8.4
高危
62 个模型检测该样本为恶意!
重新分析
更多

09e51710405345b4b28b6dc0562d4a05b3564b43028a552f42136c97b2994bb9

2d262b7c38722cc7acafebbabd2c7d83.exe

分析耗时

113s

最近分析

文件大小

2.0MB
静态报毒 动态报毒 @N0@A0CSMGFI AI SCORE=85 AIDETECTVM AS@8RFF2F BANKERX CLASSIC CONFIDENCE DRIDEX ELDORADO ENCPK EQDY GENCIRC GENETIC GENKRYPTIK HDMT HEWP HIGH CONFIDENCE HJZKUN IMTBHILULZQ INJECT3 KCLOUD KRYPTIK MALICIOUS PE MALWARE1 MCFKQ PINKSBOT QAKBOT QBOT R + MAL R335416 SCORE STATIC AI SUSGEN TROJANBANKER UNSAFE ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba TrojanBanker:Win32/Dridex.8c5e50d1 20190527 0.3.0.5
Avast Win32:BankerX-gen [Trj] 20201210 21.1.5827.0
Tencent Malware.Win32.Gencirc.10b9ecfb 20201211 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft Win32.Troj.Banker.(kcloud) 20201211 2017.9.26.565
McAfee W32/PinkSbot-GN!2D262B7C3872 20201211 6.0.6.653
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
Queries for the computername (5 个事件)
Time & API Arguments Status Return Repeated
1619348814.773625
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619348833.148625
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619348833.180625
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619348828.789498
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619348841.133625
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Command line console output was observed (1 个事件)
Time & API Arguments Status Return Repeated
1619348844.430625
WriteConsoleW
buffer: 成功: 成功创建计划任务 "jrmdobu"。
console_handle: 0x00000007
success 1 0
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619348829.461498
__exception__
stacktrace: 
2d262b7c38722cc7acafebbabd2c7d83+0x3daa @ 0x403daa
2d262b7c38722cc7acafebbabd2c7d83+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 2643832
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: 2d262b7c38722cc7acafebbabd2c7d83+0x33cc
exception.instruction: in eax, dx
exception.module: 2d262b7c38722cc7acafebbabd2c7d83.exe
exception.exception_code: 0xc0000096
exception.offset: 13260
exception.address: 0x4033cc
success 0 0
1619348829.461498
__exception__
stacktrace: 
2d262b7c38722cc7acafebbabd2c7d83+0x3db3 @ 0x403db3
2d262b7c38722cc7acafebbabd2c7d83+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637628
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 2643832
registers.ecx: 20
exception.instruction_r: ed 89 45 e4 5a 59 5b 58 83 4d fc ff eb 11 33 c0
exception.symbol: 2d262b7c38722cc7acafebbabd2c7d83+0x3465
exception.instruction: in eax, dx
exception.module: 2d262b7c38722cc7acafebbabd2c7d83.exe
exception.exception_code: 0xc0000096
exception.offset: 13413
exception.address: 0x403465
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (7 个事件)
Time & API Arguments Status Return Repeated
1619348801.930625
NtAllocateVirtualMemory
process_identifier: 2288
region_size: 225280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003a0000
success 0 0
1619348814.664625
NtAllocateVirtualMemory
process_identifier: 2288
region_size: 221184
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00600000
success 0 0
1619348814.664625
NtProtectVirtualMemory
process_identifier: 2288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 237568
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619348815.570498
NtAllocateVirtualMemory
process_identifier: 2128
region_size: 225280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01dd0000
success 0 0
1619348828.773498
NtAllocateVirtualMemory
process_identifier: 2128
region_size: 221184
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01e60000
success 0 0
1619348828.773498
NtProtectVirtualMemory
process_identifier: 2128
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 237568
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619348868.99275
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000004170000
success 0 0
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\naznovu.lnk
Creates a shortcut to an executable file (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\naznovu.lnk
Creates a suspicious process (1 个事件)
cmdline "C:\Windows\system32\schtasks.exe" /Create /RU "NT AUTHORITY\SYSTEM" /tn jrmdobu /tr "\"C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\2d262b7c38722cc7acafebbabd2c7d83.exe\" /I jrmdobu" /SC ONCE /Z /ST 16:09 /ET 16:21
A process created a hidden window (2 个事件)
Time & API Arguments Status Return Repeated
1619348815.414625
CreateProcessInternalW
