7.8
高危
该样本未表现出任何异常!
重新分析
更多

373750778a4684b2b78b73a323055d2d83d16ff15ccbd9d9ba4c92548d3851e6

a23f18eb51faaf3532bdf19c3dad59d8.exe

分析耗时

105s

最近分析

文件大小

568.0KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619822307.900876
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1619822292.103876
CryptGenKey
crypto_handle: 0x006338f8
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00632af0
flags: 1
key: f3'”3OL´8ÿ<5Öc
success 1 0
1619822308.010876
CryptExportKey
crypto_handle: 0x006338f8
crypto_export_handle: 0x00632bb8
buffer: f¤ý½‘IsjÇÓÿ&­Eè­iy½v»1QK µ}ÞÀô¸Œ¯âÞ3Ÿ·©ßâ.FDâZß5Ðr ó3¨Äëñ‰8P¼ e ÓèIrÂV”¶Q´«¹É7‹ßkˆ
blob_type: 1
flags: 64
success 1 0
1619822333.853876
CryptExportKey
crypto_handle: 0x006338f8
crypto_export_handle: 0x00632bb8
buffer: f¤q݉©®Ð ݨÓÖ%¡n«zLôƒf‰M`í¥³£N˜õæ þŽsb')^Á—O/ ¦òš¾³‚•‰Ú¿_쏙~âoŒs‚—OŠìÔJ+ËZ%Pg²}IµKQ¥J¾
blob_type: 1
flags: 64
success 1 0
This executable has a PDB path (1 个事件)
pdb_path c:\Users\User\Desktop\2005\27.5.20\ctrlbars\Release\ctrlbars.pdb
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1619781474.93775
NtAllocateVirtualMemory
process_identifier: 376
region_size: 40960
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003e0000
success 0 0
1619822344.541999
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000004040000
success 0 0
1619822290.213876
NtAllocateVirtualMemory
process_identifier: 2868
region_size: 40960
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003e0000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Moves the original executable to a new location (1 个事件)
Time & API Arguments Status Return Repeated
1619781484.92175
MoveFileWithProgressW
oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\a23f18eb51faaf3532bdf19c3dad59d8.exe
newfilepath: C:\Windows\SysWOW64\KBDINBE1\KBDINBE1.exe
newfilepath_r: C:\Windows\SysWOW64\KBDINBE1\KBDINBE1.exe
flags: 3
oldfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\a23f18eb51faaf3532bdf19c3dad59d8.exe
success 1 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619822308.369876
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process kbdinbe1.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619822308.197876
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 172.217.24.14
host 190.147.137.153
host 91.236.4.234
Installs itself for autorun at Windows startup (1 个事件)
service_name KBDINBE1 service_path C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\KBDINBE1\KBDINBE1.exe"
Created a service where a service was also not started (1 个事件)
Time & API Arguments Status Return Repeated
1619781486.21875
CreateServiceW
service_start_name:
start_type: 2
service_handle: 0x0053c468
display_name: KBDINBE1
error_control: 0
service_name: KBDINBE1
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\KBDINBE1\KBDINBE1.exe"
filepath_r: "C:\Windows\SysWOW64\KBDINBE1\KBDINBE1.exe"
service_manager_handle: 0x023dfd80
desired_access: 2
service_type: 16
password:
success 5489768 0
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619822310.947876
RegSetValueExA
key_handle: 0x000003a4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619822310.947876
RegSetValueExA
key_handle: 0x000003a4
value: ÀyÅ×ä=×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619822310.947876
RegSetValueExA
key_handle: 0x000003a4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619822310.947876
RegSetValueExW
key_handle: 0x000003a4
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619822310.947876
RegSetValueExA
key_handle: 0x000003bc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619822310.947876
RegSetValueExA
key_handle: 0x000003bc
value: ÀyÅ×ä=×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619822310.947876
RegSetValueExA
key_handle: 0x000003bc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619822310.947876
RegSetValueExW
key_handle: 0x000003a0
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Attempts to remove evidence of file being downloaded from the Internet (1 个事件)
file C:\Windows\SysWOW64\KBDINBE1\KBDINBE1.exe:Zone.Identifier
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (4 个事件)
dead_host 172.217.24.14:443
dead_host 190.147.137.153:443
dead_host 172.217.160.110:443
dead_host 91.236.4.234:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-05-28 04:26:43

