6.2
高危
该样本未表现出任何异常!
重新分析
更多

7c3bc08b2c7e71a994b5476856508827a0759de6577aee5cdff0b06b01f8fec8

719a362551f9c0676430ed463a07de00.exe

分析耗时

89s

最近分析

文件大小

548.0KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1620799845.325125
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (4 个事件)
Time & API Arguments Status Return Repeated
1620799837.075125
CryptGenKey
crypto_handle: 0x0065e880
algorithm_identifier: 0x0000660e ()
provider_handle: 0x0065da50
flags: 1
key: fð_vÃÛ5 Ùó—>a[<r
success 1 0
1620799847.293125
CryptExportKey
crypto_handle: 0x0065e880
crypto_export_handle: 0x0065e728
buffer: f¤‹ŠU³;i BoO^¦ˆÿy)௚râ˅.äÄî˜m6mý°»«ªu„‡¤/Ð ‘ü=­;’'E=ño&>%úåþ×;m€«¡ ]’©ïá,á8ÞӍ?e¿.ÉÉÝÓ4 u
blob_type: 1
flags: 64
success 1 0
1620799874.418125
CryptExportKey
crypto_handle: 0x0065e880
crypto_export_handle: 0x0065e728
buffer: f¤‘j熺4¼Ú¬DÌåjà!øœ<ÛØë:}Í'D¹g#² Àæn¾§!˜Ár =Žú i”,s-ܝá/?è'ðûùÝÄBº€I8 Dº¤7Eií¶ásd! 6U
blob_type: 1
flags: 64
success 1 0
1620799898.168125
CryptExportKey
crypto_handle: 0x0065e880
crypto_export_handle: 0x0065e728
buffer: f¤èM3s©ªÀP÷U¨…ž(K*•nZ•Ê"‡pð”&¦B§p€QßʞÞXtDæ%ë82µ4Zo(·Iâýz¶…Z~à«bÎïÌjg@ÝF¥ØXDü=;z®Ò*¢ÐÏo=Æ
blob_type: 1
flags: 64
success 1 0
This executable has a PDB path (1 个事件)
pdb_path c:\Users\Mr.Anderson\Desktop\2003\18.8.20\CKnobControlST_demo\Release\CKnobControlST_Demo.pdb
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620799836.418125
NtAllocateVirtualMemory
process_identifier: 2056
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00800000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620799847.934125
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.081705456242028 section {'size_of_data': '0x00022000', 'virtual_address': '0x0006b000', 'entropy': 7.081705456242028, 'name': '.rsrc', 'virtual_size': '0x000218d0'} description A section with a high entropy has been found
entropy 0.25 description Overall entropy of this PE file is high
Expresses interest in specific running processes (1 个事件)
process 719a362551f9c0676430ed463a07de00.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1620799847.637125
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (4 个事件)
host 172.217.24.14
host 64.183.73.122
host 67.205.85.243
host 69.30.203.214
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1620799850.528125
RegSetValueExA
key_handle: 0x000003c4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620799850.528125
RegSetValueExA
key_handle: 0x000003c4
value: :ó†G×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620799850.528125
RegSetValueExA
