11.4
0-day
60 个模型检测该样本为恶意!
重新分析
更多

70f2fbf38d7c90a52b63aabeb68c5c9be14c2cda24389d3639c0dd1c7c0c2d5c

e42269b0758064e66bb79f6642103fb3.exe

分析耗时

82s

最近分析

文件大小

832.5KB
静态报毒 动态报毒 0GW@A826PSOI AHNU AI SCORE=87 AIDETECTVM ALI2000015 ANDROM APIS CLOUD CONFIDENCE DADVW DELF DELFINJECT DELPHILESS EMOY EMTN FAREIT HIGH CONFIDENCE HPBUJZ LOKI LOKIBOT MALWARE1 MALWARE@#311K4ZM4OB1TM PUTTY PWSX QVM05 SCORE SMAD1 SUSPICIOUS PE TROJAN3 TSCOPE UNSAFE X2091 ZELPHIF ZNOJ 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FVZ!E42269B07580 20200806 6.0.6.653
Alibaba Trojan:Win32/DelfInject.ali2000015 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:PWSX-gen [Trj] 20200806 18.4.3895.0
Kingsoft 20200806 2013.8.14.323
Tencent Win32.Backdoor.Androm.Ahnu 20200806 1.0.0.1
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
Queries for the computername (3 个事件)
Time & API Arguments Status Return Repeated
1619960479.280374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619960524.045374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619960524.077374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Tries to locate where the browsers are installed (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619960474.233374
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (26 个事件)
Time & API Arguments Status Return Repeated
1619960501.624374
__exception__
stacktrace: 
RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x77d5e0d2
ExpandEnvironmentStringsA+0x185 InitializeCriticalSectionAndSpinCount-0x88 kernelbase+0xffc7 @ 0x778effc7
CryptAcquireContextA+0x3ab CryptGenKey-0x32d cryptsp+0x464e @ 0x7506464e
New_advapi32_CryptAcquireContextA@20+0x4f New_advapi32_CryptAcquireContextW@20-0xcf @ 0x74550f45
CryptAcquireContextW+0x97 CryptSetProviderA-0x54 cryptsp+0x647f @ 0x7506647f
New_advapi32_CryptAcquireContextW@20+0x9f New_advapi32_CryptCreateHash@20-0x7f @ 0x745510b3
e42269b0758064e66bb79f6642103fb3+0x3998 @ 0x403998
e42269b0758064e66bb79f6642103fb3+0x13c27 @ 0x413c27
e42269b0758064e66bb79f6642103fb3+0x1428b @ 0x41428b
e42269b0758064e66bb79f6642103fb3+0x14575 @ 0x414575
e42269b0758064e66bb79f6642103fb3+0x137d7 @ 0x4137d7
e42269b0758064e66bb79f6642103fb3+0x139b7 @ 0x4139b7
e42269b0758064e66bb79f6642103fb3+0x13a2d @ 0x413a2d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1635796
registers.edi: 23
registers.eax: 6816088
registers.ebp: 1635928
registers.edx: 6519760
registers.ebx: 49
registers.esi: 6816096
registers.ecx: 6587136
exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b f8 0b da 89
exception.symbol: RtlInitUnicodeString+0xec RtlMultiByteToUnicodeN-0x251 ntdll+0x2e2f4
exception.instruction: movzx eax, word ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 189172
exception.address: 0x77d5e2f4
success 0 0
1619960501.624374
__exception__
stacktrace: 
RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x77d5e0d2
ExpandEnvironmentStringsA+0x185 InitializeCriticalSectionAndSpinCount-0x88 kernelbase+0xffc7 @ 0x778effc7
CryptAcquireContextA+0x3ab CryptGenKey-0x32d cryptsp+0x464e @ 0x7506464e
New_advapi32_CryptAcquireContextA@20+0x4f New_advapi32_CryptAcquireContextW@20-0xcf @ 0x74550f45
CryptAcquireContextW+0x97 CryptSetProviderA-0x54 cryptsp+0x647f @ 0x7506647f
New_advapi32_CryptAcquireContextW@20+0x9f New_advapi32_CryptCreateHash@20-0x7f @ 0x745510b3
e42269b0758064e66bb79f6642103fb3+0x3998 @ 0x403998
e42269b0758064e66bb79f6642103fb3+0x13c27 @ 0x413c27
e42269b0758064e66bb79f6642103fb3+0x1428b @ 0x41428b
e42269b0758064e66bb79f6642103fb3+0x14575 @ 0x414575
e42269b0758064e66bb79f6642103fb3+0x137d7 @ 0x4137d7
e42269b0758064e66bb79f6642103fb3+0x139b7 @ 0x4139b7
e42269b0758064e66bb79f6642103fb3+0x13a2d @ 0x413a2d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1635796
registers.edi: 49
registers.eax: 6816088
registers.ebp: 1635928
registers.edx: 1632632856
registers.ebx: 23
registers.esi: 6816096
registers.ecx: 6587136
exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b d8 0b fa 89
exception.symbol: LdrUnlockLoaderLock+0x2cc RtlInitUnicodeStringEx-0xe6b ntdll+0x36f08
exception.instruction: movzx eax, word ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 225032
exception.address: 0x77d66f08
success 0 0
1619960501.624374
__exception__
stacktrace: 
RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x77d5e0d2
ExpandEnvironmentStringsA+0xa5 InitializeCriticalSectionAndSpinCount-0x168 kernelbase+0xfee7 @ 0x778efee7
CryptAcquireContextA+0x3cf CryptGenKey-0x309 cryptsp+0x4672 @ 0x75064672
New_advapi32_CryptAcquireContextA@20+0x4f New_advapi32_CryptAcquireContextW@20-0xcf @ 0x74550f45
CryptAcquireContextW+0x97 CryptSetProviderA-0x54 cryptsp+0x647f @ 0x7506647f
New_advapi32_CryptAcquireContextW@20+0x9f New_advapi32_CryptCreateHash@20-0x7f @ 0x745510b3
e42269b0758064e66bb79f6642103fb3+0x3998 @ 0x403998
e42269b0758064e66bb79f6642103fb3+0x13c27 @ 0x413c27
e42269b0758064e66bb79f6642103fb3+0x1428b @ 0x41428b
e42269b0758064e66bb79f6642103fb3+0x14575 @ 0x414575
e42269b0758064e66bb79f6642103fb3+0x137d7 @ 0x4137d7
e42269b0758064e66bb79f6642103fb3+0x139b7 @ 0x4139b7
e42269b0758064e66bb79f6642103fb3+0x13a2d @ 0x413a2d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1635800
registers.edi: 49
registers.eax: 6816088
registers.ebp: 1635932
registers.edx: 1632632856
registers.ebx: 23
registers.esi: 6816096
registers.ecx: 6587136
exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b d8 0b fa 89
exception.symbol: LdrUnlockLoaderLock+0x2cc RtlInitUnicodeStringEx-0xe6b ntdll+0x36f08
exception.instruction: movzx eax, word ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 225032
exception.address: 0x77d66f08
success 0 0
1619960501.624374
__exception__
stacktrace: 
RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x77d5e0d2
RtlDeleteBoundaryDescriptor+0x3f RtlAnsiStringToUnicodeString-0x9 ntdll+0x2e6ac @ 0x77d5e6ac
_wcsnicmp+0x133 RtlInitAnsiStringEx-0x2d ntdll+0x2f76e @ 0x77d5f76e
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
CryptContextAddRef-0x5b cryptsp+0x2e1e @ 0x75062e1e
CryptAcquireContextA+0x3fc CryptGenKey-0x2dc cryptsp+0x469f @ 0x7506469f
New_advapi32_CryptAcquireContextA@20+0x4f New_advapi32_CryptAcquireContextW@20-0xcf @ 0x74550f45
CryptAcquireContextW+0x97 CryptSetProviderA-0x54 cryptsp+0x647f @ 0x7506647f
New_advapi32_CryptAcquireContextW@20+0x9f New_advapi32_CryptCreateHash@20-0x7f @ 0x745510b3
e42269b0758064e66bb79f6642103fb3+0x3998 @ 0x403998
e42269b0758064e66bb79f6642103fb3+0x13c27 @ 0x413c27
e42269b0758064e66bb79f6642103fb3+0x1428b @ 0x41428b
e42269b0758064e66bb79f6642103fb3+0x14575 @ 0x414575
e42269b0758064e66bb79f6642103fb3+0x137d7 @ 0x4137d7
e42269b0758064e66bb79f6642103fb3+0x139b7 @ 0x4139b7
e42269b0758064e66bb79f6642103fb3+0x13a2d @ 0x413a2d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1635724
registers.edi: 49
registers.eax: 6816088
registers.ebp: 1635856
registers.edx: 1632632856
registers.ebx: 23
registers.esi: 6816096
registers.ecx: 6587136
exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b d8 0b fa 89
exception.symbol: LdrUnlockLoaderLock+0x2cc RtlInitUnicodeStringEx-0xe6b ntdll+0x36f08
exception.instruction: movzx eax, word ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 225032
exception.address: 0x77d66f08
success 0 0
1619960501.624374
__exception__
stacktrace: 
RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x77d5e0d2
RtlDeleteBoundaryDescriptor+0x3f RtlAnsiStringToUnicodeString-0x9 ntdll+0x2e6ac @ 0x77d5e6ac
_wcsnicmp+0x133 RtlInitAnsiStringEx-0x2d ntdll+0x2f76e @ 0x77d5f76e
