Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 10, 2024, 10:20 a.m.	Sept. 10, 2024, 10:22 a.m.

Size	1.8MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`fb715bbfab832a6a7b4e05fc94a74b88`
SHA256	`9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377`
CRC32	`03126F7B`
ssdeep	`49152:iFLxjtwooQXHsWuWelM0BqO1EeGqGC+AZ6k93xbr:iVxje+HsWuWSEeGqB+AZxx`
Yara	themida_packer - themida packer PE_Header_Zero - PE File Signature IsPE32 - (no description)

burda.exe "C:\Users\test22\AppData\Local\Temp\burda.exe"
2556
- svoutse.exe "C:\Users\test22\AppData\Local\Temp\0e8d0864aa\svoutse.exe"
  2820
  - d01ff2ef0c.exe "C:\Users\test22\AppData\Roaming\1000026000\d01ff2ef0c.exe"
    3016
  - 3af585230f.exe "C:\Users\test22\AppData\Local\Temp\1000030001\3af585230f.exe"
    3064
  - 7556dae5b5.exe "C:\Users\test22\AppData\Local\Temp\1000036001\7556dae5b5.exe"
    1384
    - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --kiosk --disable-features=TranslateUI --disable-infobars --no-first-run --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
      1484
      - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef445f1e8,0x7fef445f1f8,0x7fef445f208
        1400
      - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=1264 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
        2320
    - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --kiosk --disable-features=TranslateUI --disable-infobars --no-first-run --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
      2544
      - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef445f1e8,0x7fef445f1f8,0x7fef445f208
        2624
      - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2540 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
        2852
    - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --kiosk --disable-features=TranslateUI --disable-infobars --no-first-run --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
      2676
      - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef445f1e8,0x7fef445f1f8,0x7fef445f208
        2784
      - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2680 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
        3048
    - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --kiosk --disable-features=TranslateUI --disable-infobars --no-first-run --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
      232
      - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef445f1e8,0x7fef445f1f8,0x7fef445f208
        536
      - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=648 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
        2112
    - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --kiosk --disable-features=TranslateUI --disable-infobars --no-first-run --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
      2136
      - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef445f1e8,0x7fef445f1f8,0x7fef445f208
        2272
      - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=152 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
        2804
    - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --kiosk --disable-features=TranslateUI --disable-infobars --no-first-run --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
      2572
      - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef445f1e8,0x7fef445f1f8,0x7fef445f208
        2640
      - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2576 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
        2064
    - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --kiosk --disable-features=TranslateUI --disable-infobars --no-first-run --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
      1512
      - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef445f1e8,0x7fef445f1f8,0x7fef445f208
        1096
      - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=676 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
        3216
    - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --kiosk --disable-features=TranslateUI --disable-infobars --no-first-run --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
      3088
      - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef445f1e8,0x7fef445f1f8,0x7fef445f208
        3564
      - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3092 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
        3712
    - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --kiosk --disable-features=TranslateUI --disable-infobars --no-first-run --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
      3608
      - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef445f1e8,0x7fef445f1f8,0x7fef445f208
        3744
      - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3612 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
        3884
    - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --kiosk --disable-features=TranslateUI --disable-infobars --no-first-run --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
      3820
      - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef445f1e8,0x7fef445f1f8,0x7fef445f208
        3956
      - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3824 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
        3188
    - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --kiosk --disable-features=TranslateUI --disable-infobars --no-first-run --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
      4032
      - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef445f1e8,0x7fef445f1f8,0x7fef445f208
        3576
      - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=4036 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
        3428
    - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --kiosk --disable-features=TranslateUI --disable-infobars --no-first-run --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
      3976
      - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef445f1e8,0x7fef445f1f8,0x7fef445f208
        4052
      - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3972 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
        4272
    - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --kiosk --disable-features=TranslateUI --disable-infobars --no-first-run --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
      1040
      - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef445f1e8,0x7fef445f1f8,0x7fef445f208
        4380
      - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=1268 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
        4812
    - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --kiosk --disable-features=TranslateUI --disable-infobars --no-first-run --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
      4648
      - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef445f1e8,0x7fef445f1f8,0x7fef445f208
        4764
      - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=4652 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
        3840
    - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --kiosk --disable-features=TranslateUI --disable-infobars --no-first-run --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
      4820
      - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef445f1e8,0x7fef445f1f8,0x7fef445f208
        4912
      - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=4824 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
        5304
    - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --kiosk --disable-features=TranslateUI --disable-infobars --no-first-run --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
      4624
      - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef445f1e8,0x7fef445f1f8,0x7fef445f208
        5164
      - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=4808 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
        5776
    - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --kiosk --disable-features=TranslateUI --disable-infobars --no-first-run --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
      5492
      - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef445f1e8,0x7fef445f1f8,0x7fef445f208
        5880
    - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --kiosk --disable-features=TranslateUI --disable-infobars --no-first-run --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
      5804
explorer.exe C:\Windows\Explorer.EXE
1452

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
185.215.113.16	Active	Moloch
31.41.244.10	Active	Moloch
31.41.244.11	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 31.41.244.11:80 -> 192.168.56.101:49165	2400001	ET DROP Spamhaus DROP Listed Traffic Inbound group 2	Misc Attack
TCP 185.215.113.16:80 -> 192.168.56.101:49170	2400032	ET DROP Spamhaus DROP Listed Traffic Inbound group 33	Misc Attack
TCP 192.168.56.101:49170 -> 185.215.113.16:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 185.215.113.16:80 -> 192.168.56.101:49170	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 185.215.113.16:80 -> 192.168.56.101:49170	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 185.215.113.16:80 -> 192.168.56.101:49170	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 31.41.244.10:80 -> 192.168.56.101:49167	2400001	ET DROP Spamhaus DROP Listed Traffic Inbound group 2	Misc Attack
TCP 192.168.56.101:49167 -> 31.41.244.10:80	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	A Network Trojan was detected
TCP 192.168.56.101:49167 -> 31.41.244.10:80	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 31.41.244.11:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 31.41.244.11:80 -> 192.168.56.101:49165	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 31.41.244.11:80 -> 192.168.56.101:49165	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 31.41.244.11:80 -> 192.168.56.101:49165	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.101:49167 -> 31.41.244.10:80	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	A Network Trojan was detected
TCP 192.168.56.101:49168 -> 31.41.244.11:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (50 out of 395 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Sept. 10, 2024, 10:20 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:20 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:20 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:20 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:20 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:20 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:20 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:20 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:20 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:20 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:20 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:20 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:20 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:20 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:20 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:20 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:20 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:20 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:20 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:20 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:20 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:20 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:20 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:20 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:21 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:21 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:21 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:21 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:21 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:21 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:21 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:21 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:21 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:21 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:21 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:21 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:21 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:21 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:21 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:21 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:21 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:21 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:21 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:22 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:22 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:22 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:22 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:22 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:22 a.m.			0	0
IsDebuggerPresent Sept. 10, 2024, 10:22 a.m.			0	0

Tries to locate where the browsers are installed (1 event)

file	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

The executable contains unknown PE section names indicative of a packer (could be a false positive) (6 events)

section	\x00
section	.idata
section
section	njatrkmo
section	fpnjveca
section	.taggant

