6.8
高危
60 个模型检测该样本为恶意!
重新分析
更多

e16fea1b8874cc6b26e7e2df9697f03f86efa82247bb3b2922f1d05052dbcbb4

c9ce7a9e59bc3459b73d5acc7989dcbe.exe

分析耗时

149s

最近分析

文件大小

811.5KB
静态报毒 动态报毒 100% 3UVR5X AI SCORE=100 APLA AUTO COBALTSTRIKE CONFIDENCE CONTI DELSHAD EMOTET FILECODER FILECRYPTOR GENERICKD HIGH CONFIDENCE HOUMSW IFDHJ5HCKXO JWRFX KCLOUD KRYPTIK KTSE MALWARE@#2R89XMYFJR2XZ RAAS RYUK S + TROJ SCORE SUSGEN TFRANSOM TRICKBOT UNSAFE YQ0@AYHTNJCK ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/DelShad.82488310 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Avast Win32:CobaltStrike-D [Trj] 20201226 21.1.5827.0
Tencent Win32.Trojan.Raas.Auto 20201226 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft Win32.Troj.DelShad.d.(kcloud) 20201226 2017.9.26.565
McAfee Emotet-FRH!C9CE7A9E59BC 20201226 6.0.6.653
静态指标
Queries for the computername (26 个事件)
Time & API Arguments Status Return Repeated
1619906907.99825
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
1619906907.99825
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619906910.32675
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
1619906910.32675
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619906910.935875
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
1619906910.935875
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619906911.52925
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
1619906911.52925
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619906912.295875
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
1619906912.295875
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619906912.951125
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
1619906912.951125
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619906913.54525
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
1619906913.54525
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619906914.139
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
1619906914.139
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619906914.79525
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
1619906914.79525
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619906915.7175
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
1619906915.7175
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619906916.5455
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
1619906916.5455
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619906917.154
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
1619906917.154
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619906917.99825
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
1619906917.99825
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Command line console output was observed (38 个事件)
Time & API Arguments Status Return Repeated
1619906906.77925
WriteConsoleW
buffer: vssadmin 1.1 - 卷影复制服务管理命令行工具 (C) 版权所有 2001-2005 Microsoft Corp.
console_handle: 0x00000007
success 1 0
1619906907.99825
WriteConsoleW
buffer: Error:
console_handle: 0x00000007
success 1 0
1619906907.99825
WriteConsoleW
buffer: 卷影复制服务组件遇到了意外错误。 请检查应用程序事件日志以了解详细信息。
console_handle: 0x00000007
success 1 0
1619906910.31075
WriteConsoleW
