7.8
高危
45 个模型检测该样本为恶意!
重新分析
更多

bbe2a604c11442ee74adb7fa17910ca8e5665ab463e4a45b478707faa3a284e4

d149b481ff1994a5d7a3229e1b15ee9b.exe

分析耗时

87s

最近分析

文件大小

3.0MB
静态报毒 动态报毒 100% AI SCORE=88 ARTEMIS ASMVT ATTRIBUTE CERT CONFIDENCE HIGHCONFIDENCE JACARD KCLOUD MALCERT MALWARE@#2EW7FTV3JGTQL PARALLAX PARALLAXRAT PARLRAT R343816 SCORE SUSGEN UHFZ UNSAFE ZENPAK 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!D149B481FF19 20201228 6.0.6.653
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20201228 21.1.5827.0
Alibaba Backdoor:Win32/Parlrat.d2d495cb 20190527 0.3.0.5
Kingsoft Win32.Troj.Undef.(kcloud) 20201228 2017.9.26.565
Tencent 20201228 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619925748.228126
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Checks if process is being debugged by a debugger (1 个事件)
Time & API Arguments Status Return Repeated
1619925747.509126
IsDebuggerPresent
failed 0 0
This executable is signed
The executable contains unknown PE section names indicative of a packer (could be a false positive) (4 个事件)
section CODE
section DATA
section BSS
section .itext
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (50 out of 31897 个事件)
Time & API Arguments Status Return Repeated
1619925691.400001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 135168
registers.eax: 0
registers.ebp: 1638148
registers.edx: 1983904256
registers.ebx: 1983189538
registers.esi: 1983912052
registers.ecx: 0
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.400001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 200704
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.416001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 266240
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.416001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 331776
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.416001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 397312
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.416001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 462848
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.416001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 528384
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.416001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 593920
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.416001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 659456
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.416001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 724992
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.416001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 790528
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.416001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 856064
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.416001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 921600
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.416001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 987136
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.416001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 1052672
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.416001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 1118208
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.416001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 1183744
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.416001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 1249280
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.416001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 1314816
