4.4
中危
57 个模型检测该样本为恶意!
重新分析
更多

b51e81e44593c2c42ae412b692c46be3c6b1e4ac46c951e708618da5919403d3

cf04ef7185ddf7d7eb50cdda20987b52.exe

分析耗时

82s

最近分析

文件大小

1016.0KB
静态报毒 动态报毒 100% @Y0@AQ0VOROI AGVL AI SCORE=80 AIDETECTVM ATTRIBUTE CONFIDENCE CRYPREN DROPBACK GANDCRAB GDEJ GENCIRC GENERICKD GENERICRXKJ HCZX HIGH CONFIDENCE HIGHCONFIDENCE HPGEN HPZUEI KRYPTIK MALWARE1 MALWARE@#UE597R227H8G OCCAMY POSSIBLE R338459 SCORE UNSAFE YKQNB ZEXAF ZPACK ZPFGUXMORSE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee GenericRXKJ-WO!CF04EF7185DD 20201229 6.0.6.653
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20201229 21.1.5827.0
Alibaba Ransom:Win32/Crypren.ab132864 20190527 0.3.0.5
Tencent Malware.Win32.Gencirc.1167f6d0 20201229 1.0.0.1
Kingsoft 20201229 2017.9.26.565
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1620899818.904
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
The file contains an unknown PE resource name possibly indicative of a packer (2 个事件)
resource name BINDATA
resource name STYLE_XML
One or more processes crashed (50 out of 1728 个事件)
Time & API Arguments Status Return Repeated
1620899817.794
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899819.044
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899819.091
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899819.122
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899819.154
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899819.185
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899819.201
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899819.232
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899819.279
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899819.279
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899819.31
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899819.341
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899819.357
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899819.404
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899819.435
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899819.451
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899819.482
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899819.497
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899819.544
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899819.576
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899819.622
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899819.638
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899819.669
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899819.732
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899819.747
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899819.794
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899819.826
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899819.872
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899819.904
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899819.935
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899819.966
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899820.013
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899820.029
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899820.06
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899820.091
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899820.138
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899820.154
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899820.185
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899820.216
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899820.263
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899820.294
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899820.31
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899820.388
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899820.435
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899820.482
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899820.513
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899820.576
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899820.607
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899820.654
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
1620899820.685
__exception__
stacktrace: 
WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7
pSetupCreateTextLogSectionW+0xa7 pSetupFree-0xf setupapi+0x96c0 @ 0x75a196c0
pSetupMalloc+0x9d pSetupGetGlobalFlags-0x9b setupapi+0x9806 @ 0x75a19806
SetupDiAskForOEMDisk+0x65 SetupDiSelectOEMDrv-0x9e5 setupapi+0x647a8 @ 0x75a747a8
cf04ef7185ddf7d7eb50cdda20987b52+0x7eb4 @ 0x407eb4
cf04ef7185ddf7d7eb50cdda20987b52+0x2e5f @ 0x402e5f
cf04ef7185ddf7d7eb50cdda20987b52+0x5faf @ 0x405faf

