7.0
高危
58 个模型检测该样本为恶意!
重新分析
更多

06e0e3da562a627b84f328a76d70b62326e2b5a82fd28bf943b6d3dfd1f26cb7

31deaffe726e5446c0188381ef391335.exe

分析耗时

99s

最近分析

文件大小

682.0KB
静态报毒 动态报毒 AI SCORE=83 AIDETECTVM ALI2000015 AVSARHER BTOMTW CLASSIC CONFIDENCE DELF DELFINJECT DELPHILESS DOQZ ELXR EMHC FAREIT FORMBOOK HIGH CONFIDENCE HKSMPI KRYPTIK LKEG MALWARE2 MALWARE@#10WIQ8I3GUZ1D NOON PASSWORDSTEALER QGX@A85GBXCI R06EC0DIA20 S + MAL SCORE SPYBOTNET STATIC AI SUSGEN SUSPICIOUS PE TSCOPE UNSAFE VFAHK WACATAC X2066 ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/DelfInject.ali2000015 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Kingsoft 20201211 2017.9.26.565
McAfee Fareit-FTB!31DEAFFE726E 20201211 6.0.6.653
Tencent Win32.Trojan-spy.Noon.Lkeg 20201211 1.0.0.1
Avast Win32:Trojan-gen 20201210 21.1.5827.0
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (28 个事件)
Time & API Arguments Status Return Repeated
1619345030.935531
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 50003508
registers.edi: 0
registers.eax: 0
registers.ebp: 50003848
registers.edx: 23
registers.ebx: 0
registers.esi: 0
registers.ecx: 892
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 04 85 00 00 e9
exception.symbol: 31deaffe726e5446c0188381ef391335+0x5f708
exception.instruction: div eax
exception.module: 31deaffe726e5446c0188381ef391335.exe
exception.exception_code: 0xc0000094
exception.offset: 390920
exception.address: 0x45f708
success 0 0
1619349028.226
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 39517748
registers.edi: 0
registers.eax: 0
registers.ebp: 39518088
registers.edx: 30
registers.ebx: 0
registers.esi: 0
registers.ecx: 226
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 04 85 00 00 e9
exception.symbol: 31deaffe726e5446c0188381ef391335+0x5f708
exception.instruction: div eax
exception.module: 31deaffe726e5446c0188381ef391335.exe
exception.exception_code: 0xc0000094
exception.offset: 390920
exception.address: 0x45f708
success 0 0
1619349029.898
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 39779892
registers.edi: 0
registers.eax: 0
registers.ebp: 39780232
registers.edx: 30
registers.ebx: 0
registers.esi: 0
registers.ecx: 898
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 04 85 00 00 e9
exception.symbol: 31deaffe726e5446c0188381ef391335+0x5f708
exception.instruction: div eax
exception.module: 31deaffe726e5446c0188381ef391335.exe
exception.exception_code: 0xc0000094
exception.offset: 390920
exception.address: 0x45f708
success 0 0
1619349031.211
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 49610292
registers.edi: 0
registers.eax: 0
registers.ebp: 49610632
registers.edx: 30
registers.ebx: 0
registers.esi: 0
registers.ecx: 132
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 04 85 00 00 e9
exception.symbol: 31deaffe726e5446c0188381ef391335+0x5f708
exception.instruction: div eax
exception.module: 31deaffe726e5446c0188381ef391335.exe
exception.exception_code: 0xc0000094
exception.offset: 390920
exception.address: 0x45f708
success 0 0
1619349033.304375
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 39321140
registers.edi: 0
registers.eax: 0
registers.ebp: 39321480
registers.edx: 30
registers.ebx: 0
registers.esi: 0
registers.ecx: 304
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 04 85 00 00 e9
exception.symbol: 31deaffe726e5446c0188381ef391335+0x5f708
exception.instruction: div eax
exception.module: 31deaffe726e5446c0188381ef391335.exe
exception.exception_code: 0xc0000094
exception.offset: 390920
exception.address: 0x45f708
success 0 0
1619349034.86725
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 39386676
registers.edi: 0
registers.eax: 0
registers.ebp: 39387016
registers.edx: 30
registers.ebx: 0
registers.esi: 0
registers.ecx: 820
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 04 85 00 00 e9
exception.symbol: 31deaffe726e5446c0188381ef391335+0x5f708
exception.instruction: div eax
exception.module: 31deaffe726e5446c0188381ef391335.exe
exception.exception_code: 0xc0000094
exception.offset: 390920
exception.address: 0x45f708
success 0 0
1619349041.164
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 50003508
registers.edi: 0
registers.eax: 0
registers.ebp: 50003848
registers.edx: 30
registers.ebx: 0
registers.esi: 0
registers.ecx: 148
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 04 85 00 00 e9
exception.symbol: 31deaffe726e5446c0188381ef391335+0x5f708
exception.instruction: div eax
exception.module: 31deaffe726e5446c0188381ef391335.exe
exception.exception_code: 0xc0000094
exception.offset: 390920
exception.address: 0x45f708
success 0 0
1619349043.836375
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 49610292
registers.edi: 0
registers.eax: 0
registers.ebp: 49610632
registers.edx: 30
registers.ebx: 0
registers.esi: 0
registers.ecx: 835
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 04 85 00 00 e9
exception.symbol: 31deaffe726e5446c0188381ef391335+0x5f708
exception.instruction: div eax
exception.module: 31deaffe726e5446c0188381ef391335.exe
exception.exception_code: 0xc0000094
exception.offset: 390920
exception.address: 0x45f708
success 0 0
1619349045.67875
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 50527796
registers.edi: 0
registers.eax: 0
registers.ebp: 50528136
registers.edx: 30
registers.ebx: 0
registers.esi: 0
registers.ecx: 632
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 04 85 00 00 e9
exception.symbol: 31deaffe726e5446c0188381ef391335+0x5f708
exception.instruction: div eax
exception.module: 31deaffe726e5446c0188381ef391335.exe
exception.exception_code: 0xc0000094
exception.offset: 390920
exception.address: 0x45f708
success 0 0
1619349052.94475
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 50069044
registers.edi: 0
registers.eax: 0
registers.ebp: 50069384
registers.edx: 30
registers.ebx: 0
registers.esi: 0
registers.ecx: 835
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 04 85 00 00 e9
exception.symbol: 31deaffe726e5446c0188381ef391335+0x5f708
exception.instruction: div eax
exception.module: 31deaffe726e5446c0188381ef391335.exe
exception.exception_code: 0xc0000094
exception.offset: 390920
exception.address: 0x45f708
success 0 0
1619349057.22625
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 51510836
registers.edi: 0
registers.eax: 0
registers.ebp: 51511176
registers.edx: 30
registers.ebx: 0
registers.esi: 0
registers.ecx: 226
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 04 85 00 00 e9
exception.symbol: 31deaffe726e5446c0188381ef391335+0x5f708
exception.instruction: div eax
exception.module: 31deaffe726e5446c0188381ef391335.exe
exception.exception_code: 0xc0000094
exception.offset: 390920
exception.address: 0x45f708
success 0 0
1619349059.02275
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 50265652
registers.edi: 0
registers.eax: 0
registers.ebp: 50265992
registers.edx: 30
registers.ebx: 0
registers.esi: 0
registers.ecx: 976
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 04 85 00 00 e9
exception.symbol: 31deaffe726e5446c0188381ef391335+0x5f708
exception.instruction: div eax
exception.module: 31deaffe726e5446c0188381ef391335.exe
exception.exception_code: 0xc0000094
exception.offset: 390920
exception.address: 0x45f708
success 0 0
