4.6
中危
52 个模型检测该样本为恶意!
重新分析
更多

e3c98c2ca7e4be4d14e9040f22c4a88bc512cb0e8d093af37360d035e45c5678

daf79d766d7f6dbd0facd500e82682ac.exe

分析耗时

73s

最近分析

文件大小

2.4MB
静态报毒 动态报毒 AGEN AI SCORE=80 ANDROM ATTRIBUTE AULX CONFIDENCE CT@8Q4G6H ELDORADO ENTM GENASA GENCIRC GENERIC@ML GENERICRXAA GENETIC HHGAJK HIGH CONFIDENCE HIGHCONFIDENCE L4PM5OMXQOM OK2AMAFXK09OCW+0BYTZ6W R03BC0DKE20 R330356 RDMK SCORE SIGGEN9 STATIC AI SUSPICIOUS PE TROJANX TXIF UNSAFE URSNIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee GenericRXAA-AA!DAF79D766D7F 20201229 6.0.6.653
Alibaba Backdoor:Win32/Ursnif.318f018a 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_60% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:TrojanX-gen [Trj] 20201229 21.1.5827.0
Kingsoft 20201229 2017.9.26.565
Tencent Malware.Win32.Gencirc.10b9d46e 20201229 1.0.0.1
静态指标
This executable has a PDB path (1 个事件)
pdb_path c:\riseJump\goodYour\weekgas\SilentUnit\FigHard\containHome\dressopenChange.pdb
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619948440.785074
GlobalMemoryStatusEx
success 1 0
One or more processes crashed (50 out of 64763 个事件)
Time & API Arguments Status Return Repeated
1619948439.254074
__exception__
stacktrace: 
0x259193a
0x25918db
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 41680632
registers.edi: 0
registers.eax: 0
registers.ebp: 41680648
registers.edx: 2130553844
registers.ebx: 0
registers.esi: 39387136
registers.ecx: 3740270592
exception.instruction_r: a1 06 85 59 02 8b 0d 02 85 59 02 03 c8 89 0d 70
exception.instruction: mov eax, dword ptr [0x2598506]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x2591438
success 0 0
1619948439.254074
__exception__
stacktrace: 
0x259193a
0x25918db
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 41680632
registers.edi: 0
registers.eax: 1867734135
registers.ebp: 41680648
registers.edx: 2130553844
registers.ebx: 0
registers.esi: 39387136
registers.ecx: 3740270592
exception.instruction_r: 8b 0d 02 85 59 02 03 c8 89 0d 70 76 59 02 eb 16
exception.instruction: mov ecx, dword ptr [0x2598502]
exception.exception_code: 0x80000004
exception.symbol:
exception.address: 0x259143d
success 0 0
1619948439.254074
__exception__
stacktrace: 
0x259193a
0x25918db
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 41680632
registers.edi: 0
registers.eax: 1867734135
registers.ebp: 41680648
registers.edx: 2130553844
registers.ebx: 0
registers.esi: 39387136
registers.ecx: 3740270592
exception.instruction_r: 8b 0d 02 85 59 02 03 c8 89 0d 70 76 59 02 eb 16
exception.instruction: mov ecx, dword ptr [0x2598502]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x259143d
success 0 0
1619948439.254074
__exception__
stacktrace: 
0x259193a
0x25918db
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 41680632
registers.edi: 0
registers.eax: 1867734135
registers.ebp: 41680648
registers.edx: 2130553844
registers.ebx: 0
registers.esi: 39387136
registers.ecx: 1867276660
exception.instruction_r: 03 c8 89 0d 70 76 59 02 eb 16 a1 78 76 59 02 85
exception.instruction: add ecx, eax
exception.exception_code: 0x80000004
exception.symbol:
exception.address: 0x2591443
success 0 0
1619948439.254074
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680572
registers.edi: 41680720
registers.eax: 39419924
registers.ebp: 41680576
registers.edx: 7661752
registers.ebx: 0
registers.esi: 39419925
registers.ecx: 41680592
exception.instruction_r: 8a 10 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f
exception.symbol: RtlInitAnsiStringEx+0x1f _aulldvrm-0xc6 ntdll+0x2f7ba
exception.instruction: mov dl, byte ptr [eax]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 194490
exception.address: 0x77d5f7ba
success 0 0
1619948439.254074
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680572
registers.edi: 41680720
registers.eax: 39419924
registers.ebp: 41680576
registers.edx: 7661646
registers.ebx: 0
registers.esi: 39419925
registers.ecx: 41680592
exception.instruction_r: 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f 87 77
exception.symbol: RtlInitAnsiStringEx+0x21 _aulldvrm-0xc4 ntdll+0x2f7bc
exception.instruction: inc eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 194492
exception.address: 0x77d5f7bc
success 0 0
1619948439.254074
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680572
registers.edi: 41680720
registers.eax: 39419925
registers.ebp: 41680576
registers.edx: 7661646
registers.ebx: 0
registers.esi: 39419925
registers.ecx: 41680592
exception.instruction_r: 8a 10 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f
exception.symbol: RtlInitAnsiStringEx+0x1f _aulldvrm-0xc6 ntdll+0x2f7ba
exception.instruction: mov dl, byte ptr [eax]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 194490
exception.address: 0x77d5f7ba
success 0 0
1619948439.254074
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680572
registers.edi: 41680720
registers.eax: 39419925
registers.ebp: 41680576
registers.edx: 7661652
registers.ebx: 0
registers.esi: 39419925
registers.ecx: 41680592
exception.instruction_r: 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f 87 77
exception.symbol: RtlInitAnsiStringEx+0x21 _aulldvrm-0xc4 ntdll+0x2f7bc
exception.instruction: inc eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 194492
exception.address: 0x77d5f7bc
success 0 0
1619948439.254074
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680572
registers.edi: 41680720
registers.eax: 39419926
registers.ebp: 41680576
registers.edx: 7661652
registers.ebx: 0
registers.esi: 39419925
registers.ecx: 41680592
exception.instruction_r: 8a 10 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f
exception.symbol: RtlInitAnsiStringEx+0x1f _aulldvrm-0xc6 ntdll+0x2f7ba
exception.instruction: mov dl, byte ptr [eax]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 194490
exception.address: 0x77d5f7ba
success 0 0
1619948439.254074
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680572
registers.edi: 41680720
registers.eax: 39419926
registers.ebp: 41680576
registers.edx: 7661636
registers.ebx: 0
registers.esi: 39419925
registers.ecx: 41680592
exception.instruction_r: 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f 87 77
exception.symbol: RtlInitAnsiStringEx+0x21 _aulldvrm-0xc4 ntdll+0x2f7bc
exception.instruction: inc eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 194492
exception.address: 0x77d5f7bc
success 0 0
1619948439.254074
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680572
registers.edi: 41680720
registers.eax: 39419927
registers.ebp: 41680576
registers.edx: 7661636
registers.ebx: 0
registers.esi: 39419925
registers.ecx: 41680592
exception.instruction_r: 8a 10 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f
exception.symbol: RtlInitAnsiStringEx+0x1f _aulldvrm-0xc6 ntdll+0x2f7ba
