SmartHawk

12.8

0-day

该样本未表现出任何异常！

重新分析

下载样本

96ec317c77634fa2ac835ce95d423dc09903e62e82f1ebf5728570865346e32a

a45caed06a6756c2d4e187ab4c42be0f.exe

分析耗时

80s

最近分析

文件大小

2.4MB

静态报毒动态报毒

未检测暂无鹰眼引擎检测结果

未检测暂无反病毒引擎检测结果

Queries for the computername (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620985530.013689 GetComputerNameW	computer_name: OSKAR-PC	success	1	0

Checks if process is being debugged by a debugger (33 个事件)

Time & API	Arguments	Status	Return	Repeated
1620985518.763689 IsDebuggerPresent		failed	0	0
1620985520.763689 IsDebuggerPresent		failed	0	0
1620985522.779689 IsDebuggerPresent		failed	0	0
1620985524.794689 IsDebuggerPresent		failed	0	0
1620985526.810689 IsDebuggerPresent		failed	0	0
1620985528.826689 IsDebuggerPresent		failed	0	0
1620985530.841689 IsDebuggerPresent		failed	0	0
1620985532.857689 IsDebuggerPresent		failed	0	0
1620985534.872689 IsDebuggerPresent		failed	0	0
1620985536.888689 IsDebuggerPresent		failed	0	0
1620985538.904689 IsDebuggerPresent		failed	0	0
1620985540.919689 IsDebuggerPresent		failed	0	0
1620985542.935689 IsDebuggerPresent		failed	0	0
1620985544.951689 IsDebuggerPresent		failed	0	0
1620985546.966689 IsDebuggerPresent		failed	0	0
1620985548.982689 IsDebuggerPresent		failed	0	0
1620985550.997689 IsDebuggerPresent		failed	0	0
1620985553.013689 IsDebuggerPresent		failed	0	0
1620985555.029689 IsDebuggerPresent		failed	0	0
1620985557.044689 IsDebuggerPresent		failed	0	0
1620985559.060689 IsDebuggerPresent		failed	0	0
1620985561.076689 IsDebuggerPresent		failed	0	0
1620985563.091689 IsDebuggerPresent		failed	0	0
1620985565.107689 IsDebuggerPresent		failed	0	0
1620985567.122689 IsDebuggerPresent		failed	0	0
1620985569.138689 IsDebuggerPresent		failed	0	0
1620985571.154689 IsDebuggerPresent		failed	0	0
1620985573.169689 IsDebuggerPresent		failed	0	0
1620985575.185689 IsDebuggerPresent		failed	0	0
1620985577.201689 IsDebuggerPresent		failed	0	0
1620985579.216689 IsDebuggerPresent		failed	0	0
1620985581.247689 IsDebuggerPresent		failed	0	0
1620985583.279689 IsDebuggerPresent		failed	0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620985530.013689 GlobalMemoryStatusEx		success	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (5 个事件)

section	\x00
section	.idata
section
section	gvxzaugh
section	epztrmvm

One or more processes crashed (50 out of 118 个事件)

