11.0
0-day
48 个模型检测该样本为恶意!
重新分析
更多

2ae1c7a5828344b803f6c5085ff52866be49fc5ec3c3e868d850283a6e8fce59

9d60d8928bc0478b3029e59024b5f407.exe

分析耗时

92s

最近分析

文件大小

2.2MB
静态报毒 动态报毒 AI SCORE=85 AIDETECTVM AUTO CONFIDENCE FBFRJ GDSDA GENERICKD GENERICRXKN HDKM HIGH CONFIDENCE HKRIVJ KQW@AU5KQ@OO KRYPTIK MALICIOUS PE MALWARE1 MALWARE@#3BHIWU1HRW4E6 OCCAMY PARALLAX POSSIBLETHREAT R06EC0PID20 R342474 SCORE SUSGEN UNSAFE XAPARO ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee GenericRXKN-ZN!9D60D8928BC0 20200918 6.0.6.653
CrowdStrike win/malicious_confidence_70% (W) 20190702 1.0
Alibaba Backdoor:Win32/Occamy.e7db9989 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20200918 18.4.3895.0
Tencent Win32.Trojan.Inject.Auto 20200918 1.0.0.1
Kingsoft 20200918 2013.8.14.323
静态指标
Checks if process is being debugged by a debugger (1 个事件)
Time & API Arguments Status Return Repeated
1619811308.412999
IsDebuggerPresent
failed 0 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (4 个事件)
section CODE
section DATA
section BSS
section KLIBVYYF
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (50 out of 32451 个事件)
Time & API Arguments Status Return Repeated
1619811291.006626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 135168
registers.eax: 0
registers.ebp: 1638120
registers.edx: 1983904256
registers.ebx: 1983189538
registers.esi: 1983912052
registers.ecx: 0
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.006626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 200704
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.006626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 266240
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.006626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 331776
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.006626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 397312
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.006626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 462848
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.006626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 528384
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.006626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 593920
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.006626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 659456
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.006626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 724992
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.006626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 790528
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.006626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 856064
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.006626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 921600
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.006626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 987136
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.006626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 1052672
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.006626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 1118208
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.006626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 1183744
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.006626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 1249280
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.006626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 1314816
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.006626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 1380352
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.006626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 1445888
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.006626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 1511424