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.416001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 1380352
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.416001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 1445888
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.416001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 1511424
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.416001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 1576960
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.416001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 1708032
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 0
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.416001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 1773568
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.431001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 1839104
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.431001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 1904640
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.431001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 2428928
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 5570625
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.431001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 2494464
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.431001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 2560000
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.431001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 2625536
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.431001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 2691072
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.431001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 3084288
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1987242984
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.431001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 3149824
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.431001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 3280896
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 46776
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.431001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 3477504
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 0
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.431001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 3543040
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.431001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 3608576
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.431001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 3674112
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.431001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 3739648
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.431001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 3805184
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.431001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 4067328
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 0
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.447001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 7409664
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 2504597036
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.447001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 7475200
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.447001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 7671808
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 0
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.447001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 7737344
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.447001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 7802880
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.447001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 7868416
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.447001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 7933952
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
1619925691.447001
__exception__
stacktrace: 
d149b481ff1994a5d7a3229e1b15ee9b+0x2aa354 @ 0x6aa354
0x33f9530
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0c4 @ 0x5ca0c4
d149b481ff1994a5d7a3229e1b15ee9b+0x1ca0b8 @ 0x5ca0b8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 7999488
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638268
exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 e9 15 06 00
exception.symbol: d149b481ff1994a5d7a3229e1b15ee9b+0x2a9f6a
exception.instruction: mov edi, dword ptr [edi]
exception.module: d149b481ff1994a5d7a3229e1b15ee9b.exe
exception.exception_code: 0xc0000005
exception.offset: 2793322
exception.address: 0x6a9f6a
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (4 个事件)
Time & API Arguments Status Return Repeated
1619925690.603001
NtAllocateVirtualMemory
process_identifier: 2128
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e0000
success 0 0
1619925707.213001
NtAllocateVirtualMemory
process_identifier: 2128
region_size: 503808
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x007c0000
success 0 0
1619925707.228001
NtAllocateVirtualMemory
process_identifier: 2128
region_size: 1572864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x03460000
success 0 0
1619925707.275001
NtProtectVirtualMemory
process_identifier: 2128
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619925746.978001
CreateProcessInternalW
thread_identifier: 3036
thread_handle: 0x000002bc
process_identifier: 1124
current_directory:
filepath: C:\Windows\SysWOW64\calc.exe
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\d149b481ff1994a5d7a3229e1b15ee9b.exe"
filepath_r: C:\Windows\SysWOW64\calc.exe
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x000002c0
inherit_handles: 1
success 1 0
The binary likely contains encrypted or compressed data indicative of a packer (3 个事件)
entropy 7.39355215534449 section {'size_of_data': '0x00096a00', 'virtual_address': '0x001ed000', 'entropy': 7.39355215534449, 'name': '.rsrc', 'virtual_size': '0x00097000'} description A section with a high entropy has been found
entropy 7.949869373855414 section {'size_of_data': '0x00026a00', 'virtual_address': '0x00284000', 'entropy': 7.949869373855414, 'name': '.tls', 'virtual_size': '0x00027000'} description A section with a high entropy has been found
entropy 0.2508699254349627 description Overall entropy of this PE file is high
Repeatedly searches for a not-found process, you may want to run a web browser during analysis (19 个事件)
Time & API Arguments Status Return Repeated
1619925707.509001
Process32NextW
process_name: d149b481ff1994a5d7a3229e1b15ee9b.exe
snapshot_handle: 0x000000fc
process_identifier: 2128
failed 0 0
1619925707.681001
Process32NextW
process_name: d149b481ff1994a5d7a3229e1b15ee9b.exe
snapshot_handle: 0x00000100
process_identifier: 2128
failed 0 0
1619925707.853001
Process32NextW
process_name: d149b481ff1994a5d7a3229e1b15ee9b.exe
snapshot_handle: 0x00000104
