8.6
极危

410eac5d77ea5b38a45a44079cba89f1f3fa6234ff16dd63dbde3476ce364b36

46168b6bae327a9d6aa590fbd5a9688a.exe

分析耗时

84s

最近分析

文件大小

8.9MB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
This executable is signed
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
One or more processes crashed (50 out of 117 个事件)
Time & API Arguments Status Return Repeated
1620977172.753625
__exception__
stacktrace:
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1638276
registers.edi: 0
registers.eax: 1
registers.ebp: 1638292
registers.edx: 22880256
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
exception.instruction_r: fb e9 4e 01 00 00 60 8b 74 24 24 8b 7c 24 28 fc
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 14569657
exception.address: 0x11e50b9
success 0 0
1620977172.753625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638240
registers.edi: 1983119592
registers.eax: 12537292
registers.ebp: 3964874772
registers.edx: 4194304
registers.ebx: 12536817
registers.esi: 3
registers.ecx: 1983315968
exception.instruction_r: fb 68 d1 e3 96 74 89 3c 24 bf 59 1c b2 3f 47 81
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 8344533
exception.address: 0xbf53d5
success 0 0
1620977172.753625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638244
registers.edi: 1983119592
registers.eax: 12567454
registers.ebp: 3964874772
registers.edx: 4194304
registers.ebx: 12536817
registers.esi: 3
registers.ecx: 1983315968
exception.instruction_r: fb 83 ec 04 89 0c 24 e9 c2 06 00 00 5f 89 ea 8b
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 8343125
exception.address: 0xbf4e55
success 0 0
1620977172.753625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638244
registers.edi: 0
registers.eax: 12540186
registers.ebp: 3964874772
registers.edx: 4194304
registers.ebx: 12536817
registers.esi: 4057430
registers.ecx: 1983315968
exception.instruction_r: fb 55 53 bb 4b 13 f3 5f 89 dd 8b 1c 24 83 c4 04
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 8344892
exception.address: 0xbf553c
success 0 0
1620977172.769625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638244
registers.edi: 0
registers.eax: 28377
registers.ebp: 3964874772
registers.edx: 2018674555
registers.ebx: 985020416
registers.esi: 12568971
registers.ecx: 1187389754
exception.instruction_r: fb 52 89 04 24 89 0c 24 c7 04 24 0b 26 b7 77 81
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 8348613
exception.address: 0xbf63c5
success 0 0
1620977172.769625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638244
registers.edi: 0
registers.eax: 0
registers.ebp: 3964874772
registers.edx: 239849
registers.ebx: 985020416
registers.esi: 12543807
registers.ecx: 1187389754
exception.instruction_r: fb 56 c7 04 24 b0 05 19 58 89 34 24 c7 04 24 41
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 8346311
exception.address: 0xbf5ac7
success 0 0
1620977172.769625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638244
registers.edi: 476649
registers.eax: 29722
registers.ebp: 3964874772
registers.edx: 4294939976
registers.ebx: 14528330
registers.esi: 14478754
registers.ecx: 769
exception.instruction_r: fb 68 81 df 28 58 89 04 24 89 14 24 c7 04 24 00
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10305899
exception.address: 0xdd416b
success 0 0
1620977172.769625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638244
registers.edi: 476649
registers.eax: 14532687
registers.ebp: 3964874772
registers.edx: 4294939976
registers.ebx: 995882549
registers.esi: 4294943732
registers.ecx: 202985
exception.instruction_r: fb 68 56 f7 93 78 e9 51 fb ff ff 81 c7 55 08 3e
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10314426
exception.address: 0xdd62ba
success 0 0
1620977172.784625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638244
registers.edi: 24522329
registers.eax: 27743
registers.ebp: 3964874772
registers.edx: 14539436
registers.ebx: 995882549
registers.esi: 4294943732
registers.ecx: 1983369708
exception.instruction_r: fb 56 c7 04 24 ff 08 52 11 89 1c 24 e9 db 04 00
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10317552
exception.address: 0xdd6ef0
success 0 0
1620977172.784625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638244
registers.edi: 24522329
registers.eax: 27743
registers.ebp: 3964874772
registers.edx: 14539436
registers.ebx: 995882549
registers.esi: 4294942280
registers.ecx: 1259
exception.instruction_r: fb 53 89 2c 24 89 0c 24 e9 6b f6 ff ff 89 24 24
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10319912
exception.address: 0xdd7828
success 0 0
1620977172.784625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638236
registers.edi: 24522329
registers.eax: 1447909480
registers.ebp: 3964874772
registers.edx: 22104
registers.ebx: 1983254709
registers.esi: 14542415
registers.ecx: 20
exception.instruction_r: ed 64 8f 05 00 00 00 00 e9 b6 bd ff ff 68 5e 07
exception.instruction: in eax, dx
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10371267
exception.address: 0xde40c3
success 0 0
1620977172.784625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638236
registers.edi: 24522329
registers.eax: 1
registers.ebp: 3964874772
registers.edx: 22104
registers.ebx: 0
registers.esi: 14542415
registers.ecx: 20
exception.offset: 10370952
exception.instruction_r: 0f 3f 07 0b 64 8f 05 00 00 00 00 83 c4 04 83 fb
exception.exception_code: 0xc000001d
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.address: 0xde3f88
success 0 0
1620977172.784625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638236