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.006626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 1576960
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.006626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 1708032
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 0
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.006626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 1773568
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.006626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 1839104
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.006626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 1904640
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.115626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 2428928
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 5570625
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.115626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 2494464
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.115626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 2560000
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.115626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 2625536
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.115626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 2691072
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.115626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 2822144
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 779251572
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.115626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 2887680
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.115626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 3084288
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 2337669003
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.115626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 3149824
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.115626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 3280896
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 46776
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.115626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 3411968
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 0
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.115626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 3477504
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.115626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 3543040
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.115626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 3608576
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.115626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 3674112
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.115626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 3739648
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.115626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 3805184
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.115626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 3870720
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.115626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 3936256
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.115626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 4001792
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.115626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 4067328
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.115626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 4132864
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 1638212
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
1619811291.115626
__exception__
stacktrace: 
9d60d8928bc0478b3029e59024b5f407+0x135684 @ 0x535684
9d60d8928bc0478b3029e59024b5f407+0xa97c4 @ 0x4a97c4
9d60d8928bc0478b3029e59024b5f407+0xa97b8 @ 0x4a97b8
9d60d8928bc0478b3029e59024b5f407+0x478f @ 0x40478f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638108
registers.edi: 6492160
registers.eax: 0
registers.ebp: 1638120
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1636984
registers.ecx: 0
exception.instruction_r: 8b 3f e9 92 f7 ff ff 81 ee f9 9a 2c fa 81 f2 51
exception.symbol: 9d60d8928bc0478b3029e59024b5f407+0x134de6
exception.instruction: mov edi, dword ptr [edi]
exception.module: 9d60d8928bc0478b3029e59024b5f407.exe
exception.exception_code: 0xc0000005
exception.offset: 1265126
exception.address: 0x534de6
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:1755703248&cup2hreq=a2143cdd438bfd144283e120c26efee9c5124eb8a6e85ea8033c23ec759ccaa1
Performs some HTTP requests (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:1755703248&cup2hreq=a2143cdd438bfd144283e120c26efee9c5124eb8a6e85ea8033c23ec759ccaa1
Sends data using the HTTP POST Method (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:1755703248&cup2hreq=a2143cdd438bfd144283e120c26efee9c5124eb8a6e85ea8033c23ec759ccaa1
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1619811297.865626
NtAllocateVirtualMemory
process_identifier: 196
region_size: 503808
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01fb0000
success 0 0
1619811297.897626
NtAllocateVirtualMemory
process_identifier: 196
region_size: 1572864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02030000
success 0 0
1619811297.990626
NtProtectVirtualMemory
process_identifier: 196
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619811307.897626
CreateProcessInternalW
thread_identifier: 2576
thread_handle: 0x00000284
process_identifier: 2840
current_directory:
filepath: C:\Windows\SysWOW64\cmd.exe
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\9d60d8928bc0478b3029e59024b5f407.exe"
filepath_r: C:\Windows\SysWOW64\cmd.exe
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x00000288
inherit_handles: 1
success 1 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.940029965102175 section {'size_of_data': '0x00026a00', 'virtual_address': '0x0010f000', 'entropy': 7.940029965102175, 'name': '.reloc', 'virtual_size': '0x00027000'} description A section with a high entropy has been found
Repeatedly searches for a not-found process, you may want to run a web browser during analysis (19 个事件)
Time & API Arguments Status Return Repeated
1619811298.272626
Process32NextW
process_name: 9d60d8928bc0478b3029e59024b5f407.exe
snapshot_handle: 0x00000088
process_identifier: 196
failed 0 0
1619811298.444626
Process32NextW
process_name: 9d60d8928bc0478b3029e59024b5f407.exe
snapshot_handle: 0x0000008c
process_identifier: 196
failed 0 0
1619811298.631626
Process32NextW
process_name: 9d60d8928bc0478b3029e59024b5f407.exe
snapshot_handle: 0x00000090
process_identifier: 196
failed 0 0
1619811298.803626
Process32NextW
process_name: 9d60d8928bc0478b3029e59024b5f407.exe
snapshot_handle: 0x00000094
process_identifier: 196
failed 0 0
1619811299.022626
Process32NextW
process_name: 9d60d8928bc0478b3029e59024b5f407.exe
snapshot_handle: 0x00000098
process_identifier: 196
failed 0 0
1619811299.256626
Process32NextW
process_name: 9d60d8928bc0478b3029e59024b5f407.exe
snapshot_handle: 0x0000009c
process_identifier: 196
failed 0 0
1619811299.428626
Process32NextW
process_name: 9d60d8928bc0478b3029e59024b5f407.exe
snapshot_handle: 0x000000a0
process_identifier: 196
failed 0 0
1619811299.600626
Process32NextW
process_name: 9d60d8928bc0478b3029e59024b5f407.exe
snapshot_handle: 0x000000a4
process_identifier: 196
failed 0 0
1619811299.819626
Process32NextW
process_name: 9d60d8928bc0478b3029e59024b5f407.exe
snapshot_handle: 0x000000a8
process_identifier: 196
failed 0 0
1619811300.037626
Process32NextW