1619349065.289375
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 40042036
registers.edi: 0
registers.eax: 0
registers.ebp: 40042376
registers.edx: 31
registers.ebx: 0
registers.esi: 0
registers.ecx: 273
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 04 85 00 00 e9
exception.symbol: 31deaffe726e5446c0188381ef391335+0x5f708
exception.instruction: div eax
exception.module: 31deaffe726e5446c0188381ef391335.exe
exception.exception_code: 0xc0000094
exception.offset: 390920
exception.address: 0x45f708
success 0 0
1619349067.897875
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 50396724
registers.edi: 0
registers.eax: 0
registers.ebp: 50397064
registers.edx: 31
registers.ebx: 0
registers.esi: 0
registers.ecx: 866
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 04 85 00 00 e9
exception.symbol: 31deaffe726e5446c0188381ef391335+0x5f708
exception.instruction: div eax
exception.module: 31deaffe726e5446c0188381ef391335.exe
exception.exception_code: 0xc0000094
exception.offset: 390920
exception.address: 0x45f708
success 0 0
1619349069.757875
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 39452212
registers.edi: 0
registers.eax: 0
registers.ebp: 39452552
registers.edx: 31
registers.ebx: 0
registers.esi: 0
registers.ecx: 757
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 04 85 00 00 e9
exception.symbol: 31deaffe726e5446c0188381ef391335+0x5f708
exception.instruction: div eax
exception.module: 31deaffe726e5446c0188381ef391335.exe
exception.exception_code: 0xc0000094
exception.offset: 390920
exception.address: 0x45f708
success 0 0
1619349071.726125
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 40238644
registers.edi: 0
registers.eax: 0
registers.ebp: 40238984
registers.edx: 31
registers.ebx: 0
registers.esi: 0
registers.ecx: 695
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 04 85 00 00 e9
exception.symbol: 31deaffe726e5446c0188381ef391335+0x5f708
exception.instruction: div eax
exception.module: 31deaffe726e5446c0188381ef391335.exe
exception.exception_code: 0xc0000094
exception.offset: 390920
exception.address: 0x45f708
success 0 0
1619349073.351
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 39058996
registers.edi: 0
registers.eax: 0
registers.ebp: 39059336
registers.edx: 31
registers.ebx: 0
registers.esi: 0
registers.ecx: 351
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 04 85 00 00 e9
exception.symbol: 31deaffe726e5446c0188381ef391335+0x5f708
exception.instruction: div eax
exception.module: 31deaffe726e5446c0188381ef391335.exe
exception.exception_code: 0xc0000094
exception.offset: 390920
exception.address: 0x45f708
success 0 0
1619349075.258375
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 40238644
registers.edi: 0
registers.eax: 0
registers.ebp: 40238984
registers.edx: 31
registers.ebx: 0
registers.esi: 0
registers.ecx: 226
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 04 85 00 00 e9
exception.symbol: 31deaffe726e5446c0188381ef391335+0x5f708
exception.instruction: div eax
exception.module: 31deaffe726e5446c0188381ef391335.exe
exception.exception_code: 0xc0000094
exception.offset: 390920
exception.address: 0x45f708
success 0 0
1619349076.866625
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 50986548
registers.edi: 0
registers.eax: 0
registers.ebp: 50986888
registers.edx: 31
registers.ebx: 0
registers.esi: 0
registers.ecx: 866
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 04 85 00 00 e9
exception.symbol: 31deaffe726e5446c0188381ef391335+0x5f708
exception.instruction: div eax
exception.module: 31deaffe726e5446c0188381ef391335.exe
exception.exception_code: 0xc0000094
exception.offset: 390920
exception.address: 0x45f708
success 0 0
1619349079.070375
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 40042036
registers.edi: 0
registers.eax: 0
registers.ebp: 40042376
registers.edx: 31
registers.ebx: 0
registers.esi: 0
registers.ecx: 54
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 04 85 00 00 e9
exception.symbol: 31deaffe726e5446c0188381ef391335+0x5f708
exception.instruction: div eax
exception.module: 31deaffe726e5446c0188381ef391335.exe
exception.exception_code: 0xc0000094
exception.offset: 390920
exception.address: 0x45f708
success 0 0
1619349080.101375
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 50003508
registers.edi: 0
registers.eax: 0
registers.ebp: 50003848
registers.edx: 31
registers.ebx: 0
registers.esi: 0
registers.ecx: 101
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 04 85 00 00 e9
exception.symbol: 31deaffe726e5446c0188381ef391335+0x5f708
exception.instruction: div eax
exception.module: 31deaffe726e5446c0188381ef391335.exe
exception.exception_code: 0xc0000094
exception.offset: 390920
exception.address: 0x45f708
success 0 0
1619349082.523125
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 49282612
registers.edi: 0
registers.eax: 0
registers.ebp: 49282952
registers.edx: 31
registers.ebx: 0
registers.esi: 0
registers.ecx: 476
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 04 85 00 00 e9
exception.symbol: 31deaffe726e5446c0188381ef391335+0x5f708
exception.instruction: div eax
exception.module: 31deaffe726e5446c0188381ef391335.exe
exception.exception_code: 0xc0000094
exception.offset: 390920
exception.address: 0x45f708
success 0 0
1619349083.4605
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 49217076
registers.edi: 0
registers.eax: 0
registers.ebp: 49217416
registers.edx: 31
registers.ebx: 0
registers.esi: 0
registers.ecx: 460
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 04 85 00 00 e9
exception.symbol: 31deaffe726e5446c0188381ef391335+0x5f708
exception.instruction: div eax
exception.module: 31deaffe726e5446c0188381ef391335.exe
exception.exception_code: 0xc0000094
exception.offset: 390920
exception.address: 0x45f708
success 0 0
1619349086.5075
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 50986548
registers.edi: 0
registers.eax: 0
registers.ebp: 50986888
registers.edx: 31
registers.ebx: 0
registers.esi: 0
registers.ecx: 507
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 04 85 00 00 e9
exception.symbol: 31deaffe726e5446c0188381ef391335+0x5f708
exception.instruction: div eax
exception.module: 31deaffe726e5446c0188381ef391335.exe
exception.exception_code: 0xc0000094
exception.offset: 390920
exception.address: 0x45f708
success 0 0
1619349087.694875
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 40238644
registers.edi: 0
registers.eax: 0
registers.ebp: 40238984
registers.edx: 31
registers.ebx: 0
registers.esi: 0
registers.ecx: 695
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 04 85 00 00 e9
exception.symbol: 31deaffe726e5446c0188381ef391335+0x5f708
exception.instruction: div eax
exception.module: 31deaffe726e5446c0188381ef391335.exe
exception.exception_code: 0xc0000094
exception.offset: 390920
exception.address: 0x45f708
success 0 0
1619349089.82025
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 50396724
registers.edi: 0
registers.eax: 0
registers.ebp: 50397064
registers.edx: 31
registers.ebx: 0
registers.esi: 0
registers.ecx: 820
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 04 85 00 00 e9
exception.symbol: 31deaffe726e5446c0188381ef391335+0x5f708
exception.instruction: div eax
