11.0
0-day
62 个模型检测该样本为恶意!
重新分析
更多

41c4211d0904664fd1bfebef76857c9b760a53a28be1bd2ed2210974d70bc5fd

87d19b1122a5c50263e4c30435284f9e.exe

分析耗时

141s

最近分析

文件大小

2.2MB
静态报毒 动态报毒 0NA103I320 100% AI SCORE=100 AIDETECTVM ATRAPS CLASSIC CONFIDENCE FADOK FAKD@5XDXI2 FAKEDOC FAOJIR GEN4 GENASA GENCIRC GENERICRXAH GENETIC HIDEDOC HIGH CONFIDENCE HLLW IFDX JFYA LWW@AAAMNONK MALICIOUS PE MALWARE1 MINT PZJA R + TROJ R189010 RAZY RENDOC SCAR SCORE STATIC AI TNER UNSAFE VWR6ENNJT6I WORMX ZARD ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Worm:Win32/FakeDoc.55b1b735 20190527 0.3.0.5
Avast Win32:WormX-gen [Wrm] 20210127 21.1.5827.0
Tencent Malware.Win32.Gencirc.10b6abd3 20210128 1.0.0.1
Baidu Win32.Worm.FakeDoc.a 20190318 1.0.0.2
Kingsoft 20210128 2017.9.26.565
McAfee GenericRXAH-AG!87D19B1122A5 20210128 6.0.6.653
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Checks if process is being debugged by a debugger (25 个事件)
Time & API Arguments Status Return Repeated
1620824933.29552
IsDebuggerPresent
failed 0 0
1620824933.31152
IsDebuggerPresent
failed 0 0
1620824942.53052
IsDebuggerPresent
failed 0 0
1620824942.68652
IsDebuggerPresent
failed 0 0
1620824942.71752
IsDebuggerPresent
failed 0 0
1620824942.79552
IsDebuggerPresent
failed 0 0
1620824942.82752
IsDebuggerPresent
failed 0 0
1620824942.95252
IsDebuggerPresent
failed 0 0
1620824942.99852
IsDebuggerPresent
failed 0 0
1620824943.13952
IsDebuggerPresent
failed 0 0
1620824943.23352
IsDebuggerPresent
failed 0 0
1620824944.87352
IsDebuggerPresent
failed 0 0
1620824947.06152
IsDebuggerPresent
failed 0 0
1620824952.46752
IsDebuggerPresent
failed 0 0
1620824952.49852
IsDebuggerPresent
failed 0 0
1620824952.82752
IsDebuggerPresent
failed 0 0
1620824956.01452
IsDebuggerPresent
failed 0 0
1620824957.43652
IsDebuggerPresent
failed 0 0
1620824963.37352
IsDebuggerPresent
failed 0 0
1620824966.59252
IsDebuggerPresent
failed 0 0
1620824967.03052
IsDebuggerPresent
failed 0 0
1620824971.12352
IsDebuggerPresent
failed 0 0
1620824919.388897
IsDebuggerPresent
failed 0 0
1620824919.388897
IsDebuggerPresent
failed 0 0
1620824919.482897
IsDebuggerPresent
failed 0 0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
This executable has a PDB path (1 个事件)
pdb_path P:\MultiLauncher\Release\MultiLauncher.pdb
Tries to locate where the browsers are installed (2 个事件)
file C:\Program Files\Google\Chrome\Application\89.0.4389.114\chrome.dll
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe\PATH
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620825339.916626
GlobalMemoryStatusEx
success 1 0
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name DATA
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1620824983.18652
__exception__
stacktrace: 
0xb92e04
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30

