9.0
极危
该样本未表现出任何异常!
重新分析
更多

720fab22a69d932ac57400e4ceb5b2a14371c325d545ddd35449bc1ef7c52953

892b13159a4f1e6ffa20e01a7c591ec4.exe

分析耗时

147s

最近分析

文件大小

496.1KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1620847604.754874
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (7 个事件)
Time & API Arguments Status Return Repeated
1620847591.473874
CryptGenKey
crypto_handle: 0x0060fa90
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00545518
flags: 1
key: f"ãîä5–ðR ²“ú
success 1 0
1620847604.754874
CryptExportKey
crypto_handle: 0x0060fa90
crypto_export_handle: 0x00545c90
buffer: f¤šR¶ÄÊIÓej9dFm0ÊÒGTn=ì:¯ÈûÝ—ÎN)ó¿Ó¬¶÷@5(=â·ê4t˜Ôžè—Ç^R”jf:"~"yžãǖ¥Gˆ†6}¬E#¼Rr?¢
blob_type: 1
flags: 64
success 1 0
1620847631.411874
CryptExportKey
crypto_handle: 0x0060fa90
crypto_export_handle: 0x00545c90
buffer: f¤­ö6‰Ìú&pÖ·]Ɵ[eOf£ Ux–)c†¯†ªeê2ålf–1µmj+ŸTéS#ÇzßÅMz¶•;±dr{ñÐbˆSâê:®oF¼†ˆÂ!èÕÀ‹
blob_type: 1
flags: 64
success 1 0
1620847636.348874
CryptExportKey
crypto_handle: 0x0060fa90
crypto_export_handle: 0x00545c90
buffer: f¤ †¾eÜsí,-rʇ|§ÕË+™2¿ÏQ¶¯] pÜÈÙ8&ÀÖ¦™cÒ;*È­ ÒFûJEeäŠå\Ÿ„ê8|zй­ô-^tÖu,¼«¢–ۍd!ïkZ3wÕË7
blob_type: 1
flags: 64
success 1 0
1620847639.332874
CryptExportKey
crypto_handle: 0x0060fa90
crypto_export_handle: 0x00545c90
buffer: f¤{ ½â{Õ7¶Þª¥AW©C÷Tõšt3.•e´(s„x.lˆ ç?ÏBT³Y/ 9O…nãÎÅ婬ŽCrU¼de+¦éP7¾;‚źn99K¾)ž»ÑÎփÜ/
blob_type: 1
flags: 64
success 1 0
1620847662.582874
CryptExportKey
crypto_handle: 0x0060fa90
crypto_export_handle: 0x00545c90
buffer: f¤LÅÊýÕdîMj!ÄDԘ§øœw³¢ÄèX´ôLev“ š“¹È2¦„×ÒÉÐß 8ù¥é»+ž2dÓF0æu=§ÚˆÐIòè3€Ì,-•n®šD+ø¬çÞÆftÙÜp
blob_type: 1
flags: 64
success 1 0
1620847666.754874
CryptExportKey
crypto_handle: 0x0060fa90
crypto_export_handle: 0x00545c90
buffer: f¤¢ª³÷ËGÊDѾvªF2e‹ìï-T¦¸|Iп,ç mU¿¶ƒa·y?Æ^"¼W*Dt¡ãÇÞBÜÒ_¡¤Þh0ü2Ô Ã·µ!øµð|]úÀZéÛ>”%Ø4f
blob_type: 1
flags: 64
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:348205210&cup2hreq=21664b8366876074b275728fd879c03bcb1a3b3de2efb3e490f1691e5a06f6dc
Performs some HTTP requests (5 个事件)
request HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620818425&mv=m&mvi=1&pl=23&shardbypass=yes
request HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=487dd49cc4d38995&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620818667&mv=m&mvi=3
request GET http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=487dd49cc4d38995&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620818667&mv=m&mvi=3
request POST https://update.googleapis.com/service/update2?cup2key=10:348205210&cup2hreq=21664b8366876074b275728fd879c03bcb1a3b3de2efb3e490f1691e5a06f6dc
Sends data using the HTTP POST Method (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:348205210&cup2hreq=21664b8366876074b275728fd879c03bcb1a3b3de2efb3e490f1691e5a06f6dc
Allocates read-write-execute memory (usually to unpack itself) (5 个事件)
Time & API Arguments Status Return Repeated
1620808827.8755
NtAllocateVirtualMemory
process_identifier: 580
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003e0000
success 0 0
1620808827.9535
NtAllocateVirtualMemory
process_identifier: 580
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00550000
success 0 0
1620847197.101895
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000003e80000
success 0 0
1620847591.145874
NtAllocateVirtualMemory
process_identifier: 2504
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003e0000
success 0 0
1620847591.161874
NtAllocateVirtualMemory
process_identifier: 2504
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003f0000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Moves the original executable to a new location (1 个事件)
Time & API Arguments Status Return Repeated
1620808832.4065
MoveFileWithProgressW
oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\892b13159a4f1e6ffa20e01a7c591ec4.exe
newfilepath: C:\Windows\SysWOW64\dmband\eapphost.exe
newfilepath_r: C:\Windows\SysWOW64\dmband\eapphost.exe
flags: 3
oldfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\892b13159a4f1e6ffa20e01a7c591ec4.exe
success 1 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620847605.207874
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process eapphost.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1620847604.895874
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (9 个事件)
host 151.139.128.14
host 134.209.193.138
host 162.144.42.60
host 172.105.78.244
host 172.217.24.14
host 181.113.229.139
host 210.1.219.238
host 68.183.233.80
host 205.185.208.154
Installs itself for autorun at Windows startup (1 个事件)
service_name eapphost service_path C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\dmband\eapphost.exe"
Created a service where a service was also not started (1 个事件)
Time & API Arguments Status Return Repeated
1620808833.3595
CreateServiceW
service_start_name:
start_type: 2
service_handle: 0x028cff60
display_name: eapphost
error_control: 0
service_name: eapphost
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\dmband\eapphost.exe"
filepath_r: "C:\Windows\SysWOW64\dmband\eapphost.exe"
service_manager_handle: 0x028cf998
desired_access: 2
service_type: 16
password:
success 42794848 0
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1620847607.754874
RegSetValueExA
key_handle: 0x000003b4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620847607.754874
RegSetValueExA
key_handle: 0x000003b4
value:  bFG×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620847607.754874
RegSetValueExA
key_handle: 0x000003b4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620847607.754874
RegSetValueExW
key_handle: 0x000003b4
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620847607.754874
RegSetValueExA
key_handle: 0x000003cc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620847607.754874
RegSetValueExA
key_handle: 0x000003cc
value:  bFG×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620847607.754874
RegSetValueExA
key_handle: 0x000003cc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620847607.770874
RegSetValueExW
key_handle: 0x000003b0
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Attempts to remove evidence of file being downloaded from the Internet (1 个事件)
file C:\Windows\SysWOW64\dmband\eapphost.exe:Zone.Identifier
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (8 个事件)
dead_host 216.58.200.46:443
dead_host 172.217.24.14:443
dead_host 172.105.78.244:8080
dead_host 210.1.219.238:80
dead_host 192.168.56.101:49197
dead_host 162.144.42.60:8080
dead_host 68.183.233.80:8080
dead_host 192.168.56.101:49185
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-09-01 14:53:22

