13.8
0-day
58 个模型检测该样本为恶意!
重新分析
更多

74dd17973ffad45d4ffec5744331335523b2e25ef04c701c928a8de6513a36aa

93a9ac45bcd168620f0c6c72ec496cd7.exe

分析耗时

83s

最近分析

文件大小

496.0KB
静态报毒 动态报毒 100% AGEN AGENSLANET AI SCORE=100 ALI2000016 CLOUD CONFIDENCE EHNS ELDORADO FM0@A4K7G2N GDSDA GENKRYPTIK HIGH CONFIDENCE HIGOCE HTLX KRYPT KRYPTIK MALICIOUS PE MALWARE@#21LO08KKY609L MSILRANDOMKRYPT OCCAMY OLPU R066C0DHK20 RATX SCORE SUSGEN TSCOPE UNSAFE UTLHMTZUWQA ZEMSILF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee RDN/Generic.grp 20200826 6.0.6.653
Alibaba Trojan:Win32/Kryptik.ali2000016 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:RATX-gen [Trj] 20200826 18.4.3895.0
Kingsoft 20200826 2013.8.14.323
Tencent Msil.Trojan.Crypt.Htlx 20200826 1.0.0.1
静态指标
Queries for the computername (9 个事件)
Time & API Arguments Status Return Repeated
1619810889.45575
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619810862.6435
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619810862.6745
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619810862.7055
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619810862.7375
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619810867.2525
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
1619810867.2525
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619810892.877498
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
1619810892.877498
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Checks if process is being debugged by a debugger (4 个事件)
Time & API Arguments Status Return Repeated
1619810854.75275
IsDebuggerPresent
failed 0 0
1619810862.9875
IsDebuggerPresent
failed 0 0
1619810891.7685
IsDebuggerPresent
failed 0 0
1619810891.8155
IsDebuggerPresent
failed 0 0
Uses Windows APIs to generate a cryptographic key (50 out of 64 个事件)
Time & API Arguments Status Return Repeated
1619810863.9245
CryptExportKey
crypto_handle: 0x005180b8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810865.0185
CryptExportKey
crypto_handle: 0x00517f78
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810865.0185
CryptExportKey
crypto_handle: 0x00517f78
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810865.0335
CryptExportKey
crypto_handle: 0x00517f78
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810865.0805
CryptExportKey
crypto_handle: 0x00517f78
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810865.0805
CryptExportKey
crypto_handle: 0x00517f78
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810865.0965
CryptExportKey
crypto_handle: 0x00517f78
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810865.1435
CryptExportKey
crypto_handle: 0x00517f78
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810865.1905
CryptExportKey
crypto_handle: 0x005174b8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810865.2055
CryptExportKey
crypto_handle: 0x005174b8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810865.2215
CryptExportKey
crypto_handle: 0x005174b8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810865.2215
CryptExportKey
crypto_handle: 0x005174b8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810865.2215
CryptExportKey
crypto_handle: 0x005174b8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810865.2215
CryptExportKey
crypto_handle: 0x005174b8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810865.6905
CryptExportKey
crypto_handle: 0x005179f8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810865.6905
CryptExportKey
crypto_handle: 0x005179f8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810865.6905
CryptExportKey
crypto_handle: 0x005179f8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810865.7055
CryptExportKey
crypto_handle: 0x005179f8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810865.7055
CryptExportKey
crypto_handle: 0x005179f8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810865.7055
CryptExportKey
crypto_handle: 0x005179f8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810865.7525
CryptExportKey
crypto_handle: 0x005179f8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810866.5965
CryptExportKey
crypto_handle: 0x00517db8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810866.5965
CryptExportKey
crypto_handle: 0x00517db8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810866.5965
CryptExportKey
crypto_handle: 0x00517db8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810866.6125
CryptExportKey
crypto_handle: 0x005178f8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810866.6125
CryptExportKey
crypto_handle: 0x00517db8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810866.6125
CryptExportKey
crypto_handle: 0x00517db8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810866.6125
CryptExportKey
