6.4
高危
38 个模型检测该样本为恶意!
重新分析
更多

e801bfd3ce82127086d6b629039947e99f84d1b919ff86b51d40ae5fbe6bcc9b

76ab83f9f6fe3887b79acdcf6b060f72.exe

分析耗时

90s

最近分析

文件大小

5.1MB
静态报毒 动态报毒 @XW@AS@0Z APPLICUNWNT@#1H0F2NJB3MOYB ARTEMIS ATTRIBUTE CLOUD CONFIDENCE DOWNLOAD4 GENERIC PUA PM GPBCY HIGHCONFIDENCE INSTALLUNION OCCAMY R002H0CC820 REDCAP S7610983 SOFTCNAPP UNSAFE WACATACPMF WD5FSY ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Artemis!76AB83F9F6FE 20200312 6.0.6.653
CrowdStrike win/malicious_confidence_60% (W) 20190702 1.0
Alibaba AdWare:Win32/InstallUnion.d6c1eb78 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Adware-gen [Adw] 20200312 18.4.3895.0
Kingsoft 20200312 2013.8.14.323
Tencent 20200312 1.0.0.1
静态指标
Checks if process is being debugged by a debugger (6 个事件)
Time & API Arguments Status Return Repeated
1619649225.885139
IsDebuggerPresent
failed 0 0
1619649225.963139
IsDebuggerPresent
failed 0 0
1619649226.041139
IsDebuggerPresent
failed 0 0
1619649226.229139
IsDebuggerPresent
failed 0 0
1619649226.291139
IsDebuggerPresent
failed 0 0
1619649226.338139
IsDebuggerPresent
failed 0 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619649226.135139
GlobalMemoryStatusEx
success 1 0
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (2 个事件)
suspicious_features POST method with no referer header suspicious_request POST http://dlsft.com/callback/geo/geo.php
suspicious_features POST method with no referer header suspicious_request POST http://dlsft.com/callback/?channel=Wrd&action=started
Performs some HTTP requests (12 个事件)
request GET http://dlsft.com/callback/offers.php
request POST http://dlsft.com/callback/geo/geo.php
request POST http://dlsft.com/callback/?channel=Wrd&action=started
request GET http://x.ss2.us/x.cer
request GET http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEALYmhVz87O42hRbWDiYKQc%3D
request GET http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
request GET http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
request GET http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
request GET http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D
request GET http://ocsp.sca1b.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEAtQvBbyWXPf0hng54oxdZQ%3D
request GET https://wearedevs.net/Assets/Images/Releases/gravityswitch.png
request GET https://dpd.securestudies.com/dpdv2.aspx?campaignid=1538&co=CN
Sends data using the HTTP POST Method (2 个事件)
request POST http://dlsft.com/callback/geo/geo.php
request POST http://dlsft.com/callback/?channel=Wrd&action=started
Steals private information from local Internet browsers (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnplhahbcoldbildffdchneaepapccbn
Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 个事件)
Time & API Arguments Status Return Repeated
1619649227.010139
NtProtectVirtualMemory
process_identifier: 2056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 32 (PAGE_EXECUTE_READ)
process_handle: 0xffffffff
