5.2
中危
50 个模型检测该样本为恶意!
重新分析
更多

bf42769023d49528a43be74f00d8e6972a91ffe07f81636db6cee20b4b8aaa6b

f668ec36165c1bec463ab2b84a4e1310.exe

分析耗时

79s

最近分析

文件大小

755.8KB
静态报毒 动态报毒 100% AGEN AI SCORE=100 ARTEMIS ATTRIBUTE AUTOIT CLASSIC CONFIDENCE ECTS EYFW FLBWAY HIGH HIGHCONFIDENCE HPUTOTI MALWARE@#30T5024JSRGQ5 MODERATE CONFIDENCE NYMERIA OCCAMY POWERSHELL SCORE STATIC ENGINE UNSAFE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba 20180921 0.1.0.2
Baidu 20190215 1.0.0.2
Avast Win32:Trojan-gen 20190215 18.4.3895.0
Tencent Win32.Trojan.Nymeria.Ects 20190215 1.0.0.1
Kingsoft 20190215 2013.8.14.323
McAfee Artemis!F668EC36165C 20190215 6.0.6.653
CrowdStrike malicious_confidence_100% (W) 20181023 1.0
静态指标
Queries for the computername (2 个事件)
Time & API Arguments Status Return Repeated
1620809371.895598
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620809371.973598
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Checks if process is being debugged by a debugger (2 个事件)
Time & API Arguments Status Return Repeated
1620809370.910598
IsDebuggerPresent
failed 0 0
1620809370.926598
IsDebuggerPresent
failed 0 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620809371.082598
GlobalMemoryStatusEx
success 1 0
行为判定
动态指标
Connects to a Dynamic DNS Domain (1 个事件)
domain hack3dsystem.ddns.net
Performs some HTTP requests (2 个事件)
request GET http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEALYmhVz87O42hRbWDiYKQc%3D
request GET https://ipapi.co/json
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620809372.785598
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Executes one or more WMI queries (1 个事件)
wmi Select * from AntiVirusProduct
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1620809375.364598
RegSetValueExA
key_handle: 0x00000434
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620809375.364598
RegSetValueExA
key_handle: 0x00000434
value: ×$\FG×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620809375.364598
RegSetValueExA
key_handle: 0x00000434
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620809375.364598
RegSetValueExW
key_handle: 0x00000434
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620809375.364598
RegSetValueExA
key_handle: 0x00000450
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620809375.364598
RegSetValueExA
key_handle: 0x00000450
value: ×$\FG×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620809375.364598
RegSetValueExA
key_handle: 0x00000450
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620809375.410598
RegSetValueExW
key_handle: 0x00000430
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1620809387.676598
RegSetValueExA
key_handle: 0x00000468
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620809387.676598
RegSetValueExA
key_handle: 0x00000468
value: €€{cFG×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620809387.676598
RegSetValueExA
key_handle: 0x00000468
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620809387.676598
RegSetValueExW
key_handle: 0x00000468
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620809387.676598
RegSetValueExA
key_handle: 0x00000670
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620809387.676598
RegSetValueExA
key_handle: 0x00000670
value: €€{cFG×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620809387.676598
RegSetValueExA
key_handle: 0x00000670
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
File has been identified by 50 AntiVirus engines on VirusTotal as malicious (50 个事件)
K7AntiVirus Trojan ( 00479c481 )
MicroWorld-eScan AIT:Trojan.Nymeria.1006
CAT-QuickHeal Trojanspy.Powershell
ALYac AIT:Trojan.Nymeria.1006
Malwarebytes Trojan.Nymeria.AutoIt
K7GW Trojan ( 00479c481 )
Arcabit AIT:Trojan.Nymeria.D3EE
TrendMicro TROJ_HPUTOTI.SMO
NANO-Antivirus Trojan.Win32.PowerShell.flbway
Cyren W32/Trojan.EYFW-8523
Symantec ML.Attribute.HighConfidence
Paloalto generic.ml
Kaspersky Trojan-Spy.PowerShell.KeyLogger.c
BitDefender AIT:Trojan.Nymeria.1006
Avast Win32:Trojan-gen
Tencent Win32.Trojan.Nymeria.Ects
Ad-Aware AIT:Trojan.Nymeria.1006
Emsisoft AIT:Trojan.Nymeria.1006 (B)
Comodo Malware@#30t5024jsrgq5
F-Secure Heuristic.HEUR/AGEN.1034185
Zillya Trojan.Autoit.Win32.127652
Invincea heuristic
McAfee-GW-Edition BehavesLike.Win32.Autorun.bh
Trapmine malicious.high.ml.score
Sophos Mal/Generic-S
SentinelOne static engine - malicious
F-Prot W32/Autoit.VH
Jiangmin TrojanSpy.PowerShell.bk
Webroot W32.Trojan.Gen
Avira HEUR/AGEN.1034185
Endgame malicious (moderate confidence)
Microsoft Trojan:Win32/Occamy.C
ViRobot Trojan.Win32.Z.Nymeria.773929
ZoneAlarm Trojan-Spy.PowerShell.KeyLogger.c
GData AIT:Trojan.Nymeria.1006 (2x)
AhnLab-V3 Trojan/Win32.Hputoti.C2909033
Acronis suspicious
McAfee Artemis!F668EC36165C
MAX malware (ai score=100)
VBA32 Trojan-Downloader.Autoit.gen
Cylance Unsafe
ESET-NOD32 a variant of Win32/Autoit.DB
Rising Trojan.Win32.Agent_.pb (CLASSIC)
Ikarus Trojan.Win32.Autoit
Fortinet W32/HPUTOTI.SMO!tr
AVG Win32:Trojan-gen
Cybereason malicious.6165c1
Panda Trj/CI.A
CrowdStrike malicious_confidence_100% (W)
Qihoo-360 Win32/Trojan.Spy.0cc
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2012-01-30 05:32:28