crypto_handle: 0x00517db8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810866.6125
CryptExportKey
crypto_handle: 0x00517db8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810866.6125
CryptExportKey
crypto_handle: 0x00517db8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810866.6585
CryptExportKey
crypto_handle: 0x00517db8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810866.6585
CryptExportKey
crypto_handle: 0x00517db8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810866.8155
CryptExportKey
crypto_handle: 0x00517db8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810866.8155
CryptExportKey
crypto_handle: 0x00517db8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810866.9715
CryptExportKey
crypto_handle: 0x00517cf8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810866.9715
CryptExportKey
crypto_handle: 0x00517cf8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810866.9875
CryptExportKey
crypto_handle: 0x00517cf8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810866.9875
CryptExportKey
crypto_handle: 0x00517cf8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810866.9875
CryptExportKey
crypto_handle: 0x00517cf8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810866.9875
CryptExportKey
crypto_handle: 0x00517cf8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810867.0025
CryptExportKey
crypto_handle: 0x00517cf8
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810867.1275
CryptExportKey
crypto_handle: 0x00517378
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810867.1435
CryptExportKey
crypto_handle: 0x00517378
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810867.3305
CryptExportKey
crypto_handle: 0x00517378
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810867.3305
CryptExportKey
crypto_handle: 0x00517378
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810867.3465
CryptExportKey
crypto_handle: 0x00517378
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810867.3465
CryptExportKey
crypto_handle: 0x00517378
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810867.3465
CryptExportKey
crypto_handle: 0x00517378
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810867.3775
CryptExportKey
crypto_handle: 0x00517378
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
1619810867.3775
CryptExportKey
crypto_handle: 0x00517378
crypto_export_handle: 0x00000000
buffer: <INVALID POINTER>
blob_type: 6
flags: 0
success 1 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619810858.28375
GlobalMemoryStatusEx
success 1 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (50 out of 205 个事件)
Time & API Arguments Status Return Repeated
1619810853.44075
NtAllocateVirtualMemory
process_identifier: 784
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x003e0000
success 0 0
1619810853.44075
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003f0000
success 0 0
1619810854.48775
NtProtectVirtualMemory
process_identifier: 784
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73f31000
success 0 0
1619810854.76875
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0047a000
success 0 0
1619810854.76875
NtProtectVirtualMemory
process_identifier: 784
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73f32000
success 0 0
1619810854.76875
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00472000
success 0 0
1619810855.22175
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00482000
success 0 0
1619810855.34675
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00483000
success 0 0
1619810855.36275
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x005bb000
success 0 0
1619810855.36275
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x005b7000
success 0 0
1619810855.42475
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0048c000
success 0 0
1619810855.51875
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x007c0000
success 0 0
1619810855.97175
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00484000
success 0 0
1619810855.97175
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00485000
success 0 0
1619810856.04975
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00486000
success 0 0
1619810856.25275
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0059a000
success 0 0
1619810856.25275
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00597000
success 0 0
1619810856.25275
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x005aa000
success 0 0
1619810856.31575
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0047b000
success 0 0
1619810856.39375
NtAllocateVirtualMemory
process_identifier: 784
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x007c1000
success 0 0
1619810856.47175
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00596000
