4.4
中危
55 个模型检测该样本为恶意!
重新分析
更多

b8209047da64f439c53f967460e973b2781824ced0d9bf5af0d7d30f86d345e1

d09b2f0dde6cfc743f7361c0133131ff.exe

分析耗时

87s

最近分析

文件大小

2.0MB
静态报毒 动态报毒 AI SCORE=80 AIDETECTVM ARTEMIS ATTRIBUTE AW1@A8EWTWCI CRIDEX EJNE GDSDA GENCIRC GENERICKD GENERICRXAA HDAT HIGH CONFIDENCE HIGHCONFIDENCE HJRKUZ ICEDID IVHVR KRYPTIK MALWARE1 MALWARE@#1JWAKXK7M9598 OCCAMY PGV+YOELX90 PHOTODLDER R066C0GIK20 R354576 SCORE STATIC AI SUSGEN SUSPICIOUS PE TROJANBANKER UNSAFE ZENPAK ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee GenericRXAA-AA!D09B2F0DDE6C 20201212 6.0.6.653
CrowdStrike 20190702 1.0
Avast Win32:Trojan-gen 20201211 21.1.5827.0
Alibaba TrojanBanker:Win32/Cridex.b45ec123 20190527 0.3.0.5
Tencent Malware.Win32.Gencirc.10b9ec88 20201212 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft 20201212 2017.9.26.565
静态指标
This executable has a PDB path (1 个事件)
pdb_path c:\likerepresent\eventSend\anJob\Nowno\Feedsharp\OverBear\CentPerson\GentlemenShine.pdb
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619923646.015
GlobalMemoryStatusEx
success 1 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Performs some HTTP requests (3 个事件)
request GET http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
request GET https://support.microsoft.com/
request GET https://support.microsoft.com/socbundles/jsll
Allocates read-write-execute memory (usually to unpack itself) (4 个事件)
Time & API Arguments Status Return Repeated
1619923645.843
NtProtectVirtualMemory
process_identifier: 2984
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 12288
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x011c6000
success 0 0
1619923645.843
NtAllocateVirtualMemory
process_identifier: 2984
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00330000
success 0 0
1619923645.843
NtAllocateVirtualMemory
process_identifier: 2984
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00340000
success 0 0
1619923645.843
NtAllocateVirtualMemory
process_identifier: 2984
region_size: 32768
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00350000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619923657.358
GetAdaptersAddresses
flags: 15
family: 0
failed 111 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Attempts to create or modify system certificates (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob
File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
DrWeb Trojan.IcedID.27
MicroWorld-eScan Trojan.GenericKD.33752079
FireEye Trojan.GenericKD.33752079
CAT-QuickHeal Trojan.Zenpak
Qihoo-360 Win32/Trojan.d36
McAfee GenericRXAA-AA!D09B2F0DDE6C
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
AegisLab Trojan.Win32.Generic.4!c
Sangfor Malware
BitDefender Trojan.GenericKD.33752079
K7GW Trojan ( 00565c1b1 )
K7AntiVirus Trojan ( 00565c1b1 )