process_identifier: 2128
failed 0 0
1619925708.009001
Process32NextW
process_name: d149b481ff1994a5d7a3229e1b15ee9b.exe
snapshot_handle: 0x00000108
process_identifier: 2128
failed 0 0
1619925708.213001
Process32NextW
process_name: d149b481ff1994a5d7a3229e1b15ee9b.exe
snapshot_handle: 0x0000010c
process_identifier: 2128
failed 0 0
1619925708.384001
Process32NextW
process_name: d149b481ff1994a5d7a3229e1b15ee9b.exe
snapshot_handle: 0x00000110
process_identifier: 2128
failed 0 0
1619925708.556001
Process32NextW
process_name: d149b481ff1994a5d7a3229e1b15ee9b.exe
snapshot_handle: 0x00000114
process_identifier: 2128
failed 0 0
1619925708.728001
Process32NextW
process_name: d149b481ff1994a5d7a3229e1b15ee9b.exe
snapshot_handle: 0x00000118
process_identifier: 2128
failed 0 0
1619925708.884001
Process32NextW
process_name: d149b481ff1994a5d7a3229e1b15ee9b.exe
snapshot_handle: 0x0000011c
process_identifier: 2128
failed 0 0
1619925709.056001
Process32NextW
process_name: d149b481ff1994a5d7a3229e1b15ee9b.exe
snapshot_handle: 0x00000120
process_identifier: 2128
failed 0 0
1619925709.259001
Process32NextW
process_name: d149b481ff1994a5d7a3229e1b15ee9b.exe
snapshot_handle: 0x00000124
process_identifier: 2128
failed 0 0
1619925709.431001
Process32NextW
process_name: d149b481ff1994a5d7a3229e1b15ee9b.exe
snapshot_handle: 0x00000128
process_identifier: 2128
failed 0 0
1619925709.588001
Process32NextW
process_name: d149b481ff1994a5d7a3229e1b15ee9b.exe
snapshot_handle: 0x0000012c
process_identifier: 2128
failed 0 0
1619925709.791001
Process32NextW
process_name: d149b481ff1994a5d7a3229e1b15ee9b.exe
snapshot_handle: 0x00000130
process_identifier: 2128
failed 0 0
1619925709.963001
Process32NextW
process_name: d149b481ff1994a5d7a3229e1b15ee9b.exe
snapshot_handle: 0x00000134
process_identifier: 2128
failed 0 0
1619925710.119001
Process32NextW
process_name: d149b481ff1994a5d7a3229e1b15ee9b.exe
snapshot_handle: 0x00000138
process_identifier: 2128
failed 0 0
1619925710.322001
Process32NextW
process_name: d149b481ff1994a5d7a3229e1b15ee9b.exe
snapshot_handle: 0x0000013c
process_identifier: 2128
failed 0 0
1619925710.494001
Process32NextW
process_name: d149b481ff1994a5d7a3229e1b15ee9b.exe
snapshot_handle: 0x00000140
process_identifier: 2128
failed 0 0
1619925710.666001
Process32NextW
process_name: d149b481ff1994a5d7a3229e1b15ee9b.exe
snapshot_handle: 0x00000144
process_identifier: 2128
failed 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Allocates execute permission to another process indicative of possible code injection (4 个事件)
Time & API Arguments Status Return Repeated
1619925747.197001
NtAllocateVirtualMemory
process_identifier: 1124
region_size: 147456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002c0
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
success 0 0
1619925747.213001
NtProtectVirtualMemory
process_identifier: 1124
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002c0
base_address: 0x77d4f000
success 0 0
1619925747.228001
NtAllocateVirtualMemory
process_identifier: 1124
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002c0
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000b0000
success 0 0
1619925747.228001
NtAllocateVirtualMemory
process_identifier: 1124
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002c0
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000c0000
success 0 0
Potential code injection by writing to the memory of another process (3 个事件)
Time & API Arguments Status Return Repeated
1619925747.244001
WriteProcessMemory
process_identifier: 1124
buffer: C:\Users\Administrator.Oskar-PC\AppData\Roaming\