Time & API	Arguments	Status
1620985518.138689 __exception__	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5 registers.esp: 2030456 registers.edi: 0 registers.eax: 1 registers.ebp: 2030472 registers.edx: 15257600 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 exception.instruction_r: fb e9 4e 01 00 00 60 8b 74 24 24 8b 7c 24 28 fc exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x3880b9 exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 3702969 exception.address: 0xcb80b9	success
1620985518.138689 __exception__	stacktrace: registers.esp: 2030420 registers.edi: 10567181 registers.eax: 31274 registers.ebp: 3945930772 registers.edx: 9633792 registers.ebx: 236388355 registers.esi: 3 registers.ecx: 1983315968 exception.instruction_r: fb 83 ec 04 89 14 24 50 b8 ad e5 df 57 53 bb 9e exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0xe463f exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 935487 exception.address: 0xa1463f	success
1620985518.138689 __exception__	stacktrace: registers.esp: 2030424 registers.edi: 10598455 registers.eax: 31274 registers.ebp: 3945930772 registers.edx: 9633792 registers.ebx: 236388355 registers.esi: 3 registers.ecx: 1983315968 exception.instruction_r: fb e9 b0 04 00 00 c1 e7 04 e9 86 06 00 00 81 cf exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0xe40d9 exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 934105 exception.address: 0xa140d9	success
1620985518.138689 __exception__	stacktrace: registers.esp: 2030424 registers.edi: 10570307 registers.eax: 31274 registers.ebp: 3945930772 registers.edx: 9633792 registers.ebx: 236388355 registers.esi: 2298801283 registers.ecx: 0 exception.instruction_r: fb 51 89 3c 24 56 89 e6 81 c6 04 00 00 00 81 ee exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0xe4085 exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 934021 exception.address: 0xa14085	success
1620985518.138689 __exception__	stacktrace: registers.esp: 2030420 registers.edi: 10570307 registers.eax: 10570745 registers.ebp: 3945930772 registers.edx: 33779717 registers.ebx: 1208154288 registers.esi: 2298801283 registers.ecx: 0 exception.instruction_r: fb e9 6e fc ff ff 81 ea 59 86 7f 76 c1 ea 04 81 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0xe5187 exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 938375 exception.address: 0xa15187	success
1620985518.138689 __exception__	stacktrace: registers.esp: 2030424 registers.edi: 10570307 registers.eax: 10600997 registers.ebp: 3945930772 registers.edx: 33779717 registers.ebx: 1208154288 registers.esi: 2298801283 registers.ecx: 0 exception.instruction_r: fb e9 5f 00 00 00 5a 31 f1 ff 34 24 e9 2b 00 00 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0xe53a0 exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 938912 exception.address: 0xa153a0	success
1620985518.138689 __exception__	stacktrace: registers.esp: 2030424 registers.edi: 10570307 registers.eax: 10600997 registers.ebp: 3945930772 registers.edx: 33779717 registers.ebx: 4294939564 registers.esi: 2298801283 registers.ecx: 239849 exception.instruction_r: fb 51 e9 a2 fa ff ff 89 1c 24 54 8b 1c 24 55 89 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0xe5494 exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 939156 exception.address: 0xa15494	success
1620985518.154689 __exception__	stacktrace: registers.esp: 2030420 registers.edi: 12132338 registers.eax: 30134 registers.ebp: 3945930772 registers.edx: 2130566132 registers.ebx: 49283824 registers.esi: 12116226 registers.ecx: 752 exception.instruction_r: fb e9 6f 03 00 00 50 b8 7e 6d 7d 7b f7 d0 c1 e8 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x2626b6 exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2500278 exception.address: 0xb926b6	success
1620985518.154689 __exception__	stacktrace: registers.esp: 2030424 registers.edi: 12162472 registers.eax: 30134 registers.ebp: 3945930772 registers.edx: 2130566132 registers.ebx: 49283824 registers.esi: 530409 registers.ecx: 4294940028 exception.instruction_r: fb 68 85 f5 72 7e ff 34 24 5a 56 89 e6 81 c6 04 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x26272e exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2500398 exception.address: 0xb9272e	success
1620985518.154689 __exception__	stacktrace: registers.esp: 2030424 registers.edi: 50665 registers.eax: 28752 registers.ebp: 3945930772 registers.edx: 2088999621 registers.ebx: 0 registers.esi: 12141585 registers.ecx: 4294940028 exception.instruction_r: fb 55 e9 e2 04 00 00 8b 0c 24 83 c4 04 05 0c 1c exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x2638e0 exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2504928 exception.address: 0xb938e0	success
1620985518.154689 __exception__	stacktrace: registers.esp: 2030420 registers.edi: 3485314 registers.eax: 33002 registers.ebp: 3945930772 registers.edx: 1042506 registers.ebx: 12143574 registers.esi: 12171130 registers.ecx: 12143574 exception.instruction_r: fb e9 4b 01 00 00 89 d8 ff 34 24 5b e9 79 05 00 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x26bed3 exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2539219 exception.address: 0xb9bed3	success
1620985518.154689 __exception__	stacktrace: registers.esp: 2030424 registers.edi: 1114345 registers.eax: 33002 registers.ebp: 3945930772 registers.edx: 4294937772 registers.ebx: 12143574 registers.esi: 12204132 registers.ecx: 12143574 exception.instruction_r: fb 50 89 e0 05 04 00 00 00 83 e8 04 e9 9c 06 00 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x26bc07 exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2538503 exception.address: 0xb9bc07	success