Imports

Library WSOCK32.dll:
0x482794 __WSAFDIsSet
0x482798 setsockopt
0x48279c ntohs
0x4827a0 recvfrom
0x4827a4 sendto
0x4827a8 htons
0x4827ac select
0x4827b0 listen
0x4827b4 WSAStartup
0x4827b8 bind
0x4827bc closesocket
0x4827c0 connect
0x4827c4 socket
0x4827c8 send
0x4827cc WSACleanup
0x4827d0 ioctlsocket
0x4827d4 accept
0x4827d8 WSAGetLastError
0x4827dc inet_addr
0x4827e0 gethostbyname
0x4827e4 gethostname
0x4827e8 recv
Library VERSION.dll:
0x482738 VerQueryValueW
0x48273c GetFileVersionInfoW
Library WINMM.dll:
0x482784 timeGetTime
0x482788 waveOutSetVolume
0x48278c mciSendStringW
Library COMCTL32.dll:
0x48208c ImageList_Remove
0x482094 ImageList_BeginDrag
0x482098 ImageList_DragEnter
0x48209c ImageList_DragLeave
0x4820a0 ImageList_EndDrag
0x4820a4 ImageList_DragMove
0x4820ac ImageList_Create
0x4820b4 ImageList_Destroy
Library MPR.dll:
0x4823dc WNetGetConnectionW
0x4823e0 WNetAddConnection2W
0x4823e4 WNetUseConnectionW
Library WININET.dll:
0x482748 InternetReadFile
0x48274c InternetCloseHandle
0x482750 InternetOpenW
0x482754 InternetSetOptionW
0x482758 InternetCrackUrlW
0x48275c HttpQueryInfoW
0x482760 InternetConnectW
0x482764 HttpOpenRequestW
0x482768 HttpSendRequestW
0x48276c FtpOpenFileW
0x482770 FtpGetFileSize
0x482774 InternetOpenUrlW
Library PSAPI.DLL:
0x482450 EnumProcesses
0x482454 GetModuleBaseNameW
0x48245c EnumProcessModules
Library USERENV.dll:
0x48272c UnloadUserProfile
0x482730 LoadUserProfileW
Library KERNEL32.dll:
0x482158 HeapAlloc
0x48215c Sleep
0x482160 GetCurrentThreadId
0x482164 RaiseException
0x482168 MulDiv
0x48216c GetVersionExW
0x482170 GetSystemInfo
0x48217c WideCharToMultiByte
0x482180 lstrcpyW
0x482184 MultiByteToWideChar
0x482188 lstrlenW
0x48218c lstrcmpiW
0x482190 GetModuleHandleW
0x482198 VirtualFreeEx
0x48219c OpenProcess
0x4821a0 VirtualAllocEx
0x4821a4 WriteProcessMemory
0x4821a8 ReadProcessMemory
0x4821ac CreateFileW
0x4821b0 SetFilePointerEx
0x4821b4 ReadFile
0x4821b8 WriteFile
0x4821bc FlushFileBuffers
0x4821c0 TerminateProcess
0x4821c8 Process32FirstW
0x4821cc Process32NextW
0x4821d0 SetFileTime
0x4821d4 GetFileAttributesW
0x4821d8 FindFirstFileW
0x4821dc FindClose
0x4821e0 DeleteFileW
0x4821e4 FindNextFileW
0x4821e8 MoveFileW
0x4821ec CopyFileW
0x4821f0 CreateDirectoryW
0x4821f4 RemoveDirectoryW
0x4821f8 GetProcessHeap
0x482200 FindResourceW
0x482204 LoadResource
0x482208 LockResource
0x48220c SizeofResource
0x482210 EnumResourceNamesW
0x482214 OutputDebugStringW
0x482218 GetLocalTime
0x48221c CompareStringW
0x482230 GetStdHandle
0x482234 CreatePipe
0x482238 InterlockedExchange
0x48223c TerminateThread
0x482240 GetTempPathW
0x482244 GetTempFileNameW
0x482248 VirtualFree