key_handle: 0x000003c4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620799850.528125
RegSetValueExW
key_handle: 0x000003c4
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620799850.528125
RegSetValueExA
key_handle: 0x000003dc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620799850.528125
RegSetValueExA
key_handle: 0x000003dc
value: :ó†G×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620799850.528125
RegSetValueExA
key_handle: 0x000003dc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620799850.543125
RegSetValueExW
key_handle: 0x000003c0
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Generates some ICMP traffic
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (4 个事件)
dead_host 172.217.24.14:443
dead_host 69.30.203.214:8080
dead_host 216.58.200.46:443
dead_host 64.183.73.122:80
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-18 20:09:42

Imports

Library KERNEL32.dll:
0x44f1e8 GetSystemInfo
0x44f1ec VirtualQuery
0x44f1f0 GetStartupInfoA
0x44f1f4 GetCommandLineA
0x44f1f8 HeapReAlloc
0x44f1fc TerminateProcess
0x44f200 ExitThread
0x44f204 CreateThread
0x44f208 HeapSize
0x44f20c LCMapStringA
0x44f210 LCMapStringW
0x44f214 FatalAppExitA
0x44f218 HeapDestroy
0x44f21c HeapCreate
0x44f220 VirtualFree
0x44f224 IsBadWritePtr
0x44f228 GetStdHandle
0x44f23c VirtualAlloc
0x44f240 SetHandleCount
0x44f244 GetFileType
0x44f24c GetTickCount
0x44f258 GetStringTypeA
0x44f25c GetStringTypeW
0x44f264 IsBadReadPtr
0x44f268 IsBadCodePtr
0x44f26c GetTimeFormatA
0x44f270 GetDateFormatA
0x44f274 GetUserDefaultLCID
0x44f278 EnumSystemLocalesA
0x44f27c IsValidLocale
0x44f280 IsValidCodePage
0x44f288 SetStdHandle
0x44f28c GetLocaleInfoW
0x44f294 VirtualProtect
0x44f298 HeapFree
0x44f29c HeapAlloc
0x44f2a0 RtlUnwind
0x44f2a4 GetDiskFreeSpaceA
0x44f2a8 GetTempFileNameA
0x44f2ac LocalLock
0x44f2b0 LocalUnlock
0x44f2b4 GetFileTime
0x44f2b8 GetFileAttributesA
0x44f2bc SetFileAttributesA
0x44f2c0 SetFileTime
0x44f2cc SetErrorMode
0x44f2d0 GetShortPathNameA
0x44f2d4 CreateFileA
0x44f2d8 GetFullPathNameA
0x44f2e0 FindFirstFileA
0x44f2e4 FindClose
0x44f2e8 GetCurrentProcess
0x44f2ec DuplicateHandle
0x44f2f0 GetFileSize
0x44f2f4 SetEndOfFile
0x44f2f8 UnlockFile
0x44f2fc LockFile
0x44f300 FlushFileBuffers
0x44f304 SetFilePointer
0x44f308 WriteFile
0x44f30c ReadFile
0x44f310 DeleteFileA
0x44f314 MoveFileA
0x44f330 GetOEMCP
0x44f334 GetCPInfo
0x44f33c TlsFree
0x44f340 LocalReAlloc
0x44f344 TlsSetValue
0x44f348 TlsAlloc
0x44f34c TlsGetValue
0x44f354 GlobalHandle
0x44f358 GlobalReAlloc
0x44f360 LocalAlloc
0x44f364 GlobalFlags