One or more processes crashed (50 out of 227 events)

Time & API	Arguments	Status
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: fb e9 4e 01 00 00 60 8b 74 24 24 8b 7c 24 28 fc exception.symbol: burda+0x3230b9 exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 3289273 exception.address: 0x4830b9 registers.esp: 9567724 registers.edi: 0 registers.eax: 1 registers.ebp: 9567740 registers.edx: 6471680 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 50 b8 27 50 ff 52 e9 b1 03 00 00 81 c4 04 00 exception.symbol: burda+0x6d546 exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 447814 exception.address: 0x1cd546 registers.esp: 9567688 registers.edi: 1968898280 registers.eax: 27163 registers.ebp: 3991908372 registers.edx: 1887724 registers.ebx: 1983447744 registers.esi: 3 registers.ecx: 1969094656	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 68 d2 1b f2 61 89 04 24 89 14 24 c7 04 24 a9 exception.symbol: burda+0x6d1ae exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 446894 exception.address: 0x1cd1ae registers.esp: 9567692 registers.edi: 238825 registers.eax: 27163 registers.ebp: 3991908372 registers.edx: 1890867 registers.ebx: 1983447744 registers.esi: 0 registers.ecx: 1969094656	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 55 e9 ad 00 00 00 ff 34 24 5f e9 54 00 00 00 exception.symbol: burda+0x6e521 exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 451873 exception.address: 0x1ce521 registers.esp: 9567688 registers.edi: 238825 registers.eax: 26935 registers.ebp: 3991908372 registers.edx: 1890867 registers.ebx: 1892182 registers.esi: 0 registers.ecx: 1864678313	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 31 f6 ff 34 1e e9 c2 f9 ff ff 81 f6 49 6b ff exception.symbol: burda+0x6e777 exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 452471 exception.address: 0x1ce777 registers.esp: 9567692 registers.edi: 238825 registers.eax: 26935 registers.ebp: 3991908372 registers.edx: 1890867 registers.ebx: 1919117 registers.esi: 0 registers.ecx: 1864678313	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 51 e9 85 fe ff ff bd 04 00 00 00 e9 80 03 00 exception.symbol: burda+0x6e17b exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 450939 exception.address: 0x1ce17b registers.esp: 9567692 registers.edi: 1259 registers.eax: 26935 registers.ebp: 3991908372 registers.edx: 1890867 registers.ebx: 1919117 registers.esi: 4294943036 registers.ecx: 1864678313	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 1c 24 83 ec 04 89 34 24 exception.symbol: burda+0x1f6bd3 exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2059219 exception.address: 0x356bd3 registers.esp: 9567692 registers.edi: 1927311 registers.eax: 31949 registers.ebp: 3991908372 registers.edx: 2130566132 registers.ebx: 61408169 registers.esi: 3482005 registers.ecx: 3530801	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 0c 24 55 bd 49 81 f5 23 exception.symbol: burda+0x1f671c exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2058012 exception.address: 0x35671c registers.esp: 9567692 registers.edi: 0 registers.eax: 31949 registers.ebp: 3991908372 registers.edx: 2130566132 registers.ebx: 61408169 registers.esi: 394985 registers.ecx: 3502065	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 56 55 bd 54 0e af 5f be 85 56 8a 95 81 ee a3 exception.symbol: burda+0x1f917e exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2068862 exception.address: 0x35917e registers.esp: 9567692 registers.edi: 202985 registers.eax: 26571 registers.ebp: 3991908372 registers.edx: 4294943360 registers.ebx: 3505148 registers.esi: 3536045 registers.ecx: 14014	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 0c 24 89 34 24 57 c7 04 24 89 bc exception.symbol: burda+0x2002da exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2097882 exception.address: 0x3602da registers.esp: 9567688 registers.edi: 11677199 registers.eax: 26696 registers.ebp: 3991908372 registers.edx: 1164080342 registers.ebx: 3505148 registers.esi: 3536045 registers.ecx: 3537616	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 56 e9 8c 05 00 00 5a 33 34 24 31 34 24 33 34 exception.symbol: burda+0x1ffb91 exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2096017 exception.address: 0x35fb91 registers.esp: 9567692 registers.edi: 11677199 registers.eax: 26696 registers.ebp: 3991908372 registers.edx: 1164080342 registers.ebx: 4294943296 registers.esi: 1114345 registers.ecx: 3564312	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 56 c7 04 24 e2 cd fe 4a exception.symbol: burda+0x202890 exception.instruction: in eax, dx exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2107536 exception.address: 0x362890 registers.esp: 9567684 registers.edi: 11677199 registers.eax: 1447909480 registers.ebp: 3991908372 registers.edx: 22104 registers.ebx: 1969033397 registers.esi: 3544476 registers.ecx: 20	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: 0f 3f 07 0b 64 8f 05 00 00 00 00 83 c4 04 83 fb exception.symbol: burda+0x204476 exception.address: 0x364476 exception.module: burda.exe exception.exception_code: 0xc000001d exception.offset: 2114678 registers.esp: 9567684 registers.edi: 11677199 registers.eax: 1 registers.ebp: 3991908372 registers.edx: 22104 registers.ebx: 0 registers.esi: 3544476 registers.ecx: 20	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: ed 81 fb 68 58 4d 56 75 0a c7 85 98 2b 2d 12 01 exception.symbol: burda+0x2051b5 exception.instruction: in eax, dx exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2118069 exception.address: 0x3651b5 registers.esp: 9567684 registers.edi: 11677199 registers.eax: 1447909480 registers.ebp: 3991908372 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 3544476 registers.ecx: 10	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 56 e9 48 fa ff ff 57 bf 1d 86 dd 6a b9 e6 ce exception.symbol: burda+0x20a5c5 exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2139589 exception.address: 0x36a5c5 registers.esp: 9567688 registers.edi: 11677199 registers.eax: 3579600 registers.ebp: 3991908372 registers.edx: 2130566132 registers.ebx: 72061687 registers.esi: 10 registers.ecx: 2124349440	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 29 f6 ff 34 06 ff 34 24 59 68 ec 46 c3 22 89 exception.symbol: burda+0x20a6e3 exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2139875 exception.address: 0x36a6e3 registers.esp: 9567692 registers.edi: 11677199 registers.eax: 3606238 registers.ebp: 3991908372 registers.edx: 2130566132 registers.ebx: 72061687 registers.esi: 10 registers.ecx: 2124349440	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb e9 20 00 00 00 01 ca ff 34 24 e9 93 fa ff ff exception.symbol: burda+0x20a515 exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2139413 exception.address: 0x36a515 registers.esp: 9567692 registers.edi: 11677199 registers.eax: 3606238 