0x48224c FormatMessageW
0x482250 GetExitCodeProcess
0x482254 SetErrorMode
0x48227c GetDriveTypeW
0x482280 GetDiskFreeSpaceExW
0x482284 GetDiskFreeSpaceW
0x48228c SetVolumeLabelW
0x482290 CreateHardLinkW
0x482294 DeviceIoControl
0x482298 SetFileAttributesW
0x48229c GetShortPathNameW
0x4822a0 CreateEventW
0x4822a4 SetEvent
0x4822b0 GlobalLock
0x4822b4 GlobalUnlock
0x4822b8 GlobalAlloc
0x4822bc GetFileSize
0x4822c0 GlobalFree
0x4822c8 Beep
0x4822cc GetSystemDirectoryW
0x4822d0 GetComputerNameW
0x4822d8 GetCurrentProcessId
0x4822dc GetCurrentThread
0x4822e4 CreateProcessW
0x4822e8 SetPriorityClass
0x4822ec LoadLibraryW
0x4822f0 VirtualAlloc
0x4822f4 LoadLibraryExW
0x4822f8 HeapFree
0x4822fc WaitForSingleObject
0x482300 CreateThread
0x482304 DuplicateHandle
0x482308 GetLastError
0x48230c CloseHandle
0x482310 GetCurrentProcess
0x482314 GetProcAddress
0x482318 LoadLibraryA
0x48231c FreeLibrary
0x482320 GetModuleFileNameW
0x482324 GetFullPathNameW
0x48232c IsDebuggerPresent
0x482334 ExitProcess
0x482338 ExitThread
0x482340 ResumeThread
0x482344 GetTimeFormatW
0x482348 GetDateFormatW
0x48234c GetCommandLineW
0x482350 GetStartupInfoW
0x482358 HeapSize
0x48235c GetCPInfo
0x482360 GetACP
0x482364 GetOEMCP
0x482368 IsValidCodePage
0x48236c TlsAlloc
0x482370 TlsGetValue
0x482374 TlsSetValue
0x482378 TlsFree
0x48237c SetLastError
0x482388 GetStringTypeW
0x48238c HeapCreate
0x482390 SetHandleCount
0x482394 GetFileType
0x482398 SetStdHandle
0x48239c GetConsoleCP
0x4823a0 GetConsoleMode
0x4823a4 LCMapStringW
0x4823a8 RtlUnwind
0x4823ac SetFilePointer
0x4823bc GetTickCount
0x4823c0 HeapReAlloc
0x4823c4 WriteConsoleW
0x4823c8 SetEndOfFile
0x4823cc SetSystemPowerState
Library USER32.dll:
0x4824a0 GetCursorInfo
0x4824a4 RegisterHotKey
0x4824a8 ClientToScreen
0x4824b0 IsCharAlphaW
0x4824b4 IsCharAlphaNumericW
0x4824b8 IsCharLowerW
0x4824bc IsCharUpperW
0x4824c0 GetMenuStringW
0x4824c4 GetSubMenu
0x4824c8 GetCaretPos
0x4824cc IsZoomed
0x4824d0 MonitorFromPoint
0x4824d4 GetMonitorInfoW
0x4824d8 SetWindowLongW
0x4824e0 FlashWindow
0x4824e4 GetClassLongW
0x4824ec IsDialogMessageW
0x4824f0 GetSysColor
0x4824f4 InflateRect
0x4824f8 DrawFocusRect
0x4824fc DrawTextW
0x482500 FrameRect
0x482504 DrawFrameControl
0x482508 FillRect
0x48250c PtInRect
0x482518 SetCursor
0x48251c GetWindowDC
0x482520 GetSystemMetrics
0x482524 GetActiveWindow
0x482528 CharNextW
0x48252c wsprintfW
0x482530 RedrawWindow
0x482534 DrawMenuBar
0x482538 DestroyMenu
0x48253c SetMenu
0x482544 CreateMenu
0x482548 IsDlgButtonChecked
0x48254c DefDlgProcW
0x482550 ReleaseCapture
0x482554 SetCapture
0x482558 WindowFromPoint
0x48255c LoadImageW
0x482564 mouse_event
0x482568 ExitWindowsEx