1620985518.169689 __exception__	stacktrace: registers.esp: 2030416 registers.edi: 1114345 registers.eax: 1447909480 registers.ebp: 3945930772 registers.edx: 22104 registers.ebx: 1983254709 registers.esi: 12178772 registers.ecx: 20 exception.instruction_r: ed 64 8f 05 00 00 00 00 51 54 59 81 c1 04 00 00 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x26e462 exception.instruction: in eax, dx exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2548834 exception.address: 0xb9e462	success
1620985518.169689 __exception__	stacktrace: registers.esp: 2030416 registers.edi: 1114345 registers.eax: 1 registers.ebp: 3945930772 registers.edx: 22104 registers.ebx: 0 registers.esi: 12178772 registers.ecx: 20 exception.instruction_r: 0f 3f 07 0b 64 8f 05 00 00 00 00 83 c4 04 83 fb exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x26fe98 exception.address: 0xb9fe98 exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc000001d exception.offset: 2555544	success
1620985518.169689 __exception__	stacktrace: registers.esp: 2030416 registers.edi: 1114345 registers.eax: 1447909480 registers.ebp: 3945930772 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 12178772 registers.ecx: 10 exception.instruction_r: ed 81 fb 68 58 4d 56 75 0a c7 85 4a 39 6f 15 01 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x2728cd exception.instruction: in eax, dx exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2566349 exception.address: 0xba28cd	success
1620985518.497689 __exception__	stacktrace: registers.esp: 2030384 registers.edi: 0 registers.eax: 2030384 registers.ebp: 3945930772 registers.edx: 0 registers.ebx: 12213773 registers.esi: 233 registers.ecx: 233 exception.instruction_r: cd 01 eb 00 6a 00 53 e8 03 00 00 00 20 5b c3 5b exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x275cc6 exception.instruction: int 1 exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000005 exception.offset: 2579654 exception.address: 0xba5cc6	success
1620985518.497689 __exception__	stacktrace: registers.esp: 2030424 registers.edi: 1114345 registers.eax: 30175 registers.ebp: 3945930772 registers.edx: 12245325 registers.ebx: 24087796 registers.esi: 12214051 registers.ecx: 3256614912 exception.instruction_r: fb e9 00 00 00 00 52 89 e2 81 c2 04 00 00 00 81 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x276cb8 exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2583736 exception.address: 0xba6cb8	success
1620985518.497689 __exception__	stacktrace: registers.esp: 2030424 registers.edi: 1114345 registers.eax: 2283 registers.ebp: 3945930772 registers.edx: 12217821 registers.ebx: 0 registers.esi: 12214051 registers.ecx: 3256614912 exception.instruction_r: fb 83 ec 04 89 3c 24 89 1c 24 50 b8 e7 20 fc 27 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x276963 exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2582883 exception.address: 0xba6963	success
1620985518.716689 __exception__	stacktrace: registers.esp: 2030424 registers.edi: 10560706 registers.eax: 27425 registers.ebp: 3945930772 registers.edx: 0 registers.ebx: 12277703 registers.esi: 961001 registers.ecx: 0 exception.instruction_r: fb 52 52 e9 00 00 00 00 89 e2 81 c2 04 00 00 00 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x2855ac exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2643372 exception.address: 0xbb55ac	success
1620985518.716689 __exception__	stacktrace: registers.esp: 2030420 registers.edi: 10560706 registers.eax: 27336 registers.ebp: 3945930772 registers.edx: 999471922 registers.ebx: 1465637060 registers.esi: 12290338 registers.ecx: 999471922 exception.instruction_r: fb e9 45 03 00 00 b9 7a 86 ee 03 51 f7 14 24 e9 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x288cb5 exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2657461 exception.address: 0xbb8cb5	success
1620985518.716689 __exception__	stacktrace: registers.esp: 2030424 registers.edi: 4294943152 registers.eax: 27336 registers.ebp: 3945930772 registers.edx: 999471922 registers.ebx: 1465637060 registers.esi: 12317674 registers.ecx: 262633 exception.instruction_r: fb 68 33 33 63 35 89 1c 24 e9 b6 02 00 00 52 e9 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x288a1f exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2656799 exception.address: 0xbb8a1f	success
1620985518.716689 __exception__	stacktrace: registers.esp: 2030416 registers.edi: 349012388 registers.eax: 12341044 registers.ebp: 3945930772 registers.edx: 999471922 registers.ebx: 352307703 registers.esi: 12293530 registers.ecx: 1011778853 exception.instruction_r: fb 29 f6 ff 34 30 68 f9 20 a9 7a 89 04 24 89 0c exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x28d65f exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2676319 exception.address: 0xbbd65f	success
1620985518.716689 __exception__	stacktrace: registers.esp: 2030416 registers.edi: 349012388 registers.eax: 12341044 registers.ebp: 3945930772 registers.edx: 84201 registers.ebx: 352307703 registers.esi: 4294937908 registers.ecx: 1011778853 exception.instruction_r: fb e9 97 03 00 00 5d e9 ba fb ff ff 81 2c 24 93 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x28d6fe exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2676478 exception.address: 0xbbd6fe	success
1620985518.716689 __exception__	stacktrace: registers.esp: 2030416 registers.edi: 12342352 registers.eax: 28259 registers.ebp: 3945930772 registers.edx: 931531603 registers.ebx: 1843628276 registers.esi: 4294937908 registers.ecx: 1011778853 exception.instruction_r: fb 57 c7 04 24 a1 c2 8f 75 e9 f9 02 00 00 89 04 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x28e615 exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2680341 exception.address: 0xbbe615	success
1620985518.716689 __exception__	stacktrace: registers.esp: 2030416 registers.edi: 12316928 registers.eax: 28259 registers.ebp: 3945930772 registers.edx: 931531603 registers.ebx: 414937192 registers.esi: 4294937908 registers.ecx: 0 exception.instruction_r: fb 56 89 e6 81 c6 04 00 00 00 81 ee 04 00 00 00 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x28ef62 exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2682722 exception.address: 0xbbef62	success
