoð000004b0,FileDescription 0FileVersion0.0.0.0p(InternalNameaJPuGhmrKKVZTYAkeQnaoJZoIoRYTugPvfl.exe(LegalCopyright x(OriginalFilenameaJPuGhmrKKVZTYAkeQnaoJZoIoRYTugPvfl.exe4ProductVersion0.0.0.08Assembly Version0.0.0.0<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
process_handle: 0x000002bc
base_address: 0x0044e000
success 1 0
1619781105.005952
WriteProcessMemory
process_identifier: 2944
buffer: À °8
process_handle: 0x000002bc
base_address: 0x00450000
success 1 0
1619781105.005952
WriteProcessMemory
process_identifier: 2944
buffer: @
process_handle: 0x000002bc
base_address: 0x7efde008
success 1 0
Code injection by writing an executable or DLL to the memory of another process (1 个事件)
Time & API Arguments Status Return Repeated
1619781104.990952
WriteProcessMemory
process_identifier: 2944
buffer: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELR%Â^à  ª®È à@  @…XÈSà@  H.text´¨ ª `.rsrc@à¬@@.reloc ²@B
process_handle: 0x000002bc
base_address: 0x00400000
success 1 0
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 368 called NtSetContextThread to modify thread in remote process 2944
Time & API Arguments Status Return Repeated
1619781105.005952
NtSetContextThread
thread_handle: 0x000002b8
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4507822
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2944
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 368 resumed a thread in remote process 2944
Time & API Arguments Status Return Repeated
1619781105.380952
NtResumeThread
thread_handle: 0x000002b8
suspend_count: 1
process_identifier: 2944
success 0 0
Generates some ICMP traffic
Executed a process and injected code into it, probably while unpacking (21 个事件)
Time & API Arguments Status Return Repeated
1619781065.490952
NtResumeThread
thread_handle: 0x000000d8
suspend_count: 1
process_identifier: 368
success 0 0
1619781065.505952
NtResumeThread
thread_handle: 0x00000124
suspend_count: 1
process_identifier: 368
success 0 0
1619781065.630952
NtResumeThread
thread_handle: 0x0000016c
suspend_count: 1
process_identifier: 368
success 0 0
1619781073.818952
NtResumeThread
thread_handle: 0x00000228
suspend_count: 1
process_identifier: 368
success 0 0
1619781074.005952
NtResumeThread
thread_handle: 0x000002a0
suspend_count: 1
process_identifier: 368
success 0 0
1619781104.974952
CreateProcessInternalW
thread_identifier: 2940
thread_handle: 0x000002b8
process_identifier: 2944
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\9ae795a6a67c958c15d120c26efced30.exe
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\9ae795a6a67c958c15d120c26efced30.exe"
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\9ae795a6a67c958c15d120c26efced30.exe
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x000002bc
inherit_handles: 0
success 1 0
1619781104.990952
NtGetContextThread
thread_handle: 0x000002b8
success 0 0
1619781104.990952
NtAllocateVirtualMemory
process_identifier: 2944
region_size: 335872
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002bc
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
success 0 0
1619781104.990952
WriteProcessMemory
process_identifier: 2944
buffer: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELR%Â^à  ª®È à@  @…XÈSà@  H.text´¨ ª `.rsrc@à¬@@.reloc ²@B
process_handle: 0x000002bc
base_address: 0x00400000
success 1 0
1619781104.990952
WriteProcessMemory
process_identifier: 2944
buffer:
process_handle: 0x000002bc
base_address: 0x00402000
success 1 0
1619781105.005952
