9.4
极危
57 个模型检测该样本为恶意!
重新分析
更多

7e7fc09c2d5a1d17e9a3cdea27b5586b1ba72e1914539ba4ac626ceb4a768208

21105c98f29adcd918da296447638c87.exe

分析耗时

39s

最近分析

文件大小

867.0KB
静态报毒 动态报毒 2GW@AUTVDYKI AI SCORE=100 AIDETECTVM ALI2000015 ANDROM ATTRIBUTE CLASSIC CONFIDENCE DELF DELFINJECT DELPHILESS DKMX EMOY EMSE FAREIT HIGH CONFIDENCE HIGHCONFIDENCE HOMNRI HPLOKI KCLOUD MALWARE1 MALWARE@#2LS7124L7AH5R NANOCORE P2NC PASSWORDSTEALER QVM05 QXM3DF RGIXV SCORE SIGGEN2 SMBD STATIC AI SUSPICIOUS PE TSCOPE TSPY UNSAFE X2094 ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FVZ!21105C98F29A 20201211 6.0.6.653
Alibaba Trojan:Win32/DelfInject.ali2000015 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20201210 21.1.5827.0
Tencent 20201211 1.0.0.1
Kingsoft Win32.Hack.Undef.(kcloud) 20201211 2017.9.26.565
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619293705.786374
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x7484e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x7484ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x7484b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x7484b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x7484ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x7484aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x74845511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x7484559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x750f7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x750f4de3
21105c98f29adcd918da296447638c87+0x54a4d @ 0x454a4d
21105c98f29adcd918da296447638c87+0x4d254 @ 0x44d254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfd8b14ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (30 个事件)
Time & API Arguments Status Return Repeated
1619269227.505279
NtAllocateVirtualMemory
process_identifier: 2264
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e0000
success 0 0
1619269227.677279
NtProtectVirtualMemory
process_identifier: 2264
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 40960
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00488000
success 0 0
1619269227.692279
NtAllocateVirtualMemory
process_identifier: 2264
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00580000
success 0 0
1619293704.286374
NtProtectVirtualMemory
process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619293704.317374
NtAllocateVirtualMemory
process_identifier: 2988
region_size: 262144
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00640000
success 0 0
1619293704.333374
NtAllocateVirtualMemory
process_identifier: 2988
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00640000
success 0 0
1619293704.348374
NtAllocateVirtualMemory
process_identifier: 2988
region_size: 311296
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x008a0000
success 0 0
1619293704.348374
NtProtectVirtualMemory
process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 286720
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x008a2000
success 0 0
1619293704.942374
NtAllocateVirtualMemory
process_identifier: 2988
region_size: 1245184
