4.8
中危
该样本未表现出任何异常!
重新分析
更多

c9e1fd86d84e4776a43052427afdda99e2d50609dcf246b82b8067092e737cdc

d0922948269c8355b8733293569496ce.exe

分析耗时

80s

最近分析

文件大小

8.2MB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Queries for the computername (2 个事件)
Time & API Arguments Status Return Repeated
1621013287.295874
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1621013294.389999
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Command line console output was observed (2 个事件)
Time & API Arguments Status Return Repeated
1621013289.311874
WriteConsoleW
buffer: 成功: 成功创建计划任务 "mysidex"。
console_handle: 0x00000007
success 1 0
1621013294.670999
WriteConsoleW
buffer: 成功: 成功创建计划任务 "mysidex2"。
console_handle: 0x00000007
success 1 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620985518.829879
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .ndata
行为判定
动态指标
Performs some HTTP requests (2 个事件)
request GET http://www.google-analytics.com/collect?v=1&t=pageview&tid=&z=835147829&cid=2409ecdf-da11-4ad7-9f60-73a0f1e4c856&ua=Mozilla%2F5.0+%28Windows+NT+6.1%3B+Win64%3B+x64%3B+rv%3A47.0%29+Gecko%2F20100101+Firefox%2F47.0&sr=800x600&de=cp936&ul=zh_CN&dl=%2Finstaller%2FinstallSuccess&cd1=Win6.1%28x64%29&cd4=
request GET http://www.google-analytics.com/collect?v=1&t=pageview&tid=&z=413705617&cid=2409ecdf-da11-4ad7-9f60-73a0f1e4c856&ua=Mozilla%2F5.0+%28Windows+NT+6.1%3B+Win64%3B+x64%3B+rv%3A47.0%29+Gecko%2F20100101+Firefox%2F47.0&sr=800x600&de=cp936&ul=zh_CN&dl=%2Fgen%2Ftrack%2Flaunch&cd1=Win6.1%28x64%29&cd4=
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1621013283.139374
NtAllocateVirtualMemory
process_identifier: 1060
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x009d0000
success 0 0
1621013284.655874
NtAllocateVirtualMemory
process_identifier: 1476
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02c20000
success 0 0
1621013285.827374
NtAllocateVirtualMemory
process_identifier: 1948
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01280000
success 0 0
Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (4 个事件)
Time & API Arguments Status Return Repeated
1620985521.720879
GetDiskFreeSpaceExW
root_path: C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex
free_bytes_available: 1
total_number_of_free_bytes: 4212514
total_number_of_bytes: 24320235133730817
failed 0 0
1620985521.720879
GetDiskFreeSpaceExW
root_path: C:\Users\Administrator.Oskar-PC\AppData\Roaming\
free_bytes_available: 19602677760
total_number_of_free_bytes: 19602677760
total_number_of_bytes: 34252779520
success 1 0
1620985521.939879
GetDiskFreeSpaceExW
root_path: C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex
free_bytes_available: 7026635215798686
total_number_of_free_bytes: 2002414220
total_number_of_bytes: 4294967297
failed 0 0
1620985521.939879
GetDiskFreeSpaceExW
root_path: C:\Users\Administrator.Oskar-PC\AppData\Roaming\
free_bytes_available: 19602677760
total_number_of_free_bytes: 19602677760
total_number_of_bytes: 34252779520
success 1 0
Creates executable files on the filesystem (50 out of 51 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-memory-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-util-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-file-l2-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\libcrypto-1_1.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-handle-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-rtlsupport-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-crt-locale-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-crt-filesystem-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-libraryloader-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-crt-math-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nss7849.tmp\nsExec.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-crt-string-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\uninstall.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-errorhandling-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-crt-private-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-synch-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-crt-environment-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-namedpipe-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-file-l1-2-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-sysinfo-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\pythonw.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-profile-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\python37.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-crt-conio-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-console-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-crt-runtime-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-processthreads-l1-1-1.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-string-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\vcruntime140.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-crt-process-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-processenvironment-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-synch-l1-2-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-debug-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-heap-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-crt-stdio-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\ucrtbase.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-file-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\python3.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-datetime-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-crt-multibyte-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-crt-utility-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\sqlite3.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-interlocked-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-timezone-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-crt-heap-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-processthreads-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\libssl-1_1.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-crt-time-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-localization-l1-2-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\python.exe
Creates a suspicious process (4 个事件)
cmdline cmd /c schtasks /create /f /tn "mysidex2" /xml "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\tmppyei1ysf"
cmdline schtasks /create /f /tn "mysidex" /xml "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\tmpnow_cesc"
cmdline cmd /c schtasks /create /f /tn "mysidex" /xml "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\tmpnow_cesc"
cmdline schtasks /create /f /tn "mysidex2" /xml "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\tmppyei1ysf"
Drops an executable to the user AppData folder (50 out of 71 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-handle-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\_distutils_findvs.pyd
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\_ssl.pyd
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-timezone-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-crt-heap-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\_msi.pyd
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\_socket.pyd
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-crt-private-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\python.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-crt-conio-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\pyexpat.pyd
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\_lzma.pyd
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-processthreads-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\uninstall.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-debug-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-file-l2-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\python3.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-crt-process-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\_elementtree.pyd
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\sqlite3.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-crt-stdio-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\ucrtbase.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-interlocked-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\libssl-1_1.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\_decimal.pyd
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-errorhandling-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-localization-l1-2-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-crt-time-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-crt-filesystem-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-libraryloader-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-rtlsupport-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-util-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-profile-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\_hashlib.pyd
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-file-l1-2-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\unicodedata.pyd
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\_ctypes.pyd
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\_asyncio.pyd
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\_sqlite3.pyd
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-crt-runtime-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\_multiprocessing.pyd
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-synch-l1-2-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\python37.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\pythonw.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\_bz2.pyd
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-processenvironment-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-crt-string-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-file-l1-1-0.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\_queue.pyd
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\api-ms-win-core-processthreads-l1-1-1.dll
Uses Windows utilities for basic Windows functionality (4 个事件)
cmdline cmd /c schtasks /create /f /tn "mysidex2" /xml "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\tmppyei1ysf"
cmdline schtasks /create /f /tn "mysidex" /xml "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\tmpnow_cesc"
cmdline cmd /c schtasks /create /f /tn "mysidex" /xml "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\tmpnow_cesc"
cmdline schtasks /create /f /tn "mysidex2" /xml "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\tmppyei1ysf"
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Installs itself for autorun at Windows startup (1 个事件)
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\mysidex reg_value "C:\Users\Administrator.Oskar-PC\AppData\Roaming\mysidex\python\pythonw.exe" "load.pyc" ml2
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2018-12-16 06:24:46

