7.0
高危
56 个模型检测该样本为恶意!
重新分析
更多

612a1123c2ca0a0c3f077aa506b48cfbbeb815c1c026b82f7a17d6e547b1b138

55aaee46446d832abbad8ed6bde21085.exe

分析耗时

129s

最近分析

文件大小

713.0KB
静态报毒 动态报毒 100% AI SCORE=80 AIDETECTVM ALI2000015 AUTO AUTOIT AVSARHER BT8I9P CLASSIC CONFIDENCE CRYPTERX DELF DELFINJECT DELPHILESS DOWNLOADER34 EMOY EMSE FAREIT HIGH CONFIDENCE HONMFY IZYH KCLOUD KRYPTIK LOKI LOKIBOT MALWARE2 REMCOS SCORE SGW@A8ENLJPI SMAD1 STATIC AI SUSGEN SUSPICIOUS PE SXNLM TSCOPE UNSAFE X2094 ZELPHIF ZUSY 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FVZ!55AAEE46446D 20201227 6.0.6.653
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:CrypterX-gen [Trj] 20201228 21.1.5827.0
Alibaba Trojan:Win32/DelfInject.ali2000015 20190527 0.3.0.5
Kingsoft Win32.Troj.Undef.(kcloud) 20201228 2017.9.26.565
Tencent Win32.Trojan.Inject.Auto 20201228 1.0.0.1
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (14 个事件)
Time & API Arguments Status Return Repeated
1619426986.726731
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7501e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7501ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7501b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7501b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7501ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7501aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x75015511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7501559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x75177f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x75174de3
55aaee46446d832abbad8ed6bde21085+0x40a4d @ 0x440a4d
55aaee46446d832abbad8ed6bde21085+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfdaa14ad
success 0 0
1619451994.244499
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7510e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7510ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7510b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7510b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7510ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7510aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x75105511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7510559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x751c7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x751c4de3
55aaee46446d832abbad8ed6bde21085+0x40a4d @ 0x440a4d
55aaee46446d832abbad8ed6bde21085+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfd9414ad
success 0 0
1619452000.978876
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7501e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7501ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7501b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7501b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7501ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7501aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x75015511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7501559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x75177f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x75174de3
55aaee46446d832abbad8ed6bde21085+0x40a4d @ 0x440a4d
55aaee46446d832abbad8ed6bde21085+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xff1d14ad
success 0 0
1619452006.931501
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7510e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7510ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7510b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7510b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7510ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7510aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x75105511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7510559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x751c7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x751c4de3
55aaee46446d832abbad8ed6bde21085+0x40a4d @ 0x440a4d
55aaee46446d832abbad8ed6bde21085+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfdae14ad
success 0 0
1619452014.041751
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7501e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7501ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7501b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7501b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7501ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7501aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x75015511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7501559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x75177f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x75174de3
55aaee46446d832abbad8ed6bde21085+0x40a4d @ 0x440a4d
55aaee46446d832abbad8ed6bde21085+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfda614ad
success 0 0
1619452019.869374
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7510e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7510ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7510b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7510b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7510ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7510aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x75105511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7510559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x751c7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x751c4de3
55aaee46446d832abbad8ed6bde21085+0x40a4d @ 0x440a4d
55aaee46446d832abbad8ed6bde21085+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xff5114ad
success 0 0
1619452026.087876
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7501e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7501ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7501b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7501b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7501ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7501aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x75015511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7501559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x75177f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x75174de3
