14.4
0-day
53 个模型检测该样本为恶意!
重新分析
更多

47e9841c99f3e198a715263f76861e997d807a085ce69c6288bfe97227242ed9

4b77629ce08bbc175faceb45abe68a45.exe

分析耗时

244s

最近分析

文件大小

460.0KB
静态报毒 动态报毒 AGEN AI SCORE=100 ARTEMIS ATTRIBUTE CONFIDENCE CQ0@AEI4OREI CXFO7O0B8R0 FILEREPMALWARE FRJG GENERIC@ML GENERICKD HIGH CONFIDENCE HIGHCONFIDENCE HOAX HPOYXX IDZW KRYPTIK MALWARE@#KPBJ2XTM7GSI MILICRY PEPZ RDML SAGE SAGECRYPT SCORE STATIC AI SUSGEN SUSPICIOUS PE UNSAFE XKMUBKERWOOBLYCRPN9PMQ YMACCO ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!4B77629CE08B 20201211 6.0.6.653
Alibaba Trojan:Win32/SageCrypt.357be2b8 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast 20201210 21.1.5827.0
Tencent Win32.Trojan.Sagecrypt.Pepz 20201211 1.0.0.1
静态指标
Queries for the computername (6 个事件)
Time & API Arguments Status Return Repeated
1619489207.434999
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619489207.825626
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619489263.960439
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619489287.085439
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619489350.476438
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
1619489350.476438
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Checks if process is being debugged by a debugger (5 个事件)
Time & API Arguments Status Return Repeated
1619489196.871999
IsDebuggerPresent
failed 0 0
1619489206.653249
IsDebuggerPresent
failed 0 0
1619489236.038439
IsDebuggerPresent
failed 0 0
1619489276.835439
IsDebuggerPresent
failed 0 0
1619489280.495287
IsDebuggerPresent
failed 0 0
Command line console output was observed (3 个事件)
Time & API Arguments Status Return Repeated
1619489273.185626
WriteConsoleW
buffer: 成功: 成功创建计划任务 "N0mFUQoa"。
console_handle: 0x00000007
success 1 0
1619489347.851438
WriteConsoleW
buffer: vssadmin 1.1 - 卷影复制服务管理命令行工具 (C) 版权所有 2001-2005 Microsoft Corp.
console_handle: 0x00000007
success 1 0
1619489350.914438
WriteConsoleW
buffer: 错误: 意外故障: 没有注册类
console_handle: 0x00000007
success 1 0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\MachineGuid
The file contains an unknown PE resource name possibly indicative of a packer (2 个事件)
resource name BIN
resource name None
One or more processes crashed (50 out of 22920 个事件)
Time & API Arguments Status Return Repeated
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 7
registers.ebx: 0
registers.esi: 0
registers.ecx: 2132881256
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 10
registers.ebx: 4294847776
registers.esi: 1
registers.ecx: 2132881257
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 13
registers.ebx: 1243341192
registers.esi: 2
registers.ecx: 2132881258
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 16
registers.ebx: 2064738752
registers.esi: 3
registers.ecx: 2132881259
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 19
registers.ebx: 119514832
registers.esi: 4
registers.ecx: 2132881260
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 22
registers.ebx: 3714537840
registers.esi: 5
registers.ecx: 2132881261
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 25
registers.ebx: 2366395888
registers.esi: 6
registers.ecx: 2132881262
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 28
registers.ebx: 407584488
registers.esi: 7
registers.ecx: 2132881263
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 31
registers.ebx: 443616544
registers.esi: 8
registers.ecx: 2132881264
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 34
registers.ebx: 4006033736
registers.esi: 9
registers.ecx: 2132881265
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 37
registers.ebx: 2808015048
registers.esi: 10
registers.ecx: 2132881266
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 40
registers.ebx: 4151677824
registers.esi: 11
registers.ecx: 2132881267
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 43
registers.ebx: 4170916952
registers.esi: 12
registers.ecx: 2132881268
