6.6
高危
53 个模型检测该样本为恶意!
重新分析
更多

7ebb1bf94e64d8c90fa9d717e8fc8052dd51d11d7c195891dab4fb2ba2086587

82625caa3c612bb710ac337064b1b145.exe

分析耗时

109s

最近分析

文件大小

492.0KB
静态报毒 动态报毒 100% AI SCORE=80 AUTORUNS CLASSIC CONFIDENCE DOWNLOADER30 DZMW EMOTET EMOTETRI ENCPK FILEREPMALWARE GDSDA GENCIRC GENERICKD GENKRYPTIK GKQTJM GZHK JAIK KRYPTIK MALWARE@#1UA88MDFWHBF5 MODERATE CONFIDENCE RUJJX S9544840 TIABOFFO TROJANBANKER UNSAFE ZAFK 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FPB!82625CAA3C61 20200108 6.0.6.653
Alibaba 20190527 0.3.0.5
Avast 20200108 18.4.3895.0
Tencent Malware.Win32.Gencirc.10b65593 20200108 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft 20200108 2013.8.14.323
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1620832594.413876
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
This executable has a PDB path (1 个事件)
pdb_path c:\Users\User\Desktop\2003\opengl\WinRel\OPENGL.pdb
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1620832589.398249
NtAllocateVirtualMemory
process_identifier: 648
region_size: 69632
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x005a0000
success 0 0
1620832589.632876
NtAllocateVirtualMemory
process_identifier: 1752
region_size: 69632
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00580000
success 0 0
1620832222.338772
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000004210000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Creates a service (1 个事件)
Time & API Arguments Status Return Repeated
1620832601.772876
CreateServiceW
service_start_name:
start_type: 2
service_handle: 0x0060f748
display_name: rdsangle
error_control: 0
service_name: rdsangle
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\rdsangle.exe"
filepath_r: "C:\Windows\SysWOW64\rdsangle.exe"
service_manager_handle: 0x005e64c0
desired_access: 18
service_type: 16
password:
success 6354760 0
Moves the original executable to a new location (1 个事件)
Time & API Arguments Status Return Repeated
1620832597.647876
MoveFileWithProgressW
oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\82625caa3c612bb710ac337064b1b145.exe
newfilepath: C:\Windows\SysWOW64\rdsangle.exe
newfilepath_r: C:\Windows\SysWOW64\rdsangle.exe
flags: 3
oldfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\82625caa3c612bb710ac337064b1b145.exe
success 1 0
网络通信
Communicates with host for which no DNS query was performed (4 个事件)
host 172.217.24.14
host 172.90.70.168
host 72.69.99.47
host 203.208.40.66
Installs itself for autorun at Windows startup (1 个事件)
service_name rdsangle service_path C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\rdsangle.exe"
Attempts to remove evidence of file being downloaded from the Internet (1 个事件)