success 0 0
1619810856.76875
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0048a000
success 0 0
1619810856.78375
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x009f0000
success 0 0
1619810856.89375
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003f1000
success 0 0
1619810857.11275
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x005a2000
success 0 0
1619810857.23775
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x005b5000
success 0 0
1619810857.69075
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x007c7000
success 0 0
1619810857.90875
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00487000
success 0 0
1619810858.09675
NtAllocateVirtualMemory
process_identifier: 784
region_size: 917504
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x04c10000
success 0 0
1619810858.09675
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x04cb0000
success 0 0
1619810858.09675
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x04cb1000
success 0 0
1619810858.12775
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x04cb2000
success 0 0
1619810858.14375
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x04cb3000
success 0 0
1619810858.14375
NtAllocateVirtualMemory
process_identifier: 784
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x04cb4000
success 0 0
1619810858.14375
NtAllocateVirtualMemory
process_identifier: 784
region_size: 20480
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x04cb8000
success 0 0
1619810858.15875
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00488000
success 0 0
1619810858.20575
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x007c8000
success 0 0
1619810858.20575
NtAllocateVirtualMemory
process_identifier: 784
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x04cbd000
success 0 0
1619810858.20575
NtAllocateVirtualMemory
process_identifier: 784
region_size: 69632
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x04cc1000
success 0 0
1619810858.22175
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x007c9000
success 0 0
1619810858.48775
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x009f1000
success 0 0
1619810858.50275
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00473000
success 0 0
1619810858.61275
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x007ca000
success 0 0
1619810887.09675
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x007cb000
success 0 0
1619810887.14375
NtAllocateVirtualMemory
process_identifier: 784
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
base_address: 0x7ef40000
success 0 0
1619810887.14375
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x7ef40000
success 0 0
1619810887.14375
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x7ef40000
success 0 0
1619810887.14375
NtAllocateVirtualMemory
process_identifier: 784
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
base_address: 0x7ef30000
success 0 0
1619810887.14375
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x7ef30000
success 0 0
1619810887.42475
NtAllocateVirtualMemory
process_identifier: 784
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x009f2000
success 0 0
Creates a shortcut to an executable file (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
Creates a suspicious process (1 个事件)
cmdline "powershell" Get-MpPreference -verbose
Executes one or more WMI queries (1 个事件)
wmi SELECT * FROM Win32_VideoController
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619810858.78375
CreateProcessInternalW
thread_identifier: 2504
thread_handle: 0x0000022c
process_identifier: 2976
current_directory: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp
filepath:
track: 1
command_line: "powershell" Get-MpPreference -verbose
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x00000238
inherit_handles: 1
success 1 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.86707888973385 section {'size_of_data': '0x0007b600', 'virtual_address': '0x00002000', 'entropy': 7.86707888973385, 'name': '.text', 'virtual_size': '0x0007b414'} description A section with a high entropy has been found
entropy 0.9959636730575177 description Overall entropy of this PE file is high
Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)
Time & API Arguments Status Return Repeated
1619810863.7215
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Allocates execute permission to another process indicative of possible code injection (1 个事件)
Time & API Arguments Status Return Repeated
1619810891.00275
NtAllocateVirtualMemory
process_identifier: 176
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000003a0
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
success 0 0
Checks the version of Bios, possibly for anti-virtualization (2 个事件)