exception.module: 31deaffe726e5446c0188381ef391335.exe
exception.exception_code: 0xc0000094
exception.offset: 390920
exception.address: 0x45f708
success 0 0
1619349092.49175
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 39714356
registers.edi: 0
registers.eax: 0
registers.ebp: 39714696
registers.edx: 31
registers.ebx: 0
registers.esi: 0
registers.ecx: 491
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 04 85 00 00 e9
exception.symbol: 31deaffe726e5446c0188381ef391335+0x5f708
exception.instruction: div eax
exception.module: 31deaffe726e5446c0188381ef391335.exe
exception.exception_code: 0xc0000094
exception.offset: 390920
exception.address: 0x45f708
success 0 0
1619349095.55425
__exception__
stacktrace: 
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 39779892
registers.edi: 0
registers.eax: 0
registers.ebp: 39780232
registers.edx: 31
registers.ebx: 0
registers.esi: 0
registers.ecx: 538
exception.instruction_r: f7 f0 33 c0 5a 59 59 64 89 10 e9 04 85 00 00 e9
exception.symbol: 31deaffe726e5446c0188381ef391335+0x5f708
exception.instruction: div eax
exception.module: 31deaffe726e5446c0188381ef391335.exe
exception.exception_code: 0xc0000094
exception.offset: 390920
exception.address: 0x45f708
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (50 out of 98 个事件)
Time & API Arguments Status Return Repeated
1619345030.795531
NtAllocateVirtualMemory
process_identifier: 2240
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x008e0000
success 0 0
1619345030.935531
NtProtectVirtualMemory
process_identifier: 2240
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 36864
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0045f000
success 0 0
1619345030.935531
NtAllocateVirtualMemory
process_identifier: 2240
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02390000
success 0 0
1619349028.07
NtAllocateVirtualMemory
process_identifier: 2544
region_size: 3158016
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00860000
success 0 0
1619349028.211
NtAllocateVirtualMemory
process_identifier: 2732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x005c0000
success 0 0
1619349028.226
NtProtectVirtualMemory
process_identifier: 2732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 36864
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0045f000
success 0 0
1619349028.242
NtAllocateVirtualMemory
process_identifier: 2732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x025b0000
success 0 0
1619349029.836
NtAllocateVirtualMemory
process_identifier: 2288
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x005c0000
success 0 0
1619349029.898
NtProtectVirtualMemory
process_identifier: 2288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 36864
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0045f000
success 0 0
1619349029.914
NtAllocateVirtualMemory
process_identifier: 2288
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02390000
success 0 0
1619349030.820375
NtAllocateVirtualMemory
process_identifier: 2128
region_size: 3158016
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x007f0000
success 0 0
1619349031.086
NtAllocateVirtualMemory
process_identifier: 2900
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x022f0000
success 0 0
1619349031.211
NtProtectVirtualMemory
process_identifier: 2900
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 36864
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0045f000
success 0 0
1619349031.226
NtAllocateVirtualMemory
process_identifier: 2900
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x024b0000
success 0 0
1619349033.211375
NtAllocateVirtualMemory
process_identifier: 3188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x005c0000
success 0 0
1619349033.304375
NtProtectVirtualMemory
process_identifier: 3188
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 36864
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0045f000
success 0 0
1619349033.320375
NtAllocateVirtualMemory
process_identifier: 3188
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x025b0000
success 0 0
1619349034.586125
NtAllocateVirtualMemory
process_identifier: 3260
region_size: 3158016
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00910000
success 0 0
1619349034.75825
NtAllocateVirtualMemory
process_identifier: 3320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x008f0000
success 0 0
1619349034.89825
NtProtectVirtualMemory
process_identifier: 3320
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 36864
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0045f000
success 0 0
1619349034.89825
NtAllocateVirtualMemory
process_identifier: 3320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02f20000
success 0 0
1619349041.039
NtAllocateVirtualMemory
process_identifier: 3428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x008e0000
success 0 0
1619349041.164
NtProtectVirtualMemory
process_identifier: 3428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 36864
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0045f000
success 0 0
1619349041.164
NtAllocateVirtualMemory
process_identifier: 3428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x023c0000
success 0 0
1619349042.38275
NtAllocateVirtualMemory
process_identifier: 3520
region_size: 3158016
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00890000
success 0 0
1619349043.508375
NtAllocateVirtualMemory
process_identifier: 3584
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004c0000
success 0 0
1619349043.867375
NtProtectVirtualMemory
process_identifier: 3584
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 36864
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0045f000
success 0 0
1619349043.867375
NtAllocateVirtualMemory
process_identifier: 3584
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x024b0000
success 0 0
1619349045.52275
NtAllocateVirtualMemory
process_identifier: 3696
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x005c0000
success 0 0
1619349045.71075
NtProtectVirtualMemory
process_identifier: 3696
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 36864
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0045f000
success 0 0
1619349045.74175
NtAllocateVirtualMemory
process_identifier: 3696
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02380000
success 0 0
1619349052.02275
NtAllocateVirtualMemory
process_identifier: 3772
region_size: 3158016
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00950000
success 0 0
1619349052.63275
NtAllocateVirtualMemory
process_identifier: 3840
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003f0000
success 0 0
1619349052.96075
NtProtectVirtualMemory
process_identifier: 3840
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 36864
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0045f000
success 0 0
1619349053.00775
NtAllocateVirtualMemory
process_identifier: 3840
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x022c0000
success 0 0
1619349057.10125
NtAllocateVirtualMemory
process_identifier: 3968
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004c0000
success 0 0
1619349057.24225
NtProtectVirtualMemory
process_identifier: 3968
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 36864
