4.6
中危
60 个模型检测该样本为恶意!
重新分析
更多

7629b2e44020de99d74665b6afb0877f1f9b192714302eff3a6b38f61f2d79f2

c654b38c47cc16248ae712947d6dd4aa.exe

分析耗时

42s

最近分析

文件大小

212.0KB
静态报毒 动态报毒 100% 7IMDPEK8SXNU+WCH0FZZAW AI SCORE=100 AIDETECTVM CCMW CONFIDENCE CRIDEX DRIDEX DRIXED ELDORADO EMOTET GDSDA GENCIRC GENERIC@ML GENERICKD HIGH CONFIDENCE KRYPTIK MALICIOUS PE MALWARE1 MALWARE@#1W0L62ZHZ2MX9 NU0@ACECS8CI OZBAY06QLZ4 PALLAS POSSIBLETHREAT QVM20 R007C0DKE20 R345282 RDMK S + TROJ SCORE STATIC AI SUSGEN TROJANX TSCOPE UNSAFE XPACK ZENPAK ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Dridex.e1762735 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Kingsoft 20201211 2017.9.26.565
McAfee Drixed-FIY!C654B38C47CC 20201211 6.0.6.653
Tencent Malware.Win32.Gencirc.11a5ff14 20201211 1.0.0.1
Avast Win32:TrojanX-gen [Trj] 20201210 21.1.5827.0
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .rdar
One or more processes crashed (50 out of 65536 个事件)
Time & API Arguments Status Return Repeated
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0x144e1 @ 0x100144e1
c654b38c47cc16248ae712947d6dd4aa+0x250e @ 0x1000250e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637808
registers.edi: 260
registers.eax: 2010505254
registers.ebp: 1638240
registers.edx: 129161
registers.ebx: 4083652503
registers.esi: 0
registers.ecx: 2010505254
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0xbf7b @ 0x1000bf7b
c654b38c47cc16248ae712947d6dd4aa+0x13d5a @ 0x10013d5a
c654b38c47cc16248ae712947d6dd4aa+0x144e1 @ 0x100144e1
c654b38c47cc16248ae712947d6dd4aa+0x250e @ 0x1000250e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637768
registers.edi: 128
registers.eax: 2010505254
registers.ebp: 1637804
registers.edx: 0
registers.ebx: 64
registers.esi: 38864848
registers.ecx: 128
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0xbf7b @ 0x1000bf7b
c654b38c47cc16248ae712947d6dd4aa+0x13d5a @ 0x10013d5a
c654b38c47cc16248ae712947d6dd4aa+0x144e1 @ 0x100144e1
c654b38c47cc16248ae712947d6dd4aa+0x250e @ 0x1000250e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637768
registers.edi: 128
registers.eax: 2010505254
registers.ebp: 1637804
registers.edx: 0
registers.ebx: 64
registers.esi: 38864864
registers.ecx: 128
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0xbf7b @ 0x1000bf7b
c654b38c47cc16248ae712947d6dd4aa+0x13d5a @ 0x10013d5a
c654b38c47cc16248ae712947d6dd4aa+0x144e1 @ 0x100144e1
c654b38c47cc16248ae712947d6dd4aa+0x250e @ 0x1000250e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637768
registers.edi: 128
registers.eax: 2010505254
registers.ebp: 1637804
registers.edx: 0
registers.ebx: 64
registers.esi: 38864880
registers.ecx: 128
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0xbf7b @ 0x1000bf7b
c654b38c47cc16248ae712947d6dd4aa+0x13d5a @ 0x10013d5a
c654b38c47cc16248ae712947d6dd4aa+0x144e1 @ 0x100144e1
c654b38c47cc16248ae712947d6dd4aa+0x250e @ 0x1000250e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637768
registers.edi: 128
registers.eax: 2010505254
registers.ebp: 1637804
registers.edx: 0
registers.ebx: 64
registers.esi: 38864896
registers.ecx: 128
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0xbf7b @ 0x1000bf7b
c654b38c47cc16248ae712947d6dd4aa+0x13d5a @ 0x10013d5a
c654b38c47cc16248ae712947d6dd4aa+0x144e1 @ 0x100144e1
c654b38c47cc16248ae712947d6dd4aa+0x250e @ 0x1000250e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637768
registers.edi: 128
registers.eax: 2010505254
registers.ebp: 1637804
registers.edx: 0
registers.ebx: 64
registers.esi: 38864912
registers.ecx: 128
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0xbf7b @ 0x1000bf7b
c654b38c47cc16248ae712947d6dd4aa+0x13d5a @ 0x10013d5a
c654b38c47cc16248ae712947d6dd4aa+0x144e1 @ 0x100144e1
