5.6
高危
该样本未表现出任何异常!
重新分析
更多

2701e092e550bb607c9305ba4478e2b115664a1c985b14c99fb745ce56f53e51

323e999fc5b8b066f0603729cdf0818a.exe

分析耗时

74s

最近分析

文件大小

906.6KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (6 个事件)
Time & API Arguments Status Return Repeated
1619345036.015053
NtAllocateVirtualMemory
process_identifier: 2984
region_size: 741376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x004f0000
success 0 0
1619345037.577053
NtAllocateVirtualMemory
process_identifier: 2984
region_size: 737280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00700000
success 0 0
1619345037.593053
NtProtectVirtualMemory
process_identifier: 2984
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 151552
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619368233.191125
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 741376
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01d20000
success 0 0
1619368234.223125
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 737280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01de0000
success 0 0
1619368234.238125
NtProtectVirtualMemory
process_identifier: 2468
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 151552
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
Creates executable files on the filesystem (2 个事件)
file c:\programdata\1321ba6d1f\bdif.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cred.dll
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619345038.171053
CreateProcessInternalW
thread_identifier: 2636
thread_handle: 0x000000cc
process_identifier: 2468
current_directory:
filepath:
track: 1
command_line: c:\programdata\1321ba6d1f\bdif.exe
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x000000c8
inherit_handles: 0
success 1 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619368235.160125
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 172.217.24.14
host 217.8.117.52
Attempts to identify installed AV products by installation directory (7 个事件)
file C:\ProgramData\AVAST Software
file C:\ProgramData\Avira
file C:\ProgramData\Kaspersky Lab
file C:\ProgramData\Panda Security
file C:\ProgramData\Bitdefender
file C:\ProgramData\AVG
file C:\ProgramData\Doctor Web
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619368237.738125
RegSetValueExA
key_handle: 0x000003d0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619368237.738125
RegSetValueExA
key_handle: 0x000003d0
value:  è#—Ñ9×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619368237.738125
RegSetValueExA
key_handle: 0x000003d0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619368237.738125
RegSetValueExW
key_handle: 0x000003d0
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619368237.738125
RegSetValueExA
key_handle: 0x000003e0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619368237.738125
RegSetValueExA
key_handle: 0x000003e0
value:  è#—Ñ9×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619368237.738125
RegSetValueExA
key_handle: 0x000003e0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619368237.770125
RegSetValueExW
key_handle: 0x000003cc
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Generates some ICMP traffic
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 217.8.117.52:80
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-03 04:39:51