RtlCreateUnicodeStringFromAsciiz+0x29 RtlInitializeConditionVariable-0x31 ntdll+0x38425 @ 0x77d68425
RegOpenKeyExA+0xe8 DisableThreadLibraryCalls-0xce kernel32+0x14817 @ 0x76354817
RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x76354750
New_advapi32_RegOpenKeyExA@20+0x4f New_advapi32_RegOpenKeyExW@20-0x173 @ 0x74553adf
CPAcquireContext+0x7f0 CPReleaseContext-0xb70 rsaenh+0x4ea8 @ 0x75024ea8
CPAcquireContext+0x771 CPReleaseContext-0xbef rsaenh+0x4e29 @ 0x75024e29
CPAcquireContext+0xb1 CPReleaseContext-0x12af rsaenh+0x4769 @ 0x75024769
CPAcquireContext+0x3f CPReleaseContext-0x1321 rsaenh+0x46f7 @ 0x750246f7
CryptAcquireContextA+0x5f4 CryptGenKey-0xe4 cryptsp+0x4897 @ 0x75064897
New_advapi32_CryptAcquireContextA@20+0x4f New_advapi32_CryptAcquireContextW@20-0xcf @ 0x74550f45
CryptAcquireContextW+0x97 CryptSetProviderA-0x54 cryptsp+0x647f @ 0x7506647f
New_advapi32_CryptAcquireContextW@20+0x9f New_advapi32_CryptCreateHash@20-0x7f @ 0x745510b3
e42269b0758064e66bb79f6642103fb3+0x3998 @ 0x403998
e42269b0758064e66bb79f6642103fb3+0x13c27 @ 0x413c27
e42269b0758064e66bb79f6642103fb3+0x1428b @ 0x41428b
e42269b0758064e66bb79f6642103fb3+0x14575 @ 0x414575
e42269b0758064e66bb79f6642103fb3+0x137d7 @ 0x4137d7
e42269b0758064e66bb79f6642103fb3+0x139b7 @ 0x4139b7
e42269b0758064e66bb79f6642103fb3+0x13a2d @ 0x413a2d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1635304
registers.edi: 49
registers.eax: 6816088
registers.ebp: 1635436
registers.edx: 1632632856
registers.ebx: 23
registers.esi: 6816096
registers.ecx: 6587136
exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b d8 0b fa 89
exception.symbol: LdrUnlockLoaderLock+0x2cc RtlInitUnicodeStringEx-0xe6b ntdll+0x36f08
exception.instruction: movzx eax, word ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 225032
exception.address: 0x77d66f08
success 0 0
1619960501.624374
__exception__
stacktrace: 
RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x77d5e0d2
CPGenRandom-0x2ba8 rsaenh+0x187b @ 0x7502187b
CPGetKeyParam+0xbe41 CPDecrypt-0x4b48 rsaenh+0x20ba3 @ 0x75040ba3
CPAcquireContext+0x3f CPReleaseContext-0x1321 rsaenh+0x46f7 @ 0x750246f7
CryptAcquireContextA+0x5f4 CryptGenKey-0xe4 cryptsp+0x4897 @ 0x75064897
New_advapi32_CryptAcquireContextA@20+0x4f New_advapi32_CryptAcquireContextW@20-0xcf @ 0x74550f45
CryptAcquireContextW+0x97 CryptSetProviderA-0x54 cryptsp+0x647f @ 0x7506647f
New_advapi32_CryptAcquireContextW@20+0x9f New_advapi32_CryptCreateHash@20-0x7f @ 0x745510b3
e42269b0758064e66bb79f6642103fb3+0x3998 @ 0x403998
e42269b0758064e66bb79f6642103fb3+0x13c27 @ 0x413c27
e42269b0758064e66bb79f6642103fb3+0x1428b @ 0x41428b
e42269b0758064e66bb79f6642103fb3+0x14575 @ 0x414575
e42269b0758064e66bb79f6642103fb3+0x137d7 @ 0x4137d7
e42269b0758064e66bb79f6642103fb3+0x139b7 @ 0x4139b7
e42269b0758064e66bb79f6642103fb3+0x13a2d @ 0x413a2d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1635732
registers.edi: 49
registers.eax: 6816088
registers.ebp: 1635864
registers.edx: 1632632856
registers.ebx: 23
registers.esi: 6816096
registers.ecx: 6587136
exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b d8 0b fa 89
exception.symbol: LdrUnlockLoaderLock+0x2cc RtlInitUnicodeStringEx-0xe6b ntdll+0x36f08
exception.instruction: movzx eax, word ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 225032
exception.address: 0x77d66f08
success 0 0
1619960501.624374
__exception__
stacktrace: 
RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x77d5e0d2
ExpandEnvironmentStringsA+0x185 InitializeCriticalSectionAndSpinCount-0x88 kernelbase+0xffc7 @ 0x778effc7
CryptAcquireContextA+0x3ab CryptGenKey-0x32d cryptsp+0x464e @ 0x7506464e
New_advapi32_CryptAcquireContextA@20+0x4f New_advapi32_CryptAcquireContextW@20-0xcf @ 0x74550f45
CryptAcquireContextW+0x97 CryptSetProviderA-0x54 cryptsp+0x647f @ 0x7506647f
New_advapi32_CryptAcquireContextW@20+0x9f New_advapi32_CryptCreateHash@20-0x7f @ 0x745510b3
e42269b0758064e66bb79f6642103fb3+0x39ae @ 0x4039ae
e42269b0758064e66bb79f6642103fb3+0x13c27 @ 0x413c27
e42269b0758064e66bb79f6642103fb3+0x1428b @ 0x41428b
e42269b0758064e66bb79f6642103fb3+0x14575 @ 0x414575
e42269b0758064e66bb79f6642103fb3+0x137d7 @ 0x4137d7
e42269b0758064e66bb79f6642103fb3+0x139b7 @ 0x4139b7
e42269b0758064e66bb79f6642103fb3+0x13a2d @ 0x413a2d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1635796
registers.edi: 49
registers.eax: 6816088
registers.ebp: 1635928
registers.edx: 1632632856
registers.ebx: 23
registers.esi: 6816096
registers.ecx: 6587136
exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b d8 0b fa 89
exception.symbol: LdrUnlockLoaderLock+0x2cc RtlInitUnicodeStringEx-0xe6b ntdll+0x36f08
exception.instruction: movzx eax, word ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 225032
exception.address: 0x77d66f08
success 0 0
1619960501.624374
__exception__
stacktrace: 
RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x77d5e0d2
ExpandEnvironmentStringsA+0xa5 InitializeCriticalSectionAndSpinCount-0x168 kernelbase+0xfee7 @ 0x778efee7
CryptAcquireContextA+0x3cf CryptGenKey-0x309 cryptsp+0x4672 @ 0x75064672
New_advapi32_CryptAcquireContextA@20+0x4f New_advapi32_CryptAcquireContextW@20-0xcf @ 0x74550f45
CryptAcquireContextW+0x97 CryptSetProviderA-0x54 cryptsp+0x647f @ 0x7506647f
New_advapi32_CryptAcquireContextW@20+0x9f New_advapi32_CryptCreateHash@20-0x7f @ 0x745510b3
e42269b0758064e66bb79f6642103fb3+0x39ae @ 0x4039ae
e42269b0758064e66bb79f6642103fb3+0x13c27 @ 0x413c27
e42269b0758064e66bb79f6642103fb3+0x1428b @ 0x41428b
e42269b0758064e66bb79f6642103fb3+0x14575 @ 0x414575
e42269b0758064e66bb79f6642103fb3+0x137d7 @ 0x4137d7
e42269b0758064e66bb79f6642103fb3+0x139b7 @ 0x4139b7
e42269b0758064e66bb79f6642103fb3+0x13a2d @ 0x413a2d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1635800
registers.edi: 49
registers.eax: 6816088
registers.ebp: 1635932
registers.edx: 1632632856
registers.ebx: 23
registers.esi: 6816096
registers.ecx: 6587136
exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b d8 0b fa 89
exception.symbol: LdrUnlockLoaderLock+0x2cc RtlInitUnicodeStringEx-0xe6b ntdll+0x36f08
exception.instruction: movzx eax, word ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 225032
exception.address: 0x77d66f08
success 0 0
1619960501.624374
__exception__
stacktrace: 
RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x77d5e0d2
RtlDeleteBoundaryDescriptor+0x3f RtlAnsiStringToUnicodeString-0x9 ntdll+0x2e6ac @ 0x77d5e6ac
_wcsnicmp+0x133 RtlInitAnsiStringEx-0x2d ntdll+0x2f76e @ 0x77d5f76e
IsNLSDefinedString+0xd66 CreateThreadpool-0x4be kernelbase+0x3676a @ 0x7791676a
GetModuleHandleA+0x27 GetVersionExA-0x25 kernelbase+0x11f1c @ 0x778f1f1c
CryptContextAddRef-0x5b cryptsp+0x2e1e @ 0x75062e1e
CryptAcquireContextA+0x3fc CryptGenKey-0x2dc cryptsp+0x469f @ 0x7506469f
New_advapi32_CryptAcquireContextA@20+0x4f New_advapi32_CryptAcquireContextW@20-0xcf @ 0x74550f45
CryptAcquireContextW+0x97 CryptSetProviderA-0x54 cryptsp+0x647f @ 0x7506647f
New_advapi32_CryptAcquireContextW@20+0x9f New_advapi32_CryptCreateHash@20-0x7f @ 0x745510b3
e42269b0758064e66bb79f6642103fb3+0x39ae @ 0x4039ae
e42269b0758064e66bb79f6642103fb3+0x13c27 @ 0x413c27
e42269b0758064e66bb79f6642103fb3+0x1428b @ 0x41428b
e42269b0758064e66bb79f6642103fb3+0x14575 @ 0x414575
e42269b0758064e66bb79f6642103fb3+0x137d7 @ 0x4137d7
e42269b0758064e66bb79f6642103fb3+0x139b7 @ 0x4139b7
e42269b0758064e66bb79f6642103fb3+0x13a2d @ 0x413a2d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1635724
registers.edi: 49
registers.eax: 6816088
registers.ebp: 1635856
