9.4
极危
54 个模型检测该样本为恶意!
重新分析
更多

2f8fe0ac2c9eb1522922e4687acbcdb17d868c9a99ff489ec84f4f865dd5ed58

cf098c26eb766f7b112e9fe11edcd53d.exe

分析耗时

92s

最近分析

文件大小

345.0KB
静态报毒 动态报毒 AI SCORE=84 ATTRIBUTE BSCOPE CLASSIC EKZK ELDORADO EMOTET EMOTETU ENCPK GENCIRC GENKRYPTIK HDQH HIGH CONFIDENCE HIGHCONFIDENCE KRYPT KRYPTIK MALWARE@#MJATJW34QJI R + MAL R002C0DLB20 R342999 SCORE SUSGEN TIWCM TMDM3++XMRG TRICKBOT UNSAFE VQ0@ACJDODBI VQ0@BCJDODBI ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FQU!CF098C26EB76 20201220 6.0.6.653
Alibaba Trojan:Win32/Emotet.4705fedc 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20201219 21.1.5827.0
Kingsoft 20201220 2017.9.26.565
Tencent Malware.Win32.Gencirc.10cdcf12 20201220 1.0.0.1
CrowdStrike 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619943033.443
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (4 个事件)
Time & API Arguments Status Return Repeated
1619943023.584
CryptGenKey
crypto_handle: 0x004f3400
algorithm_identifier: 0x0000660e ()
provider_handle: 0x004f25f8
flags: 1
key: f‹\s"?tP”vN²‡K
success 1 0
1619943033.506
CryptExportKey
crypto_handle: 0x004f3400
crypto_export_handle: 0x004f26c0
buffer: f¤s†w z«¸TZò%Û»Ìã2Ό[ú+†0°ˆü½:á.Å#ñ Ua3 ‰:•T«D„ß@t)Z™t‡$E¢ŒHhpþÛåî¹]@èUÄÉ8 <§X˜©¸1ÁK‰Úã}Ð
blob_type: 1
flags: 64
success 1 0
1619943067.74
CryptExportKey
crypto_handle: 0x004f3400
crypto_export_handle: 0x004f26c0
buffer: f¤¹$ý!ck³ÍZÆT?4#ÈÉ;:Øف‡^}y‘M$R;2ð c-ׁ’@ãLh8‚°WâQÊwþ[‘Ýacû•­4õÈ»¸yjú‰Âú±äé[÷šŸvªOô ØÉ
blob_type: 1
flags: 64
success 1 0
1619943071.99
CryptExportKey
crypto_handle: 0x004f3400
crypto_export_handle: 0x004f26c0
buffer: f¤RC|§œØâkÕ+\À¿j,˽O¡l‰åSÏÕÐnk²U@õ}Ã.ÑrôcÓo¢ÓðÀž<p7x •3 DHÊðÁq¼¯3¢b@̒Ÿ’€—wŠ¢ÖÄ°’ö>;78µ
blob_type: 1
flags: 64
success 1 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1619910853.677279
NtAllocateVirtualMemory
process_identifier: 2364
region_size: 40960
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00530000
success 0 0
1619942657.75952
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000004180000
success 0 0
1619943018.459
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 40960
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003d0000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 个事件)
Moves the original executable to a new location (1 个事件)
Time & API Arguments Status Return Repeated
1619910858.755279
MoveFileWithProgressW
oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cf098c26eb766f7b112e9fe11edcd53d.exe
newfilepath: C:\Windows\SysWOW64\msrating\msrating.exe
newfilepath_r: C:\Windows\SysWOW64\msrating\msrating.exe
flags: 3
oldfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cf098c26eb766f7b112e9fe11edcd53d.exe
success 1 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619943033.943
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 6.868017559043599 section {'size_of_data': '0x00010600', 'virtual_address': '0x0004c000', 'entropy': 6.868017559043599, 'name': '.rsrc', 'virtual_size': '0x0001054c'} description A section with a high entropy has been found
Expresses interest in specific running processes (1 个事件)
process msrating.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619943033.646
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (4 个事件)
host 103.83.81.141
host 170.81.48.2
host 172.217.24.14
host 190.47.227.130
Installs itself for autorun at Windows startup (1 个事件)
service_name msrating service_path C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\msrating\msrating.exe"