0x44f370 RaiseException
0x44f374 CreateEventA
0x44f378 SuspendThread
0x44f37c SetEvent
0x44f380 WaitForSingleObject
0x44f384 ResumeThread
0x44f388 SetThreadPriority
0x44f38c GetCurrentThread
0x44f390 lstrcmpA
0x44f394 GetModuleFileNameA
0x44f3a0 CopyFileA
0x44f3a4 GlobalSize
0x44f3a8 GlobalAlloc
0x44f3ac FormatMessageA
0x44f3b0 LocalFree
0x44f3b4 GetCurrentThreadId
0x44f3b8 GlobalGetAtomNameA
0x44f3bc GlobalAddAtomA
0x44f3c0 GlobalFindAtomA
0x44f3c4 GlobalDeleteAtom
0x44f3c8 lstrcmpW
0x44f3cc lstrcpynA
0x44f3d0 MulDiv
0x44f3d4 GetModuleHandleA
0x44f3d8 SetLastError
0x44f3e0 GlobalLock
0x44f3e4 GlobalUnlock
0x44f3e8 GlobalFree
0x44f3ec FreeResource
0x44f3f0 GetProcAddress
0x44f3f4 GetStringTypeExW
0x44f3f8 GetStringTypeExA
0x44f404 CompareStringW
0x44f408 CompareStringA
0x44f40c lstrcmpiW
0x44f410 lstrlenW
0x44f414 lstrcmpiA
0x44f418 GetVersion
0x44f41c MultiByteToWideChar
0x44f424 LoadLibraryA
0x44f428 FreeLibrary
0x44f42c lstrcatA
0x44f430 lstrlenA
0x44f434 WinExec
0x44f438 lstrcpyA
0x44f43c ExitProcess
0x44f440 GetCurrentProcessId
0x44f444 CreateFileMappingA
0x44f448 GetLastError
0x44f44c CloseHandle
0x44f450 WideCharToMultiByte
0x44f454 FindResourceA
0x44f458 LoadResource
0x44f45c LockResource
0x44f460 SizeofResource
0x44f464 GetVersionExA
0x44f468 GetThreadLocale
0x44f46c GetLocaleInfoA
0x44f470 GetACP
0x44f478 InterlockedExchange
Library USER32.dll:
0x44f550 UnionRect
0x44f554 GetDCEx
0x44f558 LockWindowUpdate
0x44f55c SetCapture
0x44f560 GetSystemMenu
0x44f564 SetParent
0x44f56c DeleteMenu
0x44f570 GetMenuItemInfoA
0x44f574 GetSysColorBrush
0x44f578 GetDialogBaseUnits
0x44f57c MapVirtualKeyA
0x44f580 GetKeyNameTextA
0x44f584 wsprintfA
0x44f588 GetMessageA
0x44f58c TranslateMessage
0x44f590 ValidateRect
0x44f594 ShowOwnedPopups
0x44f598 PostQuitMessage
0x44f59c GetCursorPos
0x44f5a0 GetMenuStringA
0x44f5a4 AppendMenuA
0x44f5a8 InsertMenuA
0x44f5ac RemoveMenu
0x44f5b0 SetMenuItemBitmaps
0x44f5b4 ModifyMenuA
0x44f5b8 GetMenuState
0x44f5bc EnableMenuItem
0x44f5c0 CheckMenuItem
0x44f5c8 LoadBitmapA
0x44f5cc ScrollWindowEx
0x44f5d0 ShowWindow
0x44f5d4 MoveWindow
0x44f5d8 SetWindowTextA
0x44f5dc IsDialogMessageA
0x44f5e0 IsDlgButtonChecked
0x44f5e4 SetDlgItemTextA
0x44f5e8 SetDlgItemInt
0x44f5ec GetDlgItemTextA
0x44f5f0 GetDlgItemInt
0x44f5f4 CheckRadioButton
0x44f5f8 CheckDlgButton
0x44f600 WinHelpA
0x44f604 GetCapture
0x44f608 CreateWindowExA
0x44f60c SetWindowsHookExA
0x44f610 CallNextHookEx
0x44f614 GetClassLongA
0x44f618 GetClassInfoExA
0x44f61c GetClassNameA
0x44f620 SetPropA
0x44f624 GetPropA
