9.4
极危
44 个模型检测该样本为恶意!
重新分析
更多

67bd0297c3cec70aff4d67aef73ca59618baceef4ee5801cefe7682fa2725ca7

d55b3f24d4351ae2004c792b8a98f82b.exe

分析耗时

90s

最近分析

文件大小

919.5KB
静态报毒 动态报毒 100% 2JL8ASZZDMC 5GW@A40TH7OO AIDETECTVM ARTEMIS ATTRIBUTE CONFIDENCE DKSD GDSDA GUPLYTG8AME HIGH CONFIDENCE HIGHCONFIDENCE MALICIOUS PE MALWARE1 MALWARE@#7NSIU81BBE4S NETWIREDRC OCCAMY PACK POSSIBLETHREAT QBUMZ R06EC0DIA20 REDCAP SCORE STATIC AI UNSAFE XAPARO ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!D55B3F24D435 20201211 6.0.6.653
Alibaba TrojanSpy:Win32/Xaparo.e43e37d3 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20201210 21.1.5827.0
Kingsoft 20201211 2017.9.26.565
Tencent 20201211 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (5 个事件)
Time & API Arguments Status Return Repeated
1619916367.621125
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916369.808125
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916373.011125
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916379.949125
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916382.168125
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Checks if process is being debugged by a debugger (1 个事件)
Time & API Arguments Status Return Repeated
1619916365.824125
IsDebuggerPresent
failed 0 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (50 out of 32222 个事件)
Time & API Arguments Status Return Repeated
1619916324.027
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 135168
registers.eax: 0
registers.ebp: 1638148
registers.edx: 1983904256
registers.ebx: 1983189538
registers.esi: 1983912052
registers.ecx: 0
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.027
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 200704
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.027
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 266240
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.027
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 331776
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.027
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 397312
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.027
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 462848
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.027
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 528384
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.027
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 593920
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.027
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 659456
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.027
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 724992
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.027
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 790528
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.027
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 856064
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.043
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 921600
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.043
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 987136
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.043
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 1052672
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.043
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 1118208
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.043
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 1183744
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.043
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 1249280
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.043
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 1314816