file C:\Windows\SysWOW64\rdsangle.exe:Zone.Identifier
File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 个事件)
DrWeb Trojan.DownLoader30.50615
MicroWorld-eScan Trojan.Autoruns.GenericKD.42206031
CAT-QuickHeal Trojan.EmotetRI.S9544840
McAfee Emotet-FPB!82625CAA3C61
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
SUPERAntiSpyware Trojan.Agent/Gen-Emotet
Sangfor Malware
K7AntiVirus Trojan ( 0055cf281 )
K7GW Trojan ( 0055cf281 )
F-Prot W32/Emotet.AJH
Symantec Trojan Horse
ESET-NOD32 a variant of Win32/Kryptik.GZHK
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.TIABOFFO
ClamAV Win.Trojan.Jaik-7434125-0
Kaspersky HEUR:Trojan-Banker.Win32.Emotet.gen
BitDefender Trojan.Autoruns.GenericKD.42206031
NANO-Antivirus Trojan.Win32.GenKryptik.gkqtjm
Paloalto generic.ml
AegisLab Trojan.Multi.Generic.4!c
Tencent Malware.Win32.Gencirc.10b65593
Endgame malicious (moderate confidence)
Emsisoft Trojan.Autoruns.GenericKD.42206031 (B)
Comodo Malware@#1ua88mdfwhbf5
F-Secure Trojan.TR/AD.Emotet.rujjx
Zillya Trojan.Emotet.Win32.19125
TrendMicro TrojanSpy.Win32.EMOTET.TIABOFFO
McAfee-GW-Edition BehavesLike.Win32.Emotet.gh
Fortinet W32/GenKryptik.DZMW!tr
FireEye Trojan.Autoruns.GenericKD.42206031
Sophos Mal/EncPk-APA
Ikarus Trojan-Banker.Emotet
Cyren W32/Trojan.ZAFK-2277
Jiangmin Trojan.Banker.Emotet.msx
Webroot W32.Trojan.Emotet
Avira TR/AD.Emotet.rujjx
MAX malware (ai score=80)
Antiy-AVL Trojan/Win32.Emotet
Microsoft Trojan:Win32/Emotet!MTB
Arcabit Trojan.Autoruns.Generic.D284034F
ZoneAlarm HEUR:Trojan-Banker.Win32.Emotet.gen
GData Trojan.Autoruns.GenericKD.42206031
AhnLab-V3 Malware/Win32.Generic.C3617880
ALYac Trojan.Agent.Emotet
VBA32 TrojanBanker.Emotet
Malwarebytes Trojan.Emotet
APEX Malicious
Rising Trojan.Kryptik!1.C051 (CLASSIC)
Yandex Trojan.PWS.Emotet!
Ad-Aware Trojan.Autoruns.GenericKD.42206031
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (4 个事件)
dead_host 172.217.24.14:443
dead_host 72.69.99.47:80
dead_host 172.217.160.78:443
dead_host 172.90.70.168:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-12-07 00:30:47

Imports

Library OPENGL32.dll:
0x447514 wglCreateContext
0x447518 wglMakeCurrent
0x44751c glClearColor
0x447520 glClear
0x447524 glOrtho
0x447528 glBegin
0x44752c glVertex2d
0x447530 glEnd
0x447534 glFinish
0x447538 wglDeleteContext
Library CRYPT32.dll:
Library KERNEL32.dll:
0x4471ec SetErrorMode
0x4471f0 LocalUnlock
0x4471f4 LocalLock
0x4471f8 RtlUnwind
0x4471fc HeapAlloc
0x447200 HeapFree
0x447204 VirtualProtect
0x447208 VirtualAlloc
0x44720c GetSystemInfo
0x447210 VirtualQuery
0x447214 GetStartupInfoA
0x447218 GetCommandLineA
0x44721c ExitProcess
0x447220 TerminateProcess
