6.8
高危
2 个模型检测该样本为恶意!
重新分析
更多

17d6771399301a372ab1ded9583c39202cbad24f841ba6ba509e483c42ad3460

9533fe40d9fb00fa9782f09570632091.exe

分析耗时

106s

最近分析

文件大小

9.8MB
静态报毒 动态报毒 BUNPOT IGENT
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast 20210317 21.1.5827.0
Tencent 20210317 1.0.0.1
Kingsoft 20210317 2017.9.26.565
McAfee 20210317 6.0.6.653
CrowdStrike 20210203 1.0
静态指标
This executable is signed
This executable has a PDB path (1 个事件)
pdb_path C:\VisualStudio\Projects\UltraAdwareKiller\Release\UltraAdwareKiller.pdb
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name IMAGE
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=10:917527175&cup2hreq=92e922f2985bfc4d22fdfa550bdf2061b35d469c3f267280d3fb74260fb1252f
Performs some HTTP requests (4 个事件)
request HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe
request HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620806423&mv=m&mvi=1&pl=23&shardbypass=yes
request HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=95fe2b88d78e9322&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620806423&mv=m&mvi=3
request POST https://update.googleapis.com/service/update2?cup2key=10:917527175&cup2hreq=92e922f2985bfc4d22fdfa550bdf2061b35d469c3f267280d3fb74260fb1252f
Sends data using the HTTP POST Method (1 个事件)
request POST https://update.googleapis.com/service/update2?cup2key=10:917527175&cup2hreq=92e922f2985bfc4d22fdfa550bdf2061b35d469c3f267280d3fb74260fb1252f
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\9533fe40d9fb00fa9782f0957063209164.exe
File has been identified by 2 AntiVirus engines on VirusTotal as malicious (2 个事件)
Paloalto generic.ml
Yandex Trojan.Igent.bUnPOT.6
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620835541.359375
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.910422318507492 section {'size_of_data': '0x008ffa00', 'virtual_address': '0x000cf000', 'entropy': 7.910422318507492, 'name': '.rsrc', 'virtual_size': '0x008ff938'} description A section with a high entropy has been found
entropy 0.91631861575179 description Overall entropy of this PE file is high
Checks for the Locally Unique Identifier on the system for a suspicious privilege (18 个事件)
Time & API Arguments Status Return Repeated
1620835539.984375
LookupPrivilegeValueW
system_name:
privilege_name: SeRestorePrivilege
success 1 0
1620835539.984375
LookupPrivilegeValueW
system_name:
privilege_name: SeTakeOwnershipPrivilege
success 1 0
1620835539.984375
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1620835539.984375
LookupPrivilegeValueW
system_name:
privilege_name: SeSecurityPrivilege
success 1 0
1620835540.000375
LookupPrivilegeValueW
system_name:
privilege_name: SeBackupPrivilege
success 1 0
1620835540.000375
LookupPrivilegeValueW
system_name:
privilege_name: SeAssignPrimaryTokenPrivilege
success 1 0
1620835540.000375
LookupPrivilegeValueW
system_name:
privilege_name: SeTrustedCredManAccessPrivilege
success 1 0
1620835540.000375
LookupPrivilegeValueW
system_name:
privilege_name: SeTcbPrivilege
success 1 0
1620835540.000375
LookupPrivilegeValueW
system_name:
privilege_name: SeShutdownPrivilege
success 1 0
1620835132.097021
LookupPrivilegeValueW
system_name:
privilege_name: SeRestorePrivilege
success 1 0
1620835132.097021
LookupPrivilegeValueW
system_name:
privilege_name: SeTakeOwnershipPrivilege
success 1 0
1620835132.097021
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1620835132.097021
LookupPrivilegeValueW
system_name:
privilege_name: SeSecurityPrivilege
success 1 0
1620835132.097021
LookupPrivilegeValueW
system_name:
privilege_name: SeBackupPrivilege
success 1 0
1620835132.097021
LookupPrivilegeValueW
system_name:
privilege_name: SeAssignPrimaryTokenPrivilege
success 1 0
1620835132.097021
LookupPrivilegeValueW
system_name:
privilege_name: SeTrustedCredManAccessPrivilege
success 1 0
1620835132.097021
LookupPrivilegeValueW
system_name:
privilege_name: SeTcbPrivilege
success 1 0
1620835132.097021
LookupPrivilegeValueW
system_name:
privilege_name: SeShutdownPrivilege
success 1 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1620835544.015375
RegSetValueExA
key_handle: 0x000003b8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620835544.015375
RegSetValueExA
key_handle: 0x000003b8
value: ðÕ"CG×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620835544.015375
RegSetValueExA
key_handle: 0x000003b8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620835544.015375
RegSetValueExW
key_handle: 0x000003b8
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620835544.015375
RegSetValueExA
key_handle: 0x000003d4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620835544.015375
RegSetValueExA
key_handle: 0x000003d4
value: ðÕ"CG×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620835544.015375
RegSetValueExA
key_handle: 0x000003d4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620835544.093375
RegSetValueExW
key_handle: 0x000003b4
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1620835547.812375
RegSetValueExA
key_handle: 0x000001f8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620835547.828375
RegSetValueExA
key_handle: 0x000001f8
value: @6fCG×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620835547.828375
RegSetValueExA
key_handle: 0x000001f8
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620835547.828375
RegSetValueExW
key_handle: 0x000001f8
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620835547.828375
RegSetValueExA
key_handle: 0x000001b0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620835547.828375
RegSetValueExA
key_handle: 0x000001b0
value: @6fCG×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620835547.828375
RegSetValueExA
key_handle: 0x000001b0
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 216.58.200.46:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-24 03:06:45

