6.6
高危
62 个模型检测该样本为恶意!
重新分析
更多

10ed81b1d71aee0029c36f386b2c5d8afce2373982232da36d0999e8c72df971

2ce698773ab268afeb0c3fc643b1293e.exe

分析耗时

82s

最近分析

文件大小

2.0MB
静态报毒 动态报毒 @N0@A0CSMGFI AI SCORE=87 AIDETECTVM AS@8RFF2F BANKERX CONFIDENCE DRIDEX ELDORADO ENCPK EQDY GDSDA GENCIRC GENKRYPTIK HEWP HIGH CONFIDENCE HJZKUN INJECT3 KRYPTIK MALICIOUS MALICIOUS PE MALWARE1 MCFKQ PINKSBOT QAKBOT QBOT QBOTPMF R002C0DE620 R335416 S13165854 SCORE SUSGEN TROJANBANKER UNSAFE YZY0OONQPI9BBOLB ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee W32/PinkSbot-GN!2CE698773AB2 20200718 6.0.6.653
Alibaba TrojanBanker:Win32/Kryptik.aee3f2bd 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:BankerX-gen [Trj] 20200718 18.4.3895.0
Kingsoft 20200718 2013.8.14.323
Tencent Malware.Win32.Gencirc.10b9ecfb 20200718 1.0.0.1
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
Queries for the computername (3 个事件)
Time & API Arguments Status Return Repeated
1619371443.428751
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619371469.225751
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619371457.600501
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Command line console output was observed (28 个事件)
Time & API Arguments Status Return Repeated
1619371470.225626
WriteConsoleA
buffer: ÕýÔÚ Ping 127.0.0.1
console_handle: 0x00000007
success 1 0
1619371470.240626
WriteConsoleA
buffer: ¾ßÓÐ 32 ×Ö½ÚµÄÊý¾Ý:
console_handle: 0x00000007
success 1 0
1619371470.240626
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619371470.240626
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619371470.240626
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619371470.240626
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619371471.240626
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619371471.240626
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619371471.240626
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619371471.240626
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619371472.240626
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619371472.240626
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619371472.240626
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619371472.240626
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619371473.240626
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619371473.240626
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619371473.240626
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619371473.240626
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619371474.240626
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619371474.240626
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619371474.240626
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619371474.240626
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619371475.240626
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619371475.240626
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619371475.240626
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619371475.240626
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619371475.240626
WriteConsoleA
buffer: 127.0.0.1 µÄ Ping ͳ¼ÆÐÅÏ¢: Êý¾Ý°ü: ÒÑ·¢ËÍ = 6£¬ÒѽÓÊÕ = 6£¬¶ªÊ§ = 0 (0% ¶ªÊ§)£¬
console_handle: 0x00000007
success 1 0
1619371475.240626
WriteConsoleA
buffer: Íù·µÐг̵ĹÀ¼Æʱ¼ä(ÒÔºÁÃëΪµ¥Î»): ×î¶Ì = 0ms£¬× = 0ms£¬Æ½¾ù = 0ms
