6.6
高危
57 个模型检测该样本为恶意!
重新分析
更多

6197d65fa4ed730e9e928bdfde6404514a8e46450a9b5e7f848f42351dc0cffb

c4ed153fcad5d98d75b556743a86b509.exe

分析耗时

54s

最近分析

文件大小

579.5KB
静态报毒 动态报毒 100% AI SCORE=84 AIDETECTVM ATTRIBUTE BSCOPE CLOUD CONFIDENCE ELDORADO GEN3 GENERICRXHH GENETIC GGUBSJ HIGH CONFIDENCE HIGHCONFIDENCE KUW@AWE9YY MALICIOUS PE MALWARE2 MALWARE@#10O0Q25WN9WE9 OPPJWB2YYKK QAKBOT QBOT QVM20 R002C0PEI20 R291062 SCORE SUSGEN TAFD TROJANBANKER UNSAFE XPACK ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba TrojanBanker:Win32/Qakbot.a43f18f3 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Qakbot-DC [Trj] 20200820 18.4.3895.0
Kingsoft 20200820 2013.8.14.323
McAfee GenericRXHH-PX!C4ED153FCAD5 20200820 6.0.6.653
Tencent Win32.Trojan-banker.Qbot.Tafd 20200820 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Queries for the computername (3 个事件)
Time & API Arguments Status Return Repeated
1619936939.728999
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619936952.618999
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619936940.665499
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Command line console output was observed (28 个事件)
Time & API Arguments Status Return Repeated
1619936955.399874
WriteConsoleA
buffer: ÕýÔÚ Ping 127.0.0.1
console_handle: 0x00000007
success 1 0
1619936955.415874
WriteConsoleA
buffer: ¾ßÓÐ 32 ×Ö½ÚµÄÊý¾Ý:
console_handle: 0x00000007
success 1 0
1619936955.415874
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619936955.431874
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619936955.431874
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619936955.431874
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619936956.431874
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619936956.431874
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619936956.431874
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619936956.431874
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619936957.431874
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619936957.431874
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619936957.431874
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619936957.431874
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619936958.431874
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619936958.431874
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619936958.431874
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619936958.431874
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619936959.431874
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619936959.431874
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619936959.431874
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619936959.431874
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619936960.431874
WriteConsoleA
buffer: À´×Ô 127.0.0.1 µÄ»Ø¸´:
console_handle: 0x00000007
success 1 0
1619936960.431874
WriteConsoleA
buffer: ×Ö½Ú=32
console_handle: 0x00000007
success 1 0
1619936960.431874
WriteConsoleA
buffer: ʱ¼ä<1ms
console_handle: 0x00000007
success 1 0
1619936960.431874
WriteConsoleA
buffer: TTL=128
console_handle: 0x00000007
success 1 0
1619936960.696874
WriteConsoleA
buffer: 127.0.0.1 µÄ Ping ͳ¼ÆÐÅÏ¢: Êý¾Ý°ü: ÒÑ·¢ËÍ = 6£¬ÒѽÓÊÕ = 6£¬¶ªÊ§ = 0 (0% ¶ªÊ§)£¬
console_handle: 0x00000007
success 1 0
1619936960.696874
WriteConsoleA
buffer: Íù·µÐг̵ĹÀ¼Æʱ¼ä(ÒÔºÁÃëΪµ¥Î»): ×î¶Ì = 0ms£¬× = 0ms£¬Æ½¾ù = 0ms
console_handle: 0x00000007
success 1 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619936955.384874
GlobalMemoryStatusEx
success 1 0
One or more processes crashed (5 个事件)
Time & API Arguments Status Return Repeated
1619936952.618999
__exception__
stacktrace: 
c4ed153fcad5d98d75b556743a86b509+0xf3ed @ 0x40f3ed
c4ed153fcad5d98d75b556743a86b509+0x2c42 @ 0x402c42
