11.6
0-day
该样本未表现出任何异常!
重新分析
更多

ee59d91b50ff95b5946ba79599480417ca06c711a5cb0730521c672eb88c7ba7

364e75eb91261ba76a20308c33498088.exe

分析耗时

70s

最近分析

文件大小

573.5KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Command line console output was observed (50 out of 332 个事件)
Time & API Arguments Status Return Repeated
1620758565.099501
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1620758565.115501
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1620758565.115501
WriteConsoleW
buffer: "C:\Users\Administrator.Oskar-PC\AppData\Roaming\nmsp3\sedgf.exe"
console_handle: 0x00000007
success 1 0
1620758565.224501
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Roaming\nmsp3\sedgf.exe
console_handle: 0x00000007
success 1 0
1620758565.271501
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1620758565.287501
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1620758565.287501
WriteConsoleW
buffer: if
console_handle: 0x00000007
success 1 0
1620758565.287501
WriteConsoleW
buffer: exist "C:\Users\Administrator.Oskar-PC\AppData\Roaming\nmsp3\sedgf.exe"
console_handle: 0x00000007
success 1 0
1620758565.287501
WriteConsoleW
buffer: goto
console_handle: 0x00000007
success 1 0
1620758565.287501
WriteConsoleW
buffer: ktk
console_handle: 0x00000007
success 1 0
1620758565.318501
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1620758565.318501
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1620758565.318501
WriteConsoleW
buffer: "C:\Users\Administrator.Oskar-PC\AppData\Roaming\nmsp3\sedgf.exe"
console_handle: 0x00000007
success 1 0
1620758565.349501
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Roaming\nmsp3\sedgf.exe
console_handle: 0x00000007
success 1 0
1620758565.349501
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1620758565.365501
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1620758565.365501
WriteConsoleW
buffer: if
console_handle: 0x00000007
success 1 0
1620758565.365501
WriteConsoleW
buffer: exist "C:\Users\Administrator.Oskar-PC\AppData\Roaming\nmsp3\sedgf.exe"
console_handle: 0x00000007
success 1 0
1620758565.365501
WriteConsoleW
buffer: goto
console_handle: 0x00000007
success 1 0
1620758565.365501
WriteConsoleW
buffer: ktk
console_handle: 0x00000007
success 1 0
1620758565.396501
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1620758565.396501
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1620758565.396501
WriteConsoleW
buffer: "C:\Users\Administrator.Oskar-PC\AppData\Roaming\nmsp3\sedgf.exe"
console_handle: 0x00000007
success 1 0
1620758565.458501
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Roaming\nmsp3\sedgf.exe
console_handle: 0x00000007
success 1 0
1620758565.458501
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1620758565.505501
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1620758565.505501
WriteConsoleW
buffer: if
console_handle: 0x00000007
success 1 0
1620758565.505501
WriteConsoleW
buffer: exist "C:\Users\Administrator.Oskar-PC\AppData\Roaming\nmsp3\sedgf.exe"
console_handle: 0x00000007
success 1 0
1620758565.521501
WriteConsoleW
buffer: goto
console_handle: 0x00000007
success 1 0
1620758565.521501
WriteConsoleW
buffer: ktk
console_handle: 0x00000007
success 1 0
1620758565.568501
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1620758565.568501
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1620758565.568501
WriteConsoleW
buffer: "C:\Users\Administrator.Oskar-PC\AppData\Roaming\nmsp3\sedgf.exe"
console_handle: 0x00000007
success 1 0
1620758565.630501
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Roaming\nmsp3\sedgf.exe
console_handle: 0x00000007
success 1 0
1620758565.630501
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1620758565.646501
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1620758565.646501
WriteConsoleW
buffer: if
console_handle: 0x00000007
success 1 0
1620758565.646501
WriteConsoleW
buffer: exist "C:\Users\Administrator.Oskar-PC\AppData\Roaming\nmsp3\sedgf.exe"