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.043
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 1380352
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.043
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 1445888
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.043
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 1511424
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.058
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 1576960
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.058
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 1708032
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 0
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.058
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 1773568
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.058
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 1839104
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.058
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 1904640
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.074
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 2428928
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 5570625
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.074
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 2494464
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.074
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 2560000
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.074
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 2625536
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.074
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 2691072
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.074
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 3018752
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 2337669003
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.074
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 3084288
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.09
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 3215360
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 46776
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.09
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 3477504
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 0
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.09
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 3805184
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 0
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.09
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 3870720
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.09
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 3936256
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.09
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 4001792
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.09
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 4067328
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.09
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 4132864
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.09
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 5181440
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 994023003
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.09
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 5312512
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 65537
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.09
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 5378048
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.09
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 5443584
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.09
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 5509120
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.09
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 5574656
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.09
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 5640192
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
1619916324.09
__exception__
stacktrace: 
d55b3f24d4351ae2004c792b8a98f82b+0xefadb @ 0x4efadb
0x18ff7c
d55b3f24d4351ae2004c792b8a98f82b+0x84620 @ 0x484620
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638136
registers.edi: 5705728
registers.eax: 0
registers.ebp: 1638148
registers.edx: 2010606285
registers.ebx: 0
registers.esi: 1637012
registers.ecx: 1638228
exception.instruction_r: 8b 3f 5f e9 b9 01 00 00 fe ca fe c2 69 ff 00 1f
exception.symbol: d55b3f24d4351ae2004c792b8a98f82b+0xee097
exception.instruction: mov edi, dword ptr [edi]
exception.module: d55b3f24d4351ae2004c792b8a98f82b.exe
exception.exception_code: 0xc0000005
exception.offset: 974999
exception.address: 0x4ee097
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (4 个事件)
Time & API Arguments Status Return Repeated
1619916322.152
NtAllocateVirtualMemory
process_identifier: 2528
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00350000
success 0 0
1619916348.996
NtAllocateVirtualMemory
process_identifier: 2528
region_size: 503808
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02e90000
success 0 0
1619916349.027
NtAllocateVirtualMemory
process_identifier: 2528
region_size: 1572864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02f10000
success 0 0
1619916349.058
NtProtectVirtualMemory
process_identifier: 2528
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619916365.246
CreateProcessInternalW
thread_identifier: 3008
thread_handle: 0x000002a4
process_identifier: 2548
current_directory:
filepath: C:\Windows\SysWOW64\cmd.exe
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\d55b3f24d4351ae2004c792b8a98f82b.exe"
filepath_r: C:\Windows\SysWOW64\cmd.exe
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x000002a8
inherit_handles: 1
success 1 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (3 个事件)
Repeatedly searches for a not-found process, you may want to run a web browser during analysis (19 个事件)
Time & API Arguments Status Return Repeated
1619916349.34
Process32NextW
process_name: dllhost.exe
snapshot_handle: 0x000000cc
process_identifier: 1436
failed 0 0
1619916349.59
Process32NextW
process_name: d55b3f24d4351ae2004c792b8a98f82b.exe
snapshot_handle: 0x000000d0
process_identifier: 2528
failed 0 0
1619916349.777
Process32NextW
process_name: d55b3f24d4351ae2004c792b8a98f82b.exe
snapshot_handle: 0x000000d4
process_identifier: 2528
failed 0 0
1619916349.98
Process32NextW
process_name: d55b3f24d4351ae2004c792b8a98f82b.exe
snapshot_handle: 0x000000d8
process_identifier: 2528
failed 0 0
1619916350.199
Process32NextW
process_name: d55b3f24d4351ae2004c792b8a98f82b.exe
snapshot_handle: 0x000000dc
process_identifier: 2528
failed 0 0
1619916350.402
Process32NextW
process_name: d55b3f24d4351ae2004c792b8a98f82b.exe
snapshot_handle: 0x000000e0
process_identifier: 2528
failed 0 0
1619916350.574
Process32NextW
process_name: d55b3f24d4351ae2004c792b8a98f82b.exe
snapshot_handle: 0x000000e4
process_identifier: 2528
failed 0 0
1619916350.777
Process32NextW
process_name: d55b3f24d4351ae2004c792b8a98f82b.exe
snapshot_handle: 0x000000e8
process_identifier: 2528
failed 0 0
1619916350.965
Process32NextW
process_name: d55b3f24d4351ae2004c792b8a98f82b.exe
snapshot_handle: 0x000000ec
process_identifier: 2528
failed 0 0
1619916351.183
Process32NextW
process_name: d55b3f24d4351ae2004c792b8a98f82b.exe
snapshot_handle: 0x000000f0
process_identifier: 2528
failed 0 0