Imports

Library KERNEL32.dll:
0x408074 SetFileAttributesW
0x408078 Sleep
0x40807c GetTickCount
0x408080 GetFileSize
0x408084 GetModuleFileNameW
0x408088 GetCurrentProcess
0x40808c CopyFileW
0x408094 GetFileAttributesW
0x40809c GetTempPathW
0x4080a0 GetCommandLineW
0x4080a4 GetVersion
0x4080a8 SetErrorMode
0x4080ac lstrlenW
0x4080b0 lstrcpynW
0x4080b4 GetDiskFreeSpaceW
0x4080b8 ExitProcess
0x4080bc GetShortPathNameW
0x4080c0 CreateThread
0x4080c4 GetLastError
0x4080c8 CreateDirectoryW
0x4080cc CreateProcessW
0x4080d0 RemoveDirectoryW
0x4080d4 lstrcmpiA
0x4080d8 CreateFileW
0x4080dc GetTempFileNameW
0x4080e0 WriteFile
0x4080e4 lstrcpyA
0x4080e8 MoveFileExW
0x4080ec lstrcatW
0x4080f0 GetSystemDirectoryW
0x4080f4 GetProcAddress
0x4080f8 GetModuleHandleA
0x4080fc GetExitCodeProcess
0x408100 WaitForSingleObject
0x408104 lstrcmpiW
0x408108 MoveFileW
0x40810c GetFullPathNameW
0x408110 SetFileTime
0x408114 SearchPathW
0x408118 CompareFileTime
0x40811c lstrcmpW
0x408120 CloseHandle
0x408128 GlobalFree
0x40812c GlobalLock
0x408130 GlobalUnlock
0x408134 GlobalAlloc
0x408138 FindFirstFileW
0x40813c FindNextFileW
0x408140 DeleteFileW
0x408144 SetFilePointer
0x408148 ReadFile
0x40814c FindClose
0x408150 lstrlenA
0x408154 MulDiv
0x408158 MultiByteToWideChar
0x40815c WideCharToMultiByte
0x408168 FreeLibrary
0x40816c LoadLibraryExW
0x408170 GetModuleHandleW
Library USER32.dll:
0x408194 GetSystemMenu
0x408198 SetClassLongW
0x40819c EnableMenuItem
0x4081a0 IsWindowEnabled
0x4081a4 SetWindowPos
0x4081a8 GetSysColor
0x4081ac GetWindowLongW
0x4081b0 SetCursor
0x4081b4 LoadCursorW
0x4081b8 CheckDlgButton
0x4081bc GetMessagePos
0x4081c0 LoadBitmapW
0x4081c4 CallWindowProcW
0x4081c8 IsWindowVisible
0x4081cc CloseClipboard
0x4081d0 SetClipboardData
0x4081d4 EmptyClipboard
0x4081d8 OpenClipboard
0x4081dc ScreenToClient
0x4081e0 GetWindowRect
0x4081e4 GetDlgItem
0x4081e8 GetSystemMetrics
0x4081ec SetDlgItemTextW
0x4081f0 GetDlgItemTextW
0x4081f4 MessageBoxIndirectW
0x4081f8 CharPrevW
0x4081fc CharNextA
0x408200 wsprintfA
0x408204 DispatchMessageW
0x408208 PeekMessageW
0x40820c ReleaseDC
0x408210 EnableWindow
0x408214 InvalidateRect
0x408218 SendMessageW
0x40821c DefWindowProcW
0x408220 BeginPaint
0x408224 GetClientRect
0x408228 FillRect
0x40822c DrawTextW
0x408230 EndDialog
0x408234 RegisterClassW
0x40823c CreateWindowExW
0x408240 GetClassInfoW
0x408244 DialogBoxParamW
0x408248 CharNextW
0x40824c ExitWindowsEx
0x408250 DestroyWindow
0x408254 GetDC
0x408258 SetTimer
0x40825c SetWindowTextW
0x408260 LoadImageW
0x408264 SetForegroundWindow
0x408268 ShowWindow
0x40826c IsWindow
0x408270 SetWindowLongW
0x408274 FindWindowExW
0x408278 TrackPopupMenu
0x40827c AppendMenuW
0x408280 CreatePopupMenu
0x408284 EndPaint
0x408288 CreateDialogParamW
0x40828c SendMessageTimeoutW
0x408290 wsprintfW
0x408294 PostQuitMessage
Library GDI32.dll:
0x40804c SelectObject
0x408050 SetBkMode
0x408054 CreateFontIndirectW
0x408058 SetTextColor
0x40805c DeleteObject
0x408060 GetDeviceCaps
0x408064 CreateBrushIndirect
0x408068 SetBkColor
Library SHELL32.dll:
0x40817c ShellExecuteExW
0x408184 SHBrowseForFolderW
0x408188 SHGetFileInfoW
0x40818c SHFileOperationW
Library ADVAPI32.dll:
0x408004 RegCreateKeyExW
0x408008 RegOpenKeyExW
0x40800c SetFileSecurityW
0x408010 OpenProcessToken
0x408018 RegEnumValueW
0x40801c RegDeleteKeyW
0x408020 RegDeleteValueW
0x408024 RegCloseKey
0x408028 RegSetValueExW
0x40802c RegQueryValueExW
0x408030 RegEnumKeyW
Library COMCTL32.dll:
0x408038 ImageList_Create
0x40803c ImageList_AddMasked
0x408040 ImageList_Destroy
0x408044
Library ole32.dll:
0x40829c OleUninitialize
0x4082a0 OleInitialize
0x4082a4 CoTaskMemFree
0x4082a8 CoCreateInstance