process_name: 9d60d8928bc0478b3029e59024b5f407.exe
snapshot_handle: 0x000000ac
process_identifier: 196
failed 0 0
1619811300.209626
Process32NextW
process_name: 9d60d8928bc0478b3029e59024b5f407.exe
snapshot_handle: 0x000000b0
process_identifier: 196
failed 0 0
1619811300.397626
Process32NextW
process_name: 9d60d8928bc0478b3029e59024b5f407.exe
snapshot_handle: 0x000000b4
process_identifier: 196
failed 0 0
1619811300.584626
Process32NextW
process_name: 9d60d8928bc0478b3029e59024b5f407.exe
snapshot_handle: 0x000000b8
process_identifier: 196
failed 0 0
1619811300.803626
Process32NextW
process_name: 9d60d8928bc0478b3029e59024b5f407.exe
snapshot_handle: 0x000000bc
process_identifier: 196
failed 0 0
1619811301.006626
Process32NextW
process_name: 9d60d8928bc0478b3029e59024b5f407.exe
snapshot_handle: 0x000000c0
process_identifier: 196
failed 0 0
1619811301.194626
Process32NextW
process_name: 9d60d8928bc0478b3029e59024b5f407.exe
snapshot_handle: 0x000000c4
process_identifier: 196
failed 0 0
1619811301.397626
Process32NextW
process_name: 9d60d8928bc0478b3029e59024b5f407.exe
snapshot_handle: 0x000000c8
process_identifier: 196
failed 0 0
1619811301.600626
Process32NextW
process_name: 9d60d8928bc0478b3029e59024b5f407.exe
snapshot_handle: 0x000000cc
process_identifier: 196
failed 0 0
1619811301.803626
Process32NextW
process_name: 9d60d8928bc0478b3029e59024b5f407.exe
snapshot_handle: 0x000000d0
process_identifier: 196
failed 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Allocates execute permission to another process indicative of possible code injection (4 个事件)
Time & API Arguments Status Return Repeated
1619811308.115626
NtAllocateVirtualMemory
process_identifier: 2840
region_size: 147456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000288
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
success 0 0
1619811308.115626
NtProtectVirtualMemory
process_identifier: 2840
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000288
base_address: 0x77d4f000
success 0 0
1619811308.131626
NtAllocateVirtualMemory
process_identifier: 2840
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000288
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000f0000
success 0 0
1619811308.131626
NtAllocateVirtualMemory
process_identifier: 2840
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000288
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00100000
success 0 0
Potential code injection by writing to the memory of another process (3 个事件)
Time & API Arguments Status Return Repeated
1619811308.162626
WriteProcessMemory
process_identifier: 2840
buffer: C:\Users\Administrator.Oskar-PC\AppData\Roaming\
process_handle: 0x00000288
base_address: 0x00100000
success 1 0
1619811308.162626
WriteProcessMemory
process_identifier: 2840
buffer: 
process_handle: 0x00000288
base_address: 0x006d27c8
success 1 0
1619811308.162626
WriteProcessMemory
process_identifier: 2840
buffer: 
process_handle: 0x00000288
base_address: 0x006d27c4
success 1 0
Attempts to remove evidence of file being downloaded from the Internet (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\:Zone.Identifier
Generates some ICMP traffic
Executed a process and injected code into it, probably while unpacking (8 个事件)
Time & API Arguments Status Return Repeated
1619811307.897626
CreateProcessInternalW
thread_identifier: 2576
thread_handle: 0x00000284
process_identifier: 2840
current_directory:
filepath: C:\Windows\SysWOW64\cmd.exe
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\9d60d8928bc0478b3029e59024b5f407.exe"
filepath_r: C:\Windows\SysWOW64\cmd.exe
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x00000288
inherit_handles: 1
success 1 0
1619811307.912626
NtGetContextThread
thread_handle: 0x00000284
success 0 0
1619811308.115626
NtAllocateVirtualMemory
process_identifier: 2840
region_size: 147456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000288