c654b38c47cc16248ae712947d6dd4aa+0x250e @ 0x1000250e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637768
registers.edi: 128
registers.eax: 2010505254
registers.ebp: 1637804
registers.edx: 0
registers.ebx: 64
registers.esi: 38864928
registers.ecx: 128
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0xbf7b @ 0x1000bf7b
c654b38c47cc16248ae712947d6dd4aa+0x13d5a @ 0x10013d5a
c654b38c47cc16248ae712947d6dd4aa+0x144e1 @ 0x100144e1
c654b38c47cc16248ae712947d6dd4aa+0x250e @ 0x1000250e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637768
registers.edi: 128
registers.eax: 2010505254
registers.ebp: 1637804
registers.edx: 0
registers.ebx: 64
registers.esi: 38864944
registers.ecx: 128
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0xbf7b @ 0x1000bf7b
c654b38c47cc16248ae712947d6dd4aa+0x13d5a @ 0x10013d5a
c654b38c47cc16248ae712947d6dd4aa+0x144e1 @ 0x100144e1
c654b38c47cc16248ae712947d6dd4aa+0x250e @ 0x1000250e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637768
registers.edi: 128
registers.eax: 2010505254
registers.ebp: 1637804
registers.edx: 0
registers.ebx: 64
registers.esi: 38864960
registers.ecx: 128
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0xbf7b @ 0x1000bf7b
c654b38c47cc16248ae712947d6dd4aa+0x13d5a @ 0x10013d5a
c654b38c47cc16248ae712947d6dd4aa+0x144e1 @ 0x100144e1
c654b38c47cc16248ae712947d6dd4aa+0x250e @ 0x1000250e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637768
registers.edi: 128
registers.eax: 2010505254
registers.ebp: 1637804
registers.edx: 0
registers.ebx: 64
registers.esi: 38864976
registers.ecx: 128
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0xbf7b @ 0x1000bf7b
c654b38c47cc16248ae712947d6dd4aa+0x13d5a @ 0x10013d5a
c654b38c47cc16248ae712947d6dd4aa+0x144e1 @ 0x100144e1
c654b38c47cc16248ae712947d6dd4aa+0x250e @ 0x1000250e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637768
registers.edi: 128
registers.eax: 2010505254
registers.ebp: 1637804
registers.edx: 0
registers.ebx: 64
registers.esi: 38864992
registers.ecx: 128
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0xbf7b @ 0x1000bf7b
c654b38c47cc16248ae712947d6dd4aa+0x13d5a @ 0x10013d5a
c654b38c47cc16248ae712947d6dd4aa+0x144e1 @ 0x100144e1
c654b38c47cc16248ae712947d6dd4aa+0x250e @ 0x1000250e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637768
registers.edi: 128
registers.eax: 2010505254
registers.ebp: 1637804
registers.edx: 0
registers.ebx: 64
registers.esi: 38865008
registers.ecx: 128
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0xbf7b @ 0x1000bf7b
c654b38c47cc16248ae712947d6dd4aa+0x13d5a @ 0x10013d5a
c654b38c47cc16248ae712947d6dd4aa+0x144e1 @ 0x100144e1
c654b38c47cc16248ae712947d6dd4aa+0x250e @ 0x1000250e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637768
registers.edi: 128
registers.eax: 2010505254
registers.ebp: 1637804
registers.edx: 0
registers.ebx: 64
registers.esi: 38865024
registers.ecx: 128
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0xbf7b @ 0x1000bf7b
c654b38c47cc16248ae712947d6dd4aa+0x13d5a @ 0x10013d5a
c654b38c47cc16248ae712947d6dd4aa+0x144e1 @ 0x100144e1
c654b38c47cc16248ae712947d6dd4aa+0x250e @ 0x1000250e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637768
registers.edi: 128
registers.eax: 2010505254
registers.ebp: 1637804
registers.edx: 0
registers.ebx: 64
registers.esi: 38865040
registers.ecx: 128
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0xbf7b @ 0x1000bf7b
c654b38c47cc16248ae712947d6dd4aa+0x13d5a @ 0x10013d5a
c654b38c47cc16248ae712947d6dd4aa+0x144e1 @ 0x100144e1
c654b38c47cc16248ae712947d6dd4aa+0x250e @ 0x1000250e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637768
registers.edi: 128
registers.eax: 2010505254
registers.ebp: 1637804
registers.edx: 0
registers.ebx: 64