Created a service where a service was also not started (1 个事件)
Time & API Arguments Status Return Repeated
1619910859.083279
CreateServiceW
service_start_name:
start_type: 2
service_handle: 0x00318360
display_name: msrating
error_control: 0
service_name: msrating
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\msrating\msrating.exe"
filepath_r: "C:\Windows\SysWOW64\msrating\msrating.exe"
service_manager_handle: 0x021abac0
desired_access: 2
service_type: 16
password:
success 3244896 0
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619943036.521
RegSetValueExA
key_handle: 0x00000394
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619943036.521
RegSetValueExA
key_handle: 0x00000394
value: r©?×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619943036.521
RegSetValueExA
key_handle: 0x00000394
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619943036.521
RegSetValueExW
key_handle: 0x00000394
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619943036.521
RegSetValueExA
key_handle: 0x000003ac
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619943036.521
RegSetValueExA
key_handle: 0x000003ac
value: r©?×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619943036.521
RegSetValueExA
key_handle: 0x000003ac
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619943036.553
RegSetValueExW
key_handle: 0x00000390
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Attempts to remove evidence of file being downloaded from the Internet (1 个事件)
file C:\Windows\SysWOW64\msrating\msrating.exe:Zone.Identifier
File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.EmotetU.Gen.vq0@bCjdODbi
FireEye Generic.mg.cf098c26eb766f7b
CAT-QuickHeal Backdoor.Emotet
McAfee Emotet-FQU!CF098C26EB76
Cylance Unsafe
Zillya Trojan.Emotet.Win32.20846
Sangfor Malware
K7AntiVirus Trojan ( 005675131 )
Alibaba Trojan:Win32/Emotet.4705fedc
K7GW Trojan ( 005675131 )
Arcabit Trojan.EmotetU.Gen.EF2C23
BitDefenderTheta Gen:NN.ZexaF.34700.vq0@aCjdODbi
Cyren W32/Trickbot.DU.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Malware-gen
ClamAV Win.Malware.Emotet-7997984-0
Kaspersky HEUR:Backdoor.Win32.Emotet.vho
BitDefender Trojan.EmotetU.Gen.vq0@bCjdODbi
Paloalto generic.ml
AegisLab Trojan.Win32.Emotet.L!c
Rising Trojan.Kryptik!1.C782 (CLASSIC)
Ad-Aware Trojan.EmotetU.Gen.vq0@bCjdODbi
Sophos Mal/Generic-R + Mal/EncPk-APM
Comodo Malware@#mjatjw34qji
F-Secure Trojan.TR/AD.Emotet.tiwcm
DrWeb Trojan.Emotet.982
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R002C0DLB20
McAfee-GW-Edition BehavesLike.Win32.Emotet.fh
Emsisoft Trojan.Emotet (A)
Ikarus Trojan.Win32.Krypt
Jiangmin Backdoor.Emotet.gi
MaxSecure Trojan.Malware.74836433.susgen
Avira TR/AD.Emotet.tiwcm
MAX malware (ai score=84)
Antiy-AVL Trojan[Backdoor]/Win32.Emotet
Microsoft Trojan:Win32/Emotet.DSB!MTB
ZoneAlarm HEUR:Backdoor.Win32.Emotet.vho
GData Trojan.EmotetU.Gen.vq0@bCjdODbi
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.RL_Generic.R342999
VBA32 BScope.Trojan.Downloader
ALYac Trojan.EmotetU.Gen.vq0@bCjdODbi
Malwarebytes Trojan.Emotet
ESET-NOD32 a variant of Win32/Kryptik.HDQH
TrendMicro-HouseCall TROJ_GEN.R002C0DLB20
Tencent Malware.Win32.Gencirc.10cdcf12
Yandex Trojan.GenKryptik!TmDM3++xmrg
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (4 个事件)
dead_host 190.47.227.130:80
dead_host 192.168.56.101:49183
dead_host 103.83.81.141:8080
dead_host 170.81.48.2:80
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-05-23 02:57:35