exception.instruction: mov dl, byte ptr [eax]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 194490
exception.address: 0x77d5f7ba
success 0 0
1619948439.254074
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680572
registers.edi: 41680720
registers.eax: 39419927
registers.ebp: 41680576
registers.edx: 7661644
registers.ebx: 0
registers.esi: 39419925
registers.ecx: 41680592
exception.instruction_r: 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f 87 77
exception.symbol: RtlInitAnsiStringEx+0x21 _aulldvrm-0xc4 ntdll+0x2f7bc
exception.instruction: inc eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 194492
exception.address: 0x77d5f7bc
success 0 0
1619948439.254074
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680572
registers.edi: 41680720
registers.eax: 39419928
registers.ebp: 41680576
registers.edx: 7661644
registers.ebx: 0
registers.esi: 39419925
registers.ecx: 41680592
exception.instruction_r: 8a 10 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f
exception.symbol: RtlInitAnsiStringEx+0x1f _aulldvrm-0xc6 ntdll+0x2f7ba
exception.instruction: mov dl, byte ptr [eax]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 194490
exception.address: 0x77d5f7ba
success 0 0
1619948439.254074
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680572
registers.edi: 41680720
registers.eax: 39419928
registers.ebp: 41680576
registers.edx: 7661644
registers.ebx: 0
registers.esi: 39419925
registers.ecx: 41680592
exception.instruction_r: 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f 87 77
exception.symbol: RtlInitAnsiStringEx+0x21 _aulldvrm-0xc4 ntdll+0x2f7bc
exception.instruction: inc eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 194492
exception.address: 0x77d5f7bc
success 0 0
1619948439.254074
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680572
registers.edi: 41680720
registers.eax: 39419929
registers.ebp: 41680576
registers.edx: 7661644
registers.ebx: 0
registers.esi: 39419925
registers.ecx: 41680592
exception.instruction_r: 8a 10 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f
exception.symbol: RtlInitAnsiStringEx+0x1f _aulldvrm-0xc6 ntdll+0x2f7ba
exception.instruction: mov dl, byte ptr [eax]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 194490
exception.address: 0x77d5f7ba
success 0 0
1619948439.254074
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680572
registers.edi: 41680720
registers.eax: 39419929
registers.ebp: 41680576
registers.edx: 7661614
registers.ebx: 0
registers.esi: 39419925
registers.ecx: 41680592
exception.instruction_r: 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f 87 77
exception.symbol: RtlInitAnsiStringEx+0x21 _aulldvrm-0xc4 ntdll+0x2f7bc
exception.instruction: inc eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 194492
exception.address: 0x77d5f7bc
success 0 0
1619948439.254074
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680572
registers.edi: 41680720
registers.eax: 39419930
registers.ebp: 41680576
registers.edx: 7661614
registers.ebx: 0
registers.esi: 39419925
registers.ecx: 41680592
exception.instruction_r: 8a 10 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f
exception.symbol: RtlInitAnsiStringEx+0x1f _aulldvrm-0xc6 ntdll+0x2f7ba
exception.instruction: mov dl, byte ptr [eax]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 194490
exception.address: 0x77d5f7ba
success 0 0
1619948439.254074
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680572
registers.edi: 41680720
registers.eax: 39419930
registers.ebp: 41680576
registers.edx: 7661636
registers.ebx: 0
registers.esi: 39419925
registers.ecx: 41680592
exception.instruction_r: 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f 87 77
exception.symbol: RtlInitAnsiStringEx+0x21 _aulldvrm-0xc4 ntdll+0x2f7bc
exception.instruction: inc eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 194492
exception.address: 0x77d5f7bc
success 0 0
1619948439.254074
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680572
registers.edi: 41680720
registers.eax: 39419931
registers.ebp: 41680576
registers.edx: 7661636
registers.ebx: 0
registers.esi: 39419925
registers.ecx: 41680592
exception.instruction_r: 8a 10 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f
exception.symbol: RtlInitAnsiStringEx+0x1f _aulldvrm-0xc6 ntdll+0x2f7ba
exception.instruction: mov dl, byte ptr [eax]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 194490
exception.address: 0x77d5f7ba
success 0 0
1619948439.254074
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680572
registers.edi: 41680720
registers.eax: 39419931
registers.ebp: 41680576
registers.edx: 7661644
registers.ebx: 0
registers.esi: 39419925
registers.ecx: 41680592
exception.instruction_r: 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f 87 77
exception.symbol: RtlInitAnsiStringEx+0x21 _aulldvrm-0xc4 ntdll+0x2f7bc
exception.instruction: inc eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 194492
exception.address: 0x77d5f7bc
success 0 0
1619948439.254074
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680572
registers.edi: 41680720
registers.eax: 39419932
registers.ebp: 41680576
registers.edx: 7661644
registers.ebx: 0
registers.esi: 39419925
registers.ecx: 41680592
exception.instruction_r: 8a 10 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f
exception.symbol: RtlInitAnsiStringEx+0x1f _aulldvrm-0xc6 ntdll+0x2f7ba
exception.instruction: mov dl, byte ptr [eax]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 194490
exception.address: 0x77d5f7ba
success 0 0
1619948439.254074
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680572
registers.edi: 41680720
registers.eax: 39419932
registers.ebp: 41680576
registers.edx: 7661644
registers.ebx: 0
registers.esi: 39419925
registers.ecx: 41680592
exception.instruction_r: 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f 87 77
exception.symbol: RtlInitAnsiStringEx+0x21 _aulldvrm-0xc4 ntdll+0x2f7bc
exception.instruction: inc eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 194492
exception.address: 0x77d5f7bc
success 0 0
1619948439.254074
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680572
registers.edi: 41680720
registers.eax: 39419933
registers.ebp: 41680576
registers.edx: 7661644
registers.ebx: 0
registers.esi: 39419925
registers.ecx: 41680592
exception.instruction_r: 8a 10 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f
exception.symbol: RtlInitAnsiStringEx+0x1f _aulldvrm-0xc6 ntdll+0x2f7ba
exception.instruction: mov dl, byte ptr [eax]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 194490
exception.address: 0x77d5f7ba
success 0 0
1619948439.254074
__exception__
stacktrace: 
IsNLSDefinedString+0xd4f CreateThreadpool-0x4d5 kernelbase+0x36753 @ 0x77916753