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01f30000
success 0 0
1619293704.942374
NtAllocateVirtualMemory
process_identifier: 2988
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02020000
success 0 0
1619293705.755374
NtProtectVirtualMemory
process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00352000
success 0 0
1619293705.755374
NtProtectVirtualMemory
process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619293705.755374
NtProtectVirtualMemory
process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00352000
success 0 0
1619293705.770374
NtProtectVirtualMemory
process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619293705.770374
NtProtectVirtualMemory
process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00352000
success 0 0
1619293705.770374
NtProtectVirtualMemory
process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619293705.770374
NtProtectVirtualMemory
process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00352000
success 0 0
1619293705.770374
NtProtectVirtualMemory
process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619293705.770374
NtProtectVirtualMemory
process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00352000
success 0 0
1619293705.770374
NtProtectVirtualMemory
process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619293705.770374
NtProtectVirtualMemory
process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00352000
success 0 0
1619293705.770374
NtProtectVirtualMemory
process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619293705.770374
NtProtectVirtualMemory
process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00352000
success 0 0
1619293705.770374
NtProtectVirtualMemory
process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619293705.770374
NtProtectVirtualMemory
process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00352000
success 0 0
1619293705.770374
NtProtectVirtualMemory
process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619293705.770374
NtProtectVirtualMemory
process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00352000
success 0 0
1619293705.770374
NtProtectVirtualMemory
process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619293705.770374
NtProtectVirtualMemory
process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00352000
success 0 0
1619293705.770374
NtProtectVirtualMemory
process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Msoft.vbs
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.579076922759013 section {'size_of_data': '0x00039a00', 'virtual_address': '0x000a4000', 'entropy': 7.579076922759013, 'name': '.rsrc', 'virtual_size': '0x00039868'} description A section with a high entropy has been found
entropy 0.2661662817551963 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Allocates execute permission to another process indicative of possible code injection (1 个事件)
Time & API Arguments Status Return Repeated
1619269242.895279
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000100
