popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

loader_p1_dll_64_n1_x64_inf.dll77.dll

UPX OS Processor Check PE64 PE File DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 March 15, 2023, 9:01 a.m. March 15, 2023, 9:03 a.m.
Size 372.5KB
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 658f14c5d83de5e5fee5f5ae00087139
SHA256 274ff7a41a6af130f6342b4625ab139c7077702e59cd0d5fc375f404a918b6be
CRC32 DD27E9B7
ssdeep 6144:wI+QWLzCll9xQXnJ2740Za/Q6hJFl/q+LT54w:wP1zCb9xQXnJCfx6hPdK
PDB Path E:\repo\ImageMagick\ImageMagick-6.9.3\vc14\x64\bin\CORE_RL_pango_.pdb
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
skanfordiporka.com
A 68.183.10.71
68.183.10.71
IP Address Status Action
164.124.101.2 Active Moloch
68.183.10.71 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49290 -> 68.183.10.71:80 2032086 ET MALWARE Win32/IcedID Request Cookie A Network Trojan was detected
TCP 192.168.56.101:49283 -> 68.183.10.71:80 2032086 ET MALWARE Win32/IcedID Request Cookie A Network Trojan was detected

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
pdb_path E:\repo\ImageMagick\ImageMagick-6.9.3\vc14\x64\bin\CORE_RL_pango_.pdb
section .gfids
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x52908
registers.r14: 0
registers.r15: 0
registers.rcx: 24
registers.rsi: 0
registers.r10: 0
registers.rbx: 131454
registers.rsp: 1636824
registers.r11: 1636512
registers.r8: 3391884
registers.r9: 10
registers.rdx: 4286644224
registers.r12: 10
registers.rbp: 3391680
registers.rdi: 131454
registers.rax: 131454
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x52908
registers.r14: 0
registers.r15: 0
registers.rcx: 24
registers.rsi: 0
registers.r10: 0
registers.rbx: 524664
registers.rsp: 1899048
registers.r11: 1898736
registers.r8: 3064152
registers.r9: 10
registers.rdx: 4286644224
registers.r12: 10
registers.rbp: 3063968
registers.rdi: 3064184
registers.rax: 524664
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c
0x5292c

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x5292c
registers.r14: 0
registers.r15: 0
registers.rcx: 262462
registers.rsi: 0
registers.r10: 0
registers.rbx: 262462
registers.rsp: 1309160
registers.r11: 1308848
registers.r8: 3391836
registers.r9: 10
registers.rdx: 4286644224
registers.r12: 10
registers.rbp: 3391648
registers.rdi: 262462
registers.rax: 262462
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x52908
registers.r14: 0
registers.r15: 0
registers.rcx: 24
registers.rsi: 0
registers.r10: 0
registers.rbx: 327992
registers.rsp: 1570232
registers.r11: 1569920
registers.r8: 2474378
registers.r9: 10
registers.rdx: 4286644224
registers.r12: 10
registers.rbp: 2474176
registers.rdi: 327992
registers.rax: 327992
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x52908
registers.r14: 0
registers.r15: 0
registers.rcx: 24
registers.rsi: 0
registers.r10: 0
registers.rbx: 262466
registers.rsp: 1637576
registers.r11: 1637264
registers.r8: 3391842
registers.r9: 10
registers.rdx: 4286644224
registers.r12: 10
registers.rbp: 3391648
registers.rdi: 262466
registers.rax: 262466
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
cango_attr_list_insert+0xc5 cango_attr_list_new-0xcb loader_p1_dll_64_n1_x64_inf+0xba45 @ 0x18000ba45
rundll32+0x2f42 @ 0xff812f42
rundll32+0x3b7a @ 0xff813b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 49 8b 02 8b 48 08 41 3b c9 72 6c 45 85 c0 75 05
exception.instruction: mov rax, qword ptr [r10]
exception.exception_code: 0xc0000005
exception.symbol: cango_attr_list_insert+0xc5 cango_attr_list_new-0xcb loader_p1_dll_64_n1_x64_inf+0xba45
exception.address: 0x18000ba45
registers.r14: 0
registers.r15: 0
registers.rcx: 262470
registers.rsi: 0
registers.r10: 14073967886008421
registers.rbx: 0
registers.rsp: 1046880
registers.r11: 1045968
registers.r8: 0
registers.r9: 4
registers.rdx: 4286644224
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 262470
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x52962
registers.r14: 0
registers.r15: 0
registers.rcx: 6442796856
registers.rsi: 262442
registers.r10: 0
registers.rbx: 262442
registers.rsp: 1177096
registers.r11: 1176864
registers.r8: 1687978
registers.r9: 10
registers.rdx: 4286644224
registers.r12: 10
registers.rbp: 1687760
registers.rdi: 4286644224
registers.rax: 262442
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x52962
registers.r14: 0
registers.r15: 0
registers.rcx: 6442797440
registers.rsi: 0
registers.r10: 0
registers.rbx: 262434
registers.rsp: 2750520
registers.r11: 2750240
registers.r8: 770472
registers.r9: 10
registers.rdx: 4286644224
registers.r12: 10
registers.rbp: 770256
registers.rdi: 770504
registers.rax: 262434
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e
0x5283e