thread_identifier: 1804
thread_handle: 0x00000154
process_identifier: 2128
current_directory:
filepath:
track: 1
command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\2d262b7c38722cc7acafebbabd2c7d83.exe /C
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x00000158
inherit_handles: 0
success 1 0
1619348840.976625
CreateProcessInternalW
thread_identifier: 2188
thread_handle: 0x0000015c
process_identifier: 884
current_directory:
filepath:
track: 1
command_line: "C:\Windows\system32\schtasks.exe" /Create /RU "NT AUTHORITY\SYSTEM" /tn jrmdobu /tr "\"C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\2d262b7c38722cc7acafebbabd2c7d83.exe\" /I jrmdobu" /SC ONCE /Z /ST 16:09 /ET 16:21
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x00000204
inherit_handles: 0
success 1 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (2 个事件)
Uses Windows utilities for basic Windows functionality (1 个事件)
cmdline "C:\Windows\system32\schtasks.exe" /Create /RU "NT AUTHORITY\SYSTEM" /tn jrmdobu /tr "\"C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\2d262b7c38722cc7acafebbabd2c7d83.exe\" /I jrmdobu" /SC ONCE /Z /ST 16:09 /ET 16:21
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Installs itself for autorun at Windows startup (2 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\naznovu.lnk
cmdline "C:\Windows\system32\schtasks.exe" /Create /RU "NT AUTHORITY\SYSTEM" /tn jrmdobu /tr "\"C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\2d262b7c38722cc7acafebbabd2c7d83.exe\" /I jrmdobu" /SC ONCE /Z /ST 16:09 /ET 16:21
Uses Sysinternals tools in order to add additional command line functionality (1 个事件)
cmdline "C:\Windows\system32\schtasks.exe" /Create /RU "NT AUTHORITY\SYSTEM" /tn jrmdobu /tr "\"C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\2d262b7c38722cc7acafebbabd2c7d83.exe\" /I jrmdobu" /SC ONCE /Z /ST 16:09 /ET 16:21
Detects VMWare through the in instruction feature (1 个事件)
Time & API Arguments Status Return Repeated
1619348829.461498
__exception__
stacktrace: 
2d262b7c38722cc7acafebbabd2c7d83+0x3daa @ 0x403daa
2d262b7c38722cc7acafebbabd2c7d83+0x1b23 @ 0x401b23
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1637624
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1637684
registers.edx: 22104
registers.ebx: 1
registers.esi: 2643832
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb
exception.symbol: 2d262b7c38722cc7acafebbabd2c7d83+0x33cc
exception.instruction: in eax, dx
exception.module: 2d262b7c38722cc7acafebbabd2c7d83.exe
exception.exception_code: 0xc0000096
exception.offset: 13260
exception.address: 0x4033cc
success 0 0
File has been identified by 62 AntiVirus engines on VirusTotal as malicious (50 out of 62 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
DrWeb Trojan.Inject3.39575
MicroWorld-eScan Trojan.Agent.EQDY
FireEye Generic.mg.2d262b7c38722cc7
ALYac Trojan.Agent.EQDY
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
K7AntiVirus Trojan ( 0056625d1 )
Alibaba TrojanBanker:Win32/Dridex.8c5e50d1
K7GW Trojan ( 0056625d1 )
Cybereason malicious.8eea22
Arcabit Trojan.Agent.EQDY
BitDefenderTheta Gen:NN.ZexaF.34670.@n0@a0cSMGfi
Cyren W32/Kryptik.BMM.gen!Eldorado
Symantec Packed.Generic.459
ESET-NOD32 a variant of Win32/Kryptik.HEWP
APEX Malicious
Paloalto generic.ml
ClamAV Win.Malware.Qbot-7768292-0
Kaspersky HEUR:Trojan-Banker.Win32.Qbot.pef
BitDefender Trojan.Agent.EQDY
NANO-Antivirus Trojan.Win32.Inject3.hjzkun
SUPERAntiSpyware Trojan.Agent/Gen-QBot
Avast Win32:BankerX-gen [Trj]
Tencent Malware.Win32.Gencirc.10b9ecfb
Ad-Aware Trojan.Agent.EQDY
Emsisoft Trojan.Agent.EQDY (B)
Comodo TrojWare.Win32.Qbot.AS@8rff2f
F-Secure Trojan.TR/AD.Qbot.mcfkq
Zillya Trojan.Kryptik.Win32.2017489
TrendMicro Backdoor.Win32.QAKBOT.SME
McAfee-GW-Edition BehavesLike.Win32.Generic.tz
Sophos Mal/Generic-R + Mal/EncPk-APV
Ikarus Backdoor.QBot
Jiangmin Trojan.Banker.Qbot.oh
Webroot W32.Trojan.Gen
Avira TR/AD.Qbot.mcfkq
MAX malware (ai score=85)
Antiy-AVL Trojan[Banker]/Win32.Qbot
Kingsoft Win32.Troj.Banker.(kcloud)
Gridinsoft Trojan.Win32.Agent.ba!s2
Microsoft Trojan:Win32/Dridex.RAC!MTB
ZoneAlarm HEUR:Trojan-Banker.Win32.Qbot.pef
GData Trojan.Agent.EQDY
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.RL_Generic.R335416
McAfee W32/PinkSbot-GN!2D262B7C3872
TACHYON Trojan/W32.Agent.2087936.M
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.78:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-05-05 19:41:32