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000b0000
success 0 0
Installs itself for autorun at Windows startup (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Msoft.vbs
Creates a thread using NtQueueApcThread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2264 created a thread in remote process 192
Time & API Arguments Status Return Repeated
1619269242.895279
NtQueueApcThread
thread_handle: 0x000000fc
process_identifier: 192
function_address: 0x000b05c0
parameter: 0x000c0000
success 0 0
Potential code injection by writing to the memory of another process (2 个事件)
Time & API Arguments Status Return Repeated
1619269242.895279
WriteProcessMemory
process_identifier: 192
buffer: Q¹0d‹‹@ ‹@ ‹‹‹@‰$‹$YÃVWR¾§ÆgNè„Yƒøv· ¿Zwf;Ït ¿Ntf;ÏuƒÂƒè…Àt‹ÎÁá‹þÁïϾ:Ï3ñBHué_‹Æ^ÃU‹ìQQ‹MSVW…Ét;¸MZf9u1‹A<Át*8PEu"‹@xƒeüÁ‹x‹X$‹p ‹@ùÙñ‰Eø…Àu 3À_^[ÉËM‹Eü‹†ÑèOÿÿÿ;E t ÿEü‹Eü;Eøràë׋Eü·C‹‡EëÊU‹ìQSW3ÿWWjWjh@ÿuÿV‹Øƒûÿu3Àë&WWWS‰}üÿV0W‹}EüPWÿu SÿV SÿV3À9}ü”À_[ÉÅÉtè•…Àt3Éf‰ÃU‹ììV‹ð…äüÿÿP3ÀPPjPÿVl…À…Žj\Xf‰Eü3Àj.f‰EþXjvf‰EðXf‰EòjbXf‰EôjsXf‰Eö3Àf‰EøUü…äüÿÿèÖ‹U è΍UðèÆÿu…ìþÿÿÿuPÿVxƒÄ …äüÿÿPÿV…ìþÿÿPèÂ@P…ìþÿÿP…äüÿÿPèîþÿÿƒÄ^ÉÃU‹ìì,j:XjZf‰EÜXjof‰EÞXjnf‰EàXjef‰EâXjIf‰EäXjdf‰EæXjef‰EèXjnf‰EêXjtf‰EìXjif‰EîXjff‰EðXjif‰EòXf‰EôjeXf‰EöjrXf‰Eø3Àf‰Eú…Ôýÿÿ謍UÜè÷EÿPÆEÿèPEÿP…ÔýÿÿPè?þÿÿƒÄÉÃU‹ìQƒeüV‹ðEüPÿuèþYY…Àtƒ}ütÿuüPÿu è þÿÿƒÄ …Àt3À@ë3À^ÉÃU‹ììSV‹ð‹Ï…øýÿÿè'‹Èè(þÿÿ3ÛS…øýÿÿPÿVWÿV8] uWÿu‹Æè~ÿÿÿYY‹Øë €} u5SWÿuÿWÿV(3ۃøÿ‹Ï•Ãèªþÿÿƒûu9]u WÿV(ƒÈPWÿV,3À@ë3À^[ÉÃU‹ìƒìSVWèsüÿÿ‹ø…ÿ„"h"¿ŠWèÌüÿÿ‹ØYY…Û„ jh0h„jÿӋð…ö„ñh¼Û«½W‰~`‰^@è•üÿÿhÒ¼‰W‰F$è‡üÿÿh|QgjW‰F(èyüÿÿhëI”W‰F,èküÿÿh•å©—W‰F0è]üÿÿh¥°(W‰F4èOüÿÿh)·W‰F8èAüÿÿh[uŠðW‰FDè3üÿÿƒÄ@‹Øhd†óuW‰^ è üÿÿh¢¦aëW‰F èüÿÿhÕOd"W‰Fèüÿÿhy.ÔW‰Fèöûÿÿh±÷W‰FèèûÿÿheóW÷W‰FèÚûÿÿh¯4P“W‰FèÌûÿÿh{=#W‰F<è¾ûÿÿƒÄ@hOû~ W‰Fè­ûÿÿhà=!6W‰FHèŸûÿÿhh‰#W‰è’ûÿÿ‰FLhÍeWè„ûÿÿhÓ1ÆVW‰FPèvûÿÿh7œ½W‰FTèhûÿÿh£-ãW‰FXèZûÿÿ‰F\ƒÄ8EðPÇEðshelÇEôl32ÿӋø…ÿt"hÀåz°W‰~dè,ûÿÿhêêºW‰FlèûÿÿƒÄ‰FpEøPÇEøuserfÇEü32ÆEþÿV ‹ø…ÿtAhqV°0W‰~hèìúÿÿhkV°0W‰FxèÞúÿÿh&cj—W‰FtèÐúÿÿh<cj—W‰F|èÂúÿÿƒÄ ‰†€‹Æë3À_^[ÉÃU‹ìƒì\V‹uW3ÿ;÷„îSè¤ýÿÿ‹Ø;ßu WÿDéՍ†‰EüPëj2ÿSPÿuüWWÿSL…ÀuïjdÿSPF‰Eø‰E9>tYÿ¶¶ŽQP¾ ‹Ãè¾üÿÿ‰}3ÿƒÄ 9>t1jDE¤WPèjEèWPèüƒÄEèPE¤PWWj WWWWÿuÿS$9¾(t†lP†,Pÿu‹Ãè½úÿÿƒÄ 9¾tëj2ÿSPÿuüWWÿSL…ÀuïjdÿSPÿuøÿSWÿSD[_3À^ÉÂU‹ìƒì SW3ÿWWjWjh€ÿu‰}øÿV‹Øƒûÿu3Àë>WSÿV‰Eô;Çt+jh0PWÿV@‰Eø;ÇtWMüQÿuô‰}üPSÿV‹Eü‹M ‰SÿV‹Eø_[É÷f‰f…ÒtV‹ð+ñƒÁ·f‰f…Òuñ^ÃU‹ìQQ‹E‰Eü‹EüE‰Eø‹Eü;Eøt‹EüŠM ˆ‹Eü@‰Eüëç‹EÉÃfƒ8V‹ðt ƒÆfƒ>u÷+ò· f‰ ƒÂf…Éuñ^ËD$Š@„Éuù+D$HÅÉu3ÀÃfƒ9‹Át ƒÀfƒ8u÷+ÁÑøÅÉt èÚÿÿÿ…ÀtDAþë fƒù\t ƒè·f…Éuï3ÀÃ
process_handle: 0x00000100
base_address: 0x000b0000
success 1 0
1619269242.895279
WriteProcessMemory
process_identifier: 192
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\21105c98f29adcd918da296447638c87.exe"C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\21105c98f29adcd918da296447638c87.exe" MsoftSeT RiwiTULczMMUxm = creAteobjeCt("WsCRiPT.shELl") RIwituLczMMuXm.rUn """%ls""", 0, False
process_handle: 0x00000100
base_address: 0x000c0000
success 1 0
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2264 called NtSetContextThread to modify thread in remote process 2988
Time & API Arguments Status Return Repeated
1619269243.020279