process_handle: 0x000002c0
base_address: 0x000c0000
success 1 0
1619925747.244001
WriteProcessMemory
process_identifier: 1124
buffer:
process_handle: 0x000002c0
base_address: 0x004727c8
success 1 0
1619925747.244001
WriteProcessMemory
process_identifier: 1124
buffer: 
process_handle: 0x000002c0
base_address: 0x004727c4
success 1 0
Attempts to remove evidence of file being downloaded from the Internet (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\:Zone.Identifier
Executed a process and injected code into it, probably while unpacking (8 个事件)
Time & API Arguments Status Return Repeated
1619925746.978001
CreateProcessInternalW
thread_identifier: 3036
thread_handle: 0x000002bc
process_identifier: 1124
current_directory:
filepath: C:\Windows\SysWOW64\calc.exe
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\d149b481ff1994a5d7a3229e1b15ee9b.exe"
filepath_r: C:\Windows\SysWOW64\calc.exe
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x000002c0
inherit_handles: 1
success 1 0
1619925746.994001
NtGetContextThread
thread_handle: 0x000002bc
success 0 0
1619925747.197001
NtAllocateVirtualMemory
process_identifier: 1124
region_size: 147456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002c0
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
success 0 0
1619925747.228001
NtAllocateVirtualMemory
process_identifier: 1124
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002c0
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000b0000
success 0 0
1619925747.228001
NtAllocateVirtualMemory
process_identifier: 1124
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002c0
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000c0000
success 0 0
1619925747.244001
WriteProcessMemory
process_identifier: 1124
buffer: C:\Users\Administrator.Oskar-PC\AppData\Roaming\
process_handle: 0x000002c0
base_address: 0x000c0000
success 1 0
1619925747.244001
WriteProcessMemory
process_identifier: 1124
buffer:
process_handle: 0x000002c0
base_address: 0x004727c8
success 1 0
1619925747.244001
WriteProcessMemory
process_identifier: 1124
buffer: 
process_handle: 0x000002c0
base_address: 0x004727c4
success 1 0
File has been identified by 45 AntiVirus engines on VirusTotal as malicious (45 个事件)
MicroWorld-eScan Gen:Variant.Jacard.191456
FireEye Gen:Variant.Jacard.191456
McAfee Artemis!D149B481FF19
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
K7AntiVirus Spyware ( 0055cb2e1 )
BitDefender Gen:Variant.Jacard.191456
K7GW Spyware ( 0055cb2e1 )
Cybereason malicious.1ff199
Cyren W32/Trojan.UHFZ-5847
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Trojan-gen
Kaspersky HEUR:Trojan.Win32.Zenpak.gen
Alibaba Backdoor:Win32/Parlrat.d2d495cb
Ad-Aware Gen:Variant.Jacard.191456
Emsisoft MalCert.A (A)
Comodo Malware@#2ew7ftv3jgtql
F-Secure Trojan.TR/AD.ParallaxRat.asmvt
DrWeb BackDoor.Rat.279
McAfee-GW-Edition Artemis!Trojan
Sophos Mal/Generic-S
Ikarus Trojan-Spy.Agent
Jiangmin Trojan.Zenpak.cja
Webroot W32.Trojan.Gen
Avira TR/AD.ParallaxRat.asmvt
MAX malware (ai score=88)
Antiy-AVL Trojan/Win32.Zenpak
Kingsoft Win32.Troj.Undef.(kcloud)
Microsoft Backdoor:Win32/Parlrat.A!cert
Arcabit Trojan.Jacard.D2EBE0
ZoneAlarm HEUR:Trojan.Win32.Zenpak.gen
GData Gen:Variant.Jacard.191456
Cynet Malicious (score: 85)
AhnLab-V3 Trojan/Win32.Parallax-RAT.R343816
ALYac Backdoor.RAT.Parallax
Malwarebytes Backdoor.Parallax
Panda Trj/CI.A
ESET-NOD32 Win32/Spy.Agent.PVY
MaxSecure Trojan.Malware.73832973.susgen
Fortinet W32/Agent.PVY!tr.spy
AVG Win32:Trojan-gen
Paloalto generic.ml
CrowdStrike win/malicious_confidence_100% (W)
Qihoo-360 Win32/Trojan.716