registers.esi: 38865056
registers.ecx: 128
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0xbf7b @ 0x1000bf7b
c654b38c47cc16248ae712947d6dd4aa+0x13d5a @ 0x10013d5a
c654b38c47cc16248ae712947d6dd4aa+0x144e1 @ 0x100144e1
c654b38c47cc16248ae712947d6dd4aa+0x250e @ 0x1000250e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637768
registers.edi: 128
registers.eax: 2010505254
registers.ebp: 1637804
registers.edx: 0
registers.ebx: 64
registers.esi: 38865072
registers.ecx: 128
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0xbf7b @ 0x1000bf7b
c654b38c47cc16248ae712947d6dd4aa+0x13d5a @ 0x10013d5a
c654b38c47cc16248ae712947d6dd4aa+0x144e1 @ 0x100144e1
c654b38c47cc16248ae712947d6dd4aa+0x250e @ 0x1000250e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637768
registers.edi: 128
registers.eax: 2010505254
registers.ebp: 1637804
registers.edx: 0
registers.ebx: 64
registers.esi: 38865088
registers.ecx: 128
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0x1429b @ 0x1001429b
c654b38c47cc16248ae712947d6dd4aa+0x250e @ 0x1000250e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637024
registers.edi: 1024
registers.eax: 2010505254
registers.ebp: 1638084
registers.edx: 0
registers.ebx: 1638104
registers.esi: 23
registers.ecx: 1024
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0x250e @ 0x1000250e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638068
registers.edi: 388
registers.eax: 2010505254
registers.ebp: 1638256
registers.edx: 0
registers.ebx: 1983119360
registers.esi: 784896
registers.ecx: 388
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0xbeab @ 0x1000beab
c654b38c47cc16248ae712947d6dd4aa+0x143af @ 0x100143af
c654b38c47cc16248ae712947d6dd4aa+0x250e @ 0x1000250e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638028
registers.edi: 64
registers.eax: 2010505254
registers.ebp: 1638064
registers.edx: 0
registers.ebx: 64
registers.esi: 38868328
registers.ecx: 64
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0xbeab @ 0x1000beab
c654b38c47cc16248ae712947d6dd4aa+0x143af @ 0x100143af
c654b38c47cc16248ae712947d6dd4aa+0x250e @ 0x1000250e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638028
registers.edi: 64
registers.eax: 2010505254
registers.ebp: 1638064
registers.edx: 0
registers.ebx: 64
registers.esi: 38868352
registers.ecx: 64
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0xbeab @ 0x1000beab
c654b38c47cc16248ae712947d6dd4aa+0x143af @ 0x100143af
c654b38c47cc16248ae712947d6dd4aa+0x250e @ 0x1000250e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638028
registers.edi: 64
registers.eax: 2010505254
registers.ebp: 1638064
registers.edx: 0
registers.ebx: 64
registers.esi: 38868376
registers.ecx: 64
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0xbeab @ 0x1000beab
c654b38c47cc16248ae712947d6dd4aa+0x143af @ 0x100143af
c654b38c47cc16248ae712947d6dd4aa+0x250e @ 0x1000250e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638028
registers.edi: 64
registers.eax: 2010505254
registers.ebp: 1638064
registers.edx: 0
registers.ebx: 64
registers.esi: 38868400
registers.ecx: 64
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0xbeab @ 0x1000beab
c654b38c47cc16248ae712947d6dd4aa+0x143af @ 0x100143af
c654b38c47cc16248ae712947d6dd4aa+0x250e @ 0x1000250e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638028
registers.edi: 64
registers.eax: 2010505254
registers.ebp: 1638064
registers.edx: 0
registers.ebx: 64
registers.esi: 38868424
registers.ecx: 64
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0xbeab @ 0x1000beab
c654b38c47cc16248ae712947d6dd4aa+0x143af @ 0x100143af
c654b38c47cc16248ae712947d6dd4aa+0x250e @ 0x1000250e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638028
registers.edi: 64