buffer: vssadmin 1.1 - 卷影复制服务管理命令行工具 (C) 版权所有 2001-2005 Microsoft Corp.
console_handle: 0x00000007
success 1 0
1619906910.32675
WriteConsoleW
buffer: Error:
console_handle: 0x00000007
success 1 0
1619906910.34275
WriteConsoleW
buffer: 卷影复制服务组件遇到了意外错误。 请检查应用程序事件日志以了解详细信息。
console_handle: 0x00000007
success 1 0
1619906910.904875
WriteConsoleW
buffer: vssadmin 1.1 - 卷影复制服务管理命令行工具 (C) 版权所有 2001-2005 Microsoft Corp.
console_handle: 0x00000007
success 1 0
1619906910.935875
WriteConsoleW
buffer: Error:
console_handle: 0x00000007
success 1 0
1619906910.935875
WriteConsoleW
buffer: 卷影复制服务组件遇到了意外错误。 请检查应用程序事件日志以了解详细信息。
console_handle: 0x00000007
success 1 0
1619906911.49825
WriteConsoleW
buffer: vssadmin 1.1 - 卷影复制服务管理命令行工具 (C) 版权所有 2001-2005 Microsoft Corp.
console_handle: 0x00000007
success 1 0
1619906911.52925
WriteConsoleW
buffer: Error:
console_handle: 0x00000007
success 1 0
1619906911.52925
WriteConsoleW
buffer: 卷影复制服务组件遇到了意外错误。 请检查应用程序事件日志以了解详细信息。
console_handle: 0x00000007
success 1 0
1619906912.279875
WriteConsoleW
buffer: vssadmin 1.1 - 卷影复制服务管理命令行工具 (C) 版权所有 2001-2005 Microsoft Corp.
console_handle: 0x00000007
success 1 0
1619906912.295875
WriteConsoleW
buffer: Error:
console_handle: 0x00000007
success 1 0
1619906912.310875
WriteConsoleW
buffer: 卷影复制服务组件遇到了意外错误。 请检查应用程序事件日志以了解详细信息。
console_handle: 0x00000007
success 1 0
1619906912.920125
WriteConsoleW
buffer: vssadmin 1.1 - 卷影复制服务管理命令行工具 (C) 版权所有 2001-2005 Microsoft Corp.
console_handle: 0x00000007
success 1 0
1619906912.951125
WriteConsoleW
buffer: Error:
console_handle: 0x00000007
success 1 0
1619906912.951125
WriteConsoleW
buffer: 卷影复制服务组件遇到了意外错误。 请检查应用程序事件日志以了解详细信息。
console_handle: 0x00000007
success 1 0
1619906913.51425
WriteConsoleW
buffer: vssadmin 1.1 - 卷影复制服务管理命令行工具 (C) 版权所有 2001-2005 Microsoft Corp.
console_handle: 0x00000007
success 1 0
1619906913.54525
WriteConsoleW
buffer: Error:
console_handle: 0x00000007
success 1 0
1619906913.54525
WriteConsoleW
buffer: 卷影复制服务组件遇到了意外错误。 请检查应用程序事件日志以了解详细信息。
console_handle: 0x00000007
success 1 0
1619906914.123
WriteConsoleW
buffer: vssadmin 1.1 - 卷影复制服务管理命令行工具 (C) 版权所有 2001-2005 Microsoft Corp.
console_handle: 0x00000007
success 1 0
1619906914.154
WriteConsoleW
buffer: Error:
console_handle: 0x00000007
success 1 0
1619906914.154
WriteConsoleW
buffer: 卷影复制服务组件遇到了意外错误。 请检查应用程序事件日志以了解详细信息。
console_handle: 0x00000007
success 1 0
1619906914.76425
WriteConsoleW
buffer: vssadmin 1.1 - 卷影复制服务管理命令行工具 (C) 版权所有 2001-2005 Microsoft Corp.
console_handle: 0x00000007
success 1 0
1619906914.79525
WriteConsoleW
buffer: Error:
console_handle: 0x00000007
success 1 0
1619906914.79525
WriteConsoleW
buffer: 卷影复制服务组件遇到了意外错误。 请检查应用程序事件日志以了解详细信息。
console_handle: 0x00000007
success 1 0
1619906915.6855
WriteConsoleW
buffer: vssadmin 1.1 - 卷影复制服务管理命令行工具 (C) 版权所有 2001-2005 Microsoft Corp.
console_handle: 0x00000007
success 1 0
1619906915.7175
WriteConsoleW
buffer: Error:
console_handle: 0x00000007
success 1 0
1619906915.7175
WriteConsoleW
buffer: 卷影复制服务组件遇到了意外错误。 请检查应用程序事件日志以了解详细信息。
console_handle: 0x00000007
success 1 0
1619906916.5295
WriteConsoleW
buffer: vssadmin 1.1 - 卷影复制服务管理命令行工具 (C) 版权所有 2001-2005 Microsoft Corp.
console_handle: 0x00000007
success 1 0
1619906916.5605
WriteConsoleW
buffer: Error:
console_handle: 0x00000007