registers.edi: 24522329
registers.eax: 1447909480
registers.ebp: 3964874772
registers.edx: 22104
registers.ebx: 2256917605
registers.esi: 14542415
registers.ecx: 10
exception.instruction_r: ed 81 fb 68 58 4d 56 75 0a c7 85 88 38 6c 14 01
exception.instruction: in eax, dx
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10352332
exception.address: 0xddf6cc
success 0 0
1620977172.956625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638244
registers.edi: 24522329
registers.eax: 28849
registers.ebp: 3964874772
registers.edx: 2130566132
registers.ebx: 48091015
registers.esi: 14606285
registers.ecx: 4035182592
exception.instruction_r: fb 29 c9 68 33 c5 2b 5c 89 04 24 e9 17 04 00 00
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10383226
exception.address: 0xde6f7a
success 0 0
1620977172.956625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638244
registers.edi: 6379
registers.eax: 28849
registers.ebp: 3964874772
registers.edx: 2130566132
registers.ebx: 48091015
registers.esi: 14606285
registers.ecx: 4294940896
exception.instruction_r: fb 83 ec 04 e9 1e fb ff ff 8b 3c 24 83 c4 04 89
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10385453
exception.address: 0xde782d
success 0 0
1620977172.956625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638244
registers.edi: 6379
registers.eax: 14641515
registers.ebp: 3964874772
registers.edx: 14579946
registers.ebx: 990866084
registers.esi: 14606285
registers.ecx: 14579946
exception.instruction_r: fb e9 00 00 00 00 57 c7 04 24 1f a0 23 32 89 14
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10419462
exception.address: 0xdefd06
success 0 0
1620977172.956625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638244
registers.edi: 604292947
registers.eax: 14641515
registers.ebp: 3964874772
registers.edx: 14579946
registers.ebx: 990866084
registers.esi: 14606285
registers.ecx: 4294940492
exception.instruction_r: fb b8 bd 5c 50 10 52 50 b8 f8 90 eb 79 50 51 b9
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10418966
exception.address: 0xdefb16
success 0 0
1620977173.175625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638244
registers.edi: 12530774
registers.eax: 28554
registers.ebp: 3964874772
registers.edx: 6
registers.ebx: 48091234
registers.esi: 14695417
registers.ecx: 6
exception.instruction_r: fb 81 ec 04 00 00 00 89 2c 24 51 89 e1 81 c1 04
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10474520
exception.address: 0xdfd418
success 0 0
1620977173.175625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638244
registers.edi: 262633
registers.eax: 28554
registers.ebp: 3964874772
registers.edx: 0
registers.ebx: 48091234
registers.esi: 14669557
registers.ecx: 6
exception.instruction_r: fb 50 b8 56 6e f7 3f 83 ec 04 89 04 24 f7 14 24
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10474493
exception.address: 0xdfd3fd
success 0 0
1620977173.175625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638232
registers.edi: 3965137405
registers.eax: 30220
registers.ebp: 3964874772
registers.edx: 0
registers.ebx: 14685629
registers.esi: 14932190
registers.ecx: 14683804
exception.instruction_r: fb 68 67 71 cd 64 e9 55 07 00 00 81 eb 92 07 fd
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10492218
exception.address: 0xe0193a
success 0 0
1620977173.175625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638236
registers.edi: 313768808
registers.eax: 0
registers.ebp: 3964874772
registers.edx: 0
registers.ebx: 14688685
registers.esi: 14932190
registers.ecx: 14683804
exception.instruction_r: fb 57 bf 71 6c 6f 6d e9 ed fa ff ff 5d 55 89 e5
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10493018
exception.address: 0xe01c5a
success 0 0
1620977173.175625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638236
registers.edi: 313768808
registers.eax: 84201
registers.ebp: 3964874772
registers.edx: 14692546
registers.ebx: 0
registers.esi: 14932190
registers.ecx: 878220958
exception.instruction_r: fb ba e0 f2 40 1f 50 89 3c 24 55 bd 95 a0 fd 7b
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10496393
exception.address: 0xe02989
success 0 0
1620977173.284625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638204
registers.edi: 4035182845
registers.eax: 14840746
registers.ebp: 3964874772
registers.edx: 2130566132
registers.ebx: 4035182804
registers.esi: 14808261
registers.ecx: 4035182592
exception.instruction_r: fb 56 89 0c 24 c7 04 24 22 a1 ee 5e 81 2c 24 d1
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10619623
exception.address: 0xe20ae7
success 0 0
1620977173.284625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638204
registers.edi: 3891170701
registers.eax: 14840746
registers.ebp: 3964874772
registers.edx: 4294943588
registers.ebx: 4035182804
registers.esi: 14808261
registers.ecx: 4035182592
exception.instruction_r: fb 55 c7 04 24 44 aa ef 78 ff 34 24 59 52 c7 04
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10619969
exception.address: 0xe20c41
success 0 0
1620977173.362625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638204
registers.edi: 802447096
registers.eax: 28418
registers.ebp: 3964874772
registers.edx: 2130566132
registers.ebx: 3717700297
registers.esi: 776475392
registers.ecx: 14847085
exception.instruction_r: fb e9 6b 06 00 00 29 de e9 37 08 00 00 51 b9 9f
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10624672
exception.address: 0xe21ea0
success 0 0
1620977173.362625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638204