registers.eax: 2010505254
registers.ebp: 1638064
registers.edx: 0
registers.ebx: 64
registers.esi: 38868448
registers.ecx: 64
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0xbeab @ 0x1000beab
c654b38c47cc16248ae712947d6dd4aa+0x143af @ 0x100143af
c654b38c47cc16248ae712947d6dd4aa+0x250e @ 0x1000250e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638028
registers.edi: 64
registers.eax: 2010505254
registers.ebp: 1638064
registers.edx: 0
registers.ebx: 64
registers.esi: 38868472
registers.ecx: 64
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0xbeab @ 0x1000beab
c654b38c47cc16248ae712947d6dd4aa+0x143af @ 0x100143af
c654b38c47cc16248ae712947d6dd4aa+0x250e @ 0x1000250e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638028
registers.edi: 64
registers.eax: 2010505254
registers.ebp: 1638064
registers.edx: 0
registers.ebx: 64
registers.esi: 38868496
registers.ecx: 64
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0xbeab @ 0x1000beab
c654b38c47cc16248ae712947d6dd4aa+0x143af @ 0x100143af
c654b38c47cc16248ae712947d6dd4aa+0x250e @ 0x1000250e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638028
registers.edi: 64
registers.eax: 2010505254
registers.ebp: 1638064
registers.edx: 0
registers.ebx: 64
registers.esi: 38868520
registers.ecx: 64
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0xbeab @ 0x1000beab
c654b38c47cc16248ae712947d6dd4aa+0x143af @ 0x100143af
c654b38c47cc16248ae712947d6dd4aa+0x250e @ 0x1000250e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638028
registers.edi: 64
registers.eax: 2010505254
registers.ebp: 1638064
registers.edx: 0
registers.ebx: 64
registers.esi: 38868544
registers.ecx: 64
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0xbeab @ 0x1000beab
c654b38c47cc16248ae712947d6dd4aa+0x143af @ 0x100143af
c654b38c47cc16248ae712947d6dd4aa+0x250e @ 0x1000250e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638028
registers.edi: 64
registers.eax: 2010505254
registers.ebp: 1638064
registers.edx: 0
registers.ebx: 64
registers.esi: 38868568
registers.ecx: 64
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0xbeab @ 0x1000beab
c654b38c47cc16248ae712947d6dd4aa+0x143af @ 0x100143af
c654b38c47cc16248ae712947d6dd4aa+0x250e @ 0x1000250e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638028
registers.edi: 64
registers.eax: 2010505254
registers.ebp: 1638064
registers.edx: 0
registers.ebx: 64
registers.esi: 38868592
registers.ecx: 64
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0xbeab @ 0x1000beab
c654b38c47cc16248ae712947d6dd4aa+0x143af @ 0x100143af
c654b38c47cc16248ae712947d6dd4aa+0x250e @ 0x1000250e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638028
registers.edi: 64
registers.eax: 2010505254
registers.ebp: 1638064
registers.edx: 0
registers.ebx: 64
registers.esi: 38868616
registers.ecx: 64
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0xbeab @ 0x1000beab
c654b38c47cc16248ae712947d6dd4aa+0x143af @ 0x100143af
c654b38c47cc16248ae712947d6dd4aa+0x250e @ 0x1000250e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638028
registers.edi: 64
registers.eax: 2010505254
registers.ebp: 1638064
registers.edx: 0
registers.ebx: 64
registers.esi: 38868640
registers.ecx: 64
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0xbeab @ 0x1000beab
c654b38c47cc16248ae712947d6dd4aa+0x143af @ 0x100143af
c654b38c47cc16248ae712947d6dd4aa+0x250e @ 0x1000250e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638028
registers.edi: 64
registers.eax: 2010505254
registers.ebp: 1638064
registers.edx: 0
registers.ebx: 64
registers.esi: 38868664
registers.ecx: 64
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0xbeab @ 0x1000beab
c654b38c47cc16248ae712947d6dd4aa+0x143af @ 0x100143af