NtSetContextThread
thread_handle: 0x00000108
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4859696
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2988
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2264 resumed a thread in remote process 2988
Time & API Arguments Status Return Repeated
1619269243.380279
NtResumeThread
thread_handle: 0x00000108
suspend_count: 1
process_identifier: 2988
success 0 0
Generates some ICMP traffic
Executed a process and injected code into it, probably while unpacking (11 个事件)
Time & API Arguments Status Return Repeated
1619269242.895279
CreateProcessInternalW
thread_identifier: 1176
thread_handle: 0x000000fc
process_identifier: 192
current_directory:
filepath: C:\Windows\System32\notepad.exe
track: 1
command_line:
filepath_r: C:\Windows\system32\notepad.exe
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000100
inherit_handles: 0
success 1 0
1619269242.895279
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000100
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000b0000
success 0 0
1619269242.895279
NtAllocateVirtualMemory
process_identifier: 192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000100
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000c0000
success 0 0
1619269242.895279
WriteProcessMemory
process_identifier: 192
buffer: Q¹0d‹‹@ ‹@ ‹‹‹@‰$‹$YÃVWR¾§ÆgNè„Yƒøv· ¿Zwf;Ït ¿Ntf;ÏuƒÂƒè…Àt‹ÎÁá‹þÁïϾ:Ï3ñBHué_‹Æ^ÃU‹ìQQ‹MSVW…Ét;¸MZf9u1‹A<Át*8PEu"‹@xƒeüÁ‹x‹X$‹p ‹@ùÙñ‰Eø…Àu 3À_^[ÉËM‹Eü‹†ÑèOÿÿÿ;E t ÿEü‹Eü;Eøràë׋Eü·C‹‡EëÊU‹ìQSW3ÿWWjWjh@ÿuÿV‹Øƒûÿu3Àë&WWWS‰}üÿV0W‹}EüPWÿu SÿV SÿV3À9}ü”À_[ÉÅÉtè•…Àt3Éf‰ÃU‹ììV‹ð…äüÿÿP3ÀPPjPÿVl…À…Žj\Xf‰Eü3Àj.f‰EþXjvf‰EðXf‰EòjbXf‰EôjsXf‰Eö3Àf‰EøUü…äüÿÿèÖ‹U è΍UðèÆÿu…ìþÿÿÿuPÿVxƒÄ …äüÿÿPÿV…ìþÿÿPèÂ@P…ìþÿÿP…äüÿÿPèîþÿÿƒÄ^ÉÃU‹ìì,j:XjZf‰EÜXjof‰EÞXjnf‰EàXjef‰EâXjIf‰EäXjdf‰EæXjef‰EèXjnf‰EêXjtf‰EìXjif‰EîXjff‰EðXjif‰EòXf‰EôjeXf‰EöjrXf‰Eø3Àf‰Eú…Ôýÿÿ謍UÜè÷EÿPÆEÿèPEÿP…ÔýÿÿPè?þÿÿƒÄÉÃU‹ìQƒeüV‹ðEüPÿuèþYY…Àtƒ}ütÿuüPÿu è þÿÿƒÄ …Àt3À@ë3À^ÉÃU‹ììSV‹ð‹Ï…øýÿÿè'‹Èè(þÿÿ3ÛS…øýÿÿPÿVWÿV8] uWÿu‹Æè~ÿÿÿYY‹Øë €} u5SWÿuÿWÿV(3ۃøÿ‹Ï•Ãèªþÿÿƒûu9]u WÿV(ƒÈPWÿV,3À@ë3À^[ÉÃU‹ìƒìSVWèsüÿÿ‹ø…ÿ„"h"¿ŠWèÌüÿÿ‹ØYY…Û„ jh0h„jÿӋð…ö„ñh¼Û«½W‰~`‰^@è•üÿÿhÒ¼‰W‰F$è‡üÿÿh|QgjW‰F(èyüÿÿhëI”W‰F,èküÿÿh•å©—W‰F0è]üÿÿh¥°(W‰F4èOüÿÿh)·W‰F8èAüÿÿh[uŠðW‰FDè3üÿÿƒÄ@‹Øhd†óuW‰^ è üÿÿh¢¦aëW‰F èüÿÿhÕOd"W‰Fèüÿÿhy.ÔW‰Fèöûÿÿh±÷W‰FèèûÿÿheóW÷W‰FèÚûÿÿh¯4P“W‰FèÌûÿÿh{=#W‰F<è¾ûÿÿƒÄ@hOû~ W‰Fè­ûÿÿhà=!6W‰FHèŸûÿÿhh‰#W‰è’ûÿÿ‰FLhÍeWè„ûÿÿhÓ1ÆVW‰FPèvûÿÿh7œ½W‰FTèhûÿÿh£-ãW‰FXèZûÿÿ‰F\ƒÄ8EðPÇEðshelÇEôl32ÿӋø…ÿt"hÀåz°W‰~dè,ûÿÿhêêºW‰FlèûÿÿƒÄ‰FpEøPÇEøuserfÇEü32ÆEþÿV ‹ø…ÿtAhqV°0W‰~hèìúÿÿhkV°0W‰FxèÞúÿÿh&cj—W‰FtèÐúÿÿh<cj—W‰F|èÂúÿÿƒÄ ‰†€‹Æë3À_^[ÉÃU‹ìƒì\V‹uW3ÿ;÷„îSè¤ýÿÿ‹Ø;ßu WÿDéՍ†‰EüPëj2ÿSPÿuüWWÿSL…ÀuïjdÿSPF‰Eø‰E9>tYÿ¶¶ŽQP¾ ‹Ãè¾üÿÿ‰}3ÿƒÄ 9>t1jDE¤WPèjEèWPèüƒÄEèPE¤PWWj WWWWÿuÿS$9¾(t†lP†,Pÿu‹Ãè½úÿÿƒÄ 9¾tëj2ÿSPÿuüWWÿSL…ÀuïjdÿSPÿuøÿSWÿSD[_3À^ÉÂU‹ìƒì SW3ÿWWjWjh€ÿu‰}øÿV‹Øƒûÿu3Àë>WSÿV‰Eô;Çt+jh0PWÿV@‰Eø;ÇtWMüQÿuô‰}üPSÿV‹Eü‹M ‰SÿV‹Eø_[É÷f‰f…ÒtV‹ð+ñƒÁ·f‰f…Òuñ^ÃU‹ìQQ‹E‰Eü‹EüE‰Eø‹Eü;Eøt‹EüŠM ˆ‹Eü@‰Eüëç‹EÉÃfƒ8V‹ðt ƒÆfƒ>u÷+ò· f‰ ƒÂf…Éuñ^ËD$Š@„Éuù+D$HÅÉu3ÀÃfƒ9‹Át ƒÀfƒ8u÷+ÁÑøÅÉt èÚÿÿÿ…ÀtDAþë fƒù\t ƒè·f…Éuï3ÀÃ
process_handle: 0x00000100