registers.ebp: 3991908372 registers.edx: 2130566132 registers.ebx: 72061687 registers.esi: 4294943192 registers.ecx: 4135670624	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: cd 01 eb 00 6a 00 57 e8 03 00 00 00 20 5f c3 5f exception.symbol: burda+0x20aafb exception.instruction: int 1 exception.module: burda.exe exception.exception_code: 0xc0000005 exception.offset: 2140923 exception.address: 0x36aafb registers.esp: 9567652 registers.edi: 0 registers.eax: 9567652 registers.ebp: 3991908372 registers.edx: 160888602 registers.ebx: 3582998 registers.esi: 492557361 registers.ecx: 938053954	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 14 24 ba 9d d2 ff 57 b9 c3 17 08 exception.symbol: burda+0x211aff exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2169599 exception.address: 0x371aff registers.esp: 9567692 registers.edi: 3638398 registers.eax: 27744 registers.ebp: 3991908372 registers.edx: 654654 registers.ebx: 492514789 registers.esi: 1597708208 registers.ecx: 3578658	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb e9 62 00 00 00 40 57 bf 10 49 6f 0e 4f 4f 81 exception.symbol: burda+0x212046 exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2170950 exception.address: 0x372046 registers.esp: 9567692 registers.edi: 3638398 registers.eax: 27744 registers.ebp: 3991908372 registers.edx: 2115219816 registers.ebx: 492514789 registers.esi: 1597708208 registers.ecx: 4294942476	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 57 c7 04 24 92 2b ff 6f 8b 3c 24 56 e9 91 00 exception.symbol: burda+0x21a314 exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2204436 exception.address: 0x37a314 registers.esp: 9567692 registers.edi: 1883510 registers.eax: 26167 registers.ebp: 3991908372 registers.edx: 3671391 registers.ebx: 72061909 registers.esi: 1968968720 registers.ecx: 0	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb e9 b1 fa ff ff 81 f7 d3 ac 09 10 e9 12 fd ff exception.symbol: burda+0x21a6f3 exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2205427 exception.address: 0x37a6f3 registers.esp: 9567692 registers.edi: 4294944236 registers.eax: 262633 registers.ebp: 3991908372 registers.edx: 3671391 registers.ebx: 72061909 registers.esi: 1968968720 registers.ecx: 0	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 81 c6 10 fb 5e 5f 57 e9 07 01 00 00 51 b9 46 exception.symbol: burda+0x21d5bc exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2217404 exception.address: 0x37d5bc registers.esp: 9567680 registers.edi: 4294944236 registers.eax: 31044 registers.ebp: 3991908372 registers.edx: 3671391 registers.ebx: 718829625 registers.esi: 3657782 registers.ecx: 1590078472	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 31 c9 81 ec 04 00 00 00 89 1c 24 e9 dd 02 00 exception.symbol: burda+0x21d24c exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2216524 exception.address: 0x37d24c registers.esp: 9567684 registers.edi: 4294944236 registers.eax: 31044 registers.ebp: 3991908372 registers.edx: 3671391 registers.ebx: 718829625 registers.esi: 3688826 registers.ecx: 1590078472	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 68 59 97 f6 12 89 14 24 56 57 e9 22 00 00 00 exception.symbol: burda+0x21da3a exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2218554 exception.address: 0x37da3a registers.esp: 9567684 registers.edi: 4294944236 registers.eax: 1179202795 registers.ebp: 3991908372 registers.edx: 3671391 registers.ebx: 718829625 registers.esi: 3688826 registers.ecx: 4294938928	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb e9 d3 00 00 00 be d1 c5 cf 51 81 ce 78 25 ff exception.symbol: burda+0x222fb0 exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2240432 exception.address: 0x382fb0 registers.esp: 9567684 registers.edi: 3710026 registers.eax: 30945 registers.ebp: 3991908372 registers.edx: 3671391 registers.ebx: 4294950894 registers.esi: 1952 registers.ecx: 7348521	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 56 56 e9 fa 05 00 00 55 81 2c 24 01 eb 9f 4b exception.symbol: burda+0x222ae9 exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2239209 exception.address: 0x382ae9 registers.esp: 9567684 registers.edi: 3682590 registers.eax: 30945 registers.ebp: 3991908372 registers.edx: 0 registers.ebx: 4294950894 registers.esi: 1952 registers.ecx: 607422800	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 34 24 89 3c 24 89 04 24 exception.symbol: burda+0x23219c exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2302364 exception.address: 0x39219c registers.esp: 9567684 registers.edi: 2130566132 registers.eax: 414550880 registers.ebp: 3991908372 registers.edx: 2130566132 registers.ebx: 3769585 registers.esi: 2130570597 registers.ecx: 4294941996	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 81 c2 4b 70 f9 73 e9 65 fa ff ff be e7 68 1d exception.symbol: burda+0x2458d6 exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2382038 exception.address: 0x3a58d6 registers.esp: 9567648 registers.edi: 3814065 registers.eax: 32366 registers.ebp: 3991908372 registers.edx: 3821123 registers.ebx: 13124 registers.esi: 3814212 registers.ecx: 2124349440	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 53 c7 04 24 18 e3 af 16 89 14 24 81 ec 04 00 exception.symbol: burda+0x2459f5 exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2382325 exception.address: 0x3a59f5 registers.esp: 9567652 registers.edi: 3814065 registers.eax: 604292947 registers.ebp: 3991908372 registers.edx: 3824193 registers.ebx: 0 registers.esi: 3814212 registers.ecx: 2124349440	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 55 e9 52 fc ff ff c1 e2 04 81 c2 01 00 00 00 exception.symbol: burda+0x246557 exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2385239 exception.address: 0x3a6557 registers.esp: 9567652 registers.edi: 2179434839 registers.eax: 30964 registers.ebp: 3991908372 registers.edx: 3824193 registers.ebx: 3827601 registers.esi: 3814212 registers.ecx: 0	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb e9 4a 01 00 00 89 e6 81 c6 04 00 00 00 81 ee exception.symbol: burda+0x249aff exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2398975 exception.address: 0x3a9aff registers.esp: 9567652 registers.edi: 1812478275 registers.eax: 3521085792 registers.ebp: 3991908372 registers.edx: 3824193 registers.ebx: 3842397 registers.esi: 67088023 registers.ecx: 0	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 56 be 7a fc bf 77 f7 de 4e e9 0f 03 00 00 5c exception.symbol: burda+0x24bd32 exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2407730 exception.address: 0x3abd32 registers.esp: 9567648 registers.edi: 3990164444 registers.eax: 30333 registers.ebp: 3991908372 registers.edx: 3832689 registers.ebx: 3992958975 registers.esi: 6472904 registers.ecx: 3849314	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb ba 59 22 ff 57 52 89 e2 81 c2 04 00 00 00 83 