1620985518.732689 __exception__	stacktrace: registers.esp: 2030416 registers.edi: 3663392703 registers.eax: 32148 registers.ebp: 3945930772 registers.edx: 2130566132 registers.ebx: 12374115 registers.esi: 12411520 registers.ecx: 0 exception.instruction_r: fb 56 c7 04 24 b6 95 6c 73 81 2c 24 27 2e 92 04 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x29ec17 exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2747415 exception.address: 0xbcec17	success
1620985518.732689 __exception__	stacktrace: registers.esp: 2030416 registers.edi: 3663392703 registers.eax: 32148 registers.ebp: 3945930772 registers.edx: 0 registers.ebx: 12374115 registers.esi: 12382264 registers.ecx: 1358981728 exception.instruction_r: fb 50 68 ac 07 2a 1b 89 14 24 e9 94 06 00 00 81 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x29e564 exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2745700 exception.address: 0xbce564	success
1620985518.747689 __exception__	stacktrace: registers.esp: 2030384 registers.edi: 12452307 registers.eax: 28003 registers.ebp: 3945930772 registers.edx: 2130542836 registers.ebx: 12446814 registers.esi: 12452307 registers.ecx: 12481426 exception.instruction_r: fb e9 c4 00 00 00 01 f5 81 c5 7a e9 bf 3b 8b 34 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x2b0cfa exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2821370 exception.address: 0xbe0cfa	success
1620985518.747689 __exception__	stacktrace: registers.esp: 2030384 registers.edi: 12452307 registers.eax: 4149415864 registers.ebp: 3945930772 registers.edx: 2130542836 registers.ebx: 4294941872 registers.esi: 12452307 registers.ecx: 12481426 exception.instruction_r: fb 83 ec 04 89 04 24 89 14 24 51 c7 04 24 00 dc exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x2b0de9 exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2821609 exception.address: 0xbe0de9	success
1620985518.747689 __exception__	stacktrace: registers.esp: 2030384 registers.edi: 12452307 registers.eax: 29163 registers.ebp: 3945930772 registers.edx: 4294941124 registers.ebx: 2179107154 registers.esi: 12485598 registers.ecx: 866617344 exception.instruction_r: fb 57 c7 04 24 33 71 33 0b e9 2e 08 00 00 89 3c exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x2b13e8 exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2823144 exception.address: 0xbe13e8	success
1620985518.747689 __exception__	stacktrace: registers.esp: 2030380 registers.edi: 12452307 registers.eax: 25800 registers.ebp: 3945930772 registers.edx: 1033646469 registers.ebx: 81113692 registers.esi: 12485598 registers.ecx: 12459863 exception.instruction_r: fb 55 bd bc ad fb 5f 56 68 82 3e f7 7e 5e 81 c6 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x2b25c5 exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2827717 exception.address: 0xbe25c5	success
1620985518.747689 __exception__	stacktrace: registers.esp: 2030384 registers.edi: 12452307 registers.eax: 25800 registers.ebp: 3945930772 registers.edx: 1033646469 registers.ebx: 81113692 registers.esi: 12485598 registers.ecx: 12485663 exception.instruction_r: fb 53 c7 04 24 05 69 d1 39 89 1c 24 e9 62 04 00 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x2b2526 exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2827558 exception.address: 0xbe2526	success
1620985518.747689 __exception__	stacktrace: registers.esp: 2030384 registers.edi: 12452307 registers.eax: 0 registers.ebp: 3945930772 registers.edx: 1033646469 registers.ebx: 44777 registers.esi: 12485598 registers.ecx: 12462875 exception.instruction_r: fb 56 55 68 61 27 65 59 e9 a8 02 00 00 87 14 24 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x2b21cc exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2826700 exception.address: 0xbe21cc	success
1620985518.747689 __exception__	stacktrace: registers.esp: 2030380 registers.edi: 12452307 registers.eax: 32356 registers.ebp: 3945930772 registers.edx: 2130378752 registers.ebx: 65802 registers.esi: 12477144 registers.ecx: 2002452622 exception.instruction_r: fb e9 17 fa ff ff bd 00 89 1f 5f e9 e9 f8 ff ff exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x2b6dc4 exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2846148 exception.address: 0xbe6dc4	success
1620985518.747689 __exception__	stacktrace: registers.esp: 2030384 registers.edi: 12452307 registers.eax: 941268365 registers.ebp: 3945930772 registers.edx: 2130378752 registers.ebx: 4294938180 registers.esi: 12509500 registers.ecx: 2002452622 exception.instruction_r: fb e9 00 00 00 00 57 bf e6 ab ee 2f c1 ef 06 e9 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x2b6b03 exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2845443 exception.address: 0xbe6b03	success
1620985518.763689 __exception__	stacktrace: registers.esp: 2030384 registers.edi: 12452307 registers.eax: 29427 registers.ebp: 3945930772 registers.edx: 0 registers.ebx: 98793 registers.esi: 12509500 registers.ecx: 12490851 exception.instruction_r: fb 68 02 ec 0a 0c e9 52 00 00 00 8b 3c 24 51 89 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x2b9572 exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2856306 exception.address: 0xbe9572	success
1620985518.763689 __exception__	stacktrace: registers.esp: 2030384 registers.edi: 12494115 registers.eax: 762676840 registers.ebp: 3945930772 registers.edx: 654226476 registers.ebx: 0 registers.esi: 12509500 registers.ecx: 12490851 exception.instruction_r: fb 81 ec 04 00 00 00 89 2c 24 89 1c 24 54 8b 1c exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x2ba4d8 exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2860248 exception.address: 0xbea4d8	success