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0045f000
success 0 0
1619349057.24225
NtAllocateVirtualMemory
process_identifier: 3968
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00570000
success 0 0
1619349058.554
NtAllocateVirtualMemory
process_identifier: 4040
region_size: 3158016
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00a50000
success 0 0
1619349058.83575
NtAllocateVirtualMemory
process_identifier: 3292
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003f0000
success 0 0
1619349059.02275
NtProtectVirtualMemory
process_identifier: 3292
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 36864
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0045f000
success 0 0
1619349059.03875
NtAllocateVirtualMemory
process_identifier: 3292
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x024a0000
success 0 0
1619349065.179375
NtAllocateVirtualMemory
process_identifier: 1272
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004c0000
success 0 0
1619349065.289375
NtProtectVirtualMemory
process_identifier: 1272
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 36864
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0045f000
success 0 0
1619349065.289375
NtAllocateVirtualMemory
process_identifier: 1272
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02470000
success 0 0
1619349067.678502
NtAllocateVirtualMemory
process_identifier: 2448
region_size: 3158016
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00930000
success 0 0
1619349067.850875
NtAllocateVirtualMemory
process_identifier: 1060
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x005c0000
success 0 0
1619349067.928875
NtProtectVirtualMemory
process_identifier: 1060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 36864
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0045f000
success 0 0
1619349067.928875
NtAllocateVirtualMemory
process_identifier: 1060
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02470000
success 0 0
1619349069.741875
NtAllocateVirtualMemory
process_identifier: 3648
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x023d0000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (50 out of 72 个事件)
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.360995595337584 section {'size_of_data': '0x00038600', 'virtual_address': '0x00078000', 'entropy': 7.360995595337584, 'name': '.rsrc', 'virtual_size': '0x000384fc'} description A section with a high entropy has been found
entropy 0.331373989713446 description Overall entropy of this PE file is high
Expresses interest in specific running processes (2 个事件)
process 31deaffe726e5446c0188381ef391335.exe
process wmiprvse.exe
Repeatedly searches for a not-found process, you may want to run a web browser during analysis (41 个事件)
Time & API Arguments Status Return Repeated
1619345030.951531
Process32NextW
process_name: conhost.exe
snapshot_handle: 0x00000110
process_identifier: 2364
failed 0 0
1619349028.289
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x00000110
process_identifier: 1376
failed 0 0
1619349029.164
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x0000012c
process_identifier: 1376
failed 0 0
1619349029.929
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x00000110
process_identifier: 2760
failed 0 0
1619349031.336
Process32NextW
process_name: is32bit.exe
snapshot_handle: 0x00000110
process_identifier: 3136
failed 0 0
1619349032.648
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x00000128
process_identifier: 3128
failed 0 0
1619349033.336375
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x00000110
process_identifier: 3248
failed 0 0
1619349035.02325
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x00000110
process_identifier: 3384
failed 0 0
1619349036.52325
Process32NextW
process_name: 31deaffe726e5446c0188381ef391335.exe
snapshot_handle: 0x00000134
process_identifier: 3320
failed 0 0
1619349041.179
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x00000110
process_identifier: 3508
failed 0 0
1619349043.883375
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x00000110
process_identifier: 3684
failed 0 0
1619349044.961375
Process32NextW
process_name: 31deaffe726e5446c0188381ef391335.exe
snapshot_handle: 0x0000012c
process_identifier: 3584
failed 0 0
1619349045.89775
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x00000110
process_identifier: 3756
failed 0 0
1619349053.14775
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x00000110
process_identifier: 3928
failed 0 0
1619349056.49175
Process32NextW
process_name: 31deaffe726e5446c0188381ef391335.exe
snapshot_handle: 0x00000168
process_identifier: 3840
failed 0 0
1619349057.25825
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x00000110
process_identifier: 4024
failed 0 0
1619349059.14775
Process32NextW
process_name: is32bit.exe
snapshot_handle: 0x00000110
process_identifier: 624
failed 0 0
1619349063.94475
Process32NextW
process_name: dllhost.exe
snapshot_handle: 0x00000184
process_identifier: 428
failed 0 0
1619349065.461375
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x00000110
process_identifier: 3064
failed 0 0
1619349068.022875
Process32NextW
process_name: is32bit.exe
snapshot_handle: 0x00000110
process_identifier: 3600
failed 0 0
1619349068.741875
Process32NextW
process_name: 31deaffe726e5446c0188381ef391335.exe
snapshot_handle: 0x00000124
process_identifier: 1060
failed 0 0
1619349069.757875
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x00000110
process_identifier: 3712
failed 0 0
1619349071.742125
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x00000114
process_identifier: 3888
failed 0 0
1619349072.398125
Process32NextW
process_name: 31deaffe726e5446c0188381ef391335.exe
snapshot_handle: 0x00000128
process_identifier: 3804
failed 0 0
1619349073.351
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x00000110
process_identifier: 2168
failed 0 0
1619349075.367375
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x00000110
process_identifier: 1948
failed 0 0
1619349076.195375
Process32NextW
process_name: 31deaffe726e5446c0188381ef391335.exe
snapshot_handle: 0x00000128
process_identifier: 4080
failed 0 0
1619349077.069625
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x00000110
process_identifier: 2996
failed 0 0
1619349079.226375
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x00000110
process_identifier: 3636
failed 0 0
1619349079.633375
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x00000120
process_identifier: 1824
failed 0 0
1619349080.117375
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x00000110
process_identifier: 2944
failed 0 0
1619349082.601125
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x00000110
process_identifier: 952
failed 0 0
1619349082.664125
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x00000114
process_identifier: 952
failed 0 0
1619349083.4755
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x00000110
process_identifier: 3076
failed 0 0
1619349086.5535
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x00000110
process_identifier: 3256
failed 0 0
1619349086.6325
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x00000114
process_identifier: 3256
failed 0 0
1619349087.710875
Process32NextW
