9.0
极危
57 个模型检测该样本为恶意!
重新分析
更多

170984e2f23a42f3b24c75674b111aa8abb870bbd9e70f15ca3a7e6abf4e1ab7

7f1599b18ba48fe371d5ea7b83ad177b.exe

分析耗时

76s

最近分析

文件大小

983.1KB
静态报毒 动态报毒 9GX@ASH6CVBI AGENTTESLA AI SCORE=82 AIDETECTVM CLASSIC CONFIDENCE DANGEROUSSIG DELF ENAR EQGR FAREIT FORMBOOK GENERICKDZ GENKRYPTIK HIGH CONFIDENCE HSFJLL HULP MALWARE1 MALWARE@#2TA55ZA9R3EPG NOON R348759 RATNET SCORE SUSPICIOUS PE THIBDBO TSCOPE UNSAFE ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FPQ!7F1599B18BA4 20201024 6.0.6.653
Alibaba TrojanSpy:Win32/Formbook.05f34425 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_60% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:DangerousSig [Trj] 20201024 18.4.3895.0
Kingsoft 20201024 2013.8.14.323
静态指标
Checks if process is being debugged by a debugger (24 个事件)
Time & API Arguments Status Return Repeated
1619674278.897895
IsDebuggerPresent
failed 0 0
1619674279.037895
IsDebuggerPresent
failed 0 0
1619674286.428895
IsDebuggerPresent
failed 0 0
1619674286.725895
IsDebuggerPresent
failed 0 0
1619674286.834895
IsDebuggerPresent
failed 0 0
1619674287.162895
IsDebuggerPresent
failed 0 0
1619674287.241895
IsDebuggerPresent
failed 0 0
1619674287.366895
IsDebuggerPresent
failed 0 0
1619674287.412895
IsDebuggerPresent
failed 0 0
1619674287.475895
IsDebuggerPresent
failed 0 0
1619674288.975895
IsDebuggerPresent
failed 0 0
1619674290.694895
IsDebuggerPresent
failed 0 0
1619674299.287895
IsDebuggerPresent
failed 0 0
1619674299.741895
IsDebuggerPresent
failed 0 0
1619674299.881895
IsDebuggerPresent
failed 0 0
1619674299.897895
IsDebuggerPresent
failed 0 0
1619674301.522895
IsDebuggerPresent
failed 0 0
1619674303.709895
IsDebuggerPresent
failed 0 0
1619674312.287895
IsDebuggerPresent
failed 0 0
1619674315.584895
IsDebuggerPresent
failed 0 0
1619674315.944895
IsDebuggerPresent
failed 0 0
1619674274.678645
IsDebuggerPresent
failed 0 0
1619674274.741645
IsDebuggerPresent
failed 0 0
1619674274.756645
IsDebuggerPresent
failed 0 0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
This executable is signed
Tries to locate where the browsers are installed (2 个事件)
file C:\Program Files\Google\Chrome\Application\89.0.4389.114\chrome.dll
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe\PATH
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619674698.128876
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619674320.772895
__exception__
stacktrace: 
0xb82e04
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30

registers.r14: 8312999824896
registers.r9: 0
registers.rcx: 1400
registers.rsi: -6148914691236517206
registers.r10: 0
registers.rbx: 287566000
registers.rdi: 17302540
registers.r11: 287569920
registers.r8: 2009563532
registers.rdx: 1308
registers.rbp: 287565856
registers.r15: 287566360
registers.r12: 287566760
registers.rsp: 287565720
registers.rax: 12070400
registers.r13: 8313000820736
exception.instruction_r: ff 15 16 1f 09 00 ff 25 00 00 00 00 aa a4 a3 77
exception.instruction: call qword ptr [rip + 0x91f16]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xb82e04
success 0 0
1619674699.691249