exception.symbol: burda+0x24c6f9 exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2410233 exception.address: 0x3ac6f9 registers.esp: 9567652 registers.edi: 3990164444 registers.eax: 30333 registers.ebp: 3991908372 registers.edx: 0 registers.ebx: 3992958975 registers.esi: 2256579688 registers.ecx: 3852747	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 55 bd be a3 fd 65 01 ef 5d 81 c7 12 f3 5f 7e exception.symbol: burda+0x2528e0 exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2435296 exception.address: 0x3b28e0 registers.esp: 9567648 registers.edi: 3875161 registers.eax: 31458 registers.ebp: 3991908372 registers.edx: 0 registers.ebx: 65786 registers.esi: 2256579688 registers.ecx: 1971716238	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 68 bb 2f f8 64 e9 09 03 00 00 81 e9 00 b5 ff exception.symbol: burda+0x25229b exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2433691 exception.address: 0x3b229b registers.esp: 9567652 registers.edi: 3877743 registers.eax: 31458 registers.ebp: 3991908372 registers.edx: 0 registers.ebx: 0 registers.esi: 2256579688 registers.ecx: 3939837675	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 57 89 2c 24 c7 04 24 81 1a 77 7f 53 56 e9 38 exception.symbol: burda+0x254f62 exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2445154 exception.address: 0x3b4f62 registers.esp: 9567652 registers.edi: 3990134453 registers.eax: 31554 registers.ebp: 3991908372 registers.edx: 3918026 registers.ebx: 4186519627 registers.esi: 347215199 registers.ecx: 3944785	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 57 83 ec 04 e9 00 00 00 00 89 1c 24 89 2c 24 exception.symbol: burda+0x255734 exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2447156 exception.address: 0x3b5734 registers.esp: 9567652 registers.edi: 3990134453 registers.eax: 157417 registers.ebp: 3991908372 registers.edx: 3888986 registers.ebx: 0 registers.esi: 347215199 registers.ecx: 3944785	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 68 96 ed 3e 59 e9 eb 02 00 00 05 ab 9d 58 35 exception.symbol: burda+0x255c87 exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2448519 exception.address: 0x3b5c87 registers.esp: 9567652 registers.edi: 3990134453 registers.eax: 3917411 registers.ebp: 3991908372 registers.edx: 151225620 registers.ebx: 4294943152 registers.esi: 26732886 registers.ecx: 1144011975	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 81 c6 f5 da e5 5d 03 34 24 e9 fd fd ff ff 87 exception.symbol: burda+0x265b68 exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2513768 exception.address: 0x3c5b68 registers.esp: 9567648 registers.edi: 3932669 registers.eax: 29609 registers.ebp: 3991908372 registers.edx: 2130566132 registers.ebx: 1971716070 registers.esi: 3953477 registers.ecx: 0	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 3c 24 c7 04 24 4e 9d ed exception.symbol: burda+0x265efa exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2514682 exception.address: 0x3c5efa registers.esp: 9567652 registers.edi: 3932669 registers.eax: 29609 registers.ebp: 3991908372 registers.edx: 2130566132 registers.ebx: 1971716070 registers.esi: 3983086 registers.ecx: 0	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 3c 24 e9 00 00 00 00 51 exception.symbol: burda+0x26588d exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2513037 exception.address: 0x3c588d registers.esp: 9567652 registers.edi: 4294940900 registers.eax: 29609 registers.ebp: 3991908372 registers.edx: 2130566132 registers.ebx: 1971716070 registers.esi: 3983086 registers.ecx: 604801362	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 53 c7 04 24 a0 cf 64 7c 81 2c 24 09 c0 3d 6d exception.symbol: burda+0x266a5d exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2517597 exception.address: 0x3c6a5d registers.esp: 9567652 registers.edi: 4294940900 registers.eax: 3959997 registers.ebp: 3991908372 registers.edx: 0 registers.ebx: 607453008 registers.esi: 3983086 registers.ecx: 604801362	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 68 0f 12 1c 40 89 1c 24 89 2c 24 53 bb 3a 75 exception.symbol: burda+0x2781f8 exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2589176 exception.address: 0x3d81f8 registers.esp: 9567648 registers.edi: 4018728 registers.eax: 30166 registers.ebp: 3991908372 registers.edx: 4030204 registers.ebx: 3961235 registers.esi: 3961231 registers.ecx: 2124349440	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 34 24 57 bf 5b 12 ff 7b 81 ef 01 exception.symbol: burda+0x278287 exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2589319 exception.address: 0x3d8287 registers.esp: 9567652 registers.edi: 4018728 registers.eax: 30166 registers.ebp: 3991908372 registers.edx: 4060370 registers.ebx: 3961235 registers.esi: 3961231 registers.ecx: 2124349440	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 53 c7 04 24 4c d6 fb 07 89 1c 24 50 68 00 62 exception.symbol: burda+0x27813d exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2588989 exception.address: 0x3d813d registers.esp: 9567652 registers.edi: 0 registers.eax: 30166 registers.ebp: 3991908372 registers.edx: 4032990 registers.ebx: 3961235 registers.esi: 3961231 registers.ecx: 322689	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 52 e9 23 f5 ff ff 50 b8 c4 7c 64 3d 25 3c 8e exception.symbol: burda+0x286079 exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2646137 exception.address: 0x3e6079 registers.esp: 9567648 registers.edi: 3725110 registers.eax: 32972 registers.ebp: 3991908372 registers.edx: 4084734 registers.ebx: 4062638 registers.esi: 7913736 registers.ecx: 3704483	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 56 e9 85 00 00 00 47 55 bd 34 43 e3 57 51 b9 exception.symbol: burda+0x285899 exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2644121 exception.address: 0x3e5899 registers.esp: 9567652 registers.edi: 3725110 registers.eax: 32972 registers.ebp: 3991908372 registers.edx: 4117706 registers.ebx: 4062638 registers.esi: 7913736 registers.ecx: 3704483	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 68 30 38 1f 7e 89 1c 24 e9 be 01 00 00 57 53 exception.symbol: burda+0x28545c exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2643036 exception.address: 0x3e545c registers.esp: 9567652 registers.edi: 0 registers.eax: 32972 registers.ebp: 3991908372 registers.edx: 4088258 registers.ebx: 4062638 registers.esi: 7913736 registers.ecx: 322689	1
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: fb 52 89 e2 55 68 db d0 15 64 89 1c 24 bb b9 d0 exception.symbol: burda+0x286a2a exception.instruction: sti exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2648618 exception.address: 0x3e6a2a registers.esp: 9567652 registers.edi: 4294940012 registers.eax: 1015633237 registers.ebp: 3991908372 registers.edx: 295031028 registers.ebx: 4118506 registers.esi: 7913736 registers.ecx: 1349352868	1