1620985518.763689 __exception__	stacktrace: registers.esp: 2030380 registers.edi: 12494549 registers.eax: 31191 registers.ebp: 3945930772 registers.edx: 654226476 registers.ebx: 201285363 registers.esi: 12509500 registers.ecx: 12490851 exception.instruction_r: fb 52 e9 39 fb ff ff 81 c7 73 35 93 73 ff 34 24 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x2bade0 exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2862560 exception.address: 0xbeade0	success
1620985518.763689 __exception__	stacktrace: registers.esp: 2030384 registers.edi: 12525740 registers.eax: 31191 registers.ebp: 3945930772 registers.edx: 654226476 registers.ebx: 201285363 registers.esi: 12509500 registers.ecx: 12490851 exception.instruction_r: fb 55 89 e5 81 c5 04 00 00 00 e9 7a fe ff ff 56 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x2baf3e exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2862910 exception.address: 0xbeaf3e	success
1620985518.763689 __exception__	stacktrace: registers.esp: 2030384 registers.edi: 12525740 registers.eax: 31191 registers.ebp: 3945930772 registers.edx: 81129 registers.ebx: 4294939012 registers.esi: 12509500 registers.ecx: 12490851 exception.instruction_r: fb e9 a2 02 00 00 8b 1c 24 56 89 e6 81 c6 04 00 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x2ba7ff exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2861055 exception.address: 0xbea7ff	success
1620985518.763689 __exception__	stacktrace: registers.esp: 2030380 registers.edi: 12582875 registers.eax: 30978 registers.ebp: 3945930772 registers.edx: 2130566132 registers.ebx: 2002452454 registers.esi: 12539425 registers.ecx: 0 exception.instruction_r: fb 81 c7 54 6e fb 7f 53 51 b9 31 1d e6 1e e9 00 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x2d0898 exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2951320 exception.address: 0xc00898	success
1620985518.763689 __exception__	stacktrace: registers.esp: 2030384 registers.edi: 12613853 registers.eax: 30978 registers.ebp: 3945930772 registers.edx: 2130566132 registers.ebx: 2002452454 registers.esi: 12539425 registers.ecx: 0 exception.instruction_r: fb 29 d2 e9 c3 02 00 00 c1 e2 05 c1 e2 06 51 c7 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x2d0256 exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2949718 exception.address: 0xc00256	success
1620985518.763689 __exception__	stacktrace: registers.esp: 2030384 registers.edi: 12613853 registers.eax: 30978 registers.ebp: 3945930772 registers.edx: 4294938984 registers.ebx: 2179303765 registers.esi: 12539425 registers.ecx: 0 exception.instruction_r: fb 52 e9 e8 fb ff ff ff 0c 24 57 bf e0 f7 6f 37 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x2d03f4 exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2950132 exception.address: 0xc003f4	success
1620985518.763689 __exception__	stacktrace: registers.esp: 2030384 registers.edi: 12613853 registers.eax: 28598 registers.ebp: 3945930772 registers.edx: 12627386 registers.ebx: 2179303765 registers.esi: 12539425 registers.ecx: 846792908 exception.instruction_r: fb 51 89 e1 81 c1 04 00 00 00 e9 b4 f9 ff ff 59 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x2d44a1 exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2966689 exception.address: 0xc044a1	success
1620985518.763689 __exception__	stacktrace: registers.esp: 2030384 registers.edi: 12613853 registers.eax: 28598 registers.ebp: 3945930772 registers.edx: 12601710 registers.ebx: 2179303765 registers.esi: 605849937 registers.ecx: 0 exception.instruction_r: fb 52 e9 00 00 00 00 ba 61 8f 30 6b 83 ec 04 89 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x2d484b exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2967627 exception.address: 0xc0484b	success
1620985518.763689 __exception__	stacktrace: registers.esp: 2030380 registers.edi: 12603180 registers.eax: 27925 registers.ebp: 3945930772 registers.edx: 12623099 registers.ebx: 1770518994 registers.esi: 605849937 registers.ecx: 3256614912 exception.instruction_r: fb 68 05 08 41 0d 89 04 24 b8 17 38 17 7d 56 e9 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x2da59b exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2991515 exception.address: 0xc0a59b	success
1620985518.763689 __exception__	stacktrace: registers.esp: 2030384 registers.edi: 12603180 registers.eax: 27925 registers.ebp: 3945930772 registers.edx: 12651024 registers.ebx: 1770518994 registers.esi: 4294942164 registers.ecx: 3923872081 exception.instruction_r: fb 83 ec 04 89 3c 24 89 14 24 68 83 c3 ff 79 e9 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x2da321 exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2990881 exception.address: 0xc0a321	success
1620985518.763689 __exception__	stacktrace: registers.esp: 2030384 registers.edi: 56320 registers.eax: 29033 registers.ebp: 3945930772 registers.edx: 12695623 registers.ebx: 12645075 registers.esi: 9411408 registers.ecx: 12341652 exception.instruction_r: fb 68 92 fd 5e 44 e9 07 fc ff ff 54 e9 a7 02 00 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x2e4ddb exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 3034587 exception.address: 0xc14ddb	success
1620985518.763689 __exception__	stacktrace: registers.esp: 2030384 registers.edi: 56320 registers.eax: 29033 registers.ebp: 3945930772 registers.edx: 12669759 registers.ebx: 12645075 registers.esi: 3317938770 registers.ecx: 0 exception.instruction_r: fb 83 ec 04 89 14 24 50 89 14 24 89 0c 24 57 68 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x2e4a91 exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 3033745 exception.address: 0xc14a91	success
1620985518.763689 __exception__	stacktrace: registers.esp: 2030380 registers.edi: 56320 registers.eax: 12670161 registers.ebp: 3945930772 registers.edx: 12669759 registers.ebx: 1317470167 registers.esi: 3317938770 registers.ecx: 0 exception.instruction_r: fb 56 51 68 c0 75 55 7b e9 77 00 00 00 5b 56 e9 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x2e5d31 exception.instruction: sti exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 3038513 exception.address: 0xc15d31	success