BitDefenderTheta Gen:NN.ZexaF.34688.aw1@a8EWTWci
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Trojan-gen
Kaspersky HEUR:Trojan.Win32.Zenpak.vho
Alibaba TrojanBanker:Win32/Cridex.b45ec123
NANO-Antivirus Trojan.Win32.IcedID.hjrkuz
Tencent Malware.Win32.Gencirc.10b9ec88
Ad-Aware Trojan.GenericKD.33752079
Sophos Mal/Generic-S
Comodo Malware@#1jwakxk7m9598
F-Secure Trojan.TR/AD.PhotoDlder.ivhvr
Zillya Trojan.Cridex.Win32.732
TrendMicro TROJ_GEN.R066C0GIK20
McAfee-GW-Edition Artemis!Trojan
Emsisoft Trojan.GenericKD.33752079 (B)
Ikarus Trojan-Spy.Agent
Jiangmin Trojan.Zenpak.bwb
Avira TR/AD.PhotoDlder.ivhvr
Antiy-AVL Trojan/Win32.Zenpak
Microsoft Trojan:Win32/Occamy.CB8
Gridinsoft Trojan.Win32.Kryptik.ba!s1
Arcabit Trojan.Generic.D203040F
ZoneAlarm HEUR:Trojan.Win32.Zenpak.vho
GData Trojan.GenericKD.33752079
Cynet Malicious (score: 85)
AhnLab-V3 Malware/Win32.RL_Generic.R354576
VBA32 Trojan.Zenpak
ALYac Trojan.GenericKD.33752079
MAX malware (ai score=80)
Malwarebytes Trojan.MalPack
Panda Trj/GdSda.A
ESET-NOD32 a variant of Win32/Kryptik.HDAT
TrendMicro-HouseCall TROJ_GEN.R066C0GIK20
Yandex Trojan.Kryptik!PGv+yOELX90
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2014-04-29 18:55:31

Imports

Library KERNEL32.dll:
0x5421bc DeleteFileW
0x5421c4 DuplicateHandle
0x5421c8 GetShortPathNameW
0x5421d0 VirtualProtect
0x5421d4 GetSystemInfo
0x5421d8 DecodePointer
0x5421dc LocalAlloc
0x5421e0 ResetEvent
0x5421e4 HeapSize
0x5421e8 VirtualAlloc
0x5421ec GetLastError
0x5421f0 OpenMutexW
0x5421f4 RaiseException
0x5421f8 GetTempPathW
0x5421fc CopyFileW
0x542200 Sleep
0x542208 GetSystemDirectoryW
0x54220c GetProcessHeap
0x542210 GetCurrentThread
0x542214 CreateDirectoryW
0x542218 HeapFree
0x54221c HeapAlloc
0x542220 PeekNamedPipe
0x542228 CreateMutexW
0x54222c HeapReAlloc
0x542234 OutputDebugStringA
0x542238 SetLastError
0x54223c GetModuleFileNameW
0x542240 GetModuleHandleA
0x542244 GetModuleHandleW
0x542248 GetProcAddress
0x54224c LoadLibraryW
0x54225c TlsAlloc
0x542260 TlsGetValue
0x542264 TlsSetValue
0x542268 TlsFree
0x54226c GlobalAlloc
0x542270 GlobalReAlloc
0x542274 GlobalLock
0x542278 GlobalHandle
0x54227c GlobalUnlock
0x542280 GlobalFree
0x542284 LocalReAlloc
0x542288 LocalFree
0x54228c GetCurrentProcessId
0x542290 LoadResource
0x542294 LockResource
0x542298 SizeofResource
0x54229c FindResourceW
0x5422a0 WideCharToMultiByte
0x5422a4 GlobalSize
0x5422a8 MulDiv
0x5422ac FormatMessageW
0x5422b0 MultiByteToWideChar
0x5422b4 CloseHandle
0x5422b8 WaitForSingleObject
0x5422bc GetCurrentThreadId
0x5422c0 SetThreadPriority
0x5422c4 ResumeThread
0x5422c8 lstrcmpA
0x5422cc GlobalGetAtomNameW
0x5422d4 EncodePointer
0x5422d8 FreeLibrary
0x5422dc FreeResource
0x5422e0 LoadLibraryExW
0x5422e4 GlobalDeleteAtom
0x5422e8 lstrcmpW
0x5422ec LoadLibraryA
0x5422f0 GlobalAddAtomW
0x5422f4 GlobalFindAtomW