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x5283e
registers.r14: 0
registers.r15: 0
registers.rcx: 6442721872
registers.rsi: 1
registers.r10: 0
registers.rbx: 262460
registers.rsp: 2356680
registers.r11: 2356464
registers.r8: 4047254
registers.r9: 10
registers.rdx: 1
registers.r12: 10
registers.rbp: 4047040
registers.rdi: 262460
registers.rax: 262460
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c
0x5346c

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x5346c
registers.r14: 0
registers.r15: 0
registers.rcx: 6442796328
registers.rsi: 0
registers.r10: 0
registers.rbx: 262476
registers.rsp: 2095400
registers.r11: 2095088
registers.r8: 4178322
registers.r9: 10
registers.rdx: 4286644224
registers.r12: 10
registers.rbp: 4178112
registers.rdi: 4178344
registers.rax: 262476
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x52962
registers.r14: 0
registers.r15: 0
registers.rcx: 6442797440
registers.rsi: 0
registers.r10: 0
registers.rbx: 65938
registers.rsp: 1767976
registers.r11: 1767696
registers.r8: 2408844
registers.r9: 10
registers.rdx: 4286644224
registers.r12: 10
registers.rbp: 2408640
registers.rdi: 2408872
registers.rax: 65938
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x52962
registers.r14: 0
registers.r15: 0
registers.rcx: 6442797512
registers.rsi: 0
registers.r10: 0
registers.rbx: 65950
registers.rsp: 719576
registers.r11: 719376
registers.r8: 2343266
registers.r9: 10
registers.rdx: 4286644224
registers.r12: 10
registers.rbp: 2343072
registers.rdi: 2343288
registers.rax: 65950
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x52962
registers.r14: 0
registers.r15: 0
registers.rcx: 6442797440
registers.rsi: 0
registers.r10: 0
registers.rbx: 131772
registers.rsp: 1242984
registers.r11: 1242720
registers.r8: 1687976
registers.r9: 10
registers.rdx: 4286644224
registers.r12: 10
registers.rbp: 1687760
registers.rdi: 1688008
registers.rax: 131772
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x52962
registers.r14: 0
registers.r15: 0
registers.rcx: 6442797312
registers.rsi: 0
registers.r10: 0
registers.rbx: 66274
registers.rsp: 1375288
registers.r11: 1375056
registers.r8: 3260768
registers.r9: 10
registers.rdx: 4286644224
registers.r12: 10
registers.rbp: 3260576
registers.rdi: 4286644224
registers.rax: 66274
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x52962
registers.r14: 0
registers.r15: 0
registers.rcx: 6442797312
registers.rsi: 0
registers.r10: 0
registers.rbx: 66348
registers.rsp: 1767832
registers.r11: 1767600
registers.r8: 3522912
registers.r9: 10
registers.rdx: 4286644224
registers.r12: 10
registers.rbp: 3522720
registers.rdi: 4286644224
registers.rax: 66348
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x52962
registers.r14: 0
registers.r15: 0
registers.rcx: 6442796856
registers.rsi: 0
registers.r10: 0
registers.rbx: 66394
registers.rsp: 1308296
registers.r11: 1308064
registers.r8: 2146662
registers.r9: 10
registers.rdx: 4286644224
registers.r12: 10
registers.rbp: 2146464
registers.rdi: 4286644224
registers.rax: 66394
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
cango_context_set_gravity_hint+0xa cango_context_set_language-0x36 loader_p1_dll_64_n1_x64_inf+0xe98a @ 0x18000e98a
rundll32+0x2f42 @ 0xff812f42
rundll32+0x3b7a @ 0xff813b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: ff 41 18 41 b8 01 00 00 00 8b 41 18 83 f8 00 41
exception.instruction: inc dword ptr [rcx + 0x18]
exception.exception_code: 0xc0000005
exception.symbol: cango_context_set_gravity_hint+0xa cango_context_set_language-0x36 loader_p1_dll_64_n1_x64_inf+0xe98a
exception.address: 0x18000e98a
registers.r14: 0
registers.r15: 0
registers.rcx: 132042
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 1636336
registers.r11: 1635424
registers.r8: 1950094
registers.r9: 10
registers.rdx: 4286644224
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 132042
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
cango_context_set_language+0x14 cango_font_map_create_context-0x25bc loader_p1_dll_64_n1_x64_inf+0xe9d4 @ 0x18000e9d4
rundll32+0x2f42 @ 0xff812f42
rundll32+0x3b7a @ 0xff813b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: ff 41 18 8b 41 18 83 f8 00 b9 01 00 00 00 0f 44
exception.instruction: inc dword ptr [rcx + 0x18]
exception.exception_code: 0xc0000005
exception.symbol: cango_context_set_language+0x14 cango_font_map_create_context-0x25bc loader_p1_dll_64_n1_x64_inf+0xe9d4
exception.address: 0x18000e9d4
registers.r14: 0
registers.r15: 0
registers.rcx: 132048
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 2751440
registers.r11: 2750528
registers.r8: 3785062
registers.r9: 10
registers.rdx: 4286644224
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 132048
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x52908
registers.r14: 0
registers.r15: 0
registers.rcx: 40
registers.rsi: 0
registers.r10: 0
registers.rbx: 66522
registers.rsp: 2620744
registers.r11: 2620432
registers.r8: 4702600
registers.r9: 10
registers.rdx: 4286644224
registers.r12: 10
registers.rbp: 4702400
registers.rdi: 66522
registers.rax: 66522
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc
0x529fc

