Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Dec. 12, 2023, 10:48 a.m.	Dec. 12, 2023, 10:51 a.m.

Size	40.6MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c87e0ff27716ffd84d540965e457773e`
SHA256	`d9eeecc174bc8f60a5918e644ea5b541d1128d3b8d25d529d7e9e9bdf53194f1`
CRC32	`EE61482C`
ssdeep	`786432:wTBq1oUQ6K5lpILequze9Bsn2kMU/Y8WdSYIHUjozxLNMLJjcl+:wTBqm4eqXIMUWYYIHUjuKVjc`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file mzp_file_format - MZP(Delphi) file format EnigmaProtector_IN - EnigmaProtector

GoogleCrashHandler64.exe "C:\Users\test22\AppData\Local\Temp\GoogleCrashHandler64.exe"
2052
- cmd.exe cmd.exe /c ""C:\Users\test22\AppData\Local\Temp\20523LC1.bat" "C:\Users\test22\AppData\Local\Temp\GoogleCrashHandler64.exe" "
  2120
  - chcp.com chcp 1252
    2180
  - tasklist.exe TASKLIST
    2264
  - findstr.exe FINDSTR /I "dlIhost.exe"
    2300
  - timeout.exe TIMEOUT /T 10
    2412
  - tasklist.exe TASKLIST
    2760
  - findstr.exe FINDSTR /I "dlIhost.exe"
    2800
  - dlIhost.exe "C:\Users\test22\AppData\Local\Temp\dlIhost.exe"
    2872
  - timeout.exe TIMEOUT /T 10
    2984
  - tasklist.exe TASKLIST
    3040
  - findstr.exe FINDSTR /I "dlIhost.exe"
    1188
  - timeout.exe TIMEOUT /T 10
    2208
  - tasklist.exe TASKLIST
    2296
  - findstr.exe FINDSTR /I "dlIhost.exe"
    2408
  - dlIhost.exe "C:\Users\test22\AppData\Local\Temp\dlIhost.exe"
    2460
  - timeout.exe TIMEOUT /T 10
    2812
  - tasklist.exe TASKLIST
    2848
  - findstr.exe FINDSTR /I "dlIhost.exe"
    1800
  - timeout.exe TIMEOUT /T 10
    2468
  - tasklist.exe TASKLIST
    1700
  - findstr.exe FINDSTR /I "dlIhost.exe"
    2152
  - dlIhost.exe "C:\Users\test22\AppData\Local\Temp\dlIhost.exe"
    2936
  - timeout.exe TIMEOUT /T 10
    2268
  - tasklist.exe TASKLIST
    1208
  - findstr.exe FINDSTR /I "dlIhost.exe"
    1160
  - timeout.exe TIMEOUT /T 10
    2752
  - tasklist.exe TASKLIST
    1028
  - findstr.exe FINDSTR /I "dlIhost.exe"
    1684
  - dlIhost.exe "C:\Users\test22\AppData\Local\Temp\dlIhost.exe"
    1448
  - timeout.exe TIMEOUT /T 10
    2192

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (13 events)

Time & API	Arguments	Status	Return
GetComputerNameA Dec. 12, 2023, 10:48 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Dec. 12, 2023, 10:48 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Dec. 12, 2023, 10:49 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameA Dec. 12, 2023, 10:49 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Dec. 12, 2023, 10:49 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Dec. 12, 2023, 10:49 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameA Dec. 12, 2023, 10:49 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Dec. 12, 2023, 10:49 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Dec. 12, 2023, 10:50 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameA Dec. 12, 2023, 10:43 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Dec. 12, 2023, 10:50 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Dec. 12, 2023, 10:50 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameA Dec. 12, 2023, 10:43 a.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (4 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Dec. 12, 2023, 10:49 a.m.			0	0
IsDebuggerPresent Dec. 12, 2023, 10:49 a.m.			0	0
IsDebuggerPresent Dec. 12, 2023, 10:43 a.m.			0	0
IsDebuggerPresent Dec. 12, 2023, 10:43 a.m.			0	0

Command line console output was observed (31 events)

