9.2
极危
该样本未表现出任何异常!
重新分析
更多

c0f48db088676cd08bf440914a9c557decafeab4dff8a256d6ce7afc76242053

8fdc58a5523394076a8d5ee4cc5051f1.exe

分析耗时

114s

最近分析

文件大小

456.0KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1620845368.545126
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (4 个事件)
Time & API Arguments Status Return Repeated
1620845355.202126
CryptGenKey
crypto_handle: 0x006cc010
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00624238
flags: 1
key: f¿ë±—¿îçSÕfƒ'!º
success 1 0
1620845368.545126
CryptExportKey
crypto_handle: 0x006cc010
crypto_export_handle: 0x006cbf90
buffer: f¤-O¼¹"«­ä©tõ$^ÉE¢‹;èrà 5ÄË4p4“Ü® 'C'é,¼6V°£}ÂUúçÒxRR÷t ë——©Öå(»­QÖ£{js|Ae¬ëàe<"—Õ³ÛpõKT
blob_type: 1
flags: 64
success 1 0
1620845395.420126
CryptExportKey
crypto_handle: 0x006cc010
crypto_export_handle: 0x006cbf90
buffer: f¤S¾P;œ¢™[¡ _U_‰ iXgš;(þúŒv´d> ÈÈ÷6ð˜÷¹J‹‚þädþ=I÷ ï+3f—ön1€Ðû‚éÔ«)ï·¹>ªq½ë;é¦4C.⤯).Â_
blob_type: 1
flags: 64
success 1 0
1620845419.170126
CryptExportKey
crypto_handle: 0x006cc010
crypto_export_handle: 0x006cbf90
buffer: f¤õñN¿=÷ª™f[.ۊÚaúY°—.íןôѳ›…Iˆ êol¾d–“•iGÈp±¡2¹RòülÁ$×¢8•è؛÷ÔU’LPjÈAÃKRfdÖT•VœÄÝøò
blob_type: 1
flags: 64
success 1 0
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:3271049874&cup2hreq=aec94a26c8064fb66683009658477f8e3892f1647c159784f9f7c129fded784c
Performs some HTTP requests (4 个事件)
request HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620816260&mv=m&mvi=1&pl=23&shardbypass=yes
request HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=df87cbfb84631f46&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620816260&mv=m&mvi=3
request POST https://update.googleapis.com/service/update2?cup2key=10:3271049874&cup2hreq=aec94a26c8064fb66683009658477f8e3892f1647c159784f9f7c129fded784c
Sends data using the HTTP POST Method (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:3271049874&cup2hreq=aec94a26c8064fb66683009658477f8e3892f1647c159784f9f7c129fded784c
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1620808818.515375
NtAllocateVirtualMemory
process_identifier: 1888
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003d0000
success 0 0
1620808876.703625
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000004190000
success 0 0
1620845354.780126
NtAllocateVirtualMemory
process_identifier: 2032
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003c0000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
Moves the original executable to a new location (1 个事件)
Time & API Arguments Status Return Repeated
1620808820.343375
MoveFileWithProgressW
oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\8fdc58a5523394076a8d5ee4cc5051f1.exe
newfilepath: C:\Windows\SysWOW64\KBDHEB\devrtl.exe
newfilepath_r: C:\Windows\SysWOW64\KBDHEB\devrtl.exe
flags: 3
oldfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\8fdc58a5523394076a8d5ee4cc5051f1.exe
success 1 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620845368.999126
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process devrtl.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1620845368.670126
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (4 个事件)
host 172.217.24.14
host 212.51.142.238
host 47.146.117.214
host 62.108.54.22
Installs itself for autorun at Windows startup (1 个事件)
service_name devrtl service_path C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\KBDHEB\devrtl.exe"
Created a service where a service was also not started (1 个事件)
Time & API Arguments Status Return Repeated
1620808824.468375
CreateServiceW
service_start_name:
start_type: 2
service_handle: 0x025c7f28
display_name: devrtl
error_control: 0
service_name: devrtl
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\KBDHEB\devrtl.exe"
filepath_r: "C:\Windows\SysWOW64\KBDHEB\devrtl.exe"
service_manager_handle: 0x025d4970
desired_access: 2
service_type: 16
password:
success 39616296 0
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1620845371.577126
RegSetValueExA
key_handle: 0x000003a4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620845371.577126
RegSetValueExA
key_handle: 0x000003a4
value: Âû 0G×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620845371.577126
RegSetValueExA
key_handle: 0x000003a4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620845371.577126
RegSetValueExW
key_handle: 0x000003a4
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620845371.577126
RegSetValueExA
key_handle: 0x000003bc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620845371.577126
RegSetValueExA
key_handle: 0x000003bc
value: Âû 0G×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620845371.577126
RegSetValueExA
key_handle: 0x000003bc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620845371.577126
RegSetValueExW
key_handle: 0x000003a0
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Attempts to remove evidence of file being downloaded from the Internet (1 个事件)
file C:\Windows\SysWOW64\KBDHEB\devrtl.exe:Zone.Identifier
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (6 个事件)
dead_host 172.217.160.110:443
dead_host 172.217.24.14:443
dead_host 62.108.54.22:8080
dead_host 216.58.200.46:443
dead_host 212.51.142.238:8080
dead_host 47.146.117.214:80
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-07-30 16:22:39