base_address: 0x000b0000
success 1 0
1619269242.895279
WriteProcessMemory
process_identifier: 192
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\21105c98f29adcd918da296447638c87.exe"C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\21105c98f29adcd918da296447638c87.exe" MsoftSeT RiwiTULczMMUxm = creAteobjeCt("WsCRiPT.shELl") RIwituLczMMuXm.rUn """%ls""", 0, False
process_handle: 0x00000100
base_address: 0x000c0000
success 1 0
1619269242.989279
CreateProcessInternalW
thread_identifier: 2452
thread_handle: 0x00000108
process_identifier: 2988
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\21105c98f29adcd918da296447638c87.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000104
inherit_handles: 0
success 1 0
1619269242.989279
NtUnmapViewOfSection
process_identifier: 2988
region_size: 4096
process_handle: 0x00000104
base_address: 0x00400000
success 0 0
1619269242.989279
NtMapViewOfSection
section_handle: 0x00000110
process_identifier: 2988
commit_size: 671744
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000104
allocation_type: 0 ()
section_offset: 0
view_size: 671744
base_address: 0x00400000
success 0 0
1619269243.020279
NtGetContextThread
thread_handle: 0x00000108
success 0 0
1619269243.020279
NtSetContextThread
thread_handle: 0x00000108
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4859696
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2988
success 0 0
1619269243.380279
NtResumeThread
thread_handle: 0x00000108
suspend_count: 1
process_identifier: 2988
success 0 0
File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.Delf.FareIt.Gen.7
FireEye Generic.mg.21105c98f29adcd9
McAfee Fareit-FVZ!21105C98F29A
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
K7AntiVirus Trojan ( 0056aeff1 )
Alibaba Trojan:Win32/DelfInject.ali2000015
K7GW Trojan ( 0056aeff1 )
CrowdStrike win/malicious_confidence_90% (W)
Arcabit Trojan.Delf.FareIt.Gen.7
Cyren W32/Injector.DKMX-0814
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Trojan-gen
ClamAV Win.Dropper.Nanocore-9075385-0
Kaspersky HEUR:Backdoor.Win32.Androm.gen
BitDefender Trojan.Delf.FareIt.Gen.7
NANO-Antivirus Trojan.Win32.Androm.homnri
Paloalto generic.ml
AegisLab Trojan.Win32.Androm.m!c
Ad-Aware Trojan.Delf.FareIt.Gen.7
Sophos Mal/Generic-S
Comodo Malware@#2ls7124l7ah5r
F-Secure Trojan.TR/Injector.rgixv
DrWeb Trojan.PWS.Siggen2.52313
Zillya Trojan.Androm.Win32.1171
TrendMicro TSPY_HPLOKI.SMBD
McAfee-GW-Edition BehavesLike.Win32.Fareit.cc
Emsisoft Trojan.Delf.FareIt.Gen.7 (B)
SentinelOne Static AI - Suspicious PE
Avira TR/Injector.rgixv
Antiy-AVL Trojan[Backdoor]/Win32.Androm
Kingsoft Win32.Hack.Undef.(kcloud)
Microsoft PWS:Win32/Fareit.AQ!MTB
ZoneAlarm HEUR:Backdoor.Win32.Androm.gen
GData Trojan.Delf.FareIt.Gen.7
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2094
BitDefenderTheta Gen:NN.ZelphiF.34670.2GW@auTvDYki
ALYac Trojan.Delf.FareIt.Gen.7
MAX malware (ai score=100)
VBA32 TScope.Trojan.Delf
Malwarebytes Spyware.PasswordStealer
Zoner Trojan.Win32.94646
ESET-NOD32 a variant of Win32/Injector.EMSE
