Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	May 26, 2021, 9:22 a.m.	May 26, 2021, 9:24 a.m.

Size	1.9MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`81df021fd7a1275df23a861bb0dd436a`
SHA256	`9ca94f1c18262ad64ee1e51d395d74b76377619f5589c20102a0e593e78e39d0`
CRC32	`8511448C`
ssdeep	`49152:X+q1dc9mJkFLmtKbz+UcURvXDVN20wdkwVufr77fGrg5y:X+q1UmuYtKb5cERN2necX`
Yara	anti_vm_detect - Possibly employs anti-virtualization techniques PE_Header_Zero - PE File Signature IsPE32 - (no description)

%E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe "C:\Users\test22\AppData\Local\Temp\%E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe"
7132

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
172.217.25.14	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent May 26, 2021, 9:22 a.m.			0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx May 26, 2021, 9:22 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.sedata

One or more processes crashed (50 out of 327 events)

Time & API	Arguments	Status
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x206dd9 @ 0x606dd9 %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x261837 @ 0x661837 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: eb 09 2a bf 2f 4a b9 73 12 8d 1c c3 e9 8b ff ff exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x1614c2 exception.instruction: jmp 0x5614cd exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000003 exception.offset: 1447106 exception.address: 0x5614c2 registers.esp: 1638008 registers.edi: 0 registers.eax: 0 registers.ebp: 1638052 registers.edx: 582600 registers.ebx: 5 registers.esi: 8380096 registers.ecx: 8380096	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: 0x246 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 1637004 registers.edi: 1637256 registers.eax: 2209461066 registers.ebp: 1637020 registers.edx: 7457903 registers.ebx: 5595269 registers.esi: 5820647 registers.ecx: 2029386331	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 41745196 registers.edi: 41745448 registers.eax: 2209461066 registers.ebp: 41745212 registers.edx: 47566095 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 42793768 registers.edi: 42794020 registers.eax: 2209461066 registers.ebp: 42793784 registers.edx: 48614667 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 44890924 registers.edi: 44891176 registers.eax: 2209461066 registers.ebp: 44890940 registers.edx: 50711823 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 43842344 registers.edi: 43842596 registers.eax: 2209461066 registers.ebp: 43842360 registers.edx: 49663243 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 45939484 registers.edi: 45939736 registers.eax: 2209461066 registers.ebp: 45939500 registers.edx: 51760383 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 46988092 registers.edi: 46988344 registers.eax: 2209461066 registers.ebp: 46988108 registers.edx: 52808991 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 42793768 registers.edi: 42794020 registers.eax: 2209461066 registers.ebp: 42793784 registers.edx: 48614667 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 41745196 registers.edi: 41745448 registers.eax: 2209461066 registers.ebp: 41745212 registers.edx: 47566095 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 44890924 registers.edi: 44891176 registers.eax: 2209461066 registers.ebp: 44890940 registers.edx: 50711823 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 43842344 registers.edi: 43842596 registers.eax: 2209461066 registers.ebp: 43842360 registers.edx: 49663243 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 45939484 registers.edi: 45939736 registers.eax: 2209461066 registers.ebp: 45939500 registers.edx: 51760383 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 41745196 registers.edi: 41745448 registers.eax: 2209461066 registers.ebp: 41745212 registers.edx: 47566095 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 43842344 registers.edi: 43842596 registers.eax: 2209461066 registers.ebp: 43842360 registers.edx: 49663243 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 45939484 registers.edi: 45939736 registers.eax: 2209461066 registers.ebp: 45939500 registers.edx: 51760383 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 46988092 registers.edi: 46988344 registers.eax: 2209461066 registers.ebp: 46988108 registers.edx: 52808991 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 42793768 registers.edi: 42794020 registers.eax: 2209461066 registers.ebp: 42793784 registers.edx: 48614667 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 44890924 registers.edi: 44891176 registers.eax: 2209461066 registers.ebp: 44890940 registers.edx: 50711823 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 45939484 registers.edi: 45939736 registers.eax: 2209461066 registers.ebp: 45939500 registers.edx: 51760383 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 41745196 registers.edi: 41745448 registers.eax: 2209461066 registers.ebp: 41745212 registers.edx: 47566095 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 44890924 registers.edi: 44891176 registers.eax: 2209461066 