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
success 0 0
1619811308.131626
NtAllocateVirtualMemory
process_identifier: 2840
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000288
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000f0000
success 0 0
1619811308.131626
NtAllocateVirtualMemory
process_identifier: 2840
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000288
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00100000
success 0 0
1619811308.162626
WriteProcessMemory
process_identifier: 2840
buffer: C:\Users\Administrator.Oskar-PC\AppData\Roaming\
process_handle: 0x00000288
base_address: 0x00100000
success 1 0
1619811308.162626
WriteProcessMemory
process_identifier: 2840
buffer: 
process_handle: 0x00000288
base_address: 0x006d27c8
success 1 0
1619811308.162626
WriteProcessMemory
process_identifier: 2840
buffer: 
process_handle: 0x00000288
base_address: 0x006d27c4
success 1 0
File has been identified by 48 AntiVirus engines on VirusTotal as malicious (48 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.33837504
FireEye Generic.mg.9d60d8928bc0478b
McAfee GenericRXKN-ZN!9D60D8928BC0
Cylance Unsafe
Zillya Trojan.Kryptik.Win32.2035528
CrowdStrike win/malicious_confidence_70% (W)
Alibaba Backdoor:Win32/Occamy.e7db9989
K7GW Trojan ( 00566c941 )
K7AntiVirus Trojan ( 00566c941 )
Arcabit Trojan.Generic.D20451C0
Symantec Trojan Horse
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 85)
Kaspersky HEUR:Backdoor.Win32.Xaparo.gen
BitDefender Trojan.GenericKD.33837504
NANO-Antivirus Trojan.Win32.Rat.hkrivj
Avast Win32:Trojan-gen
Tencent Win32.Trojan.Inject.Auto
Ad-Aware Trojan.GenericKD.33837504
Comodo Malware@#3bhiwu1hrw4e6
F-Secure Trojan.TR/Kryptik.fbfrj
DrWeb BackDoor.Rat.268
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R06EC0PID20
Sophos Mal/Generic-S
SentinelOne DFI - Malicious PE
Avira TR/Kryptik.fbfrj
MAX malware (ai score=85)
Antiy-AVL Trojan[Backdoor]/Win32.Xaparo
Microsoft Trojan:Win32/Occamy.AA
AegisLab Trojan.Win32.Xaparo.m!c
ZoneAlarm HEUR:Backdoor.Win32.Xaparo.gen
GData Trojan.GenericKD.33837504
AhnLab-V3 Trojan/Win32.Occamy.R342474
ALYac Backdoor.RAT.Parallax
Malwarebytes Trojan.Injector
ESET-NOD32 a variant of Win32/Kryptik.HDKM
TrendMicro-HouseCall TROJ_GEN.R06EC0PID20
Ikarus Backdoor.Rat.Parallax
MaxSecure Trojan.Malware.300983.susgen
Fortinet PossibleThreat.MU
BitDefenderTheta Gen:NN.ZelphiF.34254.kQW@au5KQ@oO
AVG Win32:Trojan-gen
Panda Trj/GdSda.A
Qihoo-360 Win32/Backdoor.ed6
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.110:443
dead_host 205.185.117.227:2550
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x4ae18c VirtualFree
0x4ae190 VirtualAlloc
0x4ae194 LocalFree
0x4ae198 LocalAlloc
0x4ae19c GetTickCount
0x4ae1a4 GetVersion
0x4ae1a8 GetCurrentThreadId
0x4ae1b4 VirtualQuery
0x4ae1b8 WideCharToMultiByte
0x4ae1bc MultiByteToWideChar
0x4ae1c0 lstrlenA
0x4ae1c4 lstrcpynA
0x4ae1c8 LoadLibraryExA
0x4ae1cc GetThreadLocale
0x4ae1d0 GetStartupInfoA
0x4ae1d4 GetProcAddress
0x4ae1d8 GetModuleHandleA
0x4ae1dc GetModuleFileNameA
0x4ae1e0 GetLocaleInfoA
0x4ae1e4 GetLastError
0x4ae1e8 GetCommandLineA
0x4ae1ec FreeLibrary
0x4ae1f0 FindFirstFileA
0x4ae1f4 FindClose
0x4ae1f8 ExitProcess
0x4ae1fc WriteFile
0x4ae204 SetFilePointer
0x4ae208 SetEndOfFile
0x4ae20c RtlUnwind
0x4ae210 ReadFile
0x4ae214 RaiseException
0x4ae218 GetStdHandle
0x4ae21c GetFileSize
0x4ae220 GetFileType
0x4ae224 CreateFileA
0x4ae228 CloseHandle
Library user32.dll:
0x4ae230 GetKeyboardType
0x4ae234 LoadStringA
0x4ae238 MessageBoxA
0x4ae23c CharNextA
Library advapi32.dll:
0x4ae244 RegQueryValueExA
0x4ae248 RegOpenKeyExA
0x4ae24c RegCloseKey
Library oleaut32.dll:
0x4ae254 SysFreeString
0x4ae258 SysReAllocStringLen
0x4ae25c SysAllocStringLen
Library kernel32.dll:
0x4ae264 TlsSetValue
0x4ae268 TlsGetValue
0x4ae26c LocalAlloc
0x4ae270 GetModuleHandleA
Library advapi32.dll:
0x4ae278 RegSetValueExA
0x4ae27c RegQueryValueExA