console_handle: 0x00000007
success 1 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619371470.194626
GlobalMemoryStatusEx
success 1 0
One or more processes crashed (3 个事件)
Time & API Arguments Status Return Repeated
1619371469.225751
__exception__
stacktrace: 
2ce698773ab268afeb0c3fc643b1293e+0x8ec8 @ 0x408ec8
2ce698773ab268afeb0c3fc643b1293e+0x17cc @ 0x4017cc
2ce698773ab268afeb0c3fc643b1293e+0x1c66 @ 0x401c66
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634776
registers.edi: 0
registers.eax: 6619136
registers.ebp: 1635384
registers.edx: 8
registers.ebx: 1
registers.esi: 4269856
registers.ecx: 100
exception.instruction_r: ff 30 e8 9a 03 00 00 83 c4 14 85 c0 75 38 8d 85
exception.symbol: 2ce698773ab268afeb0c3fc643b1293e+0x8446
exception.instruction: push dword ptr [eax]
exception.module: 2ce698773ab268afeb0c3fc643b1293e.exe
exception.exception_code: 0xc0000005
exception.offset: 33862
exception.address: 0x408446
success 0 0
1619371458.662501
__exception__
stacktrace: 
2ce698773ab268afeb0c3fc643b1293e+0x3daa @ 0x403daa
2ce698773ab268afeb0c3fc643b1293e+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 6838136
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: 2ce698773ab268afeb0c3fc643b1293e+0x33cc
exception.instruction: in eax, dx
exception.module: 2ce698773ab268afeb0c3fc643b1293e.exe
exception.exception_code: 0xc0000096
exception.offset: 13260
exception.address: 0x4033cc
success 0 0
1619371458.662501
__exception__
stacktrace: 
2ce698773ab268afeb0c3fc643b1293e+0x3db3 @ 0x403db3
2ce698773ab268afeb0c3fc643b1293e+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637628
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 6838136
registers.ecx: 20
exception.instruction_r: ed 89 45 e4 5a 59 5b 58 83 4d fc ff eb 11 33 c0
exception.symbol: 2ce698773ab268afeb0c3fc643b1293e+0x3465
exception.instruction: in eax, dx
exception.module: 2ce698773ab268afeb0c3fc643b1293e.exe
exception.exception_code: 0xc0000096
exception.offset: 13413
exception.address: 0x403465
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (6 个事件)
Time & API Arguments Status Return Repeated
1619371429.600751
NtAllocateVirtualMemory
process_identifier: 2032
region_size: 225280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00330000
success 0 0
1619371443.365751
NtAllocateVirtualMemory
process_identifier: 2032
region_size: 221184
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003b0000
success 0 0
1619371443.365751
NtProtectVirtualMemory
process_identifier: 2032
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 237568
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619371444.225501
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 225280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003b0000
success 0 0
1619371457.584501
NtAllocateVirtualMemory
process_identifier: 2136
region_size: 221184
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x008f0000
success 0 0
1619371457.584501
NtProtectVirtualMemory
process_identifier: 2136
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 237568
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\2ce698773ab268afeb0c3fc643b1293e.exe
Creates a suspicious process (2 个事件)
cmdline cmd.exe /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\2ce698773ab268afeb0c3fc643b1293e.exe"
cmdline "C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\2ce698773ab268afeb0c3fc643b1293e.exe"