Imports

Library KERNEL32.dll:
0x44d1a0 HeapCreate
0x44d1a4 VirtualFree
0x44d1a8 IsBadWritePtr
0x44d1ac GetStdHandle
0x44d1c4 SetHandleCount
0x44d1c8 GetFileType
0x44d1d0 GetCurrentProcessId
0x44d1d8 HeapDestroy
0x44d1dc LCMapStringW
0x44d1e4 IsBadReadPtr
0x44d1e8 IsBadCodePtr
0x44d1ec GetUserDefaultLCID
0x44d1f0 EnumSystemLocalesA
0x44d1f4 IsValidLocale
0x44d1f8 IsValidCodePage
0x44d1fc SetStdHandle
0x44d200 GetLocaleInfoW
0x44d208 GetStringTypeW
0x44d20c GetStringTypeA
0x44d214 HeapSize
0x44d218 TerminateProcess
0x44d21c HeapReAlloc
0x44d220 GetCommandLineA
0x44d224 GetStartupInfoA
0x44d228 VirtualQuery
0x44d22c GetSystemInfo
0x44d230 VirtualAlloc
0x44d234 VirtualProtect
0x44d238 HeapFree
0x44d23c HeapAlloc
0x44d240 RtlUnwind
0x44d244 GetTickCount
0x44d248 SetErrorMode
0x44d254 GetShortPathNameA
0x44d258 CreateFileA
0x44d260 FindFirstFileA
0x44d264 FindClose
0x44d268 DuplicateHandle
0x44d26c GetFileSize
0x44d270 SetEndOfFile
0x44d274 UnlockFile
0x44d278 LockFile
0x44d27c FlushFileBuffers
0x44d280 SetFilePointer
0x44d284 WriteFile
0x44d288 ReadFile
0x44d28c DeleteFileA
0x44d290 MoveFileA
0x44d298 RaiseException
0x44d29c GetOEMCP
0x44d2a0 GetCPInfo
0x44d2a8 GlobalFlags
0x44d2b0 TlsFree
0x44d2b8 LocalReAlloc
0x44d2bc TlsSetValue
0x44d2c0 TlsAlloc
0x44d2c8 TlsGetValue
0x44d2d0 GlobalHandle
0x44d2d4 GlobalReAlloc
0x44d2dc LocalAlloc
0x44d2e8 GetDiskFreeSpaceA
0x44d2ec GetFullPathNameA
0x44d2f0 GetTempFileNameA
0x44d2f4 GetFileTime
0x44d2f8 SetFileTime
0x44d2fc GetFileAttributesA
0x44d30c CloseHandle
0x44d310 GetCurrentThread
0x44d314 GetModuleFileNameA
0x44d320 lstrcpyA
0x44d324 lstrcmpA
0x44d328 SetLastError
0x44d32c GlobalFree
0x44d330 MulDiv
0x44d334 GlobalAlloc
0x44d338 GlobalLock
0x44d33c GlobalUnlock
0x44d340 FormatMessageA
0x44d344 LocalFree
0x44d348 FreeResource
0x44d34c GetCurrentThreadId
0x44d350 GlobalGetAtomNameA
0x44d354 GlobalAddAtomA
0x44d358 GlobalFindAtomA
0x44d35c GlobalDeleteAtom
0x44d360 LoadLibraryA
0x44d364 FreeLibrary
0x44d368 lstrcatA
0x44d36c lstrcmpW
0x44d370 lstrcpynA
0x44d374 GetModuleHandleA
0x44d378 GetStringTypeExA
0x44d37c CompareStringW
0x44d380 CompareStringA
0x44d384 lstrlenA
0x44d388 GetVersion
0x44d38c GetLastError
0x44d390 MultiByteToWideChar
0x44d394 lstrcmpiA
0x44d398 LoadLibraryExW
0x44d39c ExitProcess
0x44d3a0 LoadLibraryExA
0x44d3a4 GetProcAddress
0x44d3a8 GetCurrentProcess
0x44d3ac WideCharToMultiByte
0x44d3b0 FindResourceA
0x44d3b4 LoadResource
0x44d3b8 LockResource
0x44d3bc SizeofResource
0x44d3c0 GetVersionExA
0x44d3c4 GetThreadLocale
0x44d3c8 GetLocaleInfoA
0x44d3cc GetACP
0x44d3d0 LCMapStringA
0x44d3d4 InterlockedExchange
Library USER32.dll:
0x44d438 IsZoomed
0x44d43c GetCursorPos
0x44d440 WindowFromPoint
0x44d444 KillTimer
0x44d448 SetTimer
0x44d44c ClientToScreen
0x44d450 SetRect
0x44d454 wsprintfA
0x44d458 LoadMenuA
0x44d45c DestroyMenu
0x44d460 GetActiveWindow
0x44d464 UnpackDDElParam
0x44d468 ReuseDDElParam
0x44d46c ReleaseCapture
0x44d470 LoadAcceleratorsA
0x44d474 InvalidateRect
0x44d478 InsertMenuItemA
0x44d47c CreatePopupMenu
0x44d480 SetRectEmpty
0x44d484 BringWindowToTop
0x44d488 SetMenu
0x44d48c GetDesktopWindow
0x44d494 GetMenuStringA
0x44d498 AppendMenuA
0x44d49c InsertMenuA
0x44d4a0 RemoveMenu
0x44d4a4 SetMenuItemBitmaps
0x44d4a8 ModifyMenuA
0x44d4ac GetMenuState
0x44d4b0 EnableMenuItem
0x44d4b4 CheckMenuItem
0x44d4bc LoadBitmapA
0x44d4c0 IsWindowEnabled
0x44d4c4 ShowWindow
0x44d4c8 MoveWindow
0x44d4cc SetWindowTextA
0x44d4d0 IsDialogMessageA
0x44d4d4 SetDlgItemTextA
0x44d4dc WinHelpA
0x44d4e0 GetCapture
0x44d4e4 CreateWindowExA
0x44d4e8 SetWindowsHookExA
0x44d4ec CallNextHookEx
0x44d4f0 GetClassLongA
0x44d4f4 GetClassInfoExA
0x44d4f8 GetClassNameA
0x44d4fc SetPropA
0x44d500 GetPropA
0x44d504 RemovePropA
0x44d508 SendDlgItemMessageA
0x44d50c GetFocus
0x44d510 SetFocus
0x44d514 IsChild
0x44d51c GetLastActivePopup
0x44d520 SetActiveWindow
0x44d524 DispatchMessageA
0x44d528 BeginDeferWindowPos
0x44d52c MessageBeep
0x44d530 GetDlgItem
0x44d534 GetTopWindow
0x44d538 DestroyWindow
0x44d53c UnhookWindowsHookEx
0x44d540 GetMessageTime
0x44d544 LoadIconA
0x44d548 PeekMessageA
0x44d54c MapWindowPoints
0x44d550 ScrollWindow
0x44d554 MessageBoxA
0x44d558 TrackPopupMenu
0x44d55c GetKeyState
0x44d560 SetScrollRange
0x44d564 GetScrollRange
0x44d568 SetScrollPos
0x44d56c GetScrollPos
0x44d570 SetForegroundWindow
0x44d574 ShowScrollBar
0x44d578 IsWindowVisible
0x44d57c GetClientRect
0x44d580 GetMenu
0x44d584 PostMessageA
0x44d588 GetSubMenu
0x44d58c GetMenuItemID
0x44d590 GetMenuItemCount
0x44d594 GetSysColor
0x44d598 AdjustWindowRectEx
0x44d59c ScreenToClient
0x44d5a0 EqualRect
0x44d5a4 DeferWindowPos
0x44d5a8 GetScrollInfo
0x44d5ac SetScrollInfo
0x44d5b0 GetClassInfoA
0x44d5b4 RegisterClassA
0x44d5b8 UnregisterClassA
0x44d5bc GetDlgCtrlID
0x44d5c0 DefWindowProcA
0x44d5c4 GetNextDlgGroupItem
0x44d5c8 InvalidateRgn
0x44d5d4 DestroyIcon
0x44d5d8 DeleteMenu
0x44d5dc LockWindowUpdate
0x44d5e0 GetDCEx
0x44d5e4 CharNextA
0x44d5e8 GetSysColorBrush
0x44d5ec EndPaint
0x44d5f0 CallWindowProcA
0x44d5f4 GetWindowLongA
0x44d5f8 SetWindowLongA
0x44d5fc SetWindowPos
0x44d600 OffsetRect
0x44d604 IntersectRect
0x44d60c GetWindowPlacement
0x44d610 GetWindowRect
0x44d614 CopyRect
0x44d618 PtInRect
0x44d61c GetWindow
0x44d620 CharUpperA