registers.edx: 1632632856
registers.ebx: 23
registers.esi: 6816096
registers.ecx: 6587136
exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b d8 0b fa 89
exception.symbol: LdrUnlockLoaderLock+0x2cc RtlInitUnicodeStringEx-0xe6b ntdll+0x36f08
exception.instruction: movzx eax, word ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 225032
exception.address: 0x77d66f08
success 0 0
1619960501.624374
__exception__
stacktrace: 
RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x77d5e0d2
RtlDeleteBoundaryDescriptor+0x3f RtlAnsiStringToUnicodeString-0x9 ntdll+0x2e6ac @ 0x77d5e6ac
_wcsnicmp+0x133 RtlInitAnsiStringEx-0x2d ntdll+0x2f76e @ 0x77d5f76e
RtlCreateUnicodeStringFromAsciiz+0x29 RtlInitializeConditionVariable-0x31 ntdll+0x38425 @ 0x77d68425
RegOpenKeyExA+0xe8 DisableThreadLibraryCalls-0xce kernel32+0x14817 @ 0x76354817
RegOpenKeyExA+0x21 DisableThreadLibraryCalls-0x195 kernel32+0x14750 @ 0x76354750
New_advapi32_RegOpenKeyExA@20+0x4f New_advapi32_RegOpenKeyExW@20-0x173 @ 0x74553adf
CPAcquireContext+0x7f0 CPReleaseContext-0xb70 rsaenh+0x4ea8 @ 0x75024ea8
CPAcquireContext+0x771 CPReleaseContext-0xbef rsaenh+0x4e29 @ 0x75024e29
CPAcquireContext+0xb1 CPReleaseContext-0x12af rsaenh+0x4769 @ 0x75024769
CPAcquireContext+0x3f CPReleaseContext-0x1321 rsaenh+0x46f7 @ 0x750246f7
CryptAcquireContextA+0x5f4 CryptGenKey-0xe4 cryptsp+0x4897 @ 0x75064897
New_advapi32_CryptAcquireContextA@20+0x4f New_advapi32_CryptAcquireContextW@20-0xcf @ 0x74550f45
CryptAcquireContextW+0x97 CryptSetProviderA-0x54 cryptsp+0x647f @ 0x7506647f
New_advapi32_CryptAcquireContextW@20+0x9f New_advapi32_CryptCreateHash@20-0x7f @ 0x745510b3
e42269b0758064e66bb79f6642103fb3+0x39ae @ 0x4039ae
e42269b0758064e66bb79f6642103fb3+0x13c27 @ 0x413c27
e42269b0758064e66bb79f6642103fb3+0x1428b @ 0x41428b
e42269b0758064e66bb79f6642103fb3+0x14575 @ 0x414575
e42269b0758064e66bb79f6642103fb3+0x137d7 @ 0x4137d7
e42269b0758064e66bb79f6642103fb3+0x139b7 @ 0x4139b7
e42269b0758064e66bb79f6642103fb3+0x13a2d @ 0x413a2d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1635304
registers.edi: 49
registers.eax: 6816088
registers.ebp: 1635436
registers.edx: 1632632856
registers.ebx: 23
registers.esi: 6816096
registers.ecx: 6587136
exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b d8 0b fa 89
exception.symbol: LdrUnlockLoaderLock+0x2cc RtlInitUnicodeStringEx-0xe6b ntdll+0x36f08
exception.instruction: movzx eax, word ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 225032
exception.address: 0x77d66f08
success 0 0
1619960501.624374
__exception__
stacktrace: 
RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x77d5e0d2
CPGenRandom-0x2ba8 rsaenh+0x187b @ 0x7502187b
CPGetKeyParam+0xbe41 CPDecrypt-0x4b48 rsaenh+0x20ba3 @ 0x75040ba3
CPAcquireContext+0x3f CPReleaseContext-0x1321 rsaenh+0x46f7 @ 0x750246f7
CryptAcquireContextA+0x5f4 CryptGenKey-0xe4 cryptsp+0x4897 @ 0x75064897
New_advapi32_CryptAcquireContextA@20+0x4f New_advapi32_CryptAcquireContextW@20-0xcf @ 0x74550f45
CryptAcquireContextW+0x97 CryptSetProviderA-0x54 cryptsp+0x647f @ 0x7506647f
New_advapi32_CryptAcquireContextW@20+0x9f New_advapi32_CryptCreateHash@20-0x7f @ 0x745510b3
e42269b0758064e66bb79f6642103fb3+0x39ae @ 0x4039ae
e42269b0758064e66bb79f6642103fb3+0x13c27 @ 0x413c27
e42269b0758064e66bb79f6642103fb3+0x1428b @ 0x41428b
e42269b0758064e66bb79f6642103fb3+0x14575 @ 0x414575
e42269b0758064e66bb79f6642103fb3+0x137d7 @ 0x4137d7
e42269b0758064e66bb79f6642103fb3+0x139b7 @ 0x4139b7
e42269b0758064e66bb79f6642103fb3+0x13a2d @ 0x413a2d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1635732
registers.edi: 49
registers.eax: 6816088
registers.ebp: 1635864
registers.edx: 1632632856
registers.ebx: 23
registers.esi: 6816096
registers.ecx: 6587136
exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b d8 0b fa 89
exception.symbol: LdrUnlockLoaderLock+0x2cc RtlInitUnicodeStringEx-0xe6b ntdll+0x36f08
exception.instruction: movzx eax, word ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 225032
exception.address: 0x77d66f08
success 0 0
1619960501.624374
__exception__
stacktrace: 
RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x77d5e0d2
RtlFlsAlloc+0x281 EtwNotificationRegister-0x84e ntdll+0x3ece4 @ 0x77d6ece4
RtlFlsAlloc+0x389 EtwNotificationRegister-0x746 ntdll+0x3edec @ 0x77d6edec
RtlFlsAlloc+0x48a EtwNotificationRegister-0x645 ntdll+0x3eeed @ 0x77d6eeed
RtlRunOnceComplete+0x3a4 LdrLoadDll-0xb1 ntdll+0x3c389 @ 0x77d6c389
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77d6c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7455d4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x778f1d2a
WahOpenApcHelper+0x1702 gethostname-0x4d6 ws2_32+0x9b85 @ 0x77539b85
WahOpenApcHelper+0x1833 gethostname-0x3a5 ws2_32+0x9cb6 @ 0x77539cb6
WahOpenApcHelper+0x18ab gethostname-0x32d ws2_32+0x9d2e @ 0x77539d2e
bind+0x1b8 GetAddrInfoW-0x14f ws2_32+0x473a @ 0x7753473a
WSALookupServiceBeginW+0x15a WSAEventSelect-0xbdb ws2_32+0x58b4 @ 0x775358b4
WSALookupServiceBeginW+0x72 WSAEventSelect-0xcc3 ws2_32+0x57cc @ 0x775357cc
WSALookupServiceNextW+0x46f WSALookupServiceEnd-0x10e ws2_32+0x512b @ 0x7753512b
WSALookupServiceNextW+0x273 WSALookupServiceEnd-0x30a ws2_32+0x4f2f @ 0x77534f2f
WSALookupServiceBeginW+0xb1b WSAEventSelect-0x21a ws2_32+0x6275 @ 0x77536275
GetAddrInfoW+0x210 FreeAddrInfoW-0x82 ws2_32+0x4a99 @ 0x77534a99
New_ws2_32_GetAddrInfoW@16+0x48 New_ws2_32_TransmitFile@28-0x116 @ 0x7456ad73
getaddrinfo+0x6d WSASend-0x103 ws2_32+0x4303 @ 0x77534303
New_ws2_32_getaddrinfo@16+0xf4 New_ws2_32_gethostbyname@4-0x6a @ 0x7456c2ce
e42269b0758064e66bb79f6642103fb3+0x4e55 @ 0x404e55
e42269b0758064e66bb79f6642103fb3+0x14083 @ 0x414083
e42269b0758064e66bb79f6642103fb3+0x142cb @ 0x4142cb
e42269b0758064e66bb79f6642103fb3+0x14575 @ 0x414575
e42269b0758064e66bb79f6642103fb3+0x137d7 @ 0x4137d7
e42269b0758064e66bb79f6642103fb3+0x139b7 @ 0x4139b7
e42269b0758064e66bb79f6642103fb3+0x13a2d @ 0x413a2d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1631172
registers.edi: 49
registers.eax: 6816088
registers.ebp: 1631304
registers.edx: 1632632856
registers.ebx: 23
registers.esi: 6816096
registers.ecx: 6587136
exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b d8 0b fa 89
exception.symbol: LdrUnlockLoaderLock+0x2cc RtlInitUnicodeStringEx-0xe6b ntdll+0x36f08
exception.instruction: movzx eax, word ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 225032
exception.address: 0x77d66f08
success 0 0
1619960501.624374
__exception__
stacktrace: 
RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x77d5e0d2
RtlFlsAlloc+0x281 EtwNotificationRegister-0x84e ntdll+0x3ece4 @ 0x77d6ece4
RtlFlsAlloc+0x688 EtwNotificationRegister-0x447 ntdll+0x3f0eb @ 0x77d6f0eb
RtlFlsAlloc+0x48a EtwNotificationRegister-0x645 ntdll+0x3eeed @ 0x77d6eeed
RtlRunOnceComplete+0x3a4 LdrLoadDll-0xb1 ntdll+0x3c389 @ 0x77d6c389
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77d6c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7455d4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x778f1d2a
LoadLibraryExA+0x26 FreeLibrary-0x18 kernelbase+0x11d7a @ 0x778f1d7a
NSPStartup+0xc9 MigrateWinsockConfiguration-0x3241 mswsock+0x9ae6 @ 0x750c9ae6
WSPStartup+0xf39 NSPStartup-0x49 mswsock+0x99d4 @ 0x750c99d4
WahOpenApcHelper+0x1730 gethostname-0x4a8 ws2_32+0x9bb3 @ 0x77539bb3
WahOpenApcHelper+0x1833 gethostname-0x3a5 ws2_32+0x9cb6 @ 0x77539cb6
WahOpenApcHelper+0x18ab gethostname-0x32d ws2_32+0x9d2e @ 0x77539d2e
bind+0x1b8 GetAddrInfoW-0x14f ws2_32+0x473a @ 0x7753473a