c4ed153fcad5d98d75b556743a86b509+0x34d8 @ 0x4034d8
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1633752
registers.edi: 0
registers.eax: 6619136
registers.ebp: 1634360
registers.edx: 4335200
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 1633768
exception.instruction_r: 8b 08 51 e8 a6 02 00 00 83 c4 14 85 c0 75 3e 8d
exception.symbol: c4ed153fcad5d98d75b556743a86b509+0xe882
exception.instruction: mov ecx, dword ptr [eax]
exception.module: c4ed153fcad5d98d75b556743a86b509.exe
exception.exception_code: 0xc0000005
exception.offset: 59522
exception.address: 0x40e882
success 0 0
1619936941.353499
__exception__
stacktrace: 
c4ed153fcad5d98d75b556743a86b509+0xb061 @ 0x40b061
c4ed153fcad5d98d75b556743a86b509+0x3388 @ 0x403388
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1636608
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1636668
registers.edx: 22104
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 c7 45 fc ff ff
exception.symbol: c4ed153fcad5d98d75b556743a86b509+0xb1a5
exception.instruction: in eax, dx
exception.module: c4ed153fcad5d98d75b556743a86b509.exe
exception.exception_code: 0xc0000096
exception.offset: 45477
exception.address: 0x40b1a5
success 0 0
1619936941.353499
__exception__
stacktrace: 
c4ed153fcad5d98d75b556743a86b509+0xb06a @ 0x40b06a
c4ed153fcad5d98d75b556743a86b509+0x3388 @ 0x403388
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1636612
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1636668
registers.edx: 22104
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 20
exception.instruction_r: ed 89 45 e4 5a 59 5b 58 c7 45 fc ff ff ff ff eb
exception.symbol: c4ed153fcad5d98d75b556743a86b509+0xa72e
exception.instruction: in eax, dx
exception.module: c4ed153fcad5d98d75b556743a86b509.exe
exception.exception_code: 0xc0000096
exception.offset: 42798
exception.address: 0x40a72e
success 0 0
1619936945.853499
__exception__
stacktrace: 
c4ed153fcad5d98d75b556743a86b509+0xb097 @ 0x40b097
c4ed153fcad5d98d75b556743a86b509+0x3388 @ 0x403388
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1636628
registers.edi: 0
registers.eax: 0
registers.ebp: 1636668
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
exception.instruction_r: 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e
exception.symbol: c4ed153fcad5d98d75b556743a86b509+0xaf5a
exception.instruction: ds
exception.module: c4ed153fcad5d98d75b556743a86b509.exe
exception.exception_code: 0xc0000005
exception.offset: 44890
exception.address: 0x40af5a
success 0 0
1619936945.853499
__exception__
stacktrace: 
c4ed153fcad5d98d75b556743a86b509+0xb0a0 @ 0x40b0a0
c4ed153fcad5d98d75b556743a86b509+0x3388 @ 0x403388
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1636628
registers.edi: 0
registers.eax: 0
registers.ebp: 1636668
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 1638340
exception.instruction_r: 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e 3e
exception.symbol: c4ed153fcad5d98d75b556743a86b509+0xafea
exception.instruction: ds
exception.module: c4ed153fcad5d98d75b556743a86b509.exe
exception.exception_code: 0xc0000005
exception.offset: 45034
exception.address: 0x40afea
success 0 0
行为判定
动态指标
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c4ed153fcad5d98d75b556743a86b509.exe
Creates a suspicious process (2 个事件)
cmdline "C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c4ed153fcad5d98d75b556743a86b509.exe"
cmdline cmd.exe /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c4ed153fcad5d98d75b556743a86b509.exe"
A process created a hidden window (2 个事件)
Time & API Arguments Status Return Repeated
1619936940.493999
CreateProcessInternalW
thread_identifier: 880
thread_handle: 0x00000140
process_identifier: 2128
current_directory:
filepath:
track: 1
