9.4
极危
52 个模型检测该样本为恶意!
重新分析
更多

76a2d13153abc6f6ee846127030522016eb27cfb1edced2827191c1a8ef7edd2

c7753b30002b46d72717fa88e43e964a.exe

分析耗时

107s

最近分析

文件大小

392.0KB
静态报毒 动态报毒 100% AI SCORE=82 ATTRIBUTE AUTOG CLASSIC CONFIDENCE ELDORADO EMOTET EMOTETU GENCIRC HDWH HIGH CONFIDENCE HIGHCONFIDENCE HZWICF KRYPTIK MALWARE@#13Z8SH1H6Y3W7 S + TROJ SCORE UNSAFE YQ0@AYINCOPI YQ0@BYINCOPI ZENPAK ZEXAF ZKVHM 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FQX!C7753B30002B 20201211 6.0.6.653
Alibaba Trojan:Win32/Emotet.514d001d 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20201210 21.1.5827.0
Tencent Malware.Win32.Gencirc.10cdd298 20201211 1.0.0.1
Kingsoft 20201211 2017.9.26.565
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619914311.0975
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1619914298.8475
CryptGenKey
crypto_handle: 0x002a41f0
algorithm_identifier: 0x0000660e ()
provider_handle: 0x002a2be8
flags: 1
key: f«QÛfºUÝUón.qš·ùH
success 1 0
1619914311.1595
CryptExportKey
crypto_handle: 0x002a41f0
crypto_export_handle: 0x002a2cb0
buffer: f¤lŸ|Š¸¥Ú]ú“&ÊÐL¬d/eü¹¢ã´Í27PŠÂEVÕXm¶)£¹s=¸älý%®Ä|69€X¾RõªîB4•PÑáÐü9‹z‹‚Ú5C]ûåÒÆ
blob_type: 1
flags: 64
success 1 0
1619914340.6905
CryptExportKey
crypto_handle: 0x002a41f0
crypto_export_handle: 0x002a2cb0
buffer: f¤¨ÈTh†gÈWÈ,°hã»J£9èÇ_2w¾ltÕJŸÑÊÿ8äeÒ+…•×/ЋlnÍÕº;®¯àÖª ¢ŽŽD»Uåŵ ³äê@è3ÿ|sW¦R%ý
blob_type: 1
flags: 64
success 1 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1619914274.362875
NtAllocateVirtualMemory
process_identifier: 2636
region_size: 40960
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00350000
success 0 0
1619913907.959896
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00000000040c0000
success 0 0
1619914282.5505
NtAllocateVirtualMemory
process_identifier: 580
region_size: 40960
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01d50000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (4 个事件)
Moves the original executable to a new location (1 个事件)
Time & API Arguments Status Return Repeated
1619914278.394875
MoveFileWithProgressW
oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c7753b30002b46d72717fa88e43e964a.exe
newfilepath: C:\Windows\SysWOW64\esentprf\esentprf.exe
newfilepath_r: C:\Windows\SysWOW64\esentprf\esentprf.exe
flags: 3
oldfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c7753b30002b46d72717fa88e43e964a.exe
success 1 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619914314.9875
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 6.933528621345854 section {'size_of_data': '0x00011000', 'virtual_address': '0x00055000', 'entropy': 6.933528621345854, 'name': '.rsrc', 'virtual_size': '0x000101fc'} description A section with a high entropy has been found
Expresses interest in specific running processes (1 个事件)
process esentprf.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619914314.4725
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (5 个事件)
host 172.217.24.14
host 80.11.158.65
host 91.236.4.234
host 203.208.41.65
host 203.208.41.66
Installs itself for autorun at Windows startup (1 个事件)
service_name esentprf service_path C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\esentprf\esentprf.exe"
Created a service where a service was also not started (1 个事件)
Time & API Arguments Status Return Repeated
1619914281.206875
CreateServiceW
service_start_name:
start_type: 2
service_handle: 0x008c1008
display_name: esentprf
error_control: 0
service_name: esentprf
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\esentprf\esentprf.exe"
filepath_r: "C:\Windows\SysWOW64\esentprf\esentprf.exe"
service_manager_handle: 0x008c0d38
desired_access: 2
service_type: 16
password:
success 9179144 0
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619914317.5505
RegSetValueExA
key_handle: 0x00000390
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619914317.5505
RegSetValueExA
key_handle: 0x00000390
value: à聧>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619914317.5505
RegSetValueExA
key_handle: 0x00000390
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619914317.5505
RegSetValueExW
key_handle: 0x00000390
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619914317.5505
RegSetValueExA
key_handle: 0x000003a8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619914317.5505
RegSetValueExA
key_handle: 0x000003a8
value: à聧>×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619914317.5655
RegSetValueExA
key_handle: 0x000003a8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619914317.5815
RegSetValueExW
key_handle: 0x0000038c
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Attempts to remove evidence of file being downloaded from the Internet (1 个事件)
file C:\Windows\SysWOW64\esentprf\esentprf.exe:Zone.Identifier
File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 个事件)
Elastic malicious (high confidence)
ClamAV Win.Dropper.Emotet-8038073-0
FireEye Generic.mg.c7753b30002b46d7
McAfee Emotet-FQX!C7753B30002B
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
K7AntiVirus Trojan ( 0056810b1 )
Alibaba Trojan:Win32/Emotet.514d001d
K7GW Trojan ( 0056810b1 )
Arcabit Trojan.EmotetU.Gen.EDC3B8
Cyren W32/Emotet.ALQ.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Malware-gen
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan-Banker.Win32.Emotet.gen
BitDefender Trojan.EmotetU.Gen.yq0@byINcopi
NANO-Antivirus Trojan.Win32.Emotet.hzwicf
Paloalto generic.ml
MicroWorld-eScan Trojan.EmotetU.Gen.yq0@byINcopi
Tencent Malware.Win32.Gencirc.10cdd298
Ad-Aware Trojan.EmotetU.Gen.yq0@byINcopi
Sophos Mal/Generic-S + Troj/AutoG-IC
Comodo Malware@#13z8sh1h6y3w7
F-Secure Trojan.TR/AD.Emotet.zkvhm
Zillya Trojan.Emotet.Win32.20858
TrendMicro TrojanSpy.Win32.EMOTET.SMV.hp
McAfee-GW-Edition BehavesLike.Win32.Emotet.fh
Emsisoft Trojan.Emotet (A)
Jiangmin Backdoor.Emotet.hi
Avira TR/AD.Emotet.zkvhm
MAX malware (ai score=82)
Antiy-AVL Trojan/Win32.Zenpak
Microsoft Trojan:Win32/Emotet.DFJ!MTB
AegisLab Trojan.Win32.Zenpak.4!c
ZoneAlarm HEUR:Trojan-Banker.Win32.Emotet.gen
GData Trojan.EmotetU.Gen.yq0@byINcopi
AhnLab-V3 Malware/Win32.Generic.C4114566
BitDefenderTheta Gen:NN.ZexaF.34670.yq0@ayINcopi
ALYac Trojan.EmotetU.Gen.yq0@byINcopi
VBA32 Trojan.Emotet
Malwarebytes Trojan.Emotet
ESET-NOD32 a variant of Win32/Kryptik.HDWH
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMV.hp
Rising Trojan.Kryptik!1.C782 (CLASSIC)
Ikarus Trojan-Banker.Emotet
Fortinet W32/Emotet.ALR!tr
AVG Win32:Malware-gen
Panda Trj/Emotet.C
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (4 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.78:443
dead_host 91.236.4.234:443
dead_host 80.11.158.65:8080
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-06-04 03:15:49

