6.0
高危
该样本未表现出任何异常!
重新分析
更多

5a6abbc27eca7d97c34979de1bb59c054e80eb3c8e2b3f7080435332bea14f0a

44fc0ff131094bfc106c95e5f272ae00.exe

分析耗时

87s

最近分析

文件大小

875.5KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619384504.452875
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (4 个事件)
Time & API Arguments Status Return Repeated
1619384489.671875
CryptGenKey
crypto_handle: 0x00313fa0
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00306e70
flags: 1
key: f°˜k«î˜Ã<ÏÌ×l´ìÕ
success 1 0
1619384504.562875
CryptExportKey
crypto_handle: 0x00313fa0
crypto_export_handle: 0x00313f20
buffer: f¤Ôú/HP”=ëû¯bÈ,n=§Çv¶_Å´-Æa1Ó |‹am)”c÷Îfj –¦U¨ÍU"Ÿ›ßênÏr+h$öMúŽ‰è4vàâ,‹ÅU$$c‰Ç>²ÄOâøb
blob_type: 1
flags: 64
success 1 0
1619384532.968875
CryptExportKey
crypto_handle: 0x00313fa0
crypto_export_handle: 0x00313f20
buffer: f¤1 ’8XBDݔ#;ßöy œA·Öã§ûËigѶXN&¢U65!»{è¬g¥õkÝO–bL [y̦Nñü±^µU‚ÅÞ •Ú0³ÃœRÿiÀvd½E Ú¾
blob_type: 1
flags: 64
success 1 0
1619384538.827875
CryptExportKey
crypto_handle: 0x00313fa0
crypto_export_handle: 0x00313f20
buffer: f¤iëúÇV¡¶ö+‰$ÿ;i˜Å+(Uüʍܵý‹A_í Pïő2VŒ Ö%ÈL7de]RºGY\xˆ¿îñDŽff‚ð7¿¢s{]ø±ÞG wê)ÆÉ2{t…÷ù}µ>T˜
blob_type: 1
flags: 64
success 1 0
This executable has a PDB path (1 个事件)
pdb_path c:\Users\User\Desktop\2008\22.4.20\LogControl_src\Release\Log.pdb
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619384484.062875
NtAllocateVirtualMemory
process_identifier: 2988
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01e40000
success 0 0
Creates hidden or system file (16 个事件)
Time & API Arguments Status Return Repeated
1619384484.015875
NtCreateFile
create_disposition: 2 (FILE_CREATE)
file_handle: 0x00000000
filepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft
desired_access: 0x00100001 (FILE_READ_DATA|FILE_LIST_DIRECTORY|SYNCHRONIZE)
file_attributes: 4 (FILE_ATTRIBUTE_SYSTEM)
filepath_r: \??\C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft
create_options: 16417 (FILE_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_FOR_BACKUP_INTENT)
status_info: 4294967295 ()
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
failed 3221225525 0
1619384484.015875
NtCreateFile
create_disposition: 2 (FILE_CREATE)
file_handle: 0x00000000
filepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto
desired_access: 0x00100001 (FILE_READ_DATA|FILE_LIST_DIRECTORY|SYNCHRONIZE)
file_attributes: 4 (FILE_ATTRIBUTE_SYSTEM)
filepath_r: \??\C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto
create_options: 16417 (FILE_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_FOR_BACKUP_INTENT)
status_info: 4294967295 ()
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
failed 3221225525 0
1619384484.015875
NtCreateFile
create_disposition: 2 (FILE_CREATE)
file_handle: 0x00000000
filepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto\RSA
desired_access: 0x00100001 (FILE_READ_DATA|FILE_LIST_DIRECTORY|SYNCHRONIZE)
file_attributes: 4 (FILE_ATTRIBUTE_SYSTEM)
filepath_r: \??\C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto\RSA
create_options: 16417 (FILE_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_FOR_BACKUP_INTENT)