c654b38c47cc16248ae712947d6dd4aa+0x250e @ 0x1000250e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638028
registers.edi: 64
registers.eax: 2010505254
registers.ebp: 1638064
registers.edx: 0
registers.ebx: 64
registers.esi: 38868688
registers.ecx: 64
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0x25bb @ 0x100025bb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637796
registers.edi: 0
registers.eax: 1983867560
registers.ebp: 1638264
registers.edx: 1637477
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 1983867560
exception.instruction_r: cc c3 c7 05 95 a1 02 10 00 00 00 00 c7 05 8d a1
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0x262d
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 9773
exception.address: 0x1000262d
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0x216b7 @ 0x100216b7
c654b38c47cc16248ae712947d6dd4aa+0xe15b @ 0x1000e15b
c654b38c47cc16248ae712947d6dd4aa+0x267b @ 0x1000267b
c654b38c47cc16248ae712947d6dd4aa+0x25bb @ 0x100025bb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637696
registers.edi: 4
registers.eax: 1985273620
registers.ebp: 1637728
registers.edx: 1637463
registers.ebx: 1637744
registers.esi: 0
registers.ecx: 1637724
exception.instruction_r: cc c3 85 c0 75 09 e8 22 23 ff ff 85 c0 75 44 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0x21713
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 136979
exception.address: 0x10021713
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0x216b7 @ 0x100216b7
c654b38c47cc16248ae712947d6dd4aa+0xe15b @ 0x1000e15b
c654b38c47cc16248ae712947d6dd4aa+0x267b @ 0x1000267b
c654b38c47cc16248ae712947d6dd4aa+0x25bb @ 0x100025bb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637700
registers.edi: 4
registers.eax: 1985273800
registers.ebp: 1637728
registers.edx: 1637485
registers.ebx: 1637744
registers.esi: 3456696
registers.ecx: 1985273800
exception.instruction_r: cc c3 85 f6 74 1d 83 fe ff 74 18 68 47 fe ac c2
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0x2173c
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 137020
exception.address: 0x1002173c
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0x216b7 @ 0x100216b7
c654b38c47cc16248ae712947d6dd4aa+0xe15b @ 0x1000e15b
c654b38c47cc16248ae712947d6dd4aa+0x267b @ 0x1000267b
c654b38c47cc16248ae712947d6dd4aa+0x25bb @ 0x100025bb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637704
registers.edi: 4
registers.eax: 1985274148
registers.ebp: 1637728
registers.edx: 1637492
registers.ebx: 1637744
registers.esi: 3456696
registers.ecx: 1985274148
exception.instruction_r: cc c3 5e 5f 5b 8b e5 5d c3 57 6a 00 53 e8 91 9e
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0x2175d
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 137053
exception.address: 0x1002175d
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0xe17f @ 0x1000e17f
c654b38c47cc16248ae712947d6dd4aa+0x267b @ 0x1000267b
c654b38c47cc16248ae712947d6dd4aa+0x25bb @ 0x100025bb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637708
registers.edi: 64
registers.eax: 2010505254
registers.ebp: 1637744
registers.edx: 38868328
registers.ebx: 64
registers.esi: 1638204
registers.ecx: 64
exception.instruction_r: cc c3 5f c3 33 c0 5f c3 cc cc cc cc cc cc cc 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0xb251
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 45649
exception.address: 0x1000b251
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0x216b7 @ 0x100216b7
c654b38c47cc16248ae712947d6dd4aa+0xe19c @ 0x1000e19c
c654b38c47cc16248ae712947d6dd4aa+0x267b @ 0x1000267b
c654b38c47cc16248ae712947d6dd4aa+0x25bb @ 0x100025bb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637696
registers.edi: 4
registers.eax: 1985273620
registers.ebp: 1637728