console_handle: 0x00000007
success 1 0
1620758565.662501
WriteConsoleW
buffer: goto
console_handle: 0x00000007
success 1 0
1620758565.662501
WriteConsoleW
buffer: ktk
console_handle: 0x00000007
success 1 0
1620758565.677501
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1620758565.677501
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1620758565.677501
WriteConsoleW
buffer: "C:\Users\Administrator.Oskar-PC\AppData\Roaming\nmsp3\sedgf.exe"
console_handle: 0x00000007
success 1 0
1620758565.724501
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Roaming\nmsp3\sedgf.exe
console_handle: 0x00000007
success 1 0
1620758565.724501
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1620758565.740501
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1620758565.740501
WriteConsoleW
buffer: if
console_handle: 0x00000007
success 1 0
1620758565.740501
WriteConsoleW
buffer: exist "C:\Users\Administrator.Oskar-PC\AppData\Roaming\nmsp3\sedgf.exe"
console_handle: 0x00000007
success 1 0
1620758565.740501
WriteConsoleW
buffer: goto
console_handle: 0x00000007
success 1 0
1620758565.755501
WriteConsoleW
buffer: ktk
console_handle: 0x00000007
success 1 0
Tries to locate where the browsers are installed (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (4 个事件)
Time & API Arguments Status Return Repeated
1620726224.925915
NtAllocateVirtualMemory
process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01db0000
success 0 0
1620726246.347915
NtAllocateVirtualMemory
process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01f10000
success 0 0
1620758538.037126
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e0000
success 0 0
1620758554.396126
NtAllocateVirtualMemory
process_identifier: 340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00500000
success 0 0
Steals private information from local Internet browsers (5 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data
registry HKEY_CURRENT_USER\Software\Opera Software
Creates executable files on the filesystem (2 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\10934796.bat
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nmsp3.vbs
Drops a binary and executes it (2 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\nmsp3\sedgf.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\10934796.bat
Drops an executable to the user AppData folder (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\nmsp3\sedgf.exe
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1620758564.693626
ShellExecuteExW
parameters: "C:\Users\Administrator.Oskar-PC\AppData\Roaming\nmsp3\sedgf.exe"
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\10934796.bat
filepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\10934796.bat
show_type: 0
success 1 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.084307919116825 section {'size_of_data': '0x00021200', 'virtual_address': '0x00074000', 'entropy': 7.084307919116825, 'name': '.rsrc', 'virtual_size': '0x00021124'} description A section with a high entropy has been found
entropy 0.2314410480349345 description Overall entropy of this PE file is high
Checks for the Locally Unique Identifier on the system for a suspicious privilege (20 个事件)
Time & API Arguments Status Return Repeated
1620758556.755626
LookupPrivilegeValueW
system_name:
privilege_name: SeTcbPrivilege
success 1 0
1620758556.755626
LookupPrivilegeValueW
system_name:
privilege_name: SeCreateTokenPrivilege
success 1 0
1620758556.755626
LookupPrivilegeValueW
system_name:
privilege_name: SeBackupPrivilege
success 1 0
1620758556.755626
LookupPrivilegeValueW
system_name:
privilege_name: SeRestorePrivilege
success 1 0
1620758556.771626
LookupPrivilegeValueW
system_name:
privilege_name: SeAssignPrimaryTokenPrivilege
success 1 0
1620758563.880626
LookupPrivilegeValueW
system_name:
privilege_name: SeTcbPrivilege
success 1 0
1620758563.880626
LookupPrivilegeValueW
system_name:
privilege_name: SeCreateTokenPrivilege
