7.0
高危
该样本未表现出任何异常!
重新分析
更多

668c31c58c0816f31b863d088cb88ff43f7c69aeae0e21734f96dd9a5992a872

423a75776aac9ceaaaffc65c59fe7ef1.exe

分析耗时

97s

最近分析

文件大小

370.5KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Queries for the computername (3 个事件)
Time & API Arguments Status Return Repeated
1619421119.304374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619421122.491374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619421124.835374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Checks if process is being debugged by a debugger (1 个事件)
Time & API Arguments Status Return Repeated
1619421114.835374
IsDebuggerPresent
failed 0 0
Uses Windows APIs to generate a cryptographic key (6 个事件)
Time & API Arguments Status Return Repeated
1619421115.366374
CryptExportKey
crypto_handle: 0x00656f80
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619421115.382374
CryptExportKey
crypto_handle: 0x00656f80
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619421117.929374
CryptExportKey
crypto_handle: 0x006d0c78
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619421117.929374
CryptExportKey
crypto_handle: 0x006d0cb8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619421118.398374
CryptExportKey
crypto_handle: 0x006d0e38
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619421118.476374
CryptExportKey
crypto_handle: 0x006d0e38
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
This executable has a PDB path (1 个事件)
pdb_path
One or more processes crashed (50 out of 65 个事件)
Time & API Arguments Status Return Repeated
1619421113.788374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1637008
registers.edi: 4350172
registers.eax: 0
registers.ebp: 1637024
registers.edx: 0
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 4
exception.instruction_r: f3 aa 8b 45 f0 8b 4d 08 8b 55 10 03 c8 2b d0 52
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xf048
exception.instruction: stosb byte ptr es:[edi], al
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61512
exception.address: 0x40f048
success 0 0
1619421113.788374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4354016
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 1835
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.788374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4358112
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 1803
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.788374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4362208
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 1771
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.788374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4366304
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 1739
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.788374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4370400
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 1707
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.788374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4374496
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 1675
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.788374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4378592
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 1643
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.788374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4382688
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 1611
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.788374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4386784
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 1579
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.788374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4390880
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 1547
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.788374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4394976
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 1515
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.788374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4399072
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 1483
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.788374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4403168
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 1451
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.788374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4407264
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 1419
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.804374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4411360
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 1387
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.804374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4415456
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 1355
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.804374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4419552
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 1323
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.804374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4423648
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 1291
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.804374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4427744
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 1259
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.804374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4431840
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 1227
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.804374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4435936
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 1195
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.804374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4440032
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 1163
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.804374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4444128
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 1131
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.804374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4448224
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 1099
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.804374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4452320
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 1067
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.804374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4456416
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 1035
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.804374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4460512
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 1003
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.804374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4464608
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 971
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.804374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4468704
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 939
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.804374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4472800
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 907
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.804374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4476896
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 875
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.804374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4480992
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 843
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.804374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4485088
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 811
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.804374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4489184
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 779
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.804374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4493280
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 747
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.804374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4497376
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 715
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.804374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4501472
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 683
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.804374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4505568
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 651
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.804374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4509664
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 619
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.804374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4513760
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 587
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.804374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4517856
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 555
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.804374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4521952
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 523
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.804374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4526048
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 491
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.804374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4530144
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 459
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.804374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4534240
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 427
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.804374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4538336
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 395
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.804374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4542432
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 363
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.804374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4546528
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 331
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
1619421113.804374
__exception__
stacktrace: 
423a75776aac9ceaaaffc65c59fe7ef1+0xf014 @ 0x40f014
423a75776aac9ceaaaffc65c59fe7ef1+0xf060 @ 0x40f060
423a75776aac9ceaaaffc65c59fe7ef1+0x1f28 @ 0x401f28