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x529fc
registers.r14: 0
registers.r15: 0
registers.rcx: 40
registers.rsi: 0
registers.r10: 0
registers.rbx: 66594
registers.rsp: 915160
registers.r11: 914848
registers.r8: 1819016
registers.r9: 10
registers.rdx: 66594
registers.r12: 10
registers.rbp: 1818816
registers.rdi: 1819048
registers.rax: 66594
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x52908
registers.r14: 0
registers.r15: 0
registers.rcx: 40
registers.rsi: 0
registers.r10: 0
registers.rbx: 66560
registers.rsp: 1965032
registers.r11: 1964736
registers.r8: 2277782
registers.r9: 10
registers.rdx: 4286644224
registers.r12: 10
registers.rbp: 2277568
registers.rdi: 2277800
registers.rax: 66560
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x52908
registers.r14: 0
registers.r15: 0
registers.rcx: 40
registers.rsi: 0
registers.r10: 0
registers.rbx: 66606
registers.rsp: 1178440
registers.r11: 1178128
registers.r8: 3064166
registers.r9: 10
registers.rdx: 4286644224
registers.r12: 10
registers.rbp: 3063968
registers.rdi: 3064184
registers.rax: 66606
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc
0x527fc

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x527fc
registers.r14: 0
registers.r15: 0
registers.rcx: 0
registers.rsi: 0
registers.r10: 0
registers.rbx: 66680
registers.rsp: 2553288
registers.r11: 2552928
registers.r8: 6442669224
registers.r9: 10
registers.rdx: 6442669192
registers.r12: 10
registers.rbp: 4374720
registers.rdi: 4374952
registers.rax: 66680
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
cango_font_description_set_stretch+0x5 cango_font_description_set_style-0x2b loader_p1_dll_64_n1_x64_inf+0x6f85 @ 0x180006f85
rundll32+0x2f42 @ 0xff812f42
rundll32+0x3b7a @ 0xff813b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 89 51 14 66 83 49 1c 10 c3 4c 8d 05 23 e3 02 00
exception.instruction: mov dword ptr [rcx + 0x14], edx
exception.exception_code: 0xc0000005
exception.symbol: cango_font_description_set_stretch+0x5 cango_font_description_set_style-0x2b loader_p1_dll_64_n1_x64_inf+0x6f85
exception.address: 0x180006f85
registers.r14: 0
registers.r15: 0
registers.rcx: 132180
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 1506416
registers.r11: 1505504
registers.r8: 2670998
registers.r9: 10
registers.rdx: 4286644224
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 132180
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x52962
registers.r14: 0
registers.r15: 0
registers.rcx: 6442796856
registers.rsi: 0
registers.r10: 0
registers.rbx: 132260
registers.rsp: 1309336
registers.r11: 1309152
registers.r8: 2146700
registers.r9: 10
registers.rdx: 4286644224
registers.r12: 10
registers.rbp: 2146496
registers.rdi: 132260
registers.rax: 132260
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2
0x52bb2

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x52bb2
registers.r14: 0
registers.r15: 0
registers.rcx: 6442797256
registers.rsi: 0
registers.r10: 0
registers.rbx: 132258
registers.rsp: 982248
registers.r11: 981952
registers.r8: 2670950
registers.r9: 10
registers.rdx: 4286644224
registers.r12: 10