process_name: mscorsvw.exe
snapshot_handle: 0x00000110
process_identifier: 3572
failed 0 0
1619349089.83625
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x00000110
process_identifier: 2852
failed 0 0
1619349091.94525
Process32NextW
process_name: mscorsvw.exe
snapshot_handle: 0x00000148
process_identifier: 1320
failed 0 0
1619349092.53875
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x00000110
process_identifier: 3324
failed 0 0
1619349095.63325
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x00000110
process_identifier: 1304
failed 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (28 个事件)
Process injection Process 2240 called NtSetContextThread to modify thread in remote process 2544
Process injection Process 2288 called NtSetContextThread to modify thread in remote process 2128
Process injection Process 3188 called NtSetContextThread to modify thread in remote process 3260
Process injection Process 3428 called NtSetContextThread to modify thread in remote process 3520
Process injection Process 3696 called NtSetContextThread to modify thread in remote process 3772
Process injection Process 3968 called NtSetContextThread to modify thread in remote process 4040
Process injection Process 1272 called NtSetContextThread to modify thread in remote process 2448
Process injection Process 3648 called NtSetContextThread to modify thread in remote process 2964
Process injection Process 3924 called NtSetContextThread to modify thread in remote process 3860
Process injection Process 3852 called NtSetContextThread to modify thread in remote process 3972
Process injection Process 3164 called NtSetContextThread to modify thread in remote process 3744
Process injection Process 2968 called NtSetContextThread to modify thread in remote process 2656
Process injection Process 3124 called NtSetContextThread to modify thread in remote process 2940
Process injection Process 3372 called NtSetContextThread to modify thread in remote process 3440
Time & API Arguments Status Return Repeated
1619345031.451531
NtSetContextThread
thread_handle: 0x00000114
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4317920
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2544
success 0 0
1619349030.289
NtSetContextThread
thread_handle: 0x00000114
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4317920
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2128
success 0 0
1619349034.101375
NtSetContextThread
thread_handle: 0x00000114
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4317920
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3260
success 0 0
1619349041.648
NtSetContextThread
thread_handle: 0x00000114
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4317920
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3520
success 0 0
1619349046.92875
NtSetContextThread
thread_handle: 0x00000114
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4317920
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3772
success 0 0
1619349057.96125
NtSetContextThread
thread_handle: 0x00000114
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4317920
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 4040
success 0 0
1619349065.758375
NtSetContextThread
thread_handle: 0x00000114
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4317920
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2448
success 0 0
1619349070.116875
NtSetContextThread
thread_handle: 0x00000114
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4317920
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2964
success 0 0
1619349073.773
NtSetContextThread
thread_handle: 0x00000114
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4317920
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3860
success 0 0
1619349077.835625
NtSetContextThread
thread_handle: 0x00000114
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4317920
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3972
success 0 0
1619349080.742375
NtSetContextThread
thread_handle: 0x00000114
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4317920
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3744
success 0 0
1619349084.1635
NtSetContextThread
thread_handle: 0x00000114
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4317920
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2656
success 0 0
1619349088.147875
NtSetContextThread
thread_handle: 0x00000114
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4317920
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2940
success 0 0
1619349092.75775
NtSetContextThread
thread_handle: 0x00000114
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4317920
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3440
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (28 个事件)
Process injection Process 2240 resumed a thread in remote process 2544
Process injection Process 2288 resumed a thread in remote process 2128
Process injection Process 3188 resumed a thread in remote process 3260
Process injection Process 3428 resumed a thread in remote process 3520
Process injection Process 3696 resumed a thread in remote process 3772
Process injection Process 3968 resumed a thread in remote process 4040
Process injection Process 1272 resumed a thread in remote process 2448
Process injection Process 3648 resumed a thread in remote process 2964
Process injection Process 3924 resumed a thread in remote process 3860
Process injection Process 3852 resumed a thread in remote process 3972
Process injection Process 3164 resumed a thread in remote process 3744
Process injection Process 2968 resumed a thread in remote process 2656
Process injection Process 3124 resumed a thread in remote process 2940
Process injection Process 3372 resumed a thread in remote process 3440
Time & API Arguments Status Return Repeated
1619345031.889531
NtResumeThread
thread_handle: 0x00000114
suspend_count: 1
process_identifier: 2544
success 0 0
1619349030.601
NtResumeThread
thread_handle: 0x00000114
suspend_count: 1
process_identifier: 2128
success 0 0
1619349034.320375
NtResumeThread
thread_handle: 0x00000114
suspend_count: 1
process_identifier: 3260
success 0 0
1619349042.054
NtResumeThread
thread_handle: 0x00000114
suspend_count: 1
process_identifier: 3520
success 0 0
1619349051.00775
NtResumeThread
thread_handle: 0x00000114
suspend_count: 1
process_identifier: 3772
success 0 0
1619349058.25825
NtResumeThread
thread_handle: 0x00000114
suspend_count: 1
process_identifier: 4040
success 0 0
1619349067.398375
NtResumeThread
thread_handle: 0x00000114
suspend_count: 1
process_identifier: 2448
success 0 0
1619349070.507875
NtResumeThread
thread_handle: 0x00000114
suspend_count: 1
process_identifier: 2964
success 0 0
1619349074.117
NtResumeThread
thread_handle: 0x00000114
suspend_count: 1
process_identifier: 3860
success 0 0
1619349078.210625
NtResumeThread
thread_handle: 0x00000114
suspend_count: 1
process_identifier: 3972
success 0 0
1619349081.414375
NtResumeThread
thread_handle: 0x00000114
suspend_count: 1
process_identifier: 3744
success 0 0
1619349084.7105
NtResumeThread
thread_handle: 0x00000114
suspend_count: 1
process_identifier: 2656
success 0 0
1619349088.428875
NtResumeThread
thread_handle: 0x00000114