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Performs some HTTP requests (1 个事件)

request

GET http://ip-api.com/line

Resolves a suspicious Top Level Domain (TLD) (1 个事件)

domain

ggg01.top

description

Generic top level domain TLD

Allocates read-write-execute memory (usually to unpack itself) (34 个事件)

Time & API	Arguments	Status
1620985518.779689 NtProtectVirtualMemory	process_identifier: 2616 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x77dcf000	success
1620985518.779689 NtProtectVirtualMemory	process_identifier: 2616 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x77d40000	success
1620985518.951689 NtProtectVirtualMemory	process_identifier: 2616 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 389120 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x00931000	success
1620985518.997689 NtAllocateVirtualMemory	process_identifier: 2616 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00920000	success
1620985518.997689 NtAllocateVirtualMemory	process_identifier: 2616 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02290000	success
1620985518.997689 NtAllocateVirtualMemory	process_identifier: 2616 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x022a0000	success
1620985518.997689 NtAllocateVirtualMemory	process_identifier: 2616 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x022b0000	success
1620985518.997689 NtAllocateVirtualMemory	process_identifier: 2616 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02300000	success
1620985519.013689 NtAllocateVirtualMemory	process_identifier: 2616 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02350000	success
1620985519.013689 NtAllocateVirtualMemory	process_identifier: 2616 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02360000	success
1620985519.013689 NtAllocateVirtualMemory	process_identifier: 2616 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x023b0000	success
1620985519.013689 NtAllocateVirtualMemory	process_identifier: 2616 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x023c0000	success
1620985519.013689 NtAllocateVirtualMemory	process_identifier: 2616 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02410000	success
1620985519.013689 NtAllocateVirtualMemory	process_identifier: 2616 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02420000	success
1620985519.013689 NtAllocateVirtualMemory	process_identifier: 2616 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02430000	success
1620985519.013689 NtAllocateVirtualMemory	process_identifier: 2616 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x025c0000	success
1620985519.013689 NtAllocateVirtualMemory	process_identifier: 2616 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02650000	success
1620985519.013689 NtAllocateVirtualMemory	process_identifier: 2616 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02660000	success
1620985519.013689 NtAllocateVirtualMemory	process_identifier: 2616 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02770000	success
1620985519.013689 NtAllocateVirtualMemory	process_identifier: 2616 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x027c0000	success
1620985519.013689 NtAllocateVirtualMemory	process_identifier: 2616 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x027d0000	success
1620985519.013689 NtAllocateVirtualMemory	process_identifier: 2616 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02960000	success
1620985519.029689 NtAllocateVirtualMemory	process_identifier: 2616 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02970000	success
1620985519.029689 NtAllocateVirtualMemory	process_identifier: 2616 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x029c0000	success
1620985519.029689 NtAllocateVirtualMemory	process_identifier: 2616 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02b10000	success
1620985519.029689 NtAllocateVirtualMemory	process_identifier: 2616 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02300000	success
1620985519.029689 NtAllocateVirtualMemory	process_identifier: 2616 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02300000	success
1620985519.060689 NtAllocateVirtualMemory	process_identifier: 2616 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02300000	success
1620985519.060689 NtAllocateVirtualMemory	process_identifier: 2616 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02300000	success
1620985519.076689 NtAllocateVirtualMemory	process_identifier: 2616 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02300000	success
1620985519.076689 NtAllocateVirtualMemory	process_identifier: 2616 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02300000	success
1620985519.076689 NtAllocateVirtualMemory	process_identifier: 2616 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02300000	success
1620985519.076689 NtAllocateVirtualMemory	process_identifier: 2616 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02300000	success
1620985520.497689 NtAllocateVirtualMemory	process_identifier: 2616 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x02e00000	success

A process attempted to delay the analysis task. (1 个事件)

description

a45caed06a6756c2d4e187ab4c42be0f.exe tried to sleep 662 seconds, actually delayed analysis time by 662 seconds

Steals private information from local Internet browsers (30 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\CookiesCopy-journal
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Profile 2\WebDataCopy
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\WebDataCopy-wal
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Profile 1\LoginDataCopy
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\LoginDataCopy
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\WebDataCopy
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\WebDataCopy-journal
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Profile 1\CookiesCopy
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Profile 2\LoginDataCopy
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Profile 3\CookiesCopy
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\LoginDataCopy-journal
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\CookiesCopy
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\LoginDataCopy-wal
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Profile 1\WebDataCopy
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\CookiesCopy-wal
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Profile 2\CookiesCopy
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Profile 3\LoginDataCopy
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Profile 3\WebDataCopy
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Default\LoginDataCopy
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Profile 2\LoginDataCopy
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Profile 3\WebDataCopy
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Profile 1\CookiesCopy
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Profile 1\WebDataCopy
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Profile 3\CookiesCopy
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Profile 2\WebDataCopy
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Profile 3\LoginDataCopy
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Profile 1\LoginDataCopy
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Profile 2\CookiesCopy
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Default\WebDataCopy
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Chromium\User Data\Default\CookiesCopy