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 46
registers.ebx: 269523736
registers.esi: 13
registers.ecx: 2132881269
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 49
registers.ebx: 1088888704
registers.esi: 14
registers.ecx: 2132881270
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 52
registers.ebx: 1674914440
registers.esi: 15
registers.ecx: 2132881271
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 55
registers.ebx: 23553288
registers.esi: 16
registers.ecx: 2132881272
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 58
registers.ebx: 2925403320
registers.esi: 17
registers.ecx: 2132881273
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 61
registers.ebx: 1632288096
registers.esi: 18
registers.ecx: 2132881274
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 64
registers.ebx: 2858847480
registers.esi: 19
registers.ecx: 2132881275
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 67
registers.ebx: 1773349168
registers.esi: 20
registers.ecx: 2132881276
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 70
registers.ebx: 2484891328
registers.esi: 21
registers.ecx: 2132881277
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 73
registers.ebx: 4235007392
registers.esi: 22
registers.ecx: 2132881278
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 76
registers.ebx: 3150009960
registers.esi: 23
registers.ecx: 2132881279
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 79
registers.ebx: 3123945440
registers.esi: 24
registers.ecx: 2132881280
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 82
registers.ebx: 2729553512
registers.esi: 25
registers.ecx: 2132881281
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 85
registers.ebx: 116663152
registers.esi: 26
registers.ecx: 2132881282
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 88
registers.ebx: 1929485536
registers.esi: 27
registers.ecx: 2132881283
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 91
registers.ebx: 1123823896
registers.esi: 28
registers.ecx: 2132881284
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 94
registers.ebx: 2610524968
registers.esi: 29
registers.ecx: 2132881285
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 97
registers.ebx: 2870777160
registers.esi: 30
registers.ecx: 2132881286
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 100
registers.ebx: 3600119536
registers.esi: 31
registers.ecx: 2132881287
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 103
registers.ebx: 2750485024
registers.esi: 32
registers.ecx: 2132881288
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 106
registers.ebx: 2462435720
registers.esi: 33
registers.ecx: 2132881289
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 109
registers.ebx: 3830323744
registers.esi: 34
registers.ecx: 2132881290
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 112
registers.ebx: 846886312
registers.esi: 35
registers.ecx: 2132881291
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 115
registers.ebx: 2647678112
registers.esi: 36
registers.ecx: 2132881292
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 118
registers.ebx: 1174464512
registers.esi: 37
registers.ecx: 2132881293
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 121
registers.ebx: 3239877392
registers.esi: 38
registers.ecx: 2132881294
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 124
registers.ebx: 1501659968
registers.esi: 39
registers.ecx: 2132881295
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 127
registers.ebx: 2919969840
registers.esi: 40
registers.ecx: 2132881296
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 130
registers.ebx: 1020158624
registers.esi: 41
registers.ecx: 2132881297
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 133
registers.ebx: 3997210600
registers.esi: 42
registers.ecx: 2132881298
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 136
registers.ebx: 4042802232
registers.esi: 43
registers.ecx: 2132881299