Time & API	Arguments	Status	Return
WriteConsoleW Dec. 12, 2023, 10:48 a.m.	buffer: C:\Users\test22\AppData\Local\Temp> console_handle: 0x00000007	1	1
WriteConsoleW Dec. 12, 2023, 10:48 a.m.	buffer: chcp console_handle: 0x00000007	1	1
WriteConsoleW Dec. 12, 2023, 10:48 a.m.	buffer: "dlIhost.exe" console_handle: 0x00000007	1	1
WriteConsoleW Dec. 12, 2023, 10:48 a.m.	buffer: '"C:\Windows\TEMP\dlIhost.exe"' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x0000000b	1	1
WriteConsoleW Dec. 12, 2023, 10:49 a.m.	buffer: "dlIhost.exe" console_handle: 0x00000007	1	1
WriteConsoleW Dec. 12, 2023, 10:49 a.m.	buffer: "dlIhost.exe" console_handle: 0x00000007	1	1
WriteConsoleW Dec. 12, 2023, 10:49 a.m.	buffer: '"C:\Windows\TEMP\dlIhost.exe"' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x0000000b	1	1
WriteConsoleW Dec. 12, 2023, 10:49 a.m.	buffer: "dlIhost.exe" console_handle: 0x00000007	1	1
WriteConsoleW Dec. 12, 2023, 10:49 a.m.	buffer: "dlIhost.exe" console_handle: 0x00000007	1	1
WriteConsoleW Dec. 12, 2023, 10:49 a.m.	buffer: '"C:\Windows\TEMP\dlIhost.exe"' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x0000000b	1	1
WriteConsoleW Dec. 12, 2023, 10:50 a.m.	buffer: "dlIhost.exe" console_handle: 0x00000007	1	1
WriteConsoleW Dec. 12, 2023, 10:50 a.m.	buffer: "dlIhost.exe" console_handle: 0x00000007	1	1
WriteConsoleW Dec. 12, 2023, 10:50 a.m.	buffer: '"C:\Windows\TEMP\dlIhost.exe"' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x0000000b	1	1
WriteConsoleW Dec. 12, 2023, 10:50 a.m.	buffer: "dlIhost.exe" console_handle: 0x00000007	1	1
WriteConsoleW Dec. 12, 2023, 10:48 a.m.	buffer: Active code page: 1252 console_handle: 0x00000013	1	1
WriteConsoleW Dec. 12, 2023, 10:48 a.m.	buffer: Waiting for 10 console_handle: 0x00000007	1	1
WriteConsoleW Dec. 12, 2023, 10:48 a.m.	buffer: seconds, press a key to continue ... console_handle: 0x00000007	1	1
WriteConsoleW Dec. 12, 2023, 10:49 a.m.	buffer: Waiting for 10 console_handle: 0x00000007	1	1
WriteConsoleW Dec. 12, 2023, 10:49 a.m.	buffer: seconds, press a key to continue ... console_handle: 0x00000007	1	1
WriteConsoleW Dec. 12, 2023, 10:49 a.m.	buffer: Waiting for 10 console_handle: 0x00000007	1	1
WriteConsoleW Dec. 12, 2023, 10:49 a.m.	buffer: seconds, press a key to continue ... console_handle: 0x00000007	1	1
WriteConsoleW Dec. 12, 2023, 10:49 a.m.	buffer: Waiting for 10 console_handle: 0x00000007	1	1
WriteConsoleW Dec. 12, 2023, 10:49 a.m.	buffer: seconds, press a key to continue ... console_handle: 0x00000007	1	1
WriteConsoleW Dec. 12, 2023, 10:49 a.m.	buffer: Waiting for 10 console_handle: 0x00000007	1	1
WriteConsoleW Dec. 12, 2023, 10:49 a.m.	buffer: seconds, press a key to continue ... console_handle: 0x00000007	1	1
WriteConsoleW Dec. 12, 2023, 10:50 a.m.	buffer: Waiting for 10 console_handle: 0x00000007	1	1
WriteConsoleW Dec. 12, 2023, 10:50 a.m.	buffer: seconds, press a key to continue ... console_handle: 0x00000007	1	1
WriteConsoleW Dec. 12, 2023, 10:50 a.m.	buffer: Waiting for 10 console_handle: 0x00000007	1	1
WriteConsoleW Dec. 12, 2023, 10:50 a.m.	buffer: seconds, press a key to continue ... console_handle: 0x00000007	1	1
WriteConsoleW Dec. 12, 2023, 10:50 a.m.	buffer: Waiting for 10 console_handle: 0x00000007	1	1
WriteConsoleW Dec. 12, 2023, 10:50 a.m.	buffer: seconds, press a key to continue ... console_handle: 0x00000007	1	1

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

One or more processes crashed (50 out of 262239 events)