Looks up the external IP address (1 个事件)

domain

ip-api.com

Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620985522.607689 GetAdaptersAddresses	flags: 0 family: 0	failed	111	0

The binary likely contains encrypted or compressed data indicative of a packer (4 个事件)

entropy

7.986735612990792

section

{'size_of_data': '0x0005e600', 'virtual_address': '0x00001000', 'entropy': 7.986735612990792, 'name': ' \\x00 ', 'virtual_size': '0x000a9000'}

description

A section with a high entropy has been found

entropy

7.997688416079653

section

{'size_of_data': '0x00036e00', 'virtual_address': '0x000aa000', 'entropy': 7.997688416079653, 'name': '.rsrc', 'virtual_size': '0x00036dc5'}

description

A section with a high entropy has been found

entropy

7.957133607052715

section

{'size_of_data': '0x001d4e00', 'virtual_address': '0x00388000', 'entropy': 7.957133607052715, 'name': 'gvxzaugh', 'virtual_size': '0x001d5000'}

description

A section with a high entropy has been found

entropy

0.9993936944219887

description

Overall entropy of this PE file is high

Expresses interest in specific running processes (1 个事件)

process

system

Queries for potentially installed applications (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620985530.185689 RegOpenKeyExW	access: 0x00020119 base_handle: 0x80000001 key_handle: 0x00000000 regkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall options: 0	failed	2	0

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Attempts to identify installed AV products by installation directory (2 个事件)

file	C:\ProgramData\AVAST Software
file	C:\ProgramData\Avg

Checks for the presence of known devices from debuggers and forensic tools (3 个事件)

file	\??\SICE
file	\??\SIWVID
file	\??\NTICE

Checks for the presence of known windows from debuggers and forensic tools (50 out of 197 个事件)

Time & API	Arguments	Status
1620985518.763689 FindWindowA	class_name: OLLYDBG window_name:	failed
1620985518.763689 FindWindowA	class_name: GBDYLLO window_name:	failed
1620985518.763689 FindWindowA	class_name: pediy06 window_name:	failed
1620985518.763689 FindWindowA	class_name: FilemonClass window_name:	failed
1620985518.763689 FindWindowA	class_name: FilemonClass window_name:	failed
1620985518.763689 FindWindowA	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com	failed
1620985518.763689 FindWindowA	class_name: PROCMON_WINDOW_CLASS window_name:	failed
1620985518.763689 FindWindowA	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com	failed
1620985518.763689 FindWindowA	class_name: RegmonClass window_name:	failed
1620985518.763689 FindWindowA	class_name: RegmonClass window_name:	failed
1620985518.763689 FindWindowA	class_name: #0 window_name: Registry Monitor - Sysinternals: www.sysinternals.com	failed
1620985518.763689 FindWindowA	class_name: 18467-41 window_name:	failed
1620985518.951689 FindWindowA	class_name: FilemonClass window_name:	failed
1620985518.951689 FindWindowA	class_name: FilemonClass window_name:	failed
1620985518.951689 FindWindowA	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com	failed
1620985518.951689 FindWindowA	class_name: PROCMON_WINDOW_CLASS window_name:	failed
1620985518.951689 FindWindowA	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com	failed
1620985520.763689 FindWindowA	class_name: OLLYDBG window_name:	failed
1620985520.763689 FindWindowA	class_name: GBDYLLO window_name:	failed
1620985520.763689 FindWindowA	class_name: pediy06 window_name:	failed
1620985522.779689 FindWindowA	class_name: OLLYDBG window_name:	failed
1620985522.779689 FindWindowA	class_name: GBDYLLO window_name:	failed
1620985522.779689 FindWindowA	class_name: pediy06 window_name:	failed
1620985522.997689 FindWindowA	class_name: Regmonclass window_name:	failed
1620985522.997689 FindWindowA	class_name: Regmonclass window_name:	failed
1620985523.310689 FindWindowA	class_name: 18467-41 window_name:	failed
1620985523.622689 FindWindowA	class_name: Filemonclass window_name:	failed
1620985523.622689 FindWindowA	class_name: Filemonclass window_name:	failed
1620985523.622689 FindWindowA	class_name: PROCMON_WINDOW_CLASS window_name:	failed
1620985524.794689 FindWindowA	class_name: OLLYDBG window_name:	failed
1620985524.794689 FindWindowA	class_name: GBDYLLO window_name:	failed
1620985524.794689 FindWindowA	class_name: pediy06 window_name:	failed
1620985526.810689 FindWindowA	class_name: OLLYDBG window_name:	failed
1620985526.810689 FindWindowA	class_name: GBDYLLO window_name:	failed
1620985526.810689 FindWindowA	class_name: pediy06 window_name:	failed
1620985527.622689 FindWindowA	class_name: Regmonclass window_name:	failed
1620985527.622689 FindWindowA	class_name: Regmonclass window_name:	failed
1620985527.935689 FindWindowA	class_name: 18467-41 window_name:	failed
1620985528.247689 FindWindowA	class_name: Filemonclass window_name:	failed
1620985528.247689 FindWindowA	class_name: Filemonclass window_name:	failed
1620985528.247689 FindWindowA	class_name: PROCMON_WINDOW_CLASS window_name:	failed
1620985528.826689 FindWindowA	class_name: OLLYDBG window_name:	failed
1620985528.826689 FindWindowA	class_name: GBDYLLO window_name:	failed
1620985528.826689 FindWindowA	class_name: pediy06 window_name:	failed
1620985530.841689 FindWindowA	class_name: OLLYDBG window_name:	failed
1620985530.841689 FindWindowA	class_name: GBDYLLO window_name:	failed
1620985530.841689 FindWindowA	class_name: pediy06 window_name:	failed
1620985532.247689 FindWindowA	class_name: Regmonclass window_name:	failed
1620985532.247689 FindWindowA	class_name: Regmonclass window_name:	failed
1620985532.560689 FindWindowA	class_name: 18467-41 window_name:	failed

