13.8
0-day
51 个模型检测该样本为恶意!
重新分析
更多

cc883ff2da665b29da191f3e5ada7da98810684658676f84dc6275d98f52f151

c718b028581ee91d323ab14a2de31b53.exe

分析耗时

96s

最近分析

文件大小

798.0KB
静态报毒 动态报毒 AGEN AI SCORE=80 ALI2000008 ATTRIBUTE CONFIDENCE FORMBOOK GDSDA GENERICKDZ GENKRYPTIK HAWKEYE HEYE HIGH CONFIDENCE HIGHCONFIDENCE HODWSS KRYPTIK MAHL MALDOC MALWARE@#36XTFFAG2W51V R06EC0DI220 RNDCRYPT SCORE STATIC AI SUSGEN SUSPICIOUS PE TROJANX TSCOPE UNSAFE V0TQK0AJSZQ XMW@A0LR ZEMSILF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Maldoc.ali2000008 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:TrojanX-gen [Trj] 20201229 21.1.5827.0
Kingsoft 20201229 2017.9.26.565
McAfee Packed-GAJ!C718B028581E 20201229 6.0.6.653
Tencent 20201229 1.0.0.1
CrowdStrike win/malicious_confidence_60% (W) 20190702 1.0
静态指标
Queries for the computername (50 out of 204 个事件)
Time & API Arguments Status Return Repeated
1619912770.764499
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912772.155499
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912772.155499
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912773.968499
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912773.983499
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912773.999499
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912777.936499
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912772.671374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912773.046374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912773.046374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912773.968374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912773.983374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912773.999374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912775.374374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912782.921374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912782.952374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912782.952374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912774.483
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912779.358
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912779.374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912779.436
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912779.452
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912779.452
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912779.53
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912782.968
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912782.983
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912782.999
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912776.358125
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912778.499125
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912778.499125
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912779.483125
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912779.483125
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912779.499125
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912779.546125
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912782.936125
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912782.952125
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912782.952125
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912778.233
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912779.358
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912779.374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912779.436
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912779.452
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912779.468
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912779.53
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912782.952
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912782.983
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912782.983
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912781.65575
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912781.73375
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619912781.73375
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Checks if process is being debugged by a debugger (50 out of 106 个事件)
Time & API Arguments Status Return Repeated
1619906567.796125
IsDebuggerPresent
failed 0 0
1619906567.796125
IsDebuggerPresent
failed 0 0
1619912759.202499
IsDebuggerPresent
failed 0 0
1619912759.202499
IsDebuggerPresent
failed 0 0
1619912760.76425
IsDebuggerPresent
failed 0 0
1619912760.76425
IsDebuggerPresent
failed 0 0
1619912762.046374
IsDebuggerPresent
failed 0 0
1619912762.046374
IsDebuggerPresent
failed 0 0
1619912762.718875
IsDebuggerPresent
failed 0 0
1619912762.718875
IsDebuggerPresent
failed 0 0
1619912763.905
IsDebuggerPresent
failed 0 0
1619912763.905
IsDebuggerPresent
failed 0 0
1619912764.499125
IsDebuggerPresent
failed 0 0
1619912764.499125
IsDebuggerPresent
failed 0 0
1619912765.780125
IsDebuggerPresent
failed 0 0
1619912765.780125
IsDebuggerPresent
failed 0 0
1619912766.374125
IsDebuggerPresent
failed 0 0
1619912766.374125
IsDebuggerPresent
failed 0 0
1619912767.686
IsDebuggerPresent
failed 0 0
1619912767.686
IsDebuggerPresent
failed 0 0
1619912769.389875
IsDebuggerPresent
failed 0 0
1619912769.389875
IsDebuggerPresent
failed 0 0
1619912770.65575
IsDebuggerPresent
failed 0 0
1619912770.65575
IsDebuggerPresent
failed 0 0
1619912771.296125
IsDebuggerPresent
failed 0 0
1619912771.296125
IsDebuggerPresent
failed 0 0
1619912772.593875
IsDebuggerPresent
failed 0 0
1619912772.593875
IsDebuggerPresent
failed 0 0
1619912773.218625
IsDebuggerPresent
failed 0 0
1619912773.218625
IsDebuggerPresent
failed 0 0
1619912774.43625
IsDebuggerPresent
failed 0 0
1619912774.43625
IsDebuggerPresent
failed 0 0
1619912775.13925
IsDebuggerPresent
failed 0 0
1619912775.13925
IsDebuggerPresent
failed 0 0
1619912776.327875
IsDebuggerPresent
failed 0 0
1619912776.327875
IsDebuggerPresent
failed 0 0
1619912778.108625
IsDebuggerPresent
failed 0 0
1619912778.108625
IsDebuggerPresent
failed 0 0
1619912780.733125
IsDebuggerPresent
failed 0 0
1619912780.733125
IsDebuggerPresent
failed 0 0
1619912781.639499
IsDebuggerPresent
failed 0 0
1619912781.639499
IsDebuggerPresent
failed 0 0
1619912782.858499
IsDebuggerPresent
failed 0 0
1619912782.858499
IsDebuggerPresent
failed 0 0
1619912783.624499
IsDebuggerPresent
failed 0 0
1619912783.624499
IsDebuggerPresent
failed 0 0
1619912784.843499
IsDebuggerPresent
failed 0 0
1619912784.843499
IsDebuggerPresent
failed 0 0
1619912785.46825
IsDebuggerPresent
failed 0 0
1619912785.46825
IsDebuggerPresent
failed 0 0