0x44f628 RemovePropA
0x44f62c SendDlgItemMessageA
0x44f630 SetFocus
0x44f634 IsChild
0x44f63c GetWindowTextA
0x44f640 GetForegroundWindow
0x44f644 GetLastActivePopup
0x44f648 DispatchMessageA
0x44f64c BeginDeferWindowPos
0x44f650 EndDeferWindowPos
0x44f654 GetTopWindow
0x44f658 GetMessageTime
0x44f65c PeekMessageA
0x44f660 MapWindowPoints
0x44f664 ScrollWindow
0x44f668 IsRectEmpty
0x44f66c TrackPopupMenu
0x44f670 SetScrollRange
0x44f674 GetScrollRange
0x44f678 SetScrollPos
0x44f67c GetScrollPos
0x44f680 SetForegroundWindow
0x44f684 ShowScrollBar
0x44f688 IsWindowVisible
0x44f68c UpdateWindow
0x44f690 GetMenu
0x44f694 GetMenuItemID
0x44f698 GetMenuItemCount
0x44f69c AdjustWindowRectEx
0x44f6a0 EqualRect
0x44f6a4 DeferWindowPos
0x44f6a8 GetScrollInfo
0x44f6ac SetScrollInfo
0x44f6b0 GetClassInfoA
0x44f6b4 RegisterClassA
0x44f6b8 UnregisterClassA
0x44f6bc SetWindowPlacement
0x44f6c0 GetDlgCtrlID
0x44f6c4 DefWindowProcA
0x44f6c8 CallWindowProcA
0x44f6cc SetWindowPos
0x44f6d0 IntersectRect
0x44f6d8 IsIconic
0x44f6dc GetWindowPlacement
0x44f6e0 GetWindow
0x44f6e4 EndPaint
0x44f6e8 BeginPaint
0x44f6ec GrayStringA
0x44f6f0 DrawTextExA
0x44f6f4 DrawTextA
0x44f6f8 TabbedTextOutA
0x44f6fc UnhookWindowsHookEx
0x44f700 GetDesktopWindow
0x44f704 SetActiveWindow
0x44f708 GetSystemMetrics
0x44f710 DestroyWindow
0x44f714 GetDlgItem
0x44f718 IsWindowEnabled
0x44f71c EndDialog
0x44f720 CharUpperW
0x44f724 CharUpperA
0x44f728 CharLowerW
0x44f72c CharLowerA
0x44f730 GetFocus
0x44f734 SetWindowLongA
0x44f738 LoadCursorA
0x44f73c CopyIcon
0x44f740 MessageBeep
0x44f744 IsWindow
0x44f748 GetMessagePos
0x44f74c KillTimer
0x44f750 SetTimer
0x44f754 UnpackDDElParam
0x44f758 ReuseDDElParam
0x44f75c ReleaseCapture
0x44f760 LoadAcceleratorsA
0x44f764 InsertMenuItemA
0x44f768 CreatePopupMenu
0x44f76c SetRectEmpty
0x44f770 ScreenToClient
0x44f774 PtInRect
0x44f778 LoadIconA
0x44f77c LoadMenuA
0x44f780 GetSysColor
0x44f784 GetSubMenu
0x44f788 TrackPopupMenuEx
0x44f78c SetCursor
0x44f790 DestroyCursor
0x44f794 DestroyMenu
0x44f798 GetWindowLongA
0x44f79c WindowFromPoint
0x44f7a0 GetParent
0x44f7a4 BringWindowToTop
0x44f7a8 SetMenu
0x44f7b4 MessageBoxA
0x44f7b8 SetRect
0x44f7bc GetNextDlgTabItem
0x44f7c0 GetActiveWindow
0x44f7c4 ClientToScreen
0x44f7c8 SendMessageA
0x44f7cc DrawFocusRect
0x44f7d0 FrameRect
0x44f7d4 FillRect
0x44f7d8 OffsetRect
0x44f7dc InflateRect
0x44f7e0 CopyRect
0x44f7e4 GetIconInfo
0x44f7e8 CreateIconIndirect
0x44f7ec GetDC
0x44f7f0 DrawStateA
0x44f7f4 DestroyIcon
0x44f7f8 LoadImageA
0x44f7fc EnableWindow
0x44f800 InvalidateRect