Checks the version of Bios, possibly for anti-virtualization (2 个事件)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Checks the CPU name from registry, possibly for anti-virtualization (1 个事件)

registry

HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString

Attempts to access Bitcoin/ALTCoin wallets (1 个事件)

file	C:\ProgramData\wxfIMnJG1\Files\Coins\Electrum\wallets

Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)

Time & API	Arguments	Status
1620985525.185689 RegSetValueExA	key_handle: 0x000004f4 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason	success
1620985525.185689 RegSetValueExA	key_handle: 0x000004f4 value: p»8&½H× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime	success
1620985525.201689 RegSetValueExA	key_handle: 0x000004f4 value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision	success
1620985525.201689 RegSetValueExW	key_handle: 0x000004f4 value: 网络 2 regkey_r: WpadNetworkName reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName	success
1620985525.201689 RegSetValueExA	key_handle: 0x0000050c value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason	success
1620985525.201689 RegSetValueExA	key_handle: 0x0000050c value: p»8&½H× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime	success
1620985525.201689 RegSetValueExA	key_handle: 0x0000050c value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision	success
1620985525.232689 RegSetValueExW	key_handle: 0x000004f0 value: {40112ABE-63B3-43C3-BE93-1440EE3AF106} regkey_r: WpadLastNetwork reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork	success
1620985529.951689 RegSetValueExA	key_handle: 0x00000520 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason	success
1620985529.951689 RegSetValueExA	key_handle: 0x00000520 value: P÷)½H× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime	success
1620985529.951689 RegSetValueExA	key_handle: 0x00000520 value: 0 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision	success
1620985529.951689 RegSetValueExW	key_handle: 0x00000520 value: 网络 2 regkey_r: WpadNetworkName reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName	success
1620985529.951689 RegSetValueExA	key_handle: 0x0000051c value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason	success
1620985529.951689 RegSetValueExA	key_handle: 0x0000051c value: P÷)½H× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime	success
1620985529.951689 RegSetValueExA	key_handle: 0x0000051c value: 0 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision	success

Detects VirtualBox through the presence of a registry key (1 个事件)

registry

HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Detects VMWare through the in instruction feature (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620985518.169689 __exception__	stacktrace: registers.esp: 2030416 registers.edi: 1114345 registers.eax: 1447909480 registers.ebp: 3945930772 registers.edx: 22104 registers.ebx: 1983254709 registers.esi: 12178772 registers.ecx: 20 exception.instruction_r: ed 64 8f 05 00 00 00 00 51 54 59 81 c1 04 00 00 exception.symbol: a45caed06a6756c2d4e187ab4c42be0f+0x26e462 exception.instruction: in eax, dx exception.module: a45caed06a6756c2d4e187ab4c42be0f.exe exception.exception_code: 0xc0000096 exception.offset: 2548834 exception.address: 0xb9e462	success	0	0

Detects the presence of Wine emulator (1 个事件)

registry

HKEY_CURRENT_USER\Software\Wine

Generates some ICMP traffic

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2019-09-21 03:12:32

Imports

Library kernel32.dll:

• 0x4e1033 lstrcpy

Library comctl32.dll:

• 0x4e103b InitCommonControls

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
ggg01.top
ip-api.com	A 208.95.112.1	208.95.112.1
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com

TCP

Source	Source Port	Destination	Destination Port
192.168.56.101	49178	208.95.112.1 ip-api.com	80

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	51378	114.114.114.114	53
192.168.56.101	53657	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	51808	224.0.0.252	5355
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50535	239.255.255.250	3702
192.168.56.101	50537	239.255.255.250	3702
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

URI	Data
http://ip-api.com/line	GET /line HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: ip-api.com Connection: Keep-Alive

URI

Data

http://ip-api.com/line

GET /line HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: ip-api.com
Connection: Keep-Alive

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.