base_address: 0x7ef70000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619649227.291139
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Attempts to create or modify system certificates (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1619649229.869139
RegSetValueExA
key_handle: 0x00000510
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619649229.869139
RegSetValueExA
key_handle: 0x00000510
value:  /»z<×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619649229.869139
RegSetValueExA
key_handle: 0x00000510
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619649229.869139
RegSetValueExW
key_handle: 0x00000510
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619649229.869139
RegSetValueExA
key_handle: 0x00000528
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619649229.869139
RegSetValueExA
key_handle: 0x00000528
value:  /»z<×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619649229.869139
RegSetValueExA
key_handle: 0x00000528
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619649229.901139
RegSetValueExW
key_handle: 0x0000050c
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1619649230.885139
RegSetValueExA
key_handle: 0x000005a4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619649230.885139
RegSetValueExA
key_handle: 0x000005a4
value: óÉ»z<×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619649230.885139
RegSetValueExA
key_handle: 0x000005a4
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619649230.885139
RegSetValueExW
key_handle: 0x000005a4
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619649230.901139
RegSetValueExA
key_handle: 0x000005b4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619649230.901139
RegSetValueExA
key_handle: 0x000005b4
value: óÉ»z<×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619649230.901139
RegSetValueExA
key_handle: 0x000005b4
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
Generates some ICMP traffic
File has been identified by 38 AntiVirus engines on VirusTotal as malicious (38 个事件)
CAT-QuickHeal PUA.WacatacPMF.S7610983
McAfee Artemis!76AB83F9F6FE
Malwarebytes PUP.Optional.InstallUnion
AegisLab Riskware.Win32.Agent.1!c
CrowdStrike win/malicious_confidence_60% (W)
Alibaba AdWare:Win32/InstallUnion.d6c1eb78
K7GW Adware ( 00552da41 )
K7AntiVirus Adware ( 00552da41 )
Invincea heuristic
BitDefenderTheta Gen:NN.ZexaF.34100.@xW@aS@0Z!fO
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Adware.InstallUnion.A
TrendMicro-HouseCall TROJ_GEN.R002H0CC820
Paloalto generic.ml
Kaspersky not-a-virus:HEUR:Downloader.Win32.Agent.vho
Avast Win32:Adware-gen [Adw]
Rising Trojan.Occamy!8.F1CD (CLOUD)
Comodo ApplicUnwnt@#1h0f2njb3moyb
F-Secure Adware.ADWARE/Redcap.gpbcy
DrWeb Trojan.DownLoad4.13701
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition BehavesLike.Win32.Softcnapp.th
Sophos Generic PUA PM (PUA)
APEX Malicious
Jiangmin Downloader.Agent.lnt
Avira ADWARE/Redcap.gpbcy
Antiy-AVL RiskWare[Downloader]/Win32.Agent