0x44d62c LoadCursorA
0x44d630 SetCursor
0x44d634 GetSystemMetrics
0x44d638 GetForegroundWindow
0x44d63c GetWindowTextA
0x44d640 IsWindow
0x44d644 GetParent
0x44d648 IsIconic
0x44d64c SendMessageA
0x44d650 UpdateWindow
0x44d654 GetSystemMenu
0x44d658 EnableWindow
0x44d65c PostThreadMessageA
0x44d660 CreateMenu
0x44d664 SetParent
0x44d668 GetMessagePos
0x44d66c BeginPaint
0x44d670 GetWindowDC
0x44d674 GrayStringA
0x44d678 DrawTextExA
0x44d67c DrawTextA
0x44d680 TabbedTextOutA
0x44d684 GetMenuItemInfoA
0x44d688 InflateRect
0x44d68c SetCapture
0x44d690 SetWindowRgn
0x44d694 DrawIcon
0x44d698 FindWindowA
0x44d69c FillRect
0x44d6a0 DestroyCursor
0x44d6a4 ReleaseDC
0x44d6a8 MapDialogRect
0x44d6ac GetMessageA
0x44d6b0 TranslateMessage
0x44d6b4 ValidateRect
0x44d6b8 ShowOwnedPopups
0x44d6bc PostQuitMessage
0x44d6c4 GetNextDlgTabItem
0x44d6c8 EndDialog
0x44d6cc UnionRect
0x44d6d0 IsRectEmpty
0x44d6d4 EndDeferWindowPos
0x44d6d8 GetDC
Library GDI32.dll:
0x44d054 SetAbortProc
0x44d058 AbortDoc
0x44d05c EndDoc
0x44d060 CreateEllipticRgn
0x44d064 LPtoDP
0x44d068 Ellipse
0x44d06c CreateFontIndirectA
0x44d070 BitBlt
0x44d074 ExtTextOutA
0x44d078 SaveDC
0x44d07c RestoreDC
0x44d080 SetBkMode
0x44d084 SetPolyFillMode
0x44d088 SetROP2
0x44d08c SetStretchBltMode
0x44d090 SetMapMode
0x44d094 ExcludeClipRect
0x44d098 IntersectClipRect
0x44d09c LineTo
0x44d0a0 MoveToEx
0x44d0a4 SetTextAlign
0x44d0a8 SelectClipRgn
0x44d0ac CreateRectRgn
0x44d0b0 GetViewportExtEx
0x44d0b4 GetWindowExtEx
0x44d0b8 GetPixel
0x44d0bc PtVisible
0x44d0c0 RectVisible
0x44d0c4 TextOutA
0x44d0c8 Escape
0x44d0cc SetViewportOrgEx
0x44d0d0 EndPage
0x44d0d4 SetViewportExtEx
0x44d0d8 ScaleViewportExtEx
0x44d0dc SetWindowOrgEx
0x44d0e0 SetWindowExtEx
0x44d0e4 ScaleWindowExtEx
0x44d0ec ExtSelectClipRgn
0x44d0f0 CreatePatternBrush
0x44d0f4 CreateSolidBrush
0x44d0f8 GetTextColor
0x44d100 SetRectRgn
0x44d104 CombineRgn
0x44d108 GetMapMode
0x44d10c GetRgnBox
0x44d110 GetNearestColor
0x44d114 GetBkMode
0x44d118 GetPolyFillMode
0x44d11c GetROP2
0x44d120 GetStretchBltMode
0x44d124 GetTextAlign
0x44d128 GetTextFaceA
0x44d12c GetWindowOrgEx
0x44d130 StartPage
0x44d134 StartDocA
0x44d138 GetStockObject
0x44d13c PatBlt
0x44d140 Rectangle
0x44d144 DPtoLP
0x44d148 GetViewportOrgEx
0x44d14c CreatePen
0x44d150 CreateFontA
0x44d154 GetCharWidthA
0x44d158 DeleteObject
0x44d15c StretchDIBits
0x44d160 DeleteDC
0x44d168 GetTextMetricsA
0x44d16c SelectObject
0x44d170 GetBkColor
0x44d174 CreateCompatibleDC
0x44d17c CreateDCA
0x44d180 GetDeviceCaps
0x44d184 CreateBitmap
0x44d188 GetObjectA
0x44d18c SetBkColor
0x44d190 SetTextColor
0x44d194 OffsetViewportOrgEx
0x44d198 GetClipBox