0x44f804 GetClientRect
0x44f808 GetWindowRect
0x44f80c PostMessageA
0x44f810 GetWindowDC
0x44f814 ReleaseDC
0x44f818 SetWindowRgn
0x44f81c GetKeyState
Library GDI32.dll:
0x44f070 PlayMetaFileRecord
0x44f074 GetObjectType
0x44f078 EnumMetaFile
0x44f07c PlayMetaFile
0x44f080 GetDeviceCaps
0x44f084 CreatePen
0x44f088 ExtCreatePen
0x44f08c CreateSolidBrush
0x44f090 CreateHatchBrush
0x44f094 GetDCOrgEx
0x44f09c SetRectRgn
0x44f0a0 GetMapMode
0x44f0a4 PatBlt
0x44f0a8 DPtoLP
0x44f0ac CopyMetaFileA
0x44f0b0 CreateDCA
0x44f0b4 GetTextMetricsA
0x44f0b8 GetCharWidthA
0x44f0bc StartPage
0x44f0c0 SelectPalette
0x44f0c4 SetAbortProc
0x44f0c8 AbortDoc
0x44f0cc EndDoc
0x44f0d0 StretchDIBits
0x44f0d4 CreateFontA
0x44f0d8 SetColorAdjustment
0x44f0dc SetArcDirection
0x44f0e0 SetMapperFlags
0x44f0ec SetTextAlign
0x44f0f0 MoveToEx
0x44f0f4 LineTo
0x44f0f8 OffsetClipRgn
0x44f0fc IntersectClipRect
0x44f100 ExcludeClipRect
0x44f104 GetClipBox
0x44f108 SetMapMode
0x44f10c SetStretchBltMode
0x44f110 SelectClipRgn
0x44f114 CreatePatternBrush
0x44f11c ExtSelectClipRgn
0x44f120 PolyBezierTo
0x44f124 PolylineTo
0x44f128 PolyDraw
0x44f12c ArcTo
0x44f134 ScaleWindowExtEx
0x44f138 SetWindowExtEx
0x44f13c OffsetWindowOrgEx
0x44f140 SetWindowOrgEx
0x44f144 ScaleViewportExtEx
0x44f148 SetViewportExtEx
0x44f14c OffsetViewportOrgEx
0x44f150 SetViewportOrgEx
0x44f154 Escape
0x44f158 ExtTextOutA
0x44f15c TextOutA
0x44f160 RectVisible
0x44f164 PtVisible
0x44f168 StartDocA
0x44f16c GetWindowExtEx
0x44f170 GetViewportExtEx
0x44f174 SelectClipPath
0x44f178 EndPage
0x44f17c DeleteObject
0x44f180 SetROP2
0x44f184 SetPolyFillMode
0x44f188 SetBkMode
0x44f18c RestoreDC
0x44f190 SaveDC
0x44f198 CreateFontIndirectA
0x44f19c GetPixel
0x44f1a0 SetPixel
0x44f1a4 CreateBitmap
0x44f1a8 SetBkColor
0x44f1ac SetTextColor
0x44f1b0 DeleteDC
0x44f1b4 GetStockObject
0x44f1b8 CreateRectRgn
0x44f1bc CombineRgn
0x44f1c0 SelectObject
0x44f1c4 StretchBlt
0x44f1c8 BitBlt
0x44f1cc GetBkColor
0x44f1d0 CreateCompatibleDC
0x44f1d8 GetObjectA
0x44f1dc GetDIBits
0x44f1e0 GetClipRgn
Library comdlg32.dll:
0x44f838 PageSetupDlgA
0x44f83c FindTextA
0x44f840 ReplaceTextA
0x44f844 GetOpenFileNameA
0x44f84c PrintDlgA
0x44f850 GetFileTitleA
0x44f854 GetSaveFileNameA
Library WINSPOOL.DRV:
0x44f824 OpenPrinterA
0x44f828 DocumentPropertiesA
0x44f82c ClosePrinter
0x44f830 GetJobA
Library ADVAPI32.dll:
0x44f000 GetFileSecurityA
0x44f004 RegQueryValueA
0x44f008 RegOpenKeyExA
0x44f00c RegSetValueA
0x44f010 RegOpenKeyA
0x44f014 RegQueryValueExA
0x44f018 RegDeleteKeyA
0x44f01c RegEnumKeyA