Microsoft Trojan:Win32/Occamy.C
ZoneAlarm not-a-virus:HEUR:Downloader.Win32.Agent.vho
GData Win32.Application.Agent.WD5FSY
AhnLab-V3 Malware/Win32.Generic.C3430560
Acronis suspicious
VBA32 Downloader.Agent
Cylance Unsafe
Fortinet W32/RedCap.165D!tr
Webroot W32.Trojan.Gen
AVG Win32:Adware-gen [Adw]
Qihoo-360 Win32/Virus.Downloader.d0d
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-03-04 20:57:53

Imports

Library KERNEL32.dll:
0x7a20e4 SetFileAttributesW
0x7a20e8 DeleteFileW
0x7a20f0 Process32NextW
0x7a20f4 Process32FirstW
0x7a20fc TerminateProcess
0x7a2100 Sleep
0x7a2104 GetLastError
0x7a2108 CloseHandle
0x7a210c OutputDebugStringA
0x7a2110 GetTempPathW
0x7a2114 GetFileAttributesW
0x7a2118 CreateDirectoryW
0x7a211c LocalFree
0x7a2120 FindResourceW
0x7a2124 SizeofResource
0x7a2128 LockResource
0x7a212c CreateJobObjectW
0x7a2140 GetShortPathNameW
0x7a2144 GetLongPathNameW
0x7a214c LoadResource
0x7a2150 GetCommandLineW
0x7a215c WriteConsoleInputW
0x7a2160 CreateFileA
0x7a2164 ReadConsoleInputW
0x7a217c DebugBreak
0x7a2180 FormatMessageA
0x7a2184 LoadLibraryA
0x7a2188 CopyFileW
0x7a218c MoveFileExW
0x7a2194 CreateHardLinkW
0x7a2198 FormatMessageW
0x7a219c WideCharToMultiByte
0x7a21a4 SwitchToThread
0x7a21a8 GetCurrentThreadId
0x7a21b8 SetLastError
0x7a21c0 CreateEventW
0x7a21c4 TlsAlloc
0x7a21c8 TlsGetValue
0x7a21cc TlsSetValue
0x7a21d0 TlsFree
0x7a21d8 GetTickCount
0x7a21dc GetModuleHandleW
0x7a21e0 GetProcAddress
0x7a21e4 EncodePointer
0x7a21e8 DecodePointer
0x7a21ec MultiByteToWideChar
0x7a21f8 CompareStringW
0x7a21fc LCMapStringW
0x7a2200 GetLocaleInfoW
0x7a2204 GetStringTypeW
0x7a2208 GetCPInfo
0x7a220c SetEvent
0x7a2210 ResetEvent
0x7a221c GetCurrentProcess
0x7a2224 IsDebuggerPresent
0x7a2228 GetStartupInfoW
0x7a222c GetCurrentProcessId
0x7a2230 InitializeSListHead
0x7a2234 CreateThread
0x7a2238 SetThreadPriority
0x7a223c GetThreadPriority
0x7a2244 UnregisterWait
0x7a2248 OutputDebugStringW
0x7a224c GetCurrentThread
0x7a2250 GetThreadTimes
0x7a2254 FreeLibrary
0x7a225c GetModuleFileNameW
0x7a2260 GetModuleHandleA
0x7a2264 LoadLibraryExW
0x7a2268 GetVersionExW
0x7a226c VirtualAlloc
0x7a2270 VirtualFree
0x7a2274 DuplicateHandle
0x7a2278 ReleaseSemaphore
0x7a227c UnregisterWaitEx
0x7a2280 LoadLibraryW
0x7a2284 WaitForSingleObject
0x7a2288 RaiseException
0x7a228c RtlUnwind
0x7a2290 ExitThread
0x7a2294 ResumeThread
0x7a2298 GetModuleHandleExW
0x7a229c ExitProcess
0x7a22a0 GetStdHandle
0x7a22a4 WriteFile
0x7a22a8 HeapAlloc
0x7a22ac HeapFree
0x7a22b0 GetExitCodeProcess
0x7a22b4 CreateProcessW
0x7a22bc GetFileType
0x7a22c0 GetDateFormatW
0x7a22c4 GetTimeFormatW
0x7a22c8 IsValidLocale
0x7a22cc GetUserDefaultLCID
0x7a22d0 EnumSystemLocalesW
0x7a22d8 FlushFileBuffers
0x7a22dc GetConsoleCP
0x7a22e0 GetConsoleMode
0x7a22e4 ReadFile
0x7a22e8 GetFileSizeEx
0x7a22ec SetFilePointerEx
0x7a22f0 ReadConsoleW
0x7a22f4 HeapReAlloc
0x7a22fc FindClose
0x7a2300 FindFirstFileExW
0x7a2304 FindNextFileW
0x7a2308 IsValidCodePage