registers.edx: 38868328
registers.ebx: 1637744
registers.esi: 0
registers.ecx: 1637724
exception.instruction_r: cc c3 85 c0 75 09 e8 22 23 ff ff 85 c0 75 44 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0x21713
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 136979
exception.address: 0x10021713
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0x216b7 @ 0x100216b7
c654b38c47cc16248ae712947d6dd4aa+0xe19c @ 0x1000e19c
c654b38c47cc16248ae712947d6dd4aa+0x267b @ 0x1000267b
c654b38c47cc16248ae712947d6dd4aa+0x25bb @ 0x100025bb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637700
registers.edi: 4
registers.eax: 1985273800
registers.ebp: 1637728
registers.edx: 38868328
registers.ebx: 1637744
registers.esi: 3457656
registers.ecx: 3
exception.instruction_r: cc c3 85 f6 74 1d 83 fe ff 74 18 68 47 fe ac c2
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0x2173c
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 137020
exception.address: 0x1002173c
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0x216b7 @ 0x100216b7
c654b38c47cc16248ae712947d6dd4aa+0xe19c @ 0x1000e19c
c654b38c47cc16248ae712947d6dd4aa+0x267b @ 0x1000267b
c654b38c47cc16248ae712947d6dd4aa+0x25bb @ 0x100025bb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637704
registers.edi: 4
registers.eax: 1985274148
registers.ebp: 1637728
registers.edx: 38868328
registers.ebx: 1637744
registers.esi: 3457656
registers.ecx: 4
exception.instruction_r: cc c3 5e 5f 5b 8b e5 5d c3 57 6a 00 53 e8 91 9e
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0x2175d
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 137053
exception.address: 0x1002175d
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0x216b7 @ 0x100216b7
c654b38c47cc16248ae712947d6dd4aa+0xe19c @ 0x1000e19c
c654b38c47cc16248ae712947d6dd4aa+0x267b @ 0x1000267b
c654b38c47cc16248ae712947d6dd4aa+0x25bb @ 0x100025bb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637696
registers.edi: 4
registers.eax: 1985273620
registers.ebp: 1637728
registers.edx: 38868328
registers.ebx: 1637744
registers.esi: 0
registers.ecx: 1637724
exception.instruction_r: cc c3 85 c0 75 09 e8 22 23 ff ff 85 c0 75 44 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0x21713
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 136979
exception.address: 0x10021713
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0x216b7 @ 0x100216b7
c654b38c47cc16248ae712947d6dd4aa+0xe19c @ 0x1000e19c
c654b38c47cc16248ae712947d6dd4aa+0x267b @ 0x1000267b
c654b38c47cc16248ae712947d6dd4aa+0x25bb @ 0x100025bb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637700
registers.edi: 4
registers.eax: 1985273800
registers.ebp: 1637728
registers.edx: 38868328
registers.ebx: 1637744
registers.esi: 3457656
registers.ecx: 3
exception.instruction_r: cc c3 85 f6 74 1d 83 fe ff 74 18 68 47 fe ac c2
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0x2173c
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 137020
exception.address: 0x1002173c
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0x216b7 @ 0x100216b7
c654b38c47cc16248ae712947d6dd4aa+0xe19c @ 0x1000e19c
c654b38c47cc16248ae712947d6dd4aa+0x267b @ 0x1000267b
c654b38c47cc16248ae712947d6dd4aa+0x25bb @ 0x100025bb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637704
registers.edi: 4
registers.eax: 1985274148
registers.ebp: 1637728
registers.edx: 38868328
registers.ebx: 1637744
registers.esi: 3457656
registers.ecx: 4
exception.instruction_r: cc c3 5e 5f 5b 8b e5 5d c3 57 6a 00 53 e8 91 9e
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0x2175d
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 137053
exception.address: 0x1002175d
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0x216b7 @ 0x100216b7