Command line console output was observed (50 out of 73 个事件)
Time & API Arguments Status Return Repeated
1619912763.655625
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe
console_handle: 0x00000007
success 1 0
1619912763.671625
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619912763.155125
WriteConsoleW
buffer: Y
console_handle: 0x00000007
success 1 0
1619912765.71825
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe
console_handle: 0x00000007
success 1 0
1619912765.71825
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619912765.62475
WriteConsoleW
buffer: Y
console_handle: 0x00000007
success 1 0
1619912767.561125
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe
console_handle: 0x00000007
success 1 0
1619912767.561125
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619912767.468875
WriteConsoleW
buffer: Y
console_handle: 0x00000007
success 1 0
1619912770.827625
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe
console_handle: 0x00000007
success 1 0
1619912770.827625
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619912769.43625
WriteConsoleW
buffer: Y
console_handle: 0x00000007
success 1 0
1619912772.46825
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe
console_handle: 0x00000007
success 1 0
1619912772.46825
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619912772.343875
WriteConsoleW
buffer: Y
console_handle: 0x00000007
success 1 0
1619912774.124
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe
console_handle: 0x00000007
success 1 0
1619912774.124
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619912774.03
WriteConsoleW
buffer: Y
console_handle: 0x00000007
success 1 0
1619912776.26425
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe
console_handle: 0x00000007
success 1 0
1619912776.26425
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619912776.155
WriteConsoleW
buffer: Y
console_handle: 0x00000007
success 1 0
1619912778.202125
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe
console_handle: 0x00000007
success 1 0
1619912778.202125
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619912778.06125
WriteConsoleW
buffer: Y
console_handle: 0x00000007
success 1 0
1619912780.82725
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe
console_handle: 0x00000007
success 1 0
1619912781.18625
WriteConsoleW
buffer: 另一个程序正在使用此文件,进程无法访问。
console_handle: 0x0000000b
success 1 0
1619912780.74975
WriteConsoleW
buffer: Y
console_handle: 0x00000007
success 1 0
1619912784.09325
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe
console_handle: 0x00000007
success 1 0
1619912784.10825
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619912783.9835
WriteConsoleW
buffer: Y
console_handle: 0x00000007
success 1 0
1619912786.639374
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe
console_handle: 0x00000007
success 1 0
1619912786.639374
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619912786.530374
WriteConsoleW
buffer: Y
console_handle: 0x00000007
success 1 0
1619912788.405374
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe
console_handle: 0x00000007
success 1 0
1619912788.405374
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619912788.31125
WriteConsoleW
buffer: Y
console_handle: 0x00000007
success 1 0
1619912790.99975
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe
console_handle: 0x00000007
success 1 0
1619912790.99975
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619912790.889374
WriteConsoleW
buffer: Y
console_handle: 0x00000007
success 1 0
1619912793.218
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe
console_handle: 0x00000007
success 1 0
1619912793.233
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619912793.108
WriteConsoleW
buffer: Y
console_handle: 0x00000007
success 1 0
1619912796.01425
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe
console_handle: 0x00000007
success 1 0
1619912796.01425
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619912795.905
WriteConsoleW
buffer: Y
console_handle: 0x00000007
success 1 0
1619912797.936374
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe
console_handle: 0x00000007
success 1 0
1619912797.936374
WriteConsoleW
buffer: 另一个程序正在使用此文件,进程无法访问。
console_handle: 0x0000000b
success 1 0
1619912797.82725
WriteConsoleW
buffer: Y
console_handle: 0x00000007
success 1 0
1619912799.905
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe
console_handle: 0x00000007
success 1 0
1619912799.905
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DigitalProductID
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619906567.828125
GlobalMemoryStatusEx
success 1 0
One or more processes crashed (28 个事件)
Time & API Arguments Status Return Repeated
1619912782.218374
__exception__
stacktrace: 
0x7a5452f
0x7a53e76
0x7a534fc
0x7a5335d
0x7a53065
0xaffba8
0x9c7755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3074264
registers.edi: 3074848
registers.eax: 0
registers.ebp: 3074512
registers.edx: 0
registers.ebx: 0
registers.esi: 47437120
registers.ecx: 47494924
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7a5aaa1
success 0 0
1619912805.983374
__exception__
stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77da9e31
IsBadReadPtr+0xcc CreateSemaphoreA-0x31 kernel32+0x3d141 @ 0x7637d141
OleCreateFromData+0x195 NdrProxyForwardingFunction4-0x81f ole32+0xc586d @ 0x767b586d
ObjectStublessClient31+0x886b STGMEDIUM_UserUnmarshal-0x20e43 ole32+0x998db @ 0x767898db
system+0x577bfc @ 0x718e7bfc
system+0x7a0f66 @ 0x6ff60f66
system+0x7a092c @ 0x6ff6092c
system+0x7a058e @ 0x6ff6058e
system+0x79e700 @ 0x6ff5e700
system+0x79d843 @ 0x6ff5d843
system+0x79d8b1 @ 0x6ff5d8b1
0x7fe806e
0x7fe718a
0x7a5034f
system+0x216fb6 @ 0x6f9d6fb6
0x4a5cad
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x775a6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x775a6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x77d4011a
0x7fe6c70
0x7a53141
0xaffba8
0x9c7755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3073416
registers.edi: 6881280
registers.eax: 4294967288
registers.ebp: 3073460
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 6881280
exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77da9e58
success 0 0
1619912782.171
__exception__
stacktrace: 
0x7c93d7f
0x7c936c6
0x7c92d4c
0x7c92bad
0x7c928b5
0xe2ef18
0xc37755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 2289080
registers.edi: 2289664
registers.eax: 0
registers.ebp: 2289328
registers.edx: 0
registers.ebx: 0
registers.esi: 46116260
registers.ecx: 46174064
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7c9a2f1
success 0 0
1619912804.577