registers.r14: 2726396595712
registers.r9: 0
registers.rcx: 1400
registers.rsi: -6148914691236517206
registers.r10: 0
registers.rbx: 275967696
registers.rdi: 17302540
registers.r11: 275971616
registers.r8: 2009563532
registers.rdx: 1408
registers.rbp: 275967552
registers.r15: 275968056
registers.r12: 275968456
registers.rsp: 275967416
registers.rax: 12135936
registers.r13: 2726397591552
exception.instruction_r: ff 15 16 1f 09 00 ff 25 00 00 00 00 aa a4 a3 77
exception.instruction: call qword ptr [rip + 0x91f16]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xb92e04
success 0 0
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:3197106493&cup2hreq=95004a08ba1ee4f0a8b9419113489e0cefaa3f9534b570705b98255ba426431b
Performs some HTTP requests (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:3197106493&cup2hreq=95004a08ba1ee4f0a8b9419113489e0cefaa3f9534b570705b98255ba426431b
Sends data using the HTTP POST Method (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:3197106493&cup2hreq=95004a08ba1ee4f0a8b9419113489e0cefaa3f9534b570705b98255ba426431b
Resolves a suspicious Top Level Domain (TLD) (1 个事件)
domain wxanalytics.ru description Russian Federation domain TLD
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620824969.06127
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00000000041d0000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
A process attempted to delay the analysis task. (1 个事件)
description mls.exe tried to sleep 176 seconds, actually delayed analysis time by 176 seconds
An application raised an exception which may be indicative of an exploit crash (2 个事件)
Application Crash Process chrome.exe with pid 1880 crashed
Time & API Arguments Status Return Repeated
1620824983.18652
__exception__
stacktrace: 
0xb92e04
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30

registers.r14: 2726396595712
registers.r9: 0
registers.rcx: 1400
registers.rsi: -6148914691236517206
registers.r10: 0
registers.rbx: 275967696
registers.rdi: 17302540
registers.r11: 275971616
registers.r8: 2009563532
registers.rdx: 1408
registers.rbp: 275967552
registers.r15: 275968056
registers.r12: 275968456
registers.rsp: 275967416
registers.rax: 12135936
registers.r13: 2726397591552
exception.instruction_r: ff 15 16 1f 09 00 ff 25 00 00 00 00 aa a4 a3 77
exception.instruction: call qword ptr [rip + 0x91f16]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xb92e04
success 0 0
Steals private information from local Internet browsers (26 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad\reports
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma~RF20262ec.TMP
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\First Run
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_3
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_2
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-609BE7D9-758.pma
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\BrowserMetrics
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Local State
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad\metadata
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Last Version
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-spare.pma
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Policy\User Policy
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences
Creates (office) documents on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\87d19b1122a5c50263e4c30435284f9e.pdf
A process created a hidden window (2 个事件)
Time & API Arguments Status Return Repeated
1620825341.073626
ShellExecuteExW
parameters:
filepath: 87d19b1122a5c50263e4c30435284f9e.pdf
filepath_r: 87d19b1122a5c50263e4c30435284f9e.pdf
show_type: 0
success 1 0
1620825341.619626
ShellExecuteExW
parameters: -s
filepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\RAC\mls.exe
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Roaming\RAC\mls.exe
show_type: 0