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 139
registers.ebx: 1173635528
registers.esi: 44
registers.ecx: 2132881300
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 142
registers.ebx: 909865824
registers.esi: 45
registers.ecx: 2132881301
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 145
registers.ebx: 2087607752
registers.esi: 46
registers.ecx: 2132881302
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 148
registers.ebx: 214155792
registers.esi: 47
registers.ecx: 2132881303
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 151
registers.ebx: 3783441992
registers.esi: 48
registers.ecx: 2132881304
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
1619489202.262999
__exception__
stacktrace: 
0x18eeec

registers.esp: 1632464
registers.edi: 0
registers.eax: 0
registers.ebp: 1632588
registers.edx: 154
registers.ebx: 870570984
registers.esi: 49
registers.ecx: 2132881305
exception.instruction_r: 89 08 c7 45 fc fe ff ff ff 8b 45 d4 eb 2c 8b 45
exception.symbol: 4b77629ce08bbc175faceb45abe68a45+0x27da
exception.instruction: mov dword ptr [eax], ecx
exception.module: 4b77629ce08bbc175faceb45abe68a45.exe
exception.exception_code: 0xc0000005
exception.offset: 10202
exception.address: 0x4027da
success 0 0
行为判定
动态指标
Communication to multiple IPs on high port numbers possibly indicative of a peer-to-peer (P2P) or non-standard command and control protocol (50 out of 7698 个事件)
ip 138.197.0.129
ip 138.197.0.154
ip 138.197.0.17
ip 138.197.0.194
ip 138.197.0.201
ip 138.197.0.24
ip 138.197.0.89
ip 138.197.1.125
ip 138.197.1.135
ip 138.197.1.169
ip 138.197.1.179
ip 138.197.1.213
ip 138.197.1.47
ip 138.197.1.49
ip 138.197.1.91
ip 138.197.10.121
ip 138.197.10.137
ip 138.197.10.15
ip 138.197.10.186
ip 138.197.10.202
ip 138.197.10.56
ip 138.197.10.72
ip 138.197.100.194
ip 138.197.100.195
ip 138.197.100.220
ip 138.197.100.221
ip 138.197.100.222
ip 138.197.100.48
ip 138.197.100.49
ip 138.197.100.50
ip 138.197.100.51
ip 138.197.100.76
ip 138.197.101.123
ip 138.197.101.150
ip 138.197.101.177
ip 138.197.101.2
ip 138.197.101.229
ip 138.197.101.236
ip 138.197.101.61
ip 138.197.101.88
ip 138.197.102.123
ip 138.197.102.144
ip 138.197.102.169
ip 138.197.102.198
ip 138.197.102.227
ip 138.197.102.40
ip 138.197.102.69
ip 138.197.102.94
ip 138.197.103.114
ip 138.197.103.158
Allocates read-write-execute memory (usually to unpack itself) (50 out of 229 个事件)
Time & API Arguments Status Return Repeated
1619489201.762999
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 1343488
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x0daa0000
success 0 0
1619489201.762999
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 159744
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0db60000
success 0 0
1619489205.840999
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02460000
success 0 0
1619489205.871999
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02460000
success 0 0
1619489205.887999
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02460000
success 0 0
1619489205.902999
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02460000
success 0 0
1619489205.918999
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02460000
success 0 0
1619489205.949999
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02460000
success 0 0
1619489205.965999
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02460000
success 0 0
1619489205.980999
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02460000
success 0 0
1619489206.012999
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02460000
success 0 0
1619489206.027999
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02460000
success 0 0
1619489206.043999
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02460000
success 0 0
1619489206.074999
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02460000
success 0 0
1619489206.090999
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02460000