Imports

Library KERNEL32.dll:
0x4370e0 GetCommandLineA
0x4370e4 GetStartupInfoA
0x4370e8 HeapAlloc
0x4370ec HeapFree
0x4370f0 VirtualAlloc
0x4370f4 ExitProcess
0x4370f8 ExitThread
0x4370fc CreateThread
0x437100 HeapReAlloc
0x437104 HeapSize
0x437108 TerminateProcess
0x437114 IsDebuggerPresent
0x437118 GetStdHandle
0x43712c SetHandleCount
0x437130 GetFileType
0x437134 HeapCreate
0x437138 VirtualFree
0x43713c RaiseException
0x437140 GetTickCount
0x437148 GetACP
0x43714c IsValidCodePage
0x437158 GetConsoleCP
0x43715c GetConsoleMode
0x437160 LCMapStringA
0x437164 LCMapStringW
0x437168 GetStringTypeA
0x43716c GetStringTypeW
0x437170 SetStdHandle
0x437174 WriteConsoleA
0x437178 GetConsoleOutputCP
0x43717c WriteConsoleW
0x437180 CompareStringW
0x437188 RtlUnwind
0x43718c SetErrorMode
0x437190 GetFileSizeEx
0x4371a4 CreateFileA
0x4371a8 GetShortPathNameA
0x4371b0 FindFirstFileA
0x4371b4 FindClose
0x4371b8 DuplicateHandle
0x4371bc GetFileSize
0x4371c0 SetEndOfFile
0x4371c4 UnlockFile
0x4371c8 LockFile
0x4371cc FlushFileBuffers
0x4371d0 SetFilePointer
0x4371d4 WriteFile
0x4371d8 ReadFile
0x4371dc lstrcmpiA
0x4371e0 GetThreadLocale
0x4371e4 GetStringTypeExA
0x4371e8 DeleteFileA
0x4371ec MoveFileA
0x4371f4 GetModuleHandleW
0x4371f8 GetOEMCP
0x4371fc GetCPInfo
0x437208 GetModuleFileNameW
0x43720c TlsFree
0x437210 LocalReAlloc
0x437214 TlsSetValue
0x437218 TlsAlloc
0x43721c GlobalHandle
0x437220 GlobalReAlloc
0x437224 TlsGetValue
0x437228 LocalAlloc
0x43722c GlobalFlags
0x437230 GetDiskFreeSpaceA
0x437234 GetFullPathNameA
0x437238 GetTempFileNameA
0x43723c GetFileTime
0x437240 SetFileTime
0x437244 GetFileAttributesA
0x437248 SuspendThread
0x43724c GetCurrentThread
0x437258 GetModuleFileNameA
0x43725c GetLocaleInfoA
0x437260 InterlockedExchange
0x437264 lstrcmpA
0x437268 GlobalFree
0x43726c GlobalAlloc
0x437270 FormatMessageA
0x437274 LocalFree
0x437278 MulDiv
0x43727c FreeResource
0x437280 GetCurrentThreadId
0x437284 GlobalFindAtomA
0x437288 GlobalDeleteAtom
0x43728c FreeLibrary
0x437290 CompareStringA
0x437294 lstrcmpW
0x437298 GetVersionExA
0x43729c lstrlenA
0x4372a0 GlobalLock
0x4372a4 GlobalUnlock
0x4372a8 GetCurrentProcessId
0x4372ac GetProcAddress
0x4372b0 GetModuleHandleA
0x4372b4 LoadLibraryA
0x4372b8 GlobalGetAtomNameA
0x4372bc GlobalAddAtomA
0x4372c0 GetLastError
0x4372c4 SetLastError
0x4372c8 MultiByteToWideChar
0x4372d4 CreateEventA
0x4372d8 SetEvent
0x4372dc WaitForSingleObject
0x4372e0 Sleep