status_info: 4294967295 ()
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
failed 3221225525 0
1619384484.015875
NtCreateFile
create_disposition: 2 (FILE_CREATE)
file_handle: 0x00000000
filepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3154413779-3303930873-3537499701-500
desired_access: 0x00100001 (FILE_READ_DATA|FILE_LIST_DIRECTORY|SYNCHRONIZE)
file_attributes: 4 (FILE_ATTRIBUTE_SYSTEM)
filepath_r: \??\C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3154413779-3303930873-3537499701-500
create_options: 16417 (FILE_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_FOR_BACKUP_INTENT)
status_info: 4294967295 ()
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
failed 3221225525 0
1619384484.046875
NtCreateFile
create_disposition: 2 (FILE_CREATE)
file_handle: 0x00000000
filepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft
desired_access: 0x00100001 (FILE_READ_DATA|FILE_LIST_DIRECTORY|SYNCHRONIZE)
file_attributes: 4 (FILE_ATTRIBUTE_SYSTEM)
filepath_r: \??\C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft
create_options: 16417 (FILE_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_FOR_BACKUP_INTENT)
status_info: 4294967295 ()
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
failed 3221225525 0
1619384484.046875
NtCreateFile
create_disposition: 2 (FILE_CREATE)
file_handle: 0x00000000
filepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto
desired_access: 0x00100001 (FILE_READ_DATA|FILE_LIST_DIRECTORY|SYNCHRONIZE)
file_attributes: 4 (FILE_ATTRIBUTE_SYSTEM)
filepath_r: \??\C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto
create_options: 16417 (FILE_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_FOR_BACKUP_INTENT)
status_info: 4294967295 ()
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
failed 3221225525 0
1619384484.046875
NtCreateFile
create_disposition: 2 (FILE_CREATE)
file_handle: 0x00000000
filepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto\RSA
desired_access: 0x00100001 (FILE_READ_DATA|FILE_LIST_DIRECTORY|SYNCHRONIZE)
file_attributes: 4 (FILE_ATTRIBUTE_SYSTEM)
filepath_r: \??\C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto\RSA
create_options: 16417 (FILE_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_FOR_BACKUP_INTENT)
status_info: 4294967295 ()
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
failed 3221225525 0
1619384484.046875
NtCreateFile
create_disposition: 2 (FILE_CREATE)
file_handle: 0x00000000
filepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3154413779-3303930873-3537499701-500
desired_access: 0x00100001 (FILE_READ_DATA|FILE_LIST_DIRECTORY|SYNCHRONIZE)
file_attributes: 4 (FILE_ATTRIBUTE_SYSTEM)
filepath_r: \??\C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3154413779-3303930873-3537499701-500
create_options: 16417 (FILE_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_FOR_BACKUP_INTENT)
status_info: 4294967295 ()
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
failed 3221225525 0
1619384484.062875
NtCreateFile
create_disposition: 2 (FILE_CREATE)
file_handle: 0x00000000
filepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft
desired_access: 0x00100001 (FILE_READ_DATA|FILE_LIST_DIRECTORY|SYNCHRONIZE)
file_attributes: 4 (FILE_ATTRIBUTE_SYSTEM)
filepath_r: \??\C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft
create_options: 16417 (FILE_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_FOR_BACKUP_INTENT)
status_info: 4294967295 ()
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
failed 3221225525 0
1619384484.062875
NtCreateFile
create_disposition: 2 (FILE_CREATE)
file_handle: 0x00000000
filepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto
desired_access: 0x00100001 (FILE_READ_DATA|FILE_LIST_DIRECTORY|SYNCHRONIZE)
file_attributes: 4 (FILE_ATTRIBUTE_SYSTEM)
filepath_r: \??\C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto
create_options: 16417 (FILE_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_FOR_BACKUP_INTENT)
status_info: 4294967295 ()
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
failed 3221225525 0
1619384484.062875
NtCreateFile
create_disposition: 2 (FILE_CREATE)
file_handle: 0x00000000
filepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto\RSA
desired_access: 0x00100001 (FILE_READ_DATA|FILE_LIST_DIRECTORY|SYNCHRONIZE)
file_attributes: 4 (FILE_ATTRIBUTE_SYSTEM)
filepath_r: \??\C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto\RSA
create_options: 16417 (FILE_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_FOR_BACKUP_INTENT)
status_info: 4294967295 ()
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
failed 3221225525 0
1619384484.062875
NtCreateFile
create_disposition: 2 (FILE_CREATE)
file_handle: 0x00000000
filepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3154413779-3303930873-3537499701-500
desired_access: 0x00100001 (FILE_READ_DATA|FILE_LIST_DIRECTORY|SYNCHRONIZE)
file_attributes: 4 (FILE_ATTRIBUTE_SYSTEM)
filepath_r: \??\C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3154413779-3303930873-3537499701-500
create_options: 16417 (FILE_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_FOR_BACKUP_INTENT)
status_info: 4294967295 ()
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
failed 3221225525 0
1619384484.077875
NtCreateFile
create_disposition: 2 (FILE_CREATE)
file_handle: 0x00000000
filepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft
desired_access: 0x00100001 (FILE_READ_DATA|FILE_LIST_DIRECTORY|SYNCHRONIZE)
file_attributes: 4 (FILE_ATTRIBUTE_SYSTEM)
filepath_r: \??\C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft
create_options: 16417 (FILE_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_FOR_BACKUP_INTENT)
status_info: 4294967295 ()
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
failed 3221225525 0
1619384484.077875
NtCreateFile
create_disposition: 2 (FILE_CREATE)
file_handle: 0x00000000
filepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto
desired_access: 0x00100001 (FILE_READ_DATA|FILE_LIST_DIRECTORY|SYNCHRONIZE)
file_attributes: 4 (FILE_ATTRIBUTE_SYSTEM)
filepath_r: \??\C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto
create_options: 16417 (FILE_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_FOR_BACKUP_INTENT)