Imports

Library KERNEL32.dll:
0x44b190 TerminateProcess
0x44b194 CreateThread
0x44b198 ExitThread
0x44b19c HeapReAlloc
0x44b1a0 HeapSize
0x44b1a4 GetACP
0x44b1ac GetSystemTime
0x44b1b0 GetLocalTime
0x44b1b4 HeapDestroy
0x44b1b8 HeapCreate
0x44b1bc VirtualFree
0x44b1c0 FatalAppExitA
0x44b1c4 IsBadWritePtr
0x44b1e0 SetHandleCount
0x44b1e4 GetStdHandle
0x44b1e8 HeapFree
0x44b1ec LCMapStringA
0x44b1f0 LCMapStringW
0x44b1f4 GetStringTypeA
0x44b1f8 GetStringTypeW
0x44b1fc Sleep
0x44b200 IsBadReadPtr
0x44b204 IsBadCodePtr
0x44b208 IsValidLocale
0x44b20c IsValidCodePage
0x44b210 GetLocaleInfoA
0x44b214 EnumSystemLocalesA
0x44b218 GetUserDefaultLCID
0x44b21c GetVersionExA
0x44b224 SetStdHandle
0x44b228 CompareStringA
0x44b22c CompareStringW
0x44b234 GetLocaleInfoW
0x44b238 GetCommandLineA
0x44b23c GetStartupInfoA
0x44b240 RaiseException
0x44b244 HeapAlloc
0x44b248 RtlUnwind
0x44b254 SetFileAttributesA
0x44b258 SetFileTime
0x44b264 GetFileTime
0x44b268 GetFileSize
0x44b26c GetFileAttributesA
0x44b270 GetShortPathNameA
0x44b274 GetThreadLocale
0x44b278 GetStringTypeExA
0x44b27c GetFullPathNameA
0x44b280 InterlockedExchange
0x44b288 FindFirstFileA
0x44b28c FindClose
0x44b290 DeleteFileA
0x44b294 MoveFileA
0x44b298 SetEndOfFile
0x44b29c UnlockFile
0x44b2a0 LockFile
0x44b2a4 FlushFileBuffers
0x44b2a8 SetFilePointer
0x44b2ac WriteFile
0x44b2b0 ReadFile
0x44b2b4 CreateFileA
0x44b2b8 GetCurrentProcess
0x44b2bc DuplicateHandle
0x44b2c0 SetErrorMode
0x44b2d4 GetOEMCP
0x44b2d8 GetCPInfo
0x44b2dc GetProcessVersion
0x44b2e0 TlsGetValue
0x44b2e4 LocalReAlloc
0x44b2e8 TlsSetValue
0x44b2f0 GlobalReAlloc
0x44b2f8 TlsFree
0x44b2fc GlobalHandle
0x44b304 TlsAlloc
0x44b30c LocalAlloc
0x44b310 SizeofResource
0x44b314 GlobalFlags
0x44b318 lstrcpynA
0x44b31c FormatMessageA
0x44b320 LocalFree
0x44b324 MulDiv
0x44b328 SetLastError
0x44b32c ExitProcess
0x44b330 CreateEventA
0x44b334 SuspendThread
0x44b338 SetThreadPriority
0x44b33c ResumeThread
0x44b340 SetEvent
0x44b344 WaitForSingleObject
0x44b348 CloseHandle
0x44b34c GetModuleFileNameA
0x44b350 GlobalAlloc
0x44b354 lstrcmpA
0x44b358 GetCurrentThread
0x44b35c MultiByteToWideChar
0x44b360 WideCharToMultiByte
0x44b36c lstrlenA
0x44b370 LoadLibraryA
0x44b374 FreeLibrary
0x44b378 GetVersion
0x44b37c lstrcatA
0x44b380 GetCurrentThreadId
0x44b384 GlobalGetAtomNameA
0x44b388 lstrcmpiA
0x44b38c GlobalAddAtomA
0x44b390 GlobalFindAtomA
0x44b394 GlobalDeleteAtom
0x44b398 lstrcpyA
0x44b39c GetModuleHandleA
0x44b3a0 GlobalLock
0x44b3a4 GlobalUnlock
0x44b3a8 GlobalFree
0x44b3ac LockResource
0x44b3b0 FindResourceA
0x44b3b4 LoadResource
0x44b3b8 VirtualAlloc
0x44b3bc GetModuleHandleW
0x44b3c0 GetProcAddress
0x44b3c4 GetLastError
0x44b3c8 GetFileType
Library USER32.dll:
0x44b3e4 ReleaseDC
0x44b3e8 CheckDlgButton
0x44b3ec CheckRadioButton
0x44b3f0 GetDlgItemInt