TrendMicro-HouseCall TSPY_HPLOKI.SMBD
Rising Trojan.Injector!1.C99D (CLASSIC)
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x495164 VirtualFree
0x495168 VirtualAlloc
0x49516c LocalFree
0x495170 LocalAlloc
0x495174 GetVersion
0x495178 GetCurrentThreadId
0x495184 VirtualQuery
0x495188 WideCharToMultiByte
0x495190 MultiByteToWideChar
0x495194 lstrlenA
0x495198 lstrcpynA
0x49519c LoadLibraryExA
0x4951a0 GetThreadLocale
0x4951a4 GetStartupInfoA
0x4951a8 GetProcAddress
0x4951ac GetModuleHandleA
0x4951b0 GetModuleFileNameA
0x4951b4 GetLocaleInfoA
0x4951b8 GetLastError
0x4951c0 GetCommandLineA
0x4951c4 FreeLibrary
0x4951c8 FindFirstFileA
0x4951cc FindClose
0x4951d0 ExitProcess
0x4951d4 WriteFile
0x4951dc RtlUnwind
0x4951e0 RaiseException
0x4951e4 GetStdHandle
Library user32.dll:
0x4951ec GetKeyboardType
0x4951f0 LoadStringA
0x4951f4 MessageBoxA
0x4951f8 CharNextA
Library advapi32.dll:
0x495200 RegQueryValueExA
0x495204 RegOpenKeyExA
0x495208 RegCloseKey
Library oleaut32.dll:
0x495210 SysFreeString
0x495214 SysReAllocStringLen
0x495218 SysAllocStringLen
Library kernel32.dll:
0x495220 TlsSetValue
0x495224 TlsGetValue
0x495228 LocalAlloc
0x49522c GetModuleHandleA
Library advapi32.dll:
0x495234 RegQueryValueExA
0x495238 RegOpenKeyExA
0x49523c RegCloseKey
Library kernel32.dll:
0x495244 lstrcpyA
0x495248 WriteFile
0x49524c WaitForSingleObject
0x495250 VirtualQuery
0x495254 VirtualProtect
0x495258 VirtualAlloc
0x49525c Sleep
0x495260 SizeofResource
0x495264 SetThreadLocale
0x495268 SetFilePointer
0x49526c SetEvent
0x495270 SetErrorMode
0x495274 SetEndOfFile
0x495278 ResetEvent
0x49527c ReadFile
0x495280 MultiByteToWideChar
0x495284 MulDiv
0x495288 LockResource
0x49528c LoadResource
0x495290 LoadLibraryA
0x49529c GlobalUnlock
0x4952a0 GlobalSize
0x4952a4 GlobalReAlloc
0x4952a8 GlobalHandle
0x4952ac GlobalLock
0x4952b0 GlobalFree
0x4952b4 GlobalFindAtomA
0x4952b8 GlobalDeleteAtom
0x4952bc GlobalAlloc
0x4952c0 GlobalAddAtomA
0x4952c4 GetVersionExA
0x4952c8 GetVersion
0x4952cc GetUserDefaultLCID
0x4952d0 GetTickCount
0x4952d4 GetThreadLocale
0x4952d8 GetSystemInfo
0x4952dc GetStringTypeExA
0x4952e0 GetStdHandle
0x4952e4 GetProcAddress
0x4952e8 GetModuleHandleA
0x4952ec GetModuleFileNameA
0x4952f0 GetLocaleInfoA
0x4952f4 GetLocalTime
0x4952f8 GetLastError
0x4952fc GetFullPathNameA
0x495300 GetFileAttributesA
0x495304 GetDiskFreeSpaceA
0x495308 GetDateFormatA
0x49530c GetCurrentThreadId
0x495310 GetCurrentProcessId
0x495314 GetComputerNameA
0x495318 GetCPInfo
0x49531c GetACP
0x495320 FreeResource
0x495328 InterlockedExchange
0x495330 FreeLibrary
0x495334 FormatMessageA
0x495338 FindResourceA
0x49533c FindNextFileA
0x495340 FindFirstFileA
0x495344 FindClose
0x495350 EnumCalendarInfoA
0x49535c CreateThread
0x495360 CreateFileA
0x495364 CreateEventA
0x495368 CompareStringA
0x49536c CloseHandle
Library version.dll:
0x495374 VerQueryValueA
0x49537c GetFileVersionInfoA
Library gdi32.dll:
0x495384 UnrealizeObject
0x495388 StretchBlt
0x49538c SetWindowOrgEx
0x495390 SetWinMetaFileBits
0x495394 SetViewportOrgEx