1619916351.386
Process32NextW
process_name: d55b3f24d4351ae2004c792b8a98f82b.exe
snapshot_handle: 0x000000f4
process_identifier: 2528
failed 0 0
1619916351.558
Process32NextW
process_name: d55b3f24d4351ae2004c792b8a98f82b.exe
snapshot_handle: 0x000000f8
process_identifier: 2528
failed 0 0
1619916351.793
Process32NextW
process_name: d55b3f24d4351ae2004c792b8a98f82b.exe
snapshot_handle: 0x000000fc
process_identifier: 2528
failed 0 0
1619916352.043
Process32NextW
process_name: d55b3f24d4351ae2004c792b8a98f82b.exe
snapshot_handle: 0x00000100
process_identifier: 2528
failed 0 0
1619916352.261
Process32NextW
process_name: d55b3f24d4351ae2004c792b8a98f82b.exe
snapshot_handle: 0x00000104
process_identifier: 2528
failed 0 0
1619916352.449
Process32NextW
process_name: d55b3f24d4351ae2004c792b8a98f82b.exe
snapshot_handle: 0x00000108
process_identifier: 2528
failed 0 0
1619916352.636
Process32NextW
process_name: d55b3f24d4351ae2004c792b8a98f82b.exe
snapshot_handle: 0x0000010c
process_identifier: 2528
failed 0 0
1619916352.824
Process32NextW
process_name: d55b3f24d4351ae2004c792b8a98f82b.exe
snapshot_handle: 0x00000110
process_identifier: 2528
failed 0 0
1619916353.043
Process32NextW
process_name: d55b3f24d4351ae2004c792b8a98f82b.exe
snapshot_handle: 0x00000114
process_identifier: 2528
failed 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Allocates execute permission to another process indicative of possible code injection (4 个事件)
Time & API Arguments Status Return Repeated
1619916365.449
NtAllocateVirtualMemory
process_identifier: 2548
region_size: 147456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002a8
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
success 0 0
1619916365.465
NtProtectVirtualMemory
process_identifier: 2548
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002a8
base_address: 0x77d4f000
success 0 0
1619916365.465
NtAllocateVirtualMemory
process_identifier: 2548
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002a8
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000b0000
success 0 0
1619916365.48
NtAllocateVirtualMemory
process_identifier: 2548
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002a8
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000c0000
success 0 0
Potential code injection by writing to the memory of another process (3 个事件)
Time & API Arguments Status Return Repeated
1619916365.511
WriteProcessMemory
process_identifier: 2548
buffer: C:\Users\Administrator.Oskar-PC\AppData\Roaming\
process_handle: 0x000002a8
base_address: 0x000c0000
success 1 0
1619916365.511
WriteProcessMemory
process_identifier: 2548
buffer:
process_handle: 0x000002a8
base_address: 0x008727c8
success 1 0
1619916365.511
WriteProcessMemory
process_identifier: 2548
buffer: 
process_handle: 0x000002a8
base_address: 0x008727c4
success 1 0
Attempts to remove evidence of file being downloaded from the Internet (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\:Zone.Identifier
Generates some ICMP traffic
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 172.217.24.14:443
Executed a process and injected code into it, probably while unpacking (8 个事件)
Time & API Arguments Status Return Repeated
1619916365.246
CreateProcessInternalW
thread_identifier: 3008
thread_handle: 0x000002a4
process_identifier: 2548
current_directory:
filepath: C:\Windows\SysWOW64\cmd.exe
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\d55b3f24d4351ae2004c792b8a98f82b.exe"
filepath_r: C:\Windows\SysWOW64\cmd.exe
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x000002a8
inherit_handles: 1
success 1 0
1619916365.246
NtGetContextThread
thread_handle: 0x000002a4
success 0 0
1619916365.449
NtAllocateVirtualMemory
process_identifier: 2548
region_size: 147456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002a8
