2.8
中危
53 个模型检测该样本为恶意!
重新分析
更多

092af7d11d815bf8e2d531a3805b2b26bc590d9f1bf77cb22474bc45cf6a7be6

edf6426b7730042d5f1068a325dc409b.exe

分析耗时

71s

最近分析

文件大小

155.5KB
静态报毒 动态报毒 AI SCORE=80 APWO ARTEMIS CLOUD CONFIDENCE CRIDEX FICT GDSDA GENERICRXAA GOZI GRTPWV HAPB HIGH CONFIDENCE JOHNNIE KRYPTIK LYFMD LZ1N MALICIOUS MALICIOUS PE MALWARE@#3QDBRGKPHQFW R002C0GD320 SCORE SUSGEN TROJANBANKER UNSAFE URSNIF ZBOT 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee GenericRXAA-AA!EDF6426B7730 20200429 6.0.6.653
Alibaba TrojanBanker:Win32/Cridex.b599b68d 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20200428 18.4.3895.0
Tencent Win32.Trojan-banker.Cridex.Apwo 20200429 1.0.0.1
Kingsoft 20200429 2013.8.14.323
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
Queries for the computername (3 个事件)
Time & API Arguments Status Return Repeated
1619999716.681822
GetComputerNameW
computer_name:
failed 0 0
1619999716.681822
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619999726.806822
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
This executable has a PDB path (1 个事件)
pdb_path c:\representsection\WhyWhat\cornerFell\Keyprobable\keptSoon\AgoKeep\Othersteptrade.pdb
One or more processes crashed (50 out of 25394 个事件)
Time & API Arguments Status Return Repeated
1619999699.603822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x15b4 @ 0x4015b4
edf6426b7730042d5f1068a325dc409b+0x13c2 @ 0x4013c2
edf6426b7730042d5f1068a325dc409b+0xdcf8 @ 0x40dcf8

registers.esp: 1637916
registers.edi: 0
registers.eax: 0
registers.ebp: 1637932
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 4194304
registers.ecx: 3230007296
exception.instruction_r: a1 b9 40 40 00 8b 0d b5 40 40 00 03 c8 89 0d 08
exception.symbol: edf6426b7730042d5f1068a325dc409b+0x1bc3
exception.instruction: mov eax, dword ptr [0x4040b9]
exception.module: edf6426b7730042d5f1068a325dc409b.exe
exception.exception_code: 0xc0000005
exception.offset: 7107
exception.address: 0x401bc3
success 0 0
1619999699.603822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x15b4 @ 0x4015b4
edf6426b7730042d5f1068a325dc409b+0x13c2 @ 0x4013c2
edf6426b7730042d5f1068a325dc409b+0xdcf8 @ 0x40dcf8

registers.esp: 1637916
registers.edi: 0
registers.eax: 1867734135
registers.ebp: 1637932
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 4194304
registers.ecx: 3230007296
exception.instruction_r: 8b 0d b5 40 40 00 03 c8 89 0d 08 31 40 00 eb 16
exception.symbol: edf6426b7730042d5f1068a325dc409b+0x1bc8
exception.instruction: mov ecx, dword ptr [0x4040b5]
exception.module: edf6426b7730042d5f1068a325dc409b.exe
exception.exception_code: 0x80000004
exception.offset: 7112
exception.address: 0x401bc8
success 0 0
1619999699.603822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x15b4 @ 0x4015b4
edf6426b7730042d5f1068a325dc409b+0x13c2 @ 0x4013c2
edf6426b7730042d5f1068a325dc409b+0xdcf8 @ 0x40dcf8

registers.esp: 1637916
registers.edi: 0
registers.eax: 1867734135
registers.ebp: 1637932
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 4194304
registers.ecx: 3230007296
exception.instruction_r: 8b 0d b5 40 40 00 03 c8 89 0d 08 31 40 00 eb 16
exception.symbol: edf6426b7730042d5f1068a325dc409b+0x1bc8
exception.instruction: mov ecx, dword ptr [0x4040b5]
exception.module: edf6426b7730042d5f1068a325dc409b.exe
exception.exception_code: 0xc0000005
exception.offset: 7112
exception.address: 0x401bc8
success 0 0
1619999699.603822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x15b4 @ 0x4015b4
edf6426b7730042d5f1068a325dc409b+0x13c2 @ 0x4013c2
edf6426b7730042d5f1068a325dc409b+0xdcf8 @ 0x40dcf8