registers.edi: 802447096
registers.eax: 3392045160
registers.ebp: 3964874772
registers.edx: 4294941456
registers.ebx: 3717700297
registers.esi: 776475392
registers.ecx: 14847085
exception.instruction_r: fb 68 4c 3a 94 28 89 2c 24 57 89 e7 e9 b4 fa ff
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10626094
exception.address: 0xe2242e
success 0 0
1620977173.362625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638204
registers.edi: 802447096
registers.eax: 32192
registers.ebp: 3964874772
registers.edx: 14824853
registers.ebx: 322689
registers.esi: 0
registers.ecx: 1086182367
exception.instruction_r: fb 57 54 5f 53 bb 04 00 00 00 01 df 8b 1c 24 83
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10627564
exception.address: 0xe229ec
success 0 0
1620977173.378625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638204
registers.edi: 0
registers.eax: 28173
registers.ebp: 3964874772
registers.edx: 801425168
registers.ebx: 322689
registers.esi: 928816525
registers.ecx: 14828170
exception.instruction_r: fb e9 0a fd ff ff 47 4f c1 e7 08 81 ef 00 8f 36
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10632805
exception.address: 0xe23e65
success 0 0
1620977173.378625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638200
registers.edi: 1375731581
registers.eax: 26562
registers.ebp: 3964874772
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 51660800
registers.ecx: 14829969
exception.instruction_r: fb e9 9d f8 ff ff 35 5f 30 a6 03 89 c2 58 29 d5
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10638051
exception.address: 0xe252e3
success 0 0
1620977173.378625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638204
registers.edi: 607947090
registers.eax: 0
registers.ebp: 3964874772
registers.edx: 2130566132
registers.ebx: 0
registers.esi: 51660800
registers.ecx: 14832771
exception.instruction_r: fb 53 c7 04 24 6a d5 77 79 81 34 24 00 8a ef 7f
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10635891
exception.address: 0xe24a73
success 0 0
1620977173.378625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638200
registers.edi: 607947090
registers.eax: 32134
registers.ebp: 3964874772
registers.edx: 2130566132
registers.ebx: 14833162
registers.esi: 51660800
registers.ecx: 581619832
exception.instruction_r: fb e9 91 ff ff ff 68 a0 32 a5 4a 89 0c 24 b9 12
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10639426
exception.address: 0xe25842
success 0 0
1620977173.378625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638204
registers.edi: 0
registers.eax: 32134
registers.ebp: 3964874772
registers.edx: 2130566132
registers.ebx: 14836064
registers.esi: 51660800
registers.ecx: 846957965
exception.instruction_r: fb 68 0b 1e 6d 2f 89 14 24 56 57 52 ba b4 8c df
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10640871
exception.address: 0xe25de7
success 0 0
1620977173.378625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638200
registers.edi: 883786442
registers.eax: 29177
registers.ebp: 3964874772
registers.edx: 2130566132
registers.ebx: 14836367
registers.esi: 0
registers.ecx: 14845489
exception.instruction_r: fb e9 ab ff ff ff 81 ea f6 90 5d 7f 81 ec 04 00
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10651658
exception.address: 0xe2880a
success 0 0
1620977173.378625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638204
registers.edi: 883786442
registers.eax: 29177
registers.ebp: 3964874772
registers.edx: 2130566132
registers.ebx: 14836367
registers.esi: 0
registers.ecx: 14874666
exception.instruction_r: fb 53 89 e3 81 c3 04 00 00 00 e9 07 fb ff ff 81
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10653096
exception.address: 0xe28da8
success 0 0
1620977173.394625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638204
registers.edi: 883786442
registers.eax: 29177
registers.ebp: 3964874772
registers.edx: 157417
registers.ebx: 4294940700
registers.esi: 0
registers.ecx: 14874666
exception.instruction_r: fb 68 c7 69 ed 40 89 04 24 e9 f2 f9 ff ff 81 04
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10653663
exception.address: 0xe28fdf
success 0 0
1620977173.394625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638204
registers.edi: 3780782499
registers.eax: 31176
registers.ebp: 3964874772
registers.edx: 0
registers.ebx: 3780782499
registers.esi: 14852630
registers.ecx: 2179041617
exception.instruction_r: fb 53 89 e3 e9 7f ff ff ff 81 e9 ee c1 0b a6 81
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10657820
exception.address: 0xe2a01c
success 0 0
1620977173.394625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638200
registers.edi: 3780782499
registers.eax: 31681
registers.ebp: 3964874772
registers.edx: 14877914
registers.ebx: 2147483650
registers.esi: 14854144
registers.ecx: 4035182592
exception.instruction_r: fb 50 b8 cb a6 bb 4b c1 e0 02 48 83 e8 01 c1 e0
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10685499
exception.address: 0xe30c3b
success 0 0
1620977173.394625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638204
registers.edi: 3780782499
registers.eax: 31681
registers.ebp: 3964874772
registers.edx: 14909595
registers.ebx: 2147483650
registers.esi: 14854144
registers.ecx: 4035182592
exception.instruction_r: fb 81 ec 04 00 00 00 e9 3d 00 00 00 f7 14 24 ff
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10684942
exception.address: 0xe30a0e
success 0 0
1620977173.409625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638204
registers.edi: 3815083405