__exception__
stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77da9e31
IsBadReadPtr+0xcc CreateSemaphoreA-0x31 kernel32+0x3d141 @ 0x7637d141
OleCreateFromData+0x195 NdrProxyForwardingFunction4-0x81f ole32+0xc586d @ 0x767b586d
ObjectStublessClient31+0x886b STGMEDIUM_UserUnmarshal-0x20e43 ole32+0x998db @ 0x767898db
system+0x577bfc @ 0x718e7bfc
system+0x7a0f66 @ 0x6ff60f66
system+0x7a092c @ 0x6ff6092c
system+0x7a058e @ 0x6ff6058e
system+0x79e700 @ 0x6ff5e700
system+0x79d843 @ 0x6ff5d843
system+0x79d8b1 @ 0x6ff5d8b1
0x7e6773e
0x7e6685a
0xe2f5ef
system+0x216fb6 @ 0x6f9d6fb6
0xc85cad
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x775a6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x775a6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x77d4011a
0x7e66340
0x7c92991
0xe2ef18
0xc37755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 2288232
registers.edi: 8585216
registers.eax: 4294967288
registers.ebp: 2288276
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8585216
exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77da9e58
success 0 0
1619912782.202125
__exception__
stacktrace: 
0x7e13d7f
0x7e136c6
0x7e12d4c
0x7e12bad
0x7e128b5
0xddef18
0xb67755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3337224
registers.edi: 3337808
registers.eax: 0
registers.ebp: 3337472
registers.edx: 0
registers.ebx: 0
registers.esi: 46116260
registers.ecx: 46174064
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7e1a2f1
success 0 0
1619912797.327125
__exception__
stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77da9e31
IsBadReadPtr+0xcc CreateSemaphoreA-0x31 kernel32+0x3d141 @ 0x7637d141
OleCreateFromData+0x195 NdrProxyForwardingFunction4-0x81f ole32+0xc586d @ 0x767b586d
ObjectStublessClient31+0x886b STGMEDIUM_UserUnmarshal-0x20e43 ole32+0x998db @ 0x767898db
system+0x577bfc @ 0x718e7bfc
system+0x7a0f66 @ 0x6ff60f66
system+0x7a092c @ 0x6ff6092c
system+0x7a058e @ 0x6ff6058e
system+0x79e700 @ 0x6ff5e700
system+0x79d843 @ 0x6ff5d843
system+0x79d8b1 @ 0x6ff5d8b1
0x802773e
0x802685a
0xddf5ef
system+0x216fb6 @ 0x6f9d6fb6
0x1165cad
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x775a6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x775a6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x77d4011a
0x8026340
0x7e12991
0xddef18
0xb67755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3336376
registers.edi: 9371648
registers.eax: 4294967288
registers.ebp: 3336420
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 9371648
exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77da9e58
success 0 0
1619912782.186
__exception__
stacktrace: 
0x8113d7f
0x81136c6
0x8112d4c
0x8112bad
0x81128b5
0xf3ef18
0xb97755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3075080
registers.edi: 3075664
registers.eax: 0
registers.ebp: 3075328
registers.edx: 0
registers.ebx: 0
registers.esi: 46116260
registers.ecx: 46174064
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x811a2f1
success 0 0
1619912799.874
__exception__
stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77da9e31
IsBadReadPtr+0xcc CreateSemaphoreA-0x31 kernel32+0x3d141 @ 0x7637d141
OleCreateFromData+0x195 NdrProxyForwardingFunction4-0x81f ole32+0xc586d @ 0x767b586d
ObjectStublessClient31+0x886b STGMEDIUM_UserUnmarshal-0x20e43 ole32+0x998db @ 0x767898db
system+0x577bfc @ 0x718e7bfc
system+0x7a0f66 @ 0x6ff60f66
system+0x7a092c @ 0x6ff6092c
system+0x7a058e @ 0x6ff6058e
system+0x79e700 @ 0x6ff5e700
system+0x79d843 @ 0x6ff5d843
system+0x79d8b1 @ 0x6ff5d8b1
0x830773e
0x830685a
0xf3f5ef
system+0x216fb6 @ 0x6f9d6fb6
0xd05cad
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x775a6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x775a6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x77d4011a
0x8306340
0x8112991
0xf3ef18
0xb97755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3074232
registers.edi: 8978432
registers.eax: 4294967288
registers.ebp: 3074276
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8978432
exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77da9e58
success 0 0
1619912782.32775
__exception__
stacktrace: 
0x7c93d7f
0x7c936c6
0x7c92d4c
0x7c92bad
0x7c928b5
0x10fef18
0xa37755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3861368
registers.edi: 3861952
registers.eax: 0
registers.ebp: 3861616
registers.edx: 0
registers.ebx: 0
registers.esi: 47361444
registers.ecx: 47419248
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7c9a2f1
success 0 0
1619912795.07775
__exception__
stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77da9e31
IsBadReadPtr+0xcc CreateSemaphoreA-0x31 kernel32+0x3d141 @ 0x7637d141
OleCreateFromData+0x195 NdrProxyForwardingFunction4-0x81f ole32+0xc586d @ 0x767b586d
ObjectStublessClient31+0x886b STGMEDIUM_UserUnmarshal-0x20e43 ole32+0x998db @ 0x767898db
system+0x577bfc @ 0x718e7bfc
system+0x7a0f66 @ 0x6ff60f66
system+0x7a092c @ 0x6ff6092c
system+0x7a058e @ 0x6ff6058e
system+0x79e700 @ 0x6ff5e700
system+0x79d843 @ 0x6ff5d843
system+0x79d8b1 @ 0x6ff5d8b1
0x7e6773e
0x7e6685a
0x10ff5ef
system+0x216fb6 @ 0x6f9d6fb6
0xa55cad
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x775a6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x775a6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x77d4011a
0x7e66340
0x7c92991
0x10fef18
0xa37755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3860520
registers.edi: 4980736
registers.eax: 4294967288
registers.ebp: 3860564
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 4980736
exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77da9e58
success 0 0
1619912783.905875
__exception__
stacktrace: 
0x7a53d7f
0x7a536c6
0x7a52d4c
0x7a52bad
0x7a528b5
0xb4ef18
0xaf7af5
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3598488
registers.edi: 3599072
registers.eax: 0
registers.ebp: 3598736
registers.edx: 0
registers.ebx: 0
registers.esi: 48147876
registers.ecx: 48205680
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7a5a2f1
success 0 0
1619912802.561875
__exception__
stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77da9e31
IsBadReadPtr+0xcc CreateSemaphoreA-0x31 kernel32+0x3d141 @ 0x7637d141
OleCreateFromData+0x195 NdrProxyForwardingFunction4-0x81f ole32+0xc586d @ 0x767b586d
ObjectStublessClient31+0x886b STGMEDIUM_UserUnmarshal-0x20e43 ole32+0x998db @ 0x767898db
system+0x577bfc @ 0x718e7bfc
system+0x7a0f66 @ 0x6ff60f66
system+0x7a092c @ 0x6ff6092c
system+0x7a058e @ 0x6ff6058e
system+0x79e700 @ 0x6ff5e700
system+0x79d843 @ 0x6ff5d843
system+0x79d8b1 @ 0x6ff5d8b1
0x7f8773e
0x7f8685a
0xb4f5ef
system+0x216fb6 @ 0x6f9d6fb6
0xbf5cad