WSALookupServiceBeginW+0x15a WSAEventSelect-0xbdb ws2_32+0x58b4 @ 0x775358b4
WSALookupServiceBeginW+0x72 WSAEventSelect-0xcc3 ws2_32+0x57cc @ 0x775357cc
WSALookupServiceNextW+0x46f WSALookupServiceEnd-0x10e ws2_32+0x512b @ 0x7753512b
WSALookupServiceNextW+0x273 WSALookupServiceEnd-0x30a ws2_32+0x4f2f @ 0x77534f2f
WSALookupServiceBeginW+0xb1b WSAEventSelect-0x21a ws2_32+0x6275 @ 0x77536275
GetAddrInfoW+0x210 FreeAddrInfoW-0x82 ws2_32+0x4a99 @ 0x77534a99
New_ws2_32_GetAddrInfoW@16+0x48 New_ws2_32_TransmitFile@28-0x116 @ 0x7456ad73
getaddrinfo+0x6d WSASend-0x103 ws2_32+0x4303 @ 0x77534303
New_ws2_32_getaddrinfo@16+0xf4 New_ws2_32_gethostbyname@4-0x6a @ 0x7456c2ce
e42269b0758064e66bb79f6642103fb3+0x4e55 @ 0x404e55
e42269b0758064e66bb79f6642103fb3+0x14083 @ 0x414083
e42269b0758064e66bb79f6642103fb3+0x142cb @ 0x4142cb
e42269b0758064e66bb79f6642103fb3+0x14575 @ 0x414575
e42269b0758064e66bb79f6642103fb3+0x137d7 @ 0x4137d7
e42269b0758064e66bb79f6642103fb3+0x139b7 @ 0x4139b7
e42269b0758064e66bb79f6642103fb3+0x13a2d @ 0x413a2d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1631012
registers.edi: 49
registers.eax: 6816088
registers.ebp: 1631144
registers.edx: 1632632856
registers.ebx: 23
registers.esi: 6816096
registers.ecx: 6587136
exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b d8 0b fa 89
exception.symbol: LdrUnlockLoaderLock+0x2cc RtlInitUnicodeStringEx-0xe6b ntdll+0x36f08
exception.instruction: movzx eax, word ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 225032
exception.address: 0x77d66f08
success 0 0
1619960501.655374
__exception__
stacktrace: 
RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x77d5e0d2
ExpandEnvironmentStringsA+0x185 InitializeCriticalSectionAndSpinCount-0x88 kernelbase+0xffc7 @ 0x778effc7
CryptAcquireContextA+0x3ab CryptGenKey-0x32d cryptsp+0x464e @ 0x7506464e
New_advapi32_CryptAcquireContextA@20+0x4f New_advapi32_CryptAcquireContextW@20-0xcf @ 0x74550f45
CryptAcquireContextW+0x97 CryptSetProviderA-0x54 cryptsp+0x647f @ 0x7506647f
New_advapi32_CryptAcquireContextW@20+0x9f New_advapi32_CryptCreateHash@20-0x7f @ 0x745510b3
e42269b0758064e66bb79f6642103fb3+0x3998 @ 0x403998
e42269b0758064e66bb79f6642103fb3+0x13c27 @ 0x413c27
e42269b0758064e66bb79f6642103fb3+0x1428b @ 0x41428b
e42269b0758064e66bb79f6642103fb3+0x14575 @ 0x414575
e42269b0758064e66bb79f6642103fb3+0x137d7 @ 0x4137d7
e42269b0758064e66bb79f6642103fb3+0x139b7 @ 0x4139b7
e42269b0758064e66bb79f6642103fb3+0x13a2d @ 0x413a2d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1635796
registers.edi: 23
registers.eax: 6816088
registers.ebp: 1635928
registers.edx: 6519760
registers.ebx: 50
registers.esi: 6816096
registers.ecx: 6587136
exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b f8 0b da 89
exception.symbol: RtlInitUnicodeString+0xec RtlMultiByteToUnicodeN-0x251 ntdll+0x2e2f4
exception.instruction: movzx eax, word ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 189172
exception.address: 0x77d5e2f4
success 0 0
1619960522.670374
__exception__
stacktrace: 
RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x77d5e0d2
profapi+0x11fb @ 0x757f11fb
profapi+0x12d5 @ 0x757f12d5
profapi+0x13e3 @ 0x757f13e3
profapi+0x159f @ 0x757f159f
profapi+0x154b @ 0x757f154b
GetUserProfileDirectoryW+0x9a RegisterGPNotification-0x59 userenv+0x264c @ 0x7580264c
GetUserProfileDirectoryW+0x3e RegisterGPNotification-0xb5 userenv+0x25f0 @ 0x758025f0
CPGetKeyParam+0xd599 CPDecrypt-0x33f0 rsaenh+0x222fb @ 0x750422fb
DllUnregisterServer+0x873f rsaenh+0x32161 @ 0x75052161
CPDeriveKey+0x6ba DllRegisterServer-0x111f rsaenh+0x288bb @ 0x750488bb
CPGetKeyParam+0xbea6 CPDecrypt-0x4ae3 rsaenh+0x20c08 @ 0x75040c08
CPAcquireContext+0x3f CPReleaseContext-0x1321 rsaenh+0x46f7 @ 0x750246f7
CryptAcquireContextA+0x5f4 CryptGenKey-0xe4 cryptsp+0x4897 @ 0x75064897
New_advapi32_CryptAcquireContextA@20+0x4f New_advapi32_CryptAcquireContextW@20-0xcf @ 0x74550f45
CryptAcquireContextW+0x97 CryptSetProviderA-0x54 cryptsp+0x647f @ 0x7506647f
New_advapi32_CryptAcquireContextW@20+0x9f New_advapi32_CryptCreateHash@20-0x7f @ 0x745510b3
e42269b0758064e66bb79f6642103fb3+0x3998 @ 0x403998
e42269b0758064e66bb79f6642103fb3+0x13c27 @ 0x413c27
e42269b0758064e66bb79f6642103fb3+0x1428b @ 0x41428b
e42269b0758064e66bb79f6642103fb3+0x14575 @ 0x414575
e42269b0758064e66bb79f6642103fb3+0x137d7 @ 0x4137d7
e42269b0758064e66bb79f6642103fb3+0x139b7 @ 0x4139b7
e42269b0758064e66bb79f6642103fb3+0x13a2d @ 0x413a2d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1632496
registers.edi: 23
registers.eax: 6816088
registers.ebp: 1632628
registers.edx: 6519760
registers.ebx: 56
registers.esi: 6816096
registers.ecx: 6587136
exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b f8 0b da 89
exception.symbol: RtlInitUnicodeString+0xec RtlMultiByteToUnicodeN-0x251 ntdll+0x2e2f4
exception.instruction: movzx eax, word ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 189172
exception.address: 0x77d5e2f4
success 0 0
1619960522.670374
__exception__
stacktrace: 
RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x77d5e0d2
profapi+0x11fb @ 0x757f11fb
profapi+0x12d5 @ 0x757f12d5
profapi+0x13e3 @ 0x757f13e3
profapi+0x159f @ 0x757f159f
profapi+0x154b @ 0x757f154b
GetUserProfileDirectoryW+0x9a RegisterGPNotification-0x59 userenv+0x264c @ 0x7580264c
GetUserProfileDirectoryW+0x3e RegisterGPNotification-0xb5 userenv+0x25f0 @ 0x758025f0
CPGetKeyParam+0xd599 CPDecrypt-0x33f0 rsaenh+0x222fb @ 0x750422fb
CPGenKey+0x850a CPEncrypt-0x11b6 rsaenh+0x139ff @ 0x750339ff
CPGenKey+0x835b CPEncrypt-0x1365 rsaenh+0x13850 @ 0x75033850
CPGenKey+0x8178 CPEncrypt-0x1548 rsaenh+0x1366d @ 0x7503366d
CPAcquireContext+0x3f CPReleaseContext-0x1321 rsaenh+0x46f7 @ 0x750246f7
CryptAcquireContextA+0x5f4 CryptGenKey-0xe4 cryptsp+0x4897 @ 0x75064897
New_advapi32_CryptAcquireContextA@20+0x4f New_advapi32_CryptAcquireContextW@20-0xcf @ 0x74550f45
CryptAcquireContextW+0x97 CryptSetProviderA-0x54 cryptsp+0x647f @ 0x7506647f
New_advapi32_CryptAcquireContextW@20+0x9f New_advapi32_CryptCreateHash@20-0x7f @ 0x745510b3
e42269b0758064e66bb79f6642103fb3+0x39ae @ 0x4039ae
e42269b0758064e66bb79f6642103fb3+0x13c27 @ 0x413c27
e42269b0758064e66bb79f6642103fb3+0x1428b @ 0x41428b
e42269b0758064e66bb79f6642103fb3+0x14575 @ 0x414575
e42269b0758064e66bb79f6642103fb3+0x137d7 @ 0x4137d7
e42269b0758064e66bb79f6642103fb3+0x139b7 @ 0x4139b7
e42269b0758064e66bb79f6642103fb3+0x13a2d @ 0x413a2d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1631208
registers.edi: 23
registers.eax: 6816088
registers.ebp: 1631340
registers.edx: 6519760
registers.ebx: 61
registers.esi: 6816096
registers.ecx: 6587136
exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b f8 0b da 89
exception.symbol: RtlInitUnicodeString+0xec RtlMultiByteToUnicodeN-0x251 ntdll+0x2e2f4
exception.instruction: movzx eax, word ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 189172
exception.address: 0x77d5e2f4
success 0 0
1619960524.061374
__exception__
stacktrace: 
RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x77d5e003
ExpandEnvironmentStringsA+0x1f2 InitializeCriticalSectionAndSpinCount-0x1b kernelbase+0x10034 @ 0x778f0034
CryptAcquireContextA+0x3ab CryptGenKey-0x32d cryptsp+0x464e @ 0x7506464e
New_advapi32_CryptAcquireContextA@20+0x4f New_advapi32_CryptAcquireContextW@20-0xcf @ 0x74550f45
CryptAcquireContextW+0x97 CryptSetProviderA-0x54 cryptsp+0x647f @ 0x7506647f
New_advapi32_CryptAcquireContextW@20+0x9f New_advapi32_CryptCreateHash@20-0x7f @ 0x745510b3
e42269b0758064e66bb79f6642103fb3+0x3998 @ 0x403998
e42269b0758064e66bb79f6642103fb3+0x13c27 @ 0x413c27