status_info: 4294967295 ()
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
failed 3221225525 0
1619384484.077875
NtCreateFile
create_disposition: 2 (FILE_CREATE)
file_handle: 0x00000000
filepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto\RSA
desired_access: 0x00100001 (FILE_READ_DATA|FILE_LIST_DIRECTORY|SYNCHRONIZE)
file_attributes: 4 (FILE_ATTRIBUTE_SYSTEM)
filepath_r: \??\C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto\RSA
create_options: 16417 (FILE_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_FOR_BACKUP_INTENT)
status_info: 4294967295 ()
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
failed 3221225525 0
1619384484.077875
NtCreateFile
create_disposition: 2 (FILE_CREATE)
file_handle: 0x00000000
filepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3154413779-3303930873-3537499701-500
desired_access: 0x00100001 (FILE_READ_DATA|FILE_LIST_DIRECTORY|SYNCHRONIZE)
file_attributes: 4 (FILE_ATTRIBUTE_SYSTEM)
filepath_r: \??\C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3154413779-3303930873-3537499701-500
create_options: 16417 (FILE_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_FOR_BACKUP_INTENT)
status_info: 4294967295 ()
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
failed 3221225525 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619384505.124875
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process 44fc0ff131094bfc106c95e5f272ae00.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619384504.827875
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (6 个事件)
host 101.187.104.105
host 172.217.24.14
host 68.44.137.144
host 82.223.70.24
host 203.208.40.66
host 203.208.41.65
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619384507.718875
RegSetValueExA
key_handle: 0x000003ac
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619384507.718875
RegSetValueExA
key_handle: 0x000003ac
value: @ÇΉ:×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619384507.718875
RegSetValueExA
key_handle: 0x000003ac
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619384507.718875
RegSetValueExW
key_handle: 0x000003ac
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619384507.734875
RegSetValueExA
key_handle: 0x000003c4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619384507.734875
RegSetValueExA
key_handle: 0x000003c4
value: @ÇΉ:×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619384507.734875
RegSetValueExA
key_handle: 0x000003c4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619384507.749875
RegSetValueExW
key_handle: 0x000003a8
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (5 个事件)
dead_host 192.168.56.101:49181
dead_host 82.223.70.24:8080
dead_host 172.217.24.14:443
dead_host 216.58.200.238:443
dead_host 68.44.137.144:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-04-23 05:55:36

Imports

Library KERNEL32.dll:
0x49e210 GetACP
0x49e214 IsValidCodePage
0x49e218 GetStringTypeA
0x49e21c GetStringTypeW
0x49e230 SetHandleCount
0x49e234 HeapCreate
0x49e238 HeapDestroy
0x49e23c VirtualFree
0x49e244 FatalAppExitA
0x49e250 GetStdHandle