Imports

Library KERNEL32.dll:
0x43d120 HeapFree
0x43d124 HeapReAlloc
0x43d128 RaiseException
0x43d12c VirtualProtect
0x43d130 VirtualAlloc
0x43d134 GetSystemInfo
0x43d138 VirtualQuery
0x43d13c RtlUnwind
0x43d140 GetCommandLineA
0x43d144 GetProcessHeap
0x43d148 GetStartupInfoA
0x43d14c ExitProcess
0x43d150 HeapSize
0x43d154 VirtualFree
0x43d158 HeapDestroy
0x43d15c HeapCreate
0x43d160 GetStdHandle
0x43d164 TerminateProcess
0x43d170 IsDebuggerPresent
0x43d174 Sleep
0x43d180 HeapAlloc
0x43d188 SetHandleCount
0x43d18c GetFileType
0x43d194 GetTickCount
0x43d19c GetACP
0x43d1a4 LCMapStringA
0x43d1a8 LCMapStringW
0x43d1ac GetConsoleCP
0x43d1b0 GetConsoleMode
0x43d1b4 GetStringTypeA
0x43d1b8 GetStringTypeW
0x43d1bc SetStdHandle
0x43d1c0 WriteConsoleA
0x43d1c4 GetConsoleOutputCP
0x43d1c8 WriteConsoleW
0x43d1d0 GetProfileIntA
0x43d1d4 GetFileTime
0x43d1d8 GetFileAttributesA
0x43d1dc FindResourceExA
0x43d1e0 GetOEMCP
0x43d1e4 GetCPInfo
0x43d1f0 SetErrorMode
0x43d1f4 CreateFileA
0x43d1f8 GetShortPathNameA
0x43d1fc GetFullPathNameA
0x43d204 FindFirstFileA
0x43d208 FindClose
0x43d20c DuplicateHandle
0x43d210 GetThreadLocale
0x43d214 GetFileSize
0x43d218 SetEndOfFile
0x43d21c UnlockFile
0x43d220 LockFile
0x43d224 FlushFileBuffers
0x43d228 SetFilePointer
0x43d22c WriteFile
0x43d230 ReadFile
0x43d234 GlobalFlags
0x43d23c TlsFree
0x43d244 LocalReAlloc
0x43d248 TlsSetValue
0x43d24c TlsAlloc
0x43d254 GlobalHandle
0x43d258 GlobalReAlloc
0x43d260 TlsGetValue
0x43d268 LocalAlloc
0x43d26c IsDBCSLeadByte
0x43d270 FreeResource
0x43d274 GlobalGetAtomNameA
0x43d278 GlobalFindAtomA
0x43d27c lstrcmpW
0x43d280 GetVersionExA
0x43d284 GetUserDefaultLCID
0x43d28c GetCurrentProcessId
0x43d290 GlobalAddAtomA
0x43d294 CloseHandle
0x43d298 GetCurrentThread
0x43d29c GetCurrentThreadId
0x43d2a4 GetModuleFileNameA
0x43d2ac GetLocaleInfoA
0x43d2b0 LoadLibraryA
0x43d2b4 lstrcmpA
0x43d2b8 GlobalDeleteAtom
0x43d2bc FreeLibrary
0x43d2c4 GetModuleFileNameW
0x43d2c8 GetModuleHandleA
0x43d2cc GetProcAddress
0x43d2d0 CopyFileA
0x43d2d4 GlobalSize
0x43d2d8 GlobalUnlock
0x43d2dc FormatMessageA
0x43d2e0 LocalFree
0x43d2e4 MulDiv
0x43d2e8 SetLastError
0x43d2ec GlobalAlloc
0x43d2f0 GlobalLock
0x43d2f4 GlobalFree
0x43d2f8 LoadLibraryExA
0x43d2fc GetCurrentProcess
0x43d300 lstrlenA
0x43d304 CompareStringW
0x43d308 CompareStringA
0x43d30c lstrlenW
0x43d310 GetVersion
0x43d314 FindResourceA
0x43d318 LoadResource
0x43d31c LockResource
0x43d320 SizeofResource
0x43d324 GetLastError
0x43d328 WideCharToMultiByte
0x43d32c MultiByteToWideChar
0x43d334 InterlockedExchange
Library USER32.dll:
0x43d3a0 LockWindowUpdate
0x43d3a4 EnumChildWindows
0x43d3ac GetNextDlgTabItem
0x43d3b0 EndDialog