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x73ece97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x73ecea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x73ecb25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x73ecb4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x73ecac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x73ecaed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x73ec5511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x73ec559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74607f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74604de3
7f1599b18ba48fe371d5ea7b83ad177b+0x6ea4d @ 0x46ea4d
7f1599b18ba48fe371d5ea7b83ad177b+0x67254 @ 0x467254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfd0614ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (30 个事件)
Time & API Arguments Status Return Repeated
1619674697.613876
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00520000
success 0 0
1619674697.691876
NtProtectVirtualMemory
process_identifier: 784
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 77824
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00467000
success 0 0
1619674697.691876
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02300000
success 0 0
1619674698.738249
NtProtectVirtualMemory
process_identifier: 2740
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619674698.784249
NtAllocateVirtualMemory
process_identifier: 2740
region_size: 1114112
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01fd0000
success 0 0
1619674698.784249
NtAllocateVirtualMemory
process_identifier: 2740
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x020a0000
success 0 0
1619674698.784249
NtAllocateVirtualMemory
process_identifier: 2740
region_size: 417792
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00730000
success 0 0
1619674698.784249
NtProtectVirtualMemory
process_identifier: 2740
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 389120
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00732000
success 0 0
1619674699.144249
NtAllocateVirtualMemory
process_identifier: 2740
region_size: 2293760
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x022a0000
success 0 0
1619674699.144249
NtAllocateVirtualMemory
process_identifier: 2740
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02490000
success 0 0
1619674699.659249
NtProtectVirtualMemory
process_identifier: 2740
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00552000
success 0 0
1619674699.659249
NtProtectVirtualMemory
process_identifier: 2740
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619674699.659249
NtProtectVirtualMemory
process_identifier: 2740
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00552000
success 0 0
1619674699.659249
NtProtectVirtualMemory
process_identifier: 2740
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619674699.659249
NtProtectVirtualMemory
process_identifier: 2740
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00552000
success 0 0
1619674699.659249
NtProtectVirtualMemory
process_identifier: 2740
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619674699.659249
NtProtectVirtualMemory
process_identifier: 2740
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00552000
success 0 0
1619674699.659249
NtProtectVirtualMemory
process_identifier: 2740
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619674699.659249
NtProtectVirtualMemory
process_identifier: 2740
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00552000
success 0 0
1619674699.659249
NtProtectVirtualMemory
process_identifier: 2740