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x5cf204 VirtualFree
0x5cf208 VirtualAlloc
0x5cf20c LocalFree
0x5cf210 LocalAlloc
0x5cf214 GetTickCount
0x5cf21c GetVersion
0x5cf220 GetCurrentThreadId
0x5cf22c VirtualQuery
0x5cf230 WideCharToMultiByte
0x5cf234 MultiByteToWideChar
0x5cf238 lstrlenA
0x5cf23c lstrcpynA
0x5cf240 LoadLibraryExA
0x5cf244 GetThreadLocale
0x5cf248 GetStartupInfoA
0x5cf24c GetProcAddress
0x5cf250 GetModuleHandleA
0x5cf254 GetModuleFileNameA
0x5cf258 GetLocaleInfoA
0x5cf25c GetCommandLineA
0x5cf260 FreeLibrary
0x5cf264 FindFirstFileA
0x5cf268 FindClose
0x5cf26c ExitProcess
0x5cf270 ExitThread
0x5cf274 CreateThread
0x5cf278 WriteFile
0x5cf280 RtlUnwind
0x5cf284 RaiseException
0x5cf288 GetStdHandle
Library user32.dll:
0x5cf290 GetKeyboardType
0x5cf294 LoadStringA
0x5cf298 MessageBoxA
0x5cf29c CharNextA
Library advapi32.dll:
0x5cf2a4 RegQueryValueExA
0x5cf2a8 RegOpenKeyExA
0x5cf2ac RegCloseKey
Library oleaut32.dll:
0x5cf2b4 SysFreeString
0x5cf2b8 SysReAllocStringLen
0x5cf2bc SysAllocStringLen
Library kernel32.dll:
0x5cf2c4 TlsSetValue
0x5cf2c8 TlsGetValue
0x5cf2cc LocalAlloc
0x5cf2d0 GetModuleHandleA
Library advapi32.dll:
0x5cf2d8 RegSetValueExA
0x5cf2dc RegQueryValueExA
0x5cf2e0 RegQueryInfoKeyA
0x5cf2e4 RegOpenKeyExA
0x5cf2e8 RegFlushKey
0x5cf2ec RegEnumValueA
0x5cf2f0 RegEnumKeyExA
0x5cf2f4 RegDeleteValueA
0x5cf2f8 RegDeleteKeyA
0x5cf2fc RegCreateKeyExA
0x5cf300 RegCloseKey
Library kernel32.dll:
0x5cf308 lstrcpyA
0x5cf30c WriteFile
0x5cf310 WideCharToMultiByte
0x5cf314 WaitForSingleObject
0x5cf318 VirtualQuery
0x5cf31c VirtualAlloc
0x5cf320 Sleep
0x5cf324 SizeofResource
0x5cf328 SetThreadLocale
0x5cf32c SetFilePointer
0x5cf330 SetEvent
0x5cf334 SetErrorMode
0x5cf338 SetEndOfFile
0x5cf33c ResumeThread
0x5cf340 ResetEvent
0x5cf344 ReadFile
0x5cf348 OutputDebugStringA
0x5cf34c MultiByteToWideChar
0x5cf350 MulDiv
0x5cf354 LockResource
0x5cf358 LoadResource
0x5cf35c LoadLibraryA
0x5cf368 GlobalUnlock
0x5cf36c GlobalSize
0x5cf370 GlobalReAlloc
0x5cf374 GlobalHandle
0x5cf378 GlobalLock
0x5cf37c GlobalFree
0x5cf380 GlobalFindAtomA
0x5cf384 GlobalDeleteAtom
0x5cf388 GlobalAlloc
0x5cf38c GlobalAddAtomA
0x5cf390 GetVersionExA
0x5cf394 GetVersion
0x5cf398 GetUserDefaultLCID
0x5cf39c GetTickCount
0x5cf3a0 GetThreadLocale
0x5cf3a4 GetSystemInfo
0x5cf3a8 GetStringTypeExA
0x5cf3ac GetStdHandle
0x5cf3b0 GetProfileStringA
0x5cf3b4 GetProcAddress
0x5cf3b8 GetModuleHandleA
0x5cf3bc GetModuleFileNameA
0x5cf3c0 GetLocaleInfoA
0x5cf3c4 GetLocalTime
0x5cf3c8 GetLastError
0x5cf3cc GetFullPathNameA
0x5cf3d0 GetFileAttributesA
0x5cf3d4 GetExitCodeThread
0x5cf3d8 GetDiskFreeSpaceA
0x5cf3dc GetDateFormatA
0x5cf3e0 GetCurrentThreadId
0x5cf3e4 GetCurrentProcessId
0x5cf3e8 GetCPInfo
0x5cf3ec GetACP
0x5cf3f0 FreeResource
0x5cf3f8 InterlockedExchange
0x5cf400 FreeLibrary
0x5cf404 FormatMessageA
0x5cf408 FoldStringA
0x5cf40c FindResourceA
0x5cf410 FindFirstFileA
0x5cf414 FindClose
0x5cf420 EnumCalendarInfoA
0x5cf42c CreateThread
0x5cf430 CreateFileA
0x5cf434 CreateEventA
0x5cf438 CompareStringW
0x5cf43c CompareStringA
0x5cf440 CloseHandle
Library version.dll:
0x5cf448 VerQueryValueA
0x5cf450 GetFileVersionInfoA
Library gdi32.dll:
0x5cf458 UnrealizeObject
0x5cf45c StretchDIBits
0x5cf460 StretchBlt
0x5cf464 StartPage
0x5cf468 StartDocA
0x5cf46c SetWindowOrgEx
0x5cf470 SetWindowExtEx
0x5cf474 SetWinMetaFileBits
0x5cf478 SetViewportOrgEx
0x5cf47c SetViewportExtEx
0x5cf480 SetTextColor
0x5cf484 SetTextAlign
0x5cf488 SetStretchBltMode
0x5cf48c SetROP2
0x5cf490 SetPixel
0x5cf494 SetMapMode
0x5cf498 SetEnhMetaFileBits