success 0 0
1619489206.121999
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02460000
success 0 0
1619489206.137999
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02460000
success 0 0
1619489206.168999
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02460000
success 0 0
1619489206.184999
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02460000
success 0 0
1619489206.199999
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02460000
success 0 0
1619489206.215999
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02460000
success 0 0
1619489206.230999
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02460000
success 0 0
1619489206.246999
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02460000
success 0 0
1619489206.262999
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02460000
success 0 0
1619489206.277999
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02460000
success 0 0
1619489206.293999
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02460000
success 0 0
1619489206.324999
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02460000
success 0 0
1619489206.340999
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02460000
success 0 0
1619489206.355999
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02460000
success 0 0
1619489206.371999
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02460000
success 0 0
1619489206.387999
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02460000
success 0 0
1619489206.402999
NtProtectVirtualMemory
process_identifier: 2236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619489206.402999
NtProtectVirtualMemory
process_identifier: 2236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00401000
success 0 0
1619489206.402999
NtProtectVirtualMemory
process_identifier: 2236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00402000
success 0 0
1619489206.402999
NtProtectVirtualMemory
process_identifier: 2236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00403000
success 0 0
1619489206.402999
NtProtectVirtualMemory
process_identifier: 2236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00404000
success 0 0
1619489206.402999
NtProtectVirtualMemory
process_identifier: 2236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00405000
success 0 0
1619489206.402999
NtProtectVirtualMemory
process_identifier: 2236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00406000
success 0 0
1619489206.402999
NtProtectVirtualMemory
process_identifier: 2236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00407000
success 0 0
1619489206.402999
NtProtectVirtualMemory
process_identifier: 2236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00408000
success 0 0
1619489206.402999
NtProtectVirtualMemory
process_identifier: 2236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00409000
success 0 0
1619489206.402999
NtProtectVirtualMemory
process_identifier: 2236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0040a000
success 0 0
1619489206.402999
NtProtectVirtualMemory
process_identifier: 2236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0040b000
success 0 0
1619489206.402999
NtProtectVirtualMemory
process_identifier: 2236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0040c000
success 0 0
1619489206.402999
NtProtectVirtualMemory
process_identifier: 2236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0040d000
success 0 0
1619489206.402999
NtProtectVirtualMemory
process_identifier: 2236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0040e000
success 0 0
1619489206.402999
NtProtectVirtualMemory
process_identifier: 2236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x0040f000
success 0 0
1619489206.402999
NtProtectVirtualMemory
process_identifier: 2236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00410000
success 0 0
1619489206.402999
NtProtectVirtualMemory
process_identifier: 2236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00411000