Imports

Library KERNEL32.dll:
0x4dbbfc LoadLibraryA
0x4dbc00 GetProcAddress
0x4dbc04 GetModuleHandleA
0x4dbc0c GetTickCount
0x4dbc14 IsDebuggerPresent
0x4dbc20 GetCurrentProcess
0x4dbc24 TerminateProcess
0x4dbc2c Sleep
0x4dbc30 InterlockedExchange
0x4dbc34 GetStartupInfoW
0x4dbc38 GetCommandLineW
0x4dbc3c GetModuleFileNameW
0x4dbc40 CreateProcessW
0x4dbc44 WaitForSingleObject
0x4dbc48 CloseHandle
0x4dbc4c GetLastError
0x4dbc50 FormatMessageW
0x4dbc54 LocalFree
0x4dbc58 GetCurrentProcessId
0x4dbc5c GetCurrentThreadId
0x4dbc60 WaitNamedPipeA
0x4dbc64 HeapReAlloc
0x4dbc68 GlobalFree
0x4dbc6c _lwrite
0x4dbc74 GetCommConfig
0x4dbc78 IsBadHugeWritePtr
0x4dbc7c GetConsoleAliasA
0x4dbc80 ResetEvent
0x4dbc84 ReplaceFileA
0x4dbc88 GetACP
0x4dbc8c VirtualFree
0x4dbc90 VirtualAlloc
0x4dbc94 GetSystemInfo
0x4dbc98 GetVersion
0x4dbc9c VirtualQuery
0x4dbca0 WideCharToMultiByte
0x4dbca8 MultiByteToWideChar
0x4dbcac lstrlenW
0x4dbcb0 lstrcpynW
0x4dbcb4 LoadLibraryExW
0x4dbcb8 GetThreadLocale
0x4dbcbc GetStartupInfoA
0x4dbcc0 GetModuleHandleW
0x4dbcc4 GetLocaleInfoW
0x4dbccc FreeLibrary
0x4dbcd0 FindFirstFileW
0x4dbcd4 FindClose
0x4dbcd8 ExitProcess
0x4dbcdc ExitThread
0x4dbce0 CreateThread
0x4dbce4 CompareStringW
0x4dbce8 WriteFile
0x4dbcec RtlUnwind
0x4dbcf0 RaiseException
0x4dbcf4 GetStdHandle
0x4dbcf8 TlsSetValue
0x4dbcfc TlsGetValue
0x4dbd00 LocalAlloc
0x4dbd04 lstrcpyW
0x4dbd08 lstrcmpW
0x4dbd0c WriteProfileStringW
0x4dbd18 VirtualQueryEx
0x4dbd1c TransactNamedPipe
0x4dbd20 SwitchToThread
0x4dbd24 SizeofResource
0x4dbd28 SignalObjectAndWait
0x4dbd2c SetThreadLocale
0x4dbd34 SetLastError
0x4dbd38 SetFileTime
0x4dbd3c SetFilePointer
0x4dbd40 SetFileAttributesW
0x4dbd44 SetEvent
0x4dbd48 SetErrorMode
0x4dbd4c SetEndOfFile
0x4dbd50 ResumeThread
0x4dbd54 RemoveDirectoryW
0x4dbd58 ReleaseMutex
0x4dbd5c ReadFile
0x4dbd60 OpenProcess
0x4dbd64 OpenMutexW
0x4dbd68 MulDiv
0x4dbd6c MoveFileExW
0x4dbd70 MoveFileW
0x4dbd74 LockResource
0x4dbd7c LoadResource
0x4dbd80 LoadLibraryW
0x4dbd88 IsDBCSLeadByte
0x4dbd8c IsBadWritePtr
0x4dbd94 GlobalFindAtomW
0x4dbd98 GlobalDeleteAtom
0x4dbd9c GlobalAddAtomW
0x4dbda4 GetVersionExW
0x4dbdac GetSystemDirectoryW
0x4dbdb0 GetShortPathNameW
0x4dbdb4 GetProfileStringW
0x4dbdbc GetOverlappedResult
0x4dbdc0 GetLogicalDrives
0x4dbdc4 GetLocalTime
0x4dbdc8 GetFullPathNameW
0x4dbdcc GetFileSize
0x4dbdd0 GetFileAttributesW
0x4dbdd4 GetExitCodeThread
0x4dbdd8 GetExitCodeProcess
0x4dbde0 GetDriveTypeW
0x4dbde4 GetDiskFreeSpaceW
0x4dbde8 GetDateFormatW
0x4dbdec GetCurrentThread
0x4dbdf0 GetComputerNameW
0x4dbdf4 GetCPInfo
0x4dbdf8 FreeResource
0x4dbe08 FlushFileBuffers
0x4dbe0c FindResourceW