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x775a6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x775a6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x77d4011a
0x7f86340
0x7a52991
0xb4ef18
0xaf7af5
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3597640
registers.edi: 8585216
registers.eax: 4294967288
registers.ebp: 3597684
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8585216
exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77da9e58
success 0 0
1619912785.84325
__exception__
stacktrace: 
0x7c93d7f
0x7c936c6
0x7c92d4c
0x7c92bad
0x7c928b5
0xbeef18
0x887755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3337800
registers.edi: 3338384
registers.eax: 0
registers.ebp: 3338048
registers.edx: 0
registers.ebx: 0
registers.esi: 50048420
registers.ecx: 50106224
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7c9a2f1
success 0 0
1619912807.84325
__exception__
stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77da9e31
IsBadReadPtr+0xcc CreateSemaphoreA-0x31 kernel32+0x3d141 @ 0x7637d141
OleCreateFromData+0x195 NdrProxyForwardingFunction4-0x81f ole32+0xc586d @ 0x767b586d
ObjectStublessClient31+0x886b STGMEDIUM_UserUnmarshal-0x20e43 ole32+0x998db @ 0x767898db
system+0x577bfc @ 0x718e7bfc
system+0x7a0f66 @ 0x6ff60f66
system+0x7a092c @ 0x6ff6092c
system+0x7a058e @ 0x6ff6058e
system+0x79e700 @ 0x6ff5e700
system+0x79d843 @ 0x6ff5d843
system+0x79d8b1 @ 0x6ff5d8b1
0x818773e
0x818685a
0xbef5ef
system+0x216fb6 @ 0x6f9d6fb6
0x2e35cad
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x775a6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x775a6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x77d4011a
0x8186340
0x7c92991
0xbeef18
0x887755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3336952
registers.edi: 7536640
registers.eax: 4294967288
registers.ebp: 3336996
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 7536640
exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77da9e58
success 0 0
1619912787.186875
__exception__
stacktrace: 
0x7ad3d7f
0x7ad36c6
0x7ad2d4c
0x7ad2bad
0x7ad28b5
0xa2ef18
0x9d7755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3992264
registers.edi: 3992848
registers.eax: 0
registers.ebp: 3992512
registers.edx: 0
registers.ebx: 0
registers.esi: 48082340
registers.ecx: 48140144
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7ada2f1
success 0 0
1619912810.733875
__exception__
stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77da9e31
IsBadReadPtr+0xcc CreateSemaphoreA-0x31 kernel32+0x3d141 @ 0x7637d141
OleCreateFromData+0x195 NdrProxyForwardingFunction4-0x81f ole32+0xc586d @ 0x767b586d
ObjectStublessClient31+0x886b STGMEDIUM_UserUnmarshal-0x20e43 ole32+0x998db @ 0x767898db
system+0x577bfc @ 0x718e7bfc
system+0x7a0f66 @ 0x6ff60f66
system+0x7a092c @ 0x6ff6092c
system+0x7a058e @ 0x6ff6058e
system+0x79e700 @ 0x6ff5e700
system+0x79d843 @ 0x6ff5d843
system+0x79d8b1 @ 0x6ff5d8b1
0x7dc773e
0x7dc685a
0xa2f5ef
system+0x216fb6 @ 0x6f9d6fb6
0x6b5cad
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x775a6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x775a6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x77d4011a
0x7dc6340
0x7ad2991
0xa2ef18
0x9d7755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3991416
registers.edi: 7274496
registers.eax: 4294967288
registers.ebp: 3991460
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 7274496
exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77da9e58
success 0 0
1619912792.733125
__exception__
stacktrace: 
0x7dd3d7f
0x7dd36c6
0x7dd2d4c
0x7dd2bad
0x7dd28b5
0xa3ef18
0x767755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3731464
registers.edi: 3732048
registers.eax: 0
registers.ebp: 3731712
registers.edx: 0
registers.ebx: 0
registers.esi: 46116260
registers.ecx: 46174064
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7dda2f1
success 0 0
1619912813.311125
__exception__
stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77da9e31
IsBadReadPtr+0xcc CreateSemaphoreA-0x31 kernel32+0x3d141 @ 0x7637d141
OleCreateFromData+0x195 NdrProxyForwardingFunction4-0x81f ole32+0xc586d @ 0x767b586d
ObjectStublessClient31+0x886b STGMEDIUM_UserUnmarshal-0x20e43 ole32+0x998db @ 0x767898db
system+0x577bfc @ 0x718e7bfc
system+0x7a0f66 @ 0x6ff60f66
system+0x7a092c @ 0x6ff6092c
system+0x7a058e @ 0x6ff6058e
system+0x79e700 @ 0x6ff5e700
system+0x79d843 @ 0x6ff5d843
system+0x79d8b1 @ 0x6ff5d8b1
0x804773e
0x804685a
0xa3f5ef
system+0x216fb6 @ 0x6f9d6fb6
0xaa5cad
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x775a6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x775a6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x77d4011a
0x8046340
0x7dd2991
0xa3ef18
0x767755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3730616
registers.edi: 5767168
registers.eax: 4294967288
registers.ebp: 3730660
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 5767168
exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77da9e58
success 0 0
1619912794.124499
__exception__
stacktrace: 
0x7a63d7f
0x7a636c6
0x7a62d4c
0x7a62bad
0x7a628b5
0x279ef18
0x847755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 4123624
registers.edi: 4124208
registers.eax: 0
registers.ebp: 4123872
registers.edx: 0
registers.ebx: 0
registers.esi: 46116260
registers.ecx: 46174064
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7a6a2f1
success 0 0
1619912795.921499
__exception__
stacktrace: 
0x7953d7f
0x79536c6
0x7952d4c
0x7952bad
0x79528b5
0xafef18
0x7c7af5
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3074792
registers.edi: 3075376
registers.eax: 0
registers.ebp: 3075040
registers.edx: 0
registers.ebx: 0
registers.esi: 48868772
registers.ecx: 48926576
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x795a2f1
success 0 0
1619912799.046875
__exception__
stacktrace: 
0x7d13d7f
0x7d136c6
0x7d12d4c
0x7d12bad
0x7d128b5
0xa3ef18
0x7a7755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 2813144
registers.edi: 2813728
registers.eax: 0
registers.ebp: 2813392
registers.edx: 0
registers.ebx: 0
registers.esi: 50507172
registers.ecx: 50564976
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7d1a2f1
success 0 0
1619912800.983125
__exception__
stacktrace: 
0x7cd3d7f
0x7cd36c6
0x7cd2d4c
0x7cd2bad
0x7cd28b5
0xdbef18
0xb57755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3337560
registers.edi: 3338144
registers.eax: 0
registers.ebp: 3337808
registers.edx: 0
registers.ebx: 0
registers.esi: 46116260
registers.ecx: 46174064
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7cda2f1
success 0 0
1619912803.5465
__exception__
stacktrace: 
0x7b93d7f
0x7b936c6
0x7b92d4c
0x7b92bad
0x7b928b5
0x279ef18
0xc07755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3992904