0x5422f8 CreateFileW
0x5422fc FindClose
0x542300 FindFirstFileW
0x542304 FlushFileBuffers
0x542308 GetFileSize
0x54230c GetFullPathNameW
0x542314 LockFile
0x542318 ReadFile
0x54231c SetEndOfFile
0x542320 SetFilePointer
0x542324 UnlockFile
0x542328 WriteFile
0x54232c GetCurrentProcess
0x542330 lstrcmpiW
0x542334 CompareStringW
0x54233c GlobalFlags
0x542340 GetVersionExW
0x542348 GetFileAttributesW
0x542350 GetFileSizeEx
0x542354 GetFileTime
0x54235c lstrcpyW
0x542360 VerSetConditionMask
0x542364 VerifyVersionInfoW
0x542368 GetTempFileNameW
0x54236c GetTickCount
0x542370 GetProfileIntW
0x542374 SearchPathW
0x542378 FindResourceExW
0x54237c GetCommandLineW
0x542380 RtlUnwind
0x542384 CreateThread
0x542388 ExitThread
0x54238c IsDebuggerPresent
0x542398 ExitProcess
0x54239c GetModuleHandleExW
0x5423a0 VirtualQuery
0x5423a8 SetStdHandle
0x5423ac GetFileType
0x5423b0 GetStdHandle
0x5423b4 GetStartupInfoW
0x5423cc TerminateProcess
0x5423d0 IsValidCodePage
0x5423d4 GetACP
0x5423d8 GetOEMCP
0x5423dc GetCPInfo
0x5423e4 GetStringTypeW
0x5423e8 GetConsoleCP
0x5423ec GetConsoleMode
0x5423f0 ReadConsoleW
0x5423f4 SetFilePointerEx
0x5423f8 LCMapStringW
0x5423fc OutputDebugStringW
0x542400 WriteConsoleW
0x542408 LoadLibraryExA
Library USER32.dll:
0x542494 TrackPopupMenu
0x542498 UpdateWindow
0x54249c SetActiveWindow
0x5424a0 GetForegroundWindow
0x5424a4 SetForegroundWindow
0x5424a8 RedrawWindow
0x5424ac ScrollWindow
0x5424b0 SetScrollPos
0x5424b4 GetScrollPos
0x5424b8 SetScrollRange
0x5424bc GetScrollRange
0x5424c0 ShowScrollBar
0x5424c4 SetPropW
0x5424c8 GetPropW
0x5424cc RemovePropW
0x5424d0 GetClientRect
0x5424d4 GetWindowRect
0x5424d8 AdjustWindowRectEx
0x5424dc ScreenToClient
0x5424e0 MapWindowPoints
0x5424e4 CopyRect
0x5424e8 EqualRect
0x5424ec PtInRect
0x5424f0 SetWindowLongW
0x5424f4 GetClassLongW
0x5424f8 GetClassNameW
0x5424fc GetTopWindow
0x542500 GetWindow
0x542504 LoadIconW
0x542508 SetScrollInfo
0x54250c GetScrollInfo
0x542510 WinHelpW
0x542514 MonitorFromWindow
0x542518 GetMonitorInfoW
0x54251c ShowWindow
0x542520 MoveWindow
0x542524 CheckDlgButton
0x542528 SetWindowTextW
0x54252c IsDialogMessageW
0x542530 DestroyIcon
0x542534 CharUpperW
0x542538 ClientToScreen
0x54253c GetDesktopWindow
0x542544 DrawTextW
0x542548 DrawTextExW
0x54254c GrayStringW
0x542550 TabbedTextOutW
0x542554 GetWindowDC
0x542558 BeginPaint
0x54255c EndPaint
0x542560 FillRect
0x542564 DestroyMenu
0x542568 GetMenuItemInfoW
0x54256c InflateRect
0x542574 CopyImage
0x542578 SendDlgItemMessageA
0x54257c PostQuitMessage
0x542580 IsIconic
0x542584 IntersectRect
0x542588 ShowOwnedPopups
0x54258c SetCursor
0x542590 DeleteMenu
0x542594 SetTimer
0x542598 KillTimer
0x54259c InvalidateRect
0x5425a4 EndDialog
0x5425a8 GetNextDlgTabItem
0x5425ac GetNextDlgGroupItem
0x5425b0 SetCapture