registers.ebp: 44890940 registers.edx: 50711823 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 43842344 registers.edi: 43842596 registers.eax: 2209461066 registers.ebp: 43842360 registers.edx: 49663243 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 42793768 registers.edi: 42794020 registers.eax: 2209461066 registers.ebp: 42793784 registers.edx: 48614667 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 44890924 registers.edi: 44891176 registers.eax: 2209461066 registers.ebp: 44890940 registers.edx: 50711823 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 45939484 registers.edi: 45939736 registers.eax: 2209461066 registers.ebp: 45939500 registers.edx: 51760383 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 41745196 registers.edi: 41745448 registers.eax: 2209461066 registers.ebp: 41745212 registers.edx: 47566095 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 46988092 registers.edi: 46988344 registers.eax: 2209461066 registers.ebp: 46988108 registers.edx: 52808991 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 43842344 registers.edi: 43842596 registers.eax: 2209461066 registers.ebp: 43842360 registers.edx: 49663243 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 42793768 registers.edi: 42794020 registers.eax: 2209461066 registers.ebp: 42793784 registers.edx: 48614667 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 45939484 registers.edi: 45939736 registers.eax: 2209461066 registers.ebp: 45939500 registers.edx: 51760383 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 44890924 registers.edi: 44891176 registers.eax: 2209461066 registers.ebp: 44890940 registers.edx: 50711823 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 41745196 registers.edi: 41745448 registers.eax: 2209461066 registers.ebp: 41745212 registers.edx: 47566095 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 42793768 registers.edi: 42794020 registers.eax: 2209461066 registers.ebp: 42793784 registers.edx: 48614667 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 43842344 registers.edi: 43842596 registers.eax: 2209461066 registers.ebp: 43842360 registers.edx: 49663243 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 45939484 registers.edi: 45939736 registers.eax: 2209461066 registers.ebp: 45939500 registers.edx: 51760383 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 41745196 registers.edi: 41745448 registers.eax: 2209461066 registers.ebp: 41745212 registers.edx: 47566095 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 43842344 registers.edi: 43842596 registers.eax: 2209461066 registers.ebp: 43842360 registers.edx: 49663243 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 46988092 registers.edi: 46988344 registers.eax: 2209461066 registers.ebp: 46988108 registers.edx: 52808991 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 44890924 registers.edi: 44891176 registers.eax: 2209461066 registers.ebp: 44890940 registers.edx: 50711823 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 42793768 registers.edi: 42794020 registers.eax: 2209461066 registers.ebp: 42793784 registers.edx: 48614667 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 44890924 registers.edi: 44891176 registers.eax: 2209461066 registers.ebp: 44890940 registers.edx: 50711823 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 45939484 registers.edi: 45939736 registers.eax: 2209461066 registers.ebp: 45939500 registers.edx: 51760383 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 42793768 registers.edi: 42794020 registers.eax: 2209461066 registers.ebp: 42793784 registers.edx: 48614667 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 41745196 registers.edi: 41745448 registers.eax: 2209461066 registers.ebp: 41745212 registers.edx: 47566095 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 43842344 registers.edi: 43842596 registers.eax: 2209461066 registers.ebp: 43842360 registers.edx: 49663243 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 44890924 registers.edi: 44891176 registers.eax: 2209461066 registers.ebp: 44890940 registers.edx: 50711823 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 43842344 registers.edi: 43842596 registers.eax: 2209461066 registers.ebp: 43842360 registers.edx: 49663243 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 45939484 registers.edi: 45939736 registers.eax: 2209461066 registers.ebp: 45939500 registers.edx: 51760383 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1
__exception__ May 26, 2021, 9:22 a.m.	stacktrace: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x156000 @ 0x556000 exception.instruction_r: 66 52 66 55 8d 24 24 66 87 54 24 01 eb b9 ff 34 exception.symbol: %e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88+0x188a04 exception.instruction: push dx exception.module: %E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe exception.exception_code: 0x80000004 exception.offset: 1608196 exception.address: 0x588a04 registers.esp: 41745196 registers.edi: 41745448 registers.eax: 2209461066 registers.ebp: 41745212 registers.edx: 47566095 registers.ebx: 5595136 registers.esi: 5820647 registers.ecx: 1079932809	1