success 0 0
1619489206.402999
NtProtectVirtualMemory
process_identifier: 2236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00412000
success 0 0
Creates executable files on the filesystem (2 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f252888.vbs
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Rj3fNWF3.exe
Creates a suspicious process (4 个事件)
cmdline bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures
cmdline "C:\Windows\System32\schtasks.exe" /CREATE /TN "N0mFUQoa" /TR "C:\Users\Administrator.Oskar-PC\AppData\Roaming\Rj3fNWF3.exe" /SC ONLOGON /RL HIGHEST /F
cmdline bcdedit.exe /set {default} recoveryenabled no
cmdline schtasks /CREATE /TN "N0mFUQoa" /TR "C:\Users\Administrator.Oskar-PC\AppData\Roaming\Rj3fNWF3.exe" /SC ONLOGON /RL HIGHEST /F
Drops a binary and executes it (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f252888.vbs
Drops an executable to the user AppData folder (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\4b77629ce08bbc175faceb45abe68a45.exe
A process created a hidden window (3 个事件)
Time & API Arguments Status Return Repeated
1619489207.434999
ShellExecuteExW
parameters: /CREATE /TN "N0mFUQoa" /TR "C:\Users\Administrator.Oskar-PC\AppData\Roaming\Rj3fNWF3.exe" /SC ONLOGON /RL HIGHEST /F
filepath: schtasks
filepath_r: schtasks
show_type: 0
success 1 0
1619489284.152999
ShellExecuteExW
parameters:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\f252888.vbs
filepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\f252888.vbs
show_type: 0
success 1 0
1619489342.475439
ShellExecuteExW
parameters: delete shadows /all /quiet
filepath: vssadmin.exe
filepath_r: vssadmin.exe
show_type: 0
success 1 0
Moves the original executable to a new location (1 个事件)
Time & API Arguments Status Return Repeated
1619489284.184999
MoveFileWithProgressW
oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\4b77629ce08bbc175faceb45abe68a45.exe
newfilepath:
newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\4b77629ce08bbc175faceb45abe68a45.exe
success 1 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.164080070441224 section {'size_of_data': '0x00024000', 'virtual_address': '0x00051000', 'entropy': 7.164080070441224, 'name': '.rsrc', 'virtual_size': '0x000230bc'} description A section with a high entropy has been found
entropy 0.3157894736842105 description Overall entropy of this PE file is high
Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)
Time & API Arguments Status Return Repeated
1619489347.117438
LookupPrivilegeValueW
system_name:
privilege_name: SeBackupPrivilege
success 1 0
Uses Windows utilities for basic Windows functionality (2 个事件)
cmdline "C:\Windows\System32\schtasks.exe" /CREATE /TN "N0mFUQoa" /TR "C:\Users\Administrator.Oskar-PC\AppData\Roaming\Rj3fNWF3.exe" /SC ONLOGON /RL HIGHEST /F
cmdline schtasks /CREATE /TN "N0mFUQoa" /TR "C:\Users\Administrator.Oskar-PC\AppData\Roaming\Rj3fNWF3.exe" /SC ONLOGON /RL HIGHEST /F
网络通信
Communicates with host for which no DNS query was performed (50 out of 7699 个事件)
host 138.197.0.129
host 138.197.0.154
host 138.197.0.17
host 138.197.0.194
host 138.197.0.201
host 138.197.0.24
host 138.197.0.89
host 138.197.1.125
host 138.197.1.135
host 138.197.1.169
host 138.197.1.179
host 138.197.1.213
host 138.197.1.47
host 138.197.1.49
host 138.197.1.91
host 138.197.10.121
host 138.197.10.137
host 138.197.10.15
host 138.197.10.186
host 138.197.10.202
host 138.197.10.56
host 138.197.10.72
host 138.197.100.194
host 138.197.100.195
host 138.197.100.220
host 138.197.100.221
host 138.197.100.222
host 138.197.100.48
host 138.197.100.49
host 138.197.100.50
host 138.197.100.51
host 138.197.100.76
host 138.197.101.123
host 138.197.101.150
host 138.197.101.177
host 138.197.101.2
host 138.197.101.229
host 138.197.101.236
host 138.197.101.61
host 138.197.101.88
host 138.197.102.123
host 138.197.102.144
host 138.197.102.169
host 138.197.102.198