e42269b0758064e66bb79f6642103fb3+0x1428b @ 0x41428b
e42269b0758064e66bb79f6642103fb3+0x14575 @ 0x414575
e42269b0758064e66bb79f6642103fb3+0x1381d @ 0x41381d
e42269b0758064e66bb79f6642103fb3+0x139b7 @ 0x4139b7
e42269b0758064e66bb79f6642103fb3+0x13a2d @ 0x413a2d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1635972
registers.edi: 6816088
registers.eax: 0
registers.ebp: 1636024
registers.edx: 6816096
registers.ebx: 6816096
registers.esi: 1781423496
registers.ecx: 6488064
exception.instruction_r: 8b 46 04 89 45 f4 c6 47 07 80 c6 47 06 00 8b 5e
exception.symbol: RtlInitUnicodeString+0x196 RtlMultiByteToUnicodeN-0x1a7 ntdll+0x2e39e
exception.instruction: mov eax, dword ptr [esi + 4]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 189342
exception.address: 0x77d5e39e
success 0 0
1619960524.061374
__exception__
stacktrace: 
RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x77d5e003
ExpandEnvironmentStringsA+0x1f2 InitializeCriticalSectionAndSpinCount-0x1b kernelbase+0x10034 @ 0x778f0034
CryptAcquireContextA+0x3ab CryptGenKey-0x32d cryptsp+0x464e @ 0x7506464e
New_advapi32_CryptAcquireContextA@20+0x4f New_advapi32_CryptAcquireContextW@20-0xcf @ 0x74550f45
CryptAcquireContextW+0x97 CryptSetProviderA-0x54 cryptsp+0x647f @ 0x7506647f
New_advapi32_CryptAcquireContextW@20+0x9f New_advapi32_CryptCreateHash@20-0x7f @ 0x745510b3
e42269b0758064e66bb79f6642103fb3+0x39ae @ 0x4039ae
e42269b0758064e66bb79f6642103fb3+0x13c27 @ 0x413c27
e42269b0758064e66bb79f6642103fb3+0x1428b @ 0x41428b
e42269b0758064e66bb79f6642103fb3+0x14575 @ 0x414575
e42269b0758064e66bb79f6642103fb3+0x1381d @ 0x41381d
e42269b0758064e66bb79f6642103fb3+0x139b7 @ 0x4139b7
e42269b0758064e66bb79f6642103fb3+0x13a2d @ 0x413a2d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1635972
registers.edi: 6616792
registers.eax: 6587128
registers.ebp: 1636024
registers.edx: 6616800
registers.ebx: 6616800
registers.esi: 1783316864
registers.ecx: 6488064
exception.instruction_r: 8b 46 04 89 45 f4 c6 47 07 80 c6 47 06 00 8b 5e
exception.symbol: RtlInitUnicodeString+0x196 RtlMultiByteToUnicodeN-0x1a7 ntdll+0x2e39e
exception.instruction: mov eax, dword ptr [esi + 4]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 189342
exception.address: 0x77d5e39e
success 0 0
1619960524.061374
__exception__
stacktrace: 
RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x77d5e003
ExpandEnvironmentStringsA+0x1f2 InitializeCriticalSectionAndSpinCount-0x1b kernelbase+0x10034 @ 0x778f0034
CryptAcquireContextA+0x3ab CryptGenKey-0x32d cryptsp+0x464e @ 0x7506464e
New_advapi32_CryptAcquireContextA@20+0x4f New_advapi32_CryptAcquireContextW@20-0xcf @ 0x74550f45
CryptAcquireContextW+0x97 CryptSetProviderA-0x54 cryptsp+0x647f @ 0x7506647f
New_advapi32_CryptAcquireContextW@20+0x9f New_advapi32_CryptCreateHash@20-0x7f @ 0x745510b3
e42269b0758064e66bb79f6642103fb3+0x3998 @ 0x403998
e42269b0758064e66bb79f6642103fb3+0x13c27 @ 0x413c27
e42269b0758064e66bb79f6642103fb3+0x1428b @ 0x41428b
e42269b0758064e66bb79f6642103fb3+0x14575 @ 0x414575
e42269b0758064e66bb79f6642103fb3+0x1381d @ 0x41381d
e42269b0758064e66bb79f6642103fb3+0x139b7 @ 0x4139b7
e42269b0758064e66bb79f6642103fb3+0x13a2d @ 0x413a2d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1635972
registers.edi: 6616888
registers.eax: 3801155
registers.ebp: 1636024
registers.edx: 6616896
registers.ebx: 6616896
registers.esi: 1779811079
registers.ecx: 6488064
exception.instruction_r: 8b 46 04 89 45 f4 c6 47 07 80 c6 47 06 00 8b 5e
exception.symbol: RtlInitUnicodeString+0x196 RtlMultiByteToUnicodeN-0x1a7 ntdll+0x2e39e
exception.instruction: mov eax, dword ptr [esi + 4]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 189342
exception.address: 0x77d5e39e
success 0 0
1619960524.061374
__exception__
stacktrace: 
RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x77d5e003
ExpandEnvironmentStringsA+0x1f2 InitializeCriticalSectionAndSpinCount-0x1b kernelbase+0x10034 @ 0x778f0034
CryptAcquireContextA+0x3ab CryptGenKey-0x32d cryptsp+0x464e @ 0x7506464e
New_advapi32_CryptAcquireContextA@20+0x4f New_advapi32_CryptAcquireContextW@20-0xcf @ 0x74550f45
CryptAcquireContextW+0x97 CryptSetProviderA-0x54 cryptsp+0x647f @ 0x7506647f
New_advapi32_CryptAcquireContextW@20+0x9f New_advapi32_CryptCreateHash@20-0x7f @ 0x745510b3
e42269b0758064e66bb79f6642103fb3+0x39ae @ 0x4039ae
e42269b0758064e66bb79f6642103fb3+0x13c27 @ 0x413c27
e42269b0758064e66bb79f6642103fb3+0x1428b @ 0x41428b
e42269b0758064e66bb79f6642103fb3+0x14575 @ 0x414575
e42269b0758064e66bb79f6642103fb3+0x1381d @ 0x41381d
e42269b0758064e66bb79f6642103fb3+0x139b7 @ 0x4139b7
e42269b0758064e66bb79f6642103fb3+0x13a2d @ 0x413a2d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1635972
registers.edi: 6617632
registers.eax: 7536761
registers.ebp: 1636024
registers.edx: 6617640
registers.ebx: 6617640
registers.esi: 1784464030
registers.ecx: 6488064
exception.instruction_r: 8b 46 04 89 45 f4 c6 47 07 80 c6 47 06 00 8b 5e
exception.symbol: RtlInitUnicodeString+0x196 RtlMultiByteToUnicodeN-0x1a7 ntdll+0x2e39e
exception.instruction: mov eax, dword ptr [esi + 4]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 189342
exception.address: 0x77d5e39e
success 0 0
1619960524.061374
__exception__
stacktrace: 
RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x77d5e003
ExpandEnvironmentStringsA+0x1f2 InitializeCriticalSectionAndSpinCount-0x1b kernelbase+0x10034 @ 0x778f0034
CryptAcquireContextA+0x3ab CryptGenKey-0x32d cryptsp+0x464e @ 0x7506464e
New_advapi32_CryptAcquireContextA@20+0x4f New_advapi32_CryptAcquireContextW@20-0xcf @ 0x74550f45
CryptAcquireContextW+0x97 CryptSetProviderA-0x54 cryptsp+0x647f @ 0x7506647f
New_advapi32_CryptAcquireContextW@20+0x9f New_advapi32_CryptCreateHash@20-0x7f @ 0x745510b3
e42269b0758064e66bb79f6642103fb3+0x3998 @ 0x403998
e42269b0758064e66bb79f6642103fb3+0x13c27 @ 0x413c27
e42269b0758064e66bb79f6642103fb3+0x1428b @ 0x41428b
e42269b0758064e66bb79f6642103fb3+0x14575 @ 0x414575
e42269b0758064e66bb79f6642103fb3+0x1381d @ 0x41381d
e42269b0758064e66bb79f6642103fb3+0x139b7 @ 0x4139b7
e42269b0758064e66bb79f6642103fb3+0x13a2d @ 0x413a2d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1635972
registers.edi: 6617664
registers.eax: 7536761
registers.ebp: 1636024
registers.edx: 6617672
registers.ebx: 6617672
registers.esi: 1784464018
registers.ecx: 6488064
exception.instruction_r: 8b 46 04 89 45 f4 c6 47 07 80 c6 47 06 00 8b 5e
exception.symbol: RtlInitUnicodeString+0x196 RtlMultiByteToUnicodeN-0x1a7 ntdll+0x2e39e
exception.instruction: mov eax, dword ptr [esi + 4]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 189342
exception.address: 0x77d5e39e
success 0 0
1619960524.061374
__exception__
stacktrace: 
RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x77d5e003
ExpandEnvironmentStringsA+0x1f2 InitializeCriticalSectionAndSpinCount-0x1b kernelbase+0x10034 @ 0x778f0034
CryptAcquireContextA+0x3ab CryptGenKey-0x32d cryptsp+0x464e @ 0x7506464e
New_advapi32_CryptAcquireContextA@20+0x4f New_advapi32_CryptAcquireContextW@20-0xcf @ 0x74550f45
CryptAcquireContextW+0x97 CryptSetProviderA-0x54 cryptsp+0x647f @ 0x7506647f
New_advapi32_CryptAcquireContextW@20+0x9f New_advapi32_CryptCreateHash@20-0x7f @ 0x745510b3
e42269b0758064e66bb79f6642103fb3+0x39ae @ 0x4039ae
e42269b0758064e66bb79f6642103fb3+0x13c27 @ 0x413c27
e42269b0758064e66bb79f6642103fb3+0x1428b @ 0x41428b
e42269b0758064e66bb79f6642103fb3+0x14575 @ 0x414575
e42269b0758064e66bb79f6642103fb3+0x1381d @ 0x41381d
e42269b0758064e66bb79f6642103fb3+0x139b7 @ 0x4139b7