55aaee46446d832abbad8ed6bde21085+0x40a4d @ 0x440a4d
55aaee46446d832abbad8ed6bde21085+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xff4814ad
success 0 0
1619452031.838124
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7510e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7510ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7510b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7510b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7510ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7510aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x75105511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7510559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x751c7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x751c4de3
55aaee46446d832abbad8ed6bde21085+0x40a4d @ 0x440a4d
55aaee46446d832abbad8ed6bde21085+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfd9414ad
success 0 0
1619452035.728751
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x750be97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x750bea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x750bb25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x750bb4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x750bac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x750baed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x750b5511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x750b559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x75127f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x75124de3
55aaee46446d832abbad8ed6bde21085+0x40a4d @ 0x440a4d
55aaee46446d832abbad8ed6bde21085+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfda314ad
success 0 0
1619452041.353499
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7501e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7501ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7501b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7501b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7501ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7501aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x75015511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7501559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x751c7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x751c4de3
55aaee46446d832abbad8ed6bde21085+0x40a4d @ 0x440a4d
55aaee46446d832abbad8ed6bde21085+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xff2014ad
success 0 0
1619452048.245249
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x750be97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x750bea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x750bb25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x750bb4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x750bac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x750baed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x750b5511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x750b559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x751c7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x751c4de3
55aaee46446d832abbad8ed6bde21085+0x40a4d @ 0x440a4d
55aaee46446d832abbad8ed6bde21085+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfda314ad
success 0 0
1619452054.541751
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x750be97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x750bea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x750bb25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x750bb4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x750bac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x750baed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x750b5511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x750b559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x751c7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x751c4de3
55aaee46446d832abbad8ed6bde21085+0x40a4d @ 0x440a4d
55aaee46446d832abbad8ed6bde21085+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xff4a14ad
success 0 0
1619452060.353999
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x750be97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x750bea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x750bb25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x750bb4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x750bac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x750baed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x750b5511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x750b559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x751c7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x751c4de3
55aaee46446d832abbad8ed6bde21085+0x40a4d @ 0x440a4d
55aaee46446d832abbad8ed6bde21085+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xff3014ad
success 0 0
1619452066.400751
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x750be97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x750bea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x750bb25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x750bb4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x750bac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x750baed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x750b5511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x750b559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x751c7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x751c4de3
55aaee46446d832abbad8ed6bde21085+0x40a4d @ 0x440a4d
55aaee46446d832abbad8ed6bde21085+0x39254 @ 0x439254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfdab14ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (50 out of 462 个事件)
Time & API Arguments Status Return Repeated
1619426983.741793
NtAllocateVirtualMemory
process_identifier: 1376
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x008c0000
success 0 0
1619426983.928793
NtProtectVirtualMemory
process_identifier: 1376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 36864
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00461000
success 0 0