Imports

Library KERNEL32.dll:
0x5c76f4 SetEndOfFile
0x5c76f8 HeapSize
0x5c7700 CreateFileW
0x5c7704 GetProcessHeap
0x5c7708 SetStdHandle
0x5c7714 GetTickCount
0x5c7718 GetProcAddress
0x5c771c GetStdHandle
0x5c7720 ReadFile
0x5c7724 WriteFile
0x5c7728 GetConsoleMode
0x5c772c SetConsoleMode
0x5c7730 FreeLibrary
0x5c7734 LoadLibraryA
0x5c7738 CloseHandle
0x5c773c GetLastError
0x5c7740 GetOverlappedResult
0x5c7744 SetEvent
0x5c7748 WaitForSingleObject
0x5c774c CreateEventA
0x5c7750 CreateThread
0x5c7754 GetSystemDirectoryA
0x5c7758 FormatMessageA
0x5c775c DecodePointer
0x5c7760 FindFirstFileA
0x5c7764 FindNextFileA
0x5c776c GetProcessTimes
0x5c7770 GetCurrentProcess
0x5c7774 GetCurrentProcessId
0x5c7778 GetCurrentThread
0x5c777c GetThreadTimes
0x5c7780 GetSystemTime
0x5c778c GlobalMemoryStatus
0x5c7790 CreateFileA
0x5c7794 LocalFree
0x5c7798 WaitNamedPipeA
0x5c779c ConnectNamedPipe
0x5c77a0 CreateNamedPipeA
0x5c77a4 GetCurrentThreadId
0x5c77a8 MapViewOfFile
0x5c77ac UnmapViewOfFile
0x5c77b0 LocalAlloc
0x5c77b4 CreateFileMappingA
0x5c77b8 GetFileType
0x5c77c0 CreatePipe
0x5c77c4 CreateProcessA
0x5c77c8 OpenProcess
0x5c77cc ClearCommBreak
0x5c77d0 GetCommState
0x5c77d4 SetCommBreak
0x5c77d8 SetCommState
0x5c77dc SetCommTimeouts
0x5c77e0 ReleaseMutex
0x5c77e4 CreateMutexA
0x5c77ec DeleteFileA
0x5c77f0 GetLocalTime
0x5c77fc TerminateProcess
0x5c7808 InitializeSListHead
0x5c780c IsDebuggerPresent
0x5c7810 GetStartupInfoW
0x5c7814 GetModuleHandleW
0x5c7818 FindClose
0x5c781c GetModuleFileNameW
0x5c7824 TlsAlloc
0x5c7828 TlsGetValue
0x5c782c TlsSetValue
0x5c7830 TlsFree
0x5c7834 LoadLibraryExW
0x5c7838 RtlUnwind
0x5c783c SetLastError
0x5c784c GetModuleFileNameA
0x5c7850 GetModuleHandleExW
0x5c7854 WriteConsoleW
0x5c7858 MultiByteToWideChar
0x5c785c WideCharToMultiByte
0x5c7860 ExitProcess
0x5c7864 GetCommandLineA
0x5c7868 GetCommandLineW
0x5c786c GetACP
0x5c7870 HeapFree
0x5c7874 HeapAlloc
0x5c7878 OutputDebugStringW
0x5c7880 GetStringTypeW
0x5c7884 GetDateFormatW
0x5c7888 GetTimeFormatW
0x5c788c CompareStringW
0x5c7890 LCMapStringW
0x5c7894 FlushFileBuffers
0x5c7898 GetConsoleCP
0x5c789c HeapReAlloc
0x5c78a0 ReadConsoleW
0x5c78a4 SetFilePointerEx
0x5c78a8 FindFirstFileExA
0x5c78ac IsValidCodePage
0x5c78b0 GetOEMCP
0x5c78b4 GetCPInfo
0x5c78bc RaiseException
0x5c78c0 Process32FirstW
0x5c78c4 PurgeComm
0x5c78c8 DuplicateHandle
0x5c78d0 VirtualFree
0x5c78d4 HeapValidate
0x5c78d8 GetConsoleWindow
0x5c78ec SetConsoleTitleA
0x5c78f0 CreateDirectoryExA
0x5c78f8 TransmitCommChar
0x5c78fc OpenEventA
0x5c7904 OpenSemaphoreA
0x5c7908 EnumResourceNamesW