Imports

Library KERNEL32.dll:
0x48c198 GetStringTypeW
0x48c19c HeapAlloc
0x48c1a0 HeapFree
0x48c1a4 GetACP
0x48c1a8 GetModuleHandleExW
0x48c1ac GetStdHandle
0x48c1b0 LoadLibraryExW
0x48c1b4 TlsFree
0x48c1b8 TlsSetValue
0x48c1bc TlsGetValue
0x48c1c0 TlsAlloc
0x48c1d4 EncodePointer
0x48c1d8 RaiseException
0x48c1dc RtlUnwind
0x48c1e0 GetStartupInfoW
0x48c1e4 IsDebuggerPresent
0x48c1e8 InitializeSListHead
0x48c1ec GetCurrentThreadId
0x48c1fc FindFirstFileExW
0x48c200 IsValidCodePage
0x48c204 GetOEMCP
0x48c208 GetCPInfo
0x48c20c GetCommandLineA
0x48c210 GetCommandLineW
0x48c21c LCMapStringW
0x48c220 SetStdHandle
0x48c224 GetFileType
0x48c228 GetProcessHeap
0x48c22c HeapSize
0x48c230 Thread32Next
0x48c234 TerminateThread
0x48c238 SuspendThread
0x48c23c OpenThread
0x48c240 Thread32First
0x48c244 TerminateProcess
0x48c248 WaitForSingleObject
0x48c24c Process32NextW
0x48c250 Process32FirstW
0x48c258 SetLastError
0x48c264 GetLocalTime
0x48c274 CreateDirectoryW
0x48c278 CopyFileW
0x48c27c HeapReAlloc
0x48c280 FlushFileBuffers
0x48c284 GetConsoleCP
0x48c288 GetConsoleMode
0x48c28c WriteConsoleW
0x48c290 DecodePointer
0x48c294 GetProcAddress
0x48c298 LoadLibraryW
0x48c29c FreeLibrary
0x48c2a4 SetErrorMode
0x48c2a8 GetShortPathNameW
0x48c2b0 Module32NextW
0x48c2b4 Module32FirstW
0x48c2c4 GetCurrentProcessId
0x48c2cc GetComputerNameW
0x48c2d0 LockResource
0x48c2d4 LoadResource
0x48c2d8 SizeofResource
0x48c2dc FindResourceW
0x48c2e0 GetModuleHandleW
0x48c2e4 Sleep
0x48c2e8 GetExitCodeProcess
0x48c2ec GetProcessId
0x48c2f0 CreateProcessW
0x48c2f4 ExitProcess
0x48c2f8 GetModuleFileNameW
0x48c2fc SetFilePointer
0x48c300 WriteFile
0x48c304 SetFilePointerEx
0x48c308 GetFileSize
0x48c310 RemoveDirectoryW
0x48c314 MoveFileExW
0x48c318 GetLastError
0x48c31c DeleteFileW
0x48c320 UnmapViewOfFile
0x48c324 ReadFile
0x48c328 GetFileSizeEx
0x48c32c SetFileTime
0x48c330 GetFileTime
0x48c334 SetFileAttributesW
0x48c338 GetFileAttributesW
0x48c33c CreateFileW
0x48c340 GetTempPathW
0x48c348 GetLongPathNameW
0x48c34c GetSystemDirectoryW
0x48c350 SleepEx
0x48c354 CreateThread
0x48c358 GetCurrentProcess
0x48c35c VerifyVersionInfoW
0x48c360 VerSetConditionMask
0x48c364 GetExitCodeThread
0x48c368 MultiByteToWideChar
0x48c378 WideCharToMultiByte
0x48c37c LocalAlloc
0x48c380 LocalFree
0x48c384 WriteProcessMemory
0x48c388 ReadProcessMemory
0x48c38c VirtualAllocEx
0x48c390 VirtualFreeEx
0x48c394 OpenProcess
0x48c398 FindNextFileW
0x48c39c FindClose
0x48c3a0 FindFirstFileW
0x48c3a4 CloseHandle
Library USER32.dll:
0x48c42c GetMenuItemInfoW
0x48c430 SetMenuItemInfoW
0x48c434 SetClassLongW