c654b38c47cc16248ae712947d6dd4aa+0xe19c @ 0x1000e19c
c654b38c47cc16248ae712947d6dd4aa+0x267b @ 0x1000267b
c654b38c47cc16248ae712947d6dd4aa+0x25bb @ 0x100025bb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637696
registers.edi: 4
registers.eax: 1985273620
registers.ebp: 1637728
registers.edx: 38868328
registers.ebx: 1637744
registers.esi: 0
registers.ecx: 1637724
exception.instruction_r: cc c3 85 c0 75 09 e8 22 23 ff ff 85 c0 75 44 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0x21713
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 136979
exception.address: 0x10021713
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0x216b7 @ 0x100216b7
c654b38c47cc16248ae712947d6dd4aa+0xe19c @ 0x1000e19c
c654b38c47cc16248ae712947d6dd4aa+0x267b @ 0x1000267b
c654b38c47cc16248ae712947d6dd4aa+0x25bb @ 0x100025bb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637700
registers.edi: 4
registers.eax: 1985273800
registers.ebp: 1637728
registers.edx: 38868328
registers.ebx: 1637744
registers.esi: 3457656
registers.ecx: 3
exception.instruction_r: cc c3 85 f6 74 1d 83 fe ff 74 18 68 47 fe ac c2
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0x2173c
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 137020
exception.address: 0x1002173c
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0x216b7 @ 0x100216b7
c654b38c47cc16248ae712947d6dd4aa+0xe19c @ 0x1000e19c
c654b38c47cc16248ae712947d6dd4aa+0x267b @ 0x1000267b
c654b38c47cc16248ae712947d6dd4aa+0x25bb @ 0x100025bb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637704
registers.edi: 4
registers.eax: 1985274148
registers.ebp: 1637728
registers.edx: 38868328
registers.ebx: 1637744
registers.esi: 3457656
registers.ecx: 4
exception.instruction_r: cc c3 5e 5f 5b 8b e5 5d c3 57 6a 00 53 e8 91 9e
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0x2175d
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 137053
exception.address: 0x1002175d
success 0 0
1619906641.625
__exception__
stacktrace: 
c654b38c47cc16248ae712947d6dd4aa+0x216b7 @ 0x100216b7
c654b38c47cc16248ae712947d6dd4aa+0xe19c @ 0x1000e19c
c654b38c47cc16248ae712947d6dd4aa+0x267b @ 0x1000267b
c654b38c47cc16248ae712947d6dd4aa+0x25bb @ 0x100025bb
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637696
registers.edi: 4
registers.eax: 1985273620
registers.ebp: 1637728
registers.edx: 38868328
registers.ebx: 1637744
registers.esi: 0
registers.ecx: 1637724
exception.instruction_r: cc c3 85 c0 75 09 e8 22 23 ff ff 85 c0 75 44 56
exception.symbol: c654b38c47cc16248ae712947d6dd4aa+0x21713
exception.instruction: int3
exception.module: c654b38c47cc16248ae712947d6dd4aa.exe
exception.exception_code: 0x80000003
exception.offset: 136979
exception.address: 0x10021713
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619906641.594
NtAllocateVirtualMemory
process_identifier: 428
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00550000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (3 个事件)
entropy 7.967713265404928 section {'size_of_data': '0x0001d000', 'virtual_address': '0x00005000', 'entropy': 7.967713265404928, 'name': '.rdata', 'virtual_size': '0x0001cb2e'} description A section with a high entropy has been found
entropy 7.846751699982948 section {'size_of_data': '0x00011000', 'virtual_address': '0x00022000', 'entropy': 7.846751699982948, 'name': '.data', 'virtual_size': '0x0001084a'} description A section with a high entropy has been found
entropy 0.8846153846153846 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Tries to unhook Windows functions monitored by Cuckoo (1 个事件)
Time & API Arguments Status Return Repeated
1619906656.344
__anomaly__
subcategory: exception
tid: 2308
message: Encountered 65537 exceptions, quitting.