registers.edi: 3993488
registers.eax: 0
registers.ebp: 3993152
registers.edx: 0
registers.ebx: 0
registers.esi: 47033764
registers.ecx: 47091568
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7b9a2f1
success 0 0
1619912805.249625
__exception__
stacktrace: 
0x7b93d7f
0x7b936c6
0x7b92d4c
0x7b92bad
0x7b928b5
0xebef18
0xb37af5
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1437176
registers.edi: 1437760
registers.eax: 0
registers.ebp: 1437424
registers.edx: 0
registers.ebx: 0
registers.esi: 46116260
registers.ecx: 46174064
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7b9a2f1
success 0 0
1619912807.374
__exception__
stacktrace: 
0x7b53d7f
0x7b536c6
0x7b52d4c
0x7b52bad
0x7b528b5
0xc3ef18
0xb57af5
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1699144
registers.edi: 1699728
registers.eax: 0
registers.ebp: 1699392
registers.edx: 0
registers.ebx: 0
registers.esi: 47492516
registers.ecx: 47550320
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7b5a2f1
success 0 0
1619912809.124875
__exception__
stacktrace: 
0x7dd3d7f
0x7dd36c6
0x7dd2d4c
0x7dd2bad
0x7dd28b5
0x104ef18
0xa17755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3992056
registers.edi: 3992640
registers.eax: 0
registers.ebp: 3992304
registers.edx: 0
registers.ebx: 0
registers.esi: 46116260
registers.ecx: 46174064
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7dda2f1
success 0 0
1619912811.09325
__exception__
stacktrace: 
0x7b93d7f
0x7b936c6
0x7b92d4c
0x7b92bad
0x7b928b5
0xdeef18
0xd97755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3076088
registers.edi: 3076672
registers.eax: 0
registers.ebp: 3076336
registers.edx: 0
registers.ebx: 0
registers.esi: 46116260
registers.ecx: 46174064
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7b9a2f1
success 0 0
1619912813.171374
__exception__
stacktrace: 
0x7b13d7f
0x7b136c6
0x7b12d4c
0x7b12bad
0x7b128b5
0x99ef18
0x8c7755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1568600
registers.edi: 1569184
registers.eax: 0
registers.ebp: 1568848
registers.edx: 0
registers.ebx: 0
registers.esi: 46116260
registers.ecx: 46174064
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7b1a2f1
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features GET method with no useragent header suspicious_request GET http://bot.whatismyipaddress.com/
Performs some HTTP requests (1 个事件)
request GET http://bot.whatismyipaddress.com/
Allocates read-write-execute memory (usually to unpack itself) (50 out of 3760 个事件)
Time & API Arguments Status Return Repeated
1619906565.859125
NtAllocateVirtualMemory
process_identifier: 2668
region_size: 655360
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x004a0000
success 0 0
1619906565.859125
NtAllocateVirtualMemory
process_identifier: 2668
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00500000
success 0 0
1619906567.624125
NtAllocateVirtualMemory
process_identifier: 2668
region_size: 786432
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00640000
success 0 0
1619906567.624125
NtAllocateVirtualMemory
process_identifier: 2668
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x006c0000
success 0 0
1619906567.687125
NtProtectVirtualMemory
process_identifier: 2668
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73b91000
success 0 0
1619906567.796125
NtAllocateVirtualMemory
process_identifier: 2668
region_size: 851968
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00860000
success 0 0
1619906567.796125
NtAllocateVirtualMemory
process_identifier: 2668
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x008f0000
success 0 0
1619906567.812125
NtAllocateVirtualMemory
process_identifier: 2668
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0036a000
success 0 0
1619906567.812125
NtProtectVirtualMemory
process_identifier: 2668
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73b92000
success 0 0
1619906567.812125
NtAllocateVirtualMemory
process_identifier: 2668
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00362000
success 0 0
1619906568.062125
NtAllocateVirtualMemory
process_identifier: 2668
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00372000
success 0 0
1619906568.124125
NtAllocateVirtualMemory
process_identifier: 2668
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004a5000
success 0 0
1619906568.124125
NtAllocateVirtualMemory
process_identifier: 2668
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004ab000
success 0 0
1619906568.124125
NtAllocateVirtualMemory
process_identifier: 2668
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004a7000
success 0 0
1619906568.312125
NtAllocateVirtualMemory
process_identifier: 2668
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00373000
success 0 0
1619906568.343125
NtAllocateVirtualMemory
process_identifier: 2668
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0037c000
success 0 0
1619906568.390125
NtAllocateVirtualMemory
process_identifier: 2668
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00690000
success 0 0
1619906568.421125
NtAllocateVirtualMemory
process_identifier: 2668
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00386000
success 0 0
1619906568.437125
NtAllocateVirtualMemory
process_identifier: 2668
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0038a000
success 0 0
1619906568.437125
NtAllocateVirtualMemory
process_identifier: 2668
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00387000
success 0 0
1619906568.499125
NtAllocateVirtualMemory
process_identifier: 2668
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00374000
success 0 0
1619906568.937125
NtAllocateVirtualMemory
process_identifier: 2668
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00375000
success 0 0
1619906568.999125
NtAllocateVirtualMemory
process_identifier: 2668
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00691000
success 0 0
1619906570.234125
NtAllocateVirtualMemory
process_identifier: 2668
region_size: 12288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x006b0000
success 0 0
1619906575.390125
NtAllocateVirtualMemory
process_identifier: 2668
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00692000
success 0 0
1619912759.171499
NtProtectVirtualMemory
process_identifier: 1804
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x74521000
success 0 0
1619912759.171499
NtAllocateVirtualMemory
process_identifier: 1804
region_size: 2293760
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00750000
success 0 0
1619912759.171499
NtAllocateVirtualMemory
process_identifier: 1804
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00940000
success 0 0
1619912759.186499
NtProtectVirtualMemory