0x48256c SetActiveWindow
0x482570 FindWindowExW
0x482574 EnumThreadWindows
0x482578 SetMenuDefaultItem
0x48257c InsertMenuItemW
0x482580 IsMenu
0x482584 TrackPopupMenuEx
0x482588 GetCursorPos
0x48258c DeleteMenu
0x482590 CheckMenuRadioItem
0x482594 SetWindowPos
0x482598 GetMenuItemCount
0x48259c SetMenuItemInfoW
0x4825a0 GetMenuItemInfoW
0x4825a4 SetForegroundWindow
0x4825a8 IsIconic
0x4825ac FindWindowW
0x4825b4 TranslateMessage
0x4825b8 SendInput
0x4825bc GetAsyncKeyState
0x4825c0 SetKeyboardState
0x4825c4 GetKeyboardState
0x4825c8 GetKeyState
0x4825cc VkKeyScanW
0x4825d0 LoadStringW
0x4825d4 DialogBoxParamW
0x4825d8 MessageBeep
0x4825dc EndDialog
0x4825e0 SendDlgItemMessageW
0x4825e4 GetDlgItem
0x4825e8 SetWindowTextW
0x4825ec CopyRect
0x4825f0 ReleaseDC
0x4825f4 GetDC
0x4825f8 EndPaint
0x4825fc BeginPaint
0x482600 GetClientRect
0x482604 GetMenu
0x482608 DestroyWindow
0x48260c EnumWindows
0x482610 GetDesktopWindow
0x482614 IsWindow
0x482618 IsWindowEnabled
0x48261c IsWindowVisible
0x482620 EnableWindow
0x482624 InvalidateRect
0x482628 GetWindowLongW
0x48262c AttachThreadInput
0x482630 GetFocus
0x482634 GetWindowTextW
0x482638 ScreenToClient
0x48263c SendMessageTimeoutW
0x482640 EnumChildWindows
0x482644 CharUpperBuffW
0x482648 GetClassNameW
0x48264c GetParent
0x482650 GetDlgCtrlID
0x482654 SendMessageW
0x482658 MapVirtualKeyW
0x48265c PostMessageW
0x482660 GetWindowRect
0x48266c CloseDesktop
0x482670 CloseWindowStation
0x482674 OpenDesktopW
0x482680 OpenWindowStationW
0x482684 MessageBoxW
0x482688 DefWindowProcW
0x48268c CopyImage
0x482690 AdjustWindowRectEx
0x482694 SetRect
0x482698 SetClipboardData
0x48269c EmptyClipboard
0x4826a4 CloseClipboard
0x4826a8 GetClipboardData
0x4826b0 OpenClipboard
0x4826b4 BlockInput
0x4826b8 GetMessageW
0x4826bc LockWindowUpdate
0x4826c0 GetMenuItemID
0x4826c4 DispatchMessageW
0x4826c8 MoveWindow
0x4826cc SetFocus
0x4826d0 PostQuitMessage
0x4826d4 KillTimer
0x4826d8 CreatePopupMenu
0x4826e0 SetTimer
0x4826e4 ShowWindow
0x4826e8 CreateWindowExW
0x4826ec RegisterClassExW
0x4826f0 LoadIconW
0x4826f4 LoadCursorW
0x4826f8 GetSysColorBrush
0x4826fc GetForegroundWindow
0x482700 MessageBoxA
0x482704 DestroyIcon
0x482708 PeekMessageW
0x48270c UnregisterHotKey
0x482710 CharLowerBuffW
0x482714 keybd_event
0x482718 MonitorFromRect
Library GDI32.dll:
0x4820c8 DeleteObject
0x4820cc AngleArc
0x4820d4 ExtCreatePen
0x4820d8 StrokeAndFillPath
0x4820dc StrokePath
0x4820e0 EndPath
0x4820e4 SetPixel
0x4820e8 CloseFigure
0x4820f0 CreateCompatibleDC
0x4820f4 SelectObject
0x4820f8 StretchBlt
0x4820fc GetDIBits
0x482100 GetDeviceCaps
0x482104 MoveToEx
0x482108 DeleteDC
0x48210c GetPixel