Imports

Library KERNEL32.dll:
0x461198 SetErrorMode
0x4611a4 SetFileTime
0x4611a8 SetFileAttributesA
0x4611ac GetFileAttributesA
0x4611b0 GetFileTime
0x4611b4 HeapAlloc
0x4611b8 HeapFree
0x4611bc RtlUnwind
0x4611c0 HeapReAlloc
0x4611c4 RaiseException
0x4611c8 VirtualProtect
0x4611cc VirtualAlloc
0x4611d0 GetSystemInfo
0x4611d4 VirtualQuery
0x4611d8 GetCommandLineA
0x4611dc GetProcessHeap
0x4611e0 GetStartupInfoA
0x4611e4 ExitThread
0x4611e8 CreateThread
0x4611ec HeapSize
0x4611f0 FatalAppExitA
0x4611f4 VirtualFree
0x4611f8 HeapDestroy
0x4611fc HeapCreate
0x461200 GetStdHandle
0x461204 TerminateProcess
0x461210 IsDebuggerPresent
0x461228 SetHandleCount
0x46122c GetFileType
0x461234 GetTickCount
0x46123c GetACP
0x461248 GetConsoleCP
0x46124c GetConsoleMode
0x461250 LCMapStringA
0x461254 LCMapStringW
0x461258 GetStringTypeA
0x46125c GetStringTypeW
0x461260 GetTimeFormatA
0x461264 GetDateFormatA
0x461268 GetUserDefaultLCID
0x46126c EnumSystemLocalesA
0x461270 IsValidLocale
0x461274 IsValidCodePage
0x461278 GetLocaleInfoW
0x46127c SetStdHandle
0x461280 WriteConsoleA
0x461284 GetConsoleOutputCP
0x461288 WriteConsoleW
0x461294 CreateFileA
0x461298 GetShortPathNameA
0x46129c GetFullPathNameA
0x4612a4 FindFirstFileA
0x4612a8 FindClose
0x4612ac DuplicateHandle
0x4612b0 GetThreadLocale
0x4612b4 GetFileSize
0x4612b8 SetEndOfFile
0x4612bc UnlockFile
0x4612c0 LockFile
0x4612c4 FlushFileBuffers
0x4612c8 SetFilePointer
0x4612cc WriteFile
0x4612d0 ReadFile
0x4612d4 DeleteFileA
0x4612d8 MoveFileA
0x4612ec GetAtomNameA
0x4612f0 GetOEMCP
0x4612f4 GetCPInfo
0x4612f8 GlobalFlags
0x461300 TlsFree
0x461308 LocalReAlloc
0x46130c TlsSetValue
0x461310 TlsAlloc
0x461318 GlobalHandle
0x46131c GlobalReAlloc
0x461324 TlsGetValue
0x46132c LocalAlloc
0x461334 GetModuleFileNameW
0x461338 GetCurrentProcessId
0x46133c CreateEventA
0x461340 SuspendThread
0x461344 SetEvent
0x461348 WaitForSingleObject
0x46134c ResumeThread
0x461350 SetThreadPriority
0x461354 CloseHandle
0x461358 GetCurrentThread
0x461360 GetModuleFileNameA
0x461368 GetLocaleInfoA
0x46136c lstrcmpA
0x461370 FreeResource
0x461374 GetCurrentThreadId
0x461378 GlobalGetAtomNameA
0x46137c GlobalAddAtomA
0x461380 GlobalFindAtomA
0x461384 GlobalDeleteAtom
0x461388 FreeLibrary
0x46138c LoadLibraryA
0x461390 lstrcmpW
0x461394 GetModuleHandleA
0x461398 GetProcAddress
0x46139c GetVersionExA
0x4613a0 GlobalFree
0x4613a4 CopyFileA
0x4613a8 GlobalSize
0x4613ac GlobalAlloc
0x4613b0 GlobalLock
0x4613b4 GlobalUnlock
0x4613b8 FormatMessageA
0x4613bc LocalFree
0x4613c0 MulDiv
0x4613c4 SetLastError
0x4613c8 LoadLibraryExW
0x4613cc ExitProcess
0x4613d0 LoadLibraryExA
0x4613d4 GetCurrentProcess