0x4372e4 ResumeThread
0x4372e8 SetThreadPriority
0x4372f0 LoadLibraryExW
0x4372f4 LoadLibraryExA
0x4372f8 GetCurrentProcess
0x4372fc WideCharToMultiByte
0x437304 CloseHandle
0x437308 FindResourceA
0x43730c LoadResource
0x437310 LockResource
0x437318 SizeofResource
Library USER32.dll:
0x43735c GetMenuItemInfoA
0x437360 InflateRect
0x437364 EndPaint
0x437368 BeginPaint
0x43736c GetWindowDC
0x437370 ReleaseDC
0x437374 GetDC
0x437378 ClientToScreen
0x43737c GrayStringA
0x437380 DrawTextExA
0x437384 DrawTextA
0x437388 TabbedTextOutA
0x43738c FillRect
0x437394 GetNextDlgTabItem
0x437398 EndDialog
0x43739c ShowOwnedPopups
0x4373a0 GetMessageA
0x4373a4 TranslateMessage
0x4373a8 GetCursorPos
0x4373ac ValidateRect
0x4373b0 PostQuitMessage
0x4373b4 SetWindowTextA
0x4373b8 IsDialogMessageA
0x4373bc SetMenuItemBitmaps
0x4373c4 LoadBitmapA
0x4373c8 ModifyMenuA
0x4373cc GetMenuState
0x4373d0 EnableMenuItem
0x4373d4 CheckMenuItem
0x4373dc SendDlgItemMessageA
0x4373e0 IsChild
0x4373e4 SetWindowsHookExA
0x4373e8 CallNextHookEx
0x4373ec GetClassLongA
0x4373f0 SetPropA
0x4373f4 RemovePropA
0x4373f8 GetWindowTextA
0x4373fc GetForegroundWindow
0x437400 DispatchMessageA
0x437404 BeginDeferWindowPos
0x437408 EndDeferWindowPos
0x43740c GetTopWindow
0x437410 DestroyWindow
0x437414 UnhookWindowsHookEx
0x437418 GetMessageTime
0x43741c GetMessagePos
0x437420 MapWindowPoints
0x437424 TrackPopupMenu
0x437428 SetForegroundWindow
0x43742c MessageBoxA
0x437430 CreateWindowExA
0x437434 GetClassInfoExA
0x437438 RegisterClassA
0x43743c AdjustWindowRectEx
0x437440 ScreenToClient
0x437444 DeferWindowPos
0x437448 PtInRect
0x43744c DefWindowProcA
0x437450 CallWindowProcA
0x437458 GetWindowPlacement
0x43745c GetWindowRect
0x437460 GetSystemMetrics
0x437464 GetClassNameA
0x437468 EnableWindow
0x43746c GetSystemMenu
0x437470 InvalidateRect
0x437474 SetRect
0x437478 GetSysColor
0x43747c UnpackDDElParam
0x437480 ReuseDDElParam
0x437484 LoadMenuA
0x437488 DestroyMenu
0x43748c WinHelpA
0x437490 SetWindowPos
0x437494 SetFocus
0x43749c GetActiveWindow
0x4374a0 IsWindowEnabled
0x4374a4 EqualRect
0x4374a8 GetDlgItem
0x4374ac SetWindowLongA
0x4374b0 UnregisterClassA
0x4374b4 CharUpperA
0x4374b8 DestroyIcon
0x4374bc LoadCursorA
0x4374c0 GetPropA
0x4374c4 GetSysColorBrush
0x4374c8 OffsetRect
0x4374cc GetClientRect
0x4374d4 IsWindow
0x4374d8 GetWindowLongA
0x4374dc ShowWindow
0x4374e0 GetWindow
0x4374e4 GetDesktopWindow
0x4374e8 SetMenu