0x44f020 RegCreateKeyExA
0x44f024 RegSetValueExA
0x44f028 RegDeleteValueA
0x44f02c RegCreateKeyA
0x44f030 RegCloseKey
0x44f034 SetFileSecurityA
Library SHELL32.dll:
0x44f51c DragQueryFileA
0x44f520 ShellExecuteA
0x44f524 ExtractIconA
0x44f528 SHGetFileInfoA
0x44f52c DragFinish
0x44f530 ShellExecuteExA
Library COMCTL32.dll:
0x44f03c _TrackMouseEvent
0x44f040
0x44f044
0x44f048 ImageList_Read
0x44f04c ImageList_Write
0x44f050
0x44f054 ImageList_Destroy
0x44f058 ImageList_Create
0x44f060 ImageList_Merge
0x44f064 ImageList_Draw
Library SHLWAPI.dll:
0x44f53c PathFindFileNameA
0x44f540 PathStripToRootA
0x44f544 PathFindExtensionA
0x44f548 PathIsUNCA
Library ole32.dll:
0x44f8d4 CoTaskMemFree
0x44f8d8 SetConvertStg
0x44f8dc WriteFmtUserTypeStg
0x44f8e0 WriteClassStg
0x44f8e4 OleRegGetUserType
0x44f8e8 ReadFmtUserTypeStg
0x44f8ec ReadClassStg
0x44f8f0 StringFromCLSID
0x44f8f4 CoTreatAsClass
0x44f8f8 CreateBindCtx
0x44f8fc CoTaskMemAlloc
0x44f900 ReleaseStgMedium
0x44f904 OleDuplicateData
0x44f908 CoDisconnectObject
0x44f90c CoCreateInstance
0x44f910 StringFromGUID2
0x44f914 CLSIDFromString
Library OLEAUT32.dll:
0x44f480 VarBstrFromDate
0x44f484 VarBstrFromCy
0x44f488 VarCyFromStr
0x44f48c VarDecFromStr
0x44f490 VarBstrFromDec
0x44f494 VarDateFromStr
0x44f498 SysReAllocStringLen
0x44f49c SysAllocString
0x44f4b0 SafeArrayDestroy
0x44f4b4 SafeArrayUnlock
0x44f4b8 SafeArrayLock
0x44f4bc SafeArrayPutElement
0x44f4c0 SafeArrayPtrOfIndex
0x44f4c4 SafeArrayGetElement
0x44f4c8 SafeArrayCopy
0x44f4d0 SafeArrayAllocData
0x44f4d4 VariantCopy
0x44f4d8 SafeArrayRedim
0x44f4dc SafeArrayCreate
0x44f4e0 SafeArrayGetDim
0x44f4e8 SafeArrayGetLBound
0x44f4ec SafeArrayGetUBound
0x44f4f0 SafeArrayAccessData
0x44f4f8 SysStringByteLen
0x44f4fc VariantClear
0x44f500 VariantChangeType
0x44f504 VariantInit
0x44f508 SysAllocStringLen
0x44f50c SysFreeString
0x44f510 SysStringLen
Library gdiplus.dll:
0x44f85c GdipGetPenFillType
0x44f860 GdipGetPenColor
0x44f864 GdipGetPenWidth
0x44f86c GdipSetPenDashStyle
0x44f870 GdipCreateFromHDC
0x44f87c GdipDrawLineI
0x44f880 GdipDrawArcI
0x44f884 GdipDrawEllipseI
0x44f888 GdipGraphicsClear
0x44f88c GdipFillEllipseI
0x44f890 GdipDrawImageI
0x44f894 GdipCloneBrush
0x44f898 GdipCloneImage
0x44f8a0 GdiplusStartup
0x44f8a4 GdiplusShutdown
0x44f8a8 GdipFree
0x44f8ac GdipAlloc
0x44f8b0 GdipDeleteBrush
0x44f8b4 GdipCreatePen1
0x44f8b8 GdipDeletePen
0x44f8bc GdipDeleteGraphics
0x44f8c0 GdipDisposeImage

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 60221 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.