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619674699.659249
NtProtectVirtualMemory
process_identifier: 2740
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00552000
success 0 0
1619674699.659249
NtProtectVirtualMemory
process_identifier: 2740
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619674699.659249
NtProtectVirtualMemory
process_identifier: 2740
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00552000
success 0 0
1619674699.659249
NtProtectVirtualMemory
process_identifier: 2740
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619674699.659249
NtProtectVirtualMemory
process_identifier: 2740
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00552000
success 0 0
1619674699.659249
NtProtectVirtualMemory
process_identifier: 2740
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619674699.659249
NtProtectVirtualMemory
process_identifier: 2740
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00552000
success 0 0
1619674699.659249
NtProtectVirtualMemory
process_identifier: 2740
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619674699.659249
NtProtectVirtualMemory
process_identifier: 2740
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00552000
success 0 0
1619674699.659249
NtProtectVirtualMemory
process_identifier: 2740
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
An application raised an exception which may be indicative of an exploit crash (2 个事件)
Application Crash Process chrome.exe with pid 648 crashed
Time & API Arguments Status Return Repeated
1619674320.772895
__exception__
stacktrace: 
0xb82e04
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30

registers.r14: 8312999824896
registers.r9: 0
registers.rcx: 1400
registers.rsi: -6148914691236517206
registers.r10: 0
registers.rbx: 287566000
registers.rdi: 17302540
registers.r11: 287569920
registers.r8: 2009563532
registers.rdx: 1308
registers.rbp: 287565856
registers.r15: 287566360
registers.r12: 287566760
registers.rsp: 287565720
registers.rax: 12070400
registers.r13: 8313000820736
exception.instruction_r: ff 15 16 1f 09 00 ff 25 00 00 00 00 aa a4 a3 77
exception.instruction: call qword ptr [rip + 0x91f16]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xb82e04
success 0 0
Steals private information from local Internet browsers (22 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad\reports
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\First Run
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma~RFdd2ad5.TMP
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-608A0E19-288.pma
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_3
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_2
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\BrowserMetrics
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Local State
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad\metadata
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Last Version
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-spare.pma
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index
Creates (office) documents on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Payment advice Maschinenfabrik Rieter AG (2).PDF
Drops a binary and executes it (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Payment advice Maschinenfabrik Rieter AG (2).PDF