process_identifier: 1804
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73b91000
success 0 0
1619912759.186499
NtProtectVirtualMemory
process_identifier: 1804
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73ad1000
success 0 0
1619912759.186499
NtAllocateVirtualMemory
process_identifier: 1804
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x006a0000
success 0 0
1619912759.186499
NtAllocateVirtualMemory
process_identifier: 1804
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x006b0000
success 0 0
1619912759.186499
NtProtectVirtualMemory
process_identifier: 1804
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73b91000
success 0 0
1619912759.202499
NtAllocateVirtualMemory
process_identifier: 1804
region_size: 2293760
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x02aa0000
success 0 0
1619912759.202499
NtAllocateVirtualMemory
process_identifier: 1804
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02c90000
success 0 0
1619912759.202499
NtAllocateVirtualMemory
process_identifier: 1804
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0063a000
success 0 0
1619912759.202499
NtProtectVirtualMemory
process_identifier: 1804
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73b92000
success 0 0
1619912759.202499
NtAllocateVirtualMemory
process_identifier: 1804
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00632000
success 0 0
1619912759.218499
NtAllocateVirtualMemory
process_identifier: 1804
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00642000
success 0 0
1619912759.218499
NtAllocateVirtualMemory
process_identifier: 1804
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x006a5000
success 0 0
1619912759.218499
NtAllocateVirtualMemory
process_identifier: 1804
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x006ab000
success 0 0
1619912759.218499
NtAllocateVirtualMemory
process_identifier: 1804
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x006a7000
success 0 0
1619912759.218499
NtProtectVirtualMemory
process_identifier: 1804
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x74511000
success 0 0
1619912759.218499
NtAllocateVirtualMemory
process_identifier: 1804
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00643000
success 0 0
1619912759.218499
NtAllocateVirtualMemory
process_identifier: 1804
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00644000
success 0 0
1619912759.218499
NtProtectVirtualMemory
process_identifier: 1804
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75061000
success 0 0
1619912759.233499
NtAllocateVirtualMemory
process_identifier: 1804
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0064c000
success 0 0
1619912759.233499
NtAllocateVirtualMemory
process_identifier: 1804
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x008e0000
success 0 0
1619912759.311499
NtAllocateVirtualMemory
process_identifier: 1804
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00645000
success 0 0
1619912759.311499
NtAllocateVirtualMemory
process_identifier: 1804
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x008e1000
success 0 0
Steals private information from local Internet browsers (28 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crowd Deny\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Safe Browsing\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\CertificateRevocation\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\FontLookupTableCache\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\FileTypePolicies\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\hyphen-data\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\GrShaderCache\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\pnacl\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ShaderCache\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\WidevineCdm\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Floc\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\SafetyTips\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ZxcvbnData\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Subresource Filter\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\MEIPreload\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\TLSDeprecationConfig\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\SwReporter\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\AutofillStates\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\OriginTrials\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\RecoveryImproved\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Yandex\YandexBrowser\User Data\
Looks up the external IP address (1 个事件)
domain bot.whatismyipaddress.com
Creates a suspicious process (2 个事件)
cmdline cmd.exe /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe"
cmdline "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe"
Drops a binary and executes it (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe
Drops an executable to the user AppData folder (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe
Executes one or more WMI queries (2 个事件)
wmi SELECT MacAddress FROM Win32_NetworkAdapterConfiguration
wmi SELECT ProcessorId FROM Win32_Processor
A process created a hidden window (26 个事件)
Time & API Arguments Status Return Repeated
1619906575.046125
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619912761.92125
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619912763.843875
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619912765.655125
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619912767.624125
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619912770.514875
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619912772.499125
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619912774.358625
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619912776.24925
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619912780.671625
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619912782.749499
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619912784.749499
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619912787.35825
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619912789.389499
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619912792.139625
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619912794.108625
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619912796.10825
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619912797.983499
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619912799.88925
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619912801.796374