0x5425b4 ReleaseCapture
0x5425b8 WindowFromPoint
0x5425bc DrawFocusRect
0x5425c0 UnhookWindowsHookEx
0x5425c4 OffsetRect
0x5425c8 SetMenu
0x5425cc LoadImageW
0x5425d0 DrawIconEx
0x5425d4 GetIconInfo
0x5425d8 MessageBeep
0x5425dc GetAsyncKeyState
0x5425e0 EnableScrollBar
0x5425e4 HideCaret
0x5425e8 InvertRect
0x5425ec NotifyWinEvent
0x5425f0 CreatePopupMenu
0x5425f4 GetMenuDefaultItem
0x5425f8 MapVirtualKeyW
0x5425fc LoadMenuW
0x542604 EnumDisplayMonitors
0x542608 OpenClipboard
0x54260c CloseClipboard
0x542610 SetClipboardData
0x542614 EmptyClipboard
0x542618 DrawStateW
0x54261c DrawEdge
0x542620 DrawFrameControl
0x542624 SetWindowRgn
0x542628 UnionRect
0x54262c IsMenu
0x542630 UpdateLayeredWindow
0x542634 MonitorFromPoint
0x542638 BringWindowToTop
0x54263c LoadAcceleratorsW
0x542644 InsertMenuItemW
0x542648 UnpackDDElParam
0x54264c ReuseDDElParam
0x542650 GetKeyNameTextW
0x542654 TrackMouseEvent
0x542658 GetComboBoxInfo
0x54265c IsZoomed
0x542660 GetSystemMenu
0x542664 PostThreadMessageW
0x542668 WaitMessage
0x54266c GetKeyboardLayout
0x542670 IsCharLowerW
0x542674 MapVirtualKeyExW
0x542678 ToUnicodeEx
0x54267c GetKeyboardState
0x54268c SetCursorPos
0x542690 SetRect
0x542694 SetParent
0x542698 LockWindowUpdate
0x54269c SetClassLongW
0x5426a0 GetDoubleClickTime
0x5426a4 CopyIcon
0x5426a8 SetMenuDefaultItem
0x5426ac ModifyMenuW
0x5426b4 CharUpperBuffW
0x5426b8 FrameRect
0x5426bc DrawMenuBar
0x5426c0 DefFrameProcW
0x5426c4 DefMDIChildProcW
0x5426d0 GetUpdateRect
0x5426d4 SubtractRect
0x5426d8 CreateMenu
0x5426dc MapDialogRect
0x5426e0 DestroyCursor
0x5426e4 GetWindowRgn
0x5426e8 DrawIcon
0x5426ec GetMenu
0x5426f0 GetCapture
0x5426f4 SetFocus
0x5426f8 GetDlgCtrlID
0x5426fc GetDlgItem
0x542700 EndDeferWindowPos
0x542704 DeferWindowPos
0x542708 BeginDeferWindowPos
0x54270c SetWindowPlacement
0x542710 GetWindowPlacement
0x542714 SetWindowPos
0x542718 DestroyWindow
0x54271c IsChild
0x542720 IsWindow
0x542724 GetMessagePos
0x54272c LoadBitmapW
0x542730 SetMenuItemInfoW
0x542738 CreateWindowExW
0x54273c GetClassInfoExW
0x542740 GetClassInfoW
0x542744 RegisterClassW
0x542748 CallWindowProcW
0x54274c DefWindowProcW
0x542750 IsRectEmpty
0x542754 PostMessageW
0x542758 SetMenuItemBitmaps
0x54275c EnableMenuItem
0x542760 CheckMenuItem
0x542764 GetFocus
0x54276c GetWindowTextW
0x542770 LoadCursorW
0x542774 GetSysColorBrush
0x542778 GetSysColor
0x54277c ReleaseDC
0x542780 GetDC
0x542784 GetSystemMetrics
0x542788 CallNextHookEx
0x54278c SetWindowsHookExW
0x542790 GetCursorPos
0x542794 ValidateRect
0x542798 GetKeyState
0x54279c GetActiveWindow
0x5427a0 IsWindowVisible
0x5427a4 PeekMessageW
0x5427a8 DispatchMessageW
0x5427ac TranslateMessage
0x5427b0 GetMessageW
0x5427b4 RemoveMenu
0x5427b8 AppendMenuW
0x5427bc InsertMenuW
0x5427c0 GetMenuItemCount
0x5427c4 GetMenuItemID
0x5427c8 GetSubMenu