success 1 0
1620758563.880626
LookupPrivilegeValueW
system_name:
privilege_name: SeBackupPrivilege
success 1 0
1620758563.880626
LookupPrivilegeValueW
system_name:
privilege_name: SeRestorePrivilege
success 1 0
1620758563.880626
LookupPrivilegeValueW
system_name:
privilege_name: SeAssignPrimaryTokenPrivilege
success 1 0
1620758564.318626
LookupPrivilegeValueW
system_name:
privilege_name: SeTcbPrivilege
success 1 0
1620758564.318626
LookupPrivilegeValueW
system_name:
privilege_name: SeCreateTokenPrivilege
success 1 0
1620758564.318626
LookupPrivilegeValueW
system_name:
privilege_name: SeBackupPrivilege
success 1 0
1620758564.318626
LookupPrivilegeValueW
system_name:
privilege_name: SeRestorePrivilege
success 1 0
1620758564.318626
LookupPrivilegeValueW
system_name:
privilege_name: SeAssignPrimaryTokenPrivilege
success 1 0
1620758564.458626
LookupPrivilegeValueW
system_name:
privilege_name: SeTcbPrivilege
success 1 0
1620758564.458626
LookupPrivilegeValueW
system_name:
privilege_name: SeCreateTokenPrivilege
success 1 0
1620758564.458626
LookupPrivilegeValueW
system_name:
privilege_name: SeBackupPrivilege
success 1 0
1620758564.458626
LookupPrivilegeValueW
system_name:
privilege_name: SeRestorePrivilege
success 1 0
1620758564.458626
LookupPrivilegeValueW
system_name:
privilege_name: SeAssignPrimaryTokenPrivilege
success 1 0
Queries for potentially installed applications (36 个事件)
Time & API Arguments Status Return Repeated
1620758556.818626
RegOpenKeyExA
access: 0x02000000
base_handle: 0x80000002
key_handle: 0x00000134
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
options: 0
success 0 0
1620758556.818626
RegOpenKeyExA
access: 0x00020019
base_handle: 0x80000002
key_handle: 0x00000138
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
options: 0
success 0 0
1620758556.818626
RegOpenKeyExA
access: 0x00020219
base_handle: 0x80000002
key_handle: 0x00000138
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
options: 0
success 0 0
1620758556.818626
RegOpenKeyExA
access: 0x00020119
base_handle: 0x80000002
key_handle: 0x00000138
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
options: 0
success 0 0
1620758556.818626
RegOpenKeyExA
access: 0x00020019
base_handle: 0x80000002
key_handle: 0x00000138
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
options: 0
success 0 0
1620758556.833626
RegOpenKeyExA
access: 0x00020219
base_handle: 0x80000002
key_handle: 0x00000138
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
options: 0
success 0 0
1620758556.833626
RegOpenKeyExA
access: 0x00020119
base_handle: 0x80000002
key_handle: 0x00000138
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
options: 0
success 0 0
1620758556.833626
RegOpenKeyExA
access: 0x00020019
base_handle: 0x80000002
key_handle: 0x00000138
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
options: 0
success 0 0
1620758556.833626
RegOpenKeyExA
access: 0x00020219
base_handle: 0x80000002
key_handle: 0x00000138
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
options: 0
success 0 0
1620758556.833626
RegOpenKeyExA
access: 0x00020119
base_handle: 0x80000002
key_handle: 0x00000138
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
options: 0
success 0 0
1620758556.833626
RegOpenKeyExA
access: 0x00020019
base_handle: 0x80000002
key_handle: 0x00000138
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
options: 0
success 0 0
1620758556.833626
RegOpenKeyExA
access: 0x00020219
base_handle: 0x80000002
key_handle: 0x00000138
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
options: 0
success 0 0
1620758556.833626
RegOpenKeyExA
access: 0x00020119
base_handle: 0x80000002
key_handle: 0x00000138
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
options: 0
success 0 0
1620758556.833626
RegOpenKeyExA
access: 0x00020019
base_handle: 0x80000002
key_handle: 0x00000138
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
options: 0
success 0 0
1620758556.833626
RegOpenKeyExA
access: 0x00020019
base_handle: 0x80000002