HTTP traffic contains suspicious features which may be indicative of malware related traffic (3 events)

suspicious_features	POST method with no referer header, POST method with no useragent header, Connection to IP address	suspicious_request	POST http://31.41.244.10/Dem7kTu/index.php
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://31.41.244.11/steam/random.exe
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://185.215.113.16/well/random.exe

Performs some HTTP requests (3 events)

request	POST http://31.41.244.10/Dem7kTu/index.php
request	GET http://31.41.244.11/steam/random.exe
request	GET http://185.215.113.16/well/random.exe

Sends data using the HTTP POST Method (1 event)

request

POST http://31.41.244.10/Dem7kTu/index.php

Allocates read-write-execute memory (usually to unpack itself) (50 out of 112 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76faf000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76f20000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 188416 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00161000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2556 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00980000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2556 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x009d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2556 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a60000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2556 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a70000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2556 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a80000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2556 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b10000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2556 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c20000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2556 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2556 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2556 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x025c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2556 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x025d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2556 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x025e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2556 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x025f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2556 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02780000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2556 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02790000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2556 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02820000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2556 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02830000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2556 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02980000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2556 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02a50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2556 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02a60000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2556 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02c70000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2556 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a80000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2556 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a80000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2556 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a80000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2556 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a80000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2556 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a80000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73402000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2556 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03210000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:14 a.m.	process_identifier: 1452 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000004170000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2820 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76faf000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2820 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76f20000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2820 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 188416 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00e51000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2820 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00430000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2820 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00510000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2820 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00520000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2820 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2820 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00aa0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2820 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ab0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2820 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2820 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2820 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c60000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2820 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c70000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2820 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00cc0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2820 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00cd0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2820 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00e20000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2820 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00e30000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 10, 2024, 10:20 a.m.	process_identifier: 2820 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00e40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

An application raised an exception which may be indicative of an exploit crash (10 events)

Time & API	Arguments	Status	Return	Repeated
Application Crash	Process chrome.exe with pid 1484 crashed
Application Crash	Process chrome.exe with pid 2544 crashed
Application Crash	Process chrome.exe with pid 2676 crashed
Application Crash	Process chrome.exe with pid 3088 crashed
Application Crash	Process chrome.exe with pid 3608 crashed
__exception__ Sept. 10, 2024, 10:14 a.m.	stacktrace: 0x4b4cf0 0x422e0a 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: c0 4c 4b 00 00 00 00 00 20 4d 4b 00 00 00 00 00 exception.instruction: ror byte ptr [rbx + rcx*2], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4b4cf0 registers.r14: 192671552 registers.r15: 192671992 registers.rcx: 1004 registers.rsi: 17302540 registers.r10: 0 registers.rbx: 109943216 registers.rsp: 192670728 registers.r11: 192675248 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 1448 registers.r12: 32295744 registers.rbp: 192670864 registers.rdi: 32209456 registers.rax: 4337152 registers.r13: 192671424	1	0	0
__exception__ Sept. 10, 2024, 10:14 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 184348832 registers.r15: 184349272 registers.rcx: 1332 registers.rsi: 17302540 registers.r10: 0 registers.rbx: 107026848 registers.rsp: 184347992 registers.r11: 184352528 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 1192 registers.r12: 31312704 registers.rbp: 184348144 registers.rdi: 31226416 registers.rax: 30748160 registers.r13: 184348704	1	0	0
__exception__ Sept. 10, 2024, 10:14 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 188738592 registers.r15: 188739032 registers.rcx: 1244 registers.rsi: 17302540 registers.r10: 0 registers.rbx: 78462432 registers.rsp: 188737752 registers.r11: 188742288 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 1304 registers.r12: 32426816 registers.rbp: 188737904 registers.rdi: 32340528 registers.rax: 3812864 registers.r13: 188738464	1	0	0
__exception__ Sept. 10, 2024, 10:15 a.m.	stacktrace: 0x4a2e04 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: ff 15 16 1f 09 00 ff 25 00 00 00 00 aa a4 c1 76 exception.instruction: call qword ptr [rip + 0x91f16] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4a2e04 registers.r14: 186707344 registers.r15: 186707784 registers.rcx: 1212 registers.rsi: 17302540 registers.r10: 0 registers.rbx: 112046416 registers.rsp: 186706520 registers.r11: 186711040 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 1356 registers.r12: 33213248 registers.rbp: 186706656 registers.rdi: 33126960 registers.rax: 4861440 registers.r13: 186707216	1	0	0
__exception__ Sept. 10, 2024, 10:15 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 191097648 registers.r15: 191098088 registers.rcx: 1320 registers.rsi: 17302540 registers.r10: 0 registers.rbx: 108115328 registers.rsp: 191096808 registers.r11: 191101344 registers.r8: 1994752396 registers.r9: 0 registers.rdx: 1336 registers.r12: 32885568 registers.rbp: 191096960 registers.rdi: 32799280 registers.rax: 30748160 registers.r13: 191097520	1	0	0

Steals private information from local Internet browsers (48 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-66E02B83-9F0.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-66E02B97-E8.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-spare.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-66E02BBB-EEC.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom Prefix Set
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing IP Blacklist
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\old_GPUCache_000
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-66E02BAE-5E8.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-66E02BD4-F88.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Module Whitelist
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeFilenameClientIncident.store
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Side-Effect Free Whitelist
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing UwS List Prefix Set
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Inclusion Whitelist
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Csd Whitelist
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics-active.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-66E02BAA-C10.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-63327DF3-A54.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Resource Blacklist
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-66E02B7F-5CC.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-66E02B87-A74.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Extension Blacklist
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\First Run
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\reports
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-66E02BDE-FC0.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Download Whitelist
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-66E02BBB-E18.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Download
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-66E02B9E-A0C.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_2
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing UwS List
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-66E02BA4-858.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\metadata
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing\AnyIpMalware.store
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_3

Creates executable files on the filesystem (3 events)

file	C:\Users\test22\AppData\Local\Temp\1000030001\3af585230f.exe
file	C:\Users\test22\AppData\Local\Temp\1000036001\7556dae5b5.exe
file	C:\Users\test22\AppData\Roaming\1000026000\d01ff2ef0c.exe

Drops a binary and executes it (3 events)

file	C:\Users\test22\AppData\Local\Temp\0e8d0864aa\svoutse.exe
file	C:\Users\test22\AppData\Roaming\1000026000\d01ff2ef0c.exe
file	C:\Users\test22\AppData\Local\Temp\1000036001\7556dae5b5.exe

Drops an executable to the user AppData folder (3 events)

file	C:\Users\test22\AppData\Local\Temp\1000036001\7556dae5b5.exe
file	C:\Users\test22\AppData\Roaming\1000026000\d01ff2ef0c.exe
file	C:\Users\test22\AppData\Local\Temp\0e8d0864aa\svoutse.exe

A process created a hidden window (4 events)

Time & API	Arguments	Status	Return
ShellExecuteExW Sept. 10, 2024, 10:20 a.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Local\Temp\0e8d0864aa\svoutse.exe parameters: filepath: C:\Users\test22\AppData\Local\Temp\0e8d0864aa\svoutse.exe	1	1
ShellExecuteExW Sept. 10, 2024, 10:20 a.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Roaming\1000026000\d01ff2ef0c.exe parameters: filepath: C:\Users\test22\AppData\Roaming\1000026000\d01ff2ef0c.exe	1	1
ShellExecuteExW Sept. 10, 2024, 10:20 a.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Local\Temp\1000030001\3af585230f.exe parameters: filepath: C:\Users\test22\AppData\Local\Temp\1000030001\3af585230f.exe	1	1
ShellExecuteExW Sept. 10, 2024, 10:20 a.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Local\Temp\1000036001\7556dae5b5.exe parameters: filepath: C:\Users\test22\AppData\Local\Temp\1000036001\7556dae5b5.exe	1	1

An executable file was downloaded by the process svoutse.exe (3 events)