0x5427cc GetMenuState
0x5427d0 GetMenuStringW
0x5427d4 GetLastActivePopup
0x5427dc GetParent
0x5427e0 GetWindowLongW
0x5427e4 MessageBoxW
0x5427e8 IsWindowEnabled
0x5427ec EnableWindow
0x5427f0 SetRectEmpty
0x5427f4 SendMessageW
0x5427f8 GetMessageTime
Library ole32.dll:
0x5428a4 OleLockRunning
0x5428a8 DoDragDrop
0x5428b0 CoInitializeEx
0x5428b4 CoCreateInstance
0x5428c4 IsAccelerator
0x5428c8 OleGetClipboard
0x5428d0 RegisterDragDrop
0x5428d4 RevokeDragDrop
0x5428d8 CoDisconnectObject
0x5428dc ReleaseStgMedium
0x5428e0 OleDuplicateData
0x5428e4 OleCreate
0x5428e8 CoInitialize
0x5428ec StgCreateDocfile
0x5428f4 CoTaskMemFree
0x5428f8 CoTaskMemAlloc
0x5428fc OleInitialize
0x542900 CoUninitialize
Library OLEAUT32.dll:
0x54241c SysAllocStringLen
0x542420 SysStringLen
0x54242c VariantClear
0x542430 VariantCopy
0x542434 VariantChangeType
0x542438 VarBstrFromDate
0x54243c VariantInit
0x542440 SysAllocString
0x542444 SysFreeString
0x542448 LoadTypeLib
Library VERSION.dll:
0x542838 VerQueryValueW
0x54283c GetFileVersionInfoW
Library UxTheme.dll:
0x542800 GetThemePartSize
0x542804 GetWindowTheme
0x542808 GetThemeSysColor
0x542810 IsAppThemed
0x542814 GetCurrentThemeName
0x542818 GetThemeColor
0x54281c DrawThemeBackground
0x542820 OpenThemeData
0x542828 CloseThemeData
0x54282c DrawThemeText
0x542830 GetThemeFont
Library GDI32.dll:
0x542024 GetViewportOrgEx
0x542028 LPtoDP
0x54202c GetWindowOrgEx
0x542030 GetBoundsRect
0x542034 FillRgn
0x542038 SetPaletteEntries
0x54203c ExtFloodFill
0x542040 SetPixelV
0x542044 PtInRegion
0x542048 RoundRect
0x54204c CreateRoundRectRgn
0x542050 OffsetRgn
0x542054 GetRgnBox
0x542058 EnumFontFamiliesExW
0x54205c Rectangle
0x542060 GetTextFaceW
0x542064 FrameRgn
0x542068 SetPolyFillMode
0x54206c CopyMetaFileW
0x542070 CreateDCW
0x542074 GetDeviceCaps
0x542078 CreateBitmap
0x54207c SetBkColor
0x542080 SetTextColor
0x542084 GetObjectW
0x542088 DeleteObject
0x54208c BitBlt
0x542090 CreateCompatibleDC
0x542094 CreateHatchBrush
0x542098 CreatePen
0x54209c CreatePatternBrush
0x5420a0 CreateRectRgn
0x5420a4 CreateSolidBrush
0x5420a8 DeleteDC
0x5420ac Escape
0x5420b0 ExcludeClipRect
0x5420b4 GetClipBox
0x5420b8 GetObjectType
0x5420bc GetPixel
0x5420c0 GetStockObject
0x5420c4 GetViewportExtEx
0x5420c8 GetWindowExtEx
0x5420cc IntersectClipRect
0x5420d0 LineTo
0x5420d4 PtVisible
0x5420d8 RectVisible
0x5420dc RestoreDC
0x5420e0 SaveDC
0x5420e4 SelectClipRgn
0x5420e8 ExtSelectClipRgn
0x5420ec SelectObject
0x5420f0 SelectPalette
0x5420f4 SetBkMode
0x5420f8 SetMapMode
0x5420fc SetLayout
0x542100 GetLayout
0x542104 SetROP2
0x542108 SetTextAlign
0x54210c MoveToEx
0x542110 TextOutW
0x542114 ExtTextOutW
0x542118 SetViewportExtEx
0x54211c SetViewportOrgEx
0x542120 SetWindowExtEx
0x542124 SetWindowOrgEx
0x542128 OffsetViewportOrgEx
0x54212c OffsetWindowOrgEx