Library comdlg32.dll:
0x44d6f4 GetFileTitleA
0x44d6f8 PrintDlgA
0x44d6fc GetSaveFileNameA
0x44d704 GetOpenFileNameA
Library WINSPOOL.DRV:
0x44d6e0 OpenPrinterA
0x44d6e4 DocumentPropertiesA
0x44d6e8 ClosePrinter
0x44d6ec GetJobA
Library ADVAPI32.dll:
0x44d000 GetFileSecurityA
0x44d004 RegCloseKey
0x44d008 RegSetValueA
0x44d00c RegOpenKeyA
0x44d010 RegQueryValueExA
0x44d014 RegOpenKeyExA
0x44d018 RegDeleteKeyA
0x44d01c RegEnumKeyA
0x44d020 RegQueryValueA
0x44d024 RegCreateKeyExA
0x44d028 RegSetValueExA
0x44d02c RegCreateKeyA
0x44d034 SetFileSecurityA
0x44d038 RegDeleteValueA
Library SHELL32.dll:
0x44d410 DragQueryFileA
0x44d414 ExtractIconA
0x44d418 SHGetFileInfoA
0x44d41c DragFinish
Library COMCTL32.dll:
0x44d040
0x44d044 ImageList_Draw
0x44d04c ImageList_Destroy
Library SHLWAPI.dll:
0x44d424 PathFindFileNameA
0x44d428 PathStripToRootA
0x44d42c PathFindExtensionA
0x44d430 PathIsUNCA
Library oledlg.dll:
0x44d75c
Library ole32.dll:
0x44d70c CoRevokeClassObject
0x44d714 OleFlushClipboard
0x44d72c CoGetClassObject
0x44d730 CoTaskMemAlloc
0x44d734 CoTaskMemFree
0x44d738 CLSIDFromString
0x44d73c CLSIDFromProgID
0x44d740 OleInitialize
0x44d748 OleUninitialize
0x44d754 IsAccelerator
Library OLEAUT32.dll:
0x44d3dc VariantClear
0x44d3e0 VariantInit
0x44d3e4 SysAllocStringLen
0x44d3e8 SysFreeString
0x44d3ec SysAllocString
0x44d3f0 SysStringLen
0x44d3f8 VariantCopy
0x44d3fc SafeArrayDestroy
0x44d408 VariantChangeType

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49197 113.108.239.194 r1---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49198 113.108.239.196 r3---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49192 203.208.40.34 update.googleapis.com 443
192.168.56.101 49195 203.208.41.65 redirector.gvt1.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 53500 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56743 114.114.114.114 53
192.168.56.101 58070 114.114.114.114 53
192.168.56.101 60088 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 54991 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: redirector.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=df87cbfb84631f46&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620816260&mv=m&mvi=3 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=df87cbfb84631f46&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620816260&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620816260&mv=m&mvi=1&pl=23&shardbypass=yes 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620816260&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r1---sn-j5o7dn7e.gvt1.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.