Time & API	Arguments	Status	Return
InternetReadFile Sept. 10, 2024, 10:20 a.m.	buffer: MZÿÿ¸@ðº´ Í!¸LÍ!This program cannot be run in DOS mode. $ky64/Xg/Xg/Xg@nóg4Xg@nÆg6Xg@nòg@Xg&`Ëg(Xg/Yg©Xg@n÷g.Xg@nÂg.Xg@nÅg.XgRich/XgPEL²Ýdà ðòi@ ì×óP\óhN@ø.text\|îð `.dataÎzô@À.hupakaÐn@@.tikFàr@@.turigap@@.rsrc@@úú\|ú°ú¼õÌõäõøõö$ö>öRöjöxööö®öÄöàöôö÷÷"÷0÷D÷T÷h÷\|÷÷¤÷Â÷Ø÷î÷øø.ø¤õ^ønøøø¨ø¼øÐøæøôøùù(ù<ùPùpùùù²ùÀùÐùÜù`þPþ<þnþ*þþõõjõDøTõÆúÜúèúôúûû&û<ûNûZûdûpûûûû¦û¼ûØûöû üü:üHüVübürüzüüüÀüÎüæüøüý(ýBý\ývýý¦ý¼ýÌýÞýðýþý þ^úFú8ú,úúúþùPúïb@^p@²~@·@¬@;@1Ah@$O@Â^@^@Unknown exceptionð?ð?33ÿHH:mm:ssdddd, MMMM dd, yyyyMM/dd/yyPMAMDecemberNovemberOctoberSeptemberAugustJulyJuneAprilMarchFebruaryJanuaryDecNovOctSepAugJulJunMayAprMarFebJanSaturdayFridayThursdayWednesdayTuesdayMondaySundaySatFriThuWedTueMonSunHH:mm:ssdddd, MMMM dd, yyyyMM/dd/yyPMAMDecemberNovemberOctoberSeptemberAugustJulyJuneAprilMarchFebruaryJanuaryDecNovOctSepAugJulJunMayAprMarFebJanSaturdayFridayThursdayWednesdayTuesdayMondaySundaySatFriThuWedTueMonSunKERNEL32.DLLFlsFreeFlsSetValueFlsGetValueFlsAlloclO@Æz@ððÿà ÿÀÀÿÊòIqÊòIñ`B¢ `B¢YóøÂn¥YóøÂn¥tancossinmodffloorceilatanexp10ð?acosasinloglog10exppowCorExitProcessmscoree.dllruntime error TLOSS error SING error DOMAIN error R6033 - Attempt to use MSIL code from this assembly during native code initialization This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain. R6032 - not enough space for locale information R6031 - Attempt to initialize the CRT more than once. This indicates a bug in your application. R6030 - CRT not initialized R6028 - unable to initialize heap R6027 - not enough space for lowio initialization request_handle: 0x00cc000c	1	1
InternetReadFile Sept. 10, 2024, 10:20 a.m.	buffer: MZÿÿ¸@ðº´ Í!¸LÍ!This program cannot be run in DOS mode. $ky64/Xg/Xg/Xg@nóg4Xg@nÆg6Xg@nòg@Xg&`Ëg(Xg/Yg©Xg@n÷g.Xg@nÂg.Xg@nÅg.XgRich/XgPEL²Ýdà ðòi@ ì×óP\óhN@ø.text\|îð `.dataÎzô@À.hupakaÐn@@.tikFàr@@.turigap@@.rsrc@@úú\|ú°ú¼õÌõäõøõö$ö>öRöjöxööö®öÄöàöôö÷÷"÷0÷D÷T÷h÷\|÷÷¤÷Â÷Ø÷î÷øø.ø¤õ^ønøøø¨ø¼øÐøæøôøùù(ù<ùPùpùùù²ùÀùÐùÜù`þPþ<þnþ*þþõõjõDøTõÆúÜúèúôúûû&û<ûNûZûdûpûûûû¦û¼ûØûöû üü:üHüVübürüzüüüÀüÎüæüøüý(ýBý\ývýý¦ý¼ýÌýÞýðýþý þ^úFú8ú,úúúþùPúïb@^p@²~@·@¬@;@1Ah@$O@Â^@^@Unknown exceptionð?ð?33ÿHH:mm:ssdddd, MMMM dd, yyyyMM/dd/yyPMAMDecemberNovemberOctoberSeptemberAugustJulyJuneAprilMarchFebruaryJanuaryDecNovOctSepAugJulJunMayAprMarFebJanSaturdayFridayThursdayWednesdayTuesdayMondaySundaySatFriThuWedTueMonSunHH:mm:ssdddd, MMMM dd, yyyyMM/dd/yyPMAMDecemberNovemberOctoberSeptemberAugustJulyJuneAprilMarchFebruaryJanuaryDecNovOctSepAugJulJunMayAprMarFebJanSaturdayFridayThursdayWednesdayTuesdayMondaySundaySatFriThuWedTueMonSunKERNEL32.DLLFlsFreeFlsSetValueFlsGetValueFlsAlloclO@Æz@ððÿà ÿÀÀÿÊòIqÊòIñ`B¢ `B¢YóøÂn¥YóøÂn¥tancossinmodffloorceilatanexp10ð?acosasinloglog10exppowCorExitProcessmscoree.dllruntime error TLOSS error SING error DOMAIN error R6033 - Attempt to use MSIL code from this assembly during native code initialization This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain. R6032 - not enough space for locale information R6031 - Attempt to initialize the CRT more than once. This indicates a bug in your application. R6030 - CRT not initialized R6028 - unable to initialize heap R6027 - not enough space for lowio initialization request_handle: 0x00cc000c	1	1
InternetReadFile Sept. 10, 2024, 10:20 a.m.	buffer: MZÿÿ¸@ º´ Í!¸LÍ!This program cannot be run in DOS mode. $Ç®Þ¦íýÞ¦íýÞ¦íýj:ýý¦íýj:ýC¦íýj:ýý¦íý@*ýß¦íýÎèüó¦íýÎéüÌ¦íýÎîüË¦íý×Þný×¦íý×Þ~ýû¦íýÞ¦ìý÷¤íý{Ïãü¦íý{Ïîüß¦íý{Ïýß¦íýÞ¦zýß¦íý{Ïïüß¦íýRichÞ¦íýPEL6¬Ôfà"¬ PwÀ @`?±@@@d\|@ Äà uð4@À .text« ¬ `.rdataûÀ ü° @@.datalpÀH¬@À.rsrcÄ@ ô@@.relocuà v @B¹t Mè8ýhé#DèðYÃhó#DèðYÃèæÞhø#DèrðYÃèY<hý#DèaðYÃQè©h$DèOðYÃ¡0MQ@0MPèã#h$Dè/ðYÃèÞ%h$DèðYÃè®çh!$Dè ðYÃèA2h&$DèüïYÃèPÁh0$DèëïYÃ¹%Mèh?$DèÕïYÃVñNè´Nè¬j(VèâìYYÆ^ÂUìì8Ç0MtÉI3ÒÇM0ÉI M¤MVQf¨Mèo¡0M@Ç0M\ÉI¡0MHûÿÿ,M3À¹¸M£ÌM£ÐM£ÔMèY ¹èMèí¹øMèã¹MèÙ3À¹M£TM£XM£\M£`M£dM£hM£lM£pM£tM£xMè3ÀÇ¬M<ÉI¹M£M£Mf£M£ M£¤Mf£¨M£°M£´M£¸M£¼M£ÀM£ÄMÇÈM@ÉI£ÌM£ÐM£ÔMÇØM@ÉI£ÜM£àM£äMÇèM@ÉI£ìM£ðM£ôMÇøMDÉI£üM£M£M£M£MÇMèÏ¹(MèÇM<ÉI3Ò¹MMMMè¹@Mè3À¹MP£`M£dM£hM£pM£tM£xMèGMÈè$P¡0MHÁ4MèMèè¼MÈè{¼3ÀfÇ0Mjö£,M£ M£$M£M£M£(M£Mf£lM¢M¢}M£\MÿhÂIðö3Ò\|MèÂRÿhÈI¸0M^ÉÂ¡0M¹@MV@Ç0MhÉI3À£4M£8M£<Mè+¹tMè!¾¨MÎèh ÉIÎèoW¸0M^ÂVñNèeNè]N$èUÆ^ÃUìQSVWùûÿÿ@Ç8ûÿÿ\ÉIPûÿÿ:ûÿÿ\|üÿÿÀi3öVVVhHÉIÿÐÇI9·dýÿÿ[3ö9·4ýÿÿKËè®3ö9·Dýÿÿ3ö9·Týÿÿ·lýÿÿÎè÷º3ÉÇF@Ç9ûÿÿt5MüQMüQûÿÿè/ûÿÿ@ÈèÆ@Ç¸ûÿÿuÎÿlÈIOàÉkOÔÉu3Û_ÜOÄÉãO¤_Ìè`þÿÿè ·dþÿÿÎÇ<ÉIèÿvè¿èYýÿÿè\|ýÿÿè#lýÿÿè)º·\ýÿÿÎÇDÉIètÿvèèóÇLýÿÿ@ÉIY9Týÿÿòÿ·PýÿÿTýÿÿèXèóÇ<ýÿÿ@ÉIY9Dýÿÿñÿ·@ýÿÿDýÿÿè.èóÇ,ýÿÿ@ÉIY94ýÿÿðÿ·0ýÿÿ4ýÿÿèèY$ýÿÿÉù·ýÿÿÎÇ<ÉIè£ÿvèÚçYýÿÿÉãüüÿÿÉéèüÿÿè-ÐüÿÿèÄüÿÿÉÙÌüÿÿ¸üÿÿÉÙlüÿÿÀüÿÿèï\üÿÿèäLüÿÿèÙüÿÿèµ_^[ÉÃ`ýÿÿ°Àt#ÿ0ÿ5MÿÅI`ýÿÿ°ÉtQèØùÿÿF;·dýÿÿfýÿÿë¿qQèþàÎö þÿÿëëVñW3ÿN>è5N$è-N4èsPN`èkPèjÇ¼<ÉI¾À¾Ä¾ÈèiæY8Æ_^ÃVWùÉtQè_·¼ÎÇ<ÉIè6ÿvèmæYèÜO`è¯QO4è§QO$èÄO_^éºVñW3ÿ9~f_^ÃVñjVè×åYYÆ^ÂVñW3ÿ9~wf_^ÃFjÿ4¸è°åYYF$¸G;~sÝëâSVñ3ÛW¾d9u%\|èÿÿÿ¾p9u9=_^[ÃÏèÛëÎÏè=ëÚWùxÿÿÿ@Ç8xÿÿÿhÉIèhOðèóOàèëOÐèãOÀèÛO¬èÓOèËOèÃ\|ÿÿÿÉug_ÃVéË VWñè¶@öÉ _^ÃVqöÜ ^ÃWùu&?ÿu_ÃVw$Ïèij(WèäþYYöuæ^_ÃÿwèÓäYëÏVñÉtQèþÿÿìèP¼è&¬èèèN^éVWù3öD÷ÀN Fþ\|î_^ÃSVñ3ÛW8^ T 8^uNy8ÉtQè~^ ÿ_^[Ã³ëóVñN è²µÎè«µj@VèÐãYYÆ^ÂUìSÙVW{ {u)EÏ0è~µ7ÇGC{ _^[u Æ@]Â8ëÒ@8ëî3ÀÇMd3Éf£2MA¢4Mj 8M <M @M¢PMf£üM ôM øM¹úX M£DM£HM LMÃUìWù rVj@èãYÿuðÎèON8w^ÿ_]ÂUìVuWùVgèëåFO GFGFGF aPèÉåF0G0Ç_^]Â3Ò3À@AQQQQA,ÁQ Q(Q0ÃVñ&NèWèþèó¬èè¼èÝìè LjèEâÇ$\|ÉI ÿ ÇIFÆ^ÃjAZ @êuõÁÃSV5ÆI3ÛWùjXSGfÇG____j[ÇGÿÖSjG)ÿÖSh request_handle: 0x00cc000c	1	1