function_name:
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 172.217.27.142:443
File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
DrWeb Trojan.Dridex.716
MicroWorld-eScan Trojan.GenericKD.34172255
FireEye Generic.mg.c654b38c47cc1624
ALYac Spyware.Banker.Dridex
Cylance Unsafe
Zillya Trojan.Dridex.Win32.1183
Sangfor Malware
K7AntiVirus Trojan ( 005485311 )
Alibaba Trojan:Win32/Dridex.e1762735
K7GW Trojan ( 0056cd241 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.Generic.D2096D5F
BitDefenderTheta Gen:NN.ZexaF.34670.nu0@aCecS8ci
Cyren W32/Kryptik.BQG.gen!Eldorado
Symantec Packed.Generic.553
ESET-NOD32 Win32/Dridex.DD
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Trojan.Win32.Zenpak.vho
BitDefender Trojan.GenericKD.34172255
NANO-Antivirus Virus.Win32.Gen.ccmw
Rising Trojan.Generic@ML.92 (RDMK:7ImdPeK8SxNu+wCH0fZZAw)
Ad-Aware Trojan.GenericKD.34172255
Emsisoft Trojan.GenericKD.34172255 (B)
Comodo Malware@#1w0l62zhz2mx9
F-Secure Trojan.TR/Crypt.XPACK.N
VIPRE LooksLike.Win32.Dridex.e (v)
TrendMicro TROJ_GEN.R007C0DKE20
McAfee-GW-Edition BehavesLike.Win32.Emotet.dc
Sophos Mal/Generic-S + Troj/Agent-BFEA
SentinelOne Static AI - Malicious PE
Jiangmin TrojanDownloader.Cridex.uw
MaxSecure Trojan.Malware.1728101.susgen
Avira TR/Crypt.XPACK.N
Antiy-AVL Trojan[Downloader]/Win32.Cridex
Gridinsoft Trojan.Heur!.02052021
Microsoft Trojan:Win32/Dridex.ARJ!MTB
ZoneAlarm HEUR:Trojan.Win32.Zenpak.vho
GData Trojan.GenericKD.34172255
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Dridex.R345282
Acronis suspicious
McAfee Drixed-FIY!C654B38C47CC
MAX malware (ai score=100)
VBA32 TScope.Malware-Cryptor.SB
Malwarebytes Trojan.MalPack.RND
Panda Trj/GdSda.A
TrendMicro-HouseCall TROJ_GEN.R007C0DKE20
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-07-14 05:53:17

Imports

Library ADVAPI32.dll:
0x10005000 OpenServiceA
0x10005004 SetNamedSecurityInfoW
Library OLEAUT32.dll:
0x1000507c VarDecFromR8
0x10005080 SafeArrayCreateVector
Library pdh.dll:
0x10005108 PdhParseCounterPathW
Library Secur32.dll:
0x100050b0 GetComputerObjectNameW
0x100050b4 DeleteSecurityContext
Library RPCRT4.dll:
Library CFGMGR32.dll:
Library WINSPOOL.DRV:
0x100050f0 AddPrinterW
Library msvcrt.dll:
0x100050f8 strcoll
Library GDI32.dll:
0x10005024 SetViewportOrgEx
0x10005028 CreatePatternBrush
0x1000502c RemoveFontResourceW
Library IPHLPAPI.DLL:
0x10005034 GetTcpStatistics
0x10005038 GetNetworkParams
Library WININET.dll:
Library SHLWAPI.dll:
0x1000509c PathRemoveExtensionA
0x100050a0 UrlGetLocationA
0x100050a4 PathGetArgsW
0x100050a8 SHRegQueryUSValueW
Library USER32.dll:
0x100050bc GetMenuItemInfoA
0x100050c0 UnregisterClassA
0x100050c4 IsCharUpperA
0x100050cc CopyImage
0x100050d0 NotifyWinEvent
0x100050d4 ArrangeIconicWindows
0x100050dc MessageBoxIndirectW
Library MPRAPI.dll:
Library KERNEL32.dll:
0x10005040 EraseTape
0x10005044 TerminateThread
0x10005048 HeapValidate
0x1000504c OpenSemaphoreA
0x10005050 GetLastError
0x10005054 GetModuleFileNameA
0x10005058 LoadLibraryExW
0x1000505c LoadLibraryW
0x10005060 CloseHandle
0x10005064 SetConsoleWindowInfo
0x10005068 GetProcAddress
0x1000506c GetTapePosition
Library CRYPT32.dll:
Library ESENT.dll:
0x1000501c JetCommitTransaction
Library ole32.dll:
Library SETUPAPI.dll:
0x10005094 SetupGetSourceInfoW

Exports

Ordinal Address Name
1 0x10021313 mvbFp6

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49236 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.