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
success 0 0
1619916365.465
NtAllocateVirtualMemory
process_identifier: 2548
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002a8
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000b0000
success 0 0
1619916365.48
NtAllocateVirtualMemory
process_identifier: 2548
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002a8
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000c0000
success 0 0
1619916365.511
WriteProcessMemory
process_identifier: 2548
buffer: C:\Users\Administrator.Oskar-PC\AppData\Roaming\
process_handle: 0x000002a8
base_address: 0x000c0000
success 1 0
1619916365.511
WriteProcessMemory
process_identifier: 2548
buffer:
process_handle: 0x000002a8
base_address: 0x008727c8
success 1 0
1619916365.511
WriteProcessMemory
process_identifier: 2548
buffer: 
process_handle: 0x000002a8
base_address: 0x008727c4
success 1 0
File has been identified by 44 AntiVirus engines on VirusTotal as malicious (44 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
McAfee Artemis!D55B3F24D435
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
K7AntiVirus Spyware ( 0055cd6d1 )
Alibaba TrojanSpy:Win32/Xaparo.e43e37d3
K7GW Spyware ( 0055cd6d1 )
Cybereason malicious.36b0ac
Cyren W32/Trojan.DKSD-6898
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Trojan-gen
Kaspersky HEUR:Backdoor.Win32.Xaparo.gen
Paloalto generic.ml
Rising Backdoor.NetWiredRC!8.2AF (TFE:1:2JL8AszZDMC)
Comodo Malware@#7nsiu81bbe4s
F-Secure Backdoor.BDS/Redcap.qbumz
Zillya Trojan.Agent.Win32.1336907
TrendMicro TROJ_GEN.R06EC0DIA20
McAfee-GW-Edition BehavesLike.Win32.Worm.dh
Sophos Mal/Generic-S
SentinelOne Static AI - Malicious PE
Jiangmin Backdoor.Xaparo.ag
Webroot W32.Malware.Gen
Avira BDS/Redcap.qbumz
Antiy-AVL Trojan[Backdoor]/Win32.Xaparo
Gridinsoft Malware.Win32.Pack.14590!se
Microsoft Trojan:Win32/Occamy.AA
ZoneAlarm HEUR:Backdoor.Win32.Xaparo.gen
Cynet Malicious (score: 85)
BitDefenderTheta Gen:NN.ZelphiF.34670.5GW@a40TH7oO
VBA32 Backdoor.Xaparo
Malwarebytes Spyware.KeyLogger
ESET-NOD32 Win32/Spy.Agent.PVY
TrendMicro-HouseCall TROJ_GEN.R06EC0DIA20
Yandex TrojanSpy.Agent!GupLYTg8aME
Ikarus Trojan.SuspectCRC
Fortinet PossibleThreat.MU
AVG Win32:Trojan-gen
Panda Trj/GdSda.A
CrowdStrike win/malicious_confidence_100% (W)
Qihoo-360 Win32/Backdoor.ed6
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x48c150 VirtualFree
0x48c154 VirtualAlloc
0x48c158 LocalFree
0x48c15c LocalAlloc
0x48c160 GetVersion
0x48c164 GetCurrentThreadId
0x48c170 VirtualQuery
0x48c174 WideCharToMultiByte
0x48c178 MultiByteToWideChar
0x48c17c lstrlenA
0x48c180 lstrcpynA
0x48c184 LoadLibraryExA
0x48c188 GetThreadLocale
0x48c18c GetStartupInfoA
0x48c190 GetProcAddress
0x48c194 GetModuleHandleA
0x48c198 GetModuleFileNameA
0x48c19c GetLocaleInfoA
0x48c1a0 GetCommandLineA
0x48c1a4 FreeLibrary
0x48c1a8 FindFirstFileA
0x48c1ac FindClose
0x48c1b0 ExitProcess
0x48c1b4 WriteFile
0x48c1bc RtlUnwind
0x48c1c0 RaiseException
0x48c1c4 GetStdHandle
Library user32.dll:
0x48c1cc GetKeyboardType
0x48c1d0 LoadStringA
0x48c1d4 MessageBoxA
0x48c1d8 CharNextA
Library advapi32.dll:
0x48c1e0 RegQueryValueExA
0x48c1e4 RegOpenKeyExA
0x48c1e8 RegCloseKey
Library oleaut32.dll:
0x48c1f0 SysFreeString
0x48c1f4 SysReAllocStringLen
0x48c1f8 SysAllocStringLen
Library kernel32.dll:
0x48c200 TlsSetValue
0x48c204 TlsGetValue
0x48c208 LocalAlloc
0x48c20c GetModuleHandleA
Library advapi32.dll:
0x48c214 RegSetValueExA
0x48c218 RegQueryValueExA
0x48c21c RegOpenKeyExA
0x48c220 RegFlushKey
0x48c224 RegCreateKeyExA
0x48c228 RegCloseKey
Library kernel32.dll:
0x48c230 lstrcpyA
0x48c238 WriteFile
0x48c23c WaitForSingleObject
0x48c240 VirtualQuery
0x48c244 VirtualAlloc
0x48c248 Sleep
0x48c24c SizeofResource