registers.esp: 1634160
registers.edi: 1634200
registers.eax: 224
registers.ebp: 1634168
registers.edx: 0
registers.ebx: 1634200
registers.esi: 216
registers.ecx: 2
exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc
exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468
exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140392
exception.address: 0x77d52468
success 0 0
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:1037315353&cup2hreq=97d45fbd9a4d24de8c60396d805e87c7172aa53e867c35e5ebda0b2983ad192b
Performs some HTTP requests (4 个事件)
request HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620870976&mv=m&mvi=1&pl=23&shardbypass=yes
request HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=988fa0212f2ac335&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620870976&mv=m&mvi=3
request POST https://update.googleapis.com/service/update2?cup2key=10:1037315353&cup2hreq=97d45fbd9a4d24de8c60396d805e87c7172aa53e867c35e5ebda0b2983ad192b
Sends data using the HTTP POST Method (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:1037315353&cup2hreq=97d45fbd9a4d24de8c60396d805e87c7172aa53e867c35e5ebda0b2983ad192b
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620899811.747
NtAllocateVirtualMemory
process_identifier: 2760
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00530000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (3 个事件)
entropy 7.279495627068714 section {'size_of_data': '0x00000800', 'virtual_address': '0x000a5000', 'entropy': 7.279495627068714, 'name': '.text', 'virtual_size': '0x000006fc'} description A section with a high entropy has been found
entropy 7.652014401428089 section {'size_of_data': '0x00059a00', 'virtual_address': '0x000a6000', 'entropy': 7.652014401428089, 'name': '.rsrc', 'virtual_size': '0x00059804'} description A section with a high entropy has been found
entropy 0.35517241379310344 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 172.217.24.14
host 203.208.41.33
host 203.208.41.98
File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.43047875
FireEye Generic.mg.cf04ef7185ddf7d7
McAfee GenericRXKJ-WO!CF04EF7185DD
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
K7AntiVirus Trojan ( 005657341 )
BitDefender Trojan.GenericKD.43047875
K7GW Trojan ( 005657341 )
Cybereason malicious.185ddf
Cyren W32/Trojan.GDEJ-5856
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Trojan-gen
Kaspersky Trojan-Ransom.Win32.Crypren.agvl
Alibaba Ransom:Win32/Crypren.ab132864
NANO-Antivirus Trojan.Win32.Crypren.hpzuei
AegisLab Trojan.Win32.Crypren.j!c
Tencent Malware.Win32.Gencirc.1167f6d0
Ad-Aware Trojan.GenericKD.43047875
Sophos Mal/Generic-S
Comodo Malware@#ue597r227h8g
F-Secure Trojan.TR/Crypt.ZPACK.ykqnb
DrWeb BackDoor.Rat.268
TrendMicro Possible_HPGen-38
McAfee-GW-Edition BehavesLike.Win32.Generic.fc
Emsisoft Trojan.GenericKD.43047875 (B)
Ikarus Trojan-Ransom.GandCrab
Jiangmin TrojanDropper.Dropback.eo
Avira TR/Crypt.ZPACK.ykqnb
MAX malware (ai score=80)
Antiy-AVL Trojan[Ransom]/Win32.Crypren
Microsoft Trojan:Win32/Occamy.CB5
Gridinsoft Ransom.Win32.Gen.cc
Arcabit Trojan.Generic.D290DBC3
ZoneAlarm Trojan-Ransom.Win32.Crypren.agvl
GData Trojan.GenericKD.43047875
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Agent.R338459
Acronis suspicious
BitDefenderTheta Gen:NN.ZexaF.34700.@y0@aq0vORoi
ALYac Trojan.GenericKD.43047875
VBA32 TrojanRansom.Crypren
Malwarebytes Trojan.MalPack
Panda Trj/CI.A
ESET-NOD32 a variant of Win32/Kryptik.HCZX
TrendMicro-HouseCall Possible_HPGen-38
Rising Trojan.Kryptik!8.8 (TFE:5:zpfguxMorsE)
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-04-24 04:32:46