0x4dbe10 FindNextFileW
0x4dbe1c EnumCalendarInfoW
0x4dbe24 DeviceIoControl
0x4dbe28 DeleteFileW
0x4dbe30 CreateNamedPipeW
0x4dbe34 CreateMutexW
0x4dbe38 CreateFileW
0x4dbe3c CreateEventW
0x4dbe40 CreateDirectoryW
0x4dbe44 CopyFileW
0x4dbe48 CompareFileTime
Library USER32.dll:
0x4dbe50 AnyPopup
0x4dbe54 CloseClipboard
0x4dbe58 LoadIconW
0x4dbe5c GetAsyncKeyState
0x4dbe60 MessageBoxW
0x4dbe64 DialogBoxParamW
0x4dbe68 DlgDirListW
0x4dbe6c DdeDisconnectList
0x4dbe70 EnableMenuItem
0x4dbe74 GetUpdateRect
0x4dbe78 SetScrollRange
0x4dbe7c GetKeyboardType
0x4dbe80 LoadStringW
0x4dbe84 MessageBoxA
0x4dbe88 CharNextW
0x4dbe8c CreateWindowExW
0x4dbe90 WindowFromPoint
0x4dbe94 WaitMessage
0x4dbe98 WaitForInputIdle
0x4dbe9c UpdateWindow
0x4dbea0 UnregisterClassW
0x4dbea4 UnhookWindowsHookEx
0x4dbea8 TranslateMessage
0x4dbeb0 TrackPopupMenu
0x4dbeb8 ShowWindow
0x4dbebc ShowScrollBar
0x4dbec0 ShowOwnedPopups
0x4dbec4 SetWindowsHookExW
0x4dbec8 SetWindowTextW
0x4dbecc SetWindowPos
0x4dbed0 SetWindowPlacement
0x4dbed4 SetWindowLongW
0x4dbed8 SetTimer
0x4dbedc SetScrollPos
0x4dbee0 SetScrollInfo
0x4dbee4 SetRectEmpty
0x4dbee8 SetRect
0x4dbeec SetPropW
0x4dbef0 SetParent
0x4dbef4 SetMenuItemInfoW
0x4dbef8 SetMenu
0x4dbefc SetForegroundWindow
0x4dbf00 SetFocus
0x4dbf04 SetCursor
0x4dbf08 SetClassLongW
0x4dbf0c SetCapture
0x4dbf10 SetActiveWindow
0x4dbf14 SendNotifyMessageW
0x4dbf18 SendMessageTimeoutW
0x4dbf1c SendMessageA
0x4dbf20 SendMessageW
0x4dbf24 ScrollWindowEx
0x4dbf28 ScrollWindow
0x4dbf2c ScreenToClient
0x4dbf30 ReplyMessage
0x4dbf34 RemovePropW
0x4dbf38 RemoveMenu
0x4dbf3c ReleaseDC
0x4dbf40 ReleaseCapture
0x4dbf4c RegisterClassW
0x4dbf50 RedrawWindow
0x4dbf54 PtInRect
0x4dbf58 PostQuitMessage
0x4dbf5c PostMessageW
0x4dbf60 PeekMessageA
0x4dbf64 PeekMessageW
0x4dbf68 OffsetRect
0x4dbf6c OemToCharBuffA
0x4dbf78 MessageBeep
0x4dbf7c MapWindowPoints
0x4dbf80 MapVirtualKeyW
0x4dbf84 LoadKeyboardLayoutW
0x4dbf88 LoadCursorW
0x4dbf8c LoadBitmapW
0x4dbf90 KillTimer
0x4dbf94 IsZoomed
0x4dbf98 IsWindowVisible
0x4dbf9c IsWindowUnicode
0x4dbfa0 IsWindowEnabled
0x4dbfa4 IsWindow
0x4dbfa8 IsRectEmpty
0x4dbfac IsIconic
0x4dbfb0 IsDialogMessageA
0x4dbfb4 IsDialogMessageW
0x4dbfb8 IsChild
0x4dbfbc InvalidateRect
0x4dbfc0 IntersectRect
0x4dbfc4 InsertMenuItemW
0x4dbfc8 InsertMenuW
0x4dbfcc InflateRect
0x4dbfd4 GetWindowTextW
0x4dbfd8 GetWindowRect
0x4dbfdc GetWindowPlacement
0x4dbfe0 GetWindowLongW
0x4dbfe4 GetWindowDC
0x4dbfe8 GetTopWindow
0x4dbfec GetSystemMetrics
0x4dbff0 GetSystemMenu
0x4dbff4 GetSysColorBrush
0x4dbff8 GetSysColor
0x4dbffc GetSubMenu
0x4dc000 GetScrollRange
0x4dc004 GetScrollPos
0x4dc008 GetScrollInfo