registers.esp: 1637916
registers.edi: 0
registers.eax: 1867734135
registers.ebp: 1637932
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 4194304
registers.ecx: 1867276660
exception.instruction_r: 03 c8 89 0d 08 31 40 00 eb 16 a1 0c 31 40 00 85
exception.symbol: edf6426b7730042d5f1068a325dc409b+0x1bce
exception.instruction: add ecx, eax
exception.module: edf6426b7730042d5f1068a325dc409b.exe
exception.exception_code: 0x80000004
exception.offset: 7118
exception.address: 0x401bce
success 0 0
1619999699.619822
__exception__
stacktrace: 
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193832
registers.edi: 31653888
registers.eax: 36672912
registers.ebp: 31193948
registers.edx: 2130553844
registers.ebx: 3735010795
registers.esi: 36672912
registers.ecx: 3230007296
exception.instruction_r: 8b 46 3c 8b 44 30 50 6a 04 05 ff 0f 00 00 68 00
exception.symbol: edf6426b7730042d5f1068a325dc409b+0x1005
exception.instruction: mov eax, dword ptr [esi + 0x3c]
exception.module: edf6426b7730042d5f1068a325dc409b.exe
exception.exception_code: 0xc0000005
exception.offset: 4101
exception.address: 0x401005
success 0 0
1619999699.619822
__exception__
stacktrace: 
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193832
registers.edi: 31653888
registers.eax: 248
registers.ebp: 31193948
registers.edx: 2130553844
registers.ebx: 3735010795
registers.esi: 36672912
registers.ecx: 3230007296
exception.instruction_r: 8b 44 30 50 6a 04 05 ff 0f 00 00 68 00 10 00 00
exception.symbol: edf6426b7730042d5f1068a325dc409b+0x1008
exception.instruction: mov eax, dword ptr [eax + esi + 0x50]
exception.module: edf6426b7730042d5f1068a325dc409b.exe
exception.exception_code: 0x80000004
exception.offset: 4104
exception.address: 0x401008
success 0 0
1619999699.619822
__exception__
stacktrace: 
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193832
registers.edi: 31653888
registers.eax: 248
registers.ebp: 31193948
registers.edx: 2130553844
registers.ebx: 3735010795
registers.esi: 36672912
registers.ecx: 3230007296
exception.instruction_r: 8b 44 30 50 6a 04 05 ff 0f 00 00 68 00 10 00 00
exception.symbol: edf6426b7730042d5f1068a325dc409b+0x1008
exception.instruction: mov eax, dword ptr [eax + esi + 0x50]
exception.module: edf6426b7730042d5f1068a325dc409b.exe
exception.exception_code: 0xc0000005
exception.offset: 4104
exception.address: 0x401008
success 0 0
1619999699.619822
__exception__
stacktrace: 
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193832
registers.edi: 31653888
registers.eax: 61440
registers.ebp: 31193948
registers.edx: 2130553844
registers.ebx: 3735010795
registers.esi: 36672912
registers.ecx: 3230007296
exception.instruction_r: 6a 04 05 ff 0f 00 00 68 00 10 00 00 25 00 f0 ff
exception.symbol: edf6426b7730042d5f1068a325dc409b+0x100c
exception.instruction: push 4
exception.module: edf6426b7730042d5f1068a325dc409b.exe
exception.exception_code: 0x80000004
exception.offset: 4108
exception.address: 0x40100c
success 0 0
1619999699.619822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193812
registers.edi: 31653888
registers.eax: 31653888
registers.ebp: 31193816
registers.edx: 36672912
registers.ebx: 31653888
registers.esi: 36672912
registers.ecx: 3230007296
exception.instruction_r: 8b 42 3c 03 c2 0f b7 48 14 53 0f b7 58 06 56 57
exception.symbol: edf6426b7730042d5f1068a325dc409b+0x1222
exception.instruction: mov eax, dword ptr [edx + 0x3c]
exception.module: edf6426b7730042d5f1068a325dc409b.exe
exception.exception_code: 0xc0000005
exception.offset: 4642
exception.address: 0x401222
success 0 0
1619999699.619822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193812
registers.edi: 31653888
registers.eax: 248
registers.ebp: 31193816
registers.edx: 36672912
registers.ebx: 31653888
registers.esi: 36672912
registers.ecx: 3230007296
exception.instruction_r: 03 c2 0f b7 48 14 53 0f b7 58 06 56 57 8b 78 3c
exception.symbol: edf6426b7730042d5f1068a325dc409b+0x1225
exception.instruction: add eax, edx
exception.module: edf6426b7730042d5f1068a325dc409b.exe
exception.exception_code: 0x80000004
exception.offset: 4645
exception.address: 0x401225
success 0 0
1619999699.619822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193812
registers.edi: 31653888
registers.eax: 36673160
registers.ebp: 31193816
registers.edx: 36672912
registers.ebx: 31653888
registers.esi: 36672912
registers.ecx: 3230007296
exception.instruction_r: 0f b7 48 14 53 0f b7 58 06 56 57 8b 78 3c 8d 74
exception.symbol: edf6426b7730042d5f1068a325dc409b+0x1227
exception.instruction: movzx ecx, word ptr [eax + 0x14]
exception.module: edf6426b7730042d5f1068a325dc409b.exe
exception.exception_code: 0xc0000005