e42269b0758064e66bb79f6642103fb3+0x13a2d @ 0x413a2d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1635972
registers.edi: 6617664
registers.eax: 7536761
registers.ebp: 1636024
registers.edx: 6617672
registers.ebx: 6617672
registers.esi: 1784464018
registers.ecx: 6488064
exception.instruction_r: 8b 46 04 89 45 f4 c6 47 07 80 c6 47 06 00 8b 5e
exception.symbol: RtlInitUnicodeString+0x196 RtlMultiByteToUnicodeN-0x1a7 ntdll+0x2e39e
exception.instruction: mov eax, dword ptr [esi + 4]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 189342
exception.address: 0x77d5e39e
success 0 0
1619960524.061374
__exception__
stacktrace: 
RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x77d5e003
ExpandEnvironmentStringsA+0x1f2 InitializeCriticalSectionAndSpinCount-0x1b kernelbase+0x10034 @ 0x778f0034
CryptAcquireContextA+0x3ab CryptGenKey-0x32d cryptsp+0x464e @ 0x7506464e
New_advapi32_CryptAcquireContextA@20+0x4f New_advapi32_CryptAcquireContextW@20-0xcf @ 0x74550f45
CryptAcquireContextW+0x97 CryptSetProviderA-0x54 cryptsp+0x647f @ 0x7506647f
New_advapi32_CryptAcquireContextW@20+0x9f New_advapi32_CryptCreateHash@20-0x7f @ 0x745510b3
e42269b0758064e66bb79f6642103fb3+0x3998 @ 0x403998
e42269b0758064e66bb79f6642103fb3+0x13c27 @ 0x413c27
e42269b0758064e66bb79f6642103fb3+0x1428b @ 0x41428b
e42269b0758064e66bb79f6642103fb3+0x14575 @ 0x414575
e42269b0758064e66bb79f6642103fb3+0x1381d @ 0x41381d
e42269b0758064e66bb79f6642103fb3+0x139b7 @ 0x4139b7
e42269b0758064e66bb79f6642103fb3+0x13a2d @ 0x413a2d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1635972
registers.edi: 6617328
registers.eax: 6619251
registers.ebp: 1636024
registers.edx: 6617336
registers.ebx: 6617336
registers.esi: 1783284430
registers.ecx: 6488064
exception.instruction_r: 8b 46 04 89 45 f4 c6 47 07 80 c6 47 06 00 8b 5e
exception.symbol: RtlInitUnicodeString+0x196 RtlMultiByteToUnicodeN-0x1a7 ntdll+0x2e39e
exception.instruction: mov eax, dword ptr [esi + 4]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 189342
exception.address: 0x77d5e39e
success 0 0
1619960524.092374
__exception__
stacktrace: 
RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x77d5e003
ExpandEnvironmentStringsA+0x1f2 InitializeCriticalSectionAndSpinCount-0x1b kernelbase+0x10034 @ 0x778f0034
CryptAcquireContextA+0x3ab CryptGenKey-0x32d cryptsp+0x464e @ 0x7506464e
New_advapi32_CryptAcquireContextA@20+0x4f New_advapi32_CryptAcquireContextW@20-0xcf @ 0x74550f45
CryptAcquireContextW+0x97 CryptSetProviderA-0x54 cryptsp+0x647f @ 0x7506647f
New_advapi32_CryptAcquireContextW@20+0x9f New_advapi32_CryptCreateHash@20-0x7f @ 0x745510b3
e42269b0758064e66bb79f6642103fb3+0x3998 @ 0x403998
e42269b0758064e66bb79f6642103fb3+0x13c27 @ 0x413c27
e42269b0758064e66bb79f6642103fb3+0x1428b @ 0x41428b
e42269b0758064e66bb79f6642103fb3+0x12f30 @ 0x412f30
e42269b0758064e66bb79f6642103fb3+0x139c1 @ 0x4139c1
e42269b0758064e66bb79f6642103fb3+0x13a2d @ 0x413a2d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1636876
registers.edi: 6617328
registers.eax: 6619251
registers.ebp: 1636928
registers.edx: 6617336
registers.ebx: 6617336
registers.esi: 1783284430
registers.ecx: 6488064
exception.instruction_r: 8b 46 04 89 45 f4 c6 47 07 80 c6 47 06 00 8b 5e
exception.symbol: RtlInitUnicodeString+0x196 RtlMultiByteToUnicodeN-0x1a7 ntdll+0x2e39e
exception.instruction: mov eax, dword ptr [esi + 4]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 189342
exception.address: 0x77d5e39e
success 0 0
1619960524.092374
__exception__
stacktrace: 
RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x77d5e0d2
ExpandEnvironmentStringsA+0x185 InitializeCriticalSectionAndSpinCount-0x88 kernelbase+0xffc7 @ 0x778effc7
CryptAcquireContextA+0x3ab CryptGenKey-0x32d cryptsp+0x464e @ 0x7506464e
New_advapi32_CryptAcquireContextA@20+0x4f New_advapi32_CryptAcquireContextW@20-0xcf @ 0x74550f45
CryptAcquireContextW+0x97 CryptSetProviderA-0x54 cryptsp+0x647f @ 0x7506647f
New_advapi32_CryptAcquireContextW@20+0x9f New_advapi32_CryptCreateHash@20-0x7f @ 0x745510b3
e42269b0758064e66bb79f6642103fb3+0x39ae @ 0x4039ae
e42269b0758064e66bb79f6642103fb3+0x13c27 @ 0x413c27
e42269b0758064e66bb79f6642103fb3+0x1428b @ 0x41428b
e42269b0758064e66bb79f6642103fb3+0x12f30 @ 0x412f30
e42269b0758064e66bb79f6642103fb3+0x139c1 @ 0x4139c1
e42269b0758064e66bb79f6642103fb3+0x13a2d @ 0x413a2d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1636700
registers.edi: 12
registers.eax: 7028600
registers.ebp: 1636832
registers.edx: 6519760
registers.ebx: 80
registers.esi: 7028608
registers.ecx: 6587136
exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b f8 0b da 89
exception.symbol: RtlInitUnicodeString+0xec RtlMultiByteToUnicodeN-0x251 ntdll+0x2e2f4
exception.instruction: movzx eax, word ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 189172
exception.address: 0x77d5e2f4
success 0 0
1619960524.092374
__exception__
stacktrace: 
RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x77d5e003
HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x763514dd
e42269b0758064e66bb79f6642103fb3+0x2bc6 @ 0x402bc6
e42269b0758064e66bb79f6642103fb3+0x13c7d @ 0x413c7d
e42269b0758064e66bb79f6642103fb3+0x1428b @ 0x41428b
e42269b0758064e66bb79f6642103fb3+0x12f30 @ 0x412f30
e42269b0758064e66bb79f6642103fb3+0x139c1 @ 0x4139c1
e42269b0758064e66bb79f6642103fb3+0x13a2d @ 0x413a2d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637496
registers.edi: 6617328
registers.eax: 6619251
registers.ebp: 1637548
registers.edx: 6617336
registers.ebx: 6617336
registers.esi: 1783284430
registers.ecx: 6488064
exception.instruction_r: 8b 46 04 89 45 f4 c6 47 07 80 c6 47 06 00 8b 5e
exception.symbol: RtlInitUnicodeString+0x196 RtlMultiByteToUnicodeN-0x1a7 ntdll+0x2e39e
exception.instruction: mov eax, dword ptr [esi + 4]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 189342
exception.address: 0x77d5e39e
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1619951362.796875
NtAllocateVirtualMemory
process_identifier: 196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003a0000
success 0 0
1619951363.187875
NtProtectVirtualMemory
process_identifier: 196
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 36864
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00469000
success 0 0
1619951363.202875
NtAllocateVirtualMemory
process_identifier: 196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01f20000
success 0 0
Steals private information from local Internet browsers (19 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera Next\data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\LocalMapleStudio\ChromePlus\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\LocalMapleStudio\ChromePlus\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Nichrome\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Nichrome\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\RockMelt\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\RockMelt\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Yandex\YandexBrowser\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Data
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\SeaMonkey
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
Moves the original executable to a new location (1 个事件)
Time & API Arguments Status Return Repeated
1619960524.061374
MoveFileWithProgressW
oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\e42269b0758064e66bb79f6642103fb3.exe
newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\6ED2B0\0019EA.exe
newfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Roaming\6ED2B0\0019EA.exe
flags: 1
oldfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\e42269b0758064e66bb79f6642103fb3.exe
success 1 0
Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)
Time & API Arguments Status Return Repeated
1619960523.827374
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 172.217.24.14
host 79.124.8.8
Harvests credentials from local FTP client softwares (22 个事件)
file C:\Program Files (x86)\FTPGetter\Profile\servers.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FTPGetter\servers.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Estsoft\ALFTP\ESTdb2.dat
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\wcx_ftp.ini
file C:\Windows\wcx_ftp.ini
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\GHISLER\wcx_ftp.ini
file C:\Users\Administrator.Oskar-PC\wcx_ftp.ini
file C:\Windows\32BitFtp.ini
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\sitemanager.xml
file C:\Program Files (x86)\FileZilla\Filezilla.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\filezilla.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\recentservers.xml
registry HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts
registry HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts
registry HKEY_CURRENT_USER\Software\Ghisler\Total Commander
registry HKEY_CURRENT_USER\Software\VanDyke\SecureFX
registry HKEY_CURRENT_USER\Software\LinasFTP\Site Manager
registry HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings
registry HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions
registry HKEY_LOCAL_MACHINE\Software\SimonTatham\PuTTY\Sessions
registry HKEY_CURRENT_USER\Software\Martin Prikryl
registry HKEY_LOCAL_MACHINE\Software\Martin Prikryl
Harvests information related to installed instant messenger clients (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\.purple\accounts.xml
Harvests credentials from local email clients (3 个事件)
registry HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
registry HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Thunderbird
registry HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 196 called NtSetContextThread to modify thread in remote process 1432
Time & API Arguments Status Return Repeated
1619951364.312875
NtSetContextThread
thread_handle: 0x00000118
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4274654
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1432
success 0 0
Putty Files, Registry Keys and/or Mutexes Detected
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 196 resumed a thread in remote process 1432
Time & API Arguments Status Return Repeated
1619951364.358875
NtResumeThread
thread_handle: 0x00000118
suspend_count: 1
process_identifier: 1432
success 0 0
Executed a process and injected code into it, probably while unpacking (7 个事件)
Time & API Arguments Status Return Repeated
1619951364.296875
CreateProcessInternalW
thread_identifier: 2620
thread_handle: 0x00000118
process_identifier: 1432
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\e42269b0758064e66bb79f6642103fb3.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x0000011c
inherit_handles: 0
success 1 0
1619951364.296875
NtUnmapViewOfSection
process_identifier: 1432
region_size: 4096
process_handle: 0x0000011c
base_address: 0x00400000
success 0 0
1619951364.296875
NtMapViewOfSection
section_handle: 0x00000124
process_identifier: 1432
commit_size: 663552
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x0000011c
allocation_type: 0 ()
section_offset: 0
view_size: 663552
base_address: 0x00400000
success 0 0
1619951364.312875
NtGetContextThread
thread_handle: 0x00000118
success 0 0
1619951364.312875
NtSetContextThread
thread_handle: 0x00000118
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4274654
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1432
success 0 0
1619951364.358875
NtResumeThread
thread_handle: 0x00000118
suspend_count: 1
process_identifier: 1432
success 0 0
1619960474.780374
NtResumeThread
thread_handle: 0x00000110
suspend_count: 1
process_identifier: 1432
success 0 0
File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 个事件)
Bkav W32.AIDetectVM.malware1
MicroWorld-eScan Trojan.Delf.FareIt.Gen.7
FireEye Generic.mg.e42269b0758064e6
CAT-QuickHeal Backdoor.Androm
McAfee Fareit-FVZ!E42269B07580
Cylance Unsafe
Zillya Trojan.Injector.Win32.752283
SUPERAntiSpyware Trojan.Agent/Gen-Dropper
Sangfor Malware
K7AntiVirus Trojan ( 0056aff91 )
Alibaba Trojan:Win32/DelfInject.ali2000015
K7GW Trojan ( 0056aff91 )
Cybereason malicious.76b89c
TrendMicro TrojanSpy.Win32.LOKI.SMAD1.hp
F-Prot W32/Trojan3.APIS
Symantec Trojan.Gen.MBT
APEX Malicious
Avast Win32:PWSX-gen [Trj]
ClamAV Win.Dropper.LokiBot-9089193-0
Kaspersky HEUR:Backdoor.Win32.Androm.gen
BitDefender Trojan.Delf.FareIt.Gen.7
NANO-Antivirus Trojan.Win32.Androm.hpbujz
Paloalto generic.ml
ViRobot Trojan.Win32.Z.Injector.852480.Y
Rising Trojan.Lokibot!8.F1B5 (CLOUD)
Endgame malicious (high confidence)
Emsisoft Trojan.Delf.FareIt.Gen.7 (B)
Comodo Malware@#311k4zm4ob1tm
F-Secure Trojan.TR/Injector.dadvw
DrWeb Trojan.PWS.Stealer.28942
VIPRE Trojan.Win32.Generic!BT
Invincea heuristic
Sophos Mal/Generic-S
Ikarus Trojan.Inject
Cyren W32/Trojan.ZNOJ-5662
Avira TR/Injector.dadvw
Antiy-AVL Trojan[Backdoor]/Win32.Androm
Microsoft PWS:Win32/Fareit.AQ!MTB
Arcabit Trojan.Delf.FareIt.Gen.7
AegisLab Trojan.Win32.Androm.m!c
ZoneAlarm HEUR:Backdoor.Win32.Androm.gen
GData Trojan.Delf.FareIt.Gen.7
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2091
VBA32 TScope.Trojan.Delf
ALYac Trojan.Delf.FareIt.Gen.7
MAX malware (ai score=87)
Ad-Aware Trojan.Delf.FareIt.Gen.7
Malwarebytes Spyware.LokiBot
ESET-NOD32 a variant of Win32/Injector.EMTN
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 172.217.24.14:443
dead_host 79.124.8.8:80
dead_host 172.217.160.110:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x475178 VirtualFree
0x47517c VirtualAlloc
0x475180 LocalFree
0x475184 LocalAlloc
0x475188 GetVersion
0x47518c GetCurrentThreadId
0x475198 VirtualQuery
0x47519c WideCharToMultiByte
0x4751a0 MultiByteToWideChar
0x4751a4 lstrlenA
0x4751a8 lstrcpynA
0x4751ac LoadLibraryExA
0x4751b0 GetThreadLocale
0x4751b4 GetStartupInfoA
0x4751b8 GetProcAddress
0x4751bc GetModuleHandleA
0x4751c0 GetModuleFileNameA
0x4751c4 GetLocaleInfoA
0x4751c8 GetCommandLineA
0x4751cc FreeLibrary
0x4751d0 FindFirstFileA
0x4751d4 FindClose
0x4751d8 ExitProcess
0x4751dc WriteFile
0x4751e4 RtlUnwind
0x4751e8 RaiseException
0x4751ec GetStdHandle
Library user32.dll:
0x4751f4 GetKeyboardType
0x4751f8 LoadStringA
0x4751fc MessageBoxA
0x475200 CharNextA
Library advapi32.dll:
0x475208 RegQueryValueExA
0x47520c RegOpenKeyExA
0x475210 RegCloseKey
Library oleaut32.dll:
0x475218 SysFreeString
0x47521c SysReAllocStringLen
0x475220 SysAllocStringLen
Library kernel32.dll:
0x475228 TlsSetValue
0x47522c TlsGetValue
0x475230 LocalAlloc
0x475234 GetModuleHandleA
Library advapi32.dll:
0x47523c RegQueryValueExA
0x475240 RegOpenKeyExA
0x475244 RegCloseKey
Library kernel32.dll:
0x47524c lstrcpyA
0x475250 WriteFile
0x475254 WaitForSingleObject
0x475258 VirtualQuery
0x47525c VirtualAlloc
0x475260 Sleep
0x475264 SizeofResource
0x475268 SetThreadLocale
0x47526c SetFilePointer
0x475270 SetEvent
0x475274 SetErrorMode
0x475278 SetEndOfFile
0x47527c ResetEvent
0x475280 ReadFile
0x475284 MultiByteToWideChar
0x475288 MulDiv
0x47528c LockResource
0x475290 LoadResource
0x475294 LoadLibraryA
0x4752a0 GlobalUnlock
0x4752a4 GlobalSize