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.337292747440532 section {'size_of_data': '0x00070a00', 'virtual_address': '0x0008b000', 'entropy': 7.337292747440532, 'name': '.rsrc', 'virtual_size': '0x00070890'} description A section with a high entropy has been found
entropy 0.4594594594594595 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 784 called NtSetContextThread to modify thread in remote process 2740
Time & API Arguments Status Return Repeated
1619674698.300876
NtSetContextThread
thread_handle: 0x00000140
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 5071680
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2740
success 0 0
One or more non-safelisted processes were created (2 个事件)
parent_process chrome.exe martian_process "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xb0,0xb4,0xb8,0x84,0xbc,0x7fef2394f50,0x7fef2394f60,0x7fef2394f70
parent_process chrome.exe martian_process "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1064,16352296648457816578,13893226001945008619,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=92 /prefetch:2
Resumed a suspended thread in a remote process potentially indicative of process injection (9 个事件)
Process injection Process 784 resumed a thread in remote process 2740
Process injection Process 2620 resumed a thread in remote process 648
Time & API Arguments Status Return Repeated
1619674698.550876
NtResumeThread
thread_handle: 0x00000140
suspend_count: 1
process_identifier: 2740
success 0 0
1619674323.209645
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 648
success 0 0
1619674324.272645
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 648
success 0 0
1619674325.225645
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 648
success 0 0
1619674326.412645
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 648
success 0 0
1619674327.428645
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 648
success 0 0
1619674329.334645
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 648
success 0 0
Executed a process and injected code into it, probably while unpacking (24 个事件)
Time & API Arguments Status Return Repeated
1619674698.191876
CreateProcessInternalW
thread_identifier: 2308
thread_handle: 0x00000200
process_identifier: 648
current_directory: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp
filepath: C:\Program Files\Google\Chrome\Application\chrome.exe
track: 1
command_line: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\ADMINI~1.OSK\AppData\Local\Temp\Payment advice Maschinenfabrik Rieter AG (2).PDF
filepath_r: C:\Program Files\Google\Chrome\Application\chrome.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
process_handle: 0x00000204
inherit_handles: 0
success 1 0
1619674698.269876
CreateProcessInternalW
thread_identifier: 196
thread_handle: 0x00000140
process_identifier: 2740
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7f1599b18ba48fe371d5ea7b83ad177b.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000138
inherit_handles: 0
success 1 0
1619674698.269876
NtUnmapViewOfSection
process_identifier: 2740
region_size: 4096
process_handle: 0x00000138
base_address: 0x00400000
success 0 0
1619674698.269876
NtMapViewOfSection
section_handle: 0x00000158
process_identifier: 2740
commit_size: 884736
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000138
allocation_type: 0 ()
section_offset: 0
view_size: 884736
base_address: 0x00400000