1619426983.928793
NtAllocateVirtualMemory
process_identifier: 1376
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01f70000
success 0 0
1619426985.085731
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619426985.148731
NtAllocateVirtualMemory
process_identifier: 1176
region_size: 786432
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01e30000
success 0 0
1619426985.148731
NtAllocateVirtualMemory
process_identifier: 1176
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01eb0000
success 0 0
1619426985.148731
NtAllocateVirtualMemory
process_identifier: 1176
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x004c0000
success 0 0
1619426985.148731
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 118784
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x004c2000
success 0 0
1619426985.460731
NtAllocateVirtualMemory
process_identifier: 1176
region_size: 1048576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01fd0000
success 0 0
1619426985.460731
NtAllocateVirtualMemory
process_identifier: 1176
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02090000
success 0 0
1619426986.648731
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00542000
success 0 0
1619426986.648731
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619426986.648731
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00542000
success 0 0
1619426986.648731
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619426986.648731
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00542000
success 0 0
1619426986.648731
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619426986.648731
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00542000
success 0 0
1619426986.648731
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619426986.648731
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00542000
success 0 0
1619426986.648731
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619426986.648731
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00542000
success 0 0
1619426986.648731
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619426986.648731
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00542000
success 0 0
1619426986.648731
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619426986.648731
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00542000
success 0 0
1619426986.648731
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619426986.648731
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00542000
success 0 0
1619426986.648731
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619426986.648731
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00542000
success 0 0
1619426986.648731
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619451984.447374
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00590000
success 0 0
1619451984.494374
NtProtectVirtualMemory
process_identifier: 2236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 36864
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00461000
success 0 0
1619451984.509374
NtAllocateVirtualMemory
process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x020b0000
success 0 0
1619451991.853374
NtAllocateVirtualMemory
process_identifier: 2420
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e0000
success 0 0
1619451992.009374
NtProtectVirtualMemory
process_identifier: 2420
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 36864
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00461000
success 0 0
1619451992.009374
NtAllocateVirtualMemory
process_identifier: 2420
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00840000
success 0 0
1619451993.384499
NtProtectVirtualMemory
process_identifier: 1804
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619451993.400499
NtAllocateVirtualMemory
process_identifier: 1804
region_size: 983040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01dc0000
success 0 0
1619451993.400499
NtAllocateVirtualMemory
process_identifier: 1804
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01e70000
success 0 0
1619451993.400499
NtAllocateVirtualMemory
process_identifier: 1804
region_size: 229376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x004c0000
success 0 0
1619451993.400499
NtProtectVirtualMemory
process_identifier: 1804
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 118784
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x004c2000
success 0 0
1619451993.447499
NtAllocateVirtualMemory
process_identifier: 1804
region_size: 1769472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01f20000
success 0 0
1619451993.447499
NtAllocateVirtualMemory
process_identifier: 1804
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02090000
success 0 0
1619451993.994499
NtProtectVirtualMemory
process_identifier: 1804
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x003e2000
success 0 0
1619451993.994499
NtProtectVirtualMemory
process_identifier: 1804
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619451993.994499
NtProtectVirtualMemory
process_identifier: 1804
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x003e2000
success 0 0
1619451993.994499
NtProtectVirtualMemory
process_identifier: 1804
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619451993.994499
NtProtectVirtualMemory
process_identifier: 1804
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x003e2000
success 0 0
1619451993.994499
NtProtectVirtualMemory
process_identifier: 1804
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619451993.994499
NtProtectVirtualMemory
process_identifier: 1804
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x003e2000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (50 out of 67 个事件)
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.434255683310226 section {'size_of_data': '0x0003e400', 'virtual_address': '0x0007a000', 'entropy': 7.434255683310226, 'name': '.rsrc', 'virtual_size': '0x0003e264'} description A section with a high entropy has been found
entropy 0.3497191011235955 description Overall entropy of this PE file is high
Expresses interest in specific running processes (1 个事件)
process 55aaee46446d832abbad8ed6bde21085.exe