Imports

Library KERNEL32.dll:
0x4410a4 GetModuleFileNameW
0x4410a8 GetSystemDirectoryA
0x4410b0 VirtualAlloc
0x4410b4 CancelIoEx
0x4410b8 CreateEventW
0x4410bc Module32FirstW
0x4410c4 Module32NextW
0x4410c8 CloseHandle
0x4410cc GetCurrentProcessId
0x4410d0 lstrcpyA
0x4410dc InitializeSListHead
0x4410e0 SetEndOfFile
0x4410e4 CreateFileW
0x4410e8 WriteConsoleW
0x4410ec SetStdHandle
0x4410f0 OutputDebugStringW
0x441104 ReadConsoleW
0x441108 LoadLibraryExW
0x44110c GetConsoleMode
0x441110 GetConsoleCP
0x441114 FlushFileBuffers
0x441118 SetFilePointerEx
0x44111c GetFileType
0x441120 GetOEMCP
0x441124 GetACP
0x441128 IsValidCodePage
0x44112c CreateThread
0x441130 HeapSize
0x441134 EnumSystemLocalesW
0x441138 GetUserDefaultLCID
0x44113c CreateEventA
0x441140 GetLocaleInfoW
0x441144 LCMapStringW
0x441148 GetModuleHandleW
0x44114c GetStartupInfoW
0x441150 TlsFree
0x441154 TlsSetValue
0x441158 TlsGetValue
0x44115c TlsAlloc
0x441160 TerminateProcess
0x44116c RtlUnwind
0x441170 GetCPInfo
0x441174 GetCommandLineA
0x441178 HeapReAlloc
0x44117c ReadFile
0x441180 AreFileApisANSI
0x441184 GetModuleHandleExW
0x441188 ExitProcess
0x441190 IsDebuggerPresent
0x441194 VirtualQuery
0x441198 GlobalAlloc
0x4411a0 WriteFile
0x4411ac GetProcessHeap
0x4411b0 WaitForSingleObject
0x4411b4 GlobalAddAtomA
0x4411b8 HeapAlloc
0x4411bc lstrlenA
0x4411c0 GetComputerNameA
0x4411c4 LoadLibraryExA
0x4411c8 GetModuleFileNameA
0x4411cc GetProcAddress
0x4411d0 lstrcmpiA
0x4411d4 MultiByteToWideChar
0x4411d8 IsDBCSLeadByte
0x4411dc SizeofResource
0x4411e0 Sleep
0x4411e4 GetCurrentThreadId
0x4411ec DecodePointer
0x4411f4 SetLastError
0x4411f8 GetLastError
0x4411fc RaiseException
0x441208 VirtualProtect
0x44120c GetSystemInfo
0x441210 HeapFree
0x441214 GetStringTypeW
0x441218 EncodePointer
0x44121c WideCharToMultiByte
0x441228 LoadResource
0x44122c FreeLibrary
0x441230 IsValidLocale
0x441234 FindResourceA
0x44123c GetCurrentProcess
0x441240 GetModuleHandleA
0x441244 GetStdHandle
0x441248 VirtualFree
Library USER32.dll:
0x4412e0 UnregisterClassA
0x4412e4 GetWindowLongA
0x4412e8 MonitorFromWindow
0x4412ec SetWindowPos
0x4412f0 ShowWindow
0x4412f4 GetActiveWindow
0x4412f8 SetWindowLongA
0x4412fc GetMonitorInfoA
0x441300 MapWindowPoints
0x441304 DialogBoxParamA
0x441308 GetWindow
0x44130c EndPaint
0x441310 ClientToScreen
0x441314 CloseClipboard
0x441318 EndDialog
0x44131c InsertMenuItemA
0x441320 FillRect
0x441324 LoadBitmapA
0x441328 LoadMenuA
0x44132c CreateMenu
0x441330 SetFocus
0x441334 SendMessageA
0x441338 BeginPaint
0x44133c SetScrollRange
0x441340 GetDC
0x441344 GetForegroundWindow
0x441348 OffsetRect
0x44134c GetWindowTextA
0x441350 TrackPopupMenuEx
0x441354 SetRect
0x441358 MessageBoxA
0x44135c CreateWindowExA
0x441360 ReleaseDC
0x441364 EmptyClipboard
0x441368 GetDlgItem
0x44136c GetCursorPos
0x441370 CreatePopupMenu
0x441374 AppendMenuA
0x441378 IsWindow
0x44137c OpenClipboard
0x441380 UpdateWindow
0x441384 SetClipboardData
0x441388 DestroyMenu
0x44138c GetDialogBaseUnits
0x441390 GetMessageA
0x441394 CreateDialogParamA
0x441398 CharNextA
0x44139c TranslateMessage
0x4413a0 PeekMessageA
0x4413a4 DefWindowProcA