registers.eax: 31681
registers.ebp: 3964874772
registers.edx: 14881363
registers.ebx: 0
registers.esi: 14854144
registers.ecx: 4035182592
exception.instruction_r: fb 83 ec 04 89 14 24 e9 7c 01 00 00 89 0c 24 89
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10683987
exception.address: 0xe30653
success 0 0
1620977173.409625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638204
registers.edi: 3815083405
registers.eax: 26683
registers.ebp: 3964874772
registers.edx: 2130566132
registers.ebx: 4294943436
registers.esi: 14909052
registers.ecx: 4059073933
exception.instruction_r: fb e9 29 01 00 00 8b 04 24 e9 6a ff ff ff ba 19
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10688949
exception.address: 0xe319b5
success 0 0
1620977173.441625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638200
registers.edi: 14899018
registers.eax: 28871
registers.ebp: 3964874772
registers.edx: 2130566132
registers.ebx: 14898490
registers.esi: 1
registers.ecx: 2005871740
exception.instruction_r: fb e9 53 ff ff ff 8b 14 24 51 e9 bc 02 00 00 81
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10706296
exception.address: 0xe35d78
success 0 0
1620977173.441625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638204
registers.edi: 14927889
registers.eax: 28871
registers.ebp: 3964874772
registers.edx: 2130566132
registers.ebx: 14898490
registers.esi: 1
registers.ecx: 2005871740
exception.instruction_r: fb 29 db ff 34 1f e9 43 00 00 00 ff 34 24 5f 81
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10706849
exception.address: 0xe35fa1
success 0 0
1620977173.441625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638204
registers.edi: 14927889
registers.eax: 28871
registers.ebp: 3964874772
registers.edx: 2130566132
registers.ebx: 4294940972
registers.esi: 4227347816
registers.ecx: 2005871740
exception.instruction_r: fb b8 e7 60 ff 77 48 48 e9 37 01 00 00 81 c4 04
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10704752
exception.address: 0xe35770
success 0 0
1620977173.441625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638200
registers.edi: 14902020
registers.eax: 27948
registers.ebp: 3964874772
registers.edx: 334170027
registers.ebx: 1906323929
registers.esi: 4227347816
registers.ecx: 2005871740
exception.instruction_r: fb 83 ec 04 89 2c 24 56 be 94 f8 f6 7f 87 ce 41
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10707968
exception.address: 0xe36400
success 0 0
1620977173.456625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638204
registers.edi: 14904836
registers.eax: 17230160
registers.ebp: 3964874772
registers.edx: 334170027
registers.ebx: 1906323929
registers.esi: 4227347816
registers.ecx: 0
exception.instruction_r: fb 51 53 54 8f 04 24 83 04 24 04 8b 0c 24 83 c4
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10709020
exception.address: 0xe3681c
success 0 0
1620977173.503625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638200
registers.edi: 14970519
registers.eax: 14986436
registers.ebp: 3964874772
registers.edx: 11
registers.ebx: 14934675
registers.esi: 80780112
registers.ecx: 12
exception.instruction_r: fb 51 89 3c 24 53 68 19 5c ef 3c 5b 81 e3 0e ce
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10793594
exception.address: 0xe4b27a
success 0 0
1620977173.503625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638204
registers.edi: 4294942032
registers.eax: 15014224
registers.ebp: 3964874772
registers.edx: 11
registers.ebx: 604292947
registers.esi: 80780112
registers.ecx: 12
exception.instruction_r: fb 83 ec 04 89 0c 24 b9 d2 96 55 59 e9 cd 00 00
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10793107
exception.address: 0xe4b093
success 0 0
1620977173.831625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638204
registers.edi: 14828619
registers.eax: 15060816
registers.ebp: 3964874772
registers.edx: 2130566132
registers.ebx: 94881568
registers.esi: 14828618
registers.ecx: 2005871740
exception.instruction_r: fb 56 51 68 5a a5 4f 67 e9 79 04 00 00 81 34 24
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10838081
exception.address: 0xe56041
success 0 0
1620977173.847625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638204
registers.edi: 14828619
registers.eax: 15034808
registers.ebp: 3964874772
registers.edx: 0
registers.ebx: 94881568
registers.esi: 14828618
registers.ecx: 983666061
exception.instruction_r: fb 53 c7 04 24 07 9c 53 3a e9 c5 fc ff ff 8b 24
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10838749
exception.address: 0xe562dd
success 0 0
1620977173.862625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638200
registers.edi: 14855694
registers.eax: 31777
registers.ebp: 3964874772
registers.edx: 15042446
registers.ebx: 1983119360
registers.esi: 14828616
registers.ecx: 2005871740
exception.instruction_r: fb e9 76 00 00 00 50 e9 77 fa ff ff 89 e9 e9 77
exception.instruction: sti
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10849830
exception.address: 0xe58e26
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (50 out of 936 个事件)
Time & API Arguments Status Return Repeated
1620977174.050625
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4493312
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00401000
success 0 0
1620977174.472625
NtAllocateVirtualMemory
process_identifier: 428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x050e0000
success 0 0
1620977174.472625
NtAllocateVirtualMemory
process_identifier: 428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x050f0000