key_handle: 0x00000138
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
options: 0
success 0 0
1620758556.833626
RegOpenKeyExA
access: 0x00020019
base_handle: 0x80000002
key_handle: 0x00000138
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
options: 0
success 0 0
1620758556.833626
RegOpenKeyExA
access: 0x00020219
base_handle: 0x80000002
key_handle: 0x00000138
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
options: 0
success 0 0
1620758556.833626
RegOpenKeyExA
access: 0x00020119
base_handle: 0x80000002
key_handle: 0x00000138
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
options: 0
success 0 0
1620758556.833626
RegOpenKeyExA
access: 0x00020019
base_handle: 0x80000002
key_handle: 0x00000138
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
options: 0
success 0 0
1620758556.833626
RegOpenKeyExA
access: 0x00020219
base_handle: 0x80000002
key_handle: 0x00000138
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
options: 0
success 0 0
1620758556.833626
RegOpenKeyExA
access: 0x00020119
base_handle: 0x80000002
key_handle: 0x00000138
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
options: 0
success 0 0
1620758556.833626
RegOpenKeyExA
access: 0x00020019
base_handle: 0x80000002
key_handle: 0x00000138
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
options: 0
success 0 0
1620758556.833626
RegOpenKeyExA
access: 0x00020219
base_handle: 0x80000002
key_handle: 0x00000138
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
options: 0
success 0 0
1620758556.849626
RegOpenKeyExA
access: 0x00020119
base_handle: 0x80000002
key_handle: 0x00000138
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
options: 0
success 0 0
1620758556.849626
RegOpenKeyExA
access: 0x00020019
base_handle: 0x80000002
key_handle: 0x00000138
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
options: 0
success 0 0
1620758556.849626
RegOpenKeyExA
access: 0x00020219
base_handle: 0x80000002
key_handle: 0x00000138
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
options: 0
success 0 0
1620758556.849626
RegOpenKeyExA
access: 0x00020119
base_handle: 0x80000002
key_handle: 0x00000138
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
options: 0
success 0 0
1620758556.865626
RegOpenKeyExA
access: 0x00020019
base_handle: 0x80000002
key_handle: 0x00000138
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
options: 0
success 0 0
1620758556.865626
RegOpenKeyExA
access: 0x00020219
base_handle: 0x80000002
key_handle: 0x00000138
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
options: 0
success 0 0
1620758556.865626
RegOpenKeyExA
access: 0x00020119
base_handle: 0x80000002
key_handle: 0x00000138
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
options: 0
success 0 0
1620758556.865626
RegOpenKeyExA
access: 0x00020019
base_handle: 0x80000002
key_handle: 0x00000138
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
options: 0
success 0 0
1620758556.865626
RegOpenKeyExA
access: 0x00020219
base_handle: 0x80000002
key_handle: 0x00000138
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
options: 0
success 0 0
1620758556.865626
RegOpenKeyExA
access: 0x00020119
base_handle: 0x80000002
key_handle: 0x00000138
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
options: 0
success 0 0
1620758556.865626
RegOpenKeyExA
access: 0x00020019
base_handle: 0x80000002
key_handle: 0x00000138
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
options: 0
success 0 0
1620758556.880626
RegOpenKeyExA
access: 0x00020219
base_handle: 0x80000002
key_handle: 0x00000138
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
options: 0
success 0 0
1620758556.880626
RegOpenKeyExA
access: 0x00020119
base_handle: 0x80000002
key_handle: 0x00000138
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
options: 0
success 0 0
Uses Windows utilities for basic Windows functionality (1 个事件)
cmdline C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\10934796.bat "C:\Users\Administrator.Oskar-PC\AppData\Roaming\nmsp3\sedgf.exe"