0x4752a8 GlobalReAlloc
0x4752ac GlobalHandle
0x4752b0 GlobalLock
0x4752b4 GlobalFree
0x4752b8 GlobalFindAtomA
0x4752bc GlobalDeleteAtom
0x4752c0 GlobalAlloc
0x4752c4 GlobalAddAtomA
0x4752c8 GetVersionExA
0x4752cc GetVersion
0x4752d0 GetUserDefaultLCID
0x4752d4 GetTickCount
0x4752d8 GetThreadLocale
0x4752dc GetSystemInfo
0x4752e0 GetStringTypeExA
0x4752e4 GetStdHandle
0x4752e8 GetProcAddress
0x4752ec GetModuleHandleA
0x4752f0 GetModuleFileNameA
0x4752f4 GetLocaleInfoA
0x4752f8 GetLocalTime
0x4752fc GetLastError
0x475300 GetFullPathNameA
0x475304 GetFileAttributesA
0x475308 GetDiskFreeSpaceA
0x47530c GetDateFormatA
0x475310 GetCurrentThreadId
0x475314 GetCurrentProcessId
0x475318 GetComputerNameA
0x47531c GetCPInfo
0x475320 GetACP
0x475324 FreeResource
0x475328 InterlockedExchange
0x47532c FreeLibrary
0x475330 FormatMessageA
0x475334 FindResourceA
0x475338 FindFirstFileA
0x47533c FindClose
0x475348 EnumCalendarInfoA
0x475354 CreateThread
0x475358 CreateFileA
0x47535c CreateEventA
0x475360 CompareStringA
0x475364 CloseHandle
Library version.dll:
0x47536c VerQueryValueA
0x475374 GetFileVersionInfoA
Library gdi32.dll:
0x47537c UnrealizeObject
0x475380 StretchBlt
0x475384 SetWindowOrgEx
0x475388 SetWinMetaFileBits
0x47538c SetViewportOrgEx
0x475390 SetTextColor
0x475394 SetStretchBltMode
0x475398 SetROP2
0x47539c SetPixel
0x4753a0 SetMapMode
0x4753a4 SetEnhMetaFileBits
0x4753a8 SetDIBColorTable
0x4753ac SetColorSpace
0x4753b0 SetBrushOrgEx
0x4753b4 SetBkMode
0x4753b8 SetBkColor
0x4753bc SelectPalette
0x4753c0 SelectObject
0x4753c4 SelectClipRgn
0x4753c8 SaveDC
0x4753cc RestoreDC
0x4753d0 Rectangle
0x4753d4 RectVisible
0x4753d8 RealizePalette
0x4753dc Polyline
0x4753e0 PlayEnhMetaFile
0x4753e4 PatBlt
0x4753e8 MoveToEx
0x4753ec MaskBlt
0x4753f0 LineTo
0x4753f4 LPtoDP
0x4753f8 IntersectClipRect
0x4753fc GetWindowOrgEx
0x475400 GetWinMetaFileBits
0x475404 GetTextMetricsA
0x475410 GetStockObject
0x475414 GetPixel
0x475418 GetPaletteEntries
0x47541c GetObjectA
0x47542c GetEnhMetaFileBits
0x475430 GetDeviceCaps
0x475434 GetDIBits
0x475438 GetDIBColorTable
0x47543c GetDCOrgEx
0x475444 GetClipBox
0x475448 GetBrushOrgEx
0x47544c GetBitmapBits
0x475450 ExcludeClipRect
0x475454 DeleteObject
0x475458 DeleteEnhMetaFile
0x47545c DeleteDC
0x475460 CreateSolidBrush
0x475464 CreatePenIndirect
0x475468 CreatePalette
0x475470 CreateFontIndirectA
0x475474 CreateEnhMetaFileA
0x475478 CreateDIBitmap
0x47547c CreateDIBSection
0x475480 CreateCompatibleDC
0x475488 CreateBrushIndirect
0x47548c CreateBitmap
0x475490 CopyEnhMetaFileA
0x475494 CloseEnhMetaFile
0x475498 BitBlt
Library user32.dll:
0x4754a0 CreateWindowExA
0x4754a4 WindowFromPoint
0x4754a8 WinHelpA
0x4754ac WaitMessage
0x4754b0 UpdateWindow
0x4754b4 UnregisterClassA
0x4754b8 UnhookWindowsHookEx
0x4754bc TranslateMessage
0x4754c4 TrackPopupMenu
0x4754cc ShowWindow
0x4754d0 ShowScrollBar
0x4754d4 ShowOwnedPopups
0x4754d8 ShowCursor
0x4754dc SetWindowsHookExA
0x4754e0 SetWindowPos
0x4754e4 SetWindowPlacement
0x4754e8 SetWindowLongA
0x4754ec SetTimer
0x4754f0 SetScrollRange
0x4754f4 SetScrollPos
0x4754f8 SetScrollInfo
0x4754fc SetRect
0x475500 SetPropA
0x475504 SetParent
0x475508 SetMenuItemInfoA
0x47550c SetMenu
0x475510 SetForegroundWindow
0x475514 SetFocus
0x475518 SetCursor
0x47551c SetClassLongA
0x475520 SetCapture
0x475524 SetActiveWindow
0x475528 SendMessageA
0x47552c ScrollWindow
0x475530 ScreenToClient
0x475534 RemovePropA
0x475538 RemoveMenu
0x47553c ReleaseDC
0x475540 ReleaseCapture
0x47554c RegisterClassA
0x475550 RedrawWindow
0x475554 PtInRect
0x475558 PostQuitMessage
0x47555c PostMessageA
0x475560 PeekMessageA
0x475564 OffsetRect
0x475568 OemToCharA
0x47556c MessageBoxA
0x475570 MapWindowPoints
0x475574 MapVirtualKeyA
0x475578 LoadStringA
0x47557c LoadKeyboardLayoutA
0x475580 LoadIconA
0x475584 LoadCursorA
0x475588 LoadBitmapA
0x47558c KillTimer
0x475590 IsZoomed
0x475594 IsWindowVisible
0x475598 IsWindowEnabled
0x47559c IsWindow
0x4755a0 IsRectEmpty
0x4755a4 IsIconic
0x4755a8 IsDialogMessageA
0x4755ac IsChild
0x4755b0 InvalidateRect
0x4755b4 IntersectRect
0x4755b8 InsertMenuItemA
0x4755bc InsertMenuA
0x4755c0 InflateRect
0x4755c8 GetWindowTextA
0x4755cc GetWindowRect
0x4755d0 GetWindowPlacement
0x4755d4 GetWindowLongA
0x4755d8 GetWindowDC
0x4755dc GetTopWindow
0x4755e0 GetSystemMetrics
0x4755e4 GetSystemMenu
0x4755e8 GetSysColorBrush
0x4755ec GetSysColor
0x4755f0 GetSubMenu
0x4755f4 GetScrollRange
0x4755f8 GetScrollPos
0x4755fc GetScrollInfo
0x475600 GetPropA
0x475604 GetParent
0x475608 GetWindow
0x47560c GetMessageTime
0x475610 GetMenuStringA
0x475614 GetMenuState
0x475618 GetMenuItemInfoA
0x47561c GetMenuItemID
0x475620 GetMenuItemCount
0x475624 GetMenu
0x475628 GetLastActivePopup
0x47562c GetKeyboardState
0x475634 GetKeyboardLayout
0x475638 GetKeyState
0x47563c GetKeyNameTextA
0x475640 GetIconInfo
0x475644 GetForegroundWindow
0x475648 GetFocus
0x47564c GetDlgItem
0x475650 GetDesktopWindow
0x475654 GetDCEx
0x475658 GetDC
0x47565c GetCursorPos
0x475660 GetCursor
0x475664 GetClipboardData
0x475668 GetClientRect
0x47566c GetClassNameA
0x475670 GetClassInfoA
0x475674 GetCapture
0x475678 GetActiveWindow
0x47567c FrameRect
0x475680 FindWindowA
0x475684 FillRect
0x475688 EqualRect
0x47568c EnumWindows
0x475690 EnumThreadWindows
0x475694 EndPaint
0x475698 EndDeferWindowPos
0x47569c EnableWindow
0x4756a0 EnableScrollBar
0x4756a4 EnableMenuItem
0x4756a8 DrawTextA
0x4756ac DrawMenuBar
0x4756b0 DrawIconEx
0x4756b4 DrawIcon
0x4756b8 DrawFrameControl
0x4756bc DrawEdge
0x4756c0 DispatchMessageA
0x4756c4 DestroyWindow
0x4756c8 DestroyMenu
0x4756cc DestroyIcon
0x4756d0 DestroyCursor
0x4756d4 DeleteMenu
0x4756d8 DeferWindowPos
0x4756dc DefWindowProcA
0x4756e0 DefMDIChildProcA
0x4756e4 DefFrameProcA
0x4756e8 CreatePopupMenu
0x4756ec CreateMenu
0x4756f0 CreateIcon
0x4756f4 ClientToScreen
0x4756f8 CheckMenuItem
0x4756fc CallWindowProcA
0x475700 CallNextHookEx
0x475704 BeginPaint
0x475708 BeginDeferWindowPos
0x47570c CharNextA
0x475710 CharLowerBuffA
0x475714 CharLowerA
0x475718 CharToOemA
0x47571c AdjustWindowRectEx
Library kernel32.dll:
0x475728 Sleep
Library oleaut32.dll:
0x475730 SafeArrayPtrOfIndex
0x475734 SafeArrayGetUBound
0x475738 SafeArrayGetLBound
0x47573c SafeArrayCreate
0x475740 VariantChangeType
0x475744 VariantCopy
0x475748 VariantClear
0x47574c VariantInit
Library ole32.dll:
0x475758 IsAccelerator
0x47575c OleDraw
0x475764 CoTaskMemFree
0x475768 ProgIDFromCLSID
0x47576c StringFromCLSID
0x475770 CoCreateInstance
0x475774 CoGetClassObject
0x475778 CoUninitialize
0x47577c CoInitialize
0x475780 IsEqualGUID
Library oleaut32.dll:
0x475788 GetErrorInfo
0x47578c GetActiveObject
0x475790 SysFreeString
Library comctl32.dll:
0x4757a0 ImageList_Write
0x4757a4 ImageList_Read
0x4757b4 ImageList_DragMove
0x4757b8 ImageList_DragLeave
0x4757bc ImageList_DragEnter
0x4757c0 ImageList_EndDrag
0x4757c4 ImageList_BeginDrag
0x4757c8 ImageList_Remove
0x4757cc ImageList_DrawEx
0x4757d0 ImageList_Replace
0x4757d4 ImageList_Draw
0x4757e4 ImageList_Add
0x4757ec ImageList_Destroy
0x4757f0 ImageList_Create
Library comdlg32.dll:
0x4757f8 GetOpenFileNameA
Library wsock32.dll:
0x475800 WSACleanup
0x475804 WSAStartup
0x475808 WSAGetLastError
0x47580c getservbyname
0x475810 gethostbyname
0x475814 socket
0x475818 shutdown
0x47581c ntohs
0x475820 ioctlsocket
0x475824 inet_addr
0x475828 htons
0x47582c connect
0x475830 closesocket

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49236 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.