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619912803.749125
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619912805.749875
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619912807.827125
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619912809.874125
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619912811.827875
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619912813.686374
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619912787.139374
GetAdaptersAddresses
flags: 15
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 6.952665404782834 section {'size_of_data': '0x0009c800', 'virtual_address': '0x00002000', 'entropy': 6.952665404782834, 'name': '.text', 'virtual_size': '0x0009c624'} description A section with a high entropy has been found
entropy 0.7849529780564264 description Overall entropy of this PE file is high
Checks for the Locally Unique Identifier on the system for a suspicious privilege (35 个事件)
Time & API Arguments Status Return Repeated
1619906575.296125
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619912761.92125
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619912805.968374
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619912763.843875
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619912804.561
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619912765.655125
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619912797.327125
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619912767.624125
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619912799.874
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619912770.530875
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619912795.01475
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619912772.514125
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619912802.561875
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619912774.358625
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619912807.84325
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619912776.24925
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619912810.733875
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619912780.671625
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619912813.296125
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619912782.749499
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619912784.749499
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619912787.35825
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619912789.389499
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619912792.139625
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619912794.124625
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619912796.12425
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619912797.983499
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619912799.90525
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619912801.811374
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619912803.749125
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619912805.749875
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619912807.827125
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619912809.874125
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619912811.843875
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619912813.686374
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
Terminates another process (50 个事件)
Time & API Arguments Status Return Repeated
1619912761.98325
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000380
failed 0 0
1619912761.98325
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000380
success 0 0
1619912763.921875
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000037c
failed 0 0
1619912763.921875
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000037c
success 0 0
1619912765.749125
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000380
failed 0 0
1619912765.749125
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000380
success 0 0
1619912767.702125
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000037c
failed 0 0
1619912767.702125
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000037c
success 0 0
1619912770.593875
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000380
failed 0 0
1619912770.593875
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000380
success 0 0
1619912772.608125
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000037c
failed 0 0
1619912772.608125
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000037c
success 0 0
1619912774.421625
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000384
failed 0 0
1619912774.421625
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000384
success 0 0
1619912776.34325
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000380
failed 0 0
1619912776.34325
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000380
success 0 0
1619912780.764625
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000384
failed 0 0
1619912780.764625
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000384
success 0 0
1619912782.827499
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000038c
failed 0 0
1619912782.827499
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000038c
success 0 0
1619912784.843499
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000388
failed 0 0
1619912784.843499
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000388
success 0 0
1619912787.45225
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000388
failed 0 0
1619912787.45225
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000388
success 0 0
1619912789.483499
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000384
failed 0 0
1619912789.483499
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000384
success 0 0
1619912792.249625
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000037c
failed 0 0
1619912792.249625
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000037c
success 0 0
1619912794.218625
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000037c
failed 0 0
1619912794.218625
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000037c
success 0 0
1619912796.21825
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000037c
failed 0 0
1619912796.21825
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000037c
success 0 0
1619912798.093499
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000380
failed 0 0
1619912798.093499
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000380
success 0 0
1619912800.04625
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000384