0x7a230c GetACP
0x7a2310 GetOEMCP
0x7a2314 GetCommandLineA
0x7a2324 GetProcessHeap
0x7a2328 SetStdHandle
0x7a232c HeapSize
0x7a2330 CreateFileW
0x7a2334 WriteConsoleW
0x7a2338 GlobalUnlock
0x7a233c GlobalLock
0x7a2340 GlobalSize
0x7a2344 MulDiv
0x7a2348 GlobalFree
0x7a234c GlobalAlloc
0x7a2350 LocalAlloc
0x7a2354 lstrlenW
0x7a2358 LocalSize
0x7a235c GetModuleFileNameA
0x7a2360 LoadLibraryExA
0x7a236c GetTempPathA
0x7a2370 GetTempFileNameA
0x7a2374 CompareStringA
0x7a2378 GetNumberFormatW
0x7a237c GetCurrencyFormatW
0x7a2380 VerSetConditionMask
0x7a2384 GetComputerNameW
0x7a2388 VerifyVersionInfoW
0x7a238c FindFirstFileW
0x7a2398 GetSystemTime
0x7a239c SetFilePointer
0x7a23a0 SetEndOfFile
0x7a23a4 UnmapViewOfFile
0x7a23a8 FlushViewOfFile
0x7a23ac GetFileSize
0x7a23b0 CreateFileMappingW
0x7a23b4 MapViewOfFile
0x7a23b8 AllocConsole
0x7a23bc lstrcmpW
0x7a23c8 CreateSemaphoreA
0x7a23cc CreateEventA
0x7a23d0 SetErrorMode
0x7a23e0 CancelIo
0x7a23ec CreateNamedPipeA
0x7a23f0 CreateNamedPipeW
0x7a23f4 PeekNamedPipe
0x7a23f8 QueueUserWorkItem
0x7a2400 WaitNamedPipeW
0x7a2404 ConnectNamedPipe
0x7a2408 DeviceIoControl
0x7a240c RemoveDirectoryW
0x7a2410 SetFileTime
Library USER32.dll:
0x7a246c GetMessageW
0x7a2470 TranslateMessage
0x7a2478 DispatchMessageW
0x7a247c PeekMessageW
0x7a2480 PostMessageW
0x7a2484 ShowWindow
0x7a2488 GetWindowTextA
0x7a2490 FindWindowW
0x7a2494 GetWindowPlacement
0x7a2498 IsWindowVisible
0x7a249c AnimateWindow
0x7a24a0 SetWindowPos
0x7a24a4 GetWindowRect
0x7a24a8 SetWindowLongW
0x7a24ac GetWindowLongW
0x7a24b0 UpdateLayeredWindow
0x7a24b4 SetCursor
0x7a24b8 MapWindowPoints
0x7a24bc UpdateWindow
0x7a24c0 SetFocus
0x7a24c4 GetFocus
0x7a24c8 EndPaint
0x7a24cc BeginPaint
0x7a24d0 SetForegroundWindow
0x7a24d4 GetForegroundWindow
0x7a24d8 DestroyIcon
0x7a24dc KillTimer
0x7a24e0 GetParent
0x7a24e4 IsWindow
0x7a24e8 SendMessageW
0x7a24ec InvalidateRect
0x7a24f0 GetClientRect
0x7a24f4 GetSystemMetrics
0x7a24f8 AdjustWindowRectEx
0x7a24fc CreateWindowExW
0x7a2500 MessageBoxW
0x7a2504 DestroyWindow
0x7a2508 GetWindow
0x7a250c EnableWindow
0x7a2510 SetActiveWindow
0x7a2514 LoadIconW
0x7a2518 LoadCursorW
0x7a251c RegisterClassExW
0x7a2520 PostQuitMessage
0x7a2524 DefWindowProcW
0x7a2528 GetCursorPos
0x7a252c GetDesktopWindow
0x7a2530 MoveWindow
0x7a2534 IsWindowEnabled
0x7a2538 RegisterClassW
0x7a253c RedrawWindow
0x7a2540 WindowFromPoint
0x7a2544 GetWindowTextW
0x7a2548 ReleaseDC
0x7a254c ReleaseCapture
0x7a2554 IsWindowUnicode
0x7a255c GetClassLongW
0x7a2560 SetWindowsHookExW
0x7a2564 EnumThreadWindows
0x7a2568 EndDeferWindowPos
0x7a256c SetCapture
0x7a2570 GetUpdateRect
0x7a2574 IsRectEmpty
0x7a2578 GetMessageTime
0x7a257c UnhookWindowsHookEx
0x7a2580 GetSysColor
0x7a2584 GetDoubleClickTime
0x7a2588 CallMsgFilterW
0x7a258c IsChild
0x7a2590 ClientToScreen
0x7a2594 GetMonitorInfoW
0x7a2598 SetTimer
0x7a259c GetCapture
0x7a25a0 GetAsyncKeyState
0x7a25a4 BeginDeferWindowPos
0x7a25a8 SetClassLongW