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680572
registers.edi: 41680720
registers.eax: 39419933
registers.ebp: 41680576
registers.edx: 7661568
registers.ebx: 0
registers.esi: 39419925
registers.ecx: 41680592
exception.instruction_r: 40 84 d2 75 f9 2b c6 5e 3d fe ff 00 00 0f 87 77
exception.symbol: RtlInitAnsiStringEx+0x21 _aulldvrm-0xc4 ntdll+0x2f7bc
exception.instruction: inc eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 194492
exception.address: 0x77d5f7bc
success 0 0
1619948439.254074
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680488
registers.edi: 41680592
registers.eax: 9
registers.ebp: 41680492
registers.edx: 0
registers.ebx: 0
registers.esi: 1983189573
registers.ecx: 39419924
exception.instruction_r: 0f b6 31 48 41 66 83 3c 75 00 4b e3 77 00 74 06
exception.symbol: RtlUlonglongByteSwap+0xa922 RtlFreeOemString-0x16fb8 ntdll+0x87d12
exception.instruction: movzx esi, byte ptr [ecx]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 556306
exception.address: 0x77db7d12
success 0 0
1619948439.254074
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680488
registers.edi: 41680592
registers.eax: 9
registers.ebp: 41680492
registers.edx: 0
registers.ebx: 0
registers.esi: 78
registers.ecx: 39419924
exception.instruction_r: 48 41 66 83 3c 75 00 4b e3 77 00 74 06 85 c0 74
exception.symbol: RtlUlonglongByteSwap+0xa925 RtlFreeOemString-0x16fb5 ntdll+0x87d15
exception.instruction: dec eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 556309
exception.address: 0x77db7d15
success 0 0
1619948439.254074
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680488
registers.edi: 41680592
registers.eax: 8
registers.ebp: 41680492
registers.edx: 2
registers.ebx: 0
registers.esi: 78
registers.ecx: 39419925
exception.instruction_r: 0f b6 31 48 41 66 83 3c 75 00 4b e3 77 00 74 06
exception.symbol: RtlUlonglongByteSwap+0xa922 RtlFreeOemString-0x16fb8 ntdll+0x87d12
exception.instruction: movzx esi, byte ptr [ecx]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 556306
exception.address: 0x77db7d12
success 0 0
1619948439.254074
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680488
registers.edi: 41680592
registers.eax: 8
registers.ebp: 41680492
registers.edx: 2
registers.ebx: 0
registers.esi: 84
registers.ecx: 39419925
exception.instruction_r: 48 41 66 83 3c 75 00 4b e3 77 00 74 06 85 c0 74
exception.symbol: RtlUlonglongByteSwap+0xa925 RtlFreeOemString-0x16fb5 ntdll+0x87d15
exception.instruction: dec eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 556309
exception.address: 0x77db7d15
success 0 0
1619948439.254074
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680488
registers.edi: 41680592
registers.eax: 7
registers.ebp: 41680492
registers.edx: 4
registers.ebx: 0
registers.esi: 84
registers.ecx: 39419926
exception.instruction_r: 0f b6 31 48 41 66 83 3c 75 00 4b e3 77 00 74 06
exception.symbol: RtlUlonglongByteSwap+0xa922 RtlFreeOemString-0x16fb8 ntdll+0x87d12
exception.instruction: movzx esi, byte ptr [ecx]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 556306
exception.address: 0x77db7d12
success 0 0
1619948439.254074
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680488
registers.edi: 41680592
registers.eax: 7
registers.ebp: 41680492
registers.edx: 4
registers.ebx: 0
registers.esi: 68
registers.ecx: 39419926
exception.instruction_r: 48 41 66 83 3c 75 00 4b e3 77 00 74 06 85 c0 74
exception.symbol: RtlUlonglongByteSwap+0xa925 RtlFreeOemString-0x16fb5 ntdll+0x87d15
exception.instruction: dec eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 556309
exception.address: 0x77db7d15
success 0 0
1619948439.254074
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680488
registers.edi: 41680592
registers.eax: 6
registers.ebp: 41680492
registers.edx: 6
registers.ebx: 0
registers.esi: 68
registers.ecx: 39419927
exception.instruction_r: 0f b6 31 48 41 66 83 3c 75 00 4b e3 77 00 74 06
exception.symbol: RtlUlonglongByteSwap+0xa922 RtlFreeOemString-0x16fb8 ntdll+0x87d12
exception.instruction: movzx esi, byte ptr [ecx]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 556306
exception.address: 0x77db7d12
success 0 0
1619948439.254074
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680488
registers.edi: 41680592
registers.eax: 6
registers.ebp: 41680492
registers.edx: 6
registers.ebx: 0
registers.esi: 76
registers.ecx: 39419927
exception.instruction_r: 48 41 66 83 3c 75 00 4b e3 77 00 74 06 85 c0 74
exception.symbol: RtlUlonglongByteSwap+0xa925 RtlFreeOemString-0x16fb5 ntdll+0x87d15
exception.instruction: dec eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 556309
exception.address: 0x77db7d15
success 0 0
1619948439.254074
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680488
registers.edi: 41680592
registers.eax: 5
registers.ebp: 41680492
registers.edx: 8
registers.ebx: 0
registers.esi: 76
registers.ecx: 39419928
exception.instruction_r: 0f b6 31 48 41 66 83 3c 75 00 4b e3 77 00 74 06
exception.symbol: RtlUlonglongByteSwap+0xa922 RtlFreeOemString-0x16fb8 ntdll+0x87d12
exception.instruction: movzx esi, byte ptr [ecx]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 556306
exception.address: 0x77db7d12
success 0 0
1619948439.254074
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680488
registers.edi: 41680592
registers.eax: 5
registers.ebp: 41680492
registers.edx: 8
registers.ebx: 0
registers.esi: 76
registers.ecx: 39419928
exception.instruction_r: 48 41 66 83 3c 75 00 4b e3 77 00 74 06 85 c0 74
exception.symbol: RtlUlonglongByteSwap+0xa925 RtlFreeOemString-0x16fb5 ntdll+0x87d15
exception.instruction: dec eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 556309
exception.address: 0x77db7d15
success 0 0
1619948439.254074
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680488
registers.edi: 41680592
registers.eax: 4
registers.ebp: 41680492
registers.edx: 10
registers.ebx: 0
registers.esi: 76
registers.ecx: 39419929
exception.instruction_r: 0f b6 31 48 41 66 83 3c 75 00 4b e3 77 00 74 06
exception.symbol: RtlUlonglongByteSwap+0xa922 RtlFreeOemString-0x16fb8 ntdll+0x87d12
exception.instruction: movzx esi, byte ptr [ecx]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 556306
exception.address: 0x77db7d12
success 0 0
1619948439.254074
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680488
registers.edi: 41680592
registers.eax: 4
registers.ebp: 41680492
registers.edx: 10
registers.ebx: 0
registers.esi: 46
registers.ecx: 39419929
exception.instruction_r: 48 41 66 83 3c 75 00 4b e3 77 00 74 06 85 c0 74
exception.symbol: RtlUlonglongByteSwap+0xa925 RtlFreeOemString-0x16fb5 ntdll+0x87d15
exception.instruction: dec eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 556309
exception.address: 0x77db7d15
success 0 0