Time & API	Arguments	Status
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: googlecrashhandler64+0x1b495d @ 0x5b495d googlecrashhandler64+0x1a714e @ 0x5a714e googlecrashhandler64+0x291e32 @ 0x691e32 exception.instruction_r: f7 f0 e8 44 37 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: googlecrashhandler64+0xf96d5 exception.instruction: div eax exception.module: GoogleCrashHandler64.exe exception.exception_code: 0xc0000094 exception.offset: 1021653 exception.address: 0x4f96d5 registers.esp: 2686684 registers.edi: 6889712 registers.eax: 0 registers.ebp: 2686712 registers.edx: 0 registers.ebx: 1270762678 registers.esi: 4296704 registers.ecx: 38550196	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: googlecrashhandler64+0x1b495d @ 0x5b495d googlecrashhandler64+0x1a714e @ 0x5a714e googlecrashhandler64+0x291e32 @ 0x691e32 exception.instruction_r: 0f 0b e8 19 37 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: googlecrashhandler64+0xf9700 exception.instruction: ud2 exception.module: GoogleCrashHandler64.exe exception.exception_code: 0xc000001d exception.offset: 1021696 exception.address: 0x4f9700 registers.esp: 2686684 registers.edi: 2686684 registers.eax: 0 registers.ebp: 2686712 registers.edx: 2 registers.ebx: 5215979 registers.esi: 0 registers.ecx: 2686720	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: googlecrashhandler64+0x1b495d @ 0x5b495d googlecrashhandler64+0x1a714e @ 0x5a714e googlecrashhandler64+0x291e32 @ 0x691e32 exception.instruction_r: f7 f0 e8 44 37 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: googlecrashhandler64+0xf96d5 exception.instruction: div eax exception.module: GoogleCrashHandler64.exe exception.exception_code: 0xc0000094 exception.offset: 1021653 exception.address: 0x4f96d5 registers.esp: 2686684 registers.edi: 2686684 registers.eax: 0 registers.ebp: 2686712 registers.edx: 0 registers.ebx: 5216022 registers.esi: 0 registers.ecx: 2686720	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: googlecrashhandler64+0x1b495d @ 0x5b495d googlecrashhandler64+0x1a714e @ 0x5a714e googlecrashhandler64+0x291e32 @ 0x691e32 exception.instruction_r: f7 f0 e8 44 37 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: googlecrashhandler64+0xf96d5 exception.instruction: div eax exception.module: GoogleCrashHandler64.exe exception.exception_code: 0xc0000094 exception.offset: 1021653 exception.address: 0x4f96d5 registers.esp: 2686684 registers.edi: 2686684 registers.eax: 0 registers.ebp: 2686712 registers.edx: 0 registers.ebx: 5215979 registers.esi: 0 registers.ecx: 2686720	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: googlecrashhandler64+0x1a8a12 @ 0x5a8a12 googlecrashhandler64+0x1a715a @ 0x5a715a googlecrashhandler64+0x291e32 @ 0x691e32 exception.instruction_r: f7 f0 e8 44 37 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: googlecrashhandler64+0xf96d5 exception.instruction: div eax exception.module: GoogleCrashHandler64.exe exception.exception_code: 0xc0000094 exception.offset: 1021653 exception.address: 0x4f96d5 registers.esp: 2686620 registers.edi: 5683876 registers.eax: 0 registers.ebp: 2686648 registers.edx: 0 registers.ebx: 102400 registers.esi: 4296704 registers.ecx: 4296704	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: googlecrashhandler64+0x1a8a12 @ 0x5a8a12 googlecrashhandler64+0x1a715a @ 0x5a715a googlecrashhandler64+0x291e32 @ 0x691e32 exception.instruction_r: f7 f0 e8 44 37 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: googlecrashhandler64+0xf96d5 exception.instruction: div eax exception.module: GoogleCrashHandler64.exe exception.exception_code: 0xc0000094 exception.offset: 1021653 exception.address: 0x4f96d5 registers.esp: 2686620 registers.edi: 2686620 registers.eax: 0 registers.ebp: 2686648 registers.edx: 0 registers.ebx: 5215979 registers.esi: 0 registers.ecx: 2686656	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: googlecrashhandler64+0x1a8a12 @ 0x5a8a12 googlecrashhandler64+0x1a715a @ 0x5a715a googlecrashhandler64+0x291e32 @ 0x691e32 exception.instruction_r: 0f 0b e8 19 37 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: googlecrashhandler64+0xf9700 exception.instruction: ud2 exception.module: GoogleCrashHandler64.exe exception.exception_code: 0xc000001d exception.offset: 1021696 exception.address: 0x4f9700 registers.esp: 2686620 registers.edi: 2686620 registers.eax: 0 registers.ebp: 2686648 registers.edx: 2 registers.ebx: 5215979 registers.esi: 0 registers.ecx: 2686656	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: googlecrashhandler64+0x1a8a12 @ 0x5a8a12 googlecrashhandler64+0x1a715a @ 0x5a715a googlecrashhandler64+0x291e32 @ 0x691e32 exception.instruction_r: 0f 0b e8 19 37 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: googlecrashhandler64+0xf9700 exception.instruction: ud2 exception.module: GoogleCrashHandler64.exe exception.exception_code: 0xc000001d exception.offset: 1021696 exception.address: 0x4f9700 registers.esp: 2686620 registers.edi: 2686620 registers.eax: 0 registers.ebp: 2686648 registers.edx: 2 registers.ebx: 5216022 registers.esi: 0 registers.ecx: 2686656	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: googlecrashhandler64+0x1a8a12 @ 0x5a8a12 googlecrashhandler64+0x1a715a @ 0x5a715a googlecrashhandler64+0x291e32 @ 0x691e32 exception.instruction_r: 0f 0b e8 19 37 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: googlecrashhandler64+0xf9700 exception.instruction: ud2 exception.module: GoogleCrashHandler64.exe exception.exception_code: 0xc000001d exception.offset: 1021696 exception.address: 0x4f9700 registers.esp: 2686620 registers.edi: 2686620 registers.eax: 0 registers.ebp: 2686648 registers.edx: 2 registers.ebx: 5216022 registers.esi: 0 registers.ecx: 2686656	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: googlecrashhandler64+0x1a8d05 @ 0x5a8d05 googlecrashhandler64+0x1a715a @ 0x5a715a googlecrashhandler64+0x291e32 @ 0x691e32 exception.instruction_r: 0f 0b e8 19 37 