2.8
中危
1 个模型检测该样本为恶意!
重新分析
更多

495f1ef3b119654c86dacdfa222f4fb097a11f6975836b0283ec2fd8f9e1d8f5

c06bbebca7ce06e2fc56fbb352a63f25.exe

分析耗时

29s

最近分析

文件大小

3.5MB
静态报毒 动态报毒 SUSGEN
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
CrowdStrike 20190702 1.0
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast 20200801 18.4.3895.0
Tencent 20200801 1.0.0.1
Kingsoft 20200801 2013.8.14.323
McAfee 20200801 6.0.6.653
静态指标
Checks if process is being debugged by a debugger (1 个事件)
Time & API Arguments Status Return Repeated
1621008157.365895
IsDebuggerPresent
failed 0 0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (2 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DigitalProductId
This executable is signed
This executable has a PDB path (1 个事件)
pdb_path opera_autoupdate.exe.pdb
The executable contains unknown PE section names indicative of a packer (could be a false positive) (4 个事件)
section .00cfg
section .retplne
section CPADinfo
section prot
The file contains an unknown PE resource name possibly indicative of a packer (2 个事件)
resource name PNG
resource name TXT
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1621008157.72552
__exception__
stacktrace: 
GetHandleVerifier-0x63aad c06bbebca7ce06e2fc56fbb352a63f25+0x136133 @ 0x13ff26133
GetHandleVerifier-0x194e72 c06bbebca7ce06e2fc56fbb352a63f25+0x4d6e @ 0x13fdf4d6e
GetHandleVerifier-0x1981d5 c06bbebca7ce06e2fc56fbb352a63f25+0x1a0b @ 0x13fdf1a0b
GetHandleVerifier+0xeb713 c06bbebca7ce06e2fc56fbb352a63f25+0x2852f3 @ 0x1400752f3
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x77a4652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x77b7c521

registers.r14: 0
registers.r9: 1438364
registers.rcx: 1438240
registers.rsi: 0
registers.r10: 346
registers.rbx: 0
registers.rdi: 0
registers.r11: 1438240
registers.r8: 5368652768
registers.rdx: 199
registers.rbp: 0
registers.r15: 0
registers.r12: 0
registers.rsp: 1439856
registers.rax: 0
registers.r13: 0
exception.instruction_r: cc 0f 0b 6a 17 0f 0b cc cc cc cc cc cc 56 57 48
exception.symbol: GetHandleVerifier-0x63aad c06bbebca7ce06e2fc56fbb352a63f25+0x136133
exception.instruction: int3
exception.module: c06bbebca7ce06e2fc56fbb352a63f25.exe
exception.exception_code: 0x80000003
exception.offset: 1270067
exception.address: 0x13ff26133
success 0 0
行为判定
动态指标
Foreign language identified in PE resource (45 个事件)
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
name RT_STRING language LANG_SERBIAN offset 0x0038a2f0 filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC size 0x00000090
File has been identified by one AntiVirus engine on VirusTotal as malicious (1 个事件)
MaxSecure Trojan.Malware.74622476.susgen
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-07-11 13:00:00