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49187 203.208.40.33 www.google-analytics.com 80
192.168.56.101 49192 203.208.40.33 www.google-analytics.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49714 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 1900

HTTP & HTTPS Requests

URI Data
http://www.google-analytics.com/collect?v=1&t=pageview&tid=&z=413705617&cid=2409ecdf-da11-4ad7-9f60-73a0f1e4c856&ua=Mozilla%2F5.0+%28Windows+NT+6.1%3B+Win64%3B+x64%3B+rv%3A47.0%29+Gecko%2F20100101+Firefox%2F47.0&sr=800x600&de=cp936&ul=zh_CN&dl=%2Fgen%2Ftrack%2Flaunch&cd1=Win6.1%28x64%29&cd4= 
GET /collect?v=1&t=pageview&tid=&z=413705617&cid=2409ecdf-da11-4ad7-9f60-73a0f1e4c856&ua=Mozilla%2F5.0+%28Windows+NT+6.1%3B+Win64%3B+x64%3B+rv%3A47.0%29+Gecko%2F20100101+Firefox%2F47.0&sr=800x600&de=cp936&ul=zh_CN&dl=%2Fgen%2Ftrack%2Flaunch&cd1=Win6.1%28x64%29&cd4= HTTP/1.1
Accept-Encoding: identity
Host: www.google-analytics.com
User-Agent: Python-urllib/3.7
Connection: close
http://www.google-analytics.com/collect?v=1&t=pageview&tid=&z=835147829&cid=2409ecdf-da11-4ad7-9f60-73a0f1e4c856&ua=Mozilla%2F5.0+%28Windows+NT+6.1%3B+Win64%3B+x64%3B+rv%3A47.0%29+Gecko%2F20100101+Firefox%2F47.0&sr=800x600&de=cp936&ul=zh_CN&dl=%2Finstaller%2FinstallSuccess&cd1=Win6.1%28x64%29&cd4= 
GET /collect?v=1&t=pageview&tid=&z=835147829&cid=2409ecdf-da11-4ad7-9f60-73a0f1e4c856&ua=Mozilla%2F5.0+%28Windows+NT+6.1%3B+Win64%3B+x64%3B+rv%3A47.0%29+Gecko%2F20100101+Firefox%2F47.0&sr=800x600&de=cp936&ul=zh_CN&dl=%2Finstaller%2FinstallSuccess&cd1=Win6.1%28x64%29&cd4= HTTP/1.1
Accept-Encoding: identity
Host: www.google-analytics.com
User-Agent: Python-urllib/3.7
Connection: close

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.