exception.offset: 4647
exception.address: 0x401227
success 0 0
1619999699.619822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193812
registers.edi: 31653888
registers.eax: 36673160
registers.ebp: 31193816
registers.edx: 36672912
registers.ebx: 31653888
registers.esi: 36672912
registers.ecx: 224
exception.instruction_r: 53 0f b7 58 06 56 57 8b 78 3c 8d 74 01 18 0f b7
exception.symbol: edf6426b7730042d5f1068a325dc409b+0x122b
exception.instruction: push ebx
exception.module: edf6426b7730042d5f1068a325dc409b.exe
exception.exception_code: 0x80000004
exception.offset: 4651
exception.address: 0x40122b
success 0 0
1619999699.619822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193808
registers.edi: 31653888
registers.eax: 36673160
registers.ebp: 31193816
registers.edx: 36672912
registers.ebx: 31653888
registers.esi: 36672912
registers.ecx: 224
exception.instruction_r: 0f b7 58 06 56 57 8b 78 3c 8d 74 01 18 0f b7 48
exception.symbol: edf6426b7730042d5f1068a325dc409b+0x122c
exception.instruction: movzx ebx, word ptr [eax + 6]
exception.module: edf6426b7730042d5f1068a325dc409b.exe
exception.exception_code: 0xc0000005
exception.offset: 4652
exception.address: 0x40122c
success 0 0
1619999699.619822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193808
registers.edi: 31653888
registers.eax: 36673160
registers.ebp: 31193816
registers.edx: 36672912
registers.ebx: 5
registers.esi: 36672912
registers.ecx: 224
exception.instruction_r: 56 57 8b 78 3c 8d 74 01 18 0f b7 48 04 8b 40 54
exception.symbol: edf6426b7730042d5f1068a325dc409b+0x1230
exception.instruction: push esi
exception.module: edf6426b7730042d5f1068a325dc409b.exe
exception.exception_code: 0x80000004
exception.offset: 4656
exception.address: 0x401230
success 0 0
1619999699.619822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193800
registers.edi: 31653888
registers.eax: 36673160
registers.ebp: 31193816
registers.edx: 36672912
registers.ebx: 5
registers.esi: 36672912
registers.ecx: 224
exception.instruction_r: 8b 78 3c 8d 74 01 18 0f b7 48 04 8b 40 54 50 52
exception.symbol: edf6426b7730042d5f1068a325dc409b+0x1232
exception.instruction: mov edi, dword ptr [eax + 0x3c]
exception.module: edf6426b7730042d5f1068a325dc409b.exe
exception.exception_code: 0xc0000005
exception.offset: 4658
exception.address: 0x401232
success 0 0
1619999699.619822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193800
registers.edi: 512
registers.eax: 36673160
registers.ebp: 31193816
registers.edx: 36672912
registers.ebx: 5
registers.esi: 36672912
registers.ecx: 224
exception.instruction_r: 8d 74 01 18 0f b7 48 04 8b 40 54 50 52 ff 75 08
exception.symbol: edf6426b7730042d5f1068a325dc409b+0x1235
exception.instruction: lea esi, dword ptr [ecx + eax + 0x18]
exception.module: edf6426b7730042d5f1068a325dc409b.exe
exception.exception_code: 0x80000004
exception.offset: 4661
exception.address: 0x401235
success 0 0
1619999699.619822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193800
registers.edi: 512
registers.eax: 36673160
registers.ebp: 31193816
registers.edx: 36672912
registers.ebx: 5
registers.esi: 36673408
registers.ecx: 224
exception.instruction_r: 0f b7 48 04 8b 40 54 50 52 ff 75 08 89 5d fc e8
exception.symbol: edf6426b7730042d5f1068a325dc409b+0x1239
exception.instruction: movzx ecx, word ptr [eax + 4]
exception.module: edf6426b7730042d5f1068a325dc409b.exe
exception.exception_code: 0xc0000005
exception.offset: 4665
exception.address: 0x401239
success 0 0
1619999699.619822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193800
registers.edi: 512
registers.eax: 36673160
registers.ebp: 31193816
registers.edx: 36672912
registers.ebx: 5
registers.esi: 36673408
registers.ecx: 332
exception.instruction_r: 8b 40 54 50 52 ff 75 08 89 5d fc e8 f9 fe ff ff
exception.symbol: edf6426b7730042d5f1068a325dc409b+0x123d
exception.instruction: mov eax, dword ptr [eax + 0x54]
exception.module: edf6426b7730042d5f1068a325dc409b.exe
exception.exception_code: 0x80000004
exception.offset: 4669
exception.address: 0x40123d
success 0 0
1619999699.619822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193800
registers.edi: 512
registers.eax: 36673160
registers.ebp: 31193816
registers.edx: 36672912
registers.ebx: 5
registers.esi: 36673408
registers.ecx: 332
exception.instruction_r: 8b 40 54 50 52 ff 75 08 89 5d fc e8 f9 fe ff ff
exception.symbol: edf6426b7730042d5f1068a325dc409b+0x123d
exception.instruction: mov eax, dword ptr [eax + 0x54]
exception.module: edf6426b7730042d5f1068a325dc409b.exe
exception.exception_code: 0xc0000005
exception.offset: 4669
exception.address: 0x40123d
success 0 0