0x44b3f4 GetDlgItemTextA
0x44b3f8 SetDlgItemInt
0x44b3fc SetDlgItemTextA
0x44b400 IsDlgButtonChecked
0x44b404 ScrollWindowEx
0x44b408 IsDialogMessageA
0x44b40c SetWindowTextA
0x44b410 MoveWindow
0x44b414 ShowWindow
0x44b418 CharToOemA
0x44b41c OemToCharA
0x44b420 wvsprintfA
0x44b424 PostQuitMessage
0x44b428 ShowOwnedPopups
0x44b42c SetCursor
0x44b430 GetCursorPos
0x44b434 ValidateRect
0x44b438 TranslateMessage
0x44b43c GetMessageA
0x44b440 ClientToScreen
0x44b444 GetWindowDC
0x44b448 BeginPaint
0x44b44c EndPaint
0x44b450 TabbedTextOutA
0x44b454 DrawTextA
0x44b458 GrayStringA
0x44b45c InflateRect
0x44b460 GetClassNameA
0x44b464 GetDesktopWindow
0x44b468 GetDialogBaseUnits
0x44b46c LoadCursorA
0x44b470 DestroyMenu
0x44b474 LoadStringA
0x44b478 WaitMessage
0x44b480 WindowFromPoint
0x44b484 InsertMenuA
0x44b488 DeleteMenu
0x44b48c GetMenuStringA
0x44b490 SetRectEmpty
0x44b494 LoadAcceleratorsA
0x44b49c LoadMenuA
0x44b4a0 SetMenu
0x44b4a4 ReuseDDElParam
0x44b4a8 UnpackDDElParam
0x44b4ac BringWindowToTop
0x44b4b0 CharUpperA
0x44b4b4 CheckMenuItem
0x44b4b8 EnableMenuItem
0x44b4bc PostMessageA
0x44b4c0 SendDlgItemMessageA
0x44b4c4 MapWindowPoints
0x44b4c8 PeekMessageA
0x44b4cc DispatchMessageA
0x44b4d0 GetFocus
0x44b4d4 SetFocus
0x44b4d8 AdjustWindowRectEx
0x44b4dc ScreenToClient
0x44b4e0 EqualRect
0x44b4e4 DeferWindowPos
0x44b4e8 BeginDeferWindowPos
0x44b4ec EndDeferWindowPos
0x44b4f0 IsWindowVisible
0x44b4f4 ScrollWindow
0x44b4f8 GetScrollInfo
0x44b4fc SetScrollInfo
0x44b500 ShowScrollBar
0x44b504 GetScrollRange
0x44b50c GetScrollPos
0x44b510 SetScrollPos
0x44b514 GetTopWindow
0x44b518 MessageBoxA
0x44b51c IsChild
0x44b520 GetCapture
0x44b524 WinHelpA
0x44b528 wsprintfA
0x44b52c GetClassInfoA
0x44b530 RegisterClassA
0x44b534 GetMenu
0x44b538 GetMenuItemCount
0x44b53c GetSubMenu
0x44b540 GetMenuItemID
0x44b544 TrackPopupMenu
0x44b548 SetWindowPlacement
0x44b550 GetDlgCtrlID
0x44b554 GetKeyState
0x44b558 DefWindowProcA
0x44b55c CreateWindowExA
0x44b560 SetWindowsHookExA
0x44b564 CallNextHookEx
0x44b568 GetClassLongA
0x44b56c SetPropA
0x44b570 UnhookWindowsHookEx
0x44b574 GetPropA
0x44b578 CallWindowProcA
0x44b57c RemovePropA
0x44b580 GetMessageTime
0x44b584 GetMessagePos
0x44b588 GetLastActivePopup
0x44b58c GetForegroundWindow
0x44b590 SetForegroundWindow
0x44b594 GetWindow
0x44b598 SetWindowLongA
0x44b59c SetWindowPos
0x44b5a4 IntersectRect
0x44b5ac IsIconic
0x44b5b0 GetWindowPlacement
0x44b5b4 GetNextDlgTabItem
0x44b5b8 EndDialog
0x44b5bc GetActiveWindow
0x44b5c0 SetActiveWindow
0x44b5c4 IsWindow
0x44b5cc DestroyWindow
0x44b5d0 GetWindowLongA
0x44b5d4 GetDlgItem
0x44b5d8 IsWindowEnabled
0x44b5dc GetClientRect
0x44b5e0 PtInRect
0x44b5e4 ReleaseCapture
0x44b5e8 SetRect
0x44b5ec OffsetRect
0x44b5f0 GetWindowRect
0x44b5f4 GetParent
0x44b5f8 GetDC
0x44b5fc SetCapture