0x5cf49c SetDIBColorTable
0x5cf4a0 SetBrushOrgEx
0x5cf4a4 SetBkMode
0x5cf4a8 SetBkColor
0x5cf4ac SetAbortProc
0x5cf4b0 SelectPalette
0x5cf4b4 SelectObject
0x5cf4b8 SelectClipRgn
0x5cf4bc SaveDC
0x5cf4c0 RoundRect
0x5cf4c4 RestoreDC
0x5cf4c8 Rectangle
0x5cf4cc RectVisible
0x5cf4d0 RealizePalette
0x5cf4d4 PtInRegion
0x5cf4d8 Polyline
0x5cf4dc Polygon
0x5cf4e0 PolyPolyline
0x5cf4e4 PlayEnhMetaFile
0x5cf4e8 PatBlt
0x5cf4ec OffsetRgn
0x5cf4f0 MoveToEx
0x5cf4f4 MaskBlt
0x5cf4f8 LineTo
0x5cf4fc LPtoDP
0x5cf500 IntersectClipRect
0x5cf504 GetWindowOrgEx
0x5cf508 GetWinMetaFileBits
0x5cf50c GetViewportOrgEx
0x5cf510 GetTextMetricsA
0x5cf514 GetTextExtentPointA
0x5cf528 GetStockObject
0x5cf52c GetPixel
0x5cf530 GetPaletteEntries
0x5cf534 GetObjectA
0x5cf538 GetMapMode
0x5cf544 GetEnhMetaFileBits
0x5cf548 GetDeviceCaps
0x5cf54c GetDIBits
0x5cf550 GetDIBColorTable
0x5cf554 GetDCOrgEx
0x5cf55c GetClipRgn
0x5cf560 GetClipBox
0x5cf564 GetBrushOrgEx
0x5cf568 GetBitmapBits
0x5cf56c GdiFlush
0x5cf570 ExtTextOutW
0x5cf574 ExtTextOutA
0x5cf578 ExtFloodFill
0x5cf57c ExtCreatePen
0x5cf580 ExcludeClipRect
0x5cf584 EndPage
0x5cf588 EndDoc
0x5cf58c Ellipse
0x5cf590 DeleteObject
0x5cf594 DeleteEnhMetaFile
0x5cf598 DeleteDC
0x5cf59c DPtoLP
0x5cf5a0 CreateSolidBrush
0x5cf5a4 CreateRectRgn
0x5cf5a8 CreatePolygonRgn
0x5cf5ac CreatePenIndirect
0x5cf5b0 CreatePen
0x5cf5b4 CreatePalette
0x5cf5b8 CreateICA
0x5cf5c0 CreateFontIndirectA
0x5cf5c4 CreateEllipticRgn
0x5cf5c8 CreateDIBitmap
0x5cf5cc CreateDIBSection
0x5cf5d0 CreateDCA
0x5cf5d4 CreateCompatibleDC
0x5cf5dc CreateBrushIndirect
0x5cf5e0 CreateBitmap
0x5cf5e4 CopyEnhMetaFileA
0x5cf5e8 CombineRgn
0x5cf5ec BitBlt
0x5cf5f0 Arc
Library user32.dll:
0x5cf5f8 CreateWindowExW
0x5cf5fc CreateWindowExA
0x5cf600 mouse_event
0x5cf604 WindowFromPoint
0x5cf608 WinHelpA
0x5cf60c WaitMessage
0x5cf610 ValidateRect
0x5cf614 UpdateWindow
0x5cf618 UnregisterClassA
0x5cf61c UnionRect
0x5cf620 UnhookWindowsHookEx
0x5cf624 TranslateMessage
0x5cf62c TrackPopupMenu
0x5cf630 ToAscii
0x5cf638 ShowWindow
0x5cf63c ShowScrollBar
0x5cf640 ShowOwnedPopups
0x5cf644 ShowCursor
0x5cf648 SetWindowRgn
0x5cf64c SetWindowsHookExA
0x5cf650 SetWindowTextW
0x5cf654 SetWindowTextA
0x5cf658 SetWindowPos
0x5cf65c SetWindowPlacement
0x5cf660 SetWindowLongW
0x5cf664 SetWindowLongA
0x5cf668 SetTimer
0x5cf66c SetScrollRange
0x5cf670 SetScrollPos
0x5cf674 SetScrollInfo
0x5cf678 SetRect
0x5cf67c SetPropA
0x5cf680 SetParent
0x5cf684 SetMenuItemInfoA
0x5cf688 SetMenu
0x5cf68c SetKeyboardState
0x5cf690 SetForegroundWindow
0x5cf694 SetFocus
0x5cf698 SetCursor
0x5cf69c SetClipboardData
0x5cf6a0 SetClassLongA
0x5cf6a4 SetCapture
0x5cf6a8 SetActiveWindow
0x5cf6ac SendMessageW
0x5cf6b0 SendMessageA
0x5cf6b4 ScrollWindowEx
0x5cf6b8 ScrollWindow
0x5cf6bc ScreenToClient
0x5cf6c0 RemovePropA
0x5cf6c4 RemoveMenu
0x5cf6c8 ReleaseDC
0x5cf6cc ReleaseCapture
0x5cf6d8 RegisterClassW
0x5cf6dc RegisterClassA
0x5cf6e0 RedrawWindow
0x5cf6e4 PtInRect
0x5cf6e8 PostQuitMessage
0x5cf6ec PostMessageA
0x5cf6f0 PeekMessageA
0x5cf6f4 OpenClipboard
0x5cf6f8 OffsetRect
0x5cf6fc OemToCharA
0x5cf704 MoveWindow
0x5cf708 MessageBoxA
0x5cf70c MessageBeep
0x5cf710 MapWindowPoints
0x5cf714 MapVirtualKeyA
0x5cf718 LoadStringA
0x5cf71c LoadKeyboardLayoutA
0x5cf720 LoadIconA
0x5cf724 LoadCursorA
0x5cf728 LoadBitmapA
0x5cf72c KillTimer
0x5cf730 IsZoomed
0x5cf734 IsWindowVisible
0x5cf738 IsWindowUnicode
0x5cf73c IsWindowEnabled
0x5cf740 IsWindow
0x5cf744 IsRectEmpty
0x5cf748 IsIconic
0x5cf74c IsDialogMessageA
0x5cf754 IsChild
0x5cf758 IsCharAlphaNumericA
0x5cf75c IsCharAlphaA
0x5cf760 InvalidateRect