0x4ae280 RegOpenKeyExA
0x4ae284 RegFlushKey
0x4ae288 RegCreateKeyExA
0x4ae28c RegCloseKey
Library kernel32.dll:
0x4ae294 lstrcpyA
0x4ae29c WriteFile
0x4ae2a0 WaitForSingleObject
0x4ae2a4 VirtualQuery
0x4ae2a8 VirtualAlloc
0x4ae2ac Sleep
0x4ae2b0 SizeofResource
0x4ae2b4 SetThreadLocale
0x4ae2b8 SetFilePointer
0x4ae2bc SetEvent
0x4ae2c0 SetErrorMode
0x4ae2c4 SetEndOfFile
0x4ae2c8 ResetEvent
0x4ae2cc ReadFile
0x4ae2d0 MultiByteToWideChar
0x4ae2d4 MulDiv
0x4ae2d8 LockResource
0x4ae2dc LoadResource
0x4ae2e0 LoadLibraryA
0x4ae2ec GlobalUnlock
0x4ae2f0 GlobalReAlloc
0x4ae2f4 GlobalHandle
0x4ae2f8 GlobalLock
0x4ae2fc GlobalFree
0x4ae300 GlobalFindAtomA
0x4ae304 GlobalDeleteAtom
0x4ae308 GlobalAlloc
0x4ae30c GlobalAddAtomA
0x4ae310 GetVersionExA
0x4ae314 GetVersion
0x4ae318 GetTickCount
0x4ae31c GetThreadLocale
0x4ae320 GetSystemInfo
0x4ae324 GetStringTypeExA
0x4ae328 GetStdHandle
0x4ae32c GetProcAddress
0x4ae334 GetModuleHandleA
0x4ae338 GetModuleFileNameA
0x4ae33c GetLocaleInfoA
0x4ae340 GetLocalTime
0x4ae344 GetLastError
0x4ae348 GetFullPathNameA
0x4ae34c GetDiskFreeSpaceA
0x4ae350 GetDateFormatA
0x4ae354 GetCurrentThreadId
0x4ae358 GetCurrentProcessId
0x4ae35c GetCPInfo
0x4ae360 GetACP
0x4ae364 FreeResource
0x4ae368 InterlockedExchange
0x4ae36c FreeLibrary
0x4ae370 FormatMessageA
0x4ae374 FindResourceA
0x4ae378 EnumCalendarInfoA
0x4ae384 CreateThread
0x4ae388 CreateFileA
0x4ae38c CreateEventA
0x4ae390 CompareStringA
0x4ae394 CloseHandle
Library version.dll:
0x4ae39c VerQueryValueA
0x4ae3a4 GetFileVersionInfoA
Library gdi32.dll:
0x4ae3ac UnrealizeObject
0x4ae3b0 StretchBlt
0x4ae3b4 SetWindowOrgEx
0x4ae3b8 SetWinMetaFileBits
0x4ae3bc SetViewportOrgEx
0x4ae3c0 SetTextColor
0x4ae3c4 SetStretchBltMode
0x4ae3c8 SetROP2
0x4ae3cc SetPixel
0x4ae3d0 SetMapMode
0x4ae3d4 SetEnhMetaFileBits
0x4ae3d8 SetDIBColorTable
0x4ae3dc SetBrushOrgEx
0x4ae3e0 SetBkMode
0x4ae3e4 SetBkColor
0x4ae3e8 SelectPalette
0x4ae3ec SelectObject
0x4ae3f0 SelectClipRgn
0x4ae3f4 SaveDC
0x4ae3f8 RoundRect
0x4ae3fc RestoreDC
0x4ae400 Rectangle
0x4ae404 RectVisible
0x4ae408 RealizePalette
0x4ae40c Polyline
0x4ae410 PlayEnhMetaFile
0x4ae414 PatBlt
0x4ae418 MoveToEx
0x4ae41c MaskBlt
0x4ae420 LineTo
0x4ae424 IntersectClipRect
0x4ae428 GetWindowOrgEx
0x4ae42c GetWinMetaFileBits
0x4ae430 GetTextMetricsA
0x4ae434 GetTextExtentPointA
0x4ae440 GetStockObject
0x4ae444 GetPixel
0x4ae448 GetPaletteEntries
0x4ae44c GetObjectA
0x4ae450 GetMapMode
0x4ae45c GetEnhMetaFileBits
0x4ae460 GetDeviceCaps
0x4ae464 GetDIBits
0x4ae468 GetDIBColorTable
0x4ae46c GetDCOrgEx
0x4ae474 GetClipBox
0x4ae478 GetBrushOrgEx
0x4ae47c GetBitmapBits
0x4ae480 ExtTextOutA
0x4ae484 ExcludeClipRect
0x4ae488 EnumFontFamiliesExA
0x4ae48c Ellipse
0x4ae490 DeleteObject
0x4ae494 DeleteEnhMetaFile
0x4ae498 DeleteDC
0x4ae49c DPtoLP
0x4ae4a0 CreateSolidBrush
0x4ae4a4 CreateRoundRectRgn
0x4ae4a8 CreateRectRgn
0x4ae4ac CreatePenIndirect
0x4ae4b0 CreatePalette
0x4ae4b8 CreateFontIndirectA
0x4ae4bc CreateDIBitmap
0x4ae4c0 CreateDIBSection
0x4ae4c4 CreateCompatibleDC
0x4ae4cc CreateBrushIndirect
0x4ae4d0 CreateBitmap
0x4ae4d4 CopyEnhMetaFileA
0x4ae4d8 CombineRgn
0x4ae4dc BitBlt
Library user32.dll:
0x4ae4e4 CreateWindowExA
0x4ae4e8 WindowFromPoint
0x4ae4ec WinHelpA
0x4ae4f0 WaitMessage
0x4ae4f4 UpdateWindow
0x4ae4f8 UnregisterClassA
0x4ae4fc UnhookWindowsHookEx
0x4ae500 TranslateMessage
0x4ae508 TrackPopupMenu
0x4ae50c TrackMouseEvent
0x4ae514 ShowWindow
0x4ae518 ShowScrollBar
0x4ae51c ShowOwnedPopups
0x4ae520 ShowCursor
0x4ae524 SetWindowsHookExA
0x4ae528 SetWindowTextA
0x4ae52c SetWindowPos
0x4ae530 SetWindowPlacement
0x4ae534 SetWindowLongA
0x4ae538 SetTimer
0x4ae53c SetScrollRange
0x4ae540 SetScrollPos
0x4ae544 SetScrollInfo
0x4ae548 SetRect
0x4ae54c SetPropA
0x4ae550 SetParent
0x4ae554 SetMenuItemInfoA
0x4ae558 SetMenu
0x4ae55c SetForegroundWindow
0x4ae560 SetFocus
0x4ae564 SetCursor
0x4ae568 SetClipboardData