0x447224 ExitThread
0x447228 CreateThread
0x44722c HeapReAlloc
0x447230 HeapSize
0x447234 FatalAppExitA
0x447238 HeapDestroy
0x447240 VirtualFree
0x447244 IsBadWritePtr
0x44724c GetStdHandle
0x447264 SetHandleCount
0x447268 GetFileType
0x447270 GetTickCount
0x447274 GetCurrentProcessId
0x447280 LCMapStringA
0x447284 LCMapStringW
0x447288 GetStringTypeA
0x44728c GetStringTypeW
0x447290 IsBadReadPtr
0x447294 IsBadCodePtr
0x447298 GetTimeFormatA
0x44729c GetDateFormatA
0x4472a0 GetUserDefaultLCID
0x4472a4 EnumSystemLocalesA
0x4472a8 IsValidLocale
0x4472ac IsValidCodePage
0x4472b4 SetStdHandle
0x4472b8 GetLocaleInfoW
0x4472c8 SetFileAttributesA
0x4472dc GetShortPathNameA
0x4472e0 CreateFileA
0x4472e8 FindFirstFileA
0x4472ec FindClose
0x4472f0 DuplicateHandle
0x4472f4 GetFileSize
0x4472f8 SetEndOfFile
0x4472fc UnlockFile
0x447300 LockFile
0x447304 FlushFileBuffers
0x447308 SetFilePointer
0x44730c WriteFile
0x447310 ReadFile
0x447314 DeleteFileA
0x447318 MoveFileA
0x44731c GetOEMCP
0x447320 GetCPInfo
0x447328 RaiseException
0x447330 TlsFree
0x447338 LocalReAlloc
0x44733c TlsSetValue
0x447340 TlsAlloc
0x447348 TlsGetValue
0x447350 GlobalHandle
0x447354 GlobalReAlloc
0x44735c LocalAlloc
0x447360 GlobalFlags
0x447364 SetLastError
0x447368 CopyFileA
0x44736c MulDiv
0x447370 GlobalSize
0x447374 FormatMessageA
0x447378 LocalFree
0x44737c CreateEventA
0x447380 SuspendThread
0x447384 SetEvent
0x447388 WaitForSingleObject
0x44738c ResumeThread
0x447390 SetThreadPriority
0x447394 CloseHandle
0x447398 GetCurrentThread
0x44739c GlobalAlloc
0x4473a0 lstrcmpA
0x4473a4 GetModuleFileNameA
0x4473b0 lstrcpyA
0x4473b4 GlobalFree
0x4473b8 GetDiskFreeSpaceA
0x4473bc GetFullPathNameA
0x4473c0 GetTempFileNameA
0x4473c4 GetFileTime
0x4473c8 SetFileTime
0x4473cc GetFileAttributesA
0x4473d0 FreeResource
0x4473d4 GetCurrentThreadId
0x4473d8 GlobalFindAtomA
0x4473dc GlobalDeleteAtom
0x4473e0 LoadLibraryA
0x4473e4 FreeLibrary
0x4473e8 lstrcatA
0x4473ec lstrcmpW
0x4473f0 GetModuleHandleA
0x4473f4 lstrcpynA
0x4473f8 GlobalLock
0x4473fc GlobalUnlock
0x447400 GlobalGetAtomNameA
0x447404 GlobalAddAtomA
0x447408 FindResourceA
0x44740c LoadResource
0x447410 LockResource
0x447414 SizeofResource
0x447418 GetStringTypeExW
0x44741c GetStringTypeExA
0x447428 CompareStringW
0x44742c CompareStringA
0x447430 lstrlenA
0x447434 lstrcmpiW
0x447438 lstrlenW
0x44743c lstrcmpiA
0x447440 GetVersion
0x447444 GetLastError
0x447448 WideCharToMultiByte
0x44744c MultiByteToWideChar
0x447450 GetVersionExA
0x447454 GetThreadLocale
0x447458 GetLocaleInfoA
0x44745c GetACP
0x447460 InterlockedExchange
0x447464 GetModuleHandleW
0x447468 GetProcAddress
0x44746c GetCurrentProcess