0x495398 SetTextColor
0x49539c SetStretchBltMode
0x4953a0 SetROP2
0x4953a4 SetPixel
0x4953a8 SetMapMode
0x4953ac SetEnhMetaFileBits
0x4953b0 SetDIBColorTable
0x4953b4 SetBrushOrgEx
0x4953b8 SetBkMode
0x4953bc SetBkColor
0x4953c0 SetArcDirection
0x4953c4 SelectPalette
0x4953c8 SelectObject
0x4953cc SelectClipRgn
0x4953d0 SaveDC
0x4953d4 RestoreDC
0x4953d8 Rectangle
0x4953dc RectVisible
0x4953e0 RealizePalette
0x4953e4 Polyline
0x4953e8 PlayEnhMetaFile
0x4953ec PatBlt
0x4953f0 MoveToEx
0x4953f4 MaskBlt
0x4953f8 LineTo
0x4953fc LPtoDP
0x495400 IntersectClipRect
0x495404 GetWindowOrgEx
0x495408 GetWinMetaFileBits
0x49540c GetTextMetricsA
0x495418 GetStockObject
0x49541c GetPixel
0x495420 GetPaletteEntries
0x495424 GetObjectA
0x495434 GetEnhMetaFileBits
0x495438 GetDeviceCaps
0x49543c GetDIBits
0x495440 GetDIBColorTable
0x495444 GetDCOrgEx
0x49544c GetClipBox
0x495450 GetBrushOrgEx
0x495454 GetBitmapBits
0x495458 ExtTextOutA
0x49545c ExcludeClipRect
0x495460 DeleteObject
0x495464 DeleteEnhMetaFile
0x495468 DeleteDC
0x49546c CreateSolidBrush
0x495470 CreatePenIndirect
0x495474 CreatePalette
0x49547c CreateFontIndirectA
0x495480 CreateEnhMetaFileA
0x495484 CreateDIBitmap
0x495488 CreateDIBSection
0x49548c CreateCompatibleDC
0x495494 CreateBrushIndirect
0x495498 CreateBitmap
0x49549c CopyEnhMetaFileA
0x4954a0 CloseEnhMetaFile
0x4954a4 BitBlt
Library user32.dll:
0x4954ac CreateWindowExA
0x4954b0 WindowFromPoint
0x4954b4 WinHelpA
0x4954b8 WaitMessage
0x4954bc UpdateWindow
0x4954c0 UnregisterClassA
0x4954c4 UnhookWindowsHookEx
0x4954c8 TranslateMessage
0x4954d0 TrackPopupMenu
0x4954d8 ShowWindow
0x4954dc ShowScrollBar
0x4954e0 ShowOwnedPopups
0x4954e4 ShowCursor
0x4954e8 SetWindowsHookExA
0x4954ec SetWindowTextA
0x4954f0 SetWindowPos
0x4954f4 SetWindowPlacement
0x4954f8 SetWindowLongA
0x4954fc SetTimer
0x495500 SetScrollRange
0x495504 SetScrollPos
0x495508 SetScrollInfo
0x49550c SetRect
0x495510 SetPropA
0x495514 SetParent
0x495518 SetMenuItemInfoA
0x49551c SetMenu
0x495520 SetForegroundWindow
0x495524 SetFocus
0x495528 SetCursor
0x49552c SetClassLongA
0x495530 SetCapture
0x495534 SetActiveWindow
0x495538 SendMessageA
0x49553c ScrollWindow
0x495540 ScreenToClient
0x495544 RemovePropA
0x495548 RemoveMenu
0x49554c ReleaseDC
0x495550 ReleaseCapture
0x49555c RegisterClassA
0x495560 RedrawWindow
0x495564 PtInRect
0x495568 PostQuitMessage
0x49556c PostMessageA
0x495570 PeekMessageA
0x495574 OffsetRect
0x495578 OemToCharA
0x49557c MessageBoxA
0x495580 MapWindowPoints
0x495584 MapVirtualKeyA
0x495588 LoadStringA
0x49558c LoadKeyboardLayoutA
0x495590 LoadIconA
0x495594 LoadCursorA
0x495598 LoadBitmapA
0x49559c KillTimer
0x4955a0 IsZoomed
0x4955a4 IsWindowVisible
0x4955a8 IsWindowEnabled
0x4955ac IsWindow
0x4955b0 IsRectEmpty
0x4955b4 IsIconic
0x4955b8 IsDialogMessageA
0x4955bc IsChild
0x4955c0 InvalidateRect
0x4955c4 IntersectRect
0x4955c8 InsertMenuItemA
0x4955cc InsertMenuA
0x4955d0 InflateRect
0x4955d8 GetWindowTextA
0x4955dc GetWindowRect
0x4955e0 GetWindowPlacement
0x4955e4 GetWindowLongA
0x4955e8 GetWindowDC