1619948439.254074
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680488
registers.edi: 41680592
registers.eax: 3
registers.ebp: 41680492
registers.edx: 12
registers.ebx: 0
registers.esi: 46
registers.ecx: 39419930
exception.instruction_r: 0f b6 31 48 41 66 83 3c 75 00 4b e3 77 00 74 06
exception.symbol: RtlUlonglongByteSwap+0xa922 RtlFreeOemString-0x16fb8 ntdll+0x87d12
exception.instruction: movzx esi, byte ptr [ecx]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 556306
exception.address: 0x77db7d12
success 0 0
1619948439.269074
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680488
registers.edi: 41680592
registers.eax: 3
registers.ebp: 41680492
registers.edx: 12
registers.ebx: 0
registers.esi: 68
registers.ecx: 39419930
exception.instruction_r: 48 41 66 83 3c 75 00 4b e3 77 00 74 06 85 c0 74
exception.symbol: RtlUlonglongByteSwap+0xa925 RtlFreeOemString-0x16fb5 ntdll+0x87d15
exception.instruction: dec eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 556309
exception.address: 0x77db7d15
success 0 0
1619948439.269074
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680488
registers.edi: 41680592
registers.eax: 2
registers.ebp: 41680492
registers.edx: 14
registers.ebx: 0
registers.esi: 68
registers.ecx: 39419931
exception.instruction_r: 0f b6 31 48 41 66 83 3c 75 00 4b e3 77 00 74 06
exception.symbol: RtlUlonglongByteSwap+0xa922 RtlFreeOemString-0x16fb8 ntdll+0x87d12
exception.instruction: movzx esi, byte ptr [ecx]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 556306
exception.address: 0x77db7d12
success 0 0
1619948439.269074
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680488
registers.edi: 41680592
registers.eax: 2
registers.ebp: 41680492
registers.edx: 14
registers.ebx: 0
registers.esi: 76
registers.ecx: 39419931
exception.instruction_r: 48 41 66 83 3c 75 00 4b e3 77 00 74 06 85 c0 74
exception.symbol: RtlUlonglongByteSwap+0xa925 RtlFreeOemString-0x16fb5 ntdll+0x87d15
exception.instruction: dec eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 556309
exception.address: 0x77db7d15
success 0 0
1619948439.269074
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680488
registers.edi: 41680592
registers.eax: 1
registers.ebp: 41680492
registers.edx: 16
registers.ebx: 0
registers.esi: 76
registers.ecx: 39419932
exception.instruction_r: 0f b6 31 48 41 66 83 3c 75 00 4b e3 77 00 74 06
exception.symbol: RtlUlonglongByteSwap+0xa922 RtlFreeOemString-0x16fb8 ntdll+0x87d12
exception.instruction: movzx esi, byte ptr [ecx]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 556306
exception.address: 0x77db7d12
success 0 0
1619948439.269074
__exception__
stacktrace: 
RtlAnsiStringToUnicodeSize+0x18 RtlUpcaseUnicodeStringToAnsiString-0xf ntdll+0xb627a @ 0x77de627a
RtlUlonglongByteSwap+0x12ba RtlFreeOemString-0x20620 ntdll+0x7e6aa @ 0x77dae6aa
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680488
registers.edi: 41680592
registers.eax: 1
registers.ebp: 41680492
registers.edx: 16
registers.ebx: 0
registers.esi: 76
registers.ecx: 39419932
exception.instruction_r: 48 41 66 83 3c 75 00 4b e3 77 00 74 06 85 c0 74
exception.symbol: RtlUlonglongByteSwap+0xa925 RtlFreeOemString-0x16fb5 ntdll+0x87d15
exception.instruction: dec eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 556309
exception.address: 0x77db7d15
success 0 0
1619948439.269074
__exception__
stacktrace: 
RtlAnsiStringToUnicodeString+0x7d RtlEqualUnicodeString-0xc1 ntdll+0x2e732 @ 0x77d5e732
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680484
registers.edi: 9
registers.eax: 18
registers.ebp: 41680496
registers.edx: 39419924
registers.ebx: 2130313760
registers.esi: 41680616
registers.ecx: 8456144
exception.instruction_r: 0f b6 02 03 c0 0f b7 b0 00 4b e3 77 4f ff 4d 18
exception.symbol: RtlInitUnicodeString+0x250 RtlMultiByteToUnicodeN-0xed ntdll+0x2e458
exception.instruction: movzx eax, byte ptr [edx]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 189528
exception.address: 0x77d5e458
success 0 0
1619948439.269074
__exception__
stacktrace: 
RtlAnsiStringToUnicodeString+0x7d RtlEqualUnicodeString-0xc1 ntdll+0x2e732 @ 0x77d5e732
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680484
registers.edi: 9
registers.eax: 78
registers.ebp: 41680496
registers.edx: 39419924
registers.ebx: 2130313760
registers.esi: 41680616
registers.ecx: 8456144
exception.instruction_r: 03 c0 0f b7 b0 00 4b e3 77 4f ff 4d 18 66 85 f6
exception.symbol: RtlInitUnicodeString+0x253 RtlMultiByteToUnicodeN-0xea ntdll+0x2e45b
exception.instruction: add eax, eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 189531
exception.address: 0x77d5e45b
success 0 0
1619948439.269074
__exception__
stacktrace: 
RtlAnsiStringToUnicodeString+0x7d RtlEqualUnicodeString-0xc1 ntdll+0x2e732 @ 0x77d5e732
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680484
registers.edi: 8
registers.eax: 78
registers.ebp: 41680496
registers.edx: 39419925
registers.ebx: 2130313760
registers.esi: 2130313244
registers.ecx: 8456146
exception.instruction_r: 0f b6 02 03 c0 0f b7 b0 00 4b e3 77 4f ff 4d 18
exception.symbol: RtlInitUnicodeString+0x250 RtlMultiByteToUnicodeN-0xed ntdll+0x2e458
exception.instruction: movzx eax, byte ptr [edx]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 189528
exception.address: 0x77d5e458
success 0 0
1619948439.269074
__exception__
stacktrace: 
RtlAnsiStringToUnicodeString+0x7d RtlEqualUnicodeString-0xc1 ntdll+0x2e732 @ 0x77d5e732
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680484
registers.edi: 8
registers.eax: 84
registers.ebp: 41680496
registers.edx: 39419925
registers.ebx: 2130313760
registers.esi: 2130313244
registers.ecx: 8456146
exception.instruction_r: 03 c0 0f b7 b0 00 4b e3 77 4f ff 4d 18 66 85 f6
exception.symbol: RtlInitUnicodeString+0x253 RtlMultiByteToUnicodeN-0xea ntdll+0x2e45b
exception.instruction: add eax, eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 189531
exception.address: 0x77d5e45b
success 0 0
1619948439.269074
__exception__
stacktrace: 
RtlAnsiStringToUnicodeString+0x7d RtlEqualUnicodeString-0xc1 ntdll+0x2e732 @ 0x77d5e732
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680484
registers.edi: 7
registers.eax: 84
registers.ebp: 41680496
registers.edx: 39419926
registers.ebx: 2130313760
registers.esi: 2130313244
registers.ecx: 8456148
exception.instruction_r: 0f b6 02 03 c0 0f b7 b0 00 4b e3 77 4f ff 4d 18
exception.symbol: RtlInitUnicodeString+0x250 RtlMultiByteToUnicodeN-0xed ntdll+0x2e458
exception.instruction: movzx eax, byte ptr [edx]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 189528
exception.address: 0x77d5e458
success 0 0
1619948439.269074
__exception__
stacktrace: 
RtlAnsiStringToUnicodeString+0x7d RtlEqualUnicodeString-0xc1 ntdll+0x2e732 @ 0x77d5e732