success 0 0
1619674698.300876
NtGetContextThread
thread_handle: 0x00000140
success 0 0
1619674698.300876
NtSetContextThread
thread_handle: 0x00000140
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 5071680
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2740
success 0 0
1619674698.550876
NtResumeThread
thread_handle: 0x00000140
suspend_count: 1
process_identifier: 2740
success 0 0
1619674269.131895
NtResumeThread
thread_handle: 0x0000000000000078
suspend_count: 1
process_identifier: 648
success 0 0
1619674273.912895
CreateProcessInternalW
thread_identifier: 520
thread_handle: 0x00000000000000c0
process_identifier: 2620
current_directory:
filepath: C:\Program Files\Google\Chrome\Application\chrome.exe
track: 1
command_line: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xb0,0xb4,0xb8,0x84,0xbc,0x7fef2394f50,0x7fef2394f60,0x7fef2394f70
filepath_r: C:\Program Files\Google\Chrome\Application\chrome.exe
stack_pivoted: 0
creation_flags: 524288 (EXTENDED_STARTUPINFO_PRESENT)
process_handle: 0x00000000000000c4
inherit_handles: 1
success 1 0
1619674320.756895
CreateProcessInternalW
thread_identifier: 1664
thread_handle: 0x000000000000057c
process_identifier: 1244
current_directory:
filepath: C:\Program Files\Google\Chrome\Application\chrome.exe
track: 1
command_line: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1064,16352296648457816578,13893226001945008619,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=92 /prefetch:2
filepath_r: C:\Program Files\Google\Chrome\Application\chrome.exe
stack_pivoted: 0
creation_flags: 17302540 (CREATE_BREAKAWAY_FROM_JOB|CREATE_SUSPENDED|CREATE_UNICODE_ENVIRONMENT|DETACHED_PROCESS|EXTENDED_STARTUPINFO_PRESENT)
process_handle: 0x000000000000051c
inherit_handles: 1
success 1 0
1619674275.006645
NtResumeThread
thread_handle: 0x000000000000011c
suspend_count: 1
process_identifier: 2620
success 0 0
1619674321.006645
NtGetContextThread
thread_handle: 0x0000000000000140
success 0 0
1619674323.209645
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 648
success 0 0
1619674323.209645
NtGetContextThread
thread_handle: 0x0000000000000140
success 0 0
1619674324.272645
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 648
success 0 0
1619674324.272645
NtGetContextThread
thread_handle: 0x0000000000000140
success 0 0
1619674325.225645
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 648
success 0 0
1619674325.241645
NtGetContextThread
thread_handle: 0x0000000000000140
success 0 0
1619674326.412645
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 648
success 0 0
1619674326.412645
NtGetContextThread
thread_handle: 0x0000000000000140
success 0 0
1619674327.428645
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 648
success 0 0
1619674327.444645
NtGetContextThread
thread_handle: 0x0000000000000140
success 0 0
1619674329.334645
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 648
success 0 0
1619674329.350645
NtGetContextThread
thread_handle: 0x0000000000000140
success 0 0
File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.69532
FireEye Generic.mg.7f1599b18ba48fe3
Qihoo-360 Win32/Trojan.Spy.9dd
McAfee Fareit-FPQ!7F1599B18BA4
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
SUPERAntiSpyware Trojan.Agent/Gen-Dropper
Sangfor Malware
K7AntiVirus Trojan ( 0056c99c1 )
Alibaba TrojanSpy:Win32/Formbook.05f34425
K7GW Trojan ( 0056c99c1 )