0x4dc00c GetPropW
0x4dc010 GetParent
0x4dc014 GetWindow
0x4dc018 GetMessagePos
0x4dc01c GetMessageW
0x4dc020 GetMenuStringW
0x4dc024 GetMenuState
0x4dc028 GetMenuItemInfoW
0x4dc02c GetMenuItemID
0x4dc030 GetMenuItemCount
0x4dc034 GetMenu
0x4dc038 GetLastActivePopup
0x4dc03c GetKeyboardState
0x4dc048 GetKeyboardLayout
0x4dc04c GetKeyState
0x4dc050 GetKeyNameTextW
0x4dc054 GetIconInfo
0x4dc058 GetForegroundWindow
0x4dc05c GetFocus
0x4dc060 GetDesktopWindow
0x4dc064 GetDCEx
0x4dc068 GetDC
0x4dc06c GetCursorPos
0x4dc070 GetCursor
0x4dc074 GetClientRect
0x4dc078 GetClassLongW
0x4dc07c GetClassInfoW
0x4dc080 GetCapture
0x4dc084 GetActiveWindow
0x4dc088 FrameRect
0x4dc08c FindWindowExW
0x4dc090 FindWindowW
0x4dc094 FillRect
0x4dc098 ExitWindowsEx
0x4dc09c EnumWindows
0x4dc0a0 EnumThreadWindows
0x4dc0a4 EnumChildWindows
0x4dc0a8 EndPaint
0x4dc0ac EnableWindow
0x4dc0b0 EnableScrollBar
0x4dc0b4 DrawTextExW
0x4dc0b8 DrawTextW
0x4dc0bc DrawMenuBar
0x4dc0c0 DrawIconEx
0x4dc0c4 DrawIcon
0x4dc0c8 DrawFrameControl
0x4dc0cc DrawFocusRect
0x4dc0d0 DrawEdge
0x4dc0d4 DispatchMessageA
0x4dc0d8 DispatchMessageW
0x4dc0dc DestroyWindow
0x4dc0e0 DestroyMenu
0x4dc0e4 DestroyIcon
0x4dc0e8 DestroyCursor
0x4dc0ec DeleteMenu
0x4dc0f0 DefWindowProcW
0x4dc0f4 DefMDIChildProcW
0x4dc0f8 DefFrameProcW
0x4dc0fc CreatePopupMenu
0x4dc100 CreateMenu
0x4dc104 CreateIcon
0x4dc108 ClientToScreen
0x4dc10c CheckMenuItem
0x4dc110 CharUpperBuffW
0x4dc114 CharLowerBuffW
0x4dc118 CharLowerW
0x4dc11c CallWindowProcW
0x4dc120 CallNextHookEx
0x4dc124 BringWindowToTop
0x4dc128 BeginPaint
0x4dc12c AppendMenuW
0x4dc130 CharToOemBuffA
0x4dc134 AdjustWindowRectEx
Library GDI32.dll:
0x4dc140 GetFontLanguageInfo
0x4dc144 UpdateColors
0x4dc148 GetTextColor
0x4dc14c GetObjectType
0x4dc150 GetLayout
0x4dc154 UnrealizeObject
0x4dc158 GetMapMode
0x4dc15c GetPixelFormat
0x4dc160 GetPolyFillMode
0x4dc164 RealizePalette
0x4dc168 GetSystemPaletteUse
0x4dc16c SwapBuffers
0x4dc170 SetMetaRgn
0x4dc178 GetTextAlign
0x4dc17c GetDCPenColor
0x4dc180 GetTextCharset
0x4dc184 GetEnhMetaFileA
0x4dc188 GetStretchBltMode
0x4dc18c WidenPath
0x4dc190 GetROP2
0x4dc194 GetStockObject
0x4dc198 StrokePath
0x4dc19c GetEnhMetaFileW
0x4dc1a0 SaveDC
0x4dc1a4 GetGraphicsMode
0x4dc1a8 PathToRegion
0x4dc1b0 GdiEntry5
0x4dc1b4 CreateBrushIndirect
0x4dc1b8 XLATEOBJ_piVector
0x4dc1bc GetGlyphOutlineWow
0x4dc1c0 GdiConsoleTextOut
0x4dc1c4 GdiEntry14
0x4dc1c8 ExtEscape
0x4dc1d0 GetPath
0x4dc1d4 EudcLoadLinkW
0x4dc1dc UpdateICMRegKeyW
0x4dc1e0 GdiPlayScript
0x4dc1e4 SetTextAlign
0x4dc1ec LPtoDP
0x4dc1f0 GetRasterizerCaps
0x4dc1f4 EngQueryEMFInfo
0x4dc1f8 GdiAddGlsRecord
0x4dc1fc EngAlphaBlend