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680484
registers.edi: 7
registers.eax: 68
registers.ebp: 41680496
registers.edx: 39419926
registers.ebx: 2130313760
registers.esi: 2130313244
registers.ecx: 8456148
exception.instruction_r: 03 c0 0f b7 b0 00 4b e3 77 4f ff 4d 18 66 85 f6
exception.symbol: RtlInitUnicodeString+0x253 RtlMultiByteToUnicodeN-0xea ntdll+0x2e45b
exception.instruction: add eax, eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 189531
exception.address: 0x77d5e45b
success 0 0
1619948439.269074
__exception__
stacktrace: 
RtlAnsiStringToUnicodeString+0x7d RtlEqualUnicodeString-0xc1 ntdll+0x2e732 @ 0x77d5e732
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680484
registers.edi: 6
registers.eax: 68
registers.ebp: 41680496
registers.edx: 39419927
registers.ebx: 2130313760
registers.esi: 2130313244
registers.ecx: 8456150
exception.instruction_r: 0f b6 02 03 c0 0f b7 b0 00 4b e3 77 4f ff 4d 18
exception.symbol: RtlInitUnicodeString+0x250 RtlMultiByteToUnicodeN-0xed ntdll+0x2e458
exception.instruction: movzx eax, byte ptr [edx]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 189528
exception.address: 0x77d5e458
success 0 0
1619948439.269074
__exception__
stacktrace: 
RtlAnsiStringToUnicodeString+0x7d RtlEqualUnicodeString-0xc1 ntdll+0x2e732 @ 0x77d5e732
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
0x25948c7

registers.esp: 41680484
registers.edi: 6
registers.eax: 76
registers.ebp: 41680496
registers.edx: 39419927
registers.ebx: 2130313760
registers.esi: 2130313244
registers.ecx: 8456150
exception.instruction_r: 03 c0 0f b7 b0 00 4b e3 77 4f ff 4d 18 66 85 f6
exception.symbol: RtlInitUnicodeString+0x253 RtlMultiByteToUnicodeN-0xea ntdll+0x2e45b
exception.instruction: add eax, eax
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 189531
exception.address: 0x77d5e45b
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (4 个事件)
Time & API Arguments Status Return Repeated
1619948431.004074
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 12288
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00672000
success 0 0
1619948431.004074
NtAllocateVirtualMemory
process_identifier: 1176
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00350000
success 0 0
1619948431.004074
NtAllocateVirtualMemory
process_identifier: 1176
region_size: 12288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00360000
success 0 0
1619948431.004074
NtAllocateVirtualMemory
process_identifier: 1176
region_size: 1183744
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02590000
success 0 0
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\BioCgpui\apiMclb.exe
Drops an executable to the user AppData folder (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\daf79d766d7f6dbd0facd500e82682ac.exe
Moves the original executable to a new location (1 个事件)
Time & API Arguments Status Return Repeated
1619948441.269074
MoveFileWithProgressW
oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\daf79d766d7f6dbd0facd500e82682ac.exe
newfilepath:
newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\daf79d766d7f6dbd0facd500e82682ac.exe
success 1 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config (2 个事件)
Time & API Arguments Status Return Repeated
1619948441.175074
RegSetValueExA
key_handle: 0x00000140
value: ý#ٜýG"9þkkÕúµq¯´þ ¬ØGªéüFæ ÚâãD#àhl݌µ·Ú°þS×ÔGðÔøŒÑÚ(ÖA#Åá„&pÞ\yÙü8ÄÁÆ~aÆ,Ëқ©{áù:åàW͜ìÈHîå§ù5¾µC¨Zr­;tØl^ù§¶ö´ðRüæ<Hbó÷Èÿ²Ö. n'c«(lÉ·ãÖq¹ž!ØÅY‹€½ÐæÉÏ!ZŠgfE®çqO~»#Áevi'r1ï˜Wì7ÿc§½pybׅT Øeq%“¶¥¿Mþ ÌO@gצs~æ3 ƒ-š,>*¾uÚ'â¾v$!*Q¯NšKrãç–,„a»z êPãçt,·ä˜uSÁ½ÀÉâ­Æv^IÃH¨åÀlñIÀ<Fô…ºC˜ÑV@¼=ðcŸ:­;<:ö×9^?t;‚ˆ8¦Ñ¬5I2Bgå/f°.Šù+®Rº(â›V%õò":>^‡+,‚ÐÇÉqdü•euv±œÂšú8¿¾CÕ¼âŒq¹Ö ¶*ª³NhF°r±â­¦ý~.ðF+·(8ÙS%\"ð"€kŒ¤´(ÈýÄìFaý4ٙX"6 |kÒ  ´nD ÈjI§¡4•CžZÞߛ~'|˜¢p•Æ¹´’êQ½‚±e.§úþ:Fžûn:øÛÖõ*$sòNmïr¶«ì–ÿG »HD4QöA¥Ö?ÞxF‰zuêÔrZ³oòiOl³ëi:ü‡f^E$£‚ŽÎ 9,/‚­µhËI²\毐`‚¬t¬©˜õº¦¼>W£à‡óàÑO ‹_¯Öû¥ð˜¢l4ŸFµÐœ:m™^J –‚“¥“¦ÜAÐÊ%žû`Ô¦gèCdLgßa€³{^Öü[èH´X ’PU0ÛìRT$‰xmeŒœ¶‰Àÿ†äH:ƒ’Ö€,Ûr}P$ztm«w˜¶Gt¼ÿãqàH€¸N’-*owŸ‹ñèˆS5¹‰y~UÐçÇ2ß ­¤§Þ¤Be´ái®Pލ÷ìÛ±@‰ØՉ%ÕùÒÁÒ^ÏAeúÌe®–ɉ÷2Æ­@ÏÃщkÀõÒ½¤º=e@·a®Ü´…÷x±©@®Í‰±«ñÒM¨ê¥9e†¢]®"Ÿ÷¾œ¥@[™É‰÷–íғ“05e̍Y®hŠ}÷‡¡@¡„ʼn=éÒÙ~ v{1exU®®uy÷Jr@çoÁ‰ƒlåÒi ¼f-eXcQ®ô`u÷]™@-Z½‰ÉWáÒeTQ)ežNM®:Kq÷ÖH•@sE¹‰BÝÒ«?H<%eä9I®€6m÷3‘@¹…@v÷:£a‘Æ*caf«s¡‰j #À»P)‘4ÎÍÔC+"Ógt~ ‹Ó‚Ÿ±,o›ëŒšVïõ a ò6)@‘Õpr!í´»½TÜWÄRh¡`O êrTc2fWü­s‹Ró ÔcC˜mÿU8žbËqvReÂÐ7Š mõáOiZ5\*í ’VdwtOÙhKsh]G3¢jð<³‚OûKóx®Nˆ.¸âæËed š6Û=´k€9î8"Õ)¸Ã&Å)ñn×.ÎÇ«:'Ÿ£Ózv“lÊix-œu°pjÐ/ƒÉÙS» e¤T ¥ñ1yíGŸ™È`é5Ž¡îÑeŽ‹Î‰boëèpl¥º·iTShéqŸxïâûÁ²µøåQÛdBš«`Þ G-me8}yy.zEƒN<©JP¤Ìë ŠÿðØ,œí:Ew¤àª:e¥¦¶Î«³/n0L­·ÌÖD1ì—u³¶«äõËÏ-üÌH̀MÆÍ®l:IÃF7jTæöäŒÏ´‹ÙòuPÕnßu=Ç{±ÄÎjÍ+:£V³9ú_­‘áþÔz\2Yƒ_3oß gy„sŒÁ–ˆ¯€G„IÚâöy"õû…"šú©îÿö¾G]Aî»eŒãûÚXåôÿô×H¯»|ÐJAÄú(9ÁrZ™¸Â)VƍÆSêÙAŁÒÅlÌØE"u¶@j‡¿´²9ÌYþåN>½ØÖe‹5G¥ÓGXThô¿x1­Õ-Hoˆí›º$s­œá#™Ñ ]¥—„k<ÿ¸³N -å=ÐQ._ë‚~QW"Óø©» è´Ȯ[±aƒ+ŽÑâ<=^‹¾!°F‹b¬¡ u ®.3—¤¯%þ˜ 29Ê`Rә8ʬAwÂD=954<{UÑyÆfÑ‹l,‡¦¢H†Úvݾù4£Hczœ†99˜ ‹ÔkʔæzE1‚¬1\!¹T»ý6{Í2‹dôt«6­xZG©ÓÙYØý÷/Á¥-  Î F¾”b+ …t<‚æ˜Ágªã]í6­¬n]êà@?ãð¬Eøgõ½mAŧÆà¸Û˜Â±;¥ÓºÉÃÖ·úÒ ©‘°ÃêÐwè3m§Þ1IV=r‚wc»»€ƒzäVTx‹š ç—oë¤?±‰~Ba eý~®ƒ7 ¼^fݾ÷x›®³ ©ÏÝ䢿ÙU0XY@vøµ)•;CƒÅPçÎqØãéI]ûBØZ ;PŒÇxuÕbê‘"òQ¶Ávz1 €r…ÁœDªa8¶Ö3Û6ÁÍÝ kk[`¢“⟷|èäÜHEæh•Õåœ.Z¾yö>éò =5‡F(9Fߏ]Ž±TcÚ]PczOÑ1òÀ叼¨&€!Ëq.îð_ Jä"¨XÒ¨"m¡D“–Ò¼øºä:ÓÄޒÀЏN.„,z0*Ï·ÐsŽ@"ŠÚw”ù5Â0{€Ô«þ²³©"üÜë&–aÀsßýFÝ Ûç5$Aeø(;¾Žß¤)ìþJ6(HvÏøž”´8mÛY¶´cn…GÕ­[)Ú!¤9ÛD!aMuR™™››À†EÛl% ¿Ó±pbZNþë`Ox4œ€¿Ùߣ&"|)ªƒ›¡Þ̬¥ÙÔ°:k8e=e=þ Å<ÐñÒë`¢X7„aŠ–j͈fRf¦e†: r¡G=qŐMw@e_|L#ypáŠw•*'}º!Ü- E;þ‹k”;ÀtàçF ðËGükT©à Ú bÙ>)ë’ËÇø9zHõèùwÍÆ«ý)ûZùcwø—bYÙ§³¼°ÿXÔËBøþ™a6&–€KØý§øÑ©ú§`"€ŽBÊ1×jD6¤„%[a'ygfGw‹:)X˜)+W¼4ØT6±j§Yo+°|Î -£'-ê<”±V’ÝMÔó®ÌÓ'g=3ö$ß½Ã|à=á)—):ùŠ”\åz\øeʘb³¸ÛûgUM&°†)ü³ERE¥Íb.òÙ±Uà1ÖI–Už$[nóDÿyŠ}c»¦¸Ê¢]ÄuýÁ™×Á ºÊÔò3)ÈvÛsdsAvq2ŠË7P°xo5 œZR8$6Õ!&¼D6NU²¯Þç•Õ›àρÚÈÐ]¢ë’D\ÖÿZÅrªÜÇÁFÙê€ë)b2‹'†{ÈÅ«N‰2ɳOÎ˨îyõñŠÌÃÊ%NH= ïU`kë҆ÄǺ­@$¶G’ Ô®øF> 2Š9éΆÓ:Á‚ ä݁AmÊÔ͸gÑñì¯Í‹>¢ÉÅç¾Èùp«†íHª!}DsldÐÄ aôø1›»×®îë÷«5Ñô¶ˆeI‡BùÿðREaҐó©=-#8ùPVQzN£}£—?µºð_•ä9üè™øe.òêJô6‡F¢Å~‰=F³gÙBM¹„im£ÑõÏ@ί?>J4êg“Јø¬o•Aí ’e†I÷YÒõGfŽáEŠÂCA$3‘°qЎԣi‰øìAy,ºb{PiyÊÙzR×Pûêc\£ YÇè^vøkê©ËióP51<íeTÍrÂyxô÷¬ÞSYb€Lõ_³u\×bNÇlӐ¼Ð8«Oû›VÐÝåòÍ>fûâ©#Èè•ye€ùRŽF*WšïÌ÷— œŠ±ʯúª°JBG¬nìü岓ú ü^,Eµü¼^T dpùV)"fU]¾ê Ї9J_PmÔQ‘aÚOª¬döXI–ªöFEäÎ6ÞpÕ2k:ۖŽ×vÈüÕJÔBæ$ðtŽt¡ÁÖ®?5I+fŽjèþ܏B6>U§R=‰y42Â惨 “kÖUE´z¡ñ:äâǔ$_ Qûf™E,c¦`Æ_ÊåUÐø„ñâ|Nïà‚/ÅËA$9kFD^´â*5û~&—×uÒ+•… (çä|À¾å&w×V’ý;¹?ÌL× ‡süOà”Xw)1½WgÐÊå»ÔÙ q¾Ñp»Þ騷*K ÷u÷Ä{Ô½d)·Ê­pSÇÑĶ­3 S©WË÷ùÎ|Â÷òÅG;ä7®`Ӈ:´p„^æE~‚/n¶üznÚEl‹Ô ¹<cžìr#®³¼¿4þ—ôP̾ôtZf¡]lSÅý¸ïf™µü9² ¤È¾Èvh»ì)EVcóÏ¿ àWªÒñ÷Î9ë vE”=B¸…(GÛDµCu‚ºEšËV+÷ó(ԛ¸4È @s´=—fÔ¹¼¯poHŽnR:£AœÖ tiý˜²Ö8Y7©â½ùý:¢ 9œ 7A`Èù{@N_"Ù§8§Wä³ÿÁ°#ô¯G=£!tْ†°#/ƒ½ÖÇáŠtÛ¦@áÚÚ®lÖÿ÷ñÍ"AŽ:ÿ4X]^1Ճ· ½ª3j¹D…V Ñô õ4É~¡òLKþñp”™cG7ÈБÓÅG1XØ{ô¾cÀºÃü¡Á=ETâ[ñÜÏœteMCc³–È[Óßd•XíõMŒº2J° XžêdÉ@qY_ð~jœQõqJ<³8„´G5ãôEY,Ì5ò¾1,)Û0`²b/·»þ¡ãTñ=ŸJš%ÿmã7å< ÉØðÐ uì0J!m•½j àæ¬!zî98±Fsv®jEX£ÊQ%㜠"\E •á¸G…ŽÜ dÚ¦œ3nj?|cßbÛ_\‰4L¯•z­¹¬½¦Ýõ•–à ”5 ¶H_Á"G“ZwwØp›Ö°`4*£\nÓ¿[¢\GZùeãÌ%ÿÕ1zIr.‡¬ *«¯+¹êãw´`tBý õG¨òb2˜XW‹¸Û{ÔT¨_øë@ ÒÈ-eH9›ëeÖŸ7œb€<õƒ,a> \WÊ÷L‹—ôJ¯à¼Û\ìôÒµ±JŒ¾s~ÖZpòŠkRb[J?Ynhf{^õ