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: googlecrashhandler64+0xf9700 exception.instruction: ud2 exception.module: GoogleCrashHandler64.exe exception.exception_code: 0xc000001d exception.offset: 1021696 exception.address: 0x4f9700 registers.esp: 2686620 registers.edi: 5683876 registers.eax: 0 registers.ebp: 2686648 registers.edx: 2 registers.ebx: 4 registers.esi: 4294967295 registers.ecx: 901276502	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: googlecrashhandler64+0x1a8d05 @ 0x5a8d05 googlecrashhandler64+0x1a715a @ 0x5a715a googlecrashhandler64+0x291e32 @ 0x691e32 exception.instruction_r: f7 f0 e8 44 37 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: googlecrashhandler64+0xf96d5 exception.instruction: div eax exception.module: GoogleCrashHandler64.exe exception.exception_code: 0xc0000094 exception.offset: 1021653 exception.address: 0x4f96d5 registers.esp: 2686620 registers.edi: 2686620 registers.eax: 0 registers.ebp: 2686648 registers.edx: 0 registers.ebx: 5216022 registers.esi: 0 registers.ecx: 2686656	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: googlecrashhandler64+0x1a8d05 @ 0x5a8d05 googlecrashhandler64+0x1a715a @ 0x5a715a googlecrashhandler64+0x291e32 @ 0x691e32 exception.instruction_r: 0f 0b e8 19 37 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: googlecrashhandler64+0xf9700 exception.instruction: ud2 exception.module: GoogleCrashHandler64.exe exception.exception_code: 0xc000001d exception.offset: 1021696 exception.address: 0x4f9700 registers.esp: 2686620 registers.edi: 2686620 registers.eax: 0 registers.ebp: 2686648 registers.edx: 2 registers.ebx: 5215979 registers.esi: 0 registers.ecx: 2686656	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: googlecrashhandler64+0x1a8d05 @ 0x5a8d05 googlecrashhandler64+0x1a715a @ 0x5a715a googlecrashhandler64+0x291e32 @ 0x691e32 exception.instruction_r: f7 f0 e8 44 37 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: googlecrashhandler64+0xf96d5 exception.instruction: div eax exception.module: GoogleCrashHandler64.exe exception.exception_code: 0xc0000094 exception.offset: 1021653 exception.address: 0x4f96d5 registers.esp: 2686620 registers.edi: 2686620 registers.eax: 0 registers.ebp: 2686648 registers.edx: 0 registers.ebx: 5216022 registers.esi: 0 registers.ecx: 2686656	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: googlecrashhandler64+0x1a8d05 @ 0x5a8d05 googlecrashhandler64+0x1a715a @ 0x5a715a googlecrashhandler64+0x291e32 @ 0x691e32 exception.instruction_r: 0f 0b e8 19 37 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: googlecrashhandler64+0xf9700 exception.instruction: ud2 exception.module: GoogleCrashHandler64.exe exception.exception_code: 0xc000001d exception.offset: 1021696 exception.address: 0x4f9700 registers.esp: 2686620 registers.edi: 2686620 registers.eax: 0 registers.ebp: 2686648 registers.edx: 2 registers.ebx: 5215979 registers.esi: 0 registers.ecx: 2686656	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: googlecrashhandler64+0x1a8d2a @ 0x5a8d2a googlecrashhandler64+0x1a715a @ 0x5a715a googlecrashhandler64+0x291e32 @ 0x691e32 exception.instruction_r: cc 68 48 6e 14 21 e9 fc a5 fe ff 5f f2 5a 0b d5 exception.symbol: googlecrashhandler64+0x1b2de1 exception.instruction: int3 exception.module: GoogleCrashHandler64.exe exception.exception_code: 0x80000003 exception.offset: 1781217 exception.address: 0x5b2de1 registers.esp: 2686620 registers.edi: 5655117 registers.eax: 2324 registers.ebp: 2686648 registers.edx: 2686656 registers.ebx: 4 registers.esi: 4294919751 registers.ecx: 0	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: exception.instruction_r: cc 68 7a 5d 14 21 e9 54 c3 fe ff f4 46 ee 18 38 exception.symbol: googlecrashhandler64+0x1b1089 exception.instruction: int3 exception.module: GoogleCrashHandler64.exe exception.exception_code: 0x80000003 exception.offset: 1773705 exception.address: 0x5b1089 registers.esp: 2686620 registers.edi: 5683876 registers.eax: 4 registers.ebp: 1111705675 registers.edx: 0 registers.ebx: 4 registers.esi: 4294967295 registers.ecx: 1377566720	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: googlecrashhandler64+0x1a8e8e @ 0x5a8e8e googlecrashhandler64+0x1a715a @ 0x5a715a googlecrashhandler64+0x291e32 @ 0x691e32 exception.instruction_r: 0f 0b e8 19 37 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: googlecrashhandler64+0xf9700 exception.instruction: ud2 exception.module: GoogleCrashHandler64.exe exception.exception_code: 0xc000001d exception.offset: 1021696 exception.address: 0x4f9700 registers.esp: 2686620 registers.edi: 5683876 registers.eax: 0 registers.ebp: 2686648 registers.edx: 2 registers.ebx: 4 registers.esi: 4294967295 registers.ecx: 0	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: googlecrashhandler64+0x1a8e8e @ 0x5a8e8e googlecrashhandler64+0x1a715a @ 0x5a715a googlecrashhandler64+0x291e32 @ 0x691e32 exception.instruction_r: f7 f0 e8 44 37 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: googlecrashhandler64+0xf96d5 exception.instruction: div eax exception.module: GoogleCrashHandler64.exe exception.exception_code: 0xc0000094 exception.offset: 1021653 exception.address: 0x4f96d5 registers.esp: 2686620 registers.edi: 2686620 registers.eax: 0 registers.ebp: 2686648 registers.edx: 0 registers.ebx: 5216022 registers.esi: 0 registers.ecx: 2686656	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: googlecrashhandler64+0x1a8e8e @ 0x5a8e8e googlecrashhandler64+0x1a715a @ 0x5a715a googlecrashhandler64+0x291e32 @ 0x691e32 exception.instruction_r: f7 f0 e8 44 37 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: googlecrashhandler64+0xf96d5 exception.instruction: div eax exception.module: GoogleCrashHandler64.exe exception.exception_code: 0xc0000094 exception.offset: 1021653 exception.address: 0x4f96d5 registers.esp: 2686620 registers.edi: 2686620 registers.eax: 0 registers.ebp: 2686648 registers.edx: 0 registers.ebx: 5215979 registers.esi: 0 registers.ecx: 2686656	