suspend_count: 1
process_identifier: 2940
success 0 0
1619349093.60075
NtResumeThread
thread_handle: 0x00000114
suspend_count: 1
process_identifier: 3440
success 0 0
Executed a process and injected code into it, probably while unpacking (50 out of 111 个事件)
Time & API Arguments Status Return Repeated
1619345031.420531
CreateProcessInternalW
thread_identifier: 2616
thread_handle: 0x00000114
process_identifier: 2544
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\31deaffe726e5446c0188381ef391335.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000118
inherit_handles: 0
success 1 0
1619345031.420531
NtUnmapViewOfSection
process_identifier: 2544
region_size: 4096
process_handle: 0x00000118
base_address: 0x00400000
success 0 0
1619345031.420531
NtMapViewOfSection
section_handle: 0x00000120
process_identifier: 2544
commit_size: 184320
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000118
allocation_type: 0 ()
section_offset: 0
view_size: 184320
base_address: 0x00400000
success 0 0
1619345031.435531
NtGetContextThread
thread_handle: 0x00000114
success 0 0
1619345031.451531
NtSetContextThread
thread_handle: 0x00000114
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4317920
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2544
success 0 0
1619345031.889531
NtResumeThread
thread_handle: 0x00000114
suspend_count: 1
process_identifier: 2544
success 0 0
1619345031.967531
CreateProcessInternalW
thread_identifier: 3056
thread_handle: 0x0000011c
process_identifier: 2732
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\31deaffe726e5446c0188381ef391335.exe" 2 2544 30087875
filepath_r:
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000124
inherit_handles: 0
success 1 0
1619349029.586
CreateProcessInternalW
thread_identifier: 3000
thread_handle: 0x00000130
process_identifier: 2288
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\31deaffe726e5446c0188381ef391335.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\31deaffe726e5446c0188381ef391335.exe
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000134
inherit_handles: 0
success 1 0
1619349030.258
CreateProcessInternalW
thread_identifier: 1060
thread_handle: 0x00000114
process_identifier: 2128
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\31deaffe726e5446c0188381ef391335.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000118
inherit_handles: 0
success 1 0
1619349030.258
NtUnmapViewOfSection
process_identifier: 2128
region_size: 4096
process_handle: 0x00000118
base_address: 0x00400000
success 0 0
1619349030.258
NtMapViewOfSection
section_handle: 0x00000120
process_identifier: 2128
commit_size: 184320
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000118
allocation_type: 0 ()
section_offset: 0
view_size: 184320
base_address: 0x00400000
success 0 0
1619349030.289
NtGetContextThread
thread_handle: 0x00000114
success 0 0
1619349030.289
NtSetContextThread
thread_handle: 0x00000114
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4317920
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2128
success 0 0
1619349030.601
NtResumeThread
thread_handle: 0x00000114
suspend_count: 1
process_identifier: 2128
success 0 0
1619349030.726
CreateProcessInternalW
thread_identifier: 912
thread_handle: 0x0000011c
process_identifier: 2900
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\31deaffe726e5446c0188381ef391335.exe" 2 2128 30090593
filepath_r:
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x0000012c
inherit_handles: 0
success 1 0
1619349032.789
CreateProcessInternalW
thread_identifier: 3192
thread_handle: 0x0000012c
process_identifier: 3188
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\31deaffe726e5446c0188381ef391335.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\31deaffe726e5446c0188381ef391335.exe
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000130
inherit_handles: 0
success 1 0
1619349034.086375
CreateProcessInternalW
thread_identifier: 3264
thread_handle: 0x00000114
process_identifier: 3260
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\31deaffe726e5446c0188381ef391335.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000118
inherit_handles: 0
success 1 0
1619349034.086375
NtUnmapViewOfSection
process_identifier: 3260
region_size: 4096
process_handle: 0x00000118
base_address: 0x00400000
success 0 0
1619349034.101375
NtMapViewOfSection
section_handle: 0x00000120
process_identifier: 3260
commit_size: 184320
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000118
allocation_type: 0 ()
section_offset: 0
view_size: 184320
base_address: 0x00400000
success 0 0
1619349034.101375
NtGetContextThread
thread_handle: 0x00000114
success 0 0
1619349034.101375
NtSetContextThread
thread_handle: 0x00000114
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4317920
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3260
success 0 0
1619349034.320375
NtResumeThread
thread_handle: 0x00000114
suspend_count: 1
process_identifier: 3260
success 0 0
1619349034.367375
CreateProcessInternalW
thread_identifier: 3324
thread_handle: 0x0000011c
process_identifier: 3320
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\31deaffe726e5446c0188381ef391335.exe" 2 3260 30094312
filepath_r:
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x0000012c
inherit_handles: 0
success 1 0
1619349039.32025
CreateProcessInternalW
thread_identifier: 3432
thread_handle: 0x00000138
process_identifier: 3428
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\31deaffe726e5446c0188381ef391335.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\31deaffe726e5446c0188381ef391335.exe
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x0000013c
inherit_handles: 0
success 1 0
1619349041.601
CreateProcessInternalW
thread_identifier: 3524
thread_handle: 0x00000114
process_identifier: 3520
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\31deaffe726e5446c0188381ef391335.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000118
inherit_handles: 0
success 1 0
1619349041.601
NtUnmapViewOfSection
process_identifier: 3520
region_size: 4096
process_handle: 0x00000118
base_address: 0x00400000
success 0 0
1619349041.617
NtMapViewOfSection
section_handle: 0x00000120
process_identifier: 3520
commit_size: 184320
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000118
allocation_type: 0 ()
section_offset: 0
view_size: 184320
base_address: 0x00400000
success 0 0
1619349041.633
NtGetContextThread
thread_handle: 0x00000114
success 0 0
1619349041.648
NtSetContextThread
thread_handle: 0x00000114
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4317920
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3520
success 0 0
1619349042.054
NtResumeThread
thread_handle: 0x00000114
suspend_count: 1
process_identifier: 3520
success 0 0
1619349042.586
CreateProcessInternalW
thread_identifier: 3588
thread_handle: 0x0000011c
process_identifier: 3584
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\31deaffe726e5446c0188381ef391335.exe" 2 3520 30102046
filepath_r:
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x0000012c
inherit_handles: 0
success 1 0
1619349045.148375
CreateProcessInternalW
thread_identifier: 3700
thread_handle: 0x00000130
process_identifier: 3696