0x49e254 GetConsoleMode
0x49e25c GetLocaleInfoW
0x49e260 LCMapStringA
0x49e264 LCMapStringW
0x49e268 GetTimeFormatA
0x49e26c GetDateFormatA
0x49e270 GetUserDefaultLCID
0x49e274 EnumSystemLocalesA
0x49e278 IsValidLocale
0x49e27c WriteConsoleA
0x49e280 GetConsoleOutputCP
0x49e284 WriteConsoleW
0x49e288 CompareStringW
0x49e290 IsDebuggerPresent
0x49e29c TerminateProcess
0x49e2a0 HeapSize
0x49e2a4 SizeofResource
0x49e2a8 GetFileType
0x49e2ac SetStdHandle
0x49e2b0 HeapReAlloc
0x49e2b4 VirtualQuery
0x49e2b8 GetSystemInfo
0x49e2bc VirtualAlloc
0x49e2c0 VirtualProtect
0x49e2c4 CreateThread
0x49e2c8 ExitThread
0x49e2cc ExitProcess
0x49e2d0 Sleep
0x49e2d4 HeapFree
0x49e2d8 HeapAlloc
0x49e2dc GetStartupInfoA
0x49e2e0 GetCommandLineA
0x49e2e8 RaiseException
0x49e2ec RtlUnwind
0x49e2f0 GetProfileIntA
0x49e2f4 GetTickCount
0x49e2f8 SetErrorMode
0x49e2fc GetFileSizeEx
0x49e300 SetFileAttributesA
0x49e314 GetModuleHandleW
0x49e318 CreateFileA
0x49e31c GetShortPathNameA
0x49e324 FindFirstFileA
0x49e328 FindClose
0x49e32c DuplicateHandle
0x49e330 GetFileSize
0x49e334 SetEndOfFile
0x49e338 UnlockFile
0x49e33c LockFile
0x49e340 FlushFileBuffers
0x49e344 SetFilePointer
0x49e348 WriteFile
0x49e34c ReadFile
0x49e350 lstrcmpiA
0x49e354 GetThreadLocale
0x49e358 GetStringTypeExA
0x49e35c DeleteFileA
0x49e360 MoveFileA
0x49e368 GetAtomNameA
0x49e36c GetOEMCP
0x49e370 GetCPInfo
0x49e378 TlsFree
0x49e380 LocalReAlloc
0x49e384 TlsSetValue
0x49e388 TlsAlloc
0x49e390 GlobalHandle
0x49e394 GlobalReAlloc
0x49e39c TlsGetValue
0x49e3a4 LocalAlloc
0x49e3a8 GlobalFlags
0x49e3b0 GetModuleFileNameW
0x49e3b4 GetDiskFreeSpaceA
0x49e3b8 GetFullPathNameA
0x49e3bc GetTempFileNameA
0x49e3c0 GetFileTime
0x49e3c4 SetFileTime
0x49e3c8 GetFileAttributesA
0x49e3d8 CopyFileA
0x49e3dc GlobalSize
0x49e3e0 lstrlenW
0x49e3e4 MulDiv
0x49e3e8 CreateEventA
0x49e3ec SuspendThread
0x49e3f0 SetEvent
0x49e3f4 WaitForSingleObject
0x49e3f8 ResumeThread
0x49e3fc SetThreadPriority
0x49e400 CloseHandle
0x49e404 GetCurrentThread
0x49e410 GetModuleFileNameA
0x49e414 GetLocaleInfoA
0x49e418 InterlockedExchange
0x49e41c lstrcmpA
0x49e420 FreeResource
0x49e424 GlobalFindAtomA
0x49e428 GlobalDeleteAtom
0x49e42c FreeLibrary
0x49e430 CompareStringA
0x49e434 lstrcmpW
0x49e438 GetVersionExA
0x49e43c GetCurrentProcessId
0x49e440 GetModuleHandleA
0x49e444 LoadLibraryA
0x49e448 GlobalGetAtomNameA
0x49e44c GlobalAddAtomA
0x49e450 MultiByteToWideChar
0x49e454 SetLastError
0x49e458 FormatMessageA
0x49e45c LocalFree
0x49e460 lstrlenA
0x49e464 GetLastError
0x49e468 GlobalAlloc
0x49e46c GlobalLock
0x49e470 lstrcpyA
0x49e474 GlobalUnlock
0x49e478 GlobalFree
0x49e47c GetCurrentProcess
0x49e480 GetCurrentThreadId
0x49e484 WideCharToMultiByte
0x49e488 LoadLibraryW
0x49e48c GetProcAddress
0x49e490 FindResourceA
0x49e494 LoadResource
0x49e498 LockResource
0x49e49c GetConsoleCP
Library USER32.dll:
0x49e584 WindowFromPoint
0x49e588 GetDCEx
0x49e58c LockWindowUpdate
0x49e590 UnregisterClassA
0x49e59c WaitMessage
0x49e5a0 SendNotifyMessageA
0x49e5a4 UnionRect
0x49e5a8 GetSysColorBrush
0x49e5ac MapVirtualKeyA
0x49e5b0 GetKeyNameTextA