CrowdStrike win/malicious_confidence_60% (W)
Arcabit Trojan.Generic.D10F9C
Invincea Mal/Generic-S
Cyren W32/Injector.HULP-8842
Symantec Trojan.Gen.MBT
APEX Malicious
Avast Win32:DangerousSig [Trj]
ClamAV Win.Dropper.AgentTesla-9375297-1
Kaspersky HEUR:Trojan-Spy.Win32.Noon.gen
BitDefender Trojan.GenericKDZ.69532
NANO-Antivirus Trojan.Win32.Noon.hsfjll
Paloalto generic.ml
AegisLab Trojan.Win32.Noon.l!c
Ad-Aware Trojan.GenericKDZ.69532
Emsisoft Trojan.GenericKDZ.69532 (B)
Comodo Malware@#2ta55za9r3epg
DrWeb BackDoor.RatNET.2
Zillya Trojan.Injector.Win32.762359
TrendMicro TrojanSpy.Win32.NOON.THIBDBO
McAfee-GW-Edition Fareit-FPQ!7F1599B18BA4
Sophos Mal/Generic-S
SentinelOne DFI - Suspicious PE
Jiangmin TrojanSpy.Noon.qcf
MAX malware (ai score=82)
Antiy-AVL Trojan/Win32.Injector
Microsoft Trojan:Win32/Formbook.VD!MTB
ZoneAlarm HEUR:Trojan-Spy.Win32.Noon.gen
GData Trojan.GenericKDZ.69532
Cynet Malicious (score: 100)
AhnLab-V3 Spyware/Win32.Noon.R348759
Acronis suspicious
BitDefenderTheta Gen:NN.ZelphiF.34590.9GX@aSh6CVbi
ALYac Trojan.GenericKDZ.69532
VBA32 TScope.Trojan.Delf
Malwarebytes Trojan.MalPack
ESET-NOD32 a variant of Win32/Injector.ENAR
TrendMicro-HouseCall TrojanSpy.Win32.NOON.THIBDBO
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x47e178 VirtualFree
0x47e17c VirtualAlloc
0x47e180 LocalFree
0x47e184 LocalAlloc
0x47e188 GetVersion
0x47e18c GetCurrentThreadId
0x47e198 VirtualQuery
0x47e19c WideCharToMultiByte
0x47e1a4 MultiByteToWideChar
0x47e1a8 lstrlenA
0x47e1ac lstrcpynA
0x47e1b0 LoadLibraryExA
0x47e1b4 GetThreadLocale
0x47e1b8 GetStartupInfoA
0x47e1bc GetProcAddress
0x47e1c0 GetModuleHandleA
0x47e1c4 GetModuleFileNameA
0x47e1c8 GetLocaleInfoA
0x47e1cc GetLastError
0x47e1d4 GetCommandLineA
0x47e1d8 FreeLibrary
0x47e1dc FindFirstFileA
0x47e1e0 FindClose
0x47e1e4 ExitProcess
0x47e1e8 WriteFile
0x47e1f0 RtlUnwind
0x47e1f4 RaiseException
0x47e1f8 GetStdHandle
Library user32.dll:
0x47e200 GetKeyboardType
0x47e204 LoadStringA
0x47e208 MessageBoxA
0x47e20c CharNextA
Library advapi32.dll:
0x47e214 RegQueryValueExA
0x47e218 RegOpenKeyExA
0x47e21c RegCloseKey
Library oleaut32.dll:
0x47e224 SysFreeString
0x47e228 SysReAllocStringLen
0x47e22c SysAllocStringLen
Library kernel32.dll:
0x47e234 TlsSetValue
0x47e238 TlsGetValue
0x47e23c LocalAlloc
0x47e240 GetModuleHandleA
Library advapi32.dll:
0x47e248 RegQueryValueExA
0x47e24c RegOpenKeyExA
0x47e250 RegCloseKey
Library kernel32.dll:
0x47e258 lstrcpyA
0x47e25c WriteFile
0x47e260 WinExec
0x47e264 WaitForSingleObject
0x47e268 VirtualQuery
0x47e26c VirtualProtect
0x47e270 VirtualAlloc
0x47e274 Sleep
0x47e278 SizeofResource
0x47e27c SetThreadLocale
0x47e280 SetFilePointer
0x47e284 SetEvent
0x47e288 SetErrorMode
0x47e28c SetEndOfFile
0x47e290 ResetEvent
0x47e294 ReadFile
0x47e298 MulDiv
0x47e29c LockResource
0x47e2a0 LoadResource
0x47e2a4 LoadLibraryA
0x47e2b0 GlobalUnlock
0x47e2b4 GlobalReAlloc
0x47e2b8 GlobalHandle
0x47e2bc GlobalLock
0x47e2c0 GlobalFree
0x47e2c4 GlobalFindAtomA
0x47e2c8 GlobalDeleteAtom
0x47e2cc GlobalAlloc
0x47e2d0 GlobalAddAtomA
0x47e2d8 GetVersionExA
0x47e2dc GetVersion
0x47e2e0 GetTickCount
0x47e2e4 GetThreadLocale
0x47e2ec GetSystemInfo
0x47e2f0 GetStringTypeExA
0x47e2f4 GetStdHandle
0x47e2f8 GetProcAddress
0x47e2fc GetModuleHandleA
0x47e300 GetModuleFileNameA
0x47e304 GetLogicalDrives
0x47e308 GetLocaleInfoA
0x47e30c GetLocalTime