regkey_r:
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\389531D4-37D7-2ACB-81EC-5BFE45E0BF12\(Default)
success 0 0
1619948441.191074
RegSetValueExA
key_handle: 0x00000140
value: ý#ٜýG"9þkkÕúµq¯´þ ¬ØGªéüFæ ÚâãD#àhl݌µ·Ú°þS×ÔGðÔøŒÑÚ(ÆA#Åф&pÎ\yÙì8ÄÁ¶~aÆËҋ©{áé:åàG͜ì¸HîÕ§ùò4¾µ3¨Zr;tÈl^鐧¶æ´ðR^ûY«šbñ6ÖɈÂ1 N0fDÚjÍÛeˆòñ·i‰}Ìöz”#¥ WŠ<¬u¿O8®&çÃÃÏeOø6ýÚ4ž•fÄ-òâ9=~M¡Ô kÖù•¦=‘!Är¹­ÿÙP9Ngý=ŠÎ”ɇòÝe„':pž~^¹:{‚×Ü,Rs­Âºmªæ § M¦”/¸bœU ÿ™—V›–‹ 7“¯éÓĐ3pÁÄ| ¾èÅ(¼ Ź@Xa¶f¡ý¸Šì™µ®56·Ò€Ò´öÉn±: ®b`§«†©CªªòߧÎK|¤ò”¡&Þ´žJ'Q›n€í˜’ɉ•Æ&’ê[¥^œ2îú)ó:—\„31ÇÐÏ~ël{cx3¬¤u'ù@&dBÝ#ˆ‹y ¬Ôà!²žkN›+´ê˜Oý†•sF#’—¿»Ø[Œß!ø‰k”†'´0ƒKý̀oFi}“z·Ø¡w %>¤4nÚõƺvòìïM¯ì4–KéXßçæ|(„ט‚9 5ylъ­µm‡ï „K¦;”B~_ÝÞ{ƒ&{˜§owÃ=u4Ãf÷S°­ô§üIñ9Fæî’‚ë£ÛèÇ$»åëmW"·3M˜aD«¼ªàHô|EÆ@BŠµ?¸ÖQ<Üî9iŠ6$²&sHû‚žÜ¨€bòÀž;¹½’ˆUºÐÑñ·žŽ´Âg*±æ°Æ® úbë.C?µÿNÙH똒‡•.ß#’p(ÀXu\Œ|¾ø‰ •†ÄP1Ã虍î~H–Z’2W:ÛÎTn(kQžqN¤¾£KÈ@HìPÜEšx‚4ãTX,ñ||uy ¾)vÄÆsèPbp šþm0ãšjT,7gxuÓdœ¾o«  °ìŽ3^ þn«¨ÿ”ôDF>"%¨"”í{Žê¹Û£'á$@$nÜ!)·xMqI±•’M¹ÛéÝ$†n" %·¾ I[mI÷‘’“µÛ/ýØ$Ìúümh÷ ·ôD¡ñhI=Ùë°ÛuèÔ$åøm®â·Jß@çÜdIƒÙˆ’Ö¬Û»ÓÐ$XÐômôÍ·Ê<-Ç`IÉĄ’eÁ¨Û¾Ì$ž»ðm:¸·Öµ8s²\I¯€’«¬¤ÛG©È$ä¦ìm€£· 4¹XIUš|’ñ— ÛÜMNéÈnÒ ¤•Èzx; ,ü:˜ê™6M73q•^Œ¹.R^‚;øæµÌôØhÌ9ˆu±Áã…°ðBb—¬§F‘-Ãeu³O¿Y9ä >¿€ŠíV¤-œáXk|*õh þ{è„Cap‚Kÿm¦”Ü¥Ž"ˆä’Ÿ#l:…Ài^ #ݘšJ¥¥bÄ£É6ä<î€tÙØ ]þ!=å­ïÙâÑ9ùsö‚•û`2øÁï[ù³’+ PU•'Àë+èÏ°p)}}¡&¡ÆƦac£cG+÷ôæ{k)‡ÀJhèÿØ7®l­Ÿ“Lõ>´Év!ÙfˆgóìG5ékf¢‡‘¯ŠÑ9`‡ ÷[½Äø áQ Œ™›¼‰H(Ê—2gͼ{…¯ÍK‰ïåd[ºÒԂV¿¼ªçædLÕÃxÑ2æÄms•©žp¹ò‚ø訐‘ÉD-‚‹Á©£&EÁ¸Yo´}\?qê08’>Â_û†CDƒ± ÈÎvá ;CB* è¡b³¦êZtºç~ø`¬‰E-Ö4z(#$±@‚ÜúÜDÏHÿe& (3º.ûîÈú2{ð’ëȏW™4Ð~UÍ(ÇÙnív·œvSí;Ødù$ö;ðš÷n}/Z²M4‚ûé1)B‹=‘{³Ÿ4OüÂJ¸ApðxF끘/0V/_&èV5¾5J›ˆÇI¿—-'ô Qp•L8]Y>Z} x̵šG’#«¤‘GôÀC†èáOªËÞs;ó7¼´×·¤Ów•4<¼DB!BÁ“ÈMíéNâN݌ZÙÎÊÔcÂ|™Q+ÃxÙAU ¿V"B%oލ•C'®AÃ«±aÌU«¸ÉÅ}½–6PÒ[CÌYgdaك­ [u÷©X˜VOû¿Ÿ(àäèÄìîa鱉ór)ðH µÄxWšîI,¶¯“U¬tgÊñqvr̺o8|aÃÁ‚‘dGïâHÑ[\1YFïX,·Á‡Ÿ¼ïq¼3\‚ž0ƒÌ:-¦+\ÏÍt@U5Ö$×”þË$]z>‚åk‡4^5ÔÐà“–%É/Kjzij+á³O\É;?mª\‹¾FY¯Š/zóÒˌ*;k‰ÓD}˜?'= fÆ»r“UßÑ<o’Q.d.MhÇoMŒO†ó/L©…W¥ñ.<-‚œ@r1Zßàjæ_Éäû.Œ¡”1Õ„G4Uë °¦Ï&=´¬Ña˜2nËuƒÚ—þ FlŒå÷… j.‰h<ÀŒÍç-ëÇ*[šI[,ç塋 ÷Ã÷àÞðccì ý½Ð•jµdXgò¥¤*‘b¥o@Ç,G$ÉDH£òN™’K¢øKfÉA0îI¯ü3ùd½he9Î‰É 2ÎxÓòåŸS0JE³,”hî,¸}Wqg‹<÷ãÜ }p6˜é‰¡ÇÚ ¤-l@…µ)"²M«Iøµ@qn*ÇO^cTÖ@ Qú‰Ç÷ÖÓcô;ªë^ósu‰EAé_æyQäZìr"Âç<‚Å †­4çî…Âw®é ?[XÛXo:,U“ƒ:Ux¼ÙÝ-¢vÚQ&ýæ¼YÞn¯ëÝ.†d‡COiº¤fÞZ„›f¬§£¼¤3-㡏wŽ#VÁ* »”¥*ÀýA'äaä !¢1ô^ ž<¼Þú…Í0©lvÌJ«ðØ02V%.;°ê+Ô8iüʬ&bLI˜º'š'h„؃±•þ1<8DUFyyÑßT¶üÃߊù\<oyBŽTu'bò³ƒ«µô/f$¹¾-ç•JæCÞæ0õ­+÷fÀx‚Ó×`Y®óüVÒÇqÐW˜1AŸ{¸‘èX@~>Èf'$èS€wÀ O []nÍ~¶á¡ÿ+&QµìS½‰ýt%ía¤üĕ3l EÙ,.ôä ŠYŒèä¾1H-nW-­~ º-¨Ëý-Ìã­S'€ó¼Ô5®PAz_Ÿî‡èӜöéµÌã|Û ÈIÜ-(“`vžÝücF,ánu|Lƒ ™êQ³>«^.ÐÊGÃaòE/8ãfsÂ7d— Ô©FNpöʱodM“ùt(BŸ5U™¨[ÖáuøÓ dNмareæêº.ƒçÞ»¬$MÔði•Ã¹z„’Ýà ÅUH³ 'å°1¸qÆ`d¶unI<ò¿-Â~H{º°ÒiӏR“ÕÒR··Ú,›bšÚƒìþëþ%׿û‘«§µ Í0ÜS±¸K­’è/*äiU?äæf,Ê.A{µÁ0避ɈfIaÚJшgrÕø™Y Š¿šQû£$Ét…T¶«Åþo/Z|ºË☉(SâP[Nå%[s.ÂÍ°¿éן¯‰Ô}]&Ñ¡¥Ø.ßñth<e‡àaGÐò ´¤œÝ|ñ8&,þõO]Þ w¦j‹ ü¬‹ÄD–E²’[ôV?¡£ ôçRÈ°-õ¬íò 2 °Ö7 ƒïX@ï­éeY^?¢å$ Gn¼/¬4u3?rÕë »ÝS£=ÈèEìfÆQÇ´õ´$%#\ÀÕa Ž|C×7ë*YHtlHt¼ÊŽûƳøö×ÚÖ³(e«¦ý¯$¸ øØÝUuBו 52¤šuˆ)?3òu¤tŸSÂϜ^¡t‚ž˜çc;ÜËë»Ip0k1=Ø»~…¡«#µêG㥱(S¦q-¿x‚NógγKVEuŸaÎQ&€Óö#¤’522ûÜSO«wĒó)Ï?ÆÂ~å†ó-sG “Ë®,žM×+µ¦¥<³‹{-Ôï‚ÚO¿s'½¼ßûfI§HyÒ'òåS|L°£ŽWC‹Ãå×ÐlïèÙÅÑ@-[ùý ®•ú/ߋ=U(pÅG8TÔk€™¨Ì¢ÞW#ðlØjúPŽEæ؉VÇùÍ cöñÑýÌâTI–!Tm+IÅFqí襢¨\‹î²jؗ—êÀ1“ª±Güï^í¼ôÊ¿Íÿ_²• —-œ¾cy1è¤Áº>ÁåÛ½¿½Ceþ‹²ªôñ*و&ªßñÅiÅ3hu˜Á(ºI?Jßmˆæ ùSuæ¢ <3?MëB¢Ä06머2}ÊuËç²ý6iœ'HÄÊ}}còÆL2&êF=oÎÌÀðó@%%™p Z¦µ¸{5ApG2,½ /P3p˜“X°Àg9Ñ,öŽÚ‚­CÌI@lžBa¸Mh¡è¥»â0AÛBeŠú¢¡Óâ9b&fXÂn¯ZHÖ„‹ÒÙcœ:®L½¦?tóЛ]7bŝƒóêÞË\†ð†?&íò†2¢¹FŸŽWÀªw/ÈÖÆÞÕ¿LC7¤Ò·ˆX$âw«Ÿlhé÷Z'”ˆz ¢sš"O DoӘðgzÔcª¸ŒÑ4ŒoŒãQ0¹’’AŽ{ƒ?¥;„¤¦Ø±ÈïsÃïPÀ_%˜ /©Wy’x͒¹<;g+‚ê°ŸÄÊL!©‰#©I÷ïád´Âi€11§\{M¤€ un¤l2ƒËµ Ç2|LxÅŠTé‡xW›8´£7cÕH”jëphƒ Åþ¤öøË×ó¯çPàÙät)¿n{Ža|ý‡^°3‚œ"™ØáÑf™vö¯5»Ÿ¹F Ž³N»¦O`Öï]š]ˆœ—Äc¥y%ùÌ {±€½îå‘6óŽZ…©Z~äm¥-4*>ˆ¨)òµ¥M:ã¬øµSÛ,ò•2lzš›è ÜD(â°ü2ç_ÅßϞ™øðò* a;¤§m «LjÄôsã nXk¥Û$µN6Ã¥-xÊö°u7ËqqNÎq•ÜïdɪaíóE5E(¿·StÜÌ¡qÿ+„&uç # Mk€ñÏO>ÿÿoè °ŠÚ®>$¥«­úUÖÑ6÷}b\8ÆË9îê$Öë[ù71 ½’O[YØôiö峩=쯥×’ÕĖa’1k’³õ´.°a‰–•Yç3’ŵ
regkey_r:
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\389531D4-37D7-2ACB-81EC-5BFE45E0BF12\(Default)
success 0 0
File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.Agent.ENTM
FireEye Generic.mg.daf79d766d7f6dbd
Qihoo-360 Trojan.Generic
McAfee GenericRXAA-AA!DAF79D766D7F
Cylance Unsafe
Sangfor Malware
K7AntiVirus Spyware ( 00547b2b1 )
Alibaba Backdoor:Win32/Ursnif.318f018a
K7GW Spyware ( 00547b2b1 )
CrowdStrike win/malicious_confidence_60% (W)
Arcabit Trojan.Agent.ENTM
Cyren W32/S-9d1b6cdb!Eldorado
Symantec ML.Attribute.HighConfidence
TrendMicro-HouseCall TROJ_GEN.R03BC0DKE20
Avast Win32:TrojanX-gen [Trj]
Kaspersky Backdoor.Win32.Androm.txif
BitDefender Trojan.Agent.ENTM
NANO-Antivirus Trojan.Win32.Androm.hhgajk
Paloalto generic.ml
AegisLab Trojan.Win32.Androm.m!c
Rising Trojan.Generic@ML.96 (RDMK:Ok2aMAfXk09OcW+0bYTz6w)
Ad-Aware Trojan.Agent.ENTM
Emsisoft Trojan.Agent.ENTM (B)
Comodo TrojWare.Win32.Spy.Agent.CT@8q4g6h
F-Secure Heuristic.HEUR/AGEN.1133167
DrWeb Trojan.Siggen9.26698
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R03BC0DKE20
McAfee-GW-Edition BehavesLike.Win32.Dropper.vh
SentinelOne Static AI - Suspicious PE
Sophos Mal/Generic-S
APEX Malicious
Jiangmin Backdoor.Androm.aulx
Avira HEUR/AGEN.1133167
Microsoft Trojan:Win32/Ursnif.DHE!MTB
ZoneAlarm Backdoor.Win32.Androm.txif
GData Trojan.Agent.ENTM
Cynet Malicious (score: 85)
AhnLab-V3 Trojan/Win32.Ursnif.R330356
VBA32 Backdoor.Androm
ALYac Spyware.Ursnif
TACHYON Backdoor/W32.Androm.2555904
Malwarebytes Trojan.Ursnif
ESET-NOD32 Win32/Spy.Ursnif.CH
Tencent Malware.Win32.Gencirc.10b9d46e
Yandex Trojan.GenAsa!L4pm5omXqoM
MAX malware (ai score=80)
Fortinet W32/Ursnif.CH!tr
AVG Win32:TrojanX-gen [Trj]
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2007-03-25 19:04:54

Imports

Library GDI32.dll:
0x401050 CreateDCW
0x401054 DPtoLP
0x401058 SetMapMode
0x40105c GetObjectW
0x401060 DeleteDC
0x401064 EnumFontFamiliesExW
0x401068 CopyMetaFileW
0x40106c StretchDIBits
0x401070 PlayEnhMetaFile
0x401074 GdiComment
0x401078 WidenPath
0x40107c StrokePath
0x401080 StrokeAndFillPath
0x401084 SetMiterLimit
0x401088 GetPath
0x40108c GetMiterLimit
0x401090 FlattenPath
0x401094 CreateMetaFileW
0x401098 CloseMetaFile
0x40109c CreateEnhMetaFileW
0x4010a0 CloseEnhMetaFile
0x4010a4 ExtTextOutW
0x4010a8 GetDCOrgEx
0x4010ac GetClipBox
0x4010b0 SetTextColor
0x4010b4 SetBkColor
0x4010b8 CreateBitmap
0x4010bc SaveDC
0x4010c0 RestoreDC
0x4010c4 SelectObject
0x4010c8 GetStockObject
0x4010cc SelectPalette
0x4010d0 SetBkMode
0x4010d4 SetPolyFillMode
0x4010d8 SetROP2
0x4010dc SetStretchBltMode
0x4010e0 SetGraphicsMode
0x4010e4 SetWorldTransform
0x4010ec SetViewportOrgEx
0x4010f0 OffsetViewportOrgEx
0x4010f4 SetViewportExtEx
0x4010f8 ScaleViewportExtEx
0x4010fc SetWindowOrgEx
0x401100 OffsetWindowOrgEx
0x401104 SetWindowExtEx
0x401108 ScaleWindowExtEx
0x40110c SelectClipRgn
0x401110 ExcludeClipRect
0x401114 IntersectClipRect