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\31deaffe726e5446c0188381ef391335.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\31deaffe726e5446c0188381ef391335.exe
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000134
inherit_handles: 0
success 1 0
1619349046.88275
CreateProcessInternalW
thread_identifier: 3776
thread_handle: 0x00000114
process_identifier: 3772
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\31deaffe726e5446c0188381ef391335.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000118
inherit_handles: 0
success 1 0
1619349046.88275
NtUnmapViewOfSection
process_identifier: 3772
region_size: 4096
process_handle: 0x00000118
base_address: 0x00400000
success 0 0
1619349046.88275
NtMapViewOfSection
section_handle: 0x00000120
process_identifier: 3772
commit_size: 184320
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000118
allocation_type: 0 ()
section_offset: 0
view_size: 184320
base_address: 0x00400000
success 0 0
1619349046.92875
NtGetContextThread
thread_handle: 0x00000114
success 0 0
1619349046.92875
NtSetContextThread
thread_handle: 0x00000114
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4317920
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3772
success 0 0
1619349051.00775
NtResumeThread
thread_handle: 0x00000114
suspend_count: 1
process_identifier: 3772
success 0 0
1619349052.06975
CreateProcessInternalW
thread_identifier: 3844
thread_handle: 0x0000011c
process_identifier: 3840
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\31deaffe726e5446c0188381ef391335.exe" 2 3772 30111015
filepath_r:
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x0000012c
inherit_handles: 0
success 1 0
1619349056.72575
CreateProcessInternalW
thread_identifier: 3972
thread_handle: 0x0000016c
process_identifier: 3968
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\31deaffe726e5446c0188381ef391335.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\31deaffe726e5446c0188381ef391335.exe
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000170
inherit_handles: 0
success 1 0
1619349057.94525
CreateProcessInternalW
thread_identifier: 4044
thread_handle: 0x00000114
process_identifier: 4040
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\31deaffe726e5446c0188381ef391335.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000118
inherit_handles: 0
success 1 0
1619349057.94525
NtUnmapViewOfSection
process_identifier: 4040
region_size: 4096
process_handle: 0x00000118
base_address: 0x00400000
success 0 0
1619349057.94525
NtMapViewOfSection
section_handle: 0x00000120
process_identifier: 4040
commit_size: 184320
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000118
allocation_type: 0 ()
section_offset: 0
view_size: 184320
base_address: 0x00400000
success 0 0
1619349057.96125
NtGetContextThread
thread_handle: 0x00000114
success 0 0
1619349057.96125
NtSetContextThread
thread_handle: 0x00000114
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4317920
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 4040
success 0 0
1619349058.25825
NtResumeThread
thread_handle: 0x00000114
suspend_count: 1
process_identifier: 4040
success 0 0
1619349058.50825
CreateProcessInternalW
thread_identifier: 3288
thread_handle: 0x0000011c
process_identifier: 3292
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\31deaffe726e5446c0188381ef391335.exe" 2 4040 30118250
filepath_r:
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x0000012c
inherit_handles: 0
success 1 0
1619349064.08575
CreateProcessInternalW
thread_identifier: 1824
thread_handle: 0x00000188
process_identifier: 1272
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\31deaffe726e5446c0188381ef391335.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\31deaffe726e5446c0188381ef391335.exe
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x0000018c
inherit_handles: 0
success 1 0
1619349065.742375
CreateProcessInternalW
thread_identifier: 1816
thread_handle: 0x00000114
process_identifier: 2448
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\31deaffe726e5446c0188381ef391335.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000118
inherit_handles: 0
success 1 0
1619349065.742375
NtUnmapViewOfSection
process_identifier: 2448
region_size: 4096
process_handle: 0x00000118
base_address: 0x00400000
success 0 0
File has been identified by 58 AntiVirus engines on VirusTotal as malicious (50 out of 58 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.Delf.FareIt.Gen.10
FireEye Generic.mg.31deaffe726e5446
ALYac Trojan.Delf.FareIt.Gen.10
Cylance Unsafe
Zillya Trojan.Injector.Win32.740039
Sangfor Malware
K7AntiVirus Trojan ( 005678511 )
Alibaba Trojan:Win32/DelfInject.ali2000015
K7GW Trojan ( 005678511 )
Arcabit Trojan.Delf.FareIt.Gen.10
Cyren W32/Injector.DOQZ-5674
Symantec Trojan.Gen.2
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Trojan-Spy.Win32.Noon.gen
BitDefender Trojan.Delf.FareIt.Gen.10
NANO-Antivirus Trojan.Win32.SpyBotNET.hksmpi
Rising Trojan.Kryptik!1.C71C (CLASSIC)
Ad-Aware Trojan.Delf.FareIt.Gen.10
Emsisoft Trojan.Delf.FareIt.Gen.10 (B)
Comodo Malware@#10wiq8i3guz1d
F-Secure Trojan.TR/Injector.vfahk
DrWeb BackDoor.SpyBotNET.17
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R06EC0DIA20
McAfee-GW-Edition BehavesLike.Win32.Fareit.jc
Sophos Mal/Generic-S + Mal/Fareit-AA
SentinelOne Static AI - Suspicious PE
Jiangmin TrojanSpy.Noon.phf
Avira TR/Injector.vfahk
Antiy-AVL Trojan[PSW]/Win32.Fareit
Gridinsoft Trojan.Win32.Wacatac.ba!s1
Microsoft Trojan:Win32/FormBook.CM!MTB
AegisLab Trojan.Win32.Malicious.4!c
ZoneAlarm HEUR:Trojan-Spy.Win32.Noon.gen
GData Trojan.Delf.FareIt.Gen.10
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2066
Acronis suspicious
McAfee Fareit-FTB!31DEAFFE726E
MAX malware (ai score=83)
VBA32 TScope.Trojan.Delf
Malwarebytes Spyware.PasswordStealer
Zoner Trojan.Win32.67455
ESET-NOD32 a variant of Win32/Injector.EMHC
TrendMicro-HouseCall TROJ_GEN.R06EC0DIA20
Tencent Win32.Trojan-spy.Noon.Lkeg
Yandex Trojan.AvsArher.bTOmTw
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x46b150 VirtualFree
0x46b154 VirtualAlloc
0x46b158 LocalFree
0x46b15c LocalAlloc
0x46b160 GetVersion
0x46b164 GetCurrentThreadId
0x46b170 VirtualQuery
0x46b174 WideCharToMultiByte
0x46b178 MultiByteToWideChar
0x46b17c lstrlenA
0x46b180 lstrcpynA
0x46b184 LoadLibraryExA
0x46b188 GetThreadLocale
0x46b18c GetStartupInfoA
0x46b190 GetProcAddress
0x46b194 GetModuleHandleA
0x46b198 GetModuleFileNameA
0x46b19c GetLocaleInfoA
0x46b1a0 GetCommandLineA
0x46b1a4 FreeLibrary
0x46b1a8 FindFirstFileA
0x46b1ac FindClose
0x46b1b0 ExitProcess
0x46b1b4 WriteFile
0x46b1bc RtlUnwind
0x46b1c0 RaiseException
0x46b1c4 GetStdHandle
Library user32.dll:
0x46b1cc GetKeyboardType
0x46b1d0 LoadStringA
0x46b1d4 MessageBoxA
0x46b1d8 CharNextA
Library advapi32.dll:
0x46b1e0 RegQueryValueExA
0x46b1e4 RegOpenKeyExA
0x46b1e8 RegCloseKey
Library oleaut32.dll:
0x46b1f0 SysFreeString
0x46b1f4 SysReAllocStringLen
0x46b1f8 SysAllocStringLen
Library kernel32.dll:
0x46b200 TlsSetValue
0x46b204 TlsGetValue
0x46b208 LocalAlloc
0x46b20c GetModuleHandleA
Library advapi32.dll:
0x46b214 RegQueryValueExA
0x46b218 RegOpenKeyExA
0x46b21c RegCloseKey
Library kernel32.dll:
0x46b224 lstrcpyA
0x46b228 WriteFile
0x46b230 WaitForSingleObject