registers.rbp: 2670752
registers.rdi: 2670968
registers.rax: 132258
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x52962
registers.r14: 0
registers.r15: 0
registers.rcx: 6442797312
registers.rsi: 0
registers.r10: 0
registers.rbx: 66786
registers.rsp: 2424136
registers.r11: 2423856
registers.r8: 901514
registers.r9: 10
registers.rdx: 4286644224
registers.r12: 10
registers.rbp: 901312
registers.rdi: 901544
registers.rax: 66786
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
cango_context_get_gravity+0x2da cango_context_set_base_dir-0x266 loader_p1_dll_64_n1_x64_inf+0xe4aa @ 0x18000e4aa
cango_language_from_string+0x1e40 cango_layout_context_changed-0x6c0 loader_p1_dll_64_n1_x64_inf+0x154a0 @ 0x1800154a0
cango_layout_get_extents+0x73 cango_layout_get_iter-0x49d loader_p1_dll_64_n1_x64_inf+0x16643 @ 0x180016643
rundll32+0x2f42 @ 0xff812f42
rundll32+0x3b7a @ 0xff813b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 8b 79 1c 48 8b d9 48 8b 49 50 48 85 c9 74 20 e8
exception.instruction: mov edi, dword ptr [rcx + 0x1c]
exception.exception_code: 0xc0000005
exception.symbol: cango_context_get_gravity+0x2da cango_context_set_base_dir-0x266 loader_p1_dll_64_n1_x64_inf+0xe4aa
exception.address: 0x18000e4aa
registers.r14: 0
registers.r15: 0
registers.rcx: 68327341
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 1636624
registers.r11: 1635712
registers.r8: 2408802
registers.r9: 0
registers.rdx: 6
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 47936898029282
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x52962
registers.r14: 0
registers.r15: 0
registers.rcx: 6442797312
registers.rsi: 131568
registers.r10: 0
registers.rbx: 131568
registers.rsp: 1834264
registers.r11: 1834016
registers.r8: 3391836
registers.r9: 10
registers.rdx: 4286644224
registers.r12: 10
registers.rbp: 3391648
registers.rdi: 3391864
registers.rax: 47936897834770
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
cango_context_get_gravity+0x2da cango_context_set_base_dir-0x266 loader_p1_dll_64_n1_x64_inf+0xe4aa @ 0x18000e4aa
cango_language_from_string+0x1e40 cango_layout_context_changed-0x6c0 loader_p1_dll_64_n1_x64_inf+0x154a0 @ 0x1800154a0
cango_layout_get_extents+0x73 cango_layout_get_iter-0x49d loader_p1_dll_64_n1_x64_inf+0x16643 @ 0x180016643
cango_layout_get_size+0x33 cango_layout_iter_free-0xbbd loader_p1_dll_64_n1_x64_inf+0x171e3 @ 0x1800171e3
rundll32+0x2f42 @ 0xff812f42
rundll32+0x3b7a @ 0xff813b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 8b 79 1c 48 8b d9 48 8b 49 50 48 85 c9 74 20 e8
exception.instruction: mov edi, dword ptr [rcx + 0x1c]
exception.exception_code: 0xc0000005
exception.symbol: cango_context_get_gravity+0x2da cango_context_set_base_dir-0x266 loader_p1_dll_64_n1_x64_inf+0xe4aa
exception.address: 0x18000e4aa
registers.r14: 0
registers.r15: 0
registers.rcx: 849441451933696
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 2686048
registers.r11: 2685136
registers.r8: 2685456
registers.r9: 0
registers.rdx: 6
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 47936901174754
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062
0x53062