0x482110 CreateDCW
0x482114 Ellipse
0x482118 PolyDraw
0x48211c BeginPath
0x482120 Rectangle
0x482124 SetViewportOrgEx
0x482128 GetObjectW
0x48212c SetBkMode
0x482130 RoundRect
0x482134 SetBkColor
0x482138 CreatePen
0x48213c CreateSolidBrush
0x482140 SetTextColor
0x482144 CreateFontW
0x482148 GetTextFaceW
0x48214c GetStockObject
0x482150 LineTo
Library COMDLG32.dll:
0x4820bc GetSaveFileNameW
0x4820c0 GetOpenFileNameW
Library ADVAPI32.dll:
0x482000 RegEnumValueW
0x482004 RegDeleteValueW
0x482008 RegDeleteKeyW
0x48200c RegEnumKeyExW
0x482010 RegSetValueExW
0x482014 RegCreateKeyExW
0x482018 GetUserNameW
0x48201c RegConnectRegistryW
0x482020 CloseServiceHandle
0x482028 OpenThreadToken
0x48202c OpenProcessToken
0x482034 DuplicateTokenEx
0x482044 InitializeAcl
0x482048 GetLengthSid
0x48204c CopySid
0x482050 LogonUserW
0x482054 LockServiceDatabase
0x482058 GetTokenInformation
0x482060 GetAclInformation
0x482064 GetAce
0x482068 AddAce
0x482070 RegOpenKeyExW
0x482074 RegQueryValueExW
0x482080 OpenSCManagerW
0x482084 RegCloseKey
Library SHELL32.dll:
0x482464 DragQueryPoint
0x482468 ShellExecuteExW
0x48246c SHGetFolderPathW
0x482470 DragQueryFileW
0x482474 SHEmptyRecycleBinW
0x482478 SHBrowseForFolderW
0x48247c SHFileOperationW
0x482484 SHGetDesktopFolder
0x482488 SHGetMalloc
0x48248c ExtractIconExW
0x482490 Shell_NotifyIconW
0x482494 ShellExecuteW
0x482498 DragFinish
Library ole32.dll:
0x4827f4 MkParseDisplayName
0x4827fc CLSIDFromString
0x482800 StringFromGUID2
0x482804 CoInitialize
0x482808 CoUninitialize
0x48280c CoCreateInstance
0x482814 CoTaskMemAlloc
0x482818 CoTaskMemFree
0x48281c ProgIDFromCLSID
0x482820 OleInitialize
0x482824 CreateBindCtx
0x482828 CLSIDFromProgID
0x482830 CoCreateInstanceEx
0x482834 CoSetProxyBlanket
0x482838 OleUninitialize
0x48283c IIDFromString
Library OLEAUT32.dll:
0x4823ec VariantChangeType
0x4823f0 VariantCopyInd
0x4823f4 DispCallFunc
0x4823f8 CreateStdDispatch
0x4823fc CreateDispTypeInfo
0x482400 SysFreeString
0x482410 SysStringLen
0x482414 SafeArrayAllocData
0x482418 GetActiveObject
0x482428 SysAllocString
0x48242c VariantCopy
0x482430 VariantClear
0x482438 VarR8FromDec
0x48243c SafeArrayGetVartype
0x482440 OleLoadPicture
0x482444 SafeArrayAccessData
0x482448 VariantInit

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49176 104.26.9.44 ipapi.co 443
192.168.56.101 49180 117.18.237.29 ocsp.digicert.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900

HTTP & HTTPS Requests

URI Data
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEALYmhVz87O42hRbWDiYKQc%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEALYmhVz87O42hRbWDiYKQc%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.