0x48c438 RemoveMenu
0x48c43c InsertMenuItemW
0x48c440 TranslateMessage
0x48c444 PeekMessageW
0x48c448 GetMenuItemID
0x48c44c IsWindowEnabled
0x48c450 GetFocus
0x48c454 GetMenuStringW
0x48c458 TrackPopupMenu
0x48c45c GetSysColor
0x48c460 DeleteMenu
0x48c464 GetWindowRgnBox
0x48c468 wsprintfW
0x48c46c SetWindowTextW
0x48c470 DispatchMessageW
0x48c478 GetWindowRect
0x48c47c GetWindowRgn
0x48c480 SendMessageW
0x48c484 GetIconInfo
0x48c488 GetSystemMetrics
0x48c48c GetDC
0x48c490 DrawIconEx
0x48c494 ReleaseDC
0x48c49c DefDlgProcW
0x48c4a0 GetAsyncKeyState
0x48c4a4 EnableWindow
0x48c4a8 BringWindowToTop
0x48c4ac UpdateWindow
0x48c4b0 DestroyIcon
0x48c4b4 GetClientRect
0x48c4b8 GetParent
0x48c4bc MapWindowPoints
0x48c4c0 InvalidateRect
0x48c4c4 SetWindowRgn
0x48c4c8 IsWindowVisible
0x48c4cc IsWindow
0x48c4d0 FillRect
0x48c4d8 GetWindowInfo
0x48c4dc DefWindowProcW
0x48c4e0 EnumChildWindows
0x48c4e4 GetClassNameW
0x48c4e8 EnumWindows
0x48c4ec GetClassLongW
0x48c4f0 GetWindowLongW
0x48c4f4 WindowFromPoint
0x48c4f8 SetForegroundWindow
0x48c4fc SetFocus
0x48c500 PostMessageW
0x48c504 FindWindowExW
0x48c508 SetCursor
0x48c50c GetUpdateRect
0x48c510 BeginPaint
0x48c514 GetWindowDC
0x48c518 GetSysColorBrush
0x48c51c EndPaint
0x48c520 GetMessageW
0x48c524 SetWindowLongW
0x48c528 RedrawWindow
0x48c52c LoadCursorW
0x48c530 CreateWindowExW
0x48c534 GetForegroundWindow
0x48c538 CreatePopupMenu
0x48c53c GetClassInfoExW
0x48c540 AdjustWindowRectEx
0x48c544 ShowWindow
0x48c548 AdjustWindowRect
0x48c54c DestroyWindow
0x48c550 DestroyMenu
0x48c558 UnregisterClassW
0x48c55c FindWindowW
0x48c560 DeferWindowPos
0x48c564 BeginDeferWindowPos
0x48c568 EndDeferWindowPos
0x48c56c RegisterClassExW
0x48c574 IsDialogMessageW
0x48c57c CopyImage
0x48c580 SetMenuDefaultItem
0x48c584 ShowWindowAsync
0x48c588 SetMenuInfo
0x48c58c ExitWindowsEx
0x48c590 SetWindowPos
Library GDI32.dll:
0x48c120 SetBkColor
0x48c124 SelectObject
0x48c128 BitBlt
0x48c12c GetObjectW
0x48c130 SetBkMode
0x48c134 CreateFontW
0x48c138 DeleteObject
0x48c13c CreatePatternBrush
0x48c140 CreateSolidBrush
0x48c144 DeleteDC
0x48c14c StretchBlt
0x48c150 SetStretchBltMode
0x48c154 CreateDIBSection
0x48c158 GetBkColor
0x48c15c SetTextColor
0x48c160 GetStockObject
0x48c164 CreateRectRgn
0x48c168 CombineRgn
0x48c16c FillRgn
0x48c170 OffsetRgn
0x48c174 ExtSelectClipRgn
0x48c178 ExcludeClipRect
0x48c17c SelectClipRgn
0x48c184 SetBrushOrgEx
0x48c188 PatBlt
0x48c18c GetDeviceCaps
0x48c190 CreateCompatibleDC
Library COMDLG32.dll:
0x48c114 GetSaveFileNameW
0x48c118 GetOpenFileNameW
Library ADVAPI32.dll:
0x48c000 CryptDecrypt