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: googlecrashhandler64+0x1a8e8e @ 0x5a8e8e googlecrashhandler64+0x1a715a @ 0x5a715a googlecrashhandler64+0x291e32 @ 0x691e32 exception.instruction_r: f7 f0 e8 44 37 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: googlecrashhandler64+0xf96d5 exception.instruction: div eax exception.module: GoogleCrashHandler64.exe exception.exception_code: 0xc0000094 exception.offset: 1021653 exception.address: 0x4f96d5 registers.esp: 2686620 registers.edi: 2686620 registers.eax: 0 registers.ebp: 2686648 registers.edx: 0 registers.ebx: 5215979 registers.esi: 0 registers.ecx: 2686656	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: googlecrashhandler64+0x1a8e8e @ 0x5a8e8e googlecrashhandler64+0x1a715a @ 0x5a715a googlecrashhandler64+0x291e32 @ 0x691e32 exception.instruction_r: f7 f0 e8 44 37 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: googlecrashhandler64+0xf96d5 exception.instruction: div eax exception.module: GoogleCrashHandler64.exe exception.exception_code: 0xc0000094 exception.offset: 1021653 exception.address: 0x4f96d5 registers.esp: 2686620 registers.edi: 2686620 registers.eax: 0 registers.ebp: 2686648 registers.edx: 0 registers.ebx: 5215979 registers.esi: 0 registers.ecx: 2686656	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: googlecrashhandler64+0x1a8e8e @ 0x5a8e8e googlecrashhandler64+0x1a715a @ 0x5a715a googlecrashhandler64+0x291e32 @ 0x691e32 exception.instruction_r: 0f 0b e8 19 37 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: googlecrashhandler64+0xf9700 exception.instruction: ud2 exception.module: GoogleCrashHandler64.exe exception.exception_code: 0xc000001d exception.offset: 1021696 exception.address: 0x4f9700 registers.esp: 2686620 registers.edi: 2686620 registers.eax: 0 registers.ebp: 2686648 registers.edx: 2 registers.ebx: 5215979 registers.esi: 0 registers.ecx: 2686656	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: googlecrashhandler64+0x1a8660 @ 0x5a8660 googlecrashhandler64+0x1a715a @ 0x5a715a googlecrashhandler64+0x291e32 @ 0x691e32 exception.instruction_r: ed 68 8a 06 14 21 e9 bc a6 ff ff b0 53 b9 34 68 exception.symbol: googlecrashhandler64+0x1a2d21 exception.instruction: in eax, dx exception.module: GoogleCrashHandler64.exe exception.exception_code: 0xc0000096 exception.offset: 1715489 exception.address: 0x5a2d21 registers.esp: 2686608 registers.edi: 5683876 registers.eax: 1447909480 registers.ebp: 2686636 registers.edx: 22104 registers.ebx: 0 registers.esi: 5682560 registers.ecx: 10	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: googlecrashhandler64+0x1a867d @ 0x5a867d googlecrashhandler64+0x1a715a @ 0x5a715a googlecrashhandler64+0x291e32 @ 0x691e32 exception.instruction_r: 0f 3f 68 d8 48 14 21 e9 cb dd fe ff 72 76 7a 68 exception.symbol: googlecrashhandler64+0x1af611 exception.address: 0x5af611 exception.module: GoogleCrashHandler64.exe exception.exception_code: 0xc000001d exception.offset: 1766929 registers.esp: 2686608 registers.edi: 5683876 registers.eax: 1 registers.ebp: 2686636 registers.edx: 0 registers.ebx: 0 registers.esi: 5682560 registers.ecx: 0	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: googlecrashhandler64+0x1a9051 @ 0x5a9051 googlecrashhandler64+0x1a715a @ 0x5a715a googlecrashhandler64+0x291e32 @ 0x691e32 exception.instruction_r: f7 f0 e8 44 37 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: googlecrashhandler64+0xf96d5 exception.instruction: div eax exception.module: GoogleCrashHandler64.exe exception.exception_code: 0xc0000094 exception.offset: 1021653 exception.address: 0x4f96d5 registers.esp: 2686620 registers.edi: 5683876 registers.eax: 0 registers.ebp: 2686648 registers.edx: 0 registers.ebx: 4 registers.esi: 4294967295 registers.ecx: 3977992627	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: googlecrashhandler64+0x1a9051 @ 0x5a9051 googlecrashhandler64+0x1a715a @ 0x5a715a googlecrashhandler64+0x291e32 @ 0x691e32 exception.instruction_r: 0f 0b e8 19 37 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: googlecrashhandler64+0xf9700 exception.instruction: ud2 exception.module: GoogleCrashHandler64.exe exception.exception_code: 0xc000001d exception.offset: 1021696 exception.address: 0x4f9700 registers.esp: 2686620 registers.edi: 2686620 registers.eax: 0 registers.ebp: 2686648 registers.edx: 2 registers.ebx: 5215979 registers.esi: 0 registers.ecx: 2686656	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: googlecrashhandler64+0x1a9051 @ 0x5a9051 googlecrashhandler64+0x1a715a @ 0x5a715a googlecrashhandler64+0x291e32 @ 0x691e32 exception.instruction_r: 0f 0b e8 19 37 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: googlecrashhandler64+0xf9700 exception.instruction: ud2 exception.module: GoogleCrashHandler64.exe exception.exception_code: 0xc000001d exception.offset: 1021696 exception.address: 0x4f9700 registers.esp: 2686620 registers.edi: 2686620 registers.eax: 0 registers.ebp: 2686648 registers.edx: 2 registers.ebx: 5216022 registers.esi: 0 registers.ecx: 2686656	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: googlecrashhandler64+0x1a9051 @ 0x5a9051 googlecrashhandler64+0x1a715a @ 0x5a715a googlecrashhandler64+0x291e32 @ 0x691e32 exception.instruction_r: f7 f0 e8 44 37 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: googlecrashhandler64+0xf96d5 exception.instruction: div eax exception.module: GoogleCrashHandler64.exe exception.exception_code: 0xc0000094 exception.offset: 1021653 exception.address: 0x4f96d5 registers.esp: 2686620 registers.edi: 2686620 registers.eax: 0 registers.ebp: 2686648 registers.edx: 0 registers.ebx: 5216022 registers.esi: 0 registers.ecx: 2686656	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: googlecrashhandler64+0x1a9051 @ 0x5a9051 googlecrashhandler64+0x1a715a @ 0x5a715a googlecrashhandler64+0x291e32 @ 0x691e32 exception.instruction_r: 0f 0b e8 19 37 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: googlecrashhandler64+0xf9700 exception.instruction: ud2 exception.module: GoogleCrashHandler64.exe exception.exception_code: 0xc000001d exception.offset: 1021696 exception.address: 0x4f9700 registers.esp: 2686620 registers.edi: 2686620 registers.eax: 0 registers.ebp: 2686648 registers.edx: 2 registers.ebx: 5215979 registers.esi: 0 registers.ecx: 2686656	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: googlecrashhandler64+0x1a914c @ 0x5a914c googlecrashhandler64+0x1a715a @ 0x5a715a googlecrashhandler64+0x291e32 @ 0x691e32 exception.instruction_r: f7 f0 e8 44 37 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: googlecrashhandler64+0xf96d5 exception.instruction: div eax exception.module: GoogleCrashHandler64.exe exception.exception_code: 0xc0000094 exception.offset: 1021653 exception.address: 0x4f96d5 registers.esp: 2686620 registers.edi: 5683876 registers.eax: 0 registers.ebp: 2686648 registers.edx: 0 registers.ebx: 4 registers.esi: 4294967295 registers.ecx: 2450820498	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: googlecrashhandler64+0x1a914c @ 0x5a914c googlecrashhandler64+0x1a715a @ 0x5a715a googlecrashhandler64+0x291e32 @ 0x691e32 exception.instruction_r: f7 f0 e8 44 37 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: googlecrashhandler64+0xf96d5 exception.instruction: div eax exception.module: GoogleCrashHandler64.exe exception.exception_code: 0xc0000094 exception.offset: 1021653 exception.address: 0x4f96d5 registers.esp: 2686620 registers.edi: 2686620 registers.eax: 0 registers.ebp: 2686648 registers.edx: 0 registers.ebx: 5215979 registers.esi: 0 registers.ecx: 2686656	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: googlecrashhandler64+0x1a914c @ 0x5a914c googlecrashhandler64+0x1a715a @ 0x5a715a googlecrashhandler64+0x291e32 @ 0x691e32 exception.instruction_r: f7 f0 e8 44 37 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: googlecrashhandler64+0xf96d5 exception.instruction: div eax exception.module: GoogleCrashHandler64.exe exception.exception_code: 0xc0000094 exception.offset: 1021653 exception.address: 0x4f96d5 registers.esp: 2686620 registers.edi: 2686620 registers.eax: 0 registers.ebp: 2686648 registers.edx: 0 registers.ebx: 5215979 registers.esi: 0 registers.ecx: 2686656	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: googlecrashhandler64+0x1a914c @ 0x5a914c googlecrashhandler64+0x1a715a @ 0x5a715a googlecrashhandler64+0x291e32 @ 0x691e32 exception.instruction_r: f7 f0 e8 44 37 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: googlecrashhandler64+0xf96d5 exception.instruction: div eax exception.module: GoogleCrashHandler64.exe exception.exception_code: 0xc0000094 exception.offset: 1021653 exception.address: 0x4f96d5 registers.esp: 2686620 registers.edi: 2686620 registers.eax: 0 registers.ebp: 2686648 registers.edx: 0 registers.ebx: 5215979 registers.esi: 0 registers.ecx: 2686656	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: googlecrashhandler64+0x1a914c @ 0x5a914c googlecrashhandler64+0x1a715a @ 0x5a715a googlecrashhandler64+0x291e32 @ 0x691e32 exception.instruction_r: f7 f0 e8 44 37 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: googlecrashhandler64+0xf96d5 exception.instruction: div eax exception.module: GoogleCrashHandler64.exe exception.exception_code: 0xc0000094 exception.offset: 1021653 exception.address: 0x4f96d5 registers.esp: 2686620 registers.edi: 2686620 registers.eax: 0 registers.ebp: 2686648 registers.edx: 0 registers.ebx: 5215979 registers.esi: 0 registers.ecx: 2686656	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: googlecrashhandler64+0x1a914c @ 0x5a914c googlecrashhandler64+0x1a715a @ 0x5a715a googlecrashhandler64+0x291e32 @ 0x691e32 exception.instruction_r: 0f 0b e8 19 37 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: googlecrashhandler64+0xf9700 exception.instruction: ud2 exception.module: GoogleCrashHandler64.exe exception.exception_code: 0xc000001d exception.offset: 1021696 exception.address: 0x4f9700 registers.esp: 2686620 registers.edi: 2686620 registers.eax: 0 registers.ebp: 2686648 registers.edx: 2 registers.ebx: 5215979 registers.esi: 0 registers.ecx: 2686656	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: googlecrashhandler64+0x1a914c @ 0x5a914c googlecrashhandler64+0x1a715a @ 0x5a715a googlecrashhandler64+0x291e32 @ 0x691e32 exception.instruction_r: f7 f0 e8 44 37 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: googlecrashhandler64+0xf96d5 exception.instruction: div eax exception.module: GoogleCrashHandler64.exe exception.exception_code: 0xc0000094 exception.offset: 1021653 exception.address: 0x4f96d5 registers.esp: 2686620 registers.edi: 2686620 registers.eax: 0 registers.ebp: 2686648 registers.edx: 0 registers.ebx: 5216022 registers.esi: 0 registers.ecx: 2686656	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: exception.instruction_r: cc 68 7a 5d 14 21 e9 54 c3 fe ff f4 46 ee 18 38 exception.symbol: googlecrashhandler64+0x1b1089 exception.instruction: int3 exception.module: GoogleCrashHandler64.exe exception.exception_code: 0x80000003 exception.offset: 1773705 exception.address: 0x5b1089 registers.esp: 50069268 registers.edi: 38694612 registers.eax: 4 registers.ebp: 1111705675 registers.edx: 0 registers.ebx: 38694696 registers.esi: 11 registers.ecx: 1377566720	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: exception.instruction_r: cc 68 7a 5d 14 21 e9 54 c3 fe ff f4 46 ee 18 38 exception.symbol: googlecrashhandler64+0x1b1089 exception.instruction: int3 exception.module: GoogleCrashHandler64.exe exception.exception_code: 0x80000003 exception.offset: 1773705 exception.address: 0x5b1089 registers.esp: 50069268 registers.edi: 38694612 registers.eax: 4 registers.ebp: 1111705675 registers.edx: 0 registers.ebx: 38694698 registers.esi: 11 registers.ecx: 1377566720	1