host 138.197.102.227
host 138.197.102.40
host 138.197.102.69
host 138.197.102.94
host 138.197.103.114
host 138.197.103.158
Enumerates services, possibly for anti-virtualization (1 个事件)
Time & API Arguments Status Return Repeated
1619489338.757439
EnumServicesStatusW
service_handle: 0x0ccd3fa8
service_type: 48
service_status: 3
success 1 0
Installs itself for autorun at Windows startup (2 个事件)
cmdline "C:\Windows\System32\schtasks.exe" /CREATE /TN "N0mFUQoa" /TR "C:\Users\Administrator.Oskar-PC\AppData\Roaming\Rj3fNWF3.exe" /SC ONLOGON /RL HIGHEST /F
cmdline schtasks /CREATE /TN "N0mFUQoa" /TR "C:\Users\Administrator.Oskar-PC\AppData\Roaming\Rj3fNWF3.exe" /SC ONLOGON /RL HIGHEST /F
Runs bcdedit commands specific to ransomware (2 个事件)
cmdline bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures
cmdline bcdedit.exe /set {default} recoveryenabled no
Removes the Shadow Copy to avoid recovery of the system (1 个事件)
cmdline vssadmin.exe delete shadows /all /quiet
Uses suspicious command line tools or Windows utilities (2 个事件)
cmdline vssadmin.exe delete shadows /all /quiet
cmdline "C:\Windows\System32\vssadmin.exe" delete shadows /all /quiet
The process wscript.exe wrote an executable file to disk (1 个事件)
file C:\Windows\SysWOW64\wscript.exe
Detects VirtualBox through the presence of a device (2 个事件)
file \??\VBoxGuest
file \??\VBoxMiniRdrDN
Detects VirtualBox through the presence of a file (1 个事件)
dll C:\Windows\system32\VBoxMRXNP.dll
Generates some ICMP traffic
File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.34250028
FireEye Generic.mg.4b77629ce08bbc17
McAfee Artemis!4B77629CE08B
Cylance Unsafe
Zillya Trojan.SageCrypt.Win32.228
Sangfor Malware
K7AntiVirus Trojan ( 0050bcf41 )
Alibaba Trojan:Win32/SageCrypt.357be2b8
K7GW Trojan ( 0050bcf41 )
CrowdStrike win/malicious_confidence_90% (W)
BitDefenderTheta Gen:NN.ZexaF.34670.Cq0@aeI4orei
Cyren W32/Trojan.IDZW-8926
Symantec ML.Attribute.HighConfidence
APEX Malicious
Kaspersky Trojan-Ransom.Win32.SageCrypt.dis
BitDefender Trojan.GenericKD.34250028
NANO-Antivirus Trojan.Win32.SageCrypt.hpoyxx
Paloalto generic.ml
Rising Trojan.Generic@ML.88 (RDML:xKMuBkErwooBLYcrpn9pMQ)
Ad-Aware Trojan.GenericKD.34250028
Comodo Malware@#kpbj2xtm7gsi
DrWeb Trojan.Encoder.10894
VIPRE Trojan.Win32.Generic!BT
TrendMicro Mal_MiliCry-1c
McAfee-GW-Edition BehavesLike.Win32.Worm.gh
Sophos Mal/Generic-S
SentinelOne Static AI - Suspicious PE
Jiangmin Trojan.SageCrypt.pw
Avira HEUR/AGEN.1105973
MAX malware (ai score=100)
Antiy-AVL Trojan[Ransom]/Win32.SageCrypt
Gridinsoft Ransom.Win32.Kryptik.oa
Arcabit Trojan.Generic.D20A9D2C
AegisLab Trojan.Win32.SageCrypt.j!c
ZoneAlarm Trojan-Ransom.Win32.SageCrypt.dis
Microsoft Trojan:Win32/Ymacco.AA47
Cynet Malicious (score: 100)
AhnLab-V3 Win-Trojan/Sagecrypt.Gen
VBA32 Hoax.SageCrypt
ALYac Trojan.Ransom.Sage
Malwarebytes Ransom.Sage
ESET-NOD32 a variant of Win32/Kryptik.FRJG
TrendMicro-HouseCall Mal_MiliCry-1c
Tencent Win32.Trojan.Sagecrypt.Pepz
Yandex Trojan.SageCrypt!cxfO7O0b8R0
Ikarus Trojan.Win32.Crypt
MaxSecure Trojan.Malware.104390505.susgen
Fortinet W32/SageCrypt.DIS!tr
AVG FileRepMalware
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.78:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2017-04-18 16:03:56

Imports

Library KERNEL32.dll:
0x438084 LCMapStringA
0x438088 LoadLibraryA
0x43808c GetConsoleMode
0x438090 GetConsoleCP
0x438094 FlushFileBuffers
0x438098 SetHandleCount
0x4380b0 GetCurrentProcessId
0x4380b8 GetUserDefaultLCID
0x4380bc EnumSystemLocalesA
0x4380c0 LCMapStringW
0x4380c4 IsValidLocale
0x4380c8 GetLocaleInfoA
0x4380cc GetStringTypeW
0x4380d0 GetStringTypeA
0x4380d4 MultiByteToWideChar
0x4380d8 GetStdHandle
0x4380dc WideCharToMultiByte
0x4380e0 OutputDebugStringW
0x4380e4 GetFileType
0x4380e8 WriteConsoleW
0x4380ec OutputDebugStringA
0x4380f0 WriteFile
0x4380f4 DebugBreak
0x4380f8 SetStdHandle
0x4380fc WriteConsoleA
0x438100 GetConsoleOutputCP
0x438104 SetFilePointer