0x542130 ScaleViewportExtEx
0x542134 ScaleWindowExtEx
0x542138 CreateFontIndirectW
0x542140 CombineRgn
0x542148 PatBlt
0x54214c SetRectRgn
0x542150 DPtoLP
0x542154 CreatePalette
0x54215c GetPaletteEntries
0x542164 RealizePalette
0x542168 GetBkColor
0x54216c GetTextMetricsW
0x542174 CreateDIBitmap
0x542178 EnumFontFamiliesW
0x54217c GetTextCharsetInfo
0x542180 SetPixel
0x542184 StretchBlt
0x542188 CreateDIBSection
0x54218c SetDIBColorTable
0x542190 CreateEllipticRgn
0x542194 Ellipse
0x542198 GetTextColor
0x54219c CreatePolygonRgn
0x5421a0 Polygon
0x5421a4 Polyline
Library SHELL32.dll:
0x542450 SHBrowseForFolderW
0x542454 SHGetFileInfoW
0x542458 ShellExecuteW
0x542464 SHGetDesktopFolder
0x542468 SHAppBarMessage
0x54246c DragFinish
0x542470 DragQueryFileW
Library gdiplus.dll:
0x542848 GdipDrawImageRectI
0x542850 GdipCreateFromHDC
0x542858 GdipDrawImageI
0x54285c GdipDeleteGraphics
0x542864 GdipBitmapLockBits
0x542874 GdipGetImagePalette
0x54287c GdipGetImageHeight
0x542880 GdipGetImageWidth
0x542888 GdipDisposeImage
0x54288c GdipCloneImage
0x542890 GdiplusStartup
0x542894 GdipFree
0x542898 GdipAlloc
0x54289c GdiplusShutdown
Library SHLWAPI.dll:
0x542478 StrFormatKBSizeW
0x54247c PathRemoveFileSpecW
0x542480 PathFindExtensionW
0x542484 PathStripToRootW
0x542488 PathIsUNCW
0x54248c PathFindFileNameW
Library ADVAPI32.dll:
0x542000 RegCloseKey
0x542004 RegCreateKeyExW
0x542008 RegDeleteKeyW
0x54200c RegOpenKeyExW
0x542010 RegDeleteValueW
0x542014 RegEnumKeyExW
0x542018 RegSetValueExW
0x54201c RegQueryValueExW
Library MSIMG32.dll:
0x542410 AlphaBlend
0x542414 TransparentBlt
Library IMM32.dll:
0x5421ac ImmReleaseContext
0x5421b0 ImmGetOpenStatus
0x5421b4 ImmGetContext

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49179 104.101.189.208 support.oracle.com 443
192.168.56.101 49181 104.101.189.208 support.oracle.com 443
192.168.56.101 49182 111.123.43.217 support.apple.com 443
192.168.56.101 49187 124.225.105.97 www.download.windowsupdate.com 80
192.168.56.101 49190 2.17.148.241 support.microsoft.com 443
192.168.56.101 49188 23.45.60.6 www.intel.com 443
192.168.56.101 49189 23.45.60.6 www.intel.com 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 53380 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab 
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 03 Mar 2021 06:32:16 GMT
If-None-Match: "0d8f4f3f6fd71:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.download.windowsupdate.com
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab 
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Cache-Control: max-age = 3600
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 03 Mar 2021 06:32:16 GMT
If-None-Match: "0d8f4f3f6fd71:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.download.windowsupdate.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.