command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c4ed153fcad5d98d75b556743a86b509.exe /C
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x00000144
inherit_handles: 0
success 1 0
1619936954.915999
ShellExecuteExW
parameters: /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c4ed153fcad5d98d75b556743a86b509.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
The binary likely contains encrypted or compressed data indicative of a packer (3 个事件)
entropy 7.522788611812783 section {'size_of_data': '0x00009400', 'virtual_address': '0x00015000', 'entropy': 7.522788611812783, 'name': '.rdata', 'virtual_size': '0x00009208'} description A section with a high entropy has been found
entropy 7.99623084211062 section {'size_of_data': '0x00071000', 'virtual_address': '0x00024000', 'entropy': 7.99623084211062, 'name': '.rsrc', 'virtual_size': '0x00070fbc'} description A section with a high entropy has been found
entropy 0.8452895419187554 description Overall entropy of this PE file is high
Uses Windows utilities for basic Windows functionality (3 个事件)
cmdline "C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c4ed153fcad5d98d75b556743a86b509.exe"
cmdline ping.exe -n 6 127.0.0.1
cmdline cmd.exe /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c4ed153fcad5d98d75b556743a86b509.exe"
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Detects VMWare through the in instruction feature (1 个事件)
Time & API Arguments Status Return Repeated
1619936941.353499
__exception__
stacktrace: 
c4ed153fcad5d98d75b556743a86b509+0xb061 @ 0x40b061
c4ed153fcad5d98d75b556743a86b509+0x3388 @ 0x403388
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1636608
registers.edi: 0
registers.eax: 1447909480
registers.ebp: 1636668
registers.edx: 22104
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 10
exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 c7 45 fc ff ff
exception.symbol: c4ed153fcad5d98d75b556743a86b509+0xb1a5
exception.instruction: in eax, dx
exception.module: c4ed153fcad5d98d75b556743a86b509.exe
exception.exception_code: 0xc0000096
exception.offset: 45477
exception.address: 0x40b1a5
success 0 0
File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Generic.Exploit.Shellcode.2.2BFFD9E0
ALYac Trojan.Agent.QakBot
Malwarebytes Backdoor.Qbot
Zillya Trojan.Qbot.Win32.6911
Sangfor Malware
K7AntiVirus Backdoor ( 00546c1a1 )
Alibaba TrojanBanker:Win32/Qakbot.a43f18f3
K7GW Backdoor ( 00546c1a1 )
Cybereason malicious.fcad5d
Invincea heuristic
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Qbot.CC
APEX Malicious
Paloalto generic.ml
ClamAV Win.Exploit.Qakbot-7168454-0
Kaspersky Trojan-Banker.Win32.Qbot.tww
BitDefender Generic.Exploit.Shellcode.2.2BFFD9E0
NANO-Antivirus Trojan.Win32.Qbot.ggubsj
ViRobot Trojan.Win32.S.Qakbot.593408
AegisLab Trojan.Win32.Qbot.4!c
Avast Win32:Qakbot-DC [Trj]
Rising Backdoor.Qakbot!1.BCE5 (CLOUD)
Ad-Aware Generic.Exploit.Shellcode.2.2BFFD9E0
Comodo Malware@#10o0q25wn9we9
F-Secure Trojan.TR/Crypt.XPACK.Gen3
DrWeb BackDoor.Qbot.503
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R002C0PEI20
FireEye Generic.mg.c4ed153fcad5d98d
Sophos Mal/Generic-S
SentinelOne DFI - Malicious PE
F-Prot W32/Heuristic-KPP!Eldorado
Jiangmin Trojan.Banker.Qbot.dh
eGambit Unsafe.AI_Score_99%
Avira TR/Crypt.XPACK.Gen3
Fortinet W32/QBOT.CC!tr
Antiy-AVL Trojan[Banker]/Win32.Qbot
ZoneAlarm Trojan-Banker.Win32.Qbot.tww
Microsoft Trojan:Win32/Qakbot.SD!MTB
AhnLab-V3 Malware/Win32.RL_Generic.R291062
Acronis suspicious
McAfee GenericRXHH-PX!C4ED153FCAD5
VBA32 BScope.Backdoor.Qbot
Cylance Unsafe
TrendMicro-HouseCall TROJ_GEN.R002C0PEI20
Tencent Win32.Trojan-banker.Qbot.Tafd
Yandex Trojan.Qbot!OpPJWB2yyKk
MAX malware (ai score=84)
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.78:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-08-13 17:10:47