0x43d3b8 SetRect
0x43d3bc SetWindowRgn
0x43d3c0 IsRectEmpty
0x43d3c4 CreateMenu
0x43d3c8 DestroyMenu
0x43d3cc SetRectEmpty
0x43d3d0 LoadCursorA
0x43d3d4 SetCapture
0x43d3d8 ReleaseCapture
0x43d3dc MoveWindow
0x43d3e0 SetWindowTextA
0x43d3e4 IsDialogMessageA
0x43d3ec LoadIconA
0x43d3f0 SendDlgItemMessageA
0x43d3f4 WinHelpA
0x43d3f8 IsChild
0x43d3fc GetCapture
0x43d400 GetClassLongA
0x43d404 GetClassNameA
0x43d408 SetPropA
0x43d40c GetPropA
0x43d410 RemovePropA
0x43d414 IsWindow
0x43d418 SetFocus
0x43d41c GetWindowTextA
0x43d420 GetForegroundWindow
0x43d424 SetActiveWindow
0x43d428 GetDlgItem
0x43d42c GetTopWindow
0x43d430 GetMessageTime
0x43d434 GetMessagePos
0x43d438 MapWindowPoints
0x43d43c GetSysColorBrush
0x43d440 SetForegroundWindow
0x43d444 GetClientRect
0x43d448 CreateWindowExA
0x43d44c GetClassInfoExA
0x43d450 GetClassInfoA
0x43d454 RegisterClassA
0x43d458 AdjustWindowRectEx
0x43d45c EqualRect
0x43d460 GetDlgCtrlID
0x43d464 IntersectRect
0x43d46c IsIconic
0x43d470 GetWindowPlacement
0x43d474 GetSystemMetrics
0x43d478 GetWindow
0x43d47c GetSysColor
0x43d480 EndPaint
0x43d484 BeginPaint
0x43d488 GetWindowDC
0x43d48c ClientToScreen
0x43d490 ScreenToClient
0x43d494 GrayStringA
0x43d498 DrawTextExA
0x43d49c DrawTextA
0x43d4a0 TabbedTextOutA
0x43d4a4 FillRect
0x43d4a8 CallWindowProcA
0x43d4ac GetMenu
0x43d4b0 SetWindowPos
0x43d4b4 DestroyWindow
0x43d4b8 GetDesktopWindow
0x43d4bc SetWindowLongA
0x43d4c0 InvalidateRect
0x43d4c4 UpdateWindow
0x43d4c8 GetWindowRect
0x43d4cc OffsetRect
0x43d4d0 InflateRect
0x43d4d4 DefWindowProcA
0x43d4d8 CopyRect
0x43d4dc ShowWindow
0x43d4e0 DrawEdge
0x43d4e4 SetParent
0x43d4ec GetWindowLongA
0x43d4f0 GetLastActivePopup
0x43d4f4 IsWindowEnabled
0x43d4f8 MessageBoxA
0x43d4fc UnregisterClassA
0x43d500 DestroyIcon
0x43d508 GetDialogBaseUnits
0x43d50c GetDCEx
0x43d510 SetCursor
0x43d514 SetWindowsHookExA
0x43d518 CallNextHookEx
0x43d51c GetMessageA
0x43d520 TranslateMessage
0x43d524 DispatchMessageA
0x43d528 GetActiveWindow
0x43d52c IsWindowVisible
0x43d530 GetKeyState
0x43d534 PeekMessageA
0x43d538 GetCursorPos
0x43d53c ValidateRect
0x43d540 SetMenuItemBitmaps
0x43d548 LoadBitmapA
0x43d54c GetFocus
0x43d550 GetParent
0x43d554 SendMessageA
0x43d558 ModifyMenuA
0x43d55c EnableMenuItem
0x43d560 CheckMenuItem
0x43d564 PostMessageA
0x43d568 PostQuitMessage
0x43d56c UnhookWindowsHookEx
0x43d570 GetMenuState
0x43d574 GetMenuStringA
0x43d578 AppendMenuA
0x43d57c GetMenuItemID
0x43d580 InsertMenuA
0x43d584 GetMenuItemCount
0x43d588 GetSubMenu
0x43d58c RemoveMenu
0x43d590 GetDC
0x43d594 ReleaseDC
0x43d598 EnableWindow
0x43d59c GetSystemMenu
0x43d5a0 CharUpperA
0x43d5a4 PtInRect
Library GDI32.dll:
0x43d034 SetViewportExtEx
0x43d038 ScaleViewportExtEx
0x43d03c SetWindowOrgEx
0x43d040 SetWindowExtEx
0x43d044 ScaleWindowExtEx
0x43d04c CreatePatternBrush
0x43d050 SelectPalette
0x43d054 CreatePen
0x43d058 OffsetViewportOrgEx
0x43d05c CombineRgn
0x43d064 CreateFontIndirectA
0x43d06c GetTextAlign
0x43d070 GetTextMetricsA
0x43d074 SetRectRgn
0x43d078 EnumFontFamiliesExA
0x43d07c Rectangle
0x43d080 CreateRectRgn
0x43d084 SelectClipRgn
0x43d088 DeleteObject
0x43d08c SetViewportOrgEx
0x43d090 SelectObject
0x43d094 Escape
0x43d098 ExtTextOutA
0x43d09c TextOutA
0x43d0a0 RectVisible
0x43d0a4 PtVisible
0x43d0a8 GetObjectA
0x43d0ac MoveToEx
0x43d0b0 IntersectClipRect
0x43d0b4 GetClipBox
0x43d0b8 SetMapMode
0x43d0bc SetTextColor
0x43d0c0 SetROP2
0x43d0c4 SetBkMode
0x43d0c8 SetBkColor
0x43d0cc RestoreDC
0x43d0d0 SaveDC
0x43d0d4 DeleteDC
0x43d0d8 DeleteMetaFile
0x43d0dc CloseMetaFile
0x43d0e0 CreateMetaFileA
0x43d0e4 LPtoDP
0x43d0e8 CreateDCA
0x43d0ec CopyMetaFileA
0x43d0f0 GetDeviceCaps
0x43d0f4 CreateBitmap
0x43d0f8 CreatePalette
0x43d0fc PatBlt
0x43d100 RealizePalette
0x43d104 ResizePalette
0x43d108 SetPaletteEntries
0x43d10c GetPaletteEntries
0x43d110 CreateSolidBrush
0x43d114 UnrealizeObject
0x43d118 GetStockObject
Library comdlg32.dll:
0x43d5bc GetFileTitleA
Library WINSPOOL.DRV:
0x43d5ac ClosePrinter
0x43d5b0 DocumentPropertiesA
0x43d5b4 OpenPrinterA
Library ADVAPI32.dll:
0x43d000 RegSetValueExA
0x43d004 RegCreateKeyA
0x43d008 RegCreateKeyExA
0x43d00c RegQueryValueA
0x43d010 RegEnumKeyA
0x43d014 RegDeleteKeyA
0x43d018 RegOpenKeyExA
0x43d01c RegQueryValueExA
0x43d020 RegOpenKeyA
0x43d024 RegSetValueA
0x43d028 RegCloseKey
0x43d02c RegDeleteValueA
Library SHELL32.dll:
0x43d384 ExtractIconA
Library SHLWAPI.dll:
0x43d38c PathFindExtensionA
0x43d390 PathFindFileNameA
0x43d394 PathStripToRootA
0x43d398 PathIsUNCA
Library ole32.dll:
0x43d5c4 OleLoadFromStream
0x43d5cc CoDisconnectObject
0x43d5d0 ReadClassStm
0x43d5d8 OleSaveToStream
0x43d5e8 CoCreateInstance
0x43d5ec CreateDataCache
0x43d5f4 CoRevokeClassObject
0x43d5fc OleDuplicateData
0x43d600 CoTaskMemAlloc
0x43d604 ReleaseStgMedium
0x43d608 StringFromCLSID
0x43d60c ReadFmtUserTypeStg
0x43d610 CoTaskMemFree
0x43d618 StringFromGUID2
Library OLEAUT32.dll:
0x43d340 VariantCopy
0x43d344 OleLoadPicture
0x43d34c SysAllocStringLen
0x43d350 VariantInit
0x43d354 SysAllocString
0x43d358 VariantClear
0x43d35c VariantChangeType
0x43d364 OleTranslateColor
0x43d36c LoadTypeLib
0x43d370 LoadRegTypeLib
0x43d374 SysFreeString
0x43d378 SysStringByteLen
0x43d37c SysStringLen

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57236 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.