0x48c250 SetThreadLocale
0x48c254 SetFilePointer
0x48c258 SetEvent
0x48c25c SetErrorMode
0x48c260 SetEndOfFile
0x48c264 ResetEvent
0x48c268 ReadFile
0x48c274 MultiByteToWideChar
0x48c278 MulDiv
0x48c27c LockResource
0x48c280 LoadResource
0x48c284 LoadLibraryA
0x48c290 GlobalUnlock
0x48c294 GlobalReAlloc
0x48c298 GlobalHandle
0x48c29c GlobalLock
0x48c2a0 GlobalFree
0x48c2a4 GlobalFindAtomA
0x48c2a8 GlobalDeleteAtom
0x48c2ac GlobalAlloc
0x48c2b0 GlobalAddAtomA
0x48c2b4 GetVersionExA
0x48c2b8 GetVersion
0x48c2bc GetTickCount
0x48c2c0 GetThreadLocale
0x48c2c4 GetSystemInfo
0x48c2c8 GetStringTypeExA
0x48c2cc GetStdHandle
0x48c2d0 GetProcAddress
0x48c2d8 GetModuleHandleA
0x48c2dc GetModuleFileNameA
0x48c2e0 GetLocaleInfoA
0x48c2e4 GetLocalTime
0x48c2e8 GetLastError
0x48c2ec GetFullPathNameA
0x48c2f0 GetDiskFreeSpaceA
0x48c2f4 GetDateFormatA
0x48c2f8 GetCurrentThreadId
0x48c2fc GetCurrentProcessId
0x48c300 GetCPInfo
0x48c304 GetACP
0x48c308 FreeResource
0x48c30c InterlockedExchange
0x48c310 FreeLibrary
0x48c314 FormatMessageA
0x48c318 FindResourceA
0x48c31c EnumCalendarInfoA
0x48c328 CreateThread
0x48c32c CreateFileA
0x48c330 CreateEventA
0x48c334 CompareStringA
0x48c338 CloseHandle
Library version.dll:
0x48c340 VerQueryValueA
0x48c348 GetFileVersionInfoA
Library gdi32.dll:
0x48c350 UnrealizeObject
0x48c354 StretchBlt
0x48c358 SetWindowOrgEx
0x48c35c SetWinMetaFileBits
0x48c360 SetViewportOrgEx
0x48c364 SetTextColor
0x48c368 SetStretchBltMode
0x48c36c SetROP2
0x48c370 SetPixel
0x48c374 SetMapMode
0x48c378 SetEnhMetaFileBits
0x48c37c SetDIBColorTable
0x48c380 SetBrushOrgEx
0x48c384 SetBkMode
0x48c388 SetBkColor
0x48c38c SelectPalette
0x48c390 SelectObject
0x48c394 SelectClipRgn
0x48c398 SaveDC
0x48c39c RoundRect
0x48c3a0 RestoreDC
0x48c3a4 Rectangle
0x48c3a8 RectVisible
0x48c3ac RealizePalette
0x48c3b0 Polyline
0x48c3b4 PlayEnhMetaFile
0x48c3b8 PatBlt
0x48c3bc MoveToEx
0x48c3c0 MaskBlt
0x48c3c4 LineTo
0x48c3c8 IntersectClipRect
0x48c3cc GetWindowOrgEx
0x48c3d0 GetWinMetaFileBits
0x48c3d4 GetTextMetricsA
0x48c3d8 GetTextExtentPointA
0x48c3e4 GetStockObject
0x48c3e8 GetPixel
0x48c3ec GetPaletteEntries
0x48c3f0 GetObjectA
0x48c3f4 GetMapMode
0x48c400 GetEnhMetaFileBits
0x48c404 GetDeviceCaps
0x48c408 GetDIBits
0x48c40c GetDIBColorTable
0x48c410 GetDCOrgEx
0x48c418 GetClipBox
0x48c41c GetBrushOrgEx
0x48c420 GetBitmapBits
0x48c424 ExtTextOutA
0x48c428 ExcludeClipRect
0x48c42c DeleteObject
0x48c430 DeleteEnhMetaFile
0x48c434 DeleteDC
0x48c438 DPtoLP
0x48c43c CreateSolidBrush
0x48c440 CreateRoundRectRgn
0x48c444 CreateRectRgn
0x48c448 CreatePenIndirect
0x48c44c CreatePalette
0x48c454 CreateFontIndirectA
0x48c458 CreateDIBitmap
0x48c45c CreateDIBSection
0x48c460 CreateCompatibleDC
0x48c468 CreateBrushIndirect
0x48c46c CreateBitmap
0x48c470 CopyEnhMetaFileA
0x48c474 CombineRgn
0x48c478 BitBlt
Library user32.dll:
0x48c480 CreateWindowExA
0x48c484 WindowFromPoint
0x48c488 WinHelpA
0x48c48c WaitMessage
0x48c490 UpdateWindow
0x48c494 UnregisterClassA
0x48c498 UnhookWindowsHookEx
0x48c49c TranslateMessage
0x48c4a4 TrackPopupMenu
0x48c4a8 TrackMouseEvent
0x48c4b0 ShowWindow
0x48c4b4 ShowScrollBar
0x48c4b8 ShowOwnedPopups
0x48c4bc ShowCursor
0x48c4c0 SetWindowsHookExA
0x48c4c4 SetWindowTextA
0x48c4c8 SetWindowPos
0x48c4cc SetWindowPlacement
0x48c4d0 SetWindowLongA
0x48c4d4 SetTimer
0x48c4d8 SetScrollRange
0x48c4dc SetScrollPos
0x48c4e0 SetScrollInfo
0x48c4e4 SetRect
0x48c4e8 SetPropA
0x48c4ec SetParent
0x48c4f0 SetMenuItemInfoA
0x48c4f4 SetMenu
0x48c4f8 SetForegroundWindow
0x48c4fc SetFocus
0x48c500 SetCursor
0x48c504 SetClipboardData
0x48c508 SetClassLongA
0x48c50c SetCapture
0x48c510 SetActiveWindow
0x48c514 SendMessageA
0x48c518 ScrollWindow
0x48c51c ScreenToClient
0x48c520 RemovePropA
0x48c524 RemoveMenu