registers.esp: 1636952
registers.edi: 4550624
registers.eax: 4350176
registers.ebp: 1636956
registers.edx: 77
registers.ebx: 4350172
registers.esi: 4350172
registers.ecx: 299
exception.instruction_r: 66 0f 7f 47 20 66 0f 7f 47 30 66 0f 7f 47 40 66
exception.symbol: 423a75776aac9ceaaaffc65c59fe7ef1+0xefb0
exception.address: 0x40efb0
exception.module: 423a75776aac9ceaaaffc65c59fe7ef1.exe
exception.exception_code: 0xc0000005
exception.offset: 61360
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (50 out of 85 个事件)
Time & API Arguments Status Return Repeated
1619421114.288374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 1638400
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x025e0000
success 0 0
1619421114.288374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02730000
success 0 0
1619421114.788374
NtProtectVirtualMemory
process_identifier: 2428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73c51000
success 0 0
1619421114.835374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0048a000
success 0 0
1619421114.835374
NtProtectVirtualMemory
process_identifier: 2428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73c52000
success 0 0
1619421114.835374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00482000
success 0 0
1619421115.116374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00492000
success 0 0
1619421115.226374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02731000
success 0 0
1619421115.273374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02732000
success 0 0
1619421115.351374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004b2000
success 0 0
1619421115.351374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004bc000
success 0 0
1619421115.507374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02734000
success 0 0
1619421115.538374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00493000
success 0 0
1619421115.538374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0049c000
success 0 0
1619421115.538374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02735000
success 0 0
1619421115.538374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02737000
success 0 0
1619421117.304374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02150000
success 0 0
1619421117.851374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00494000
success 0 0
1619421117.866374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00495000
success 0 0
1619421117.929374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004cb000
success 0 0
1619421117.929374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004c7000
success 0 0
1619421117.929374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00496000
success 0 0
1619421117.976374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004ba000
success 0 0
1619421117.991374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 12288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00497000
success 0 0
1619421118.007374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02170000
success 0 0
1619421118.085374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 53248
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02151000
success 0 0
1619421118.257374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02171000
success 0 0
1619421118.304374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x04a50000
success 0 0
1619421118.304374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 28672
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x04a51000
success 0 0
1619421118.304374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x04a58000
success 0 0
1619421118.319374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0049a000
success 0 0
1619421118.351374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0048b000
success 0 0
1619421118.476374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x04a59000
success 0 0
1619421118.491374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x04a5d000
success 0 0
1619421118.491374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004a6000
success 0 0
1619421118.491374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02739000
success 0 0
1619421118.554374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004aa000
success 0 0
1619421118.554374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004a7000
success 0 0
1619421118.944374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x04a5e000
success 0 0
1619421120.007374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05090000
success 0 0
1619421120.007374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05091000
success 0 0
1619421120.007374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0049b000
success 0 0
1619421120.007374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05230000
success 0 0
1619421122.413374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
base_address: 0xfff30000
success 0 0
1619421122.413374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0xfff30000
success 0 0
1619421122.413374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0xfff30000
success 0 0
1619421122.413374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
base_address: 0xfff20000
success 0 0
1619421122.413374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0xfff20000
success 0 0
1619421122.413374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05410000
success 0 0
1619421122.460374
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05231000
success 0 0
Steals private information from local Internet browsers (7 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Local State
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\
file C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\MapleStudio\ChromePlus\User Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Yandex\YandexBrowser\User Data
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.998381099650105 section {'size_of_data': '0x0003aa00', 'virtual_address': '0x00026000', 'entropy': 7.998381099650105, 'name': '.rsrc', 'virtual_size': '0x0003a85c'} description A section with a high entropy has been found
entropy 0.6346414073071719 description Overall entropy of this PE file is high
Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)
Time & API Arguments Status Return Repeated
1619421118.351374
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Looks for the Windows Idle Time to determine the uptime (1 个事件)
Time & API Arguments Status Return Repeated
1619421127.476374
NtQuerySystemInformation
information_class: 8 (SystemProcessorPerformanceInformation)
success 0 0
A process attempted to delay the analysis task. (1 个事件)
description 423a75776aac9ceaaaffc65c59fe7ef1.exe tried to sleep 2728335 seconds, actually delayed analysis time by 2728335 seconds
Harvests credentials from local FTP client softwares (6 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FTPGetter\servers.xml
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Ipswitch\WS_FTP\Sites\ws_ftp.ini
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FileZilla\recentservers.xml
registry HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
registry HKEY_CURRENT_USER\Software\FTPWare\COREFTP\Sites
Harvests credentials from local email clients (6 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Thunderbird\profiles.ini
registry HKEY_CURRENT_USER\Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
registry HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
registry HKEY_CURRENT_USER\Software\RimArts\B2\Settings
registry HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.110:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-03-30 15:33:36

Imports

Library KERNEL32.dll:
0x41b000 RaiseException
0x41b004 GetLastError
0x41b008 MultiByteToWideChar
0x41b00c lstrlenA
0x41b014 GetProcAddress
0x41b018 LoadLibraryA
0x41b01c FreeResource
0x41b020 SizeofResource
0x41b024 LockResource
0x41b028 LoadResource
0x41b02c FindResourceA
0x41b030 GetModuleHandleA
0x41b034 Module32Next
0x41b038 CloseHandle
0x41b03c Module32First
0x41b044 GetCurrentProcessId
0x41b048 SetEndOfFile
0x41b04c GetStringTypeW
0x41b050 GetStringTypeA
0x41b054 LCMapStringW
0x41b058 LCMapStringA
0x41b05c GetLocaleInfoA
0x41b060 CreateFileA
0x41b064 HeapFree
0x41b068 GetProcessHeap
0x41b06c HeapAlloc
0x41b070 GetCommandLineA
0x41b074 HeapCreate
0x41b078 VirtualFree
0x41b088 VirtualAlloc
0x41b08c HeapReAlloc
0x41b090 HeapSize
0x41b094 TerminateProcess
0x41b098 GetCurrentProcess
0x41b0a4 IsDebuggerPresent
0x41b0a8 GetModuleHandleW
0x41b0ac Sleep
0x41b0b0 ExitProcess
0x41b0b4 WriteFile
0x41b0b8 GetStdHandle
0x41b0bc GetModuleFileNameA
0x41b0c0 WideCharToMultiByte
0x41b0c4 GetConsoleCP
0x41b0c8 GetConsoleMode
0x41b0cc ReadFile
0x41b0d0 TlsGetValue
0x41b0d4 TlsAlloc
0x41b0d8 TlsSetValue
0x41b0dc TlsFree
0x41b0e4 SetLastError
0x41b0e8 GetCurrentThreadId
0x41b0ec FlushFileBuffers
0x41b0f0 SetFilePointer
0x41b0f4 SetHandleCount
0x41b0f8 GetFileType
0x41b0fc GetStartupInfoA
0x41b100 RtlUnwind
0x41b118 GetTickCount
0x41b124 GetCPInfo
0x41b128 GetACP
0x41b12c GetOEMCP
0x41b130 IsValidCodePage
0x41b134 CompareStringA
0x41b138 CompareStringW
0x41b140 WriteConsoleA
0x41b144 GetConsoleOutputCP
0x41b148 WriteConsoleW
0x41b14c SetStdHandle
Library ole32.dll:
0x41b184 OleInitialize
Library OLEAUT32.dll:
0x41b154 VariantInit
0x41b158 SafeArrayCreate
0x41b15c SafeArrayAccessData
0x41b164 SafeArrayDestroy
0x41b16c VariantClear
0x41b170 SysFreeString
0x41b174 SysAllocString
Library mscoree.dll:
0x41b17c CorBindToRuntimeEx

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51379 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.