0x4ae56c SetClassLongA
0x4ae570 SetCapture
0x4ae574 SetActiveWindow
0x4ae578 SendMessageA
0x4ae57c ScrollWindow
0x4ae580 ScreenToClient
0x4ae584 RemovePropA
0x4ae588 RemoveMenu
0x4ae58c ReleaseDC
0x4ae590 ReleaseCapture
0x4ae59c RegisterClassA
0x4ae5a0 RedrawWindow
0x4ae5a4 PtInRect
0x4ae5a8 PostQuitMessage
0x4ae5ac PostMessageA
0x4ae5b0 PeekMessageA
0x4ae5b4 OpenClipboard
0x4ae5b8 OffsetRect
0x4ae5bc OemToCharA
0x4ae5c0 MessageBoxA
0x4ae5c4 MessageBeep
0x4ae5c8 MapWindowPoints
0x4ae5cc MapVirtualKeyA
0x4ae5d0 LoadStringA
0x4ae5d4 LoadKeyboardLayoutA
0x4ae5d8 LoadIconA
0x4ae5dc LoadCursorA
0x4ae5e0 LoadBitmapA
0x4ae5e4 KillTimer
0x4ae5e8 IsZoomed
0x4ae5ec IsWindowVisible
0x4ae5f0 IsWindowEnabled
0x4ae5f4 IsWindow
0x4ae5f8 IsRectEmpty
0x4ae5fc IsIconic
0x4ae600 IsDialogMessageA
0x4ae604 IsChild
0x4ae608 InvalidateRect
0x4ae60c IntersectRect
0x4ae610 InsertMenuItemA
0x4ae614 InsertMenuA
0x4ae618 InflateRect
0x4ae620 GetWindowTextA
0x4ae624 GetWindowRect
0x4ae628 GetWindowPlacement
0x4ae62c GetWindowLongA
0x4ae630 GetWindowDC
0x4ae634 GetTopWindow
0x4ae638 GetSystemMetrics
0x4ae63c GetSystemMenu
0x4ae640 GetSysColorBrush
0x4ae644 GetSysColor
0x4ae648 GetSubMenu
0x4ae64c GetScrollRange
0x4ae650 GetScrollPos
0x4ae654 GetScrollInfo
0x4ae658 GetPropA
0x4ae65c GetParent
0x4ae660 GetWindow
0x4ae664 GetMenuStringA
0x4ae668 GetMenuState
0x4ae66c GetMenuItemInfoA
0x4ae670 GetMenuItemID
0x4ae674 GetMenuItemCount
0x4ae678 GetMenu
0x4ae67c GetLastActivePopup
0x4ae680 GetKeyboardState
0x4ae688 GetKeyboardLayout
0x4ae68c GetKeyState
0x4ae690 GetKeyNameTextA
0x4ae694 GetIconInfo
0x4ae698 GetForegroundWindow
0x4ae69c GetFocus
0x4ae6a0 GetDlgItem
0x4ae6a4 GetDesktopWindow
0x4ae6a8 GetDCEx
0x4ae6ac GetDC
0x4ae6b0 GetCursorPos
0x4ae6b4 GetCursor
0x4ae6b8 GetClipboardData
0x4ae6bc GetClientRect
0x4ae6c0 GetClassNameA
0x4ae6c4 GetClassInfoA
0x4ae6c8 GetCapture
0x4ae6cc GetAsyncKeyState
0x4ae6d0 GetActiveWindow
0x4ae6d4 FrameRect
0x4ae6d8 FindWindowA
0x4ae6dc FillRect
0x4ae6e0 EqualRect
0x4ae6e4 EnumWindows
0x4ae6e8 EnumThreadWindows
0x4ae6ec EndPaint
0x4ae6f0 EndDeferWindowPos
0x4ae6f4 EnableWindow
0x4ae6f8 EnableScrollBar
0x4ae6fc EnableMenuItem
0x4ae700 EmptyClipboard
0x4ae704 DrawTextW
0x4ae708 DrawTextA
0x4ae70c DrawMenuBar
0x4ae710 DrawIconEx
0x4ae714 DrawIcon
0x4ae718 DrawFrameControl
0x4ae71c DrawFocusRect
0x4ae720 DrawEdge
0x4ae724 DispatchMessageA
0x4ae728 DestroyWindow
0x4ae72c DestroyMenu
0x4ae730 DestroyIcon
0x4ae734 DestroyCursor
0x4ae738 DeleteMenu
0x4ae73c DeferWindowPos
0x4ae740 DefWindowProcA
0x4ae744 DefMDIChildProcA
0x4ae748 DefFrameProcA
0x4ae74c CreatePopupMenu
0x4ae750 CreateMenu
0x4ae754 CreateIcon
0x4ae758 CloseClipboard
0x4ae75c ClientToScreen
0x4ae760 CheckMenuItem
0x4ae764 CallWindowProcA
0x4ae768 CallNextHookEx
0x4ae76c BeginPaint
0x4ae770 BeginDeferWindowPos
0x4ae774 CharNextA
0x4ae778 CharLowerBuffA
0x4ae77c CharLowerA
0x4ae780 CharUpperBuffA
0x4ae784 CharToOemA
0x4ae788 AdjustWindowRectEx
Library ole32.dll:
0x4ae794 IsEqualGUID
Library kernel32.dll:
0x4ae79c Sleep
Library oleaut32.dll:
0x4ae7a4 SafeArrayPtrOfIndex
0x4ae7a8 SafeArrayPutElement
0x4ae7ac SafeArrayGetElement
0x4ae7b4 SafeArrayAccessData
0x4ae7b8 SafeArrayGetUBound
0x4ae7bc SafeArrayGetLBound
0x4ae7c0 SafeArrayCreate
0x4ae7c4 VariantChangeType
0x4ae7c8 VariantCopyInd
0x4ae7cc VariantCopy
0x4ae7d0 VariantClear
0x4ae7d4 VariantInit
Library ole32.dll:
0x4ae7e0 CoUninitialize
0x4ae7e4 CoInitialize
Library oleaut32.dll:
0x4ae7ec GetErrorInfo
0x4ae7f0 SysFreeString

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49185 203.208.41.66 update.googleapis.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 54178 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 60221 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57236 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 60088 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.