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x53062
registers.r14: 0
registers.r15: 0
registers.rcx: 0
registers.rsi: 0
registers.r10: 0
registers.rbx: 66828
registers.rsp: 1898472
registers.r11: 1898160
registers.r8: 0
registers.r9: 10
registers.rdx: 6442534432
registers.r12: 10
registers.rbp: 3260576
registers.rdi: 3260792
registers.rax: 66828
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
cango_layout_iter_get_baseline+0x8 cango_layout_new-0x2138 loader_p1_dll_64_n1_x64_inf+0x17df8 @ 0x180017df8
rundll32+0x2f42 @ 0xff812f42
rundll32+0x3b7a @ 0xff813b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 48 83 38 00 75 21 4c 8d 0d 43 93 02 00 ba 10 00
exception.instruction: cmp qword ptr [rax], 0
exception.exception_code: 0xc0000005
exception.symbol: cango_layout_iter_get_baseline+0x8 cango_layout_new-0x2138 loader_p1_dll_64_n1_x64_inf+0x17df8
exception.address: 0x180017df8
registers.r14: 0
registers.r15: 0
registers.rcx: 263398
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 1441552
registers.r11: 1440640
registers.r8: 1753486
registers.r9: 10
registers.rdx: 4286644224
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 0
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x52962
registers.r14: 0
registers.r15: 0
registers.rcx: 6442797312
registers.rsi: 0
registers.r10: 0
registers.rbx: 66866
registers.rsp: 1112200
registers.r11: 1111968
registers.r8: 1950018
registers.r9: 10
registers.rdx: 4286644224
registers.r12: 10
registers.rbp: 1949840
registers.rdi: 66866
registers.rax: 66866
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918
0x52918

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x52918
registers.r14: 0
registers.r15: 0
registers.rcx: 4286644224
registers.rsi: 0
registers.r10: 0
registers.rbx: 4286644224
registers.rsp: 980520
registers.r11: 980256
registers.r8: 1950088
registers.r9: 10
registers.rdx: 4286644224
registers.r12: 10
registers.rbp: 1949888
registers.rdi: 0
registers.rax: 394470
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x52962
registers.r14: 0
registers.r15: 0
registers.rcx: 6442797312
registers.rsi: 4286644224
registers.r10: 0
registers.rbx: 66966
registers.rsp: 2422712
registers.r11: 2422432
registers.r8: 3129700
registers.r9: 10
registers.rdx: 4286644224
registers.r12: 10
registers.rbp: 3129504
registers.rdi: 66966
registers.rax: 66966
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x52962
registers.r14: 0
registers.r15: 0
registers.rcx: 6442797312
registers.rsi: 0
registers.r10: 0
registers.rbx: 66970
registers.rsp: 1571048
registers.r11: 1570768
registers.r8: 1753446
registers.r9: 10
registers.rdx: 4286644224
registers.r12: 10
registers.rbp: 1753248
registers.rdi: 4286644224
registers.rax: 66970
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908
0x52908