0x401118 OffsetClipRgn
0x40111c MoveToEx
0x401120 LineTo
0x401124 SetTextAlign
0x401130 SetMapperFlags
0x401138 ArcTo
0x40113c SetArcDirection
0x401140 PolyDraw
0x401144 PolylineTo
0x401148 SetColorAdjustment
0x40114c PolyBezierTo
0x401150 DeleteObject
0x401154 GetClipRgn
0x401158 CreateRectRgn
0x40115c SelectClipPath
0x401160 ExtSelectClipRgn
0x401164 PlayMetaFileRecord
0x401168 GetObjectType
0x40116c EnumMetaFile
0x401170 PlayMetaFile
0x401174 GetDeviceCaps
0x401178 ExtCreatePen
0x40117c CreateSolidBrush
0x401180 CreateHatchBrush
0x401184 CreatePatternBrush
0x40118c UnrealizeObject
0x401190 CreatePenIndirect
0x401194 CreateBrushIndirect
0x401198 CreateFontIndirectW
0x40119c CreateFontW
0x4011a4 SetBitmapBits
0x4011a8 GetBitmapBits
0x4011bc CreatePalette
0x4011c4 GetPaletteEntries
0x4011c8 SetPaletteEntries
0x4011cc AnimatePalette
0x4011d4 ResizePalette
0x4011dc CreateEllipticRgn
0x4011e4 CreatePolygonRgn
0x4011ec CreateRoundRectRgn
0x4011f0 PathToRegion
0x4011f4 ExtCreateRegion
0x4011f8 GetRegionData
0x4011fc SetRectRgn
0x401200 CombineRgn
0x401204 EqualRgn
0x401208 OffsetRgn
0x40120c GetRgnBox
0x401210 PtInRegion
0x401214 RectInRegion
0x401218 CreateICW
0x40121c CreateCompatibleDC
0x401220 GetBrushOrgEx
0x401224 SetBrushOrgEx
0x401228 EnumObjects
0x40122c GetNearestColor
0x401230 RealizePalette
0x401234 UpdateColors
0x401238 GetBkColor
0x40123c GetBkMode
0x401240 GetPolyFillMode
0x401244 GetROP2
0x401248 GetStretchBltMode
0x40124c GetTextColor
0x401250 GetMapMode
0x401254 GetGraphicsMode
0x401258 GetWorldTransform
0x40125c GetViewportOrgEx
0x401260 GetViewportExtEx
0x401264 GetWindowOrgEx
0x401268 GetWindowExtEx
0x40126c LPtoDP
0x401270 FillRgn
0x401274 FrameRgn
0x401278 InvertRgn
0x40127c PaintRgn
0x401280 PtVisible
0x401284 RectVisible
0x401288 Arc
0x40128c Polyline
0x401290 Chord
0x401294 Ellipse
0x401298 Pie
0x40129c Polygon
0x4012a0 PolyPolygon
0x4012a4 Rectangle
0x4012a8 RoundRect
0x4012ac PatBlt
0x4012b0 BitBlt
0x4012b4 StretchBlt
0x4012b8 GetPixel
0x4012bc SetPixel
0x4012c0 FloodFill
0x4012c4 ExtFloodFill
0x4012c8 TextOutW
0x4012d0 GetTextAlign
0x4012d4 GetTextFaceW
0x4012d8 GetTextMetricsW
0x4012e0 GetCharWidthW
0x4012e4 GetFontLanguageInfo
0x4012f0 Escape
0x4012f4 SetBoundsRect
0x4012f8 GetBoundsRect
0x4012fc ResetDCW
0x401304 GetCharABCWidthsW
0x401308 GetFontData
0x40130c GetKerningPairsW
0x401310 GetGlyphOutlineW
0x401314 StartDocW
0x401318 StartPage
0x40131c EndPage
0x401320 SetAbortProc
0x401324 AbortDoc
0x401328 EndDoc
0x40132c MaskBlt
0x401330 PlgBlt
0x401334 SetPixelV
0x401338 AngleArc
0x40133c GetArcDirection
0x401340 PolyPolyline
0x401344 GetColorAdjustment
0x401348 GetCurrentObject
0x40134c PolyBezier
0x401350 DrawEscape
0x401354 ExtEscape
0x40135c GetCharWidthFloatW
0x401360 AbortPath
0x401364 BeginPath
0x401368 CloseFigure
0x40136c EndPath
0x401370 FillPath
0x401374 CreatePen
Library USER32.dll:
0x40171c UnregisterClassA
0x401724 PeekMessageA
0x401728 IsWindowUnicode
0x40172c DrawTextExW
0x401730 DrawTextW
0x401734 GetMessageA
0x401738 DispatchMessageA
0x40173c SubtractRect
0x401740 UnionRect
0x401744 InflateRect
0x401748 SetRect
0x40174c PtInRect
0x401750 SetClipboardData
0x401754 SendMessageW
0x401758 CheckRadioButton
0x40175c GetActiveWindow
0x401760 SendDlgItemMessageW
0x401764 AppendMenuW
0x401768 IsDialogMessageW
0x40176c SetForegroundWindow
0x401770 PostMessageW
0x401774 FillRect
0x401778 TrackPopupMenu
0x40177c DestroyWindow
0x401780 IsRectEmpty
0x401784 DestroyIcon
0x401788 PostQuitMessage
0x40178c PeekMessageW
0x401790 MapDialogRect
0x401794 IsWindow
0x401798 TabbedTextOutW
0x4017a0 EnableWindow
0x4017a4 IsWindowEnabled
0x4017a8 GetLastActivePopup
0x4017ac CharUpperW
0x4017b0 MapVirtualKeyW
0x4017b4 GetKeyNameTextW
0x4017c4 GetDialogBaseUnits
0x4017c8 TranslateMessage
0x4017cc UnregisterClassW
0x4017d0 UnpackDDElParam
0x4017d4 ReuseDDElParam
0x4017d8 DestroyMenu
0x4017e0 LoadAcceleratorsW
0x4017e4 GetMessageW
0x4017e8 ReleaseCapture
0x4017ec SetCursor
0x4017f0 SetRectEmpty
0x4017f4 GetCursorPos
0x4017f8 CheckMenuRadioItem
0x401804 LoadMenuIndirectW
0x401808 LoadMenuW
0x40180c RemoveMenu
0x401810 ModifyMenuW
0x401814 InsertMenuItemW
0x401818 InsertMenuW
0x40181c GetSubMenu
0x401820 SetMenuItemInfoW
0x401824 GetMenuItemInfoW
0x401828 GetMenuStringW
0x40182c GetMenuState
0x401830 GetMenuItemID
0x401834 GetMenuItemCount
0x401838 GetMenuDefaultItem
0x40183c SetMenuDefaultItem
0x401840 EnableMenuItem
0x401844 CheckMenuItem
0x401848 DeleteMenu
0x40184c IsMenu
0x401850 CreatePopupMenu
0x401854 CreateMenu
0x401858 ScrollDC
0x40185c GrayStringW
0x401860 DrawFrameControl
0x401868 DrawFocusRect
0x40186c DrawEdge
0x401870 DrawStateW
0x401874 DrawIcon
0x401878 InvertRect
0x40187c FrameRect
0x401880 ExcludeUpdateRgn
0x401884 WindowFromDC
0x401888 GetSysColorBrush
0x40188c GetAsyncKeyState
0x401890 ShowWindow
0x401894 MoveWindow
0x401898 SetWindowTextW
0x40189c ScrollWindowEx
0x4018a0 IsDlgButtonChecked
0x4018a4 SetDlgItemTextW
0x4018a8 SetDlgItemInt
0x4018ac GetDlgItemTextW
0x4018b0 GetDlgItemInt
0x4018b4 CheckDlgButton
0x4018b8 OpenIcon
0x4018bc CloseWindow
0x4018c0 LoadCursorW
0x4018c4 PostThreadMessageW
0x4018d0 SendNotifyMessageW
0x4018d4 GetForegroundWindow
0x4018d8 ShowCaret
0x4018dc HideCaret
0x4018e0 SetCaretPos
0x4018e4 GetCaretPos
0x4018e8 CreateCaret
0x4018ec GetClipboardViewer
0x4018f4 OpenClipboard
0x4018f8 SetClipboardViewer
0x401900 FlashWindow
0x401904 WindowFromPoint
0x401908 SetParent
0x40190c FindWindowExW
0x401910 FindWindowW
0x40191c ShowScrollBar
0x401920 GetNextDlgTabItem
0x401924 GetNextDlgGroupItem
0x40192c DlgDirSelectExW
0x401930 DlgDirListComboBoxW
0x401934 DlgDirListW
0x401938 SetCapture
0x40193c KillTimer
0x401940 SetTimer
0x401944 DrawCaption
0x401948 DrawAnimatedRects
0x40194c EnableScrollBar
0x401950 RedrawWindow
0x401954 LockWindowUpdate
0x401958 GetDCEx
0x40195c ShowOwnedPopups
0x401960 IsWindowVisible
0x401964 ValidateRgn
0x401968 ValidateRect
0x40196c InvalidateRgn
0x401970 InvalidateRect
0x401974 GetUpdateRgn
0x401978 GetUpdateRect
0x40197c UpdateWindow
0x401980 ReleaseDC
0x401984 GetWindowDC
0x401988 GetDC
0x40198c EndPaint
0x401990 BeginPaint
0x401994 ClientToScreen
0x401998 BringWindowToTop
0x40199c GetWindowRgn
0x4019a0 SetWindowRgn
0x4019a8 IsZoomed
0x4019ac HiliteMenuItem
0x4019b0 GetSystemMenu
0x4019b4 DrawMenuBar
0x4019b8 SetMenu
0x4019bc GetMenu
0x4019c0 DragDetect
0x4019c8 LoadBitmapW
0x4019cc SetMenuItemBitmaps
0x4019d4 CreateWindowExW
0x4019d8 GetClassInfoExW
0x4019dc GetClassInfoW
0x4019e0 RegisterClassW
0x4019e4 LoadIconW
0x4019e8 SendDlgItemMessageA
0x4019ec GetClientRect
0x4019f0 MapWindowPoints
0x4019f4 GetSysColor
0x4019f8 DispatchMessageW
0x4019fc GetFocus
0x401a00 SetFocus
0x401a04 AdjustWindowRectEx