0x49e5b4 GetMenuItemInfoA
0x49e5b8 InflateRect
0x49e5bc SetParent
0x49e5c0 GetSystemMenu
0x49e5c4 DeleteMenu
0x49e5c8 IsZoomed
0x49e5cc EndPaint
0x49e5d0 BeginPaint
0x49e5d4 GetWindowDC
0x49e5d8 GrayStringA
0x49e5dc DrawTextExA
0x49e5e0 DrawTextA
0x49e5e4 TabbedTextOutA
0x49e5e8 SetCapture
0x49e5ec KillTimer
0x49e5f0 SetTimer
0x49e5f4 ClientToScreen
0x49e5f8 SetWindowRgn
0x49e5fc DrawIcon
0x49e600 IsRectEmpty
0x49e604 GetDC
0x49e608 LoadCursorA
0x49e60c DestroyCursor
0x49e610 SetRect
0x49e618 MapDialogRect
0x49e620 GetNextDlgTabItem
0x49e624 EndDialog
0x49e628 GetMenuStringA
0x49e62c AppendMenuA
0x49e630 InsertMenuA
0x49e634 RemoveMenu
0x49e638 ShowOwnedPopups
0x49e63c GetMessageA
0x49e640 TranslateMessage
0x49e644 GetCursorPos
0x49e648 ValidateRect
0x49e64c PostQuitMessage
0x49e650 ScrollWindowEx
0x49e654 MoveWindow
0x49e658 SetWindowTextA
0x49e65c IsDialogMessageA
0x49e660 IsDlgButtonChecked
0x49e664 SetDlgItemTextA
0x49e668 SetDlgItemInt
0x49e66c GetDlgItemTextA
0x49e670 GetDlgItemInt
0x49e674 CheckRadioButton
0x49e678 CheckDlgButton
0x49e67c SetMenuItemBitmaps
0x49e684 LoadBitmapA
0x49e688 ModifyMenuA
0x49e68c GetMenuState
0x49e690 EnableMenuItem
0x49e694 CheckMenuItem
0x49e698 SendDlgItemMessageA
0x49e69c IsChild
0x49e6a0 PostThreadMessageA
0x49e6a4 CallNextHookEx
0x49e6a8 GetClassLongA
0x49e6ac SetPropA
0x49e6b0 GetPropA
0x49e6b4 RemovePropA
0x49e6bc GetWindowTextA
0x49e6c0 GetForegroundWindow
0x49e6c4 DispatchMessageA
0x49e6c8 BeginDeferWindowPos
0x49e6cc EndDeferWindowPos
0x49e6d0 GetTopWindow
0x49e6d4 DestroyWindow
0x49e6d8 UnhookWindowsHookEx
0x49e6dc GetMessageTime
0x49e6e0 GetMessagePos
0x49e6e4 MapWindowPoints
0x49e6e8 ScrollWindow
0x49e6ec TrackPopupMenuEx
0x49e6f0 TrackPopupMenu
0x49e6f4 SetScrollRange
0x49e6f8 GetScrollRange
0x49e6fc SetScrollPos
0x49e700 GetScrollPos
0x49e704 SetForegroundWindow
0x49e708 ShowScrollBar
0x49e70c MessageBoxA
0x49e710 GetClassInfoExA
0x49e714 RegisterClassA
0x49e718 ScreenToClient
0x49e71c DeferWindowPos
0x49e720 GetScrollInfo
0x49e724 SetScrollInfo
0x49e728 PtInRect
0x49e72c SetWindowPlacement
0x49e730 DefWindowProcA
0x49e734 CallWindowProcA
0x49e73c GetWindowPlacement
0x49e740 GetSystemMetrics
0x49e744 GetClassNameA
0x49e748 UnpackDDElParam
0x49e74c ReuseDDElParam
0x49e750 LoadMenuA
0x49e754 DestroyMenu
0x49e758 GetMenuBarInfo
0x49e75c WinHelpA
0x49e760 SetFocus
0x49e768 IsWindowEnabled
0x49e76c EqualRect
0x49e770 IsWindow
0x49e774 IsIconic
0x49e778 UpdateWindow
0x49e77c GetParent
0x49e780 EnableWindow
0x49e784 GetDlgItem
0x49e788 GetDlgCtrlID
0x49e78c GetKeyState
0x49e790 LoadIconA
0x49e794 SetCursor
0x49e798 PeekMessageA
0x49e79c GetCapture
0x49e7a0 ReleaseCapture
0x49e7a4 LoadAcceleratorsA
0x49e7a8 SetActiveWindow
0x49e7ac IsWindowVisible
0x49e7b0 InvalidateRect
0x49e7b4 InsertMenuItemA
0x49e7b8 CreatePopupMenu
0x49e7bc GetClassInfoA
0x49e7c0 IntersectRect
0x49e7c4 OffsetRect
0x49e7c8 CreateMenu
0x49e7cc WindowFromDC
0x49e7d0 InSendMessage
0x49e7d4 MessageBeep
0x49e7d8 GetNextDlgGroupItem
0x49e7dc InvalidateRgn
0x49e7e4 CharNextA
0x49e7e8 GetDialogBaseUnits
0x49e7ec CharUpperA
0x49e7f0 SetWindowsHookExA
