6.4
高危
51 个模型检测该样本为恶意!
重新分析
更多

e5b41ad0f4038600aea9353a27e74c75ff7e6eb986b96cad04669fcbfa417fe7

753d49d09160b3ad803927343231349d.exe

分析耗时

129s

最近分析

文件大小

408.5KB
静态报毒 动态报毒 100% 5DRAUEPMB0F ACMK AGENSLA AGENTTESLA AI SCORE=81 ATTRIBUTE AUTO CONFIDENCE ELDORADO FVFYN GDSDA GENERICKD GENERICRXKZ HIGH CONFIDENCE HIGHCONFIDENCE HUKGSE KCLOUD KRYPTIK MALWARE@#9E8CB8MC56CE PACKEDNET PSWTROJ RATX SCORE TROJANPSW TSCOPE UNSAFE ZEMSILF ZMW@AASOW4F 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee GenericRXKZ-HS!753D49D09160 20201211 6.0.6.653
Alibaba TrojanPSW:MSIL/Agensla.094470f1 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Avast Win32:RATX-gen [Trj] 20201210 21.1.5827.0
Baidu 20190318 1.0.0.2
Kingsoft Win32.PSWTroj.Undef.(kcloud) 20201211 2017.9.26.565
Tencent Win32.Trojan.Inject.Auto 20201211 1.0.0.1
静态指标
Queries for the computername (20 个事件)
Time & API Arguments Status Return Repeated
1619618063.9655
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619618065.3245
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619618068.3555
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619618070.2775
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619618101.79375
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619618105.684
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619618108.684
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619618112.512
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619618121.09
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619618102.105875
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619618105.074875
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619618107.652875
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619618111.652
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619618118.262875
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619618124.168875
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619618130.043875
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619618132.449875
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619618145.996125
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619618148.137125
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619618152.246125
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Checks if process is being debugged by a debugger (36 个事件)
Time & API Arguments Status Return Repeated
1619596030.7054
IsDebuggerPresent
failed 0 0
1619596030.7054
IsDebuggerPresent
failed 0 0
1619618061.0435
IsDebuggerPresent
failed 0 0
1619618061.0595
IsDebuggerPresent
failed 0 0
1619618064.012
IsDebuggerPresent
failed 0 0
1619618064.012
IsDebuggerPresent
failed 0 0
1619618065.68475
IsDebuggerPresent
failed 0 0
1619618065.68475
IsDebuggerPresent
failed 0 0
1619618071.965875
IsDebuggerPresent
failed 0 0
1619618071.965875
IsDebuggerPresent
failed 0 0
1619618072.855
IsDebuggerPresent
failed 0 0
1619618072.855
IsDebuggerPresent
failed 0 0
1619618085.199125
IsDebuggerPresent
failed 0 0
1619618085.199125
IsDebuggerPresent
failed 0 0
1619618086.434875
IsDebuggerPresent
failed 0 0
1619618086.434875
IsDebuggerPresent
failed 0 0
1619618092.23
IsDebuggerPresent
failed 0 0
1619618092.246
IsDebuggerPresent
failed 0 0
1619618096.684
IsDebuggerPresent
failed 0 0
1619618096.684
IsDebuggerPresent
failed 0 0
1619618103.059625
IsDebuggerPresent
failed 0 0
1619618103.059625
IsDebuggerPresent
failed 0 0
1619618105.293875
IsDebuggerPresent
failed 0 0
1619618105.293875
IsDebuggerPresent
failed 0 0
1619618110.887125
IsDebuggerPresent
failed 0 0
1619618110.887125
IsDebuggerPresent
failed 0 0
1619618115.090125
IsDebuggerPresent
failed 0 0
1619618115.152125
IsDebuggerPresent
failed 0 0
1619618131.309125
IsDebuggerPresent
failed 0 0
1619618131.309125
IsDebuggerPresent
failed 0 0
1619618135.637125
IsDebuggerPresent
failed 0 0
1619618135.637125
IsDebuggerPresent
failed 0 0
1619618148.012875
IsDebuggerPresent
failed 0 0
1619618148.027875
IsDebuggerPresent
failed 0 0
1619618151.277625
IsDebuggerPresent
failed 0 0
1619618151.277625
IsDebuggerPresent
failed 0 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619596030.7374
GlobalMemoryStatusEx
success 1 0
One or more processes crashed (4 个事件)
Time & API Arguments Status Return Repeated
1619618067.5435
__exception__
stacktrace: 
0x11dfa15
0x11dec61
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73e94c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73f5ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73f5cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73f5cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73f5d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73f5d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73fdaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x752655ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x754e7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x754e4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1765844
registers.edi: 1765876
registers.eax: 0
registers.ebp: 1765892
registers.edx: 8
registers.ebx: 0