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Creates an Alternate Data Stream (ADS) (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\nmsp3\sedgf.exe:ZoneIdentifier
Installs itself for autorun at Windows startup (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nmsp3.vbs
Deletes executed files from disk (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\nmsp3\sedgf.exe
Harvests credentials from local FTP client softwares (50 out of 120 个事件)
file C:\Program Files (x86)\CuteFTP\sm.dat
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\CuteFTP\sm.dat
file C:\Users\Administrator.Oskar-PC\AppData\Local\CuteFTP\sm.dat
file C:\Program Files (x86)\GlobalSCAPE\CuteFTP\sm.dat
file C:\ProgramData\CuteFTP\sm.dat
file C:\ProgramData\GlobalSCAPE\CuteFTP\sm.dat
file C:\Users\Administrator.Oskar-PC\AppData\Local\GlobalSCAPE\CuteFTP\sm.dat
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\GlobalSCAPE\CuteFTP\sm.dat
file C:\ProgramData\GlobalSCAPE\CuteFTP Lite\sm.dat
file C:\Users\Administrator.Oskar-PC\AppData\Local\GlobalSCAPE\CuteFTP Lite\sm.dat
file C:\Program Files (x86)\GlobalSCAPE\CuteFTP Lite\sm.dat
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\GlobalSCAPE\CuteFTP Lite\sm.dat
file C:\Program Files (x86)\GlobalSCAPE\CuteFTP Pro\sm.dat
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\GlobalSCAPE\CuteFTP Pro\sm.dat
file C:\ProgramData\GlobalSCAPE\CuteFTP Pro\sm.dat
file C:\Users\Administrator.Oskar-PC\AppData\Local\GlobalSCAPE\CuteFTP Pro\sm.dat
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FlashFXP\3\History.dat
file C:\Users\Administrator.Oskar-PC\AppData\Local\FlashFXP\3\History.dat
file C:\Users\Administrator.Oskar-PC\AppData\Local\FlashFXP\4\Sites.dat
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FlashFXP\4\Sites.dat
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FlashFXP\4\History.dat
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FlashFXP\4\Quick.dat
file C:\ProgramData\FlashFXP\3\History.dat
file C:\Users\Administrator.Oskar-PC\AppData\Local\FlashFXP\4\Quick.dat
file C:\ProgramData\FlashFXP\4\History.dat
file C:\ProgramData\FlashFXP\3\Sites.dat
file C:\ProgramData\FlashFXP\4\Quick.dat
file C:\ProgramData\FlashFXP\4\Sites.dat
file C:\Users\Administrator.Oskar-PC\AppData\Local\FlashFXP\3\Sites.dat
file C:\Users\Administrator.Oskar-PC\AppData\Local\FlashFXP\3\Quick.dat
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FlashFXP\3\Quick.dat
file C:\ProgramData\FlashFXP\3\Quick.dat
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\FlashFXP\3\Sites.dat
file C:\Users\Administrator.Oskar-PC\AppData\Local\FlashFXP\4\History.dat
file C:\ProgramData\GHISLER\wcx_ftp.ini
file C:\Windows\wcx_ftp.ini
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\GHISLER\wcx_ftp.ini
file C:\Users\Administrator.Oskar-PC\wcx_ftp.ini
file C:\Users\Administrator.Oskar-PC\AppData\Local\GHISLER\wcx_ftp.ini
file C:\Windows\32BitFtp.ini
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\CoffeeCup Software\SharedSettings_1_0_5.sqlite
file C:\ProgramData\CoffeeCup Software\SharedSettings_1_0_5.ccs
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\CoffeeCup Software\SharedSettings_1_0_5.ccs
file C:\Users\Administrator.Oskar-PC\AppData\Local\CoffeeCup Software\SharedSettings_1_0_5.ccs
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\CoffeeCup Software\SharedSettings.ccs
file C:\Users\Administrator.Oskar-PC\AppData\Local\CoffeeCup Software\SharedSettings.ccs
file C:\ProgramData\CoffeeCup Software\SharedSettings_1_0_5.sqlite
file C:\ProgramData\CoffeeCup Software\SharedSettings.ccs
file C:\Users\Administrator.Oskar-PC\AppData\Local\CoffeeCup Software\SharedSettings.sqlite
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\CoffeeCup Software\SharedSettings.sqlite
Collects information about installed applications (1 个事件)
Time & API Arguments Status Return Repeated
1620758556.833626
RegQueryValueExA
key_handle: 0x00000138