__exception__ Dec. 12, 2023, 10:48 a.m.	stacktrace: exception.instruction_r: cc 68 7a 5d 14 21 e9 54 c3 fe ff f4 46 ee 18 38 exception.symbol: googlecrashhandler64+0x1b1089 exception.instruction: int3 exception.module: GoogleCrashHandler64.exe exception.exception_code: 0x80000003 exception.offset: 1773705 exception.address: 0x5b1089 registers.esp: 50069268 registers.edi: 38694612 registers.eax: 4 registers.ebp: 1111705675 registers.edx: 0 registers.ebx: 38694700 registers.esi: 18 registers.ecx: 1377566720	1
__exception__ Dec. 12, 2023, 10:49 a.m.	stacktrace: exception.instruction_r: cc 68 7a 5d 14 21 e9 54 c3 fe ff f4 46 ee 18 38 exception.symbol: googlecrashhandler64+0x1b1089 exception.instruction: int3 exception.module: GoogleCrashHandler64.exe exception.exception_code: 0x80000003 exception.offset: 1773705 exception.address: 0x5b1089 registers.esp: 50069268 registers.edi: 38694612 registers.eax: 4 registers.ebp: 1111705675 registers.edx: 0 registers.ebx: 38694702 registers.esi: 18 registers.ecx: 1377566720	1
__exception__ Dec. 12, 2023, 10:49 a.m.	stacktrace: exception.instruction_r: cc 68 7a 5d 14 21 e9 54 c3 fe ff f4 46 ee 18 38 exception.symbol: googlecrashhandler64+0x1b1089 exception.instruction: int3 exception.module: GoogleCrashHandler64.exe exception.exception_code: 0x80000003 exception.offset: 1773705 exception.address: 0x5b1089 registers.esp: 50069268 registers.edi: 38694612 registers.eax: 4 registers.ebp: 1111705675 registers.edx: 0 registers.ebx: 38694704 registers.esi: 18 registers.ecx: 1377566720	1
__exception__ Dec. 12, 2023, 10:49 a.m.	stacktrace: exception.instruction_r: cc 68 7a 5d 14 21 e9 54 c3 fe ff f4 46 ee 18 38 exception.symbol: googlecrashhandler64+0x1b1089 exception.instruction: int3 exception.module: GoogleCrashHandler64.exe exception.exception_code: 0x80000003 exception.offset: 1773705 exception.address: 0x5b1089 registers.esp: 50069268 registers.edi: 38694612 registers.eax: 4 registers.ebp: 1111705675 registers.edx: 0 registers.ebx: 38694706 registers.esi: 18 registers.ecx: 1377566720	1
__exception__ Dec. 12, 2023, 10:49 a.m.	stacktrace: exception.instruction_r: cc 68 7a 5d 14 21 e9 54 c3 fe ff f4 46 ee 18 38 exception.symbol: googlecrashhandler64+0x1b1089 exception.instruction: int3 exception.module: GoogleCrashHandler64.exe exception.exception_code: 0x80000003 exception.offset: 1773705 exception.address: 0x5b1089 registers.esp: 50069268 registers.edi: 38694612 registers.eax: 4 registers.ebp: 1111705675 registers.edx: 0 registers.ebx: 38694708 registers.esi: 12 registers.ecx: 1377566720	1
__exception__ Dec. 12, 2023, 10:49 a.m.	stacktrace: exception.instruction_r: cc 68 7a 5d 14 21 e9 54 c3 fe ff f4 46 ee 18 38 exception.symbol: googlecrashhandler64+0x1b1089 exception.instruction: int3 exception.module: GoogleCrashHandler64.exe exception.exception_code: 0x80000003 exception.offset: 1773705 exception.address: 0x5b1089 registers.esp: 50069268 registers.edi: 38694612 registers.eax: 4 registers.ebp: 1111705675 registers.edx: 0 registers.ebx: 38694710 registers.esi: 12 registers.ecx: 1377566720	1
__exception__ Dec. 12, 2023, 10:49 a.m.	stacktrace: exception.instruction_r: cc 68 7a 5d 14 21 e9 54 c3 fe ff f4 46 ee 18 38 exception.symbol: googlecrashhandler64+0x1b1089 exception.instruction: int3 exception.module: GoogleCrashHandler64.exe exception.exception_code: 0x80000003 exception.offset: 1773705 exception.address: 0x5b1089 registers.esp: 50069268 registers.edi: 38694612 registers.eax: 4 registers.ebp: 1111705675 registers.edx: 0 registers.ebx: 38694712 registers.esi: 12 registers.ecx: 1377566720	1
__exception__ Dec. 12, 2023, 10:49 a.m.	stacktrace: exception.instruction_r: cc 68 7a 5d 14 21 e9 54 c3 fe ff f4 46 ee 18 38 exception.symbol: googlecrashhandler64+0x1b1089 exception.instruction: int3 exception.module: GoogleCrashHandler64.exe exception.exception_code: 0x80000003 exception.offset: 1773705 exception.address: 0x5b1089 registers.esp: 50069268 registers.edi: 38694612 registers.eax: 4 registers.ebp: 1111705675 registers.edx: 0 registers.ebx: 38694714 registers.esi: 12 registers.ecx: 1377566720	1
__exception__ Dec. 12, 2023, 10:49 a.m.	stacktrace: exception.instruction_r: cc 68 7a 5d 14 21 e9 54 c3 fe ff f4 46 ee 18 38 exception.symbol: googlecrashhandler64+0x1b1089 exception.instruction: int3 exception.module: GoogleCrashHandler64.exe exception.exception_code: 0x80000003 exception.offset: 1773705 exception.address: 0x5b1089 registers.esp: 50069268 registers.edi: 38694612 registers.eax: 4 registers.ebp: 1111705675 registers.edx: 0 registers.ebx: 38694716 registers.esi: 12 registers.ecx: 1377566720	1
__exception__ Dec. 12, 2023, 10:49 a.m.	stacktrace: exception.instruction_r: cc 68 7a 5d 14 21 e9 54 c3 fe ff f4 46 ee 18 38 exception.symbol: googlecrashhandler64+0x1b1089 exception.instruction: int3 exception.module: GoogleCrashHandler64.exe exception.exception_code: 0x80000003 exception.offset: 1773705 exception.address: 0x5b1089 registers.esp: 50069268 registers.edi: 38694612 registers.eax: 4 registers.ebp: 1111705675 registers.edx: 0 registers.ebx: 38694718 registers.esi: 12 registers.ecx: 1377566720	1
__exception__ Dec. 12, 2023, 10:49 a.m.	stacktrace: exception.instruction_r: cc 68 7a 5d 14 21 e9 54 c3 fe ff f4 46 ee 18 38 exception.symbol: googlecrashhandler64+0x1b1089 exception.instruction: int3 exception.module: GoogleCrashHandler64.exe exception.exception_code: 0x80000003 exception.offset: 1773705 exception.address: 0x5b1089 registers.esp: 50069268 registers.edi: 38694612 registers.eax: 4 registers.ebp: 1111705675 registers.edx: 0 registers.ebx: 38694720 registers.esi: 12 registers.ecx: 1377566720	1
__exception__ Dec. 12, 2023, 10:49 a.m.	stacktrace: exception.instruction_r: cc 68 7a 5d 14 21 e9 54 c3 fe ff f4 46 ee 18 38 exception.symbol: googlecrashhandler64+0x1b1089 exception.instruction: int3 exception.module: GoogleCrashHandler64.exe exception.exception_code: 0x80000003 exception.offset: 1773705 exception.address: 0x5b1089 registers.esp: 50069268 registers.edi: 38694612 registers.eax: 4 registers.ebp: 1111705675 registers.edx: 0 registers.ebx: 38694722 registers.esi: 12 registers.ecx: 1377566720	1