registers.esi: 45745508
registers.ecx: 0
exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 d8 b8 f3 9c f4 fb e9
exception.instruction: mov eax, dword ptr [ecx]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x1193312
success 0 0
1619618112.059
__exception__
stacktrace: 
0x10bfa15
0x10bec61
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73e94c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73f5ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73f5cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73f5cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73f5d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73f5d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73fdaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x752655ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x754e7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x754e4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 2683012
registers.edi: 2683044
registers.eax: 0
registers.ebp: 2683060
registers.edx: 8
registers.ebx: 0
registers.esi: 45718696
registers.ecx: 0
exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 d8 b8 f3 9c f4 fb e9
exception.instruction: mov eax, dword ptr [ecx]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x1083312
success 0 0
1619618107.012875
__exception__
stacktrace: 
0x27efd85
0x27eec61
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73e94c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73f5ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73f5cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73f5cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73f5d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73f5d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73fdaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x752655ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x754e7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x754e4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 2290244
registers.edi: 2290276
registers.eax: 0
registers.ebp: 2290292
registers.edx: 8
registers.ebx: 0
registers.esi: 45614592
registers.ecx: 0
exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 d8 b8 f3 9c f4 fb e9
exception.instruction: mov eax, dword ptr [ecx]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xd536f2
success 0 0
1619618128.668875
__exception__
stacktrace: 
0x105fd85
0x105ec61
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73e721db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73e94a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73e94bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73e94c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73e94c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73f5ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73f5cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73f5cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73f5d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73f5d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73fdaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x752655ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x754e7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x754e4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 2814196
registers.edi: 2814228
registers.eax: 0
registers.ebp: 2814244
registers.edx: 8
registers.ebx: 0
registers.esi: 47457204
registers.ecx: 0
exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 d8 b8 f3 9c f4 fb e9
exception.instruction: mov eax, dword ptr [ecx]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x8a36f2
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (50 out of 837 个事件)
Time & API Arguments Status Return Repeated
1619596029.9404
NtAllocateVirtualMemory
process_identifier: 284
region_size: 2228224
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00930000
success 0 0
1619596029.9404
NtAllocateVirtualMemory
process_identifier: 284
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00b10000
success 0 0
1619596030.3304
NtAllocateVirtualMemory
process_identifier: 284
region_size: 1114112
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00520000
success 0 0
1619596030.3304
NtAllocateVirtualMemory
process_identifier: 284
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x005f0000
success 0 0
1619596030.4714
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73e71000
success 0 0
1619596030.7054
NtAllocateVirtualMemory
process_identifier: 284
region_size: 1179648
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00b50000
success 0 0
1619596030.7054
NtAllocateVirtualMemory
process_identifier: 284
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00c30000
success 0 0
1619596030.7054
NtAllocateVirtualMemory
process_identifier: 284
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0039a000
success 0 0
1619596030.7054
NtProtectVirtualMemory
process_identifier: 284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73e72000
success 0 0
1619596030.7054
NtAllocateVirtualMemory