1619999699.619822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193800
registers.edi: 512
registers.eax: 1024
registers.ebp: 31193816
registers.edx: 36672912
registers.ebx: 5
registers.esi: 36673408
registers.ecx: 332
exception.instruction_r: 50 52 ff 75 08 89 5d fc e8 f9 fe ff ff 83 c4 0c
exception.symbol: edf6426b7730042d5f1068a325dc409b+0x1240
exception.instruction: push eax
exception.module: edf6426b7730042d5f1068a325dc409b.exe
exception.exception_code: 0x80000004
exception.offset: 4672
exception.address: 0x401240
success 0 0
1619999699.619822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x124d @ 0x40124d
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193772
registers.edi: 31653888
registers.eax: 36673936
registers.ebp: 31193780
registers.edx: 0
registers.ebx: 5
registers.esi: 36672912
registers.ecx: 256
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619999699.619822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x124d @ 0x40124d
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193772
registers.edi: 31653892
registers.eax: 36673936
registers.ebp: 31193780
registers.edx: 0
registers.ebx: 5
registers.esi: 36672916
registers.ecx: 255
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619999699.619822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x124d @ 0x40124d
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193772
registers.edi: 31653892
registers.eax: 36673936
registers.ebp: 31193780
registers.edx: 0
registers.ebx: 5
registers.esi: 36672916
registers.ecx: 255
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619999699.619822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x124d @ 0x40124d
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193772
registers.edi: 31653896
registers.eax: 36673936
registers.ebp: 31193780
registers.edx: 0
registers.ebx: 5
registers.esi: 36672920
registers.ecx: 254
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619999699.619822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x124d @ 0x40124d
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193772
registers.edi: 31653896
registers.eax: 36673936
registers.ebp: 31193780
registers.edx: 0
registers.ebx: 5
registers.esi: 36672920
registers.ecx: 254
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619999699.619822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x124d @ 0x40124d
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193772
registers.edi: 31653900
registers.eax: 36673936
registers.ebp: 31193780
registers.edx: 0
registers.ebx: 5
registers.esi: 36672924
registers.ecx: 253
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619999699.635822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x124d @ 0x40124d
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193772
registers.edi: 31653900
registers.eax: 36673936
registers.ebp: 31193780
registers.edx: 0
registers.ebx: 5
registers.esi: 36672924
registers.ecx: 253
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619999699.635822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x124d @ 0x40124d
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193772
registers.edi: 31653904
registers.eax: 36673936
registers.ebp: 31193780
registers.edx: 0
registers.ebx: 5
registers.esi: 36672928
registers.ecx: 252
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619999699.635822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x124d @ 0x40124d
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193772
registers.edi: 31653904
registers.eax: 36673936
registers.ebp: 31193780
registers.edx: 0
registers.ebx: 5
registers.esi: 36672928
registers.ecx: 252
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619999699.635822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x124d @ 0x40124d
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193772
registers.edi: 31653908
registers.eax: 36673936
registers.ebp: 31193780
registers.edx: 0
registers.ebx: 5
registers.esi: 36672932
registers.ecx: 251
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619999699.635822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x124d @ 0x40124d
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193772
registers.edi: 31653908
registers.eax: 36673936
registers.ebp: 31193780
registers.edx: 0
registers.ebx: 5
registers.esi: 36672932
registers.ecx: 251
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619999699.635822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x124d @ 0x40124d
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193772
registers.edi: 31653912
registers.eax: 36673936
registers.ebp: 31193780
registers.edx: 0
registers.ebx: 5
registers.esi: 36672936
registers.ecx: 250