failed 0 0
1619912800.04625
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000384
success 0 0
1619912801.936374
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000038c
failed 0 0
1619912801.936374
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000038c
success 0 0
1619912803.889125
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000374
failed 0 0
1619912803.889125
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000374
success 0 0
1619912805.843875
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000384
failed 0 0
1619912805.843875
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000384
success 0 0
1619912807.936125
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000380
failed 0 0
1619912807.936125
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000380
success 0 0
1619912810.014125
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000037c
failed 0 0
1619912810.014125
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000037c
success 0 0
1619912811.999875
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000384
failed 0 0
1619912811.999875
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000384
success 0 0
1619912813.858374
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000384
failed 0 0
1619912813.858374
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000384
success 0 0
Uses Windows utilities for basic Windows functionality (2 个事件)
cmdline cmd.exe /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe"
cmdline "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c718b028581ee91d323ab14a2de31b53.exe"
Executes one or more WMI queries which can be used to identify virtual machines (2 个事件)
wmi SELECT ProcessorId FROM Win32_Processor
wmi SELECT MacAddress FROM Win32_NetworkAdapterConfiguration
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
A process attempted to delay the analysis task. (1 个事件)
description RegAsm.exe tried to sleep 27284094 seconds, actually delayed analysis time by 27284094 seconds
Manipulates memory of a non-child process indicative of process injection (3 个事件)
Process injection Process 5568 manipulating memory of non-child process 5776
Time & API Arguments Status Return Repeated
1619912801.733374
NtAllocateVirtualMemory
process_identifier: 5776
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x0000020c
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000a0000
success 0 0
1619912801.733374
NtAllocateVirtualMemory
process_identifier: 5776
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x0000020c
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000b0000
success 0 0
Harvests credentials from local email clients (3 个事件)
registry HKEY_CURRENT_USER\Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
registry HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
registry HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Attempts to remove evidence of file being downloaded from the Internet (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\None:Zone.Identifier
File has been identified by 51 AntiVirus engines on VirusTotal as malicious (50 out of 51 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.66666
FireEye Generic.mg.c718b028581ee91d
ALYac Trojan.Agent.HawkEye
Cylance Unsafe
K7AntiVirus Trojan ( 0056081c1 )
Alibaba Trojan:Win32/Maldoc.ali2000008
K7GW Trojan ( 0056081c1 )
Cybereason malicious.8581ee
Arcabit Trojan.Generic.D1046A
BitDefenderTheta Gen:NN.ZemsilF.34700.XmW@a0LR!0ei
Cyren W32/Trojan.MAHL-4929
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:TrojanX-gen [Trj]
Kaspersky HEUR:Trojan-PSW.MSIL.Heye.gen
BitDefender Trojan.GenericKDZ.66666
NANO-Antivirus Trojan.Win32.Heye.hodwss
Paloalto generic.ml
AegisLab Trojan.MSIL.Heye.i!c
Ad-Aware Trojan.GenericKDZ.66666
Emsisoft Trojan.GenericKDZ.66666 (B)
Comodo Malware@#36xtffag2w51v
F-Secure Heuristic.HEUR/AGEN.1116674
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R06EC0DI220
McAfee-GW-Edition BehavesLike.Win32.Generic.bh
Sophos Mal/Generic-S
Ikarus Trojan.MSIL.Inject
eGambit Unsafe.AI_Score_99%
Avira HEUR/AGEN.1116674
Antiy-AVL Trojan[PSW]/MSIL.Heye
Microsoft Trojan:Win32/FormBook.BY!MTB
ZoneAlarm HEUR:Trojan-PSW.MSIL.Heye.gen
GData Trojan.GenericKDZ.66666
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.RL_Generic.C4264567
McAfee Packed-GAJ!C718B028581E
MAX malware (ai score=80)
VBA32 TScope.Trojan.MSIL
Malwarebytes Trojan.RNDCrypt.MSIL.Generic
ESET-NOD32 a variant of MSIL/Kryptik.WBY
TrendMicro-HouseCall TROJ_GEN.R06EC0DI220
Yandex Trojan.GenKryptik!v0tqK0AJszQ
SentinelOne Static AI - Suspicious PE
MaxSecure Trojan.Malware.73711975.susgen
Fortinet MSIL/Kryptik.VCR!tr
AVG Win32:TrojanX-gen [Trj]
Panda Trj/GdSda.A
CrowdStrike win/malicious_confidence_60% (W)
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (12 个事件)
dead_host 192.168.56.101:49277
dead_host 192.168.56.101:49351
dead_host 172.217.27.142:443
dead_host 192.168.56.101:49299
dead_host 192.168.56.101:49320
dead_host 172.217.24.14:443
dead_host 192.168.56.101:49329
dead_host 192.168.56.101:49337
dead_host 192.168.56.101:49270
dead_host 209.99.40.222:587
dead_host 192.168.56.101:49289
dead_host 192.168.56.101:49311
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-04-21 01:03:49

Imports

Library mscoree.dll:
0x402000 _CorExeMain

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49259 66.171.248.178 bot.whatismyipaddress.com 80
192.168.56.101 49266 66.171.248.178 bot.whatismyipaddress.com 80
192.168.56.101 49276 66.171.248.178 bot.whatismyipaddress.com 80
192.168.56.101 49284 66.171.248.178 bot.whatismyipaddress.com 80
192.168.56.101 49296 66.171.248.178 bot.whatismyipaddress.com 80
192.168.56.101 49306 66.171.248.178 bot.whatismyipaddress.com 80
192.168.56.101 49316 66.171.248.178 bot.whatismyipaddress.com 80
192.168.56.101 49326 66.171.248.178 bot.whatismyipaddress.com 80
192.168.56.101 49336 66.171.248.178 bot.whatismyipaddress.com 80
192.168.56.101 49348 66.171.248.178 bot.whatismyipaddress.com 80
192.168.56.101 49359 66.171.248.178 bot.whatismyipaddress.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 57236 114.114.114.114 53
192.168.56.101 60221 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49710 224.0.0.252 5355
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50433 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 53500 224.0.0.252 5355
192.168.56.101 54260 224.0.0.252 5355
192.168.56.101 55169 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://bot.whatismyipaddress.com/ 
GET / HTTP/1.1
Host: bot.whatismyipaddress.com
Connection: Keep-Alive

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.