registry HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
Detects virtualization software with SCSI Disk Identifier trick(s) (1 个事件)
registry HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0
Potential code injection by writing to the memory of another process (4 个事件)
Time & API Arguments Status Return Repeated
1619810891.00275
WriteProcessMemory
process_identifier: 176
buffer: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PEL»^à  Œnª À@ @…ªSÀà  H.texttŠ Œ `.rsrcÀŽ@@.reloc à”@B
process_handle: 0x000003a0
base_address: 0x00400000
success 1 0
1619810891.03375
WriteProcessMemory
process_identifier: 176
buffer:  €P€8€€h€ À|Ãê|4VS_VERSION_INFO½ïþ?DVarFileInfo$Translation°ÜStringFileInfo¸000004b0,FileDescription 0FileVersion0.0.0.0TInternalNameItTrGKZFerwsBAfLwoER.exe(LegalCopyright \OriginalFilenameItTrGKZFerwsBAfLwoER.exe4ProductVersion0.0.0.08Assembly Version0.0.0.0<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
process_handle: 0x000003a0
base_address: 0x0044c000
success 1 0
1619810891.03375
WriteProcessMemory
process_identifier: 176
buffer:   p:
process_handle: 0x000003a0
base_address: 0x0044e000
success 1 0
1619810891.03375
WriteProcessMemory
process_identifier: 176
buffer: @
process_handle: 0x000003a0
base_address: 0x7efde008
success 1 0
Code injection by writing an executable or DLL to the memory of another process (1 个事件)
Time & API Arguments Status Return Repeated
1619810891.00275
WriteProcessMemory
process_identifier: 176
buffer: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PEL»^à  Œnª À@ @…ªSÀà  H.texttŠ Œ `.rsrcÀŽ@@.reloc à”@B
process_handle: 0x000003a0
base_address: 0x00400000
success 1 0
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 784 called NtSetContextThread to modify thread in remote process 176
Time & API Arguments Status Return Repeated
1619810891.03375
NtSetContextThread
thread_handle: 0x0000039c
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4500078
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 176
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 784 resumed a thread in remote process 176
Time & API Arguments Status Return Repeated
1619810891.37775
NtResumeThread
thread_handle: 0x0000039c
suspend_count: 1
process_identifier: 176
success 0 0
Detects VirtualBox through the presence of a registry key (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions
Detects VMWare through the presence of a registry key (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware Tools
Detects the presence of Wine emulator (1 个事件)
Time & API Arguments Status Return Repeated
1619810887.11275
LdrGetProcedureAddress
ordinal: 0
module: KERNEL32
module_address: 0x76340000
function_address: 0x003ddf98
function_name: wine_get_unix_file_name
failed 3221225785 0
Disables Windows Security features (4 个事件)
description attempts to modify windows defender policies registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring
description attempts to modify windows defender policies registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware
description attempts to modify windows defender policies registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable
description attempts to modify windows defender policies registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection
Executed a process and injected code into it, probably while unpacking (23 个事件)
Time & API Arguments Status Return Repeated
1619810854.75275
NtResumeThread
thread_handle: 0x000000d0
suspend_count: 1
process_identifier: 784
success 0 0
1619810854.95575
NtResumeThread
thread_handle: 0x00000160
suspend_count: 1
process_identifier: 784
success 0 0
1619810858.78375
CreateProcessInternalW
thread_identifier: 2504
thread_handle: 0x0000022c
process_identifier: 2976
current_directory: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp
filepath:
track: 1
command_line: "powershell" Get-MpPreference -verbose
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x00000238
inherit_handles: 1
success 1 0
1619810887.12775
NtResumeThread
thread_handle: 0x00000264
suspend_count: 1
process_identifier: 784
success 0 0
1619810887.44075
NtResumeThread
thread_handle: 0x00000334
suspend_count: 1
process_identifier: 784
success 0 0
1619810891.00275
CreateProcessInternalW
thread_identifier: 884
thread_handle: 0x0000039c
process_identifier: 176
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\93a9ac45bcd168620f0c6c72ec496cd7.exe
track: 1
command_line: "{path}"
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\93a9ac45bcd168620f0c6c72ec496cd7.exe
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x000003a0
inherit_handles: 0
success 1 0
1619810891.00275
NtGetContextThread
thread_handle: 0x0000039c