Imports

Library msvcrt.dll:
0x415208 strncpy
0x41520c _ftol2_sse
0x415210 _ltoa
0x415214 _except_handler3
0x415218 strchr
0x41521c _wtol
0x415220 memcpy
0x415224 memset
Library USERENV.dll:
Library SHLWAPI.dll:
0x4151d4 wvnsprintfA
0x4151d8 wvnsprintfW
0x4151dc StrStrW
0x4151e0 StrStrIW
0x4151e4 StrStrIA
0x4151e8 PathUnquoteSpacesW
Library ole32.dll:
0x41522c CoInitialize
0x415230 CoCreateInstance
0x415234 CoUninitialize
0x415238 CoSetProxyBlanket
0x415240 CoInitializeEx
Library SHELL32.dll:
0x4151c4 CommandLineToArgvW
0x4151c8 ShellExecuteW
0x4151cc SHGetFolderPathW
Library SETUPAPI.dll:
Library KERNEL32.dll:
0x415074 Sleep
0x415078 lstrcpynW
0x41507c CloseHandle
0x415080 SetEvent
0x415084 SleepEx
0x415088 OpenEventA
0x41508c GetCurrentProcessId
0x415090 GetLastError
0x415094 FreeLibrary
0x415098 GetProcAddress
0x41509c LoadLibraryA
0x4150a0 GetModuleHandleA
0x4150a4 ExitProcess
0x4150a8 GetSystemTime
0x4150ac lstrcmpiW
0x4150b0 lstrcmpA
0x4150b4 CopyFileW
0x4150b8 GetCommandLineW
0x4150bc lstrlenW
0x4150c0 lstrlenA
0x4150c4 lstrcmpiA
0x4150cc HeapCreate
0x4150d0 HeapAlloc
0x4150d4 HeapFree
0x4150d8 GetExitCodeProcess
0x4150dc WaitForSingleObject
0x4150e0 TerminateProcess
0x4150e4 ResumeThread
0x4150e8 WideCharToMultiByte
0x4150ec MultiByteToWideChar
0x4150f0 lstrcatA
0x4150f4 lstrcatW
0x4150f8 lstrcpyA
0x4150fc GetLocalTime
0x415108 GetFileSize
0x41510c VirtualAlloc
0x415110 CreateMutexA
0x415114 OpenMutexA
0x415118 ReleaseMutex
0x41511c GetCurrentProcess
0x415120 GetCurrentThread
0x415124 LocalAlloc
0x415128 GetComputerNameExA
0x41512c CreateEventW
0x415130 LoadResource
0x415134 SizeofResource
0x415138 FindResourceA
0x41513c GetDriveTypeW
0x415140 GetSystemInfo
0x415144 GetVersionExA
0x415148 GetModuleFileNameW
0x41514c GetComputerNameW
0x41515c GetTickCount
0x415164 GetModuleFileNameA
0x41516c CreateEventA
0x415170 GetThreadContext
0x415174 TerminateThread
0x415178 CreateThread
0x41517c OpenProcess
0x415180 VirtualFree
0x415184 DeleteFileW
0x415188 GetFileAttributesA
0x41518c GetFileAttributesW
0x415190 LocalFree
0x415194 lstrcpyW
0x415198 CreateDirectoryW
Library USER32.dll:
0x4151f0 CharUpperBuffA
0x4151f4 CharUpperBuffW
0x4151f8 MessageBoxA
Library ADVAPI32.dll:
0x415008 SetServiceStatus
0x41500c EqualSid
0x415010 LookupAccountNameW
0x415018 OpenProcessToken
0x41501c OpenThreadToken
0x415020 GetTokenInformation
0x415028 RegLoadKeyW
0x41502c RegUnLoadKeyW
0x415030 RegSetValueExW
0x415034 RegQueryValueExW
0x415038 SetFileSecurityW
0x41503c RegDeleteValueW
0x415040 RegOpenKeyExW
0x415044 RegQueryInfoKeyW
0x415048 RegCloseKey
0x41504c RegEnumValueW
0x415050 LookupAccountSidW
0x415054 GetUserNameA
0x415064 GetSidSubAuthority
Library NETAPI32.dll:
0x4151a0 NetApiBufferFree
0x4151a4 NetUserEnum
0x4151a8 NetGetDCName

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 53658 239.255.255.250 3702
192.168.56.101 55369 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.