0x4dc200 MoveToEx
0x4dc204 RestoreDC
0x4dc208 GetNearestColor
0x4dc20c GdiFlush
0x4dc210 ScaleWindowExtEx
0x4dc214 CLIPOBJ_bEnum
0x4dc218 GdiEntry15
0x4dc21c GdiSwapBuffers
0x4dc220 GdiIsMetaPrintDC
0x4dc224 EngCreateBitmap
0x4dc228 GetCharWidthFloatA
0x4dc230 SelectPalette
0x4dc238 EndPage
0x4dc23c StretchBlt
0x4dc240 SetWindowOrgEx
0x4dc244 SetViewportOrgEx
0x4dc248 SetTextColor
0x4dc24c SetStretchBltMode
0x4dc250 SetROP2
0x4dc254 SetPixel
0x4dc258 SetDIBColorTable
0x4dc25c SetBrushOrgEx
0x4dc260 SetBkMode
0x4dc264 SetBkColor
0x4dc268 SelectObject
0x4dc26c RoundRect
0x4dc270 RemoveFontResourceW
0x4dc274 Rectangle
0x4dc278 RectVisible
0x4dc27c Polyline
0x4dc280 Pie
0x4dc284 PatBlt
0x4dc288 MaskBlt
0x4dc28c LineTo
0x4dc290 LineDDA
0x4dc294 IntersectClipRect
0x4dc298 GetWindowOrgEx
0x4dc29c GetTextMetricsW
0x4dc2a0 GetTextExtentPointW
0x4dc2ac GetRgnBox
0x4dc2b0 GetPixel
0x4dc2b4 GetPaletteEntries
0x4dc2b8 GetObjectW
0x4dc2bc GetDeviceCaps
0x4dc2c0 GetDIBits
0x4dc2c4 GetDIBColorTable
0x4dc2c8 GetDCOrgEx
0x4dc2d0 GetClipBox
0x4dc2d4 GetBrushOrgEx
0x4dc2d8 GetBitmapBits
0x4dc2dc FrameRgn
0x4dc2e0 ExtTextOutW
0x4dc2e4 ExtFloodFill
0x4dc2e8 ExcludeClipRect
0x4dc2ec EnumFontsW
0x4dc2f0 Ellipse
0x4dc2f4 DeleteObject
0x4dc2f8 DeleteDC
0x4dc2fc CreateSolidBrush
0x4dc300 CreateRectRgn
0x4dc304 CreatePenIndirect
0x4dc308 CreatePalette
0x4dc310 CreateFontIndirectW
0x4dc314 CreateDIBitmap
0x4dc318 CreateDIBSection
0x4dc31c CreateCompatibleDC
0x4dc324 CreateBitmap
0x4dc328 Chord
0x4dc32c BitBlt
0x4dc330 Arc
0x4dc334 AddFontResourceW
Library COMDLG32.dll:
0x4dc33c GetSaveFileNameW
0x4dc340 GetOpenFileNameW
Library ADVAPI32.dll:
0x4dc348 RegOpenKeyW
0x4dc34c RegQueryValueExA
0x4dc350 RegQueryValueExW
0x4dc354 RegOpenKeyExW
0x4dc358 RegCloseKey
0x4dc360 RegSetValueExW
0x4dc364 RegQueryInfoKeyW
0x4dc368 RegFlushKey
0x4dc36c RegEnumValueW
0x4dc370 RegEnumKeyExW
0x4dc374 RegDeleteValueW
0x4dc378 RegDeleteKeyW
0x4dc37c RegCreateKeyExW
0x4dc380 OpenThreadToken
0x4dc384 OpenProcessToken
0x4dc390 GetUserNameW
0x4dc394 GetTokenInformation
0x4dc398 FreeSid
0x4dc39c EqualSid
Library SHELL32.dll:
0x4dc3ac CommandLineToArgvW
0x4dc3b0 ShellExecuteExW
0x4dc3b4 ShellExecuteW
0x4dc3b8 SHGetFileInfoW
0x4dc3bc ExtractIconW
0x4dc3c4 SHGetMalloc
0x4dc3c8 SHChangeNotify
0x4dc3cc SHBrowseForFolderW
Library ole32.dll:
0x4dc3d4 OleUninitialize
0x4dc3d8 OleInitialize
0x4dc3dc CoTaskMemFree
0x4dc3e0 CLSIDFromProgID
0x4dc3e4 CLSIDFromString
0x4dc3e8 StringFromCLSID
0x4dc3ec CoCreateInstance
0x4dc3f4 CoUninitialize
0x4dc3f8 CoInitialize
0x4dc3fc IsEqualGUID
0x4dc400 CoDisconnectObject

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.