0x4413a8 DispatchMessageA
0x4413ac DestroyWindow
0x4413b0 GetWindowRect
0x4413b4 PostQuitMessage
0x4413b8 GetParent
0x4413bc wsprintfA
0x4413c0 GetClientRect
0x4413c4 ScreenToClient
Library GDI32.dll:
0x441040 GetRegionData
0x441044 GetObjectA
0x441048 SetTextAlign
0x44104c GetTextMetricsA
0x441050 SelectPalette
0x441054 RealizePalette
0x441058 BitBlt
0x44105c CreateFontIndirectA
0x441060 SetBrushOrgEx
0x441064 ExcludeClipRect
0x44106c CreateSolidBrush
0x441070 DeleteObject
0x441074 SelectObject
0x441078 SelectClipRgn
0x44107c CreateCompatibleDC
0x441080 CombineRgn
Library ADVAPI32.dll:
0x441000 RegCreateKeyExA
0x441004 RegQueryInfoKeyW
0x441008 RegDeleteKeyA
0x44100c RegEnumKeyExA
0x441010 RegOpenKeyExA
0x441014 GetUserNameA
0x441018 OpenProcessToken
0x44101c RegCloseKey
0x441020 RegDeleteValueA
0x441024 RegSetValueExA
Library SHELL32.dll:
0x4412c4 SHBindToParent
0x4412c8 SHParseDisplayName
Library ole32.dll:
0x4413d4 CoTaskMemFree
0x4413d8 CoTaskMemRealloc
0x4413dc StringFromCLSID
0x4413e4 CoUninitialize
0x4413e8 CoTaskMemAlloc
0x4413ec CoInitialize
0x4413f0 CoCreateInstance
Library OLEAUT32.dll:
0x44125c VariantInit
0x441260 SafeArrayPtrOfIndex
0x441264 SafeArrayCreate
0x441268 SafeArrayUnlock
0x44126c SafeArrayLock
0x441270 UnRegisterTypeLib
0x441274 LoadTypeLib
0x441278 VarUI4FromStr
0x44127c SysAllocString
Library ODBC32.dll:
0x441250
0x441254
Library SHLWAPI.dll:
0x4412d0 PathRemoveFileSpecW
0x4412d4 ColorRGBToHLS
0x4412d8 StrCmpNIA
Library COMCTL32.dll:
0x441030 ImageList_Add
0x441034 ImageList_Create
Library OPENGL32.dll:
0x441288 wglGetCurrentDC
0x44128c wglGetProcAddress
0x441290 glGetIntegerv
0x441294 glGetString
Library WININET.dll:
0x4413cc InternetOpenA
Library RPCRT4.dll:
0x4412ac UuidToStringW
0x4412b0 UuidCreate
Library IMM32.dll:
0x441088 ImmAssociateContext
0x441094 ImmDestroyContext
0x441098 ImmGetContext
0x44109c ImmCreateContext
Library SETUPAPI.dll:
0x4412bc SetupDeleteErrorA
Library RASAPI32.dll:
0x44129c RasDialA
0x4412a0 RasGetErrorStringA
0x4412a4 RasHangUpA

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49179 113.108.239.194 r1---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49180 113.108.239.196 r3---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49177 203.208.40.98 update.googleapis.com 443
192.168.56.101 49178 203.208.41.65 redirector.gvt1.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 53380 114.114.114.114 53
192.168.56.101 57236 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62912 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: redirector.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=988fa0212f2ac335&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620870976&mv=m&mvi=3 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=988fa0212f2ac335&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620870976&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620870976&mv=m&mvi=1&pl=23&shardbypass=yes 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620870976&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r1---sn-j5o7dn7e.gvt1.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.