A process created a hidden window (2 个事件)
Time & API Arguments Status Return Repeated
1619371444.069751
CreateProcessInternalW
thread_identifier: 2344
thread_handle: 0x00000154
process_identifier: 2136
current_directory:
filepath:
track: 1
command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\2ce698773ab268afeb0c3fc643b1293e.exe /C
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x00000158
inherit_handles: 0
success 1 0
1619371469.740751
ShellExecuteExW
parameters: /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\2ce698773ab268afeb0c3fc643b1293e.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
Uses Windows utilities for basic Windows functionality (3 个事件)
cmdline cmd.exe /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\2ce698773ab268afeb0c3fc643b1293e.exe"
cmdline ping.exe -n 6 127.0.0.1
cmdline "C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\2ce698773ab268afeb0c3fc643b1293e.exe"
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Detects VMWare through the in instruction feature (1 个事件)
Time & API Arguments Status Return Repeated
1619371458.662501
__exception__
stacktrace: 
2ce698773ab268afeb0c3fc643b1293e+0x3daa @ 0x403daa
2ce698773ab268afeb0c3fc643b1293e+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 6838136
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: 2ce698773ab268afeb0c3fc643b1293e+0x33cc
exception.instruction: in eax, dx
exception.module: 2ce698773ab268afeb0c3fc643b1293e.exe
exception.exception_code: 0xc0000096
exception.offset: 13260
exception.address: 0x4033cc
success 0 0
File has been identified by 62 AntiVirus engines on VirusTotal as malicious (50 out of 62 个事件)
Bkav W32.AIDetectVM.malware1
MicroWorld-eScan Trojan.Agent.EQDY
CAT-QuickHeal Trojan.QbotPMF.S13165854
Qihoo-360 Win32/Trojan.BO.f03
McAfee W32/PinkSbot-GN!2CE698773AB2
Cylance Unsafe
Zillya Trojan.Kryptik.Win32.2017489
SUPERAntiSpyware Trojan.Agent/Gen-QBot
Sangfor Malware
Alibaba TrojanBanker:Win32/Kryptik.aee3f2bd
K7GW Trojan ( 0056625d1 )
K7AntiVirus Trojan ( 0056625d1 )
Arcabit Trojan.Agent.EQDY
TrendMicro TROJ_GEN.R002C0DE620
Cyren W32/Kryptik.BMM.gen!Eldorado
Symantec Packed.Generic.459
ESET-NOD32 a variant of Win32/Kryptik.HEWP
APEX Malicious
Avast Win32:BankerX-gen [Trj]
ClamAV Win.Malware.Qbot-7768292-0
GData Trojan.Agent.EQDY
Kaspersky HEUR:Trojan-Banker.Win32.Qbot.pef
BitDefender Trojan.Agent.EQDY
NANO-Antivirus Trojan.Win32.Inject3.hjzkun
Paloalto generic.ml
Rising Backdoor.Qakbot!8.C7B (C64:YzY0OonqpI9bbolB)
Ad-Aware Trojan.Agent.EQDY
Sophos Mal/EncPk-APV
Comodo TrojWare.Win32.Qbot.AS@8rff2f
F-Secure Trojan.TR/AD.Qbot.mcfkq
DrWeb Trojan.Inject3.39575
VIPRE Trojan.Win32.Generic!BT
Invincea heuristic
FireEye Generic.mg.2ce698773ab268af
Emsisoft Trojan.Agent.EQDY (B)
Ikarus Trojan.Win32.Crypt
F-Prot W32/Kryptik.BMM.gen!Eldorado
Jiangmin Trojan.Banker.Qbot.oh
Webroot W32.Trojan.Gen
Avira TR/AD.Qbot.mcfkq
MAX malware (ai score=87)
Antiy-AVL Trojan[Banker]/Win32.Qbot
Microsoft Trojan:Win32/Dridex.RAC!MTB
Endgame malicious (high confidence)
ZoneAlarm HEUR:Trojan-Banker.Win32.Qbot.pef
Cynet Malicious (score: 90)
AhnLab-V3 Malware/Win32.RL_Generic.R335416
ALYac Trojan.Agent.EQDY
TACHYON Trojan/W32.Agent.2087936.M
VBA32 Trojan.Inject
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.78:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-05-05 19:41:32