value: Google Chrome
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName
success 0 0
Harvests credentials from local email clients (7 个事件)
registry HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts
registry HKEY_CURRENT_USER\Software\Microsoft\Windows Mail\Salt
registry HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail
registry HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
registry HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts
registry HKEY_LOCAL_MACHINE\Software\RimArts\B2\Settings
registry HKEY_CURRENT_USER\Software\Poco Systems Inc
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 340 called NtSetContextThread to modify thread in remote process 2944
Time & API Arguments Status Return Repeated
1620758555.083126
NtSetContextThread
thread_handle: 0x000000f8
registers.eip: 2010382788
registers.esp: 1638384
registers.edi: 0
registers.eax: 4260349
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2944
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 340 resumed a thread in remote process 2944
Time & API Arguments Status Return Repeated
1620758555.333126
NtResumeThread
thread_handle: 0x000000f8
suspend_count: 1
process_identifier: 2944
success 0 0
Executed a process and injected code into it, probably while unpacking (9 个事件)
Time & API Arguments Status Return Repeated
1620726246.972915
CreateProcessInternalW
thread_identifier: 1068
thread_handle: 0x000000f0
process_identifier: 340
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\nmsp3\sedgf.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Roaming\nmsp3\sedgf.exe
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x000000f8
inherit_handles: 0
success 1 0
1620758555.068126
CreateProcessInternalW
thread_identifier: 2796
thread_handle: 0x000000f8
process_identifier: 2944
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Roaming\nmsp3\sedgf.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x000000f0
inherit_handles: 0
success 1 0
1620758555.068126
NtGetContextThread
thread_handle: 0x000000f8
success 0 0
1620758555.068126
NtUnmapViewOfSection
process_identifier: 2944
region_size: 4096
process_handle: 0x000000f0
base_address: 0x00400000
success 0 0
1620758555.083126
NtMapViewOfSection
section_handle: 0x00000100
process_identifier: 2944
commit_size: 102400
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x000000f0
allocation_type: 0 ()
section_offset: 0
view_size: 102400
base_address: 0x00400000
success 0 0
1620758555.083126
NtMapViewOfSection
section_handle: 0x000000fc
process_identifier: 2944
commit_size: 4096
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x000000f0
allocation_type: 0 ()
section_offset: 0
view_size: 4096
base_address: 0x001e0000
success 0 0
1620758555.083126
NtSetContextThread
thread_handle: 0x000000f8
registers.eip: 2010382788
registers.esp: 1638384
registers.edi: 0
registers.eax: 4260349
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2944
success 0 0
1620758555.333126
NtResumeThread
thread_handle: 0x000000f8
suspend_count: 1
process_identifier: 2944
success 0 0
1620758564.693626
CreateProcessInternalW
thread_identifier: 2308
thread_handle: 0x000002f4
process_identifier: 912
current_directory: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp
filepath:
track: 1
command_line: "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\10934796.bat" "C:\Users\Administrator.Oskar-PC\AppData\Roaming\nmsp3\sedgf.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
process_handle: 0x000002f0
inherit_handles: 0
success 1 0
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-03-09 06:42:25

Imports

Library kernel32.dll:
0x468128 VirtualFree
0x46812c VirtualAlloc
0x468130 LocalFree
0x468134 LocalAlloc
0x468138 GetCurrentThreadId
0x468144 VirtualQuery
0x468148 WideCharToMultiByte
0x46814c MultiByteToWideChar
0x468150 lstrlenA
0x468154 lstrcpynA
0x468158 LoadLibraryExA
0x46815c GetThreadLocale
0x468160 GetStartupInfoA
0x468164 GetProcAddress