0x49e7f4 DestroyIcon
0x49e7f8 SendMessageA
0x49e7fc ShowWindow
0x49e800 GetClientRect
0x49e804 GetWindow
0x49e808 GetWindowRect
0x49e810 FillRect
0x49e814 DrawFocusRect
0x49e818 PostMessageA
0x49e81c OpenClipboard
0x49e820 CloseClipboard
0x49e824 SetClipboardData
0x49e828 EmptyClipboard
0x49e82c GetFocus
0x49e830 GetSysColor
0x49e834 DefFrameProcA
0x49e838 GetMenu
0x49e83c DefMDIChildProcA
0x49e840 GetMenuItemID
0x49e844 GetSubMenu
0x49e848 GetMenuItemCount
0x49e84c CreateWindowExA
0x49e850 DrawMenuBar
0x49e854 GetActiveWindow
0x49e858 BringWindowToTop
0x49e864 SetWindowLongA
0x49e868 GetWindowLongA
0x49e86c SetWindowPos
0x49e870 RedrawWindow
0x49e874 AdjustWindowRectEx
0x49e878 GetDesktopWindow
0x49e87c SetMenu
0x49e880 GetLastActivePopup
0x49e884 CopyRect
0x49e888 SetRectEmpty
0x49e88c ReleaseDC
Library GDI32.dll:
0x49e04c RectVisible
0x49e050 TextOutA
0x49e054 ExtTextOutA
0x49e058 Escape
0x49e05c SetViewportOrgEx
0x49e060 OffsetViewportOrgEx
0x49e064 SetViewportExtEx
0x49e068 ScaleViewportExtEx
0x49e06c SetWindowOrgEx
0x49e070 OffsetWindowOrgEx
0x49e074 SetWindowExtEx
0x49e078 ScaleWindowExtEx
0x49e080 ArcTo
0x49e084 PolyDraw
0x49e088 PolylineTo
0x49e08c PolyBezierTo
0x49e090 ExtSelectClipRgn
0x49e098 CreatePatternBrush
0x49e09c SelectPalette
0x49e0a0 PlayMetaFileRecord
0x49e0a4 GetObjectType
0x49e0a8 EnumMetaFile
0x49e0ac PlayMetaFile
0x49e0b0 PtVisible
0x49e0b4 CreateSolidBrush
0x49e0b8 CreateHatchBrush
0x49e0bc GetCharWidthA
0x49e0c0 CreateFontA
0x49e0c4 StretchDIBits
0x49e0c8 CreateFontIndirectA
0x49e0d0 SetRectRgn
0x49e0d4 CombineRgn
0x49e0d8 GetMapMode
0x49e0dc GetBkColor
0x49e0e0 GetTextColor
0x49e0e4 GetRgnBox
0x49e0e8 GetNearestColor
0x49e0ec GetBkMode
0x49e0f0 GetPolyFillMode
0x49e0f4 GetROP2
0x49e0f8 GetStretchBltMode
0x49e0fc GetTextAlign
0x49e100 GetTextFaceA
0x49e104 GetTextExtentPointA
0x49e108 GetWindowOrgEx
0x49e10c CreateMetaFileA
0x49e110 CloseMetaFile
0x49e114 DeleteMetaFile
0x49e118 BitBlt
0x49e11c GetPixel
0x49e120 GetWindowExtEx
0x49e124 GetViewportExtEx
0x49e128 SelectClipPath
0x49e12c CreateRectRgn
0x49e130 GetClipRgn
0x49e134 SelectClipRgn
0x49e138 DeleteObject
0x49e13c SetColorAdjustment
0x49e140 SetArcDirection
0x49e144 SetMapperFlags
0x49e150 SetTextAlign
0x49e154 MoveToEx
0x49e158 LineTo
0x49e15c ExtCreatePen
0x49e160 GetStockObject
0x49e164 IntersectClipRect
0x49e168 ExcludeClipRect
0x49e16c SetMapMode
0x49e174 SetWorldTransform
0x49e178 SetGraphicsMode
0x49e17c SetStretchBltMode
0x49e180 SetROP2
0x49e184 SetPolyFillMode
0x49e188 SetBkMode
0x49e18c RestoreDC
0x49e190 SaveDC
0x49e194 Ellipse
0x49e198 LPtoDP
0x49e19c CreateEllipticRgn
0x49e1a0 PatBlt
0x49e1a4 Rectangle
0x49e1a8 GetViewportOrgEx
0x49e1ac CreatePen
0x49e1b0 AbortDoc
0x49e1b4 SetAbortProc
0x49e1b8 DPtoLP
0x49e1bc CreateDCA
0x49e1c0 CopyMetaFileA
0x49e1c4 CreateBitmap
0x49e1c8 GetObjectA
0x49e1cc SetBkColor
0x49e1d0 SetTextColor
0x49e1d4 GetClipBox
0x49e1d8 GetDCOrgEx
0x49e1dc CreateCompatibleDC
0x49e1e4 DeleteDC
0x49e1ec EndDoc
0x49e1f0 EndPage
0x49e1f4 StartPage
0x49e1f8 StartDocA
0x49e1fc GetTextMetricsA
0x49e200 SelectObject