0x447470 HeapCreate
Library USER32.dll:
0x44756c SetParent
0x447570 DestroyIcon
0x447574 DeleteMenu
0x447578 GetDialogBaseUnits
0x44757c UnionRect
0x447580 IsRectEmpty
0x447584 LoadCursorA
0x447588 GetSysColorBrush
0x44758c MapVirtualKeyA
0x447590 GetKeyNameTextA
0x447594 GetMenuItemInfoA
0x447598 InflateRect
0x44759c EndPaint
0x4475a0 BeginPaint
0x4475a4 GetWindowDC
0x4475a8 ReleaseDC
0x4475ac GetDC
0x4475b0 GrayStringA
0x4475b4 DrawTextExA
0x4475b8 DrawTextA
0x4475bc TabbedTextOutA
0x4475c0 FillRect
0x4475c4 ClientToScreen
0x4475c8 GetMenuStringA
0x4475cc AppendMenuA
0x4475d0 InsertMenuA
0x4475d4 RemoveMenu
0x4475d8 GetMessageA
0x4475dc TranslateMessage
0x4475e0 GetCursorPos
0x4475e4 ValidateRect
0x4475e8 ShowOwnedPopups
0x4475ec PostQuitMessage
0x4475f4 GetNextDlgTabItem
0x4475f8 EndDialog
0x4475fc SetMenuItemBitmaps
0x447600 ModifyMenuA
0x447604 GetMenuState
0x447608 EnableMenuItem
0x44760c CheckMenuItem
0x447614 LoadBitmapA
0x447618 ScrollWindowEx
0x44761c MoveWindow
0x447620 SetWindowTextA
0x447624 IsDialogMessageA
0x447628 IsDlgButtonChecked
0x44762c SetDlgItemTextA
0x447630 SetDlgItemInt
0x447634 GetDlgItemTextA
0x447638 GetDlgItemInt
0x44763c CheckRadioButton
0x447640 CheckDlgButton
0x447644 CreateWindowExA
0x447648 SetWindowsHookExA
0x44764c CallNextHookEx
0x447650 GetClassLongA
0x447654 GetClassInfoExA
0x447658 SetPropA
0x44765c GetPropA
0x447660 SendDlgItemMessageA
0x447664 IsChild
0x44766c GetWindowTextA
0x447670 GetForegroundWindow
0x447674 GetSystemMenu
0x447678 BeginDeferWindowPos
0x44767c EndDeferWindowPos
0x447680 GetTopWindow
0x447684 DestroyWindow
0x447688 UnhookWindowsHookEx
0x44768c GetMessageTime
0x447690 GetMessagePos
0x447694 MapWindowPoints
0x447698 ScrollWindow
0x44769c MessageBoxA
0x4476a0 TrackPopupMenuEx
0x4476a4 TrackPopupMenu
0x4476a8 SetScrollRange
0x4476ac GetScrollRange
0x4476b0 SetScrollPos
0x4476b4 GetScrollPos
0x4476b8 SetForegroundWindow
0x4476bc ShowScrollBar
0x4476c0 GetClientRect
0x4476c4 AdjustWindowRectEx
0x4476c8 ScreenToClient
0x4476cc DeferWindowPos
0x4476d0 GetScrollInfo
0x4476d4 SetScrollInfo
0x4476d8 RegisterClassA
0x4476dc UnregisterClassA
0x4476e0 SetWindowPlacement
0x4476e4 EnableWindow
0x4476e8 RemovePropA
0x4476ec CharLowerA
0x4476f0 CharLowerW
0x4476f4 CharUpperA
0x4476f8 CharUpperW
0x447700 SendMessageA
0x447704 IsWindowEnabled
0x447708 GetWindow
0x44770c GetDesktopWindow
0x447710 IsWindow
0x447714 GetWindowLongA
0x447718 ShowWindow
0x44771c DefWindowProcA
0x447720 CallWindowProcA
0x447728 GetWindowPlacement
0x44772c GetWindowRect
0x447730 GetSystemMetrics
0x447734 PtInRect
0x44773c wsprintfA
0x447740 LoadMenuA
0x447744 DestroyMenu
0x447748 GetClassNameA
0x44774c GetSysColor