0x5c7910 Module32FirstW
0x5c7918 lstrcat
0x5c791c MoveFileA
0x5c7920 GetDiskFreeSpaceExA
0x5c7924 CreateTimerQueue
0x5c7928 _lread
0x5c7930 LoadLibraryExA
0x5c793c GetUserDefaultLCID
0x5c7940 IsBadReadPtr
0x5c7948 GetModuleHandleA
0x5c794c VirtualAlloc
0x5c7950 LoadLibraryW
Library USER32.dll:
0x5c795c PeekMessageA
0x5c7960 FindWindowA
0x5c7964 SendMessageA
0x5c7968 GetCursorPos
0x5c796c GetForegroundWindow
0x5c7970 GetCapture
0x5c7974 GetQueueStatus
0x5c7978 GetClipboardOwner
0x5c797c PostMessageA
0x5c7980 EnumDisplayMonitors
0x5c7984 ShowWindow
0x5c7988 UnhookWinEvent
0x5c798c DdeQueryStringA
0x5c799c PostThreadMessageA
0x5c79a0 OffsetRect
0x5c79a4 SetScrollRange
0x5c79ac UnpackDDElParam
0x5c79b0 CreateIconIndirect
0x5c79b4 LoadCursorFromFileW
0x5c79b8 SetCapture
0x5c79c0 RegisterHotKey
0x5c79c4 ShowOwnedPopups
0x5c79c8 FlashWindowEx
0x5c79cc GetMessagePos
0x5c79d4 CloseWindowStation
0x5c79d8 FreeDDElParam
0x5c79dc GetPropA
0x5c79e0 OemKeyScan
0x5c79e4 SwitchDesktop
0x5c79e8 SetWindowTextA
0x5c79ec LoadIconW
0x5c79f0 LoadCursorFromFileA
Library GDI32.dll:
0x5c79f8 FONTOBJ_vGetInfo
0x5c79fc XLATEOBJ_iXlate
0x5c7a00 GetLayout
0x5c7a04 CheckColorsInGamut
0x5c7a08 GetRasterizerCaps
0x5c7a0c EngDeletePalette
0x5c7a10 GetStringBitmapA
0x5c7a14 MoveToEx
0x5c7a18 EnumFontFamiliesW
0x5c7a1c GetBoundsRect
0x5c7a2c EngFindResource
0x5c7a30 EngDeleteSemaphore
0x5c7a38 SetMagicColors
0x5c7a3c STROBJ_vEnumStart
0x5c7a44 GdiSetLastError
0x5c7a48 CreateColorSpaceA
0x5c7a4c SetWorldTransform
0x5c7a50 SetPixel
0x5c7a54 AnimatePalette
0x5c7a58 SetViewportExtEx
0x5c7a5c EqualRgn
0x5c7a60 Chord
0x5c7a64 GetCharWidthInfo
0x5c7a68 GetTextFaceAliasW
0x5c7a6c AbortDoc
0x5c7a74 GetFontData
0x5c7a7c GdiStartPageEMF
0x5c7a80 AddFontResourceA
Library COMDLG32.dll:
0x5c7a8c GetFileTitleA
Library ADVAPI32.dll:
0x5c7a94 RegCloseKey
0x5c7a98 RegOpenKeyA
0x5c7a9c RegQueryValueExA
0x5c7aa0 GetUserNameA
0x5c7aa4 EqualSid
0x5c7aac CopySid
0x5c7ab0 GetLengthSid
0x5c7ac0 RegCreateKeyA
0x5c7ac4 RegSetValueExA
0x5c7ac8 SystemFunction036
0x5c7acc RegSetValueA
Library SHELL32.dll:
0x5c7ad8 SHGetSettings
0x5c7ae8 ShellExecuteExA
0x5c7aec CheckEscapesW
0x5c7af0 SHGetFolderPathA
0x5c7af4 SHGetDesktopFolder
0x5c7af8 DuplicateIcon
0x5c7afc SHGetFolderLocation
0x5c7b04 DoEnvironmentSubstW
0x5c7b0c DragQueryFile
Library ole32.dll:
0x5c7b18 CoTaskMemFree
Library SHLWAPI.dll:
0x5c7b20 StrRStrIW
0x5c7b24 StrRChrIA
0x5c7b28 StrChrW
0x5c7b2c StrRStrIA
0x5c7b30 PathIsUNCA
Library COMCTL32.dll:
0x5c7b38 _TrackMouseEvent

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.