0x44b600 CopyRect
0x44b604 DrawFrameControl
0x44b608 LoadIconA
0x44b60c DrawStateA
0x44b610 CopyImage
0x44b614 DestroyIcon
0x44b618 DrawIconEx
0x44b61c GetSysColorBrush
0x44b620 FrameRect
0x44b624 DrawFocusRect
0x44b628 GetSystemMetrics
0x44b62c GetSysColor
0x44b630 MessageBeep
0x44b634 LoadBitmapA
0x44b638 GetMenuState
0x44b63c ModifyMenuA
0x44b640 SetScrollRange
0x44b644 SetMenuItemBitmaps
0x44b648 InvalidateRect
0x44b64c UpdateWindow
0x44b650 SendMessageA
0x44b654 EnableWindow
0x44b658 GetWindowTextA
0x44b65c UnregisterClassA
Library GDI32.dll:
0x44b04c SaveDC
0x44b050 RestoreDC
0x44b054 SelectPalette
0x44b058 SetBkMode
0x44b05c SetPolyFillMode
0x44b060 SetROP2
0x44b064 SetStretchBltMode
0x44b068 SetMapMode
0x44b06c SetViewportOrgEx
0x44b070 OffsetViewportOrgEx
0x44b074 SetViewportExtEx
0x44b078 ScaleViewportExtEx
0x44b07c SetWindowOrgEx
0x44b080 OffsetWindowOrgEx
0x44b084 SetWindowExtEx
0x44b088 ScaleWindowExtEx
0x44b08c SelectClipRgn
0x44b090 ExcludeClipRect
0x44b094 IntersectClipRect
0x44b098 OffsetClipRgn
0x44b09c MoveToEx
0x44b0a0 LineTo
0x44b0a4 SetTextAlign
0x44b0b0 SetMapperFlags
0x44b0b8 ArcTo
0x44b0bc SetArcDirection
0x44b0c0 PolyDraw
0x44b0c4 StartDocA
0x44b0c8 SetColorAdjustment
0x44b0cc PolyBezierTo
0x44b0d0 GetClipRgn
0x44b0d4 CreateRectRgn
0x44b0d8 SelectClipPath
0x44b0dc ExtSelectClipRgn
0x44b0e0 PlayMetaFileRecord
0x44b0e4 GetObjectType
0x44b0e8 EnumMetaFile
0x44b0ec PlayMetaFile
0x44b0f0 GetDeviceCaps
0x44b0f4 GetViewportExtEx
0x44b0f8 GetWindowExtEx
0x44b0fc CreatePen
0x44b100 ExtCreatePen
0x44b104 CreateSolidBrush
0x44b108 CreateHatchBrush
0x44b10c CreatePatternBrush
0x44b114 PtVisible
0x44b118 RectVisible
0x44b11c TextOutA
0x44b120 ExtTextOutA
0x44b124 Escape
0x44b128 GetMapMode
0x44b12c SetRectRgn
0x44b130 CombineRgn
0x44b134 CreateFontIndirectA
0x44b138 DPtoLP
0x44b13c GetTextMetricsA
0x44b144 PatBlt
0x44b148 CreateBitmap
0x44b14c GetObjectA
0x44b150 SetBkColor
0x44b154 SetTextColor
0x44b158 GetClipBox
0x44b15c GetDCOrgEx
0x44b160 CreateCompatibleDC
0x44b168 BitBlt
0x44b16c DeleteObject
0x44b170 DeleteDC
0x44b174 Rectangle
0x44b178 CreateFontA
0x44b180 SelectObject
0x44b184 PolylineTo
0x44b188 GetStockObject
Library comdlg32.dll:
0x44b674 GetFileTitleA
Library WINSPOOL.DRV:
0x44b664 DocumentPropertiesA
0x44b668 ClosePrinter
0x44b66c OpenPrinterA
Library ADVAPI32.dll:
0x44b000 RegDeleteKeyA
0x44b004 RegCreateKeyExA
0x44b008 RegOpenKeyExA
0x44b00c RegQueryValueExA
0x44b010 RegOpenKeyA
0x44b014 RegCloseKey
0x44b018 RegDeleteValueA
0x44b01c RegSetValueExA
Library SHELL32.dll:
0x44b3d0 DragQueryFileA
0x44b3d4 DragFinish
0x44b3d8 DragAcceptFiles
0x44b3dc SHGetFileInfoA
Library COMCTL32.dll:
0x44b024
0x44b028
0x44b02c ImageList_Create
0x44b030
0x44b038 ImageList_Merge
0x44b03c ImageList_Read
0x44b040 ImageList_Write
0x44b044 ImageList_Destroy