Repeatedly searches for a not-found process, you may want to run a web browser during analysis (27 个事件)
Time & API Arguments Status Return Repeated
1619426983.928793
Process32NextW
process_name: conhost.exe
snapshot_handle: 0x000000fc
process_identifier: 2364
failed 0 0
1619451991.400374
Process32NextW
process_name: 55aaee46446d832abbad8ed6bde21085.exe
snapshot_handle: 0x000001c8
process_identifier: 2236
failed 0 0
1619451992.025374
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x00000100
process_identifier: 2656
failed 0 0
1619451997.244374
Process32NextW
process_name: 55aaee46446d832abbad8ed6bde21085.exe
snapshot_handle: 0x0000014c
process_identifier: 616
failed 0 0
1619451998.025751
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x000000fc
process_identifier: 1908
failed 0 0
1619452004.228876
Process32NextW
process_name: 55aaee46446d832abbad8ed6bde21085.exe
snapshot_handle: 0x00000158
process_identifier: 1816
failed 0 0
1619452005.291499
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x000000fc
process_identifier: 2960
failed 0 0
1619452010.479124
Process32NextW
process_name: 55aaee46446d832abbad8ed6bde21085.exe
snapshot_handle: 0x00000148
process_identifier: 2260
failed 0 0
1619452011.712876
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x000000fc
process_identifier: 2940
failed 0 0
1619452017.291751
Process32NextW
process_name: 55aaee46446d832abbad8ed6bde21085.exe
snapshot_handle: 0x00000150
process_identifier: 1244
failed 0 0
1619452017.759876
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x000000fc
process_identifier: 3336
failed 0 0
1619452024.166374
Process32NextW
process_name: dllhost.exe
snapshot_handle: 0x0000015c
process_identifier: 3444
failed 0 0
1619452024.432249
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x000000fc
process_identifier: 3616
failed 0 0
1619452029.478626
Process32NextW
process_name: 55aaee46446d832abbad8ed6bde21085.exe
snapshot_handle: 0x00000140
process_identifier: 3700
failed 0 0
1619452030.025374
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x000000fc
process_identifier: 3864
failed 0 0
1619452034.087626
Process32NextW
process_name: 55aaee46446d832abbad8ed6bde21085.exe
snapshot_handle: 0x00000128
process_identifier: 3944
failed 0 0
1619452034.619374
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x000000fc
process_identifier: 3008
failed 0 0
1619452039.291751
Process32NextW
process_name: 55aaee46446d832abbad8ed6bde21085.exe
snapshot_handle: 0x00000148
process_identifier: 3292
failed 0 0
1619452039.869626
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x000000fc
process_identifier: 3576
failed 0 0
1619452044.869499
Process32NextW
process_name: inject-x64.exe
snapshot_handle: 0x0000013c
process_identifier: 3228
failed 0 0
1619452045.619374
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x000000fc
process_identifier: 3924
failed 0 0
1619452051.291751
Process32NextW
process_name: 55aaee46446d832abbad8ed6bde21085.exe
snapshot_handle: 0x00000150
process_identifier: 3948
failed 0 0
1619452051.853374
Process32NextW
process_name: 55aaee46446d832abbad8ed6bde21085.exe
snapshot_handle: 0x000000fc
process_identifier: 4040
failed 0 0
1619452057.228499
Process32NextW
process_name: GoogleUpdate.exe
snapshot_handle: 0x0000014c
process_identifier: 3624
failed 0 0
1619452057.900626
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x000000fc
process_identifier: 2188
failed 0 0
1619452063.041876
Process32NextW
process_name: 55aaee46446d832abbad8ed6bde21085.exe
snapshot_handle: 0x0000013c
process_identifier: 648
failed 0 0
1619452063.416999
Process32NextW
process_name: inject-x86.exe
snapshot_handle: 0x000000fc
process_identifier: 1988
failed 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (28 个事件)
Process injection Process 1376 called NtSetContextThread to modify thread in remote process 1176
Process injection Process 2420 called NtSetContextThread to modify thread in remote process 1804
Process injection Process 472 called NtSetContextThread to modify thread in remote process 1324
Process injection Process 428 called NtSetContextThread to modify thread in remote process 2944
Process injection Process 2732 called NtSetContextThread to modify thread in remote process 952
Process injection Process 3264 called NtSetContextThread to modify thread in remote process 3352
Process injection Process 3560 called NtSetContextThread to modify thread in remote process 3632
Process injection Process 3808 called NtSetContextThread to modify thread in remote process 3880
Process injection Process 4048 called NtSetContextThread to modify thread in remote process 1664
Process injection Process 3488 called NtSetContextThread to modify thread in remote process 3608
Process injection Process 3824 called NtSetContextThread to modify thread in remote process 3984
Process injection Process 4040 called NtSetContextThread to modify thread in remote process 3648
Process injection Process 2440 called NtSetContextThread to modify thread in remote process 1920
Process injection Process 3840 called NtSetContextThread to modify thread in remote process 3852
Time & API Arguments Status Return Repeated
1619426984.600793
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708144
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1176
success 0 0
1619451992.478374
NtSetContextThread
thread_handle: 0x00000104
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708144
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1804
success 0 0
1619451998.744751
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708144
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1324
success 0 0
1619452005.775499
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708144
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2944
success 0 0
1619452012.744876
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708144
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 952
success 0 0
1619452018.166876
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708144
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3352
success 0 0
1619452024.838249