success 0 0
1619810891.00275
NtAllocateVirtualMemory
process_identifier: 176
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000003a0
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
success 0 0
1619810891.00275
WriteProcessMemory
process_identifier: 176
buffer: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PEL»^à  Œnª À@ @…ªSÀà  H.texttŠ Œ `.rsrcÀŽ@@.reloc à”@B
process_handle: 0x000003a0
base_address: 0x00400000
success 1 0
1619810891.01875
WriteProcessMemory
process_identifier: 176
buffer:
process_handle: 0x000003a0
base_address: 0x00402000
success 1 0
1619810891.03375
WriteProcessMemory
process_identifier: 176
buffer:  €P€8€€h€ À|Ãê|4VS_VERSION_INFO½ïþ?DVarFileInfo$Translation°ÜStringFileInfo¸000004b0,FileDescription 0FileVersion0.0.0.0TInternalNameItTrGKZFerwsBAfLwoER.exe(LegalCopyright \OriginalFilenameItTrGKZFerwsBAfLwoER.exe4ProductVersion0.0.0.08Assembly Version0.0.0.0<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
process_handle: 0x000003a0
base_address: 0x0044c000
success 1 0
1619810891.03375
WriteProcessMemory
process_identifier: 176
buffer:   p:
process_handle: 0x000003a0
base_address: 0x0044e000
success 1 0
1619810891.03375
WriteProcessMemory
process_identifier: 176
buffer: @
process_handle: 0x000003a0
base_address: 0x7efde008
success 1 0
1619810891.03375
NtSetContextThread
thread_handle: 0x0000039c
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4500078
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 176
success 0 0
1619810891.37775
NtResumeThread
thread_handle: 0x0000039c
suspend_count: 1
process_identifier: 176
success 0 0
1619810862.9875
NtResumeThread
thread_handle: 0x000002a4
suspend_count: 1
process_identifier: 2976
success 0 0
1619810863.0335
NtResumeThread
thread_handle: 0x000002f8
suspend_count: 1
process_identifier: 2976
success 0 0
1619810868.0805
NtResumeThread
thread_handle: 0x00000464
suspend_count: 1
process_identifier: 2976
success 0 0
1619810869.1585
NtResumeThread
thread_handle: 0x000003bc
suspend_count: 1
process_identifier: 2976
success 0 0
1619810891.7685
NtResumeThread
thread_handle: 0x000000d0
suspend_count: 1
process_identifier: 176
success 0 0
1619810891.7835
NtResumeThread
thread_handle: 0x0000015c
suspend_count: 1
process_identifier: 176
success 0 0
1619810892.4245
CreateProcessInternalW
thread_identifier: 1760
thread_handle: 0x000001a4
process_identifier: 2116
current_directory:
filepath: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
track: 1
command_line: dw20.exe -x -s 396
filepath_r: C:\Windows\Microsoft.NET\Framework\v2.0.50727\\dw20.exe
stack_pivoted: 0
creation_flags: 0 ()
process_handle: 0x000001a0
inherit_handles: 1
success 1 0
1619810892.924498
NtResumeThread
thread_handle: 0x000000bc
suspend_count: 1
process_identifier: 2116
success 0 0
File has been identified by 58 AntiVirus engines on VirusTotal as malicious (50 out of 58 个事件)
MicroWorld-eScan Gen:Heur.MSILRandomKrypt.2
FireEye Generic.mg.93a9ac45bcd16862
CAT-QuickHeal Trojan.MSIL
McAfee RDN/Generic.grp
Cylance Unsafe
Zillya Trojan.Kryptik.Win32.1971244
Sangfor Malware
K7AntiVirus Trojan ( 00563ce01 )
Alibaba Trojan:Win32/Kryptik.ali2000016
K7GW Trojan ( 00563ce01 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.MSILRandomKrypt.2
Invincea heuristic
BitDefenderTheta Gen:NN.ZemsilF.34196.Fm0@a4K7g2n
F-Prot W32/MSIL_Kryptik.ALM.gen!Eldorado
TrendMicro-HouseCall TROJ_GEN.R066C0DHK20
Paloalto generic.ml
Kaspersky HEUR:Trojan.MSIL.Crypt.gen
BitDefender Gen:Heur.MSILRandomKrypt.2
NANO-Antivirus Trojan.Win32.Crypt.higoce
AegisLab Trojan.MSIL.Crypt.4!c
Avast Win32:RATX-gen [Trj]
Rising Trojan.Kryptik!8.8 (CLOUD)
Ad-Aware Gen:Heur.MSILRandomKrypt.2
Sophos Mal/Generic-L
Comodo Malware@#21lo08kky609l
F-Secure Heuristic.HEUR/AGEN.1134071
DrWeb Trojan.PWS.AgenslaNET.1
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R066C0DHK20
Emsisoft Gen:Heur.MSILRandomKrypt.2 (B)
APEX Malicious
Cyren W32/MSIL_Kryptik.ALM.gen!Eldorado
Jiangmin Trojan.MSIL.olpu
Webroot W32.Trojan.Gen
Avira HEUR/AGEN.1134071
MAX malware (ai score=100)
Microsoft Trojan:Win32/Occamy.C74
Endgame malicious (high confidence)
ViRobot Trojan.Win32.S.Agent.507904.LM
ZoneAlarm HEUR:Trojan.MSIL.Crypt.gen
GData Gen:Heur.MSILRandomKrypt.2
SentinelOne DFI - Malicious PE
AhnLab-V3 Malware/Win32.RL_Generic.C4070808
VBA32 TScope.Trojan.MSIL
ALYac Trojan.Agent.MSIL.Krypt
Malwarebytes Trojan.Crypt.MSIL.Generic
ESET-NOD32 a variant of MSIL/Kryptik.VGZ
Tencent Msil.Trojan.Crypt.Htlx
Yandex Trojan.Kryptik!UtLHmTzUWqA
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2099-04-20 16:18:43

Imports

Library mscoree.dll:
0x402000 _CorExeMain

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62196 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.