success 0 0
1620977174.487625
NtAllocateVirtualMemory
process_identifier: 428
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05100000
success 0 0
1620977174.487625
NtAllocateVirtualMemory
process_identifier: 428
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05110000
success 0 0
1620977174.487625
NtAllocateVirtualMemory
process_identifier: 428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05120000
success 0 0
1620977174.487625
NtAllocateVirtualMemory
process_identifier: 428
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05120000
success 0 0
1620977174.519625
NtAllocateVirtualMemory
process_identifier: 428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05120000
success 0 0
1620977174.519625
NtAllocateVirtualMemory
process_identifier: 428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05120000
success 0 0
1620977174.534625
NtAllocateVirtualMemory
process_identifier: 428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05120000
success 0 0
1620977174.534625
NtAllocateVirtualMemory
process_identifier: 428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05120000
success 0 0
1620977174.534625
NtAllocateVirtualMemory
process_identifier: 428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05120000
success 0 0
1620977174.550625
NtAllocateVirtualMemory
process_identifier: 428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05120000
success 0 0
1620977174.550625
NtAllocateVirtualMemory
process_identifier: 428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05120000
success 0 0
1620977174.550625
NtAllocateVirtualMemory
process_identifier: 428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05120000
success 0 0
1620977174.566625
NtAllocateVirtualMemory
process_identifier: 428
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05120000
success 0 0
1620977174.566625
NtAllocateVirtualMemory
process_identifier: 428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05120000
success 0 0
1620977174.581625
NtAllocateVirtualMemory
process_identifier: 428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05120000
success 0 0
1620977174.612625
NtAllocateVirtualMemory
process_identifier: 428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05120000
success 0 0
1620977174.628625
NtAllocateVirtualMemory
process_identifier: 428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05120000
success 0 0
1620977174.628625
NtAllocateVirtualMemory
process_identifier: 428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05120000
success 0 0
1620977174.628625
NtAllocateVirtualMemory
process_identifier: 428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05120000
success 0 0
1620977174.628625
NtAllocateVirtualMemory
process_identifier: 428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05120000
success 0 0
1620977174.644625
NtAllocateVirtualMemory
process_identifier: 428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05120000
success 0 0
1620977174.644625
NtAllocateVirtualMemory
process_identifier: 428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05120000
success 0 0
1620977174.644625
NtAllocateVirtualMemory
process_identifier: 428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05120000
success 0 0
1620977174.644625
NtAllocateVirtualMemory
process_identifier: 428
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x05120000
success 0 0
1620977175.128625
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x004c7000
success 0 0
1620977175.128625
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x004c7000
success 0 0
1620977175.128625
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x004c7000
success 0 0
1620977175.128625
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x004c7000
success 0 0
1620977175.128625
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x004c7000
success 0 0
1620977175.128625
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x004c7000
success 0 0
1620977175.128625
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x004c7000
success 0 0
1620977175.128625
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x004c7000
success 0 0
1620977175.128625
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x004c7000
success 0 0
1620977175.128625
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x004c7000
success 0 0
1620977175.128625
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x004c7000
success 0 0
1620977175.128625
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x004c7000
success 0 0
1620977175.128625
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x004c8000
success 0 0
1620977175.128625
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x004c8000
success 0 0
1620977175.128625
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x004cb000
success 0 0
1620977175.128625
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x004cb000
success 0 0
1620977175.128625
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x004cb000
success 0 0
1620977175.128625
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x004cb000
success 0 0
1620977175.128625
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x004cc000
success 0 0
1620977175.128625
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x004cc000
success 0 0
1620977175.128625
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x004cc000
success 0 0
1620977175.128625
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x004cc000
success 0 0
1620977175.128625
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x004cd000