0x468168 GetModuleHandleA
0x46816c GetModuleFileNameA
0x468170 GetLocaleInfoA
0x468174 GetLastError
0x468178 GetCommandLineA
0x46817c FreeLibrary
0x468180 FindFirstFileA
0x468184 FindClose
0x468188 ExitProcess
0x46818c ExitThread
0x468190 CreateThread
0x468194 WriteFile
0x46819c SetFilePointer
0x4681a0 SetEndOfFile
0x4681a4 RtlUnwind
0x4681a8 ReadFile
0x4681ac RaiseException
0x4681b0 GetStdHandle
0x4681b4 GetFileSize
0x4681b8 GetFileType
0x4681bc CreateFileA
0x4681c0 CloseHandle
Library user32.dll:
0x4681c8 GetKeyboardType
0x4681cc LoadStringA
0x4681d0 MessageBoxA
0x4681d4 CharNextA
Library advapi32.dll:
0x4681dc RegQueryValueExA
0x4681e0 RegOpenKeyExA
0x4681e4 RegCloseKey
Library oleaut32.dll:
0x4681ec SysFreeString
0x4681f0 SysReAllocStringLen
0x4681f4 SysAllocStringLen
Library kernel32.dll:
0x4681fc TlsSetValue
0x468200 TlsGetValue
0x468204 LocalAlloc
0x468208 GetModuleHandleA
Library advapi32.dll:
0x468210 RegQueryValueExA
0x468214 RegOpenKeyExA
0x468218 RegCloseKey
Library kernel32.dll:
0x468220 lstrcpyA
0x468224 WriteFile
0x468228 WaitForSingleObject
0x46822c VirtualQuery
0x468230 VirtualAlloc
0x468234 SuspendThread
0x468238 Sleep
0x46823c SizeofResource
0x468240 SetThreadLocale
0x468244 SetFilePointer
0x468248 SetEvent
0x46824c SetErrorMode
0x468250 SetEndOfFile
0x468254 ResumeThread
0x468258 ResetEvent
0x46825c ReadFile
0x468260 MulDiv
0x468264 LockResource
0x468268 LoadResource
0x46826c LoadLibraryA
0x468278 GlobalUnlock
0x46827c GlobalReAlloc
0x468280 GlobalHandle
0x468284 GlobalLock
0x468288 GlobalFree
0x46828c GlobalFindAtomA
0x468290 GlobalDeleteAtom
0x468294 GlobalAlloc
0x468298 GlobalAddAtomA
0x46829c GetVersionExA
0x4682a0 GetVersion
0x4682a4 GetTickCount
0x4682a8 GetThreadLocale
0x4682ac GetTempPathA
0x4682b0 GetSystemInfo
0x4682b4 GetStringTypeExA
0x4682b8 GetStdHandle
0x4682bc GetProcAddress
0x4682c0 GetModuleHandleA
0x4682c4 GetModuleFileNameA
0x4682c8 GetLocaleInfoA
0x4682cc GetLastError
0x4682d0 GetFileSize
0x4682d4 GetExitCodeThread
0x4682d8 GetDiskFreeSpaceA
0x4682dc GetCurrentThreadId
0x4682e0 GetCurrentProcessId
0x4682e4 GetCPInfo
0x4682e8 GetACP
0x4682ec FreeResource
0x4682f0 FreeLibrary
0x4682f4 FormatMessageA
0x4682f8 FindResourceA
0x4682fc ExitProcess
0x468300 EnumCalendarInfoA
0x46830c CreateThread
0x468310 CreateFileA
0x468314 CreateEventA
0x468318 CompareStringA
0x46831c CloseHandle
Library version.dll:
0x468324 VerQueryValueA
0x46832c GetFileVersionInfoA
Library gdi32.dll:
0x468334 UnrealizeObject
0x468338 StretchBlt
0x46833c SetWindowOrgEx
0x468340 SetViewportOrgEx
0x468344 SetTextColor
0x468348 SetStretchBltMode
0x46834c SetROP2
0x468350 SetPixel
0x468354 SetDIBColorTable
0x468358 SetBrushOrgEx
0x46835c SetBkMode
0x468360 SetBkColor
0x468364 SelectPalette
0x468368 SelectObject
0x46836c ScaleWindowExtEx
0x468370 SaveDC
0x468374 RoundRect
0x468378 RestoreDC
0x46837c Rectangle
0x468380 RectVisible
0x468384 RealizePalette
0x468388 Polyline
0x46838c PatBlt
0x468390 MoveToEx
0x468394 MaskBlt
0x468398 LineTo
0x46839c IntersectClipRect
0x4683a0 GetWindowOrgEx
0x4683a4 GetTextMetricsA
0x4683b0 GetStockObject
0x4683b4 GetPixel
0x4683b8 GetPaletteEntries
0x4683bc GetObjectA
0x4683c0 GetDeviceCaps
0x4683c4 GetDIBits
0x4683c8 GetDIBColorTable
0x4683cc GetDCOrgEx
0x4683d4 GetClipBox
0x4683d8 GetBrushOrgEx
0x4683dc GetBitmapBits
0x4683e0 ExtTextOutA
0x4683e4 ExcludeClipRect
0x4683e8 Ellipse
0x4683ec DeleteObject
0x4683f0 DeleteDC
0x4683f4 CreateSolidBrush
0x4683f8 CreatePenIndirect
0x4683fc CreatePen
0x468400 CreatePalette
0x468408 CreateFontIndirectA
0x46840c CreateDIBitmap
0x468410 CreateDIBSection
0x468414 CreateCompatibleDC
0x46841c CreateBrushIndirect
0x468420 CreateBitmap
0x468424 BitBlt
Library user32.dll:
0x46842c WindowFromPoint
0x468430 WinHelpA
0x468434 WaitMessage
0x468438 ValidateRect
0x46843c UpdateWindow
0x468440 UnregisterClassA
0x468444 UnhookWindowsHookEx
0x468448 TranslateMessage
0x468450 TrackPopupMenu
0x468458 ShowWindow
0x46845c ShowScrollBar