0x4955ec GetTopWindow
0x4955f0 GetSystemMetrics
0x4955f4 GetSystemMenu
0x4955f8 GetSysColorBrush
0x4955fc GetSysColor
0x495600 GetSubMenu
0x495604 GetScrollRange
0x495608 GetScrollPos
0x49560c GetScrollInfo
0x495610 GetPropA
0x495614 GetParent
0x495618 GetWindow
0x49561c GetMessageTime
0x495620 GetMenuStringA
0x495624 GetMenuState
0x495628 GetMenuItemInfoA
0x49562c GetMenuItemID
0x495630 GetMenuItemCount
0x495634 GetMenu
0x495638 GetLastActivePopup
0x49563c GetKeyboardState
0x495644 GetKeyboardLayout
0x495648 GetKeyState
0x49564c GetKeyNameTextA
0x495650 GetIconInfo
0x495654 GetForegroundWindow
0x495658 GetFocus
0x49565c GetDlgItem
0x495660 GetDesktopWindow
0x495664 GetDCEx
0x495668 GetDC
0x49566c GetCursorPos
0x495670 GetCursor
0x495674 GetClipboardData
0x495678 GetClientRect
0x49567c GetClassNameA
0x495680 GetClassInfoA
0x495684 GetCapture
0x495688 GetActiveWindow
0x49568c FrameRect
0x495690 FindWindowA
0x495694 FillRect
0x495698 EqualRect
0x49569c EnumWindows
0x4956a0 EnumThreadWindows
0x4956a4 EndPaint
0x4956a8 EnableWindow
0x4956ac EnableScrollBar
0x4956b0 EnableMenuItem
0x4956b4 DrawTextA
0x4956b8 DrawMenuBar
0x4956bc DrawIconEx
0x4956c0 DrawIcon
0x4956c4 DrawFrameControl
0x4956c8 DrawFocusRect
0x4956cc DrawEdge
0x4956d0 DispatchMessageA
0x4956d4 DestroyWindow
0x4956d8 DestroyMenu
0x4956dc DestroyIcon
0x4956e0 DestroyCursor
0x4956e4 DeleteMenu
0x4956e8 DefWindowProcA
0x4956ec DefMDIChildProcA
0x4956f0 DefFrameProcA
0x4956f4 CreatePopupMenu
0x4956f8 CreateMenu
0x4956fc CreateIcon
0x495700 ClientToScreen
0x495704 CheckMenuItem
0x495708 CallWindowProcA
0x49570c CallNextHookEx
0x495710 BeginPaint
0x495714 CharNextA
0x495718 CharLowerBuffA
0x49571c CharLowerA
0x495720 CharUpperBuffA
0x495724 CharToOemA
0x495728 AdjustWindowRectEx
Library kernel32.dll:
0x495734 Sleep
Library oleaut32.dll:
0x49573c SafeArrayPtrOfIndex
0x495740 SafeArrayPutElement
0x495744 SafeArrayGetElement
0x49574c SafeArrayAccessData
0x495750 SafeArrayGetUBound
0x495754 SafeArrayGetLBound
0x495758 SafeArrayCreate
0x49575c VariantChangeType
0x495760 VariantCopyInd
0x495764 VariantCopy
0x495768 VariantClear
0x49576c VariantInit
Library ole32.dll:
0x495778 IsAccelerator
0x49577c OleDraw
0x495784 CoTaskMemFree
0x495788 ProgIDFromCLSID
0x49578c StringFromCLSID
0x495790 CoCreateInstance
0x495794 CoGetClassObject
0x495798 CoUninitialize
0x49579c CoInitialize
0x4957a0 IsEqualGUID
Library oleaut32.dll:
0x4957a8 CreateErrorInfo
0x4957ac GetErrorInfo
0x4957b0 SetErrorInfo
0x4957b4 GetActiveObject
0x4957b8 SysFreeString
Library comctl32.dll:
0x4957c8 ImageList_Write
0x4957cc ImageList_Read
0x4957dc ImageList_DragMove
0x4957e0 ImageList_DragLeave
0x4957e4 ImageList_DragEnter
0x4957e8 ImageList_EndDrag
0x4957ec ImageList_BeginDrag
0x4957f0 ImageList_Remove
0x4957f4 ImageList_DrawEx
0x4957f8 ImageList_Replace
0x4957fc ImageList_Draw
0x49580c ImageList_Add
0x495814 ImageList_Destroy
0x495818 ImageList_Create
0x49581c InitCommonControls
Library comdlg32.dll:
0x495824 GetOpenFileNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.