0x49e204 GetDeviceCaps
0x49e208 OffsetClipRgn
Library COMDLG32.dll:
0x49e044 GetFileTitleA
Library WINSPOOL.DRV:
0x49e894 GetJobA
0x49e898 DocumentPropertiesA
0x49e89c ClosePrinter
0x49e8a0 OpenPrinterA
Library ADVAPI32.dll:
0x49e000 GetFileSecurityA
0x49e004 SetFileSecurityA
0x49e008 RegDeleteValueA
0x49e00c RegSetValueExA
0x49e010 RegCreateKeyExA
0x49e014 RegSetValueA
0x49e018 RegQueryValueA
0x49e01c RegOpenKeyA
0x49e020 RegEnumKeyA
0x49e024 RegDeleteKeyA
0x49e028 RegOpenKeyExA
0x49e02c RegQueryValueExA
0x49e030 RegCloseKey
0x49e038 CryptEncrypt
0x49e03c RegCreateKeyA
Library SHELL32.dll:
0x49e550 DragFinish
0x49e554 ExtractIconA
0x49e558 SHGetFileInfoA
0x49e55c DragQueryFileA
Library SHLWAPI.dll:
0x49e564 PathFindFileNameA
0x49e568 PathRemoveFileSpecW
0x49e56c PathStripToRootA
0x49e570 PathFindExtensionA
0x49e578 PathIsUNCA
Library oledlg.dll:
0x49e9cc
Library ole32.dll:
0x49e8ac OleCreate
0x49e8b0 OleLoad
0x49e8bc OleCreateFromFile
0x49e8c0 OleCreateLinkToFile
0x49e8c4 OleGetIconOfClass
0x49e8c8 CreateItemMoniker
0x49e8d0 OleIsRunning
0x49e8dc CreateFileMoniker
0x49e8e0 CoGetMalloc
0x49e8e4 StgCreateDocfile
0x49e8e8 StgOpenStorage
0x49e8ec StgIsStorageFile
0x49e8f8 OleGetClipboard
0x49e900 CoRevokeClassObject
0x49e904 OleSetClipboard
0x49e90c OleFlushClipboard
0x49e920 DoDragDrop
0x49e924 OleSave
0x49e930 OleUninitialize
0x49e934 OleRun
0x49e940 IsAccelerator
0x49e948 OleRegGetMiscStatus
0x49e94c OleRegEnumVerbs
0x49e95c CoGetClassObject
0x49e960 StringFromGUID2
0x49e964 CoDisconnectObject
0x49e968 CoInitializeEx
0x49e96c CoCreateInstance
0x49e970 CoUninitialize
0x49e974 CLSIDFromString
0x49e978 CLSIDFromProgID
0x49e97c OleDuplicateData
0x49e980 CoTaskMemAlloc
0x49e984 ReleaseStgMedium
0x49e988 CreateBindCtx
0x49e98c CoTreatAsClass
0x49e990 StringFromCLSID
0x49e994 ReadClassStg
0x49e998 ReadFmtUserTypeStg
0x49e99c OleRegGetUserType
0x49e9a0 WriteClassStg
0x49e9a4 WriteFmtUserTypeStg
0x49e9a8 SetConvertStg
0x49e9ac CoTaskMemFree
0x49e9b0 OleCreateFromData
0x49e9b4 OleLockRunning
0x49e9bc OleSaveToStream
0x49e9c0 OleInitialize
0x49e9c4 WriteClassStm
Library OLEAUT32.dll:
0x49e4a4 VariantClear
0x49e4a8 VariantChangeType
0x49e4ac VariantInit
0x49e4b0 SysAllocStringLen
0x49e4b4 SysStringLen
0x49e4b8 SysFreeString
0x49e4c0 SysStringByteLen
0x49e4c4 RegisterTypeLib
0x49e4c8 LoadTypeLib
0x49e4cc LoadRegTypeLib
0x49e4d4 SafeArrayAccessData
0x49e4d8 SafeArrayGetUBound
0x49e4dc SafeArrayGetLBound
0x49e4e4 SafeArrayGetDim
0x49e4e8 SafeArrayCreate
0x49e4ec SafeArrayRedim
0x49e4f0 VariantCopy
0x49e4f4 SafeArrayAllocData
0x49e4fc SafeArrayCopy
0x49e500 SafeArrayGetElement
0x49e504 SafeArrayPtrOfIndex
0x49e508 SafeArrayPutElement
0x49e50c SafeArrayLock
0x49e510 SafeArrayUnlock
0x49e514 SafeArrayDestroy
0x49e528 SysReAllocStringLen
0x49e52c VarDateFromStr
0x49e530 VarBstrFromCy
0x49e534 VarDecFromStr
0x49e538 VarCyFromStr
0x49e53c VarBstrFromDate
0x49e544 SysAllocString
0x49e548 VarBstrFromDec

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 60221 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57236 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.