0x46b234 VirtualQuery
0x46b238 VirtualAlloc
0x46b23c Sleep
0x46b240 SizeofResource
0x46b244 SetThreadLocale
0x46b248 SetFilePointer
0x46b24c SetEvent
0x46b250 SetErrorMode
0x46b254 SetEndOfFile
0x46b258 ResetEvent
0x46b25c ReadFile
0x46b260 MulDiv
0x46b264 LockResource
0x46b268 LoadResource
0x46b26c LoadLibraryA
0x46b278 GlobalUnlock
0x46b27c GlobalReAlloc
0x46b280 GlobalHandle
0x46b284 GlobalLock
0x46b288 GlobalFree
0x46b28c GlobalFindAtomA
0x46b290 GlobalDeleteAtom
0x46b294 GlobalAlloc
0x46b298 GlobalAddAtomA
0x46b29c GetVersionExA
0x46b2a0 GetVersion
0x46b2a4 GetTickCount
0x46b2a8 GetThreadLocale
0x46b2b0 GetSystemTime
0x46b2b4 GetSystemInfo
0x46b2b8 GetStringTypeExA
0x46b2bc GetStdHandle
0x46b2c0 GetProcAddress
0x46b2c4 GetModuleHandleA
0x46b2c8 GetModuleFileNameA
0x46b2cc GetLocaleInfoA
0x46b2d0 GetLocalTime
0x46b2d4 GetLastError
0x46b2d8 GetFullPathNameA
0x46b2dc GetFileAttributesA
0x46b2e0 GetDiskFreeSpaceA
0x46b2e4 GetDateFormatA
0x46b2e8 GetCurrentThreadId
0x46b2ec GetCurrentProcessId
0x46b2f0 GetCPInfo
0x46b2f4 GetACP
0x46b2f8 FreeResource
0x46b2fc InterlockedExchange
0x46b300 FreeLibrary
0x46b304 FormatMessageA
0x46b308 FindResourceA
0x46b30c FindFirstFileA
0x46b310 FindClose
0x46b31c ExitThread
0x46b320 EnumCalendarInfoA
0x46b32c CreateThread
0x46b330 CreateFileA
0x46b334 CreateEventA
0x46b338 CompareStringA
0x46b33c CloseHandle
Library version.dll:
0x46b344 VerQueryValueA
0x46b34c GetFileVersionInfoA
Library gdi32.dll:
0x46b354 UnrealizeObject
0x46b358 StretchBlt
0x46b35c SetWindowOrgEx
0x46b360 SetWinMetaFileBits
0x46b364 SetViewportOrgEx
0x46b368 SetTextColor
0x46b36c SetStretchBltMode
0x46b370 SetROP2
0x46b374 SetPixel
0x46b378 SetEnhMetaFileBits
0x46b37c SetDIBColorTable
0x46b380 SetBrushOrgEx
0x46b384 SetBkMode
0x46b388 SetBkColor
0x46b38c SelectPalette
0x46b390 SelectObject
0x46b394 SelectClipRgn
0x46b398 SaveDC
0x46b39c RestoreDC
0x46b3a0 Rectangle
0x46b3a4 RectVisible
0x46b3a8 RealizePalette
0x46b3ac Polyline
0x46b3b0 PlayEnhMetaFile
0x46b3b4 PatBlt
0x46b3b8 MoveToEx
0x46b3bc MaskBlt
0x46b3c0 LineTo
0x46b3c4 IntersectClipRect
0x46b3c8 GetWindowOrgEx
0x46b3cc GetWinMetaFileBits
0x46b3d0 GetTextMetricsA
0x46b3dc GetStockObject
0x46b3e0 GetPixel
0x46b3e4 GetPaletteEntries
0x46b3e8 GetObjectA
0x46b3f4 GetEnhMetaFileBits
0x46b3f8 GetDeviceCaps
0x46b3fc GetDIBits
0x46b400 GetDIBColorTable
0x46b404 GetDCOrgEx
0x46b40c GetClipBox
0x46b410 GetBrushOrgEx
0x46b414 GetBitmapBits
0x46b418 ExcludeClipRect
0x46b41c DeleteObject
0x46b420 DeleteEnhMetaFile
0x46b424 DeleteDC
0x46b428 CreateSolidBrush
0x46b42c CreateRectRgn
0x46b430 CreatePenIndirect
0x46b434 CreatePalette
0x46b43c CreateFontIndirectA
0x46b440 CreateDIBitmap
0x46b444 CreateDIBSection
0x46b448 CreateCompatibleDC
0x46b450 CreateBrushIndirect
0x46b454 CreateBitmap
0x46b458 CopyEnhMetaFileA
0x46b45c BitBlt
Library opengl32.dll:
0x46b464 wglDeleteContext
Library user32.dll:
0x46b46c CreateWindowExA
0x46b470 WindowFromPoint
0x46b474 WinHelpA
0x46b478 WaitMessage
0x46b47c UpdateWindow
0x46b480 UnregisterClassA
0x46b484 UnhookWindowsHookEx
0x46b488 TranslateMessage
0x46b490 TrackPopupMenu
0x46b498 ShowWindow
0x46b49c ShowScrollBar
0x46b4a0 ShowOwnedPopups
0x46b4a4 ShowCursor
0x46b4a8 SetWindowsHookExA
0x46b4ac SetWindowPos
0x46b4b0 SetWindowPlacement
0x46b4b4 SetWindowLongA
0x46b4b8 SetTimer
0x46b4bc SetScrollRange
0x46b4c0 SetScrollPos
0x46b4c4 SetScrollInfo
0x46b4c8 SetRect
0x46b4cc SetPropA
0x46b4d0 SetParent
0x46b4d4 SetMenuItemInfoA
0x46b4d8 SetMenu
0x46b4dc SetForegroundWindow
0x46b4e0 SetFocus
0x46b4e4 SetCursor
0x46b4e8 SetClassLongA
0x46b4ec SetCapture
0x46b4f0 SetActiveWindow
0x46b4f4 SendMessageA
0x46b4f8 ScrollWindow
0x46b4fc ScreenToClient
0x46b500 RemovePropA
0x46b504 RemoveMenu
0x46b508 ReleaseDC
0x46b50c ReleaseCapture
0x46b518 RegisterClassA
0x46b51c RedrawWindow
0x46b520 PtInRect
0x46b524 PostQuitMessage
0x46b528 PostMessageA
0x46b52c PeekMessageA
0x46b530 OffsetRect
0x46b534 OemToCharA
0x46b538 MessageBoxA
0x46b53c MapWindowPoints
0x46b540 MapVirtualKeyA
0x46b544 LoadStringA
0x46b548 LoadKeyboardLayoutA
0x46b54c LoadIconA
0x46b550 LoadCursorA
0x46b554 LoadBitmapA
0x46b558 KillTimer
0x46b55c IsZoomed
0x46b560 IsWindowVisible
0x46b564 IsWindowEnabled
0x46b568 IsWindow
0x46b56c IsRectEmpty
0x46b570 IsIconic
0x46b574 IsDialogMessageA
0x46b578 IsChild
0x46b57c InvalidateRect
0x46b580 IntersectRect
0x46b584 InsertMenuItemA
0x46b588 InsertMenuA
0x46b58c InflateRect
0x46b594 GetWindowTextA
0x46b598 GetWindowRect
0x46b59c GetWindowPlacement
0x46b5a0 GetWindowLongA
0x46b5a4 GetWindowDC
0x46b5a8 GetTopWindow
0x46b5ac GetSystemMetrics
0x46b5b0 GetSystemMenu
0x46b5b4 GetSysColorBrush
0x46b5b8 GetSysColor
0x46b5bc GetSubMenu
0x46b5c0 GetScrollRange
0x46b5c4 GetScrollPos
0x46b5c8 GetScrollInfo
0x46b5cc GetPropA
0x46b5d0 GetParent
0x46b5d4 GetWindow
0x46b5d8 GetMenuStringA
0x46b5dc GetMenuState
0x46b5e0 GetMenuItemInfoA
0x46b5e4 GetMenuItemID
0x46b5e8 GetMenuItemCount
0x46b5ec GetMenu
0x46b5f0 GetLastActivePopup
0x46b5f4 GetKeyboardState
0x46b5fc GetKeyboardLayout
0x46b600 GetKeyState
0x46b604 GetKeyNameTextA
0x46b608 GetIconInfo
0x46b60c GetForegroundWindow
0x46b610 GetFocus
0x46b614 GetDlgItem
0x46b618 GetDesktopWindow
0x46b61c GetDCEx
0x46b620 GetDC
0x46b624 GetCursorPos
0x46b628 GetCursor
0x46b62c GetClipboardData
0x46b630 GetClientRect
0x46b634 GetClassNameA
0x46b638 GetClassInfoA
0x46b63c GetCapture
0x46b640 GetActiveWindow
0x46b644 FrameRect
0x46b648 FindWindowA
0x46b64c FillRect
0x46b650 EqualRect
0x46b654 EnumWindows
0x46b658 EnumThreadWindows
0x46b65c EndPaint
0x46b660 EndDeferWindowPos
0x46b664 EnableWindow
0x46b668 EnableScrollBar
0x46b66c EnableMenuItem
0x46b670 DrawTextA
0x46b674 DrawMenuBar
0x46b678 DrawIconEx
0x46b67c DrawIcon
0x46b680 DrawFrameControl
0x46b684 DrawFocusRect
0x46b688 DrawEdge
0x46b68c DispatchMessageA
0x46b690 DestroyWindow
0x46b694 DestroyMenu
0x46b698 DestroyIcon
0x46b69c DestroyCursor
0x46b6a0 DeleteMenu
0x46b6a4 DeferWindowPos
0x46b6a8 DefWindowProcA
0x46b6ac DefMDIChildProcA
0x46b6b0 DefFrameProcA
0x46b6b4 CreatePopupMenu
0x46b6b8 CreateMenu
0x46b6bc CreateIcon
0x46b6c0 ClientToScreen
0x46b6c4 CheckMenuItem
0x46b6c8 CallWindowProcA
0x46b6cc CallNextHookEx
0x46b6d0 BeginPaint
0x46b6d4 BeginDeferWindowPos
0x46b6d8 CharNextA
0x46b6dc CharLowerBuffA
0x46b6e0 CharLowerA
0x46b6e4 CharToOemA
0x46b6e8 AdjustWindowRectEx
Library kernel32.dll:
0x46b6f4 Sleep
Library oleaut32.dll:
0x46b6fc SafeArrayPtrOfIndex
0x46b700 SafeArrayGetUBound
0x46b704 SafeArrayGetLBound
0x46b708 SafeArrayCreate
0x46b70c VariantChangeType
0x46b710 VariantCopy
0x46b714 VariantClear
0x46b718 VariantInit
Library comctl32.dll:
0x46b728 ImageList_Write
0x46b72c ImageList_Read
0x46b73c ImageList_DragMove
0x46b740 ImageList_DragLeave
0x46b744 ImageList_DragEnter
0x46b748 ImageList_EndDrag
0x46b74c ImageList_BeginDrag
0x46b750 ImageList_Remove
0x46b754 ImageList_DrawEx
0x46b758 ImageList_Replace
0x46b75c ImageList_Draw
0x46b76c ImageList_Add
0x46b774 ImageList_Destroy
0x46b778 ImageList_Create
0x46b77c InitCommonControls
Library comdlg32.dll:
0x46b784 GetOpenFileNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51809 239.255.255.250 3702
192.168.56.101 51811 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.