success 0 0
A process attempted to delay the analysis task. (1 个事件)
description 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe tried to sleep 556 seconds, actually delayed analysis time by 556 seconds
Foreign language identified in PE resource (1 个事件)
name RT_VERSION language LANG_CHINESE offset 0x00905978 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000002c4
Creates executable files on the filesystem (2 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\QingQian.dll
Drops an executable to the user AppData folder (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\QingQian.dll
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620977177.769625
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.960337244201961 section {'size_of_data': '0x00852000', 'virtual_address': '0x0007b000', 'entropy': 7.960337244201961, 'name': '.rdata', 'virtual_size': '0x00851960'} description A section with a high entropy has been found
entropy 0.9313511149978138 description Overall entropy of this PE file is high
Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)
Time & API Arguments Status Return Repeated
1620977175.894625
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Checks for the presence of known windows from debuggers and forensic tools (50 out of 92 个事件)
Time & API Arguments Status Return Repeated
1620977173.456625
FindWindowA
class_name: FilemonClass
window_name:
failed 0 0
1620977173.456625
FindWindowA
class_name: FilemonClass
window_name:
failed 0 0
1620977173.456625
FindWindowA
class_name: #0
window_name: File Monitor - Sysinternals: www.sysinternals.com
failed 0 0
1620977173.456625
FindWindowA
class_name: PROCMON_WINDOW_CLASS
window_name:
failed 0 0
1620977173.456625
FindWindowA
class_name: #0
window_name: Process Monitor - Sysinternals: www.sysinternals.com
failed 0 0
1620977173.472625
FindWindowA
class_name: RegmonClass
window_name:
failed 0 0
1620977173.472625
FindWindowA
class_name: RegmonClass
window_name:
failed 0 0
1620977173.472625
FindWindowA
class_name: #0
window_name: Registry Monitor - Sysinternals: www.sysinternals.com
failed 0 0
1620977173.472625
FindWindowA
class_name: 18467-41
window_name:
failed 0 0
1620977174.112625
FindWindowA
class_name: FilemonClass
window_name:
failed 0 0
1620977174.112625
FindWindowA
class_name: FilemonClass
window_name:
failed 0 0
1620977174.112625
FindWindowA
class_name: #0
window_name: File Monitor - Sysinternals: www.sysinternals.com
failed 0 0
1620977174.112625
FindWindowA
class_name: PROCMON_WINDOW_CLASS
window_name:
failed 0 0
1620977174.112625
FindWindowA
class_name: #0
window_name: Process Monitor - Sysinternals: www.sysinternals.com
failed 0 0
1620977178.441625
FindWindowA
class_name: Regmonclass
window_name:
failed 0 0
1620977178.441625
FindWindowA
class_name: Regmonclass
window_name:
failed 0 0
1620977178.753625
FindWindowA
class_name: 18467-41
window_name:
failed 0 0
1620977179.081625
FindWindowA
class_name: Filemonclass
window_name:
failed 0 0
1620977179.081625
FindWindowA
class_name: Filemonclass
window_name:
failed 0 0
1620977179.081625
FindWindowA
class_name: PROCMON_WINDOW_CLASS
window_name:
failed 0 0
1620977183.081625
FindWindowA
class_name: Regmonclass
window_name:
failed 0 0
1620977183.081625
FindWindowA
class_name: Regmonclass
window_name:
failed 0 0
1620977183.394625
FindWindowA
class_name: 18467-41
window_name:
failed 0 0
1620977183.706625
FindWindowA
class_name: Filemonclass
window_name:
failed 0 0
1620977183.706625
FindWindowA
class_name: Filemonclass
window_name:
failed 0 0
1620977183.706625
FindWindowA
class_name: PROCMON_WINDOW_CLASS
window_name:
failed 0 0
1620977187.706625
FindWindowA
class_name: Regmonclass
window_name:
failed 0 0
1620977187.706625
FindWindowA
class_name: Regmonclass
window_name:
failed 0 0
1620977188.019625
FindWindowA
class_name: 18467-41
window_name:
failed 0 0
1620977188.331625
FindWindowA
class_name: Filemonclass
window_name:
failed 0 0
1620977188.331625
FindWindowA
class_name: Filemonclass
window_name:
failed 0 0
1620977188.331625
FindWindowA
class_name: PROCMON_WINDOW_CLASS
window_name:
failed 0 0
1620977192.331625
FindWindowA
class_name: Regmonclass
window_name:
failed 0 0
1620977192.331625
FindWindowA
class_name: Regmonclass
window_name:
failed 0 0
1620977192.644625
FindWindowA
class_name: 18467-41
window_name:
failed 0 0
1620977192.956625
FindWindowA
class_name: Filemonclass
window_name:
failed 0 0
1620977192.956625
FindWindowA
class_name: Filemonclass
window_name:
failed 0 0
1620977192.956625
FindWindowA
class_name: PROCMON_WINDOW_CLASS
window_name:
failed 0 0
1620977196.956625
FindWindowA
class_name: Regmonclass
window_name:
failed 0 0
1620977196.956625
FindWindowA
class_name: Regmonclass
window_name:
failed 0 0
1620977197.269625
FindWindowA
class_name: 18467-41
window_name:
failed 0 0
1620977197.581625
FindWindowA
class_name: Filemonclass
window_name:
failed 0 0
1620977197.581625
FindWindowA
class_name: Filemonclass
window_name:
failed 0 0
1620977197.581625
FindWindowA
class_name: PROCMON_WINDOW_CLASS
window_name:
failed 0 0
1620977201.581625
FindWindowA
class_name: Regmonclass
window_name:
failed 0 0
1620977201.581625
FindWindowA
class_name: Regmonclass
window_name:
failed 0 0
1620977202.175625
FindWindowA
class_name: 18467-41
window_name:
failed 0 0
1620977202.644625
FindWindowA
class_name: Filemonclass
window_name:
failed 0 0
1620977202.644625
FindWindowA
class_name: Filemonclass
window_name:
failed 0 0
1620977202.644625
FindWindowA