0x48c004 CryptDestroyKey
0x48c008 CryptEncrypt
0x48c00c CryptSetKeyParam
0x48c010 CryptImportKey
0x48c014 CryptDestroyHash
0x48c018 CryptGetHashParam
0x48c01c CryptHashData
0x48c020 CryptReleaseContext
0x48c024 CryptCreateHash
0x48c034 OpenProcessToken
0x48c038 RegDeleteKeyW
0x48c03c RegCreateKeyW
0x48c040 RegDeleteValueW
0x48c044 RegSetValueExW
0x48c048 RegQueryInfoKeyW
0x48c04c RegEnumValueW
0x48c050 RegEnumKeyExW
0x48c054 RegQueryValueExW
0x48c058 RegCloseKey
0x48c05c RegOpenKeyExW
0x48c060 RegCreateKeyExW
0x48c064 RegSetKeySecurity
0x48c07c GetAce
0x48c080 EqualSid
0x48c084 IsValidAcl
0x48c08c AddAce
0x48c090 GetLengthSid
0x48c094 IsValidSid
0x48c098 InitializeAcl
0x48c09c CreateWellKnownSid
0x48c0a0 LookupAccountNameW
0x48c0a8 CloseServiceHandle
0x48c0ac OpenSCManagerW
0x48c0b0 OpenServiceW
0x48c0b4 QueryServiceStatus
0x48c0b8 RegLoadKeyW
0x48c0c0 LookupAccountSidW
0x48c0c4 GetUserNameW
0x48c0c8 RegUnLoadKeyW
0x48c0cc StartServiceW
0x48c0d0 ControlService
0x48c0d8 GetTokenInformation
Library SHELL32.dll:
0x48c3dc ShellExecuteExW
0x48c3e0
0x48c3e8
0x48c3ec DragQueryPoint
0x48c3f0 DragFinish
0x48c3f4 DragQueryFileW
0x48c3f8 Shell_NotifyIconW
0x48c3fc SHGetFolderPathW
0x48c400 CommandLineToArgvW
0x48c404 SHChangeNotify
Library ole32.dll:
0x48c75c CoTaskMemFree
0x48c760 CoCreateInstance
0x48c764 CoInitialize
0x48c768 CoUninitialize
Library OLEAUT32.dll:
0x48c3bc SysAllocString
0x48c3c0 VariantClear
0x48c3c4 VariantInit
0x48c3c8 SysFreeString
Library SHLWAPI.dll:
0x48c40c
0x48c410 UrlEscapeW
0x48c414 PathIsRootW
0x48c41c PathFindOnPathW
0x48c420 PathFileExistsW
0x48c424 PathIsDirectoryW
Library NETAPI32.dll:
0x48c3b0 NetUserEnum
0x48c3b4 NetApiBufferFree
Library VERSION.dll:
0x48c5b0 VerQueryValueW
0x48c5b4 GetFileVersionInfoW
Library WINTRUST.dll:
0x48c620 WinVerifyTrust
Library sfc.dll:
0x48c774 SfcIsFileProtected
Library USERENV.dll:
Library gdiplus.dll:
0x48c644 GdipFillRectangle
0x48c648 GdipFillRectangleI
0x48c64c GdipFillPolygonI
0x48c650 GdipFillPath
0x48c654 GdipDrawString
0x48c658 GdipDrawImageRect
0x48c65c GdipDrawImageI
0x48c660 GdipDrawImageRectI
0x48c66c GdipDeleteRegion
0x48c670 GdipGetRegionHRgn
0x48c680 GdipCreateFont
0x48c684 GdipDeleteFont
0x48c688 GdiplusStartup
0x48c68c GdiplusShutdown
0x48c690 GdipDrawRectangleI
0x48c694 GdipDrawArc
0x48c698 GdipDrawLineI
0x48c6b4 GdipDeleteGraphics
0x48c6b8 GdipDrawPath
0x48c6bc GdipCreateFromHWND
0x48c6c0 GdipCreateFromHDC
0x48c6c4 GdipAddPathPolygon
0x48c6c8
0x48c6cc GdipAddPathLine
0x48c6d0 GdipClosePathFigure
0x48c6d4 GdipResetPath
0x48c6d8 GdipDeletePath
0x48c6dc GdipCreatePath
0x48c6f0 GdipSetPenDashStyle