0x7a25ac GetActiveWindow
0x7a25b0 GetScrollInfo
0x7a25b4 NotifyWinEvent
0x7a25b8 SetWindowTextW
0x7a25bc CallNextHookEx
0x7a25c0 ScreenToClient
0x7a25c4 MonitorFromWindow
0x7a25c8 GetDC
0x7a25cc MonitorFromPoint
0x7a25d0 GetMessageExtraInfo
0x7a25d4 GetKeyState
0x7a25d8 DeferWindowPos
0x7a25dc SetScrollInfo
0x7a25e0 EnumDisplayDevicesW
0x7a25e4 EnumDisplayMonitors
0x7a25e8 DestroyCaret
0x7a25ec GetKeyboardLayout
0x7a25f0 CreateCaret
0x7a25f4 SetCaretPos
0x7a25fc OpenClipboard
0x7a2600 EmptyClipboard
0x7a2604 CloseClipboard
0x7a2610 SetClipboardData
0x7a2618 GetClipboardData
0x7a2620 LoadStringW
0x7a2624 MessageBeep
0x7a2628 DestroyCursor
0x7a262c LoadCursorFromFileA
0x7a2630 CreateIconIndirect
0x7a2634 GetIconInfo
0x7a2638 DrawIconEx
0x7a263c MessageBoxA
0x7a2640 GetQueueStatus
0x7a2644 PostThreadMessageW
0x7a264c SetWinEventHook
0x7a2650 DispatchMessageA
0x7a2654 MapVirtualKeyW
0x7a2658 GetMessageA
0x7a265c FindWindowExW
0x7a2660 EnumWindows
0x7a2664 GetClassNameW
Library ADVAPI32.dll:
0x7a2000 RegOpenKeyExW
0x7a2008 RegGetValueW
0x7a200c RegSetValueExW
0x7a2010 RegCreateKeyExW
0x7a2014 RegCloseKey
0x7a2018 CryptGenRandom
0x7a201c CryptReleaseContext
0x7a2020 RegQueryValueExW
0x7a2024 GetUserNameW
Library SHELL32.dll:
0x7a2440 ShellExecuteW
0x7a2444 CommandLineToArgvW
0x7a2450
0x7a2454 ShellExecuteExW
0x7a2458 DragQueryFileW
0x7a245c SHBrowseForFolderW
0x7a2460 SHGetFileInfoW
0x7a2464
Library ole32.dll:
0x7a2934 CoUninitialize
0x7a293c CoInitialize
0x7a2940 CoCreateGuid
0x7a2944 CoTaskMemFree
0x7a2948 CoCreateInstance
0x7a2950 RegisterDragDrop
0x7a2954 RevokeDragDrop
0x7a2958 DoDragDrop
0x7a295c ReleaseStgMedium
0x7a2960 OleInitialize
0x7a2964 OleUninitialize
0x7a2968 CoTaskMemAlloc
Library urlmon.dll:
0x7a2970 FindMimeFromData
0x7a2974 URLDownloadToFileW
Library OLEACC.dll:
0x7a241c LresultFromObject
Library UxTheme.dll:
0x7a2688 DrawThemeBackground
0x7a268c CloseThemeData
0x7a2690 OpenThemeData
0x7a2698 SetWindowTheme
0x7a269c GetThemePartSize
Library IMM32.dll:
0x7a20c4 ImmReleaseContext
0x7a20d4 ImmNotifyIME
0x7a20d8 ImmGetContext
0x7a20dc ImmIsIME
Library COMCTL32.dll:
0x7a2030 ImageList_DrawEx
0x7a2034 ImageList_Destroy
Library WS2_32.dll:
0x7a26f8 shutdown
0x7a26fc WSASend
0x7a2700 WSAIoctl
0x7a2704 bind
0x7a2708 select
0x7a270c WSARecvFrom
0x7a2710 WSAGetLastError
0x7a2714 setsockopt
0x7a2718 getsockopt
0x7a271c closesocket
0x7a2720 listen
0x7a2724 GetAddrInfoW
0x7a2728 FreeAddrInfoW
0x7a272c htons
0x7a2730 ioctlsocket
0x7a2734 WSARecv
0x7a2738 socket
0x7a273c WSAStartup
0x7a2740 WSASetLastError
0x7a2744 WSASocketW
Library WINMM.dll:
0x7a26d4 timeEndPeriod
0x7a26d8 timeGetTime
0x7a26dc timeSetEvent
0x7a26e0 PlaySoundW
0x7a26e4 timeKillEvent
0x7a26e8 timeBeginPeriod
Library USP10.dll:
0x7a266c ScriptPlace
0x7a2670 ScriptBreak
0x7a2674 ScriptItemize
0x7a2678 ScriptFreeCache
0x7a267c ScriptShape
Library GDI32.dll:
0x7a2050 CreateDCW
0x7a2054 EndPage
0x7a2058 GetDeviceCaps
0x7a205c GetStockObject
0x7a2060 RestoreDC