process_identifier: 284
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00392000
success 0 0
1619596031.1434
NtAllocateVirtualMemory
process_identifier: 284
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003a2000
success 0 0
1619596031.3154
NtAllocateVirtualMemory
process_identifier: 284
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003c5000
success 0 0
1619596031.3154
NtAllocateVirtualMemory
process_identifier: 284
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003cb000
success 0 0
1619596031.3154
NtAllocateVirtualMemory
process_identifier: 284
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003c7000
success 0 0
1619596031.5184
NtAllocateVirtualMemory
process_identifier: 284
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003a3000
success 0 0
1619596031.5654
NtAllocateVirtualMemory
process_identifier: 284
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003ac000
success 0 0
1619596031.6124
NtAllocateVirtualMemory
process_identifier: 284
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00650000
success 0 0
1619596031.6274
NtAllocateVirtualMemory
process_identifier: 284
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003b6000
success 0 0
1619596031.6274
NtAllocateVirtualMemory
process_identifier: 284
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003ba000
success 0 0
1619596031.6274
NtAllocateVirtualMemory
process_identifier: 284
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003b7000
success 0 0
1619596031.6904
NtAllocateVirtualMemory
process_identifier: 284
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003a4000
success 0 0
1619596031.8154
NtAllocateVirtualMemory
process_identifier: 284
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003a5000
success 0 0
1619596031.8934
NtAllocateVirtualMemory
process_identifier: 284
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00651000
success 0 0
1619596031.9714
NtAllocateVirtualMemory
process_identifier: 284
region_size: 12288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00b50000
success 0 0
1619596033.0184
NtAllocateVirtualMemory
process_identifier: 284
region_size: 12288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00b60000
success 0 0
1619596033.6124
NtAllocateVirtualMemory
process_identifier: 284
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00652000
success 0 0
1619618061.0125
NtProtectVirtualMemory
process_identifier: 2740
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75261000
success 0 0
1619618061.0125
NtAllocateVirtualMemory
process_identifier: 2740
region_size: 1114112
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00850000
success 0 0
1619618061.0125
NtAllocateVirtualMemory
process_identifier: 2740
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00920000
success 0 0
1619618061.0435
NtProtectVirtualMemory
process_identifier: 2740
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73e71000
success 0 0
1619618061.0435
NtProtectVirtualMemory
process_identifier: 2740
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x751a1000
success 0 0
1619618061.0435
NtAllocateVirtualMemory
process_identifier: 2740
region_size: 851968
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00610000
success 0 0
1619618061.0435
NtAllocateVirtualMemory
process_identifier: 2740
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x006a0000
success 0 0
1619618061.0435
NtProtectVirtualMemory
process_identifier: 2740
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73e71000
success 0 0
1619618061.0435
NtAllocateVirtualMemory
process_identifier: 2740
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00650000
success 0 0
1619618061.0435
NtAllocateVirtualMemory
process_identifier: 2740
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00660000
success 0 0
1619618061.0905
NtAllocateVirtualMemory
process_identifier: 2740
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0056a000
success 0 0
1619618061.0905
NtProtectVirtualMemory
process_identifier: 2740
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73e72000
success 0 0
1619618061.0905
NtAllocateVirtualMemory
process_identifier: 2740
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00562000
success 0 0
1619618061.1055
NtAllocateVirtualMemory
process_identifier: 2740
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00582000
success 0 0
1619618061.1685
NtAllocateVirtualMemory
process_identifier: 2740
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00625000
success 0 0
1619618061.1685
NtAllocateVirtualMemory
process_identifier: 2740
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0062b000
success 0 0
1619618061.1685
NtAllocateVirtualMemory
process_identifier: 2740
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00627000
success 0 0
1619618061.1685
NtProtectVirtualMemory
process_identifier: 2740
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x755f1000
success 0 0
1619618061.1845
NtAllocateVirtualMemory
process_identifier: 2740
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00583000
success 0 0
1619618061.1995