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708144
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3632
success 0 0
1619452030.322374
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708144
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3880
success 0 0
1619452034.822374
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708144
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1664
success 0 0
1619452040.197626
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708144
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3608
success 0 0
1619452046.791374
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708144
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3984
success 0 0
1619452052.884374
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708144
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3648
success 0 0
1619452058.634626
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708144
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1920
success 0 0
1619452064.431999
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708144
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3852
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (28 个事件)
Process injection Process 1376 resumed a thread in remote process 1176
Process injection Process 2420 resumed a thread in remote process 1804
Process injection Process 472 resumed a thread in remote process 1324
Process injection Process 428 resumed a thread in remote process 2944
Process injection Process 2732 resumed a thread in remote process 952
Process injection Process 3264 resumed a thread in remote process 3352
Process injection Process 3560 resumed a thread in remote process 3632
Process injection Process 3808 resumed a thread in remote process 3880
Process injection Process 4048 resumed a thread in remote process 1664
Process injection Process 3488 resumed a thread in remote process 3608
Process injection Process 3824 resumed a thread in remote process 3984
Process injection Process 4040 resumed a thread in remote process 3648
Process injection Process 2440 resumed a thread in remote process 1920
Process injection Process 3840 resumed a thread in remote process 3852
Time & API Arguments Status Return Repeated
1619426985.053793
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 1176
success 0 0
1619451993.041374
NtResumeThread
thread_handle: 0x00000104
suspend_count: 1
process_identifier: 1804
success 0 0
1619451999.400751
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 1324
success 0 0
1619452006.244499
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 2944
success 0 0
1619452013.306876
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 952
success 0 0
1619452018.994876
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 3352
success 0 0
1619452025.495249
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 3632
success 0 0
1619452030.775374
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 3880
success 0 0
1619452035.072374
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 1664
success 0 0
1619452040.572626
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 3608
success 0 0
1619452047.384374
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 3984
success 0 0
1619452053.072374
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 3648
success 0 0
1619452059.462626
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 1920
success 0 0
1619452065.197999
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 3852
success 0 0
Executed a process and injected code into it, probably while unpacking (50 out of 111 个事件)
Time & API Arguments Status Return Repeated
1619426984.475793
CreateProcessInternalW
thread_identifier: 1404
thread_handle: 0x00000100
process_identifier: 1176
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\55aaee46446d832abbad8ed6bde21085.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000104
inherit_handles: 0
success 1 0
1619426984.475793
NtUnmapViewOfSection
process_identifier: 1176
region_size: 4096
process_handle: 0x00000104
base_address: 0x00400000
success 0 0
1619426984.475793
NtMapViewOfSection
section_handle: 0x0000010c
process_identifier: 1176
commit_size: 520192
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000104
allocation_type: 0 ()
section_offset: 0
view_size: 520192
base_address: 0x00400000
success 0 0
1619426984.600793
NtGetContextThread
thread_handle: 0x00000100
success 0 0
1619426984.600793
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708144
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1176
success 0 0
1619426985.053793
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 1176
success 0 0
1619426985.178793
CreateProcessInternalW
thread_identifier: 428
thread_handle: 0x00000108
process_identifier: 2236
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\55aaee46446d832abbad8ed6bde21085.exe" 2 1176 30087140
filepath_r:
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000110
inherit_handles: 0
success 1 0
1619451991.462374
CreateProcessInternalW
thread_identifier: 2732
thread_handle: 0x000001cc
process_identifier: 2420
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\55aaee46446d832abbad8ed6bde21085.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\55aaee46446d832abbad8ed6bde21085.exe
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x000001d0
inherit_handles: 0
success 1 0
1619451992.416374
CreateProcessInternalW
thread_identifier: 912
thread_handle: 0x00000104
process_identifier: 1804
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\55aaee46446d832abbad8ed6bde21085.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000108
inherit_handles: 0
success 1 0
1619451992.416374
NtUnmapViewOfSection
process_identifier: 1804
region_size: 4096
process_handle: 0x00000108
base_address: 0x00400000
success 0 0
1619451992.447374
NtMapViewOfSection
section_handle: 0x00000110
process_identifier: 1804
commit_size: 520192
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000108
allocation_type: 0 ()
section_offset: 0
view_size: 520192
base_address: 0x00400000
success 0 0
1619451992.478374
NtGetContextThread
thread_handle: 0x00000104