Imports

Library KERNEL32.dll:
0x5c76f4 SetEndOfFile
0x5c76f8 HeapSize
0x5c7700 CreateFileW
0x5c7704 GetProcessHeap
0x5c7708 SetStdHandle
0x5c7714 GetTickCount
0x5c7718 GetProcAddress
0x5c771c GetStdHandle
0x5c7720 ReadFile
0x5c7724 WriteFile
0x5c7728 GetConsoleMode
0x5c772c SetConsoleMode
0x5c7730 FreeLibrary
0x5c7734 LoadLibraryA
0x5c7738 CloseHandle
0x5c773c GetLastError
0x5c7740 GetOverlappedResult
0x5c7744 SetEvent
0x5c7748 WaitForSingleObject
0x5c774c CreateEventA
0x5c7750 CreateThread
0x5c7754 GetSystemDirectoryA
0x5c7758 FormatMessageA
0x5c775c DecodePointer
0x5c7760 FindFirstFileA
0x5c7764 FindNextFileA
0x5c776c GetProcessTimes
0x5c7770 GetCurrentProcess
0x5c7774 GetCurrentProcessId
0x5c7778 GetCurrentThread
0x5c777c GetThreadTimes
0x5c7780 GetSystemTime
0x5c778c GlobalMemoryStatus
0x5c7790 CreateFileA
0x5c7794 LocalFree
0x5c7798 WaitNamedPipeA
0x5c779c ConnectNamedPipe
0x5c77a0 CreateNamedPipeA
0x5c77a4 GetCurrentThreadId
0x5c77a8 MapViewOfFile
0x5c77ac UnmapViewOfFile
0x5c77b0 LocalAlloc
0x5c77b4 CreateFileMappingA
0x5c77b8 GetFileType
0x5c77c0 CreatePipe
0x5c77c4 CreateProcessA
0x5c77c8 OpenProcess
0x5c77cc ClearCommBreak
0x5c77d0 GetCommState
0x5c77d4 SetCommBreak
0x5c77d8 SetCommState
0x5c77dc SetCommTimeouts
0x5c77e0 ReleaseMutex
0x5c77e4 CreateMutexA
0x5c77ec DeleteFileA
0x5c77f0 GetLocalTime
0x5c77fc TerminateProcess
0x5c7808 InitializeSListHead
0x5c780c IsDebuggerPresent
0x5c7810 GetStartupInfoW
0x5c7814 GetModuleHandleW
0x5c7818 FindClose
0x5c781c GetModuleFileNameW
0x5c7824 TlsAlloc
0x5c7828 TlsGetValue
0x5c782c TlsSetValue
0x5c7830 TlsFree
0x5c7834 LoadLibraryExW
0x5c7838 RtlUnwind
0x5c783c SetLastError
0x5c784c GetModuleFileNameA
0x5c7850 GetModuleHandleExW
0x5c7854 WriteConsoleW
0x5c7858 MultiByteToWideChar
0x5c785c WideCharToMultiByte
0x5c7860 ExitProcess
0x5c7864 GetCommandLineA
0x5c7868 GetCommandLineW
0x5c786c GetACP
0x5c7870 HeapFree
0x5c7874 HeapAlloc
0x5c7878 OutputDebugStringW
0x5c7880 GetStringTypeW
0x5c7884 GetDateFormatW
0x5c7888 GetTimeFormatW
0x5c788c CompareStringW
0x5c7890 LCMapStringW
0x5c7894 FlushFileBuffers
0x5c7898 GetConsoleCP
0x5c789c HeapReAlloc
0x5c78a0 ReadConsoleW
0x5c78a4 SetFilePointerEx
0x5c78a8 FindFirstFileExA
0x5c78ac IsValidCodePage
0x5c78b0 GetOEMCP
0x5c78b4 GetCPInfo
0x5c78bc RaiseException
0x5c78c0 Process32FirstW
0x5c78c4 PurgeComm
0x5c78c8 DuplicateHandle
0x5c78d0 VirtualFree
0x5c78d4 HeapValidate
0x5c78d8 GetConsoleWindow
0x5c78ec SetConsoleTitleA
0x5c78f0 CreateDirectoryExA
0x5c78f8 TransmitCommChar
0x5c78fc OpenEventA
0x5c7904 OpenSemaphoreA
0x5c7908 EnumResourceNamesW