0x47e310 GetLastError
0x47e314 GetFullPathNameA
0x47e318 GetFileAttributesA
0x47e31c GetDriveTypeA
0x47e320 GetDiskFreeSpaceA
0x47e324 GetDateFormatA
0x47e328 GetCurrentThreadId
0x47e32c GetCurrentProcessId
0x47e330 GetCPInfo
0x47e334 GetACP
0x47e338 FreeResource
0x47e33c InterlockedExchange
0x47e340 FreeLibrary
0x47e344 FormatMessageA
0x47e348 FindResourceA
0x47e34c FindNextFileA
0x47e350 FindFirstFileA
0x47e354 FindClose
0x47e364 EnumCalendarInfoA
0x47e370 CreateThread
0x47e374 CreateFileA
0x47e378 CreateEventA
0x47e37c CompareStringA
0x47e380 CloseHandle
Library mpr.dll:
0x47e388 WNetGetConnectionA
Library version.dll:
0x47e390 VerQueryValueA
0x47e398 GetFileVersionInfoA
Library gdi32.dll:
0x47e3a0 UnrealizeObject
0x47e3a4 StretchBlt
0x47e3a8 SetWindowOrgEx
0x47e3ac SetWinMetaFileBits
0x47e3b0 SetViewportOrgEx
0x47e3b4 SetTextColor
0x47e3b8 SetStretchBltMode
0x47e3bc SetROP2
0x47e3c0 SetPixel
0x47e3c4 SetEnhMetaFileBits
0x47e3c8 SetDIBColorTable
0x47e3cc SetBrushOrgEx
0x47e3d0 SetBkMode
0x47e3d4 SetBkColor
0x47e3d8 SelectPalette
0x47e3dc SelectObject
0x47e3e0 SaveDC
0x47e3e4 RestoreDC
0x47e3e8 Rectangle
0x47e3ec RectVisible
0x47e3f0 RealizePalette
0x47e3f4 Polyline
0x47e3f8 PlayEnhMetaFile
0x47e3fc PatBlt
0x47e400 MoveToEx
0x47e404 MaskBlt
0x47e408 LineTo
0x47e40c IntersectClipRect
0x47e410 GetWindowOrgEx
0x47e414 GetWinMetaFileBits
0x47e418 GetTextMetricsA
0x47e424 GetStockObject
0x47e428 GetPixel
0x47e42c GetPaletteEntries
0x47e430 GetObjectA
0x47e43c GetEnhMetaFileBits
0x47e440 GetDeviceCaps
0x47e444 GetDIBits
0x47e448 GetDIBColorTable
0x47e44c GetDCOrgEx
0x47e454 GetClipBox
0x47e458 GetBrushOrgEx
0x47e45c GetBitmapBits
0x47e460 ExtTextOutA
0x47e464 ExcludeClipRect
0x47e468 DeleteObject
0x47e46c DeleteEnhMetaFile
0x47e470 DeleteDC
0x47e474 CreateSolidBrush
0x47e478 CreatePenIndirect
0x47e47c CreatePalette
0x47e484 CreateFontIndirectA
0x47e488 CreateDIBitmap
0x47e48c CreateDIBSection
0x47e490 CreateCompatibleDC
0x47e498 CreateBrushIndirect
0x47e49c CreateBitmap
0x47e4a0 CopyEnhMetaFileA
0x47e4a4 BitBlt
Library opengl32.dll:
0x47e4ac wglCreateContext
Library user32.dll:
0x47e4b4 CreateWindowExA
0x47e4b8 WindowFromPoint
0x47e4bc WinHelpA
0x47e4c0 WaitMessage
0x47e4c4 UpdateWindow
0x47e4c8 UnregisterClassA
0x47e4cc UnhookWindowsHookEx
0x47e4d0 TranslateMessage
0x47e4d8 TrackPopupMenu
0x47e4e0 ShowWindow
0x47e4e4 ShowScrollBar
0x47e4e8 ShowOwnedPopups
0x47e4ec ShowCursor
0x47e4f0 SetWindowsHookExA
0x47e4f4 SetWindowTextA
0x47e4f8 SetWindowPos
0x47e4fc SetWindowPlacement
0x47e500 SetWindowLongA
0x47e504 SetTimer
0x47e508 SetScrollRange
0x47e50c SetScrollPos
0x47e510 SetScrollInfo
0x47e514 SetRect
0x47e518 SetPropA
0x47e51c SetParent
0x47e520 SetMenuItemInfoA
0x47e524 SetMenu
0x47e528 SetForegroundWindow
0x47e52c SetFocus
0x47e530 SetCursor
0x47e534 SetClassLongA
0x47e538 SetCapture
0x47e53c SetActiveWindow
0x47e540 SendMessageA
0x47e544 ScrollWindow
0x47e548 ScreenToClient
0x47e54c RemovePropA
0x47e550 RemoveMenu
0x47e554 ReleaseDC
0x47e558 ReleaseCapture
0x47e564 RegisterClassA
0x47e568 RedrawWindow
0x47e56c PtInRect
0x47e570 PostQuitMessage
0x47e574 PostMessageA
0x47e578 PeekMessageA
0x47e57c OffsetRect
0x47e580 OemToCharA
0x47e584 MessageBoxA
0x47e588 MapWindowPoints
0x47e58c MapVirtualKeyA
0x47e590 LoadStringA
0x47e594 LoadKeyboardLayoutA
0x47e598 LoadIconA
0x47e59c LoadCursorA