Imports

Library ADVAPI32.dll:
0x140348d30 AccessCheck
0x140348d38 AdjustTokenPrivileges
0x140348d40 AllocateAndInitializeSid
0x140348d50 CheckTokenMembership
0x140348d60 CreateProcessAsUserW
0x140348d68 CredFree
0x140348d70 CredReadW
0x140348d78 CredWriteW
0x140348d80 CryptAcquireContextW
0x140348d88 CryptCreateHash
0x140348d90 CryptDestroyHash
0x140348d98 CryptGenRandom
0x140348da0 CryptGetHashParam
0x140348da8 CryptHashData
0x140348db0 CryptReleaseContext
0x140348db8 DuplicateToken
0x140348dc0 EqualSid
0x140348dc8 EventRegister
0x140348dd0 EventUnregister
0x140348dd8 EventWrite
0x140348de0 FreeSid
0x140348df0 GetNamedSecurityInfoW
0x140348df8 GetTokenInformation
0x140348e00 GetUserNameW
0x140348e10 InitializeAcl
0x140348e20 LookupPrivilegeValueW
0x140348e28 OpenProcessToken
0x140348e30 RegCloseKey
0x140348e38 RegCreateKeyExW
0x140348e40 RegDeleteKeyExW
0x140348e48 RegDeleteKeyW
0x140348e50 RegDeleteValueA
0x140348e58 RegDeleteValueW
0x140348e60 RegEnumKeyExW
0x140348e68 RegEnumValueW
0x140348e70 RegGetKeySecurity
0x140348e78 RegNotifyChangeKeyValue
0x140348e80 RegOpenKeyExW
0x140348e88 RegQueryInfoKeyW
0x140348e90 RegQueryValueExA
0x140348e98 RegQueryValueExW
0x140348ea0 RegSetValueExA
0x140348ea8 RegSetValueExW
0x140348eb0 RevertToSelf
0x140348eb8 SetEntriesInAclW
0x140348ec0 SetNamedSecurityInfoW
0x140348ed0 SystemFunction036
Library OLEAUT32.dll:
0x140348ee0 SysAllocString
0x140348ee8 SysFreeString
0x140348ef0 SysStringLen
0x140348ef8 VarUI4FromStr
0x140348f00 VariantChangeType
0x140348f08 VariantClear
0x140348f10 VariantCopy
0x140348f18 VariantInit
Library SHELL32.dll:
0x140348f28 CommandLineToArgvW
0x140348f38 SHChangeNotify
0x140348f48 SHGetFolderPathW
0x140348f50 SHGetKnownFolderPath
0x140348f58 SHOpenWithDialog
0x140348f60 ShellExecuteExW
Library SHLWAPI.dll:
0x140348f70 PathMatchSpecW
0x140348f78 SHDeleteKeyW
Library USER32.dll:
0x140348f88 AllowSetForegroundWindow
0x140348f90 CharNextW
0x140348f98 CreateWindowExW
0x140348fa0 DefWindowProcW
0x140348fa8 DestroyWindow
0x140348fb0 DispatchMessageW
0x140348fb8 GetForegroundWindow
0x140348fc0 GetMessageW
0x140348fc8 GetQueueStatus
0x140348fd0 GetWindowLongPtrW
0x140348fd8 KillTimer
0x140348fe0 MessageBoxW
0x140348ff0 PeekMessageW
0x140348ff8 PostMessageW
0x140349000 PostQuitMessage
0x140349008 RegisterClassExW
0x140349010 RegisterClassW
0x140349018 SendNotifyMessageW
0x140349020 SetForegroundWindow
0x140349028 SetTimer
0x140349030 SetWindowLongPtrW
0x140349038 TranslateMessage
0x140349040 UnregisterClassW
0x140349048 WaitForInputIdle
0x140349050 wsprintfW
Library VERSION.dll:
0x140349060 GetFileVersionInfoSizeW
0x140349068 GetFileVersionInfoW
0x140349070 VerQueryValueW
Library WS2_32.dll:
0x140349080 WSACleanup
0x140349088 WSAGetLastError
0x140349090 WSAIoctl
0x140349098 WSASetLastError
0x1403490a0 WSAStartup
0x1403490a8 __WSAFDIsSet
0x1403490b0 bind
0x1403490b8 closesocket
0x1403490c0 connect
0x1403490c8 freeaddrinfo
0x1403490d0 getaddrinfo
0x1403490d8 getpeername
0x1403490e0 getsockname
0x1403490e8 getsockopt
0x1403490f0 htons
0x1403490f8 ioctlsocket
0x140349100 ntohl
0x140349108 ntohs
0x140349110 recv
0x140349118 select
0x140349120 send
0x140349128 setsockopt
0x140349130 socket
Library KERNEL32.dll:
0x140349140 AcquireSRWLockExclusive
0x140349148 AssignProcessToJobObject
0x140349150 CancelIo
0x140349158 CloseHandle
0x140349160 CloseThreadpool
0x140349168 CloseThreadpoolWork
0x140349170 CompareStringW
0x140349178 ConnectNamedPipe
0x140349180 CopyFileW
0x140349188 CreateDirectoryW
0x140349190 CreateEventW
0x140349198 CreateFileA
0x1403491a0 CreateFileMappingW
0x1403491a8 CreateFileW
0x1403491b0 CreateIoCompletionPort