0x4613d8 GetStringTypeExW
0x4613dc GetStringTypeExA
0x4613e8 lstrlenA
0x4613ec lstrcmpiW
0x4613f0 lstrcmpiA
0x4613f4 CompareStringW
0x4613f8 CompareStringA
0x4613fc lstrlenW
0x461400 GetVersion
0x461404 FindResourceA
0x461408 LoadResource
0x46140c LockResource
0x461410 SizeofResource
0x461414 GetLastError
0x461418 WideCharToMultiByte
0x46141c MultiByteToWideChar
0x461420 Sleep
0x461424 InterlockedExchange
Library USER32.dll:
0x4614f0 ReuseDDElParam
0x4614f4 UnpackDDElParam
0x4614f8 IsZoomed
0x4614fc IsRectEmpty
0x461500 DeleteMenu
0x461504 SetParent
0x461508 GetSysColorBrush
0x46150c InflateRect
0x461510 GetMenuItemInfoA
0x461514 DestroyIcon
0x461518 GetDialogBaseUnits
0x46151c UnregisterClassA
0x461520 GetDCEx
0x461524 LockWindowUpdate
0x461528 SetCapture
0x46152c GetKeyNameTextA
0x461530 MapVirtualKeyA
0x461534 UnionRect
0x461538 SetTimer
0x46153c SetRect
0x461540 SetRectEmpty
0x461544 EndPaint
0x461548 BeginPaint
0x46154c GetWindowDC
0x461550 ReleaseDC
0x461554 GetDC
0x461558 ClientToScreen
0x46155c GrayStringA
0x461560 DrawTextExA
0x461564 DrawTextA
0x461568 TabbedTextOutA
0x46156c FillRect
0x461570 ScrollWindowEx
0x461574 ShowWindow
0x461578 MoveWindow
0x46157c SetWindowTextA
0x461580 IsDialogMessageA
0x461584 IsDlgButtonChecked
0x461588 SetDlgItemTextA
0x46158c SetDlgItemInt
0x461590 GetDlgItemTextA
0x461594 GetDlgItemInt
0x461598 CheckRadioButton
0x46159c CheckDlgButton
0x4615a0 GetDesktopWindow
0x4615a8 GetNextDlgTabItem
0x4615ac EndDialog
0x4615b4 IsWindowEnabled
0x4615b8 ShowOwnedPopups
0x4615bc SetCursor
0x4615c0 GetMessageA
0x4615c4 TranslateMessage
0x4615c8 GetCursorPos
0x4615cc ValidateRect
0x4615d0 SetMenuItemBitmaps
0x4615d8 LoadBitmapA
0x4615dc ModifyMenuA
0x4615e0 EnableMenuItem
0x4615e4 CheckMenuItem
0x4615e8 LoadMenuA
0x4615f0 SendDlgItemMessageA
0x4615f4 WinHelpA
0x4615f8 IsChild
0x4615fc CallNextHookEx
0x461600 GetClassLongA
0x461604 GetClassNameA
0x461608 SetPropA
0x46160c GetPropA
0x461610 RemovePropA
0x461614 GetFocus
0x461618 IsWindow
0x46161c SetFocus
0x461624 GetWindowTextA
0x461628 GetForegroundWindow
0x46162c GetLastActivePopup
0x461630 DispatchMessageA
0x461634 BeginDeferWindowPos
0x461638 EndDeferWindowPos
0x46163c GetDlgItem
0x461640 GetTopWindow
0x461644 DestroyWindow
0x461648 UnhookWindowsHookEx
0x46164c GetMessageTime
0x461650 GetMessagePos
0x461654 PeekMessageA
0x461658 MapWindowPoints
0x46165c ScrollWindow
0x461660 TrackPopupMenuEx
0x461664 TrackPopupMenu
0x461668 GetKeyState
0x46166c SetScrollRange
0x461670 GetScrollRange
0x461674 SetScrollPos
0x461678 GetScrollPos
0x46167c SetForegroundWindow
0x461680 ShowScrollBar
0x461684 GetClientRect
0x461688 GetMenu
0x46168c PostMessageA
0x461690 MessageBoxA
0x461694 CreateWindowExA
0x461698 GetClassInfoExA
0x46169c GetWindow
0x4616a0 SendMessageA
0x4616a4 UpdateWindow
0x4616a8 SetActiveWindow
0x4616ac GetCapture
0x4616b0 GetActiveWindow
0x4616b4 GetClassInfoA
0x4616b8 RegisterClassA
0x4616bc GetSysColor
0x4616c0 AdjustWindowRectEx
0x4616c4 ScreenToClient
0x4616c8 EqualRect
0x4616cc DeferWindowPos
0x4616d0 CopyRect
0x4616d4 GetScrollInfo
0x4616d8 SetScrollInfo
0x4616dc PtInRect
0x4616e0 SetWindowPlacement
0x4616e4 GetDlgCtrlID
0x4616e8 DestroyMenu
0x4616ec ReleaseCapture
0x4616f0 LoadAcceleratorsA
0x4616f4 InsertMenuItemA
0x4616f8 CreatePopupMenu
0x4616fc BringWindowToTop
0x461700 SetMenu
0x461708 WindowFromPoint
0x46170c PostQuitMessage
0x461710 KillTimer
0x461714 GetParent
0x461718 CharLowerA
0x46171c CharLowerW
0x461720 CharUpperA
0x461724 CharUpperW
0x461728 GetSystemMenu
0x46172c InvalidateRect
0x461730 IsWindowVisible
0x461734 EnableWindow
0x461738 LoadCursorA
0x46173c LoadIconA
0x461740 GetSystemMetrics
0x461744 RemoveMenu
0x461748 GetSubMenu
0x46174c GetMenuItemCount
0x461750 InsertMenuA
0x461754 GetMenuItemID
0x461758 AppendMenuA
0x46175c DefWindowProcA
0x461760 CallWindowProcA
0x461764 GetWindowLongA
0x461768 SetWindowLongA
0x46176c SetWindowPos
0x461770 OffsetRect
0x461774 IntersectRect
0x46177c IsIconic
0x461780 GetWindowPlacement
0x461784 GetWindowRect
0x461788 GetMenuState
0x46178c GetMenuStringA
0x461790 SetWindowsHookExA
Library GDI32.dll:
0x461034 ScaleViewportExtEx
0x461038 SetWindowOrgEx
0x46103c OffsetWindowOrgEx
0x461040 SetWindowExtEx
0x461044 ScaleWindowExtEx
0x46104c ArcTo
0x461050 PolyDraw
0x461054 PolylineTo
0x461058 PolyBezierTo
0x46105c ExtSelectClipRgn
0x461060 DeleteDC
0x461068 CreatePatternBrush
0x46106c CreateCompatibleDC
0x461070 SelectPalette
0x461074 PlayMetaFileRecord
0x461078 GetObjectType
0x46107c SetViewportExtEx
0x461080 PlayMetaFile
0x461084 CreatePen
0x461088 ExtCreatePen
0x46108c CreateSolidBrush
0x461090 CreateHatchBrush
0x461094 GetCharWidthA
0x461098 CreateFontA
0x46109c StretchDIBits
0x4610a4 GetBkColor
0x4610a8 GetTextMetricsA
0x4610b4 SetRectRgn
0x4610b8 CombineRgn
0x4610bc GetMapMode
0x4610c0 PatBlt
0x4610c4 DPtoLP
0x4610c8 OffsetViewportOrgEx
0x4610cc GetWindowExtEx
0x4610d0 SetViewportOrgEx
0x4610d4 SelectObject
0x4610d8 Escape
0x4610dc ExtTextOutA
0x4610e0 TextOutA
0x4610e4 RectVisible
0x4610e8 PtVisible
0x4610ec StartDocA
0x4610f0 GetPixel
0x4610f4 EnumMetaFile
0x4610f8 CreateFontIndirectA
0x4610fc GetViewportExtEx
0x461100 SelectClipPath
0x461104 CreateRectRgn
0x461108 GetClipRgn
0x46110c SelectClipRgn
0x461110 DeleteObject
0x461114 SetColorAdjustment
0x461118 SetArcDirection
0x46111c SetMapperFlags
0x461128 SetTextAlign
0x46112c MoveToEx
0x461130 LineTo
0x461134 OffsetClipRgn
0x461138 IntersectClipRect
0x46113c ExcludeClipRect
0x461140 SetMapMode
0x461148 SetWorldTransform
0x46114c SetGraphicsMode
0x461150 SetStretchBltMode
0x461154 SetROP2
0x461158 SetPolyFillMode
0x46115c SetBkMode
0x461160 RestoreDC
0x461164 SaveDC
0x461168 CreateBitmap
0x46116c GetObjectA
0x461170 SetBkColor
0x461174 SetTextColor
0x461178 GetClipBox
0x46117c GetDCOrgEx
0x461180 CreateDCA
0x461184 CopyMetaFileA
0x461188 GetDeviceCaps
0x46118c GetStockObject
0x461190 BitBlt
Library comdlg32.dll:
0x4617a8 GetFileTitleA
Library WINSPOOL.DRV:
0x461798 ClosePrinter
0x46179c DocumentPropertiesA
0x4617a0 OpenPrinterA
Library ADVAPI32.dll:
0x461000 RegDeleteValueA
0x461004 RegSetValueExA
0x461008 RegCreateKeyExA
0x46100c RegQueryValueA
0x461010 RegEnumKeyA
0x461014 RegDeleteKeyA
0x461018 RegOpenKeyExA
0x46101c RegQueryValueExA
0x461020 RegOpenKeyA
0x461024 RegSetValueA
0x461028 RegCloseKey
0x46102c RegCreateKeyA
Library SHELL32.dll:
0x4614c4 DragQueryFileA
0x4614c8 ExtractIconA
0x4614cc SHGetFileInfoA
0x4614d0 DragFinish
Library SHLWAPI.dll:
0x4614dc PathFindFileNameA
0x4614e0 PathStripToRootA
0x4614e4 PathFindExtensionA
0x4614e8 PathIsUNCA
Library ole32.dll:
0x4617b0 ReleaseStgMedium
0x4617b4 CreateBindCtx
0x4617b8 CoTreatAsClass
0x4617bc StringFromCLSID
0x4617c0 ReadClassStg
0x4617c4 CoTaskMemAlloc
0x4617c8 OleRegGetUserType
0x4617cc WriteClassStg
0x4617d0 WriteFmtUserTypeStg
0x4617d4 SetConvertStg
0x4617d8 CoTaskMemFree
0x4617dc OleDuplicateData
0x4617e0 CoDisconnectObject
0x4617e4 CoCreateInstance
0x4617e8 StringFromGUID2
0x4617ec CLSIDFromString
0x4617f0 ReadFmtUserTypeStg
Library OLEAUT32.dll:
0x46142c VariantClear
0x461430 VariantChangeType
0x461434 VariantInit
0x461438 SysAllocStringLen
0x46143c SysStringLen
0x461440 SysFreeString
0x461448 SysStringByteLen
0x461450 SafeArrayAccessData
0x461454 SafeArrayGetUBound
0x461458 SafeArrayGetLBound
0x461460 SafeArrayGetDim
0x461464 SafeArrayCreate
0x461468 SafeArrayRedim
0x46146c VariantCopy
0x461470 SafeArrayAllocData
0x461478 SafeArrayCopy
0x46147c SafeArrayGetElement
0x461480 SafeArrayPtrOfIndex
0x461484 SafeArrayPutElement
0x461488 SafeArrayLock
0x46148c SafeArrayUnlock
0x461490 SafeArrayDestroy
0x4614a4 SysReAllocStringLen
0x4614a8 VarDateFromStr
0x4614ac VarBstrFromCy
0x4614b0 VarBstrFromDec
0x4614b4 VarDecFromStr
0x4614b8 VarCyFromStr
0x4614bc VarBstrFromDate

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 54178 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 60221 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.