0x5c7910 Module32FirstW
0x5c7918 lstrcat
0x5c791c MoveFileA
0x5c7920 GetDiskFreeSpaceExA
0x5c7924 CreateTimerQueue
0x5c7928 _lread
0x5c7930 LoadLibraryExA
0x5c793c GetUserDefaultLCID
0x5c7940 IsBadReadPtr
0x5c7948 GetModuleHandleA
0x5c794c VirtualAlloc
0x5c7950 LoadLibraryW
Library USER32.dll:
0x5c795c PeekMessageA
0x5c7960 FindWindowA
0x5c7964 SendMessageA
0x5c7968 GetCursorPos
0x5c796c GetForegroundWindow
0x5c7970 GetCapture
0x5c7974 GetQueueStatus
0x5c7978 GetClipboardOwner
0x5c797c PostMessageA
0x5c7980 EnumDisplayMonitors
0x5c7984 ShowWindow
0x5c7988 UnhookWinEvent
0x5c798c DdeQueryStringA
0x5c799c PostThreadMessageA
0x5c79a0 OffsetRect
0x5c79a4 SetScrollRange
0x5c79ac UnpackDDElParam
0x5c79b0 CreateIconIndirect
0x5c79b4 LoadCursorFromFileW
0x5c79b8 SetCapture
0x5c79c0 RegisterHotKey
0x5c79c4 ShowOwnedPopups
0x5c79c8 FlashWindowEx
0x5c79cc GetMessagePos
0x5c79d4 CloseWindowStation
0x5c79d8 FreeDDElParam
0x5c79dc GetPropA
0x5c79e0 OemKeyScan
0x5c79e4 SwitchDesktop
0x5c79e8 SetWindowTextA
0x5c79ec LoadIconW
0x5c79f0 LoadCursorFromFileA
Library GDI32.dll:
0x5c79f8 FONTOBJ_vGetInfo
0x5c79fc XLATEOBJ_iXlate
0x5c7a00 GetLayout
0x5c7a04 CheckColorsInGamut
0x5c7a08 GetRasterizerCaps
0x5c7a0c EngDeletePalette
0x5c7a10 GetStringBitmapA
0x5c7a14 MoveToEx
0x5c7a18 EnumFontFamiliesW
0x5c7a1c GetBoundsRect
0x5c7a2c EngFindResource
0x5c7a30 EngDeleteSemaphore
0x5c7a38 SetMagicColors
0x5c7a3c STROBJ_vEnumStart
0x5c7a44 GdiSetLastError
0x5c7a48 CreateColorSpaceA
0x5c7a4c SetWorldTransform
0x5c7a50 SetPixel
0x5c7a54 AnimatePalette
0x5c7a58 SetViewportExtEx
0x5c7a5c EqualRgn
0x5c7a60 Chord
0x5c7a64 GetCharWidthInfo
0x5c7a68 GetTextFaceAliasW
0x5c7a6c AbortDoc
0x5c7a74 GetFontData
0x5c7a7c GdiStartPageEMF
0x5c7a80 AddFontResourceA
Library COMDLG32.dll:
0x5c7a8c GetFileTitleA
Library ADVAPI32.dll:
0x5c7a94 RegCloseKey
0x5c7a98 RegOpenKeyA
0x5c7a9c RegQueryValueExA
0x5c7aa0 GetUserNameA
0x5c7aa4 EqualSid
0x5c7aac CopySid
0x5c7ab0 GetLengthSid
0x5c7ac0 RegCreateKeyA
0x5c7ac4 RegSetValueExA
0x5c7ac8 SystemFunction036
0x5c7acc RegSetValueA
Library SHELL32.dll:
0x5c7ad8 SHGetSettings
0x5c7ae8 ShellExecuteExA
0x5c7aec CheckEscapesW
0x5c7af0 SHGetFolderPathA
0x5c7af4 SHGetDesktopFolder
0x5c7af8 DuplicateIcon
0x5c7afc SHGetFolderLocation
0x5c7b04 DoEnvironmentSubstW
0x5c7b0c DragQueryFile
Library ole32.dll:
0x5c7b18 CoTaskMemFree
Library SHLWAPI.dll:
0x5c7b20 StrRStrIW
0x5c7b24 StrRChrIA
0x5c7b28 StrChrW
0x5c7b2c StrRStrIA
0x5c7b30 PathIsUNCA
Library COMCTL32.dll:
0x5c7b38 _TrackMouseEvent

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.