success 1 0
1619906916.5605
WriteConsoleW
buffer: 卷影复制服务组件遇到了意外错误。 请检查应用程序事件日志以了解详细信息。
console_handle: 0x00000007
success 1 0
1619906917.123
WriteConsoleW
buffer: vssadmin 1.1 - 卷影复制服务管理命令行工具 (C) 版权所有 2001-2005 Microsoft Corp.
console_handle: 0x00000007
success 1 0
1619906917.154
WriteConsoleW
buffer: Error:
console_handle: 0x00000007
success 1 0
1619906917.154
WriteConsoleW
buffer: 卷影复制服务组件遇到了意外错误。 请检查应用程序事件日志以了解详细信息。
console_handle: 0x00000007
success 1 0
1619906917.98225
WriteConsoleW
buffer: vssadmin 1.1 - 卷影复制服务管理命令行工具 (C) 版权所有 2001-2005 Microsoft Corp.
console_handle: 0x00000007
success 1 0
1619906917.99825
WriteConsoleW
buffer: 错误: 意外故障: 没有注册类
console_handle: 0x00000007
success 1 0
行为判定
动态指标
Checks for the Locally Unique Identifier on the system for a suspicious privilege (13 个事件)
Time & API Arguments Status Return Repeated
1619906906.77925
LookupPrivilegeValueW
system_name:
privilege_name: SeBackupPrivilege
success 1 0
1619906910.29575
LookupPrivilegeValueW
system_name:
privilege_name: SeBackupPrivilege
success 1 0
1619906910.889875
LookupPrivilegeValueW
system_name:
privilege_name: SeBackupPrivilege
success 1 0
1619906911.49825
LookupPrivilegeValueW
system_name:
privilege_name: SeBackupPrivilege
success 1 0
1619906912.279875
LookupPrivilegeValueW
system_name:
privilege_name: SeBackupPrivilege
success 1 0
1619906912.904125
LookupPrivilegeValueW
system_name:
privilege_name: SeBackupPrivilege
success 1 0
1619906913.51425
LookupPrivilegeValueW
system_name:
privilege_name: SeBackupPrivilege
success 1 0
1619906914.107
LookupPrivilegeValueW
system_name:
privilege_name: SeBackupPrivilege
success 1 0
1619906914.74825
LookupPrivilegeValueW
system_name:
privilege_name: SeBackupPrivilege
success 1 0
1619906915.6855
LookupPrivilegeValueW
system_name:
privilege_name: SeBackupPrivilege
success 1 0
1619906916.5295
LookupPrivilegeValueW
system_name:
privilege_name: SeBackupPrivilege
success 1 0
1619906917.107
LookupPrivilegeValueW
system_name:
privilege_name: SeBackupPrivilege
success 1 0
1619906917.98225
LookupPrivilegeValueW
system_name:
privilege_name: SeBackupPrivilege
success 1 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Removes the Shadow Copy to avoid recovery of the system (1 个事件)
cmdline vssadmin Delete Shadows /all /quiet
Uses suspicious command line tools or Windows utilities (13 个事件)
cmdline vssadmin resize shadowstorage /for=e: /on=e: /maxsize=unbounded
cmdline vssadmin Delete Shadows /all /quiet
cmdline vssadmin resize shadowstorage /for=f: /on=f: /maxsize=401MB
cmdline vssadmin resize shadowstorage /for=c: /on=c: /maxsize=unbounded
cmdline vssadmin resize shadowstorage /for=h: /on=h: /maxsize=401MB
cmdline vssadmin resize shadowstorage /for=g: /on=g: /maxsize=401MB
cmdline vssadmin resize shadowstorage /for=g: /on=g: /maxsize=unbounded
cmdline vssadmin resize shadowstorage /for=d: /on=d: /maxsize=401MB
cmdline vssadmin resize shadowstorage /for=c: /on=c: /maxsize=401MB
cmdline vssadmin resize shadowstorage /for=h: /on=h: /maxsize=unbounded
cmdline vssadmin resize shadowstorage /for=e: /on=e: /maxsize=401MB
cmdline vssadmin resize shadowstorage /for=d: /on=d: /maxsize=unbounded
cmdline vssadmin resize shadowstorage /for=f: /on=f: /maxsize=unbounded