0x5cf764 IntersectRect
0x5cf768 InsertMenuItemA
0x5cf76c InsertMenuA
0x5cf770 InflateRect
0x5cf774 HideCaret
0x5cf780 GetWindowTextW
0x5cf784 GetWindowTextA
0x5cf788 GetWindowRect
0x5cf78c GetWindowPlacement
0x5cf790 GetWindowLongA
0x5cf794 GetWindowDC
0x5cf798 GetUpdateRect
0x5cf79c GetTopWindow
0x5cf7a0 GetSystemMetrics
0x5cf7a4 GetSystemMenu
0x5cf7a8 GetSysColorBrush
0x5cf7ac GetSysColor
0x5cf7b0 GetSubMenu
0x5cf7b4 GetScrollRange
0x5cf7b8 GetScrollPos
0x5cf7bc GetScrollInfo
0x5cf7c0 GetPropA
0x5cf7c4 GetParent
0x5cf7c8 GetWindow
0x5cf7cc GetMessageTime
0x5cf7d0 GetMenuStringA
0x5cf7d4 GetMenuState
0x5cf7d8 GetMenuItemInfoA
0x5cf7dc GetMenuItemID
0x5cf7e0 GetMenuItemCount
0x5cf7e4 GetMenu
0x5cf7e8 GetLastActivePopup
0x5cf7ec GetKeyboardState
0x5cf7f4 GetKeyboardLayout
0x5cf7f8 GetKeyState
0x5cf7fc GetKeyNameTextA
0x5cf800 GetIconInfo
0x5cf804 GetForegroundWindow
0x5cf808 GetFocus
0x5cf80c GetDoubleClickTime
0x5cf810 GetDesktopWindow
0x5cf814 GetDCEx
0x5cf818 GetDC
0x5cf81c GetCursorPos
0x5cf820 GetCursor
0x5cf824 GetComboBoxInfo
0x5cf828 GetClipboardData
0x5cf82c GetClientRect
0x5cf830 GetClassNameA
0x5cf834 GetClassLongA
0x5cf838 GetClassInfoW
0x5cf83c GetClassInfoA
0x5cf840 GetCaretPos
0x5cf844 GetCapture
0x5cf848 GetAsyncKeyState
0x5cf84c GetActiveWindow
0x5cf850 FrameRect
0x5cf854 FindWindowExA
0x5cf858 FindWindowA
0x5cf85c FillRect
0x5cf860 EqualRect
0x5cf864 EnumWindows
0x5cf868 EnumThreadWindows
0x5cf870 EndPaint
0x5cf874 EndDeferWindowPos
0x5cf878 EnableWindow
0x5cf87c EnableScrollBar
0x5cf880 EnableMenuItem
0x5cf884 EmptyClipboard
0x5cf888 DrawTextExW
0x5cf88c DrawTextExA
0x5cf890 DrawTextW
0x5cf894 DrawTextA
0x5cf898 DrawMenuBar
0x5cf89c DrawIconEx
0x5cf8a0 DrawIcon
0x5cf8a4 DrawFrameControl
0x5cf8a8 DrawFocusRect
0x5cf8ac DrawEdge
0x5cf8b0 DispatchMessageA
0x5cf8b4 DestroyWindow
0x5cf8b8 DestroyMenu
0x5cf8bc DestroyIcon
0x5cf8c0 DestroyCursor
0x5cf8c4 DeleteMenu
0x5cf8c8 DeferWindowPos
0x5cf8cc DefWindowProcW
0x5cf8d0 DefWindowProcA
0x5cf8d4 DefMDIChildProcA
0x5cf8d8 DefFrameProcA
0x5cf8dc CreatePopupMenu
0x5cf8e0 CreateMenu
0x5cf8e4 CreateIcon
0x5cf8e8 CloseClipboard
0x5cf8ec ClientToScreen
0x5cf8f0 CheckMenuItem
0x5cf8f4 CharUpperBuffW
0x5cf8f8 CallWindowProcW
0x5cf8fc CallWindowProcA
0x5cf900 CallNextHookEx
0x5cf904 BringWindowToTop
0x5cf908 BeginPaint
0x5cf90c BeginDeferWindowPos
0x5cf910 CharNextA
0x5cf914 CharLowerBuffA
0x5cf918 CharLowerA
0x5cf91c CharUpperBuffA
0x5cf920 CharToOemA
0x5cf924 AdjustWindowRectEx
Library ole32.dll:
0x5cf930 IsEqualGUID
Library kernel32.dll:
0x5cf938 Sleep
Library oleaut32.dll:
0x5cf940 SafeArrayPtrOfIndex
0x5cf944 SafeArrayGetElement
0x5cf948 SafeArrayGetUBound
0x5cf94c SafeArrayGetLBound
0x5cf950 SafeArrayCreate
0x5cf954 VariantChangeType
0x5cf958 VariantCopy
0x5cf95c VariantClear
0x5cf960 VariantInit
Library ole32.dll:
0x5cf96c DoDragDrop
0x5cf970 RevokeDragDrop
0x5cf974 RegisterDragDrop
0x5cf978 OleUninitialize
0x5cf97c OleInitialize
0x5cf980 CLSIDFromProgID
0x5cf984 CoCreateInstance
0x5cf988 CoUninitialize
0x5cf98c CoInitialize
Library oleaut32.dll:
0x5cf994 GetErrorInfo
0x5cf998 VarDateFromStr
0x5cf99c SysFreeString
Library imm32.dll:
0x5cfa0c ImmReleaseContext
0x5cfa10 ImmGetContext
Library winspool.drv:
0x5cfa18 OpenPrinterA
0x5cfa1c EnumPrintersA
0x5cfa20 DocumentPropertiesA
0x5cfa24 ClosePrinter
Library shell32.dll:
0x5cfa2c ShellExecuteA
0x5cfa30 SHGetFileInfoA
Library advapi32.dll:
Library kernel32.dll:
0x5cfa40 MulDiv

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49178 185.227.82.54 www.firestatedteam.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.