class_name: PROCMON_WINDOW_CLASS
window_name:
failed 0 0
Checks the version of Bios, possibly for anti-virtualization (2 个事件)
registry HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
Installs an hook procedure to monitor for mouse events (1 个事件)
Time & API Arguments Status Return Repeated
1620977175.534625
SetWindowsHookExW
thread_identifier: 0
callback_function: 0x7489b5cc
module_address: 0x74890000
hook_identifier: 14 (WH_MOUSE_LL)
success 65983 0
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1620977180.331625
RegSetValueExA
key_handle: 0x000004f0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620977180.347625
RegSetValueExA
key_handle: 0x000004f0
value: À¾rB‡H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620977180.347625
RegSetValueExA
key_handle: 0x000004f0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620977180.347625
RegSetValueExW
key_handle: 0x000004f0
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620977180.347625
RegSetValueExA
key_handle: 0x00000508
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620977180.347625
RegSetValueExA
key_handle: 0x00000508
value: À¾rB‡H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620977180.347625
RegSetValueExA
key_handle: 0x00000508
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620977180.394625
RegSetValueExW
key_handle: 0x000004ec
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Detects VirtualBox through the presence of a registry key (1 个事件)
registry HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Detects VMWare through the in instruction feature (1 个事件)
Time & API Arguments Status Return Repeated
1620977172.784625
__exception__
stacktrace:

                
            
            
            
registers.esp: 1638236
registers.edi: 24522329
registers.eax: 1447909480
registers.ebp: 3964874772
registers.edx: 22104
registers.ebx: 1983254709
registers.esi: 14542415
registers.ecx: 20
exception.instruction_r: ed 64 8f 05 00 00 00 00 e9 b6 bd ff ff 68 5e 07
exception.instruction: in eax, dx
exception.module: 坏感驳昂院鞠诶屑惶涤碳厮傻嚷苏缕杉拔奈哨苑可挥咆都剂奈妨记源惶毕涛永旧登拘侄猛腺驯胖滩鼐脊薪颜贺值傲.exe
exception.exception_code: 0xc0000096
exception.offset: 10371267
exception.address: 0xde40c3
success 0 0
Detects the presence of Wine emulator (1 个事件)
registry HKEY_CURRENT_USER\Software\Wine
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-04-29 13:22:28

Imports

Library KERNEL32.dll:
0x47b170 lstrcmpiA
0x47b174 SetEndOfFile
0x47b178 UnlockFile
0x47b17c LockFile
0x47b180 FlushFileBuffers
0x47b184 SetFilePointer
0x47b188 DuplicateHandle
0x47b18c lstrcpynA
0x47b190 SetLastError
0x47b19c LocalFree
0x47b1a4 WideCharToMultiByte
0x47b1a8 MultiByteToWideChar
0x47b1ac GetCurrentProcess
0x47b1b4 GetSystemDirectoryA
0x47b1b8 CreateSemaphoreA
0x47b1bc ResumeThread
0x47b1c0 ReleaseSemaphore
0x47b1c4 SetStdHandle
0x47b1c8 IsBadCodePtr
0x47b1cc IsBadReadPtr
0x47b1d0 CompareStringW
0x47b1d4 CompareStringA
0x47b1dc GetStringTypeW
0x47b1e0 GetStringTypeA
0x47b1e4 IsBadWritePtr
0x47b1e8 VirtualAlloc
0x47b1ec LCMapStringW
0x47b1f0 LCMapStringA
0x47b1f8 VirtualFree
0x47b1fc HeapCreate
0x47b200 HeapDestroy
0x47b208 GetFileType
0x47b20c GetStdHandle
0x47b210 SetHandleCount
0x47b228 GetACP
0x47b22c HeapSize
0x47b238 GetProfileStringA
0x47b23c WriteFile
0x47b244 CreateFileA
0x47b248 SetEvent
0x47b24c FindResourceA
0x47b250 LoadResource
0x47b254 LockResource
0x47b258 ReadFile
0x47b25c GetModuleFileNameA
0x47b260 GetCurrentThreadId
0x47b264 ExitProcess
0x47b268 GlobalSize
0x47b26c GlobalFree
0x47b278 lstrcatA
0x47b27c lstrlenA
0x47b280 WinExec
0x47b284 lstrcpyA
0x47b288 FindNextFileA
0x47b28c GlobalReAlloc
0x47b290 HeapFree
0x47b294 HeapReAlloc
0x47b298 GetProcessHeap
0x47b29c HeapAlloc
0x47b2a0 GetFullPathNameA
0x47b2a4 FreeLibrary
0x47b2a8 LoadLibraryA
0x47b2ac GetLastError
0x47b2b0 GetVersionExA
0x47b2bc CreateThread
0x47b2c0 CreateEventA
0x47b2c4 Sleep
0x47b2c8 GlobalAlloc
0x47b2cc GlobalLock
0x47b2d0 GlobalUnlock
0x47b2d4 GetTempPathA
0x47b2d8 FindFirstFileA
0x47b2dc FindClose
0x47b2e0 TerminateProcess
0x47b2e4 GetLocalTime
0x47b2e8 GetSystemTime
0x47b2f0 RaiseException
0x47b2f4 RtlUnwind
0x47b2f8 GetStartupInfoA
0x47b2fc GetOEMCP
0x47b300 GetCPInfo
0x47b304 GetProcessVersion
0x47b308 SetErrorMode
0x47b30c GlobalFlags
0x47b310 GetCurrentThread
0x47b314 GetFileTime
0x47b318 GetFileSize
0x47b31c TlsGetValue
0x47b320 LocalReAlloc
0x47b324 TlsSetValue
0x47b328 TlsFree
0x47b32c GlobalHandle
0x47b330 TlsAlloc
0x47b334 GetFileAttributesA
0x47b338 DeleteFileA
0x47b344 GetModuleHandleA
0x47b348 GetProcAddress
0x47b34c MulDiv
0x47b350 GetCommandLineA
0x47b354 GetTickCount
0x47b358 CreateProcessA
0x47b35c WaitForSingleObject
0x47b360 CloseHandle
0x47b364 GlobalDeleteAtom
0x47b368 LocalAlloc
0x47b36c lstrcmpA
0x47b370 GetVersion
0x47b374 GlobalGetAtomNameA
0x47b378 GlobalAddAtomA
0x47b37c GlobalFindAtomA
Library USER32.dll:
0x47b3a8 WaitForInputIdle
0x47b3ac wsprintfA
0x47b3b0 CloseClipboard
0x47b3b4 GetClipboardData
0x47b3b8 OpenClipboard
0x47b3bc SetClipboardData
0x47b3c0 EmptyClipboard
0x47b3c4 GetSystemMetrics
0x47b3c8 GetCursorPos
0x47b3cc MessageBoxA
0x47b3d0 SetWindowPos
0x47b3d4 SendMessageA
0x47b3d8 DestroyCursor
0x47b3dc SetParent
0x47b3e0 IsWindow
0x47b3e4 PostMessageA
0x47b3e8 GetTopWindow
0x47b3ec GetParent
0x47b3f0 GetFocus
0x47b3f4 GetClientRect
0x47b3f8 InvalidateRect
0x47b3fc ValidateRect
0x47b400 UpdateWindow
0x47b404 EqualRect
0x47b408 GetWindowRect
0x47b40c SetForegroundWindow
0x47b410 DestroyMenu
0x47b414 IsChild