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619999699.635822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x124d @ 0x40124d
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193772
registers.edi: 31653912
registers.eax: 36673936
registers.ebp: 31193780
registers.edx: 0
registers.ebx: 5
registers.esi: 36672936
registers.ecx: 250
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619999699.635822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x124d @ 0x40124d
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193772
registers.edi: 31653916
registers.eax: 36673936
registers.ebp: 31193780
registers.edx: 0
registers.ebx: 5
registers.esi: 36672940
registers.ecx: 249
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619999699.635822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x124d @ 0x40124d
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193772
registers.edi: 31653916
registers.eax: 36673936
registers.ebp: 31193780
registers.edx: 0
registers.ebx: 5
registers.esi: 36672940
registers.ecx: 249
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619999699.635822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x124d @ 0x40124d
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193772
registers.edi: 31653920
registers.eax: 36673936
registers.ebp: 31193780
registers.edx: 0
registers.ebx: 5
registers.esi: 36672944
registers.ecx: 248
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619999699.635822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x124d @ 0x40124d
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193772
registers.edi: 31653920
registers.eax: 36673936
registers.ebp: 31193780
registers.edx: 0
registers.ebx: 5
registers.esi: 36672944
registers.ecx: 248
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619999699.635822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x124d @ 0x40124d
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193772
registers.edi: 31653924
registers.eax: 36673936
registers.ebp: 31193780
registers.edx: 0
registers.ebx: 5
registers.esi: 36672948
registers.ecx: 247
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619999699.635822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x124d @ 0x40124d
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193772
registers.edi: 31653924
registers.eax: 36673936
registers.ebp: 31193780
registers.edx: 0
registers.ebx: 5
registers.esi: 36672948
registers.ecx: 247
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619999699.635822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x124d @ 0x40124d
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193772
registers.edi: 31653928
registers.eax: 36673936
registers.ebp: 31193780
registers.edx: 0
registers.ebx: 5
registers.esi: 36672952
registers.ecx: 246
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619999699.635822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x124d @ 0x40124d
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193772
registers.edi: 31653928
registers.eax: 36673936
registers.ebp: 31193780
registers.edx: 0
registers.ebx: 5
registers.esi: 36672952
registers.ecx: 246
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619999699.635822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x124d @ 0x40124d
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193772
registers.edi: 31653932
registers.eax: 36673936
registers.ebp: 31193780
registers.edx: 0
registers.ebx: 5
registers.esi: 36672956
registers.ecx: 245
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619999699.635822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x124d @ 0x40124d
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193772
registers.edi: 31653932
registers.eax: 36673936
registers.ebp: 31193780
registers.edx: 0
registers.ebx: 5
registers.esi: 36672956
registers.ecx: 245
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619999699.635822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x124d @ 0x40124d
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193772
registers.edi: 31653936
registers.eax: 36673936
registers.ebp: 31193780
registers.edx: 0
registers.ebx: 5
registers.esi: 36672960
registers.ecx: 244
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619999699.635822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x124d @ 0x40124d
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193772
registers.edi: 31653936
registers.eax: 36673936
registers.ebp: 31193780
registers.edx: 0
registers.ebx: 5
registers.esi: 36672960
registers.ecx: 244
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619999699.635822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x124d @ 0x40124d