0x438108 CloseHandle
0x43810c GetLastError
0x438110 lstrcpyA
0x438118 GetLogicalDrives
0x43811c GetDriveTypeA
0x438120 GetLocalTime
0x438128 GetLocaleInfoW
0x43812c GetDateFormatW
0x438130 GetThreadContext
0x438134 GetConsoleTitleA
0x438138 GetModuleHandleA
0x43813c GetProcAddress
0x438140 IsValidCodePage
0x438144 GetModuleHandleW
0x438148 SetLastError
0x43814c TlsFree
0x438150 GetCurrentThreadId
0x438154 FindFirstFileA
0x438158 FindNextFileA
0x43815c TlsSetValue
0x438160 TlsAlloc
0x438164 TlsGetValue
0x438168 GetCPInfo
0x43816c GetOEMCP
0x438170 GetACP
0x438174 ExitProcess
0x438178 FindClose
0x43817c ReadFile
0x438180 GetTickCount
0x438184 VirtualAlloc
0x438188 VirtualFree
0x43818c HeapCreate
0x438190 HeapDestroy
0x438194 HeapReAlloc
0x438198 CreateFileA
0x43819c LoadLibraryW
0x4381a0 GetModuleFileNameA
0x4381a4 FatalAppExitA
0x4381a8 GetStartupInfoA
0x4381ac GetProcessHeap
0x4381b0 HeapAlloc
0x4381b4 GetVersionExA
0x4381b8 HeapFree
0x4381bc GetCommandLineA
0x4381c0 RtlUnwind
0x4381c4 GetModuleFileNameW
0x4381c8 IsDebuggerPresent
0x4381e4 HeapValidate
0x4381e8 IsBadReadPtr
0x4381ec RaiseException
0x4381f0 TerminateProcess
0x4381f4 GetCurrentProcess
Library USER32.dll:
0x438224 BeginPaint
0x438228 IsWindowEnabled
0x43822c CheckDlgButton
0x438230 HideCaret
0x438234 GetWindowTextW
0x438238 PostQuitMessage
0x43823c WindowFromPoint
0x438240 GetSysColor
0x438244 MessageBoxA
0x438248 GetWindowRect
0x43824c PtInRect
0x438250 GetDC
0x438254 SetCursorPos
0x438258 EnableWindow
0x43825c ShowCursor
0x438260 SetCursor
0x438264 LoadCursorA
0x438268 GetWindowDC
0x43826c ReleaseDC
0x438270 DefWindowProcA
0x438274 GetClientRect
0x438278 GetSysColorBrush
0x43827c FillRect
0x438280 EndPaint
0x438284 wsprintfA
0x43828c DrawFrameControl
0x438290 GetCursorPos
0x438294 ScreenToClient
0x438298 GetMenu
0x43829c MenuItemFromPoint
0x4382a0 GetMenuItemID
0x4382a4 SendMessageW
0x4382a8 IsWindow
0x4382ac GetSubMenu
0x4382b0 GetMenuItemRect
0x4382b4 TrackPopupMenuEx
0x4382b8 MoveWindow
0x4382bc LoadMenuA
0x4382c0 GetSystemMetrics
0x4382c4 GetDlgItem
0x4382c8 SendMessageA
0x4382cc FindWindowA
0x4382d0 PostMessageA
Library GDI32.dll:
0x43801c FillRgn
0x438020 SetWindowExtEx
0x438024 StretchBlt
0x438028 EnumFontFamiliesExA
0x43802c CreateDIBSection
0x438030 BitBlt
0x438034 EnumFontsA
0x438038 CreateRectRgn
0x43803c CombineRgn
0x438040 DeleteObject
0x438044 SaveDC
0x438048 SetGraphicsMode
0x438050 SetViewportOrgEx
0x438054 SetWindowOrgEx
0x438058 GetDeviceCaps
0x438060 CreateBitmap
0x438064 CreateCompatibleDC
0x438068 DeleteDC
0x43806c SelectObject
0x438070 SetTextColor
0x438074 SetBkColor
0x438078 SetTextAlign
Library comdlg32.dll:
0x4382f0 GetOpenFileNameA
Library ADVAPI32.dll:
0x438000 LogonUserA
Library ole32.dll:
0x438310 CoInitialize
Library OLEAUT32.dll:
0x438204 SafeArrayGetUBound
0x438208 SafeArrayGetLBound
0x43820c SafeArraySetIID
0x438210 SafeArrayAccessData
Library AVIFIL32.dll:
Library iphlpapi.dll:
0x438308 GetAdapterOrderMap
Library SHLWAPI.dll:
0x438218 StrToIntExA
0x43821c PathMatchSpecA
Library COMCTL32.dll:
0x438014
Library pdh.dll:
0x438318 PdhCloseQuery
Library gdiplus.dll:
0x438300 GdiplusStartup
Library dbghelp.dll:
0x4382f8 MiniDumpWriteDump
Library WINHTTP.dll:
0x4382d8 WinHttpOpen
0x4382dc WinHttpConnect
0x4382e0 WinHttpCreateUrl
0x4382e4 WinHttpCrackUrl

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 61693 138.197.0.129 13655
192.168.56.101 61694 138.197.0.129 13655
192.168.56.101 61693 138.197.0.154 13655
192.168.56.101 61694 138.197.0.154 13655
192.168.56.101 61693 138.197.0.17 13655
192.168.56.101 61694 138.197.0.17 13655
192.168.56.101 61693 138.197.0.194 13655
192.168.56.101 61694 138.197.0.194 13655
192.168.56.101 61682 138.197.0.201 13655
192.168.56.101 61694 138.197.0.201 13655
192.168.56.101 61693 138.197.0.24 13655
192.168.56.101 61694 138.197.0.24 13655
192.168.56.101 61693 138.197.0.89 13655

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.