0x47b418 ReleaseDC
0x47b41c IsRectEmpty
0x47b420 FillRect
0x47b424 GetDC
0x47b428 SetCursor
0x47b42c LoadCursorA
0x47b430 SetCursorPos
0x47b434 SetActiveWindow
0x47b438 GetSysColor
0x47b43c SetWindowLongA
0x47b440 GetWindowLongA
0x47b444 RedrawWindow
0x47b448 EnableWindow
0x47b44c IsWindowVisible
0x47b450 OffsetRect
0x47b454 PtInRect
0x47b458 DestroyIcon
0x47b45c IntersectRect
0x47b460 InflateRect
0x47b464 SetRect
0x47b468 SetScrollPos
0x47b46c SetScrollRange
0x47b470 GetScrollRange
0x47b474 SetCapture
0x47b478 GetCapture
0x47b47c ReleaseCapture
0x47b480 GetForegroundWindow
0x47b484 LoadIconA
0x47b488 TranslateMessage
0x47b48c DrawFrameControl
0x47b490 DrawEdge
0x47b494 DrawFocusRect
0x47b498 WindowFromPoint
0x47b49c GetMessageA
0x47b4a0 DispatchMessageA
0x47b4a4 SetRectEmpty
0x47b4b4 DrawIconEx
0x47b4b8 CreatePopupMenu
0x47b4bc AppendMenuA
0x47b4c0 ModifyMenuA
0x47b4c4 CreateMenu
0x47b4cc GetDlgCtrlID
0x47b4d0 GetSubMenu
0x47b4d4 EnableMenuItem
0x47b4d8 ClientToScreen
0x47b4e0 LoadImageA
0x47b4e8 ShowWindow
0x47b4ec IsWindowEnabled
0x47b4f4 GetKeyState
0x47b4fc PostQuitMessage
0x47b500 IsZoomed
0x47b504 GetWindowTextA
0x47b50c CharUpperA
0x47b510 GetWindowDC
0x47b514 BeginPaint
0x47b518 EndPaint
0x47b51c TabbedTextOutA
0x47b520 DrawTextA
0x47b524 GrayStringA
0x47b528 GetDlgItem
0x47b52c DestroyWindow
0x47b534 EndDialog
0x47b538 GetNextDlgTabItem
0x47b53c GetWindowPlacement
0x47b544 GetLastActivePopup
0x47b548 GetMessageTime
0x47b54c RemovePropA
0x47b550 CallWindowProcA
0x47b554 GetPropA
0x47b558 UnhookWindowsHookEx
0x47b55c SetPropA
0x47b560 GetClassLongA
0x47b564 CallNextHookEx
0x47b568 SetWindowsHookExA
0x47b56c CreateWindowExA
0x47b570 GetMenuItemID
0x47b574 GetMenuItemCount
0x47b578 RegisterClassA
0x47b57c GetScrollPos
0x47b580 UnregisterClassA
0x47b584 AdjustWindowRectEx
0x47b588 MapWindowPoints
0x47b58c SendDlgItemMessageA
0x47b590 ScrollWindowEx
0x47b594 IsDialogMessageA
0x47b598 SetWindowTextA
0x47b59c MoveWindow
0x47b5a0 CheckMenuItem
0x47b5a4 SetMenuItemBitmaps
0x47b5a8 GetMenuState
0x47b5b0 GetClassNameA
0x47b5b4 GetDesktopWindow
0x47b5b8 LoadStringA
0x47b5bc GetSysColorBrush
0x47b5c0 GetClassInfoA
0x47b5c4 DefWindowProcA
0x47b5c8 GetMenu
0x47b5cc SetMenu
0x47b5d0 PeekMessageA
0x47b5d4 IsIconic
0x47b5d8 SetFocus
0x47b5dc GetActiveWindow
0x47b5e0 GetWindow
0x47b5e8 SetWindowRgn
0x47b5ec GetMessagePos
0x47b5f0 ScreenToClient
0x47b5f8 CopyRect
0x47b5fc LoadBitmapA
0x47b600 WinHelpA
0x47b604 KillTimer
0x47b608 SetTimer
Library GDI32.dll:
0x47b024 GetClipRgn
0x47b028 CreatePolygonRgn
0x47b02c SelectClipRgn
0x47b030 DeleteObject
0x47b034 CreateDIBitmap
0x47b03c CreatePalette
0x47b040 StretchBlt
0x47b044 SelectPalette
0x47b048 RealizePalette
0x47b04c GetDIBits
0x47b050 GetWindowExtEx
0x47b054 GetViewportOrgEx
0x47b058 GetWindowOrgEx
0x47b05c BeginPath
0x47b060 EndPath
0x47b064 PathToRegion
0x47b068 CreateEllipticRgn
0x47b06c CreateRoundRectRgn
0x47b070 GetTextColor
0x47b074 GetBkMode
0x47b078 GetBkColor
0x47b07c GetROP2
0x47b080 GetStretchBltMode
0x47b084 GetPolyFillMode
0x47b08c CreateDCA
0x47b090 CreateBitmap
0x47b094 SelectObject
0x47b098 GetObjectA
0x47b09c CreatePen
0x47b0a0 PatBlt
0x47b0a4 CombineRgn
0x47b0a8 CreateRectRgn
0x47b0ac SetStretchBltMode
0x47b0b0 CreateSolidBrush
0x47b0b4 GetStockObject
0x47b0b8 CreateFontIndirectA
0x47b0bc EndPage
0x47b0c0 EndDoc
0x47b0c4 DeleteDC
0x47b0c8 StartDocA
0x47b0cc StartPage
0x47b0d0 BitBlt
0x47b0d4 CreateCompatibleDC
0x47b0d8 Ellipse
0x47b0dc Rectangle
0x47b0e0 LPtoDP
0x47b0e4 DPtoLP
0x47b0e8 GetCurrentObject
0x47b0ec RoundRect
0x47b0f4 GetDeviceCaps
0x47b0f8 SaveDC
0x47b0fc RestoreDC
0x47b100 SetBkMode
0x47b104 SetPolyFillMode
0x47b108 SetROP2
0x47b10c SetTextColor
0x47b110 SetMapMode
0x47b114 SetViewportOrgEx
0x47b118 OffsetViewportOrgEx
0x47b11c SetViewportExtEx
0x47b120 ScaleViewportExtEx
0x47b124 SetWindowOrgEx
0x47b128 SetWindowExtEx
0x47b12c ScaleWindowExtEx
0x47b130 GetClipBox
0x47b134 ExcludeClipRect
0x47b138 MoveToEx
0x47b13c LineTo
0x47b144 SetBkColor
0x47b148 FillRgn
0x47b14c GetTextMetricsA
0x47b150 Escape
0x47b154 ExtTextOutA
0x47b158 TextOutA
0x47b15c RectVisible
0x47b160 PtVisible
0x47b164 GetViewportExtEx
0x47b168 ExtSelectClipRgn
Library WINMM.dll:
0x47b610 midiStreamRestart
0x47b614 midiStreamClose
0x47b618 midiOutReset
0x47b61c midiStreamStop
0x47b620 midiStreamOut
0x47b628 midiStreamProperty
0x47b62c midiStreamOpen
0x47b634 waveOutOpen
0x47b638 waveOutGetNumDevs
0x47b63c waveOutClose
0x47b640 waveOutReset
0x47b644 waveOutPause
0x47b648 waveOutWrite
Library WINSPOOL.DRV:
0x47b658 ClosePrinter
0x47b65c DocumentPropertiesA
0x47b660 OpenPrinterA
Library ADVAPI32.dll:
0x47b000 RegCloseKey
0x47b004 RegOpenKeyExA
0x47b008 RegSetValueExA
0x47b00c RegQueryValueA
0x47b010 RegCreateKeyExA
Library SHELL32.dll:
0x47b398 ShellExecuteA
0x47b39c Shell_NotifyIconA
Library ole32.dll:
0x47b6a4 OleUninitialize
0x47b6a8 OleInitialize
0x47b6ac CLSIDFromString
Library OLEAUT32.dll:
0x47b388 UnRegisterTypeLib
0x47b38c RegisterTypeLib
0x47b390 LoadTypeLib
Library COMCTL32.dll:
0x47b018 ImageList_Destroy
0x47b01c
Library WS2_32.dll:
0x47b668 recv
0x47b66c getpeername
0x47b670 accept
0x47b674 recvfrom
0x47b678 ioctlsocket
0x47b67c WSAAsyncSelect
0x47b680 closesocket
0x47b684 WSACleanup
0x47b688 inet_ntoa
Library comdlg32.dll:
0x47b690 GetFileTitleA
0x47b694 GetSaveFileNameA
0x47b698 GetOpenFileNameA
0x47b69c ChooseColorA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51966 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.