0x401a08 ScreenToClient
0x401a0c EqualRect
0x401a10 DeferWindowPos
0x401a14 BeginDeferWindowPos
0x401a18 CopyRect
0x401a1c EndDeferWindowPos
0x401a20 ScrollWindow
0x401a24 GetScrollInfo
0x401a28 SetScrollInfo
0x401a2c GetScrollRange
0x401a30 SetScrollRange
0x401a34 GetScrollPos
0x401a38 SetScrollPos
0x401a3c GetTopWindow
0x401a40 IsChild
0x401a44 GetWindow
0x401a48 GetCapture
0x401a4c WinHelpW
0x401a50 TrackPopupMenuEx
0x401a54 SetWindowPlacement
0x401a5c GetWindowTextW
0x401a60 GetKeyState
0x401a64 GetDlgCtrlID
0x401a68 SetWindowsHookExW
0x401a6c CallNextHookEx
0x401a70 GetClassLongW
0x401a74 GetClassNameW
0x401a78 SetPropW
0x401a7c GetPropW
0x401a80 CallWindowProcW
0x401a84 RemovePropW
0x401a88 DefWindowProcW
0x401a8c GetMessageTime
0x401a90 GetMessagePos
0x401a94 SetWindowLongW
0x401a98 SetWindowPos
0x401a9c OffsetRect
0x401aa0 IntersectRect
0x401aa8 IsIconic
0x401aac GetWindowPlacement
0x401ab0 GetWindowRect
0x401ab4 EndDialog
0x401ab8 GetDesktopWindow
0x401abc SetActiveWindow
0x401ac0 GetSystemMetrics
0x401ac8 GetDlgItem
0x401acc UnhookWindowsHookEx
0x401ad0 MessageBoxW
0x401ad4 GetWindowLongW
0x401ad8 GetParent
0x401adc GetClipboardOwner
Library ole32.dll:
0x401ae4 CoRevokeClassObject
0x401af0 CoMarshalInterface
0x401af8 OleRun
0x401afc CLSIDFromProgID
0x401b00 CLSIDFromString
0x401b04 StringFromGUID2
0x401b08 CoCreateInstance
0x401b0c OleUninitialize
0x401b10 OleInitialize
0x401b18 CoDisconnectObject
0x401b1c ReleaseStgMedium
0x401b20 CoTaskMemAlloc
0x401b24 CoTreatAsClass
0x401b28 StringFromCLSID
0x401b2c ReadClassStg
0x401b30 ReadFmtUserTypeStg
0x401b34 OleRegGetUserType
0x401b38 WriteClassStg
0x401b3c WriteFmtUserTypeStg
0x401b40 SetConvertStg
0x401b44 CoTaskMemFree
0x401b48 CreateBindCtx
0x401b4c OleDuplicateData
Library OLEAUT32.dll:
0x401640 SysFreeString
0x401648 VarDateFromUdate
0x40164c VarUdateFromDate
0x401658 LoadTypeLib
0x40165c SysAllocString
0x401660 VarBstrFromDate
0x401664 VarDateFromStr
0x401668 VarDecFromStr
0x40166c VarBstrFromDec
0x401678 SafeArrayDestroy
0x40167c SafeArrayUnlock
0x401680 SafeArrayLock
0x401684 SafeArrayPutElement
0x401688 SafeArrayPtrOfIndex
0x40168c SafeArrayGetElement
0x401694 SafeArrayAllocData
0x401698 SafeArrayCopy
0x40169c VarBstrFromCy
0x4016a0 VarCyFromStr
0x4016a4 SysReAllocStringLen
0x4016a8 VariantCopy
0x4016ac SafeArrayCreate
0x4016b0 SafeArrayRedim
0x4016b4 SafeArrayGetLBound
0x4016b8 SafeArrayGetUBound
0x4016bc SafeArrayAccessData
0x4016c8 SafeArrayGetDim
0x4016cc SysStringByteLen
0x4016d4 SysStringLen
0x4016d8 SysAllocStringLen
0x4016dc VariantInit
0x4016e0 VariantChangeType
0x4016e4 VariantClear
Library KERNEL32.dll:
0x40137c VirtualProtect
0x401380 CreatePipe
0x401384 GlobalFree
0x401388 Sleep
0x40138c GetSystemDirectoryW
0x401390 GlobalAlloc
0x401394 GetTickCount
0x401398 GlobalLock
0x4013a0 FreeLibrary
0x4013a4 GetStringTypeA
0x4013a8 LCMapStringW
0x4013ac LCMapStringA
0x4013b0 GetConsoleMode
0x4013b4 GetConsoleCP
0x4013d0 GetCPInfo
0x4013d4 GetOEMCP
0x4013d8 GetACP
0x4013dc VirtualFree
0x4013e0 HeapCreate
0x4013e4 HeapDestroy
0x4013e8 HeapReAlloc
0x4013ec FatalAppExitA
0x4013f0 SetHandleCount
0x4013f4 IsDebuggerPresent
0x4013fc TerminateProcess
0x401400 VirtualQuery
0x401404 GetSystemInfo
0x401408 VirtualAlloc
0x40140c OutputDebugStringW
0x401410 GetFileType
0x401414 WriteConsoleW
0x401418 OutputDebugStringA
0x40141c GetStdHandle
0x401420 DebugBreak
0x401424 ExitProcess
0x401428 ExitThread
0x40142c CreateThread
0x401430 GetModuleFileNameA
0x401434 RtlUnwind
0x401438 RaiseException
0x40143c GetStartupInfoA
0x401440 GetProcessHeap
0x401444 HeapAlloc
0x401448 HeapFree
0x40144c GetCommandLineA
0x401450 IsBadReadPtr
0x401454 HeapValidate
0x401458 SetFileAttributesW
0x401460 GetDiskFreeSpaceW
0x401464 GetTempFileNameW
0x401468 GetFileTime
0x40146c SetFileTime
0x401470 GetFileAttributesW
0x401474 GetShortPathNameW
0x401478 lstrcmpiW
0x40147c GetStringTypeExW
0x401480 GetFullPathNameW
0x401488 FindFirstFileW
0x40148c FindClose
0x401490 DeleteFileW
0x401494 MoveFileW
0x401498 GetFileSize
0x40149c SetEndOfFile
0x4014a0 UnlockFile
0x4014a4 LockFile
0x4014a8 FlushFileBuffers
0x4014ac SetFilePointer
0x4014b0 WriteFile
0x4014b4 ReadFile
0x4014b8 CreateFileW
0x4014bc GetCurrentProcess
0x4014c0 DuplicateHandle
0x4014d8 GetThreadLocale
0x4014e4 FindResourceExW
0x4014ec CompareStringA
0x4014f0 InterlockedExchange
0x4014f4 GetCurrentThread
0x4014f8 GetLocaleInfoW
0x401504 GlobalFlags
0x401508 CreateEventW
0x40150c SetEvent
0x401510 WaitForSingleObject
0x401514 CloseHandle
0x401518 CopyFileW
0x40151c GlobalSize
0x401520 FormatMessageW
0x401524 GetProfileIntW
0x401528 MulDiv
0x40152c GetModuleHandleA
0x401530 GetVersion
0x401534 GetVersionExW
0x401538 SuspendThread
0x40153c ResumeThread
0x401540 GetThreadPriority
0x401544 SetThreadPriority
0x401548 CompareStringW
0x40154c LoadLibraryA
0x401550 LoadLibraryW
0x401554 lstrcmpW
0x401558 GetCurrentThreadId
0x40155c GlobalAddAtomW
0x401560 GlobalFindAtomW
0x401564 GlobalDeleteAtom
0x401568 GetVersionExA
0x40156c FreeResource
0x401570 lstrlenA
0x401574 lstrcmpA
0x401578 MultiByteToWideChar
0x40157c SetErrorMode
0x401580 TlsGetValue
0x401584 LocalReAlloc
0x401588 TlsSetValue
0x401590 GlobalReAlloc
0x401598 TlsFree
0x40159c GlobalHandle
0x4015a0 GlobalUnlock
0x4015a8 TlsAlloc
0x4015b0 LocalAlloc
0x4015b4 OpenFileMappingA
0x4015b8 LocalFree
0x4015bc GetAtomNameW
0x4015c0 GlobalGetAtomNameW
0x4015c4 lstrlenW
0x4015c8 WideCharToMultiByte
0x4015d0 GetModuleHandleW
0x4015d4 GetProcAddress
0x4015d8 GetCurrentProcessId
0x4015dc GetModuleFileNameW
0x4015e0 LoadResource
0x4015e4 LockResource
0x4015e8 SizeofResource
0x4015ec FindResourceW
0x4015f0 GetLastError
0x4015f4 SetLastError
0x4015f8 GetStringTypeW
0x4015fc GetLocaleInfoA
0x401600 CreateFileA
0x401604 SetStdHandle
0x40160c WriteConsoleA
0x401610 GetConsoleOutputCP
0x401618 OpenEventA
0x401620 UnmapViewOfFile
0x401624 MapViewOfFile
0x401628 CreateFileMappingA
Library OLEACC.dll:
0x401630 LresultFromObject
Library COMDLG32.dll:
0x401048 GetFileTitleW
Library SHELL32.dll:
0x4016ec DragAcceptFiles
0x4016f0 ExtractIconW
0x4016f4 SHGetFileInfoW
0x4016f8 DragQueryFileW
0x4016fc DragFinish
Library SHLWAPI.dll:
0x401704 PathFindExtensionW
0x401708 PathStripToRootW
0x40170c PathFindFileNameW
0x401714 PathIsUNCW
Library ADVAPI32.dll:
0x401000 RegQueryValueW
0x401004 OpenThreadToken
0x401008 RevertToSelf
0x40100c SetThreadToken
0x401010 GetFileSecurityW
0x401014 SetFileSecurityW
0x401018 RegCreateKeyW
0x40101c RegDeleteValueW
0x401020 RegCloseKey
0x401024 RegSetValueW
0x401028 RegOpenKeyW
0x40102c RegQueryValueExW
0x401030 RegOpenKeyExW
0x401034 RegEnumKeyW
0x401038 RegDeleteKeyW
0x40103c RegCreateKeyExW
0x401040 RegSetValueExW

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.