WriteProcessMemory
process_identifier: 2944
buffer:  €P€8€€h€ à´Tãê´4VS_VERSION_INFO½ïþ?DVarFileInfo$Translation°StringFileInfoð000004b0,FileDescription 0FileVersion0.0.0.0p(InternalNameaJPuGhmrKKVZTYAkeQnaoJZoIoRYTugPvfl.exe(LegalCopyright x(OriginalFilenameaJPuGhmrKKVZTYAkeQnaoJZoIoRYTugPvfl.exe4ProductVersion0.0.0.08Assembly Version0.0.0.0<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
process_handle: 0x000002bc
base_address: 0x0044e000
success 1 0
1619781105.005952
WriteProcessMemory
process_identifier: 2944
buffer: À °8
process_handle: 0x000002bc
base_address: 0x00450000
success 1 0
1619781105.005952
WriteProcessMemory
process_identifier: 2944
buffer: @
process_handle: 0x000002bc
base_address: 0x7efde008
success 1 0
1619781105.005952
NtSetContextThread
thread_handle: 0x000002b8
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4507822
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2944
success 0 0
1619781105.380952
NtResumeThread
thread_handle: 0x000002b8
suspend_count: 1
process_identifier: 2944
success 0 0
1619784161.096375
NtResumeThread
thread_handle: 0x000000d8
suspend_count: 1
process_identifier: 2944
success 0 0
1619784161.112375
NtResumeThread
thread_handle: 0x00000120
suspend_count: 1
process_identifier: 2944
success 0 0
1619784161.221375
NtResumeThread
thread_handle: 0x00000164
suspend_count: 1
process_identifier: 2944
success 0 0
1619784181.987375
NtResumeThread
thread_handle: 0x000002e0
suspend_count: 1
process_identifier: 2944
success 0 0
1619784182.300375
NtResumeThread
thread_handle: 0x00000310
suspend_count: 1
process_identifier: 2944
success 0 0
1619784185.331375
NtResumeThread
thread_handle: 0x00000368
suspend_count: 1
process_identifier: 2944
success 0 0
File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.33919702
FireEye Generic.mg.9ae795a6a67c958c
McAfee Fareit-FWH!9AE795A6A67C
Cylance Unsafe
K7AntiVirus Trojan ( 0056796b1 )
Alibaba TrojanPSW:MSIL/Agensla.5a0eb63c
K7GW Trojan ( 0056796b1 )
Cybereason malicious.6a67c9
Arcabit Trojan.Generic.D20592D6
BitDefenderTheta Gen:NN.ZemsilF.34700.xm0@aSNeYGb
Cyren W32/MSIL_Kryptik.ATN.gen!Eldorado
Symantec Trojan.Gen.2
ESET-NOD32 MSIL/Autorun.Spy.Agent.DF
APEX Malicious
Avast Win32:TrojanX-gen [Trj]
Kaspersky HEUR:Trojan-PSW.MSIL.Agensla.gen
BitDefender Trojan.GenericKD.33919702
Paloalto generic.ml
Ad-Aware Trojan.GenericKD.33919702
Emsisoft Trojan.GenericKD.33919702 (B)
Comodo Malware@#3laktwkkl9jex
F-Secure Trojan.TR/AD.AgentTesla.wjmmq
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R06EC0PIA20
McAfee-GW-Edition BehavesLike.Win32.Generic.fc
Sophos Mal/Generic-S
Ikarus Trojan.Inject
Jiangmin Trojan.PSW.MSIL.aahh
eGambit Unsafe.AI_Score_89%
Avira TR/AD.AgentTesla.wjmmq
Antiy-AVL Trojan/Win32.Sonbokli
Gridinsoft Trojan.Win32.Downloader.dd!ni
Microsoft Trojan:Win32/Ymacco.AAD1
ZoneAlarm HEUR:Trojan-PSW.MSIL.Agensla.gen
GData Trojan.GenericKD.33919702
Cynet Malicious (score: 90)
AhnLab-V3 Trojan/Win32.AgentTesla.C4111465
VBA32 TScope.Trojan.MSIL
ALYac Spyware.AgentTesla
MAX malware (ai score=81)
Malwarebytes Spyware.AgentTesla
TrendMicro-HouseCall TROJ_GEN.R06EC0PIA20
Yandex Trojan.Igent.bTOrsF.5
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.121218.susgen
Fortinet MSIL/GenKryptik.ELIC!tr
Webroot W32.Trojan.Gen
AVG Win32:TrojanX-gen [Trj]
Panda Trj/GdSda.A
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-05-28 06:02:18

Imports

Library mscoree.dll:
0x402000 _CorExeMain

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.