0x48c528 ReleaseDC
0x48c52c ReleaseCapture
0x48c538 RegisterClassA
0x48c53c RedrawWindow
0x48c540 PtInRect
0x48c544 PostQuitMessage
0x48c548 PostMessageA
0x48c54c PeekMessageA
0x48c550 OpenClipboard
0x48c554 OffsetRect
0x48c558 OemToCharA
0x48c55c MessageBoxA
0x48c560 MessageBeep
0x48c564 MapWindowPoints
0x48c568 MapVirtualKeyA
0x48c56c LoadStringA
0x48c570 LoadKeyboardLayoutA
0x48c574 LoadIconA
0x48c578 LoadCursorA
0x48c57c LoadBitmapA
0x48c580 KillTimer
0x48c584 IsZoomed
0x48c588 IsWindowVisible
0x48c58c IsWindowEnabled
0x48c590 IsWindow
0x48c594 IsRectEmpty
0x48c598 IsIconic
0x48c59c IsDialogMessageA
0x48c5a0 IsChild
0x48c5a4 InvalidateRect
0x48c5a8 IntersectRect
0x48c5ac InsertMenuItemA
0x48c5b0 InsertMenuA
0x48c5b4 InflateRect
0x48c5bc GetWindowTextA
0x48c5c0 GetWindowRect
0x48c5c4 GetWindowPlacement
0x48c5c8 GetWindowLongA
0x48c5cc GetWindowDC
0x48c5d0 GetTopWindow
0x48c5d4 GetSystemMetrics
0x48c5d8 GetSystemMenu
0x48c5dc GetSysColorBrush
0x48c5e0 GetSysColor
0x48c5e4 GetSubMenu
0x48c5e8 GetScrollRange
0x48c5ec GetScrollPos
0x48c5f0 GetScrollInfo
0x48c5f4 GetPropA
0x48c5f8 GetParent
0x48c5fc GetWindow
0x48c600 GetMenuStringA
0x48c604 GetMenuState
0x48c608 GetMenuItemInfoA
0x48c60c GetMenuItemID
0x48c610 GetMenuItemCount
0x48c614 GetMenu
0x48c618 GetLastActivePopup
0x48c61c GetKeyboardState
0x48c624 GetKeyboardLayout
0x48c628 GetKeyState
0x48c62c GetKeyNameTextA
0x48c630 GetIconInfo
0x48c634 GetForegroundWindow
0x48c638 GetFocus
0x48c63c GetDesktopWindow
0x48c640 GetDCEx
0x48c644 GetDC
0x48c648 GetCursorPos
0x48c64c GetCursor
0x48c650 GetClipboardData
0x48c654 GetClientRect
0x48c658 GetClassNameA
0x48c65c GetClassInfoA
0x48c660 GetCapture
0x48c664 GetAsyncKeyState
0x48c668 GetActiveWindow
0x48c66c FrameRect
0x48c670 FindWindowA
0x48c674 FillRect
0x48c678 EqualRect
0x48c67c EnumWindows
0x48c680 EnumThreadWindows
0x48c684 EndPaint
0x48c688 EnableWindow
0x48c68c EnableScrollBar
0x48c690 EnableMenuItem
0x48c694 EmptyClipboard
0x48c698 DrawTextA
0x48c69c DrawMenuBar
0x48c6a0 DrawIconEx
0x48c6a4 DrawIcon
0x48c6a8 DrawFrameControl
0x48c6ac DrawFocusRect
0x48c6b0 DrawEdge
0x48c6b4 DispatchMessageA
0x48c6b8 DestroyWindow
0x48c6bc DestroyMenu
0x48c6c0 DestroyIcon
0x48c6c4 DestroyCursor
0x48c6c8 DeleteMenu
0x48c6cc DefWindowProcA
0x48c6d0 DefMDIChildProcA
0x48c6d4 DefFrameProcA
0x48c6d8 CreatePopupMenu
0x48c6dc CreateMenu
0x48c6e0 CreateIcon
0x48c6e4 CloseClipboard
0x48c6e8 ClientToScreen
0x48c6ec CheckMenuItem
0x48c6f0 CallWindowProcA
0x48c6f4 CallNextHookEx
0x48c6f8 BeginPaint
0x48c6fc CharNextA
0x48c700 CharLowerBuffA
0x48c704 CharLowerA
0x48c708 CharUpperBuffA
0x48c70c CharToOemA
0x48c710 AdjustWindowRectEx
Library kernel32.dll:
0x48c71c Sleep
Library oleaut32.dll:
0x48c724 SafeArrayPtrOfIndex
0x48c728 SafeArrayGetUBound
0x48c72c SafeArrayGetLBound
0x48c730 SafeArrayCreate
0x48c734 VariantChangeType
0x48c738 VariantCopy
0x48c73c VariantClear
0x48c740 VariantInit
Library ole32.dll:
0x48c748 CoUninitialize
0x48c74c CoInitialize
Library oleaut32.dll:
0x48c754 GetErrorInfo
0x48c758 SysFreeString

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49180 113.108.239.162 update.googleapis.com 443
192.168.56.101 49172 172.105.62.131 kipea.felehton.ga 80
192.168.56.101 49173 172.105.62.131 kipea.felehton.ga 80
192.168.56.101 49175 172.105.62.131 kipea.felehton.ga 80
192.168.56.101 49177 172.105.62.131 kipea.felehton.ga 80
192.168.56.101 49178 172.105.62.131 kipea.felehton.ga 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 53945 239.255.255.250 1900
192.168.56.101 50002 8.8.8.8 53
192.168.56.101 50534 8.8.8.8 53
192.168.56.101 51808 8.8.8.8 53
192.168.56.101 57874 8.8.8.8 53
192.168.56.101 58367 8.8.8.8 53
192.168.56.101 62318 8.8.8.8 53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.