0x1403491b8 CreateMutexW
0x1403491c0 CreateNamedPipeW
0x1403491c8 CreatePipe
0x1403491d0 CreateProcessW
0x1403491d8 CreateSemaphoreW
0x1403491e0 CreateThread
0x1403491e8 CreateThreadpool
0x1403491f0 CreateThreadpoolWork
0x1403491f8 DecodePointer
0x140349200 DeleteCriticalSection
0x140349208 DeleteFileW
0x140349210 DeviceIoControl
0x140349218 DisconnectNamedPipe
0x140349220 DuplicateHandle
0x140349228 EncodePointer
0x140349230 EnterCriticalSection
0x140349238 EnumSystemLocalesW
0x140349240 ExitProcess
0x140349248 ExitThread
0x140349260 FileTimeToSystemTime
0x140349268 FindClose
0x140349270 FindFirstFileExW
0x140349278 FindNextFileW
0x140349280 FindResourceExW
0x140349288 FindResourceW
0x140349290 FlushFileBuffers
0x140349298 FlushViewOfFile
0x1403492a0 FormatMessageA
0x1403492a8 FreeEnvironmentStringsW
0x1403492b0 FreeLibrary
0x1403492b8 FreeLibraryAndExitThread
0x1403492c0 GetACP
0x1403492c8 GetCPInfo
0x1403492d0 GetCommandLineA
0x1403492d8 GetCommandLineW
0x1403492e0 GetConsoleCP
0x1403492e8 GetConsoleMode
0x1403492f0 GetCurrentDirectoryW
0x1403492f8 GetCurrentProcess
0x140349300 GetCurrentProcessId
0x140349308 GetCurrentThread
0x140349310 GetCurrentThreadId
0x140349318 GetDateFormatW
0x140349320 GetDriveTypeW
0x140349328 GetEnvironmentStringsW
0x140349330 GetEnvironmentVariableW
0x140349338 GetExitCodeProcess
0x140349340 GetFileAttributesExW
0x140349348 GetFileAttributesW
0x140349360 GetFileSizeEx
0x140349368 GetFileType
0x140349370 GetFullPathNameW
0x140349378 GetHandleInformation
0x140349380 GetLastError
0x140349388 GetLocalTime
0x140349390 GetLocaleInfoW
0x140349398 GetLogicalDrives
0x1403493a0 GetLongPathNameW
0x1403493a8 GetModuleFileNameW
0x1403493b0 GetModuleHandleA
0x1403493b8 GetModuleHandleExW
0x1403493c0 GetModuleHandleW
0x1403493c8 GetNativeSystemInfo
0x1403493d0 GetOEMCP
0x1403493d8 GetProcAddress
0x1403493e0 GetProcessHandleCount
0x1403493e8 GetProcessId
0x1403493f0 GetProcessTimes
0x140349400 GetStartupInfoW
0x140349408 GetStdHandle
0x140349410 GetStringTypeW
0x140349418 GetSystemDefaultLCID
0x140349420 GetSystemDirectoryW
0x140349428 GetSystemInfo
0x140349430 GetSystemTimeAsFileTime
0x140349438 GetTempPathW
0x140349440 GetThreadContext
0x140349448 GetThreadId
0x140349450 GetThreadLocale
0x140349458 GetThreadPriority
0x140349460 GetTickCount
0x140349468 GetTickCount64
0x140349470 GetTimeFormatW
0x140349478 GetTimeZoneInformation
0x140349480 GetUserDefaultLCID
0x140349488 GetUserDefaultUILanguage
0x140349490 GetVersion
0x140349498 GetVersionExW
0x1403494a0 GetVolumeInformationW
0x1403494a8 GetWindowsDirectoryW
0x1403494b0 GlobalFree
0x1403494b8 GlobalMemoryStatusEx
0x1403494c0 HeapAlloc
0x1403494c8 HeapCreate
0x1403494d0 HeapDestroy
0x1403494d8 HeapFree
0x1403494e0 HeapReAlloc
0x1403494e8 HeapSize
0x1403494f0 InitOnceExecuteOnce
0x140349518 InitializeSListHead
0x140349520 IsDebuggerPresent
0x140349530 IsValidCodePage
0x140349538 IsValidLocale
0x140349540 IsWow64Process
0x140349548 K32GetPerformanceInfo
0x140349550 K32GetProcessMemoryInfo
0x140349558 K32QueryWorkingSetEx
0x140349560 LCMapStringW
0x140349568 LeaveCriticalSection
0x140349570 LoadLibraryExA
0x140349578 LoadLibraryExW
0x140349580 LoadLibraryW
0x140349588 LoadResource
0x140349590 LocalAlloc
0x140349598 LocalFree
0x1403495a0 LockFileEx
0x1403495a8 LockResource
0x1403495b0 MapViewOfFile
0x1403495b8 MoveFileExW
0x1403495c0 MoveFileW
0x1403495c8 MultiByteToWideChar
0x1403495d0 OpenEventW
0x1403495d8 OpenMutexW
0x1403495e0 OpenProcess
0x1403495e8 OutputDebugStringA
0x1403495f0 OutputDebugStringW
0x1403495f8 PeekNamedPipe
0x140349608 ProcessIdToSessionId
0x140349618 QueryPerformanceCounter