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x52908
registers.r14: 0
registers.r15: 0
registers.rcx: 40
registers.rsi: 0
registers.r10: 0
registers.rbx: 67004
registers.rsp: 1571240
registers.r11: 1570976
registers.r8: 2867604
registers.r9: 10
registers.rdx: 0
registers.r12: 10
registers.rbp: 2867392
registers.rdi: 4286644224
registers.rax: 67004
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x52962
registers.r14: 0
registers.r15: 0
registers.rcx: 6442797312
registers.rsi: 0
registers.r10: 0
registers.rbx: 198116
registers.rsp: 982040
registers.r11: 981856
registers.r8: 3326304
registers.r9: 0
registers.rdx: 4286644224
registers.r12: 10
registers.rbp: 3326304
registers.rdi: 4286644224
registers.rax: 198116
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
cango_layout_set_justify+0x1e cango_layout_set_markup-0x42 loader_p1_dll_64_n1_x64_inf+0x1a68e @ 0x18001a68e
rundll32+0x2f42 @ 0xff812f42
rundll32+0x3b7a @ 0xff813b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 89 41 64 a9 80 04 00 00 74 2e ff 41 44 ba 01 00
exception.instruction: mov dword ptr [rcx + 0x64], eax
exception.exception_code: 0xc0000005
exception.symbol: cango_layout_set_justify+0x1e cango_layout_set_markup-0x42 loader_p1_dll_64_n1_x64_inf+0x1a68e
exception.address: 0x18001a68e
registers.r14: 0
registers.r15: 0
registers.rcx: 132546
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 1375856
registers.r11: 1374944
registers.r8: 148897792
registers.r9: 10
registers.rdx: 4286644224
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 148897792
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x52962
registers.r14: 0
registers.r15: 0
registers.rcx: 6442797312
registers.rsi: 4286644224
registers.r10: 0
registers.rbx: 67048
registers.rsp: 1832648
registers.r11: 1832368
registers.r8: 3981742
registers.r9: 10
registers.rdx: 4286644224
registers.r12: 10
registers.rbp: 3981520
registers.rdi: 3981768
registers.rax: 67048
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e
0x52a7e

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x52a7e
registers.r14: 0
registers.r15: 0
registers.rcx: 4286644224
registers.rsi: 0
registers.r10: 0
registers.rbx: 67116
registers.rsp: 1112344
registers.r11: 1112032
registers.r8: 1884508
registers.r9: 10
registers.rdx: 1884508
registers.r12: 10
registers.rbp: 1
registers.rdi: 1884536
registers.rax: 4286644224
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962
0x52962

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x52962
registers.r14: 0
registers.r15: 0
registers.rcx: 6442797312
registers.rsi: 0
registers.r10: 0
registers.rbx: 132656
registers.rsp: 1768776
registers.r11: 1768496
registers.r8: 2408796
registers.r9: 10
registers.rdx: 4286644224
registers.r12: 10
registers.rbp: 2408608
registers.rdi: 4286644224
registers.rax: 132656
registers.r13: 0
1 0 0
suspicious_features GET method with no useragent header suspicious_request GET http://skanfordiporka.com/
request GET http://skanfordiporka.com/
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 940
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2108
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2204
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2588
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2616
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2420
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2708
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1216
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 812
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2180
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2188
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3308
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3876
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3892
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3368
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4004
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2520
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4072
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3668
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3216
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3992
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4244
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4400
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4764
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4900
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 5084
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4132
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4264
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4632
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4844
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4492
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4596
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4852
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 5056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4820
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3432
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4184
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 5192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 5416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 5616
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 5808
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 5912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 5980
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0
description rundll32.exe tried to sleep 178 seconds, actually delayed analysis time by 178 seconds
TrendMicro TrojanSpy.Win64.ICEDID.SMYXDAVZ
section {u'size_of_data': u'0x00006000', u'virtual_address': u'0x0005c000', u'entropy': 6.823978273936543, u'name': u'.rsrc', u'virtual_size': u'0x0000568a'} entropy 6.82397827394 description A section with a high entropy has been found
cmdline "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll77.dll,cango_layout_set_attributes