success 1 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Installs itself for autorun at Windows startup (1 个事件)
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\mls reg_value "C:\Users\Administrator.Oskar-PC\AppData\Roaming\RAC\mls.exe" -s
One or more non-safelisted processes were created (2 个事件)
parent_process chrome.exe martian_process "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xb0,0xb4,0xb8,0x84,0xbc,0x7fef2474f50,0x7fef2474f60,0x7fef2474f70
parent_process chrome.exe martian_process "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1056,8955039027049858800,10555927882865719441,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1072 /prefetch:2
Resumed a suspended thread in a remote process potentially indicative of process injection (14 个事件)
Process injection Process 1932 resumed a thread in remote process 1880
Time & API Arguments Status Return Repeated
1620824983.826897
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1880
success 0 0
1620824983.951897
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1880
success 0 0
1620824984.044897
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1880
success 0 0
1620824984.138897
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1880
success 0 0
1620824984.294897
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1880
success 0 0
1620824984.372897
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1880
success 0 0
1620824984.466897
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1880
success 0 0
1620824984.560897
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1880
success 0 0
1620824988.966897
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1880
success 0 0
1620824993.685897
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1880
success 0 0
1620824998.013897
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1880
success 0 0
1620825000.732897
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1880
success 0 0
1620825002.372897
NtResumeThread
thread_handle: 0x0000000000000140
suspend_count: 2
process_identifier: 1880
success 0 0
File has been identified by 62 AntiVirus engines on VirusTotal as malicious (50 out of 62 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
DrWeb Win32.HLLW.Rendoc.3
MicroWorld-eScan Gen:Heur.Mint.Zard.36
FireEye Generic.mg.87d19b1122a5c502
CAT-QuickHeal Worm.Fadok.A5
ALYac Gen:Heur.Mint.Zard.36
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
K7AntiVirus Trojan ( 004c3bbe1 )
Alibaba Worm:Win32/FakeDoc.55b1b735
K7GW Trojan ( 004c3bbe1 )
Cybereason malicious.122a5c
Arcabit Trojan.Mint.Zard.36
BitDefenderTheta Gen:NN.ZexaF.34780.lwW@aaAMNOnk
Cyren W32/Fakedoc.PZJA-4253
Symantec SMG.Heur!gen
APEX Malicious
Paloalto generic.ml
ClamAV Win.Malware.Razy-6723913-0
Kaspersky Trojan.Win32.Agent.ifdx
BitDefender Gen:Heur.Mint.Zard.36
NANO-Antivirus Trojan.Win32.Rendoc.faojir
Avast Win32:WormX-gen [Wrm]
Tencent Malware.Win32.Gencirc.10b6abd3
Ad-Aware Gen:Heur.Mint.Zard.36
Emsisoft Worm.FakeDoc (A)
Comodo TrojWare.Win32.Scar.FAKD@5xdxi2
Baidu Win32.Worm.FakeDoc.a
Zillya Trojan.Scar.Win32.88546
TrendMicro TROJ_FRS.0NA103I320
McAfee-GW-Edition BehavesLike.Win32.Generic.vh
Sophos Mal/Generic-R + Troj/FakeDoc-B
SentinelOne Static AI - Malicious PE
Jiangmin Worm.Agent.ju
eGambit Unsafe.AI_Score_86%
Avira TR/ATRAPS.Gen4
Antiy-AVL Trojan/Win32.Scar.jfya
Gridinsoft Trojan.Win32.Agent.dd!s1
Microsoft Worm:Win32/Fadok!rfn
AegisLab Trojan.Win32.Agent.tnEr
ZoneAlarm Trojan.Win32.Agent.ifdx
GData Gen:Heur.Mint.Zard.36
Cynet Malicious (score: 100)
AhnLab-V3 Worm/Win32.Fadok.R189010
Acronis suspicious
McAfee GenericRXAH-AG!87D19B1122A5
MAX malware (ai score=100)
VBA32 Trojan.Agent
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (4 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.110:443
dead_host 216.58.200.46:443
dead_host 35.205.61.67:80
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2015-02-13 02:50:20