NtProtectVirtualMemory
process_identifier: 2740
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x74511000
success 0 0
1619618061.2155
NtAllocateVirtualMemory
process_identifier: 2740
region_size: 12288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00584000
success 0 0
1619618061.2155
NtAllocateVirtualMemory
process_identifier: 2740
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0058c000
success 0 0
1619618061.2625
NtAllocateVirtualMemory
process_identifier: 2740
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x011d0000
success 0 0
1619618061.2625
NtAllocateVirtualMemory
process_identifier: 2740
region_size: 53248
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x011d1000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 6.999382482349717 section {'size_of_data': '0x00065c00', 'virtual_address': '0x00002000', 'entropy': 6.999382482349717, 'name': '.text', 'virtual_size': '0x00065b94'} description A section with a high entropy has been found
entropy 0.9975490196078431 description Overall entropy of this PE file is high
Checks for the Locally Unique Identifier on the system for a suspicious privilege (17 个事件)
Time & API Arguments Status Return Repeated
1619596033.5024
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619618063.1215
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619618065.418
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619618066.09075
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619618072.574875
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619618073.309
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619618086.043125
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619618087.152875
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619618096.105
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619618097.199
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619618104.418625
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619618105.871875
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619618112.762125
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619618120.855125
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619618132.965125
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619618136.730125
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619618150.605875
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
Terminates another process (40 个事件)
Time & API Arguments Status Return Repeated
1619618065.762
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
failed 0 0
1619618065.762
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
success 0 0
1619618097.40275
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 2740
process_handle: 0x00000274
failed 0 0
1619618097.40275
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 2740
process_handle: 0x00000274
failed 3221225738 0
1619618072.762875
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000028c
failed 0 0
1619618072.762875
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000028c
success 0 0
1619618096.277
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 2740
process_handle: 0x0000027c
failed 0 0
1619618096.277
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 2740
process_handle: 0x0000027c
success 0 0
1619618103.246
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3140
process_handle: 0x0000027c
failed 0 0
1619618103.246
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3140
process_handle: 0x0000027c
success 0 0
1619618086.230125
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000028c
failed 0 0
1619618086.230125
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000028c
success 0 0
1619618097.324875
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 2740
process_handle: 0x00000278
failed 0 0
1619618097.324875
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 2740
process_handle: 0x00000278
failed 3221225738 0
1619618096.309
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000298
failed 0 0
1619618096.309
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000298
success 0 0
1619618107.777
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3540
process_handle: 0x0000027c
failed 0 0
1619618107.777
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3540
process_handle: 0x0000027c
success 0 0
1619618107.793
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3140
process_handle: 0x0000027c
failed 0 0
1619618107.793
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3140
process_handle: 0x0000027c
failed 3221225738 0
1619618105.074625
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
failed 0 0
1619618105.074625
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000288
success 0 0
1619618112.605875
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3956
process_handle: 0x0000027c
failed 0 0
1619618112.605875
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3956
process_handle: 0x0000027c
success 0 0
1619618112.605875
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3540
process_handle: 0x0000027c