0x48c6f4 GdipSetPenEndCap
0x48c6f8 GdipDeletePen
0x48c6fc GdipCreatePen1
0x48c700 GdipSetLineColors
0x48c708 GdipDisposeImage
0x48c70c GdipCreateSolidFill
0x48c710 GdipCloneBrush
0x48c714 GdipDeleteBrush
0x48c724 GdipAlloc
0x48c728 GdipFree
0x48c73c GdipGetImageHeight
0x48c740 GdipGetImageWidth
0x48c748 GdipCloneImage
Library PSAPI.DLL:
0x48c3d0 EnumProcesses
Library COMCTL32.dll:
0x48c0e0 ImageList_Destroy
0x48c0e4 ImageList_Create
0x48c0e8 ImageList_Add
0x48c0ec ImageList_Remove
0x48c0f0 ImageList_Replace
0x48c0f4
0x48c0f8
0x48c0fc
0x48c104 ImageList_DrawEx
0x48c10c ImageList_GetIcon
Library UxTheme.dll:
0x48c5a8 SetWindowTheme
Library WTSAPI32.dll:
0x48c638 WTSFreeMemory
Library WININET.dll:
0x48c5e8 FtpGetFileSize
0x48c5f0 InternetOpenW
0x48c5f4 InternetSetOptionW
0x48c5f8 InternetOpenUrlW
0x48c5fc HttpQueryInfoW
0x48c600 InternetCrackUrlW
0x48c604 InternetReadFile
0x48c608 InternetCloseHandle
0x48c60c FtpOpenFileW
0x48c610 InternetConnectW

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49193 113.108.239.194 r1---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49194 113.108.239.196 r3---sn-j5o7dn7e.gvt1.com 80
192.168.56.101 49191 203.208.41.65 redirector.gvt1.com 80
192.168.56.101 49190 203.208.41.66 update.googleapis.com 443
192.168.56.101 49179 70.39.144.155 www.carifred.com 443
192.168.56.101 49180 70.39.144.155 www.carifred.com 443
192.168.56.101 49181 70.39.144.155 www.carifred.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 53380 114.114.114.114 53
192.168.56.101 54991 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 56743 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 58070 114.114.114.114 53
192.168.56.101 58970 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 54178 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: redirector.gvt1.com
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=95fe2b88d78e9322&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620806423&mv=m&mvi=3 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=95fe2b88d78e9322&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620806423&mv=m&mvi=3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r3---sn-j5o7dn7e.gvt1.com
http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620806423&mv=m&mvi=1&pl=23&shardbypass=yes 
HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620806423&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
X-Old-UID: cnt=0
X-Last-HR: 0x0
X-Last-HTTP-Status-Code: 0
X-Retry-Count: 0
X-HTTP-Attempts: 1
Host: r1---sn-j5o7dn7e.gvt1.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.