0x7a2064 SetViewportOrgEx
0x7a2068 SaveDC
0x7a206c GetClipBox
0x7a2070 SetMapMode
0x7a2074 StartPage
0x7a2078 SetLayout
0x7a207c CreateCompatibleDC
0x7a2080 CreateDIBSection
0x7a2084 SelectObject
0x7a2088 DeleteDC
0x7a208c DeleteObject
0x7a2090 BitBlt
0x7a2094 StartDocW
0x7a2098 EndDoc
0x7a20a0 EnumFontFamiliesExW
0x7a20a4 CreateFontW
0x7a20a8 GetObjectA
0x7a20ac GetGlyphIndicesW
0x7a20b0 CreateBitmap
0x7a20b4 GetDIBits
0x7a20b8 GetObjectW
Library WINSPOOL.DRV:
0x7a26f0
Library COMDLG32.dll:
0x7a203c GetOpenFileNameW
0x7a2044 PrintDlgW
0x7a2048 GetSaveFileNameW
Library OLEAUT32.dll:
0x7a2428 SysFreeString
0x7a2430 SafeArrayPutElement
0x7a2434 SafeArrayDestroy
0x7a2438 SysAllocStringLen
Library gdiplus.dll:
0x7a2750 GdipBitmapLockBits
0x7a2758 GdipAlloc
0x7a275c GdipFree
0x7a2764 GdipCloneImage
0x7a2768 GdipDisposeImage
0x7a2770 GdipDeleteBrush
0x7a2774 GdipCloneBrush
0x7a2778 GdipFillRectangleI
0x7a277c GdipCreatePath
0x7a2780 GdipDeletePath
0x7a2784 GdipAddPathArcI
0x7a2788 GdipAddPathLineI
0x7a278c GdipFillPath
0x7a2790 GdipGetClipBoundsI
0x7a2794 GdipCreateLineBrush
0x7a279c GdipCreateMatrix2
0x7a27a4 GdipSetLineWrapMode
0x7a27a8 GdipAddPathEllipse
0x7a27c0 GdipCreatePen1
0x7a27c4 GdipDeletePen
0x7a27c8 GdipDrawPath
0x7a27cc GdipFillRectanglesI
0x7a27d0 GdipDrawLine
0x7a27d4 GdipSetClipRectI
0x7a27e0 GdipSaveGraphics
0x7a27e4 GdipRestoreGraphics
0x7a27e8 GdipBeginContainer2
0x7a27f0 GdipGraphicsClear
0x7a27f8 GdipCreateSolidFill
0x7a27fc GdipSetClipRect
0x7a2804 GdipGetImageHeight
0x7a2808 GdipGetImageWidth
0x7a280c GdipDeleteGraphics
0x7a2814 GdipEndContainer
0x7a2828 GdipTransformPoints
0x7a2830 GdipCreateMatrix
0x7a2834 GdipDeleteMatrix
0x7a2840 GdipTranslateMatrix
0x7a2844 GdipRotateMatrix
0x7a2848 GdipScaleMatrix
0x7a284c GdipShearMatrix
0x7a2850 GdipCreateTexture
0x7a2854 GdipFillEllipse
0x7a2858 GdipDrawEllipse
0x7a285c GdipFillPie
0x7a2860 GdipDrawPie
0x7a2864 GdipDrawArc
0x7a2868 GdipFillRectangle
0x7a286c GdipDrawRectangle
0x7a2870 GdipResetPath
0x7a2878 GdipStartPathFigure
0x7a287c GdipAddPathLine
0x7a2880 GdipClosePathFigure
0x7a2884 GdipSetPathFillMode
0x7a2888 GdipAddPathArc
0x7a288c GdipAddPathBezier
0x7a2890 GdipSetPageUnit
0x7a28a4 GdipCreateFromHWND
0x7a28a8 GdipCreateFromHDC
0x7a28c4 GdipMeasureString
0x7a28cc GdipGetFamily
0x7a28d0 GdipGetCellAscent
0x7a28d4 GdipGetFontSize
0x7a28d8 GdipGetEmHeight
0x7a28dc GdipGetCellDescent
0x7a28e0 GdipDrawString
0x7a28e4 GdipAddPathString
0x7a28e8 GdipGetFontStyle
0x7a28ec GdipCreatePen2
0x7a28f0 GdipSetPenEndCap
0x7a28f4 GdipSetPenStartCap
0x7a28f8 GdipSetPenLineJoin
0x7a2900 GdipSetPenDashStyle
0x7a2904 GdipSetPenDashArray
0x7a290c GdipDeleteFont
0x7a2914 GdipGetLineSpacing
0x7a291c GdiplusShutdown
0x7a2920 GdiplusStartup
0x7a2928 GdipDrawImageI
0x7a292c GdipClonePath
Library WININET.dll:
0x7a26a4 InternetCloseHandle
0x7a26a8 InternetOpenA
0x7a26ac InternetSetOptionW
0x7a26b0 HttpSendRequestA
0x7a26b4 InternetErrorDlg
0x7a26b8 InternetReadFile
0x7a26bc HttpQueryInfoW