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193772
registers.edi: 31653940
registers.eax: 36673936
registers.ebp: 31193780
registers.edx: 0
registers.ebx: 5
registers.esi: 36672964
registers.ecx: 243
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619999699.635822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x124d @ 0x40124d
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193772
registers.edi: 31653940
registers.eax: 36673936
registers.ebp: 31193780
registers.edx: 0
registers.ebx: 5
registers.esi: 36672964
registers.ecx: 243
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619999699.635822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x124d @ 0x40124d
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193772
registers.edi: 31653944
registers.eax: 36673936
registers.ebp: 31193780
registers.edx: 0
registers.ebx: 5
registers.esi: 36672968
registers.ecx: 242
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619999699.635822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x124d @ 0x40124d
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193772
registers.edi: 31653944
registers.eax: 36673936
registers.ebp: 31193780
registers.edx: 0
registers.ebx: 5
registers.esi: 36672968
registers.ecx: 242
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
1619999699.635822
__exception__
stacktrace: 
edf6426b7730042d5f1068a325dc409b+0x124d @ 0x40124d
edf6426b7730042d5f1068a325dc409b+0x1033 @ 0x401033
EtwpGetCpuSpeed+0x36f RtlAddVectoredExceptionHandler-0x2b ntdll+0x77400 @ 0x77da7400
KiUserApcDispatcher+0x25 KiUserCallbackDispatcher-0x8f ntdll+0x1005d @ 0x77d4005d
SleepEx+0x65 TlsGetValue-0x45 kernelbase+0x12c50 @ 0x778f2c50
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 31193772
registers.edi: 31653948
registers.eax: 36673936
registers.ebp: 31193780
registers.edx: 0
registers.ebx: 5
registers.esi: 36672972
registers.ecx: 241
exception.instruction_r: f3 a5 ff 24 95 8c 24 d5 77 8b c7 ba 03 00 00 00
exception.symbol: memcpy+0x33 memset-0xbbad ntdll+0x22373
exception.instruction: movsd dword ptr es:[edi], dword ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0x80000004
exception.offset: 140147
exception.address: 0x77d52373
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (4 个事件)
Time & API Arguments Status Return Repeated
1619999699.588822
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 12288
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00420000
success 0 0
1619999699.588822
NtAllocateVirtualMemory
process_identifier: 912
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00340000
success 0 0
1619999699.588822
NtAllocateVirtualMemory
process_identifier: 912
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00350000
success 0 0
1619999699.588822
NtAllocateVirtualMemory
process_identifier: 912
region_size: 143360
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01c80000
success 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 个事件)
MicroWorld-eScan Gen:Variant.Johnnie.207195
McAfee GenericRXAA-AA!EDF6426B7730
Cylance Unsafe
Sangfor Malware
K7AntiVirus Trojan ( 0055e32d1 )
Alibaba TrojanBanker:Win32/Cridex.b599b68d
K7GW Trojan ( 0055e32d1 )
Invincea heuristic
ESET-NOD32 a variant of Win32/Kryptik.HAPB
TrendMicro-HouseCall TROJ_GEN.R002C0GD320
Paloalto generic.ml
GData Gen:Variant.Johnnie.207195
Kaspersky Trojan-Banker.Win32.Cridex.iqg
BitDefender Gen:Variant.Johnnie.207195
NANO-Antivirus Trojan.Win32.Gozi.grtpwv
ViRobot Trojan.Win32.Z.Johnnie.159233
Avast Win32:Malware-gen
Tencent Win32.Trojan-banker.Cridex.Apwo
Ad-Aware Gen:Variant.Johnnie.207195
Sophos Mal/Generic-S
Comodo Malware@#3qdbrgkphqfw
F-Secure Trojan.TR/Kryptik.lyfmd
DrWeb Trojan.Gozi.622
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R002C0GD320
McAfee-GW-Edition Artemis!Trojan
SentinelOne DFI - Malicious PE
FireEye Generic.mg.edf6426b7730042d
Emsisoft Gen:Variant.Johnnie.207195 (B)
APEX Malicious
Cyren W32/Trojan.FICT-4236
Jiangmin Trojan.Banker.Cridex.jv
MaxSecure Trojan.Malware.74765237.susgen
Antiy-AVL Trojan[Banker]/Win32.Cridex
Endgame malicious (high confidence)
Arcabit Trojan.Johnnie.D3295B
AegisLab Trojan.Win32.Generic.lZ1N
ZoneAlarm Trojan-Banker.Win32.Cridex.iqg
Microsoft Trojan:Win32/Ursnif!MSR
AhnLab-V3 Trojan/Win32.Kryptik.C3863299
Acronis suspicious
ALYac Gen:Variant.Johnnie.207195
MAX malware (ai score=80)
VBA32 TrojanBanker.Cridex
Rising Trojan.Kryptik!8.8 (CLOUD)
Yandex Trojan.PWS.Cridex!
Ikarus Trojan-PWS.Win32.Zbot
eGambit Unsafe.AI_Score_99%
Fortinet W32/Cridex.LSD!tr
AVG Win32:Malware-gen
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2012-12-13 19:25:39