success 0 0
1619451992.478374
NtSetContextThread
thread_handle: 0x00000104
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708144
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1804
success 0 0
1619451993.041374
NtResumeThread
thread_handle: 0x00000104
suspend_count: 1
process_identifier: 1804
success 0 0
1619451993.337374
CreateProcessInternalW
thread_identifier: 364
thread_handle: 0x0000010c
process_identifier: 616
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\55aaee46446d832abbad8ed6bde21085.exe" 2 1804 30096125
filepath_r:
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x0000011c
inherit_handles: 0
success 1 0
1619451997.416374
CreateProcessInternalW
thread_identifier: 2364
thread_handle: 0x00000150
process_identifier: 472
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\55aaee46446d832abbad8ed6bde21085.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\55aaee46446d832abbad8ed6bde21085.exe
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000154
inherit_handles: 0
success 1 0
1619451998.650751
CreateProcessInternalW
thread_identifier: 1868
thread_handle: 0x00000100
process_identifier: 1324
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\55aaee46446d832abbad8ed6bde21085.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000104
inherit_handles: 0
success 1 0
1619451998.650751
NtUnmapViewOfSection
process_identifier: 1324
region_size: 4096
process_handle: 0x00000104
base_address: 0x00400000
success 0 0
1619451998.681751
NtMapViewOfSection
section_handle: 0x0000010c
process_identifier: 1324
commit_size: 520192
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000104
allocation_type: 0 ()
section_offset: 0
view_size: 520192
base_address: 0x00400000
success 0 0
1619451998.744751
NtGetContextThread
thread_handle: 0x00000100
success 0 0
1619451998.744751
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708144
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1324
success 0 0
1619451999.400751
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 1324
success 0 0
1619451999.494751
CreateProcessInternalW
thread_identifier: 2260
thread_handle: 0x00000108
process_identifier: 1816
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\55aaee46446d832abbad8ed6bde21085.exe" 2 1324 30102484
filepath_r:
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000118
inherit_handles: 0
success 1 0
1619452004.416876
CreateProcessInternalW
thread_identifier: 1940
thread_handle: 0x0000015c
process_identifier: 428
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\55aaee46446d832abbad8ed6bde21085.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\55aaee46446d832abbad8ed6bde21085.exe
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000160
inherit_handles: 0
success 1 0
1619452005.666499
CreateProcessInternalW
thread_identifier: 2940
thread_handle: 0x00000100
process_identifier: 2944
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\55aaee46446d832abbad8ed6bde21085.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000104
inherit_handles: 0
success 1 0
1619452005.666499
NtUnmapViewOfSection
process_identifier: 2944
region_size: 4096
process_handle: 0x00000104
base_address: 0x00400000
success 0 0
1619452005.681499
NtMapViewOfSection
section_handle: 0x0000010c
process_identifier: 2944
commit_size: 520192
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000104
allocation_type: 0 ()
section_offset: 0
view_size: 520192
base_address: 0x00400000
success 0 0
1619452005.775499
NtGetContextThread
thread_handle: 0x00000100
success 0 0
1619452005.775499
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708144
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2944
success 0 0
1619452006.244499
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 2944
success 0 0
1619452006.416499
CreateProcessInternalW
thread_identifier: 2956
thread_handle: 0x00000108
process_identifier: 2260
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\55aaee46446d832abbad8ed6bde21085.exe" 2 2944 30109328
filepath_r:
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000118
inherit_handles: 0
success 1 0
1619452010.760124
CreateProcessInternalW
thread_identifier: 3036
thread_handle: 0x0000014c
process_identifier: 2732
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\55aaee46446d832abbad8ed6bde21085.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\55aaee46446d832abbad8ed6bde21085.exe
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000150
inherit_handles: 0
success 1 0
1619452011.947876
CreateProcessInternalW
thread_identifier: 2520
thread_handle: 0x00000100
process_identifier: 952
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\55aaee46446d832abbad8ed6bde21085.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000104
inherit_handles: 0
success 1 0
1619452011.947876
NtUnmapViewOfSection
process_identifier: 952
region_size: 4096
process_handle: 0x00000104
base_address: 0x00400000
success 0 0
1619452011.947876
NtMapViewOfSection
section_handle: 0x0000010c
process_identifier: 952
commit_size: 520192
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000104
allocation_type: 0 ()
section_offset: 0
view_size: 520192
base_address: 0x00400000
success 0 0
1619452012.744876
NtGetContextThread
thread_handle: 0x00000100
success 0 0
1619452012.744876
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708144
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 952
success 0 0
1619452013.306876
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 952
success 0 0
1619452013.400876
CreateProcessInternalW
thread_identifier: 2264
thread_handle: 0x00000108
process_identifier: 1244
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\55aaee46446d832abbad8ed6bde21085.exe" 2 952 30116390
filepath_r:
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000118
inherit_handles: 0
success 1 0
1619452017.384751
CreateProcessInternalW
thread_identifier: 3268
thread_handle: 0x00000154
process_identifier: 3264
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\55aaee46446d832abbad8ed6bde21085.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\55aaee46446d832abbad8ed6bde21085.exe