0x7a26c0 HttpOpenRequestA
0x7a26c4 InternetConnectA
0x7a26c8 HttpQueryInfoA

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49180 104.26.7.147 wearedevs.net 443
192.168.56.101 49185 124.225.105.97 www.download.windowsupdate.com 80
192.168.56.101 49179 13.224.249.15 dpd.securestudies.com 443
192.168.56.101 49177 35.190.60.70 dlsft.com 80
192.168.56.101 49178 35.190.60.70 dlsft.com 80
192.168.56.101 49186 52.84.227.171 o.ss2.us 80
192.168.56.101 49181 52.84.227.32 x.ss2.us 80
192.168.56.101 49189 52.84.227.94 ocsp.sca1b.amazontrust.com 80
192.168.56.101 49187 52.84.227.99 ocsp.rootca1.amazontrust.com 80
192.168.56.101 49188 52.84.227.99 ocsp.rootca1.amazontrust.com 80
192.168.56.101 49184 93.184.220.29 ocsp.digicert.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51809 239.255.255.250 3702
192.168.56.101 51811 239.255.255.250 3702

HTTP & HTTPS Requests

URI Data
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D 
GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.rootca1.amazontrust.com
http://dlsft.com/callback/?channel=Wrd&action=started 
POST /callback/?channel=Wrd&action=started HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded;charset=utf-8
User-Agent: sciter 4.3.0.0; Windows-7.1; www.sciter.com)
Host: dlsft.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
http://x.ss2.us/x.cer 
GET /x.cer HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: x.ss2.us
http://dlsft.com/callback/geo/geo.php 
POST /callback/geo/geo.php HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded;charset=utf-8
User-Agent: sciter 4.3.0.0; Windows-7.1; www.sciter.com)
Host: dlsft.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
http://ocsp.sca1b.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEAtQvBbyWXPf0hng54oxdZQ%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEAtQvBbyWXPf0hng54oxdZQ%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.sca1b.amazontrust.com
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab 
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Cache-Control: max-age = 3600
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 03 Mar 2021 06:32:16 GMT
If-None-Match: "0d8f4f3f6fd71:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.download.windowsupdate.com
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D 
GET //MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.ss2.us
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab 
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 03 Mar 2021 06:32:16 GMT
If-None-Match: "0d8f4f3f6fd71:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.download.windowsupdate.com
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEALYmhVz87O42hRbWDiYKQc%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEALYmhVz87O42hRbWDiYKQc%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D 
GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.rootg2.amazontrust.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.