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x0002dc00', u'virtual_address': u'0x00001000', u'entropy': 7.979197383893331, u'name': u' \\x00 ', u'virtual_size': u'0x00068000'}

entropy

7.97919738389

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x001a7a00', u'virtual_address': u'0x00323000', u'entropy': 7.954400163915928, u'name': u'njatrkmo', u'virtual_size': u'0x001a8000'}

entropy

7.95440016392

description

A section with a high entropy has been found

entropy

0.994175271379

description

Overall entropy of this PE file is high

Expresses interest in specific running processes (1 event)

process

system

Communicates with host for which no DNS query was performed (3 events)

host	185.215.113.16
host	31.41.244.10
host	31.41.244.11

Attempts to identify installed AV products by installation directory (7 events)

file	C:\ProgramData\AVAST Software
file	C:\ProgramData\Avira
file	C:\ProgramData\Kaspersky Lab
file	C:\ProgramData\Panda Security
file	C:\ProgramData\Bitdefender
file	C:\ProgramData\AVG
file	C:\ProgramData\Doctor Web

Checks for the presence of known devices from debuggers and forensic tools (3 events)

file	\??\SICE
file	\??\SIWVID
file	\??\NTICE

Checks for the presence of known windows from debuggers and forensic tools (50 out of 322 events)

Time & API	Arguments	Status	Return	Repeated
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: #0 window_name: Registry Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: #0 window_name: Registry Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: Regmonclass window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: Regmonclass window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: Filemonclass window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: Filemonclass window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Sept. 10, 2024, 10:20 a.m.	class_name: OLLYDBG window_name:		0	0

A process attempted to delay the analysis task. (2 events)

description	svoutse.exe tried to sleep 1220 seconds, actually delayed analysis time by 1220 seconds
description	explorer.exe tried to sleep 120 seconds, actually delayed analysis time by 120 seconds

Checks the version of Bios, possibly for anti-virtualization (2 events)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Installs itself for autorun at Windows startup (3 events)

reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\3af585230f.exe	reg_value	C:\Users\test22\AppData\Local\Temp\1000030001\3af585230f.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\7556dae5b5.exe	reg_value	C:\Users\test22\AppData\Local\Temp\1000036001\7556dae5b5.exe
file	C:\Windows\Tasks\svoutse.job