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000158
inherit_handles: 0
success 1 0
1619452018.119876
CreateProcessInternalW
thread_identifier: 3356
thread_handle: 0x00000100
process_identifier: 3352
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\55aaee46446d832abbad8ed6bde21085.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000104
inherit_handles: 0
success 1 0
1619452018.119876
NtUnmapViewOfSection
process_identifier: 3352
region_size: 4096
process_handle: 0x00000104
base_address: 0x00400000
success 0 0
1619452018.134876
NtMapViewOfSection
section_handle: 0x0000010c
process_identifier: 3352
commit_size: 520192
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000104
allocation_type: 0 ()
section_offset: 0
view_size: 520192
base_address: 0x00400000
success 0 0
1619452018.166876
NtGetContextThread
thread_handle: 0x00000100
success 0 0
1619452018.166876
NtSetContextThread
thread_handle: 0x00000100
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4708144
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 3352
success 0 0
1619452018.994876
NtResumeThread
thread_handle: 0x00000100
suspend_count: 1
process_identifier: 3352
success 0 0
1619452019.619876
CreateProcessInternalW
thread_identifier: 3420
thread_handle: 0x00000108
process_identifier: 3416
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\55aaee46446d832abbad8ed6bde21085.exe" 2 3352 30122078
filepath_r:
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000118
inherit_handles: 0
success 1 0
1619452024.228374
CreateProcessInternalW
thread_identifier: 3564
thread_handle: 0x00000160
process_identifier: 3560
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\55aaee46446d832abbad8ed6bde21085.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\55aaee46446d832abbad8ed6bde21085.exe
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000164
inherit_handles: 0
success 1 0
1619452024.745249
CreateProcessInternalW
thread_identifier: 3636
thread_handle: 0x00000100
process_identifier: 3632
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\55aaee46446d832abbad8ed6bde21085.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000104
inherit_handles: 0
success 1 0
1619452024.745249
NtUnmapViewOfSection
process_identifier: 3632
region_size: 4096
process_handle: 0x00000104
base_address: 0x00400000
success 0 0
File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Zusy.309771
McAfee Fareit-FVZ!55AAEE46446D
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
K7AntiVirus Trojan ( 0056aa661 )
BitDefender Gen:Variant.Zusy.309771
K7GW Trojan ( 0056aa661 )
CrowdStrike win/malicious_confidence_100% (W)
Cyren W32/Trojan.IZYH-8763
Symantec Infostealer.Lokibot!43
APEX Malicious
Avast Win32:CrypterX-gen [Trj]
ClamAV Win.Dropper.Remcos-9090514-0
Kaspersky HEUR:Trojan.Win32.Kryptik.gen
Alibaba Trojan:Win32/DelfInject.ali2000015
NANO-Antivirus Trojan.Win32.Kryptik.honmfy
AegisLab Trojan.Multi.Generic.4!c
Rising Trojan.Injector!1.C97E (CLASSIC)
Ad-Aware Gen:Variant.Zusy.309771
Emsisoft Gen:Variant.Zusy.309771 (B)
F-Secure Trojan.TR/Kryptik.sxnlm
DrWeb Trojan.DownLoader34.9255
TrendMicro TrojanSpy.Win32.LOKI.SMAD1.hp
McAfee-GW-Edition BehavesLike.Win32.Fareit.bc
Sophos Mal/Generic-S
Ikarus Trojan-Dropper.Win32.Autoit
Jiangmin Trojan.Kryptik.bxo
Avira TR/Kryptik.sxnlm
MAX malware (ai score=80)
Antiy-AVL Trojan/Win32.Kryptik
Kingsoft Win32.Troj.Undef.(kcloud)
Arcabit Trojan.Zusy.D4BA0B
ZoneAlarm HEUR:Trojan.Win32.Kryptik.gen
GData Gen:Variant.Zusy.309771
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2094
Acronis suspicious
BitDefenderTheta Gen:NN.ZelphiF.34700.SGW@a8ENLJpi
ALYac Gen:Variant.Zusy.309771
VBA32 TScope.Trojan.Delf
Malwarebytes Trojan.MalPack.DLF
Panda Trj/CI.A
ESET-NOD32 a variant of Win32/Injector.EMSE
TrendMicro-HouseCall TrojanSpy.Win32.LOKI.SMAD1.hp
Tencent Win32.Trojan.Inject.Auto
Yandex Trojan.AvsArher.bT8i9p
SentinelOne Static AI - Suspicious PE
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x46d13c VirtualFree
0x46d140 VirtualAlloc
0x46d144 LocalFree
0x46d148 LocalAlloc
0x46d14c GetVersion
0x46d150 GetCurrentThreadId
0x46d15c VirtualQuery
0x46d160 WideCharToMultiByte
0x46d164 MultiByteToWideChar
0x46d168 lstrlenA
0x46d16c lstrcpynA
0x46d170 LoadLibraryExA
0x46d174 GetThreadLocale
0x46d178 GetStartupInfoA
0x46d17c GetProcAddress
0x46d180 GetModuleHandleA
0x46d184 GetModuleFileNameA
0x46d188 GetLocaleInfoA
0x46d18c GetCommandLineA
0x46d190 FreeLibrary
0x46d194 FindFirstFileA
0x46d198 FindClose
0x46d19c ExitProcess
0x46d1a0 WriteFile
0x46d1a8 RtlUnwind
0x46d1ac RaiseException
0x46d1b0 GetStdHandle
Library user32.dll:
0x46d1b8 GetKeyboardType
0x46d1bc LoadStringA
0x46d1c0 MessageBoxA
0x46d1c4 CharNextA
Library advapi32.dll:
0x46d1cc RegQueryValueExA
0x46d1d0 RegOpenKeyExA
0x46d1d4 RegCloseKey
Library oleaut32.dll:
0x46d1dc SysFreeString
0x46d1e0 SysReAllocStringLen
0x46d1e4 SysAllocStringLen
Library kernel32.dll:
0x46d1ec TlsSetValue
0x46d1f0 TlsGetValue
0x46d1f4 LocalAlloc
0x46d1f8 GetModuleHandleA
Library advapi32.dll:
0x46d200 RegQueryValueExA
0x46d204 RegOpenKeyExA
0x46d208 RegCloseKey
Library kernel32.dll:
0x46d210 lstrcpyA
0x46d214 WriteFile
0x46d218 WaitForSingleObject
0x46d21c VirtualQuery
0x46d220 VirtualProtect
0x46d224 VirtualAlloc
0x46d228 Sleep
0x46d22c SizeofResource
0x46d230 SetThreadLocale
0x46d234 SetFilePointer
0x46d238 SetEvent
0x46d23c SetErrorMode
0x46d240 SetEndOfFile
0x46d244 ResetEvent
0x46d248 ReadFile
0x46d24c MulDiv
0x46d250 LockResource
0x46d254 LoadResource
0x46d258 LoadLibraryA
0x46d264 GlobalUnlock
0x46d268 GlobalReAlloc
0x46d26c GlobalHandle
0x46d270 GlobalLock
0x46d274 GlobalFree
0x46d278 GlobalFindAtomA
0x46d27c GlobalDeleteAtom
0x46d280 GlobalAlloc
0x46d284 GlobalAddAtomA
0x46d288 GetVersionExA
0x46d28c GetVersion
0x46d290 GetTickCount
0x46d294 GetThreadLocale
0x46d298 GetSystemInfo
0x46d29c GetStringTypeExA
0x46d2a0 GetStdHandle
0x46d2a4 GetProcAddress
0x46d2a8 GetModuleHandleA
0x46d2ac GetModuleFileNameA
0x46d2b0 GetLocaleInfoA
0x46d2b4 GetLocalTime
0x46d2b8 GetLastError
0x46d2bc GetFullPathNameA
0x46d2c0 GetFileAttributesA
0x46d2c4 GetDiskFreeSpaceA
0x46d2c8 GetDateFormatA