Allocates read-write-execute memory (usually to unpack itself) (50 out of 1452 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02260000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02490000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00910000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00920000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02494000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024a4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 147456 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024a4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024c4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024d4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024d4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024d4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024d8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024d8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024d8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024d8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024d8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024d8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024d8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024e8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 1064960 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02720000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024e8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024fc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024e8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024fc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024e8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024fc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024e8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024fc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024e8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024fc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024e8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024fc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024e8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024fc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024e8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024fc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024e8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024fc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024e8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024fc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024e8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024fc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024e8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024fc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024e8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024fc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024e8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024fc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2023, 10:48 a.m.	process_identifier: 2052 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024e8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

A process attempted to delay the analysis task. (1 event)

description

GoogleCrashHandler64.exe tried to sleep 236 seconds, actually delayed analysis time by 236 seconds

Creates executable files on the filesystem (2 events)

file	C:\Users\test22\AppData\Local\Temp\20523LC1.bat
file	c:\Users\test22\AppData\Local\Temp\dlIhost.exe

Creates a suspicious process (1 event)

cmdline

cmd.exe /c ""C:\Users\test22\AppData\Local\Temp\20523LC1.bat" "C:\Users\test22\AppData\Local\Temp\GoogleCrashHandler64.exe" "

Drops a binary and executes it (1 event)

file	C:\Users\test22\AppData\Local\Temp\dlIhost.exe

Executes one or more WMI queries (1 event)

wmi	SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (10 events)

Time & API	Arguments	Status	Return
Process32NextW Dec. 12, 2023, 10:48 a.m.	snapshot_handle: 0x00000148 process_name: mobsync.exe process_identifier: 1044	1	1
Process32NextW Dec. 12, 2023, 10:48 a.m.	snapshot_handle: 0x00000148 process_name: pw.exe process_identifier: 1904	1	1
Process32NextW Dec. 12, 2023, 10:48 a.m.	snapshot_handle: 0x00000148 process_name: taskhost.exe process_identifier: 2004	1	1
Process32NextW Dec. 12, 2023, 10:48 a.m.	snapshot_handle: 0x00000148 process_name: wsqmcons.exe process_identifier: 1156	1	1
Process32NextW Dec. 12, 2023, 10:48 a.m.	snapshot_handle: 0x00000148 process_name: sdclt.exe process_identifier: 1208	1	1
Process32NextW Dec. 12, 2023, 10:48 a.m.	snapshot_handle: 0x00000148 process_name: conhost.exe process_identifier: 1020	1	1
Process32NextW Dec. 12, 2023, 10:48 a.m.	snapshot_handle: 0x00000148 process_name: SearchProtocolHost.exe process_identifier: 1096	1	1
Process32NextW Dec. 12, 2023, 10:48 a.m.	snapshot_handle: 0x00000148 process_name: SearchFilterHost.exe process_identifier: 940	1	1
Process32NextW Dec. 12, 2023, 10:48 a.m.	snapshot_handle: 0x00000148 process_name: pw.exe process_identifier: 108	1	1
Process32NextW Dec. 12, 2023, 10:48 a.m.	snapshot_handle: 0x00000148 process_name: GoogleCrashHandler64.exe process_identifier: 2052	1	1

The binary likely contains encrypted or compressed data indicative of a packer (6 events)

section

{u'size_of_data': u'0x00004c00', u'virtual_address': u'0x00001000', u'entropy': 7.966686520940189, u'name': u'', u'virtual_size': u'0x00009000'}

entropy

7.96668652094

description