0x4374ec PostMessageA
0x4374f0 BringWindowToTop
0x4374f4 GetLastActivePopup
0x4374f8 GetMenu
0x4374fc CopyRect
0x437500 SetRectEmpty
0x437504 IntersectRect
0x437508 GetClassInfoA
0x43750c CreatePopupMenu
0x437510 GetMenuItemCount
0x437514 GetMenuItemID
0x437518 GetDlgCtrlID
0x43751c GetKeyState
0x437520 LoadIconA
0x437524 SetCursor
0x437528 PeekMessageA
0x43752c GetCapture
0x437530 ReleaseCapture
0x437534 LoadAcceleratorsA
0x437538 GetParent
0x43753c SetActiveWindow
0x437540 IsWindowVisible
0x437544 UpdateWindow
0x437548 IsIconic
0x43754c SendMessageA
0x437550 InsertMenuItemA
0x437554 GetSubMenu
0x437558 GetFocus
Library GDI32.dll:
0x437040 ScaleWindowExtEx
0x437044 DeleteDC
0x437048 CreatePatternBrush
0x43704c GetStockObject
0x437050 SetWindowExtEx
0x437054 CreateSolidBrush
0x437058 CreateFontIndirectA
0x437060 ScaleViewportExtEx
0x437064 SetViewportExtEx
0x437068 OffsetViewportOrgEx
0x43706c SetViewportOrgEx
0x437070 SelectObject
0x437074 Escape
0x437078 ExtTextOutA
0x43707c TextOutA
0x437080 RectVisible
0x437084 PtVisible
0x437088 GetPixel
0x43708c CreatePen
0x437090 Ellipse
0x437094 DeleteObject
0x437098 MoveToEx
0x43709c LineTo
0x4370a0 SetMapMode
0x4370a4 SetBkMode
0x4370a8 RestoreDC
0x4370ac SaveDC
0x4370b0 GetDeviceCaps
0x4370b4 CreateBitmap
0x4370b8 GetObjectA
0x4370bc SetBkColor
0x4370c0 SetTextColor
0x4370c4 GetClipBox
0x4370c8 CreateCompatibleDC
0x4370d0 GdiFlush
0x4370d4 Rectangle
0x4370d8 BitBlt
Library COMDLG32.dll:
0x437038 GetFileTitleA
Library WINSPOOL.DRV:
0x437560 DocumentPropertiesA
0x437564 OpenPrinterA
0x437568 ClosePrinter
Library ADVAPI32.dll:
0x437000 RegSetValueExA
0x437004 RegCreateKeyA
0x437008 RegCreateKeyExA
0x43700c GetFileSecurityA
0x437010 SetFileSecurityA
0x437014 RegQueryValueA
0x437018 RegOpenKeyA
0x43701c RegEnumKeyA
0x437020 RegDeleteKeyA
0x437024 RegOpenKeyExA
0x437028 RegQueryValueExA
0x43702c RegSetValueA
0x437030 RegCloseKey
Library SHELL32.dll:
0x437330 DragFinish
0x437334 ExtractIconA
0x437338 SHGetFileInfoA
0x43733c DragQueryFileA
Library SHLWAPI.dll:
0x437344 PathFindFileNameA
0x437348 PathStripToRootA
0x43734c PathIsUNCA
0x437350 PathFindExtensionA
0x437354 PathRemoveFileSpecW
Library ole32.dll:
0x437570 CoCreateInstance
0x437574 CoTaskMemFree
0x437578 CoUninitialize
0x43757c CoInitializeEx
Library OLEAUT32.dll:
0x437320 VariantClear
0x437324 VariantChangeType
0x437328 VariantInit

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.