0x447750 SetWindowPos
0x447754 WinHelpA
0x447758 SetCapture
0x44775c LockWindowUpdate
0x447760 GetDCEx
0x447768 MessageBeep
0x44776c SetFocus
0x447770 GetActiveWindow
0x447774 GetFocus
0x447778 EqualRect
0x44777c GetDlgItem
0x447780 SetWindowLongA
0x447784 GetKeyState
0x447788 GetDlgCtrlID
0x44778c GetMenu
0x447790 UnpackDDElParam
0x447794 ReuseDDElParam
0x447798 LoadIconA
0x4477a0 WindowFromPoint
0x4477a4 KillTimer
0x4477a8 SetTimer
0x4477ac DispatchMessageA
0x4477b0 SetRect
0x4477b4 SetMenu
0x4477b8 PostMessageA
0x4477bc BringWindowToTop
0x4477c0 GetLastActivePopup
0x4477c4 CopyRect
0x4477c8 SetRectEmpty
0x4477cc OffsetRect
0x4477d0 IntersectRect
0x4477d4 CreatePopupMenu
0x4477d8 GetMenuItemCount
0x4477dc GetMenuItemID
0x4477e0 GetSubMenu
0x4477e4 InsertMenuItemA
0x4477e8 IsIconic
0x4477ec UpdateWindow
0x4477f0 InvalidateRect
0x4477f4 IsWindowVisible
0x4477f8 SetActiveWindow
0x4477fc GetClassInfoA
0x447800 SetCursor
0x447804 PeekMessageA
0x447808 GetCapture
0x44780c ReleaseCapture
0x447810 LoadAcceleratorsA
0x447814 GetParent
Library GDI32.dll:
0x447074 PlayMetaFileRecord
0x447078 GetObjectType
0x44707c EnumMetaFile
0x447080 PlayMetaFile
0x447084 CreatePen
0x447088 ExtCreatePen
0x44708c CreateSolidBrush
0x447090 CreateHatchBrush
0x447094 CreateFontIndirectA
0x4470a0 PatBlt
0x4470a4 CreatePatternBrush
0x4470a8 CombineRgn
0x4470ac GetMapMode
0x4470b0 DPtoLP
0x4470b4 StretchDIBits
0x4470b8 GetCharWidthA
0x4470bc CreateFontA
0x4470c0 SelectPalette
0x4470c4 GetBkColor
0x4470c8 StartPage
0x4470cc EndPage
0x4470d0 SetAbortProc
0x4470d4 AbortDoc
0x4470d8 EndDoc
0x4470e0 DeleteDC
0x4470e4 ExtSelectClipRgn
0x4470e8 SetViewportExtEx
0x4470ec PolyBezierTo
0x4470f0 PolylineTo
0x4470f4 PolyDraw
0x4470f8 ArcTo
0x447100 ScaleWindowExtEx
0x447104 SetWindowExtEx
0x447108 OffsetWindowOrgEx
0x44710c SetWindowOrgEx
0x447110 GetTextMetricsA
0x447114 GetStockObject
0x447118 GetDeviceCaps
0x44711c CreateBitmap
0x447120 GetObjectA
0x447124 SetBkColor
0x447128 SetTextColor
0x44712c GetClipBox
0x447130 GetDCOrgEx
0x447134 CreateCompatibleDC
0x44713c ChoosePixelFormat
0x447140 SetRectRgn
0x447144 SetPixelFormat
0x447148 OffsetViewportOrgEx
0x44714c SetViewportOrgEx
0x447150 SelectObject
0x447154 Escape
0x447158 ExtTextOutA
0x44715c TextOutA
0x447160 RectVisible
0x447164 PtVisible
0x447168 StartDocA
0x44716c GetPixel
0x447170 BitBlt
0x447174 GetWindowExtEx
0x447178 GetViewportExtEx
0x44717c SelectClipPath
0x447180 CreateRectRgn
0x447184 GetClipRgn
0x447188 SelectClipRgn
0x44718c SetColorAdjustment
0x447190 SetArcDirection
0x447194 SetMapperFlags
0x4471a0 SetTextAlign
0x4471a4 MoveToEx
0x4471a8 LineTo
0x4471ac OffsetClipRgn
0x4471b0 IntersectClipRect