One or more non-whitelisted processes were created (39 events)

parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=4036 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef445f1e8,0x7fef445f1f8,0x7fef445f208
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef445f1e8,0x7fef445f1f8,0x7fef445f208
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=1268 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3972 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef445f1e8,0x7fef445f1f8,0x7fef445f208
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef445f1e8,0x7fef445f1f8,0x7fef445f208
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3824 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1196,18372654397975372833,15808154756706581292,131072 --gpu-preferences=KAAAAAAAAAAABwAAAQAAAAAAAAAAAGAAAQAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x80ee --gpu-device-id=0xbeef --gpu-driver-vendor=Microsoft --gpu-driver-version=6.1.7600.16385 --gpu-driver-date=6-21-2006 --service-request-channel-token=98B9E5562A64590C694E517AF5E9B9B7 --mojo-platform-channel-handle=1208 --ignored=" --type=renderer " /prefetch:2
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef445f1e8,0x7fef445f1f8,0x7fef445f208
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2576 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef445f1e8,0x7fef445f1f8,0x7fef445f208
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3612 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1264,3963667230867628307,16558708132501161956,131072 --gpu-preferences=KAAAAAAAAAAABwAAAQAAAAAAAAAAAGAAAQAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x80ee --gpu-device-id=0xbeef --gpu-driver-vendor=Microsoft --gpu-driver-version=6.1.7600.16385 --gpu-driver-date=6-21-2006 --service-request-channel-token=8FB50391FB1E13AA7D61C072697833C2 --mojo-platform-channel-handle=1280 --ignored=" --type=renderer " /prefetch:2
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=4652 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef445f1e8,0x7fef445f1f8,0x7fef445f208
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3092 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef445f1e8,0x7fef445f1f8,0x7fef445f208
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1156,13863410762491365357,9930775506549179190,131072 --gpu-preferences=KAAAAAAAAAAABwAAAQAAAAAAAAAAAGAAAQAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x80ee --gpu-device-id=0xbeef --gpu-driver-vendor=Microsoft --gpu-driver-version=6.1.7600.16385 --gpu-driver-date=6-21-2006 --service-request-channel-token=EEC54AB80982879D41D8F062A13F2AB6 --mojo-platform-channel-handle=1164 --ignored=" --type=renderer " /prefetch:2
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=1264 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef445f1e8,0x7fef445f1f8,0x7fef445f208
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1200,5839119642338213729,7641725888996070670,131072 --gpu-preferences=KAAAAAAAAAAABwAAAQAAAAAAAAAAAGAAAQAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x80ee --gpu-device-id=0xbeef --gpu-driver-vendor=Microsoft --gpu-driver-version=6.1.7600.16385 --gpu-driver-date=6-21-2006 --service-request-channel-token=61FA7951ED87575BD82A9C52EF5F2E3F --mojo-platform-channel-handle=1216 --ignored=" --type=renderer " /prefetch:2
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef445f1e8,0x7fef445f1f8,0x7fef445f208
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=4824 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=152 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef445f1e8,0x7fef445f1f8,0x7fef445f208
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef445f1e8,0x7fef445f1f8,0x7fef445f208
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=676 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef445f1e8,0x7fef445f1f8,0x7fef445f208
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=648 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2540 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef445f1e8,0x7fef445f1f8,0x7fef445f208
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1120,13779772871785753648,8976676617153534259,131072 --gpu-preferences=KAAAAAAAAAAABwAAAQAAAAAAAAAAAGAAAQAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x80ee --gpu-device-id=0xbeef --gpu-driver-vendor=Microsoft --gpu-driver-version=6.1.7600.16385 --gpu-driver-date=6-21-2006 --service-request-channel-token=F5CCE407CBE94DCC89D9216208743D33 --mojo-platform-channel-handle=1136 --ignored=" --type=renderer " /prefetch:2
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef445f1e8,0x7fef445f1f8,0x7fef445f208
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=4808 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef445f1e8,0x7fef445f1f8,0x7fef445f208
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1200,6507489826041575674,6385150190110385622,131072 --gpu-preferences=KAAAAAAAAAAABwAAAQAAAAAAAAAAAGAAAQAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x80ee --gpu-device-id=0xbeef --gpu-driver-vendor=Microsoft --gpu-driver-version=6.1.7600.16385 --gpu-driver-date=6-21-2006 --service-request-channel-token=291D5FC15501C90F99E53F778C3C2E31 --mojo-platform-channel-handle=1208 --ignored=" --type=renderer " /prefetch:2
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef445f1e8,0x7fef445f1f8,0x7fef445f208
parent_process	chrome.exe	martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2680 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6

Detects VMWare through the in instruction feature (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Sept. 10, 2024, 10:20 a.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 56 c7 04 24 e2 cd fe 4a exception.symbol: burda+0x202890 exception.instruction: in eax, dx exception.module: burda.exe exception.exception_code: 0xc0000096 exception.offset: 2107536 exception.address: 0x362890 registers.esp: 9567684 registers.edi: 11677199 registers.eax: 1447909480 registers.ebp: 3991908372 registers.edx: 22104 registers.ebx: 1969033397 registers.esi: 3544476 registers.ecx: 20	1	0	0

File has been identified by 44 AntiVirus engines on VirusTotal as malicious (44 events)

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.Win32.Generic.tc
ALYac	Gen:Variant.Kryptik.260
Cylance	Unsafe
VIPRE	Gen:Variant.Kryptik.260
BitDefender	Gen:Variant.Kryptik.260
Cybereason	malicious.fab832
Arcabit	Trojan.Kryptik.260
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/Packed.Themida.HZB
APEX	Malicious
Avast	Win32:Evo-gen [Trj]
Kaspersky	HEUR:Trojan.Win32.Generic
MicroWorld-eScan	Gen:Variant.Kryptik.260
Rising	Trojan.Amadey!8.11DFB (TFE:2:fqvdqlEqKrO)
Emsisoft	Gen:Variant.Kryptik.260 (B)
F-Secure	Trojan.TR/Crypt.TPM.Gen
McAfeeD	Real Protect-LS!FB715BBFAB83
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.fb715bbfab832a6a
Sophos	Generic ML PUA (PUA)
SentinelOne	Static AI - Malicious PE
Google	Detected
Avira	TR/Crypt.TPM.Gen
MAX	malware (ai score=89)
Kingsoft	Win32.HeurC.KVMH008.a
Gridinsoft	Trojan.Heur!.038120A1
Microsoft	Trojan:Win32/Sabsik.EN.D!ml
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Gen:Variant.Kryptik.260
Varist	W32/Agent.JDU.gen!Eldorado
AhnLab-V3	Trojan/Win.Generic.R645974
McAfee	Themida-FWSE!FB715BBFAB83
DeepInstinct	MALICIOUS
VBA32	TScope.Malware-Cryptor.SB
Malwarebytes	Trojan.Amadey
Zoner	Probably Heur.ExeHeaderL
Tencent	Trojan-DL.Win32.Deyma.kh
Fortinet	W32/Themida.HZB!tr
AVG	Win32:Evo-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (D)

burda.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All