0x47e5a0 LoadBitmapA
0x47e5a4 KillTimer
0x47e5a8 IsZoomed
0x47e5ac IsWindowVisible
0x47e5b0 IsWindowEnabled
0x47e5b4 IsWindow
0x47e5b8 IsRectEmpty
0x47e5bc IsIconic
0x47e5c0 IsDialogMessageA
0x47e5c4 IsChild
0x47e5c8 InvalidateRect
0x47e5cc IntersectRect
0x47e5d0 InsertMenuItemA
0x47e5d4 InsertMenuA
0x47e5d8 InflateRect
0x47e5e0 GetWindowTextA
0x47e5e4 GetWindowRect
0x47e5e8 GetWindowPlacement
0x47e5ec GetWindowLongA
0x47e5f0 GetWindowDC
0x47e5f4 GetTopWindow
0x47e5f8 GetSystemMetrics
0x47e5fc GetSystemMenu
0x47e600 GetSysColorBrush
0x47e604 GetSysColor
0x47e608 GetSubMenu
0x47e60c GetScrollRange
0x47e610 GetScrollPos
0x47e614 GetScrollInfo
0x47e618 GetPropA
0x47e61c GetParent
0x47e620 GetWindow
0x47e624 GetMenuStringA
0x47e628 GetMenuState
0x47e62c GetMenuItemInfoA
0x47e630 GetMenuItemID
0x47e634 GetMenuItemCount
0x47e638 GetMenu
0x47e63c GetLastActivePopup
0x47e640 GetKeyboardState
0x47e648 GetKeyboardLayout
0x47e64c GetKeyState
0x47e650 GetKeyNameTextA
0x47e654 GetIconInfo
0x47e658 GetForegroundWindow
0x47e65c GetFocus
0x47e660 GetDlgItem
0x47e664 GetDesktopWindow
0x47e668 GetDCEx
0x47e66c GetDC
0x47e670 GetCursorPos
0x47e674 GetCursor
0x47e678 GetClipboardData
0x47e67c GetClientRect
0x47e680 GetClassNameA
0x47e684 GetClassInfoA
0x47e688 GetCapture
0x47e68c GetActiveWindow
0x47e690 FrameRect
0x47e694 FindWindowA
0x47e698 FillRect
0x47e69c EqualRect
0x47e6a0 EnumWindows
0x47e6a4 EnumThreadWindows
0x47e6a8 EndPaint
0x47e6ac EnableWindow
0x47e6b0 EnableScrollBar
0x47e6b4 EnableMenuItem
0x47e6b8 DrawTextA
0x47e6bc DrawMenuBar
0x47e6c0 DrawIconEx
0x47e6c4 DrawIcon
0x47e6c8 DrawFrameControl
0x47e6cc DrawFocusRect
0x47e6d0 DrawEdge
0x47e6d4 DispatchMessageA
0x47e6d8 DestroyWindow
0x47e6dc DestroyMenu
0x47e6e0 DestroyIcon
0x47e6e4 DestroyCursor
0x47e6e8 DeleteMenu
0x47e6ec DefWindowProcA
0x47e6f0 DefMDIChildProcA
0x47e6f4 DefFrameProcA
0x47e6f8 CreatePopupMenu
0x47e6fc CreateMenu
0x47e700 CreateIcon
0x47e704 ClientToScreen
0x47e708 CheckMenuItem
0x47e70c CallWindowProcA
0x47e710 CallNextHookEx
0x47e714 BeginPaint
0x47e718 CharNextA
0x47e71c CharLowerBuffA
0x47e720 CharLowerA
0x47e724 CharUpperBuffA
0x47e728 CharToOemA
0x47e72c AdjustWindowRectEx
Library kernel32.dll:
0x47e738 Sleep
Library oleaut32.dll:
0x47e740 SafeArrayPtrOfIndex
0x47e744 SafeArrayGetUBound
0x47e748 SafeArrayGetLBound
0x47e74c SafeArrayCreate
0x47e750 VariantChangeType
0x47e754 VariantCopy
0x47e758 VariantClear
0x47e75c VariantInit
Library comctl32.dll:
0x47e76c ImageList_Write
0x47e770 ImageList_Read
0x47e780 ImageList_DragMove
0x47e784 ImageList_DragLeave
0x47e788 ImageList_DragEnter
0x47e78c ImageList_EndDrag
0x47e790 ImageList_BeginDrag
0x47e794 ImageList_Remove
0x47e798 ImageList_DrawEx
0x47e79c ImageList_Replace
0x47e7a0 ImageList_Draw
0x47e7b0 ImageList_Add
0x47e7b8 ImageList_Destroy
0x47e7bc ImageList_Create
Library comdlg32.dll:
0x47e7c4 GetOpenFileNameA
Library user32.dll:
0x47e7cc DdeCmpStringHandles
0x47e7d0 DdeFreeStringHandle
0x47e7d4 DdeQueryStringA
0x47e7dc DdeGetLastError
0x47e7e0 DdeFreeDataHandle
0x47e7e4 DdeUnaccessData
0x47e7e8 DdeAccessData
0x47e7ec DdeCreateDataHandle
0x47e7f4 DdeNameService
0x47e7f8 DdePostAdvise
0x47e7fc DdeSetUserHandle
0x47e800 DdeQueryConvInfo
0x47e804 DdeDisconnect
0x47e808 DdeConnect
0x47e80c DdeUninitialize
0x47e810 DdeInitializeA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.