0x4471b4 ExcludeClipRect
0x4471b8 SetMapMode
0x4471bc SetStretchBltMode
0x4471c0 SetROP2
0x4471c4 SetPolyFillMode
0x4471c8 SetBkMode
0x4471cc RestoreDC
0x4471d0 SaveDC
0x4471d4 DeleteObject
0x4471d8 CreateDCA
0x4471dc CopyMetaFileA
0x4471e0 ScaleViewportExtEx
Library comdlg32.dll:
0x447830 PageSetupDlgA
0x447834 FindTextA
0x447838 ReplaceTextA
0x44783c GetOpenFileNameA
0x447844 PrintDlgA
0x447848 GetSaveFileNameA
0x44784c GetFileTitleA
Library WINSPOOL.DRV:
0x44781c OpenPrinterA
0x447820 DocumentPropertiesA
0x447824 ClosePrinter
0x447828 GetJobA
Library ADVAPI32.dll:
0x447000 RegDeleteValueA
0x447004 GetFileSecurityA
0x447008 RegCloseKey
0x44700c RegQueryValueExA
0x447010 RegOpenKeyExA
0x447014 RegDeleteKeyA
0x447018 RegEnumKeyA
0x44701c RegOpenKeyA
0x447020 RegQueryValueA
0x447024 RegSetValueA
0x447028 RegCreateKeyExA
0x44702c RegCreateKeyA
0x447030 SetFileSecurityA
0x447034 RegSetValueExA
Library SHELL32.dll:
0x447540 DragQueryFileA
0x447544 SHGetFileInfoA
0x447548 ExtractIconA
0x44754c DragFinish
Library COMCTL32.dll:
0x44703c ImageList_Draw
0x447044
0x447048
0x44704c ImageList_Read
0x447050 ImageList_Write
0x447054
0x447058 ImageList_Destroy
0x44705c ImageList_Create
0x447064 ImageList_Merge
Library SHLWAPI.dll:
0x447558 PathFindFileNameA
0x44755c PathStripToRootA
0x447560 PathFindExtensionA
0x447564 PathIsUNCA
Library ole32.dll:
0x447854 WriteClassStg
0x447858 OleRegGetUserType
0x44785c SetConvertStg
0x447860 CoTaskMemFree
0x447864 ReadFmtUserTypeStg
0x447868 ReadClassStg
0x44786c StringFromCLSID
0x447870 CoTreatAsClass
0x447874 CreateBindCtx
0x447878 CoTaskMemAlloc
0x44787c ReleaseStgMedium
0x447880 OleDuplicateData
0x447884 CoDisconnectObject
0x447888 CoCreateInstance
0x44788c StringFromGUID2
0x447890 CLSIDFromString
0x447894 WriteFmtUserTypeStg
Library OLEAUT32.dll:
0x447478 SafeArrayUnlock
0x44747c VariantClear
0x447480 VariantChangeType
0x447484 VariantInit
0x447488 SysAllocStringLen
0x44748c SysFreeString
0x447490 SysStringLen
0x447498 SysStringByteLen
0x4474a0 SafeArrayAccessData
0x4474a4 SafeArrayGetUBound
0x4474a8 SafeArrayGetLBound
0x4474b0 SafeArrayGetDim
0x4474b4 SafeArrayCreate
0x4474b8 SafeArrayRedim
0x4474bc VariantCopy
0x4474c0 SafeArrayAllocData
0x4474c8 SafeArrayCopy
0x4474cc SafeArrayGetElement
0x4474d0 SafeArrayPtrOfIndex
0x4474d4 SafeArrayPutElement
0x4474d8 SafeArrayLock
0x4474dc SafeArrayDestroy
0x4474f0 SysAllocString
0x4474f4 SysReAllocStringLen
0x4474f8 VarDateFromStr
0x4474fc VarBstrFromDec
0x447500 VarDecFromStr
0x447504 VarCyFromStr
0x447508 VarBstrFromCy
0x44750c VarBstrFromDate

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62912 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.