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49192 113.108.239.194 r1---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49193 113.108.239.196 r3---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49189 134.209.193.138 443
192.168.56.101 49186 203.208.40.98 update.googleapis.com 443
192.168.56.101 49191 203.208.41.65 redirector.gvt1.com 80
205.185.208.154 443 192.168.56.101 49261

UDP

Source Source Port Destination Destination Port
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 54260 114.114.114.114 53
192.168.56.101 54991 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 60088 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60221 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56743 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57236 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=487dd49cc4d38995&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620818667&mv=m&mvi=3 
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=487dd49cc4d38995&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620818667&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=7661-19245
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: redirector.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=487dd49cc4d38995&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620818667&mv=m&mvi=3 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=487dd49cc4d38995&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620818667&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://134.209.193.138:443/vv7NTb7GsZT8r4YQ2k/LkhnkvPxuG/uNnyZma0TXdfwVTzLCj/Rqnyhaxtu9tE9/ongN6v/ 
POST /vv7NTb7GsZT8r4YQ2k/LkhnkvPxuG/uNnyZma0TXdfwVTzLCj/Rqnyhaxtu9tE9/ongN6v/ HTTP/1.1
Content-Type: multipart/form-data; boundary=-------------------------4c199693636d19b29185db221d9095b
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 134.209.193.138:443
Content-Length: 4532
Connection: Keep-Alive
Cache-Control: no-cache
http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620818425&mv=m&mvi=1&pl=23&shardbypass=yes 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620818425&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r1---sn-j5o7dn7e.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=487dd49cc4d38995&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620818667&mv=m&mvi=3 
GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=487dd49cc4d38995&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620818667&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT
Range: bytes=0-7660
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.