Allocates read-write-execute memory (usually to unpack itself) (50 out of 4927 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 region_size: 1048576 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02000000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x020c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 region_size: 1576960 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02240000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 65536 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x773b0000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 region_size: 1048576 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 region_size: 294912 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 24576 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76aaa000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 26, 2021, 9:22 a.m.	process_identifier: 7132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 process_handle: 0xffffffff	1

Foreign language identified in PE resource (4 events)

name

RT_GROUP_ICON

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x002773d4

size

0x00000014

name

RT_GROUP_ICON

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x002773d4

size

0x00000014

name

RT_GROUP_ICON

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x002773d4

size

0x00000014

name

RT_VERSION

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x002773e8

size

0x0000027c

The binary likely contains encrypted or compressed data indicative of a packer (4 events)

section

{u'size_of_data': u'0x000c2000', u'virtual_address': u'0x00001000', u'entropy': 7.996179361840957, u'name': u'.text', u'virtual_size': u'0x00155000'}

entropy

7.99617936184

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00110000', u'virtual_address': u'0x00156000', u'entropy': 7.4142053307842835, u'name': u'.sedata', u'virtual_size': u'0x00110000'}

entropy

7.41420533078

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00001000', u'virtual_address': u'0x00278000', u'entropy': 7.9803237153682325, u'name': u'.sedata', u'virtual_size': u'0x00001000'}

entropy

7.98032371537

description

A section with a high entropy has been found

entropy

0.962886597938

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 event)

host

172.217.25.14

File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 events)

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Symmi.88156
McAfee	Packed-LF!81DF021FD7A1
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005239691 )
Alibaba	Packed:Win32/NoobyProtect.47b12b29
K7GW	Unwanted-Program ( 004eb1381 )
Cybereason	malicious.fd7a12
Cyren	W32/S-e743b39f!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Packed.NoobyProtect.G suspicious
APEX	Malicious
Avast	Win32:Malware-gen
ClamAV	Win.Malware.Noobyprotect-6622929-0
Kaspersky	UDS:Packed.Win32.Blackv.gen
BitDefender	Gen:Variant.Symmi.88156
NANO-Antivirus	Trojan.Win32.Dwn.eemzdg
AegisLab	Hacktool.Win32.Generic.mDyH
Tencent	Malware.Win32.Gencirc.1149882e
Ad-Aware	Gen:Variant.Symmi.88156
Emsisoft	Gen:Variant.Symmi.88156 (B)
Comodo	TrojWare.Win32.Agent.OSCF@5rs7jr
DrWeb	Trojan.DownLoader22.3631
Zillya	Trojan.Blackv.Win32.19
McAfee-GW-Edition	BehavesLike.Win32.Generic.tc
FireEye	Generic.mg.81df021fd7a1275d
Sophos	Mal/Generic-S
Jiangmin	Packed.Blackv.iv
eGambit	Generic.Malware
MAX	malware (ai score=100)
Antiy-AVL	Trojan/Generic.ASMalwS.27FC1AA
Gridinsoft	Malware.Win32.Gen.cc!s2
Microsoft	Trojan:Win32/Occamy.C9C
GData	Win32.Packed.NoobyProtect.B
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.CaptchaSteal.R110021
Acronis	suspicious
BitDefenderTheta	Gen:NN.ZexaF.34692.6v1@aqlYMCfb
ALYac	Gen:Variant.Symmi.88156
VBA32	Trojan.Downloader
Malwarebytes	Malware.AI.3019921929
Rising	Malware.Blackv!8.E14F (CLOUD)
Yandex	Trojan.GenAsa!QGnqpFXWMWM
SentinelOne	Static AI - Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Webroot	W32.Trojan.Gen
AVG	Win32:Malware-gen

%E5%A4%A9%E9%99%8D%E6%BF%80%E5%85%89%E7%82%AE-%E5%9B%BE%E5%83%8F%E7%95%8C%E9%9D%A2%E7%89%88.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All