0x468460 ShowOwnedPopups
0x468464 ShowCursor
0x468468 SetWindowsHookExA
0x46846c SetWindowTextA
0x468470 SetWindowPos
0x468474 SetWindowPlacement
0x468478 SetWindowLongA
0x46847c SetTimer
0x468480 SetScrollRange
0x468484 SetScrollPos
0x468488 SetScrollInfo
0x46848c SetRect
0x468490 SetPropA
0x468494 SetMenuItemInfoA
0x468498 SetMenu
0x46849c SetForegroundWindow
0x4684a0 SetFocus
0x4684a4 SetCursor
0x4684a8 SetClassLongA
0x4684ac SetCapture
0x4684b0 SetActiveWindow
0x4684b4 SendMessageA
0x4684b8 ScrollWindow
0x4684bc ScreenToClient
0x4684c0 RemovePropA
0x4684c4 RemoveMenu
0x4684c8 ReleaseDC
0x4684cc ReleaseCapture
0x4684d8 RegisterClassA
0x4684dc RedrawWindow
0x4684e0 PtInRect
0x4684e4 PostQuitMessage
0x4684e8 PostMessageA
0x4684ec PeekMessageA
0x4684f0 OffsetRect
0x4684f4 OemToCharA
0x4684fc MessageBoxA
0x468500 MapWindowPoints
0x468504 MapVirtualKeyA
0x468508 LoadStringA
0x46850c LoadKeyboardLayoutA
0x468510 LoadIconA
0x468514 LoadCursorA
0x468518 LoadBitmapA
0x46851c KillTimer
0x468520 IsZoomed
0x468524 IsWindowVisible
0x468528 IsWindowEnabled
0x46852c IsWindow
0x468530 IsRectEmpty
0x468534 IsIconic
0x468538 IsDialogMessageA
0x46853c IsChild
0x468540 InvalidateRect
0x468544 IntersectRect
0x468548 InsertMenuItemA
0x46854c InsertMenuA
0x468550 InflateRect
0x468558 GetWindowTextA
0x46855c GetWindowRect
0x468560 GetWindowPlacement
0x468564 GetWindowLongA
0x468568 GetWindowDC
0x46856c GetTopWindow
0x468570 GetSystemMetrics
0x468574 GetSystemMenu
0x468578 GetSysColor
0x46857c GetSubMenu
0x468580 GetScrollRange
0x468584 GetScrollPos
0x468588 GetScrollInfo
0x46858c GetPropA
0x468590 GetParent
0x468594 GetWindow
0x468598 GetMenuStringA
0x46859c GetMenuState
0x4685a0 GetMenuItemInfoA
0x4685a4 GetMenuItemID
0x4685a8 GetMenuItemCount
0x4685ac GetMenuDefaultItem
0x4685b0 GetMenu
0x4685b4 GetLastActivePopup
0x4685b8 GetKeyboardState
0x4685c0 GetKeyboardLayout
0x4685c4 GetKeyState
0x4685c8 GetKeyNameTextA
0x4685cc GetIconInfo
0x4685d0 GetForegroundWindow
0x4685d4 GetFocus
0x4685d8 GetDesktopWindow
0x4685dc GetDCEx
0x4685e0 GetDC
0x4685e4 GetCursorPos
0x4685e8 GetCursor
0x4685ec GetClientRect
0x4685f0 GetClassNameA
0x4685f4 GetClassInfoA
0x4685f8 GetCapture
0x4685fc GetActiveWindow
0x468600 FrameRect
0x468604 FindWindowA
0x468608 FillRect
0x46860c EqualRect
0x468610 EnumWindows
0x468614 EnumThreadWindows
0x468618 EndPaint
0x46861c EnableWindow
0x468620 EnableScrollBar
0x468624 EnableMenuItem
0x468628 DrawTextA
0x46862c DrawMenuBar
0x468630 DrawIconEx
0x468634 DrawIcon
0x468638 DrawFrameControl
0x46863c DrawFocusRect
0x468640 DrawEdge
0x468644 DispatchMessageA
0x468648 DestroyWindow
0x46864c DestroyMenu
0x468650 DestroyIcon
0x468654 DestroyCursor
0x468658 DeleteMenu
0x46865c DefWindowProcA
0x468660 DefMDIChildProcA
0x468664 DefFrameProcA
0x468668 CreateWindowExA
0x46866c CreatePopupMenu
0x468670 CreateMenu
0x468674 CreateIcon
0x468678 ClientToScreen
0x46867c CheckMenuItem
0x468680 CallWindowProcA
0x468684 CallNextHookEx
0x468688 BeginPaint
0x46868c CharNextA
0x468690 CharLowerA
0x468694 AdjustWindowRectEx
Library kernel32.dll:
0x4686a0 Sleep
Library oleaut32.dll:
0x4686a8 SafeArrayPtrOfIndex
0x4686ac SafeArrayPutElement
0x4686b0 SafeArrayGetElement
0x4686b4 SafeArrayGetUBound
0x4686b8 SafeArrayGetLBound
0x4686bc SafeArrayRedim
0x4686c0 SafeArrayCreate
0x4686c4 VariantChangeTypeEx
0x4686c8 VariantCopyInd
0x4686cc VariantCopy
0x4686d0 VariantClear
0x4686d4 VariantInit
Library comctl32.dll:
0x4686e4 ImageList_Write
0x4686e8 ImageList_Read
0x4686f8 ImageList_DragMove
0x4686fc ImageList_DragLeave
0x468700 ImageList_DragEnter
0x468704 ImageList_EndDrag
0x468708 ImageList_BeginDrag
0x46870c ImageList_Remove
0x468710 ImageList_DrawEx
0x468714 ImageList_Draw
0x468724 ImageList_Add
0x46872c ImageList_Destroy
0x468730 ImageList_Create
0x468734 InitCommonControls

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51809 239.255.255.250 3702
192.168.56.101 51811 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.