Imports

Library KERNEL32.dll:
0x410000 Sleep
0x410004 GetSystemDirectoryA
0x41000c LocalAlloc
0x410010 VirtualProtect
0x410014 GetCommandLineA
0x410018 HeapSetInformation
0x41001c GetStartupInfoW
0x410020 RaiseException
0x410024 TerminateProcess
0x410028 GetCurrentProcess
0x410034 IsDebuggerPresent
0x410038 HeapAlloc
0x41003c GetLastError
0x410040 HeapFree
0x410048 EncodePointer
0x41004c DecodePointer
0x410050 GetProcAddress
0x410054 GetModuleHandleW
0x410058 ExitProcess
0x41005c WriteFile
0x410060 GetStdHandle
0x410064 GetModuleFileNameW
0x410068 GetModuleFileNameA
0x410070 WideCharToMultiByte
0x410078 SetHandleCount
0x410080 GetFileType
0x410088 TlsAlloc
0x41008c TlsGetValue
0x410090 TlsSetValue
0x410094 TlsFree
0x41009c SetLastError
0x4100a0 GetCurrentThreadId
0x4100a8 HeapCreate
0x4100b0 GetTickCount
0x4100b4 GetCurrentProcessId
0x4100c4 RtlUnwind
0x4100c8 HeapSize
0x4100cc LoadLibraryW
0x4100d0 GetCPInfo
0x4100d4 GetACP
0x4100d8 GetOEMCP
0x4100dc IsValidCodePage
0x4100e0 HeapReAlloc
0x4100e4 LCMapStringW
0x4100e8 MultiByteToWideChar
0x4100ec GetStringTypeW
Library SHLWAPI.dll:
0x4100f4 PathRemoveArgsA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.