Imports

Library KERNEL32.dll:
0x49403c ReleaseMutex
0x494040 FreeResource
0x494044 FindResourceW
0x494048 FreeLibrary
0x49404c LoadResource
0x494050 LoadLibraryExW
0x494054 SizeofResource
0x494058 LockResource
0x49405c EndUpdateResourceW
0x494064 UpdateResourceW
0x494068 ConnectNamedPipe
0x49406c CreateNamedPipeW
0x494070 GetLastError
0x494074 CreateThread
0x494078 FindFirstFileW
0x49407c PeekNamedPipe
0x494084 GetModuleFileNameW
0x494088 FindClose
0x49408c FindNextFileW
0x494090 SetFileAttributesW
0x494098 GetModuleHandleW
0x49409c WaitForSingleObject
0x4940a0 CreateMutexW
0x4940a4 DeleteFileW
0x4940a8 GetFileAttributesW
0x4940ac CopyFileW
0x4940b0 Sleep
0x4940b4 MoveFileExW
0x4940b8 GetTickCount
0x4940bc SetLastError
0x4940d0 VerSetConditionMask
0x4940d4 SleepEx
0x4940d8 VerifyVersionInfoA
0x4940dc FormatMessageA
0x4940e0 GetProcAddress
0x4940e8 GetFileType
0x4940ec GetStdHandle
0x4940f0 LoadLibraryA
0x4940f8 WideCharToMultiByte
0x494104 MultiByteToWideChar
0x494108 GetStringTypeW
0x49410c GetCurrentThreadId
0x494110 EncodePointer
0x494114 DecodePointer
0x494118 InterlockedExchange
0x49411c DuplicateHandle
0x494120 GetCurrentProcess
0x494124 GetCurrentThread
0x49412c GetCommandLineW
0x494130 HeapFree
0x494138 FindFirstFileExW
0x494140 HeapAlloc
0x494144 GetCPInfo
0x494148 IsDebuggerPresent
0x494150 GetDriveTypeW
0x494154 ExitThread
0x494158 SetFilePointerEx
0x494160 GetCurrentProcessId
0x494164 RaiseException
0x494168 RtlUnwind
0x494170 CreateTimerQueue
0x494178 TlsGetValue
0x494184 TerminateProcess
0x494188 TlsAlloc
0x49418c TlsSetValue
0x494190 TlsFree
0x494194 GetStartupInfoW
0x494198 CreateSemaphoreW
0x49419c GetDateFormatW
0x4941a0 GetTimeFormatW
0x4941a4 CompareStringW
0x4941a8 LCMapStringW
0x4941ac GetLocaleInfoW
0x4941b0 IsValidLocale
0x4941b4 GetUserDefaultLCID
0x4941b8 EnumSystemLocalesW
0x4941bc ExitProcess
0x4941c0 GetModuleHandleExW
0x4941c4 AreFileApisANSI
0x4941c8 GetProcessHeap
0x4941d8 HeapSize
0x4941dc FlushFileBuffers
0x4941e0 GetConsoleCP
0x4941e4 GetConsoleMode
0x4941e8 GetFullPathNameW
0x4941f0 IsValidCodePage
0x4941f4 GetACP
0x4941f8 GetOEMCP
0x494200 ReadConsoleW
0x494204 SetStdHandle
0x494214 OutputDebugStringW
0x494218 SwitchToThread
0x49421c GetThreadTimes
0x494224 GetModuleHandleA
0x494228 SetEvent
0x49422c CreateEventW
0x494230 SetThreadPriority
0x494234 GetVersionExW
0x494238 VirtualAlloc
0x49423c VirtualFree
0x494240 VirtualProtect
0x494244 ReleaseSemaphore
0x494248 InitializeSListHead
0x494258 QueryDepthSList
0x49425c UnregisterWaitEx
0x49426c LoadLibraryW
0x494270 WriteConsoleW
0x494274 SetEndOfFile
0x49427c GetThreadPriority
0x494280 UnregisterWait
0x494284 SignalObjectAndWait
0x494288 ReadFile
0x49428c SetFilePointer
0x494290 CloseHandle
0x494294 CreateFileW
0x494298 HeapReAlloc
0x49429c WriteFile
Library ADVAPI32.dll:
0x494000 CryptEncrypt
0x494004 CryptGetHashParam
0x494008 CryptDestroyKey
0x49400c CryptReleaseContext
0x494014 CryptImportKey
0x494018 CryptCreateHash
0x49401c CryptHashData
0x494020 CryptDestroyHash
0x494024 RegSetValueExW
0x494028 RegCloseKey
0x49402c RegOpenKeyExW
0x494030 RegOpenKeyW
0x494034 RegQueryValueExW
Library SHELL32.dll:
0x4942a8 ShellExecuteW
Library WS2_32.dll:
0x4942f4 socket
0x4942f8 WSAIoctl
0x4942fc getaddrinfo
0x494300 freeaddrinfo
0x494304 setsockopt
0x494308 sendto
0x49430c accept
0x494310 listen
0x494314 ioctlsocket
0x494318 gethostname
0x49431c ntohs
0x494320 htons
0x494324 getsockopt
0x494328 getsockname
0x49432c getpeername
0x494330 connect
0x494334 closesocket
0x494338 bind
0x49433c send
0x494340 recv
0x494344 WSASetLastError
0x494348 select
0x49434c __WSAFDIsSet
0x494350 WSAGetLastError
0x494354 WSACleanup
0x494358 WSAStartup
0x49435c recvfrom
Library WLDAP32.dll:
0x4942b0
0x4942b4
0x4942b8
0x4942bc
0x4942c0
0x4942c4
0x4942c8
0x4942cc
0x4942d0
0x4942d4
0x4942d8
0x4942dc
0x4942e0
0x4942e4
0x4942e8
0x4942ec

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49202 203.208.40.66 update.googleapis.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 57236 114.114.114.114 53
192.168.56.101 58970 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 54178 224.0.0.252 5355
192.168.56.101 54260 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.