failed 0 0
1619618112.605875
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3540
process_handle: 0x0000027c
failed 3221225738 0
1619618114.152125
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000294
failed 0 0
1619618114.152125
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000294
success 0 0
1619618133.809125
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3060
process_handle: 0x00000278
failed 0 0
1619618133.809125
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3060
process_handle: 0x00000278
success 0 0
1619618144.699125
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3328
process_handle: 0x00000278
failed 0 0
1619618144.699125
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3328
process_handle: 0x00000278
success 0 0
1619618135.074125
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000028c
failed 0 0
1619618135.074125
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000028c
success 0 0
1619618149.840125
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 952
process_handle: 0x00000274
failed 0 0
1619618149.840125
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 952
process_handle: 0x00000274
success 0 0
1619618150.059125
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3328
process_handle: 0x00000274
failed 0 0
1619618150.059125
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3328
process_handle: 0x00000274
failed 3221225738 0
1619618151.527875
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000290
failed 0 0
1619618151.527875
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000290
success 0 0
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 113.108.239.196
host 172.217.24.14
A process attempted to delay the analysis task. (1 个事件)
description RegAsm.exe tried to sleep 5456372 seconds, actually delayed analysis time by 5456372 seconds
Manipulates memory of a non-child process indicative of process injection (6 个事件)
Process injection Process 3792 manipulating memory of non-child process 3916
Process injection Process 2604 manipulating memory of non-child process 3420
Time & API Arguments Status Return Repeated
1619618094.715
NtAllocateVirtualMemory
process_identifier: 3916
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000240
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000a0000
success 0 0
1619618094.84
NtAllocateVirtualMemory
process_identifier: 3916
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000240
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000b0000
success 0 0
1619618112.293125
NtAllocateVirtualMemory
process_identifier: 3420
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000240
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000a0000
success 0 0
1619618112.309125
NtAllocateVirtualMemory
process_identifier: 3420
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000240
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000b0000
success 0 0
Attempts to remove evidence of file being downloaded from the Internet (1 个事件)
file C:\Users\Administrator.Oskar-PC\s.exe:Zone.Identifier
File has been identified by 51 AntiVirus engines on VirusTotal as malicious (50 out of 51 个事件)
Elastic malicious (high confidence)
DrWeb Trojan.PackedNET.332
MicroWorld-eScan Trojan.GenericKD.43306867
FireEye Generic.mg.753d49d09160b3ad
McAfee GenericRXKZ-HS!753D49D09160
Cylance Unsafe
K7AntiVirus Trojan ( 0056081c1 )
Alibaba TrojanPSW:MSIL/Agensla.094470f1
K7GW Trojan ( 0056081c1 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.Generic.D294CF73
BitDefenderTheta Gen:NN.ZemsilF.34670.zmW@aasOw4f
Cyren W32/MSIL_Troj.VV.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/Kryptik.WOX
APEX Malicious
Avast Win32:RATX-gen [Trj]
Kaspersky HEUR:Trojan-PSW.MSIL.Agensla.gen
BitDefender Trojan.GenericKD.43306867
NANO-Antivirus Trojan.Win32.Agensla.hukgse
Paloalto generic.ml
AegisLab Trojan.Win32.Generic.4!c
Rising Trojan.Kryptik!8.8 (TFE:C:5dRauepmB0F)
Ad-Aware Trojan.GenericKD.43306867
Emsisoft Trojan.GenericKD.43306867 (B)
Comodo Malware@#9e8cb8mc56ce
F-Secure Trojan.TR/AD.AgentTesla.fvfyn
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition BehavesLike.Win32.Generic.gh
Sophos Mal/Generic-S
Ikarus Trojan.Inject
Jiangmin Trojan.PSW.MSIL.acmk
Avira TR/AD.AgentTesla.fvfyn
Antiy-AVL Trojan[PSW]/MSIL.Agensla
Kingsoft Win32.PSWTroj.Undef.(kcloud)
Microsoft Trojan:MSIL/AgentTesla.BB!MTB
ZoneAlarm HEUR:Trojan-PSW.MSIL.Agensla.gen
GData Trojan.GenericKD.43306867
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.RL_Generic.C4117833
Acronis suspicious
ALYac Trojan.GenericKD.43306867
MAX malware (ai score=81)
VBA32 TScope.Trojan.MSIL
Malwarebytes Trojan.Crypt.MSIL.Generic
Tencent Win32.Trojan.Inject.Auto
Fortinet MSIL/Kryptik.WCL!tr
AVG Win32:RATX-gen [Trj]
Cybereason malicious.ec5b06
Panda Trj/GdSda.A
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-06-08 14:54:33

Imports

Library mscoree.dll:
0x402000 _CorExeMain

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58370 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.