0x46d2cc GetCurrentThreadId
0x46d2d0 GetCurrentProcessId
0x46d2d4 GetCPInfo
0x46d2d8 GetACP
0x46d2dc FreeResource
0x46d2e0 InterlockedExchange
0x46d2e4 FreeLibrary
0x46d2e8 FormatMessageA
0x46d2ec FindResourceA
0x46d2f0 FindFirstFileA
0x46d2f4 FindClose
0x46d300 EnumCalendarInfoA
0x46d30c CreateThread
0x46d310 CreateFileA
0x46d314 CreateEventA
0x46d318 CompareStringA
0x46d31c CloseHandle
Library version.dll:
0x46d324 VerQueryValueA
0x46d32c GetFileVersionInfoA
Library gdi32.dll:
0x46d334 UnrealizeObject
0x46d338 StretchBlt
0x46d33c SetWindowOrgEx
0x46d340 SetWinMetaFileBits
0x46d344 SetViewportOrgEx
0x46d348 SetTextColor
0x46d34c SetStretchBltMode
0x46d350 SetROP2
0x46d354 SetPixel
0x46d358 SetEnhMetaFileBits
0x46d35c SetDIBColorTable
0x46d360 SetBrushOrgEx
0x46d364 SetBkMode
0x46d368 SetBkColor
0x46d36c SelectPalette
0x46d370 SelectObject
0x46d374 SaveDC
0x46d378 RestoreDC
0x46d37c Rectangle
0x46d380 RectVisible
0x46d384 RealizePalette
0x46d388 Polyline
0x46d38c PlayEnhMetaFile
0x46d390 PatBlt
0x46d394 MoveToEx
0x46d398 MaskBlt
0x46d39c LineTo
0x46d3a0 IntersectClipRect
0x46d3a4 GetWindowOrgEx
0x46d3a8 GetWinMetaFileBits
0x46d3ac GetTextMetricsA
0x46d3b8 GetStockObject
0x46d3bc GetPixel
0x46d3c0 GetPaletteEntries
0x46d3c4 GetObjectA
0x46d3d0 GetEnhMetaFileBits
0x46d3d4 GetDeviceCaps
0x46d3d8 GetDIBits
0x46d3dc GetDIBColorTable
0x46d3e0 GetDCOrgEx
0x46d3e8 GetClipBox
0x46d3ec GetBrushOrgEx
0x46d3f0 GetBitmapBits
0x46d3f4 ExtTextOutA
0x46d3f8 ExcludeClipRect
0x46d3fc DeleteObject
0x46d400 DeleteEnhMetaFile
0x46d404 DeleteDC
0x46d408 CreateSolidBrush
0x46d40c CreatePenIndirect
0x46d410 CreatePalette
0x46d418 CreateFontIndirectA
0x46d41c CreateDIBitmap
0x46d420 CreateDIBSection
0x46d424 CreateCompatibleDC
0x46d42c CreateBrushIndirect
0x46d430 CreateBitmap
0x46d434 CopyEnhMetaFileA
0x46d438 BitBlt
Library user32.dll:
0x46d440 CreateWindowExA
0x46d444 WindowFromPoint
0x46d448 WinHelpA
0x46d44c WaitMessage
0x46d450 UpdateWindow
0x46d454 UnregisterClassA
0x46d458 UnhookWindowsHookEx
0x46d45c TranslateMessage
0x46d464 TrackPopupMenu
0x46d46c ShowWindow
0x46d470 ShowScrollBar
0x46d474 ShowOwnedPopups
0x46d478 ShowCursor
0x46d47c SetWindowsHookExA
0x46d480 SetWindowTextA
0x46d484 SetWindowPos
0x46d488 SetWindowPlacement
0x46d48c SetWindowLongA
0x46d490 SetTimer
0x46d494 SetScrollRange
0x46d498 SetScrollPos
0x46d49c SetScrollInfo
0x46d4a0 SetRect
0x46d4a4 SetPropA
0x46d4a8 SetParent
0x46d4ac SetMenuItemInfoA
0x46d4b0 SetMenu
0x46d4b4 SetForegroundWindow
0x46d4b8 SetFocus
0x46d4bc SetCursor
0x46d4c0 SetClassLongA
0x46d4c4 SetCapture
0x46d4c8 SetActiveWindow
0x46d4cc SendMessageA
0x46d4d0 ScrollWindow
0x46d4d4 ScreenToClient
0x46d4d8 RemovePropA
0x46d4dc RemoveMenu
0x46d4e0 ReleaseDC
0x46d4e4 ReleaseCapture
0x46d4f0 RegisterClassA
0x46d4f4 RedrawWindow
0x46d4f8 PtInRect
0x46d4fc PostQuitMessage
0x46d500 PostMessageA
0x46d504 PeekMessageA
0x46d508 OffsetRect
0x46d50c OemToCharA
0x46d510 MessageBoxA
0x46d514 MapWindowPoints
0x46d518 MapVirtualKeyA
0x46d51c LoadStringA
0x46d520 LoadKeyboardLayoutA
0x46d524 LoadIconA
0x46d528 LoadCursorA
0x46d52c LoadBitmapA
0x46d530 KillTimer
0x46d534 IsZoomed
0x46d538 IsWindowVisible
0x46d53c IsWindowEnabled
0x46d540 IsWindow
0x46d544 IsRectEmpty
0x46d548 IsIconic
0x46d54c IsDialogMessageA
0x46d550 IsChild
0x46d554 InvalidateRect
0x46d558 IntersectRect
0x46d55c InsertMenuItemA
0x46d560 InsertMenuA
0x46d564 InflateRect
0x46d56c GetWindowTextA
0x46d570 GetWindowRect
0x46d574 GetWindowPlacement
0x46d578 GetWindowLongA
0x46d57c GetWindowDC
0x46d580 GetTopWindow
0x46d584 GetSystemMetrics
0x46d588 GetSystemMenu
0x46d58c GetSysColorBrush
0x46d590 GetSysColor
0x46d594 GetSubMenu
0x46d598 GetScrollRange
0x46d59c GetScrollPos
0x46d5a0 GetScrollInfo
0x46d5a4 GetPropA
0x46d5a8 GetParent
0x46d5ac GetWindow
0x46d5b0 GetMessageTime
0x46d5b4 GetMenuStringA
0x46d5b8 GetMenuState
0x46d5bc GetMenuItemInfoA
0x46d5c0 GetMenuItemID
0x46d5c4 GetMenuItemCount
0x46d5c8 GetMenu
0x46d5cc GetLastActivePopup
0x46d5d0 GetKeyboardState
0x46d5d8 GetKeyboardLayout
0x46d5dc GetKeyState
0x46d5e0 GetKeyNameTextA
0x46d5e4 GetIconInfo
0x46d5e8 GetForegroundWindow
0x46d5ec GetFocus
0x46d5f0 GetDlgItem
0x46d5f4 GetDesktopWindow
0x46d5f8 GetDCEx
0x46d5fc GetDC
0x46d600 GetCursorPos
0x46d604 GetCursor
0x46d608 GetClipboardData
0x46d60c GetClientRect
0x46d610 GetClassNameA
0x46d614 GetClassInfoA
0x46d618 GetCapture
0x46d61c GetActiveWindow
0x46d620 FrameRect
0x46d624 FindWindowA
0x46d628 FillRect
0x46d62c EqualRect
0x46d630 EnumWindows
0x46d634 EnumThreadWindows
0x46d638 EndPaint
0x46d63c EnableWindow
0x46d640 EnableScrollBar
0x46d644 EnableMenuItem
0x46d648 DrawTextA
0x46d64c DrawMenuBar
0x46d650 DrawIconEx
0x46d654 DrawIcon
0x46d658 DrawFrameControl
0x46d65c DrawFocusRect
0x46d660 DrawEdge
0x46d664 DispatchMessageA
0x46d668 DestroyWindow
0x46d66c DestroyMenu
0x46d670 DestroyIcon
0x46d674 DestroyCursor
0x46d678 DeleteMenu
0x46d67c DefWindowProcA
0x46d680 DefMDIChildProcA
0x46d684 DefFrameProcA
0x46d688 CreatePopupMenu
0x46d68c CreateMenu
0x46d690 CreateIcon
0x46d694 ClientToScreen
0x46d698 CheckMenuItem
0x46d69c CallWindowProcA
0x46d6a0 CallNextHookEx
0x46d6a4 BeginPaint
0x46d6a8 CharNextA
0x46d6ac CharLowerBuffA
0x46d6b0 CharLowerA
0x46d6b4 CharToOemA
0x46d6b8 AdjustWindowRectEx
Library kernel32.dll:
0x46d6c4 Sleep
Library oleaut32.dll:
0x46d6cc SafeArrayPtrOfIndex
0x46d6d0 SafeArrayGetUBound
0x46d6d4 SafeArrayGetLBound
0x46d6d8 SafeArrayCreate
0x46d6dc VariantChangeType
0x46d6e0 VariantCopy
0x46d6e4 VariantClear
0x46d6e8 VariantInit
Library comctl32.dll:
0x46d6f8 ImageList_Write
0x46d6fc ImageList_Read
0x46d70c ImageList_DragMove
0x46d710 ImageList_DragLeave
0x46d714 ImageList_DragEnter
0x46d718 ImageList_EndDrag
0x46d71c ImageList_BeginDrag
0x46d720 ImageList_Remove
0x46d724 ImageList_DrawEx
0x46d728 ImageList_Replace
0x46d72c ImageList_Draw
0x46d73c ImageList_Add
0x46d744 ImageList_Destroy
0x46d748 ImageList_Create
0x46d74c InitCommonControls
Library comdlg32.dll:
0x46d754 GetOpenFileNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51809 239.255.255.250 3702
192.168.56.101 51811 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.