0x140349628 QueryThreadCycleTime
0x140349630 RaiseException
0x140349638 ReadConsoleW
0x140349640 ReadFile
0x140349648 ReadProcessMemory
0x140349658 ReleaseMutex
0x140349660 ReleaseSRWLockExclusive
0x140349668 ReleaseSemaphore
0x140349670 RemoveDirectoryW
0x140349678 ReplaceFileW
0x140349680 ResetEvent
0x140349688 ResumeThread
0x140349690 RtlCaptureContext
0x140349698 RtlCaptureStackBackTrace
0x1403496a0 RtlLookupFunctionEntry
0x1403496a8 RtlPcToFileHeader
0x1403496b0 RtlUnwindEx
0x1403496b8 RtlVirtualUnwind
0x1403496c0 SetConsoleCtrlHandler
0x1403496c8 SetEndOfFile
0x1403496d0 SetEnvironmentVariableW
0x1403496d8 SetEvent
0x1403496e0 SetFileAttributesW
0x1403496e8 SetFilePointerEx
0x1403496f0 SetHandleInformation
0x1403496f8 SetLastError
0x140349700 SetNamedPipeHandleState
0x140349710 SetStdHandle
0x140349718 SetThreadPriority
0x140349738 SizeofResource
0x140349740 Sleep
0x140349750 SleepEx
0x140349758 SubmitThreadpoolWork
0x140349760 SuspendThread
0x140349768 SwitchToThread
0x140349770 SystemTimeToFileTime
0x140349780 TerminateProcess
0x140349788 TlsAlloc
0x140349790 TlsFree
0x140349798 TlsGetValue
0x1403497a0 TlsSetValue
0x1403497a8 TransactNamedPipe
0x1403497c0 UnhandledExceptionFilter
0x1403497c8 UnlockFileEx
0x1403497d0 UnmapViewOfFile
0x1403497d8 UnregisterWaitEx
0x1403497e0 VerSetConditionMask
0x1403497e8 VerifyVersionInfoW
0x1403497f0 VirtualFree
0x1403497f8 VirtualProtect
0x140349800 VirtualQuery
0x140349808 VirtualQueryEx
0x140349810 WaitForMultipleObjects
0x140349818 WaitForSingleObject
0x140349820 WaitForSingleObjectEx
0x140349830 WaitNamedPipeW
0x140349838 WakeAllConditionVariable
0x140349840 WakeConditionVariable
0x140349848 WideCharToMultiByte
0x140349850 Wow64GetThreadContext
0x140349858 WriteConsoleW
0x140349860 WriteFile
0x140349868 lstrcmpA
0x140349870 lstrcmpiW
0x140349878 lstrcpyW
0x140349880 lstrcpynW
0x140349888 lstrlenW
Library ole32.dll:
0x1403498a0 CoCreateInstance
0x1403498a8 CoInitializeEx
0x1403498b0 CoInitializeSecurity
0x1403498b8 CoSetProxyBlanket
0x1403498c0 CoTaskMemAlloc
0x1403498c8 CoTaskMemFree
0x1403498d0 CoTaskMemRealloc
0x1403498d8 CoUninitialize
0x1403498e0 IIDFromString
0x1403498e8 PropVariantClear
0x1403498f0 StringFromGUID2
Library WINHTTP.dll:
0x140349900 WinHttpAddRequestHeaders
0x140349908 WinHttpCloseHandle
0x140349910 WinHttpConnect
0x140349918 WinHttpCrackUrl
0x140349928 WinHttpGetProxyForUrl
0x140349930 WinHttpOpen
0x140349938 WinHttpOpenRequest
0x140349940 WinHttpQueryHeaders
0x140349948 WinHttpReadData
0x140349950 WinHttpReceiveResponse
0x140349958 WinHttpSendRequest
0x140349960 WinHttpSetTimeouts
0x140349968 WinHttpWriteData
Library credui.dll:
Library CRYPT32.dll:
0x140349990 CertCloseStore
0x1403499a8 CertFreeCertificateChain
0x1403499c0 CertGetCertificateChain
0x1403499c8 CertGetNameStringW
0x1403499d0 CertOpenStore
0x1403499d8 CryptDecodeObject
0x1403499e0 CryptHashCertificate
0x1403499e8 CryptMsgClose
0x1403499f0 CryptMsgGetParam
0x1403499f8 CryptProtectData
0x140349a00 CryptQueryObject
0x140349a08 CryptStringToBinaryW
0x140349a10 CryptUnprotectData
Library WINTRUST.dll:
0x140349a20 WinVerifyTrust
Library USERENV.dll:
0x140349a30 CreateEnvironmentBlock
0x140349a38 DestroyEnvironmentBlock
Library WINMM.dll:
0x140349a48 timeBeginPeriod
0x140349a50 timeEndPeriod
0x140349a58 timeGetTime
Library dbghelp.dll:
0x140349a68 MiniDumpWriteDump

Exports

Ordinal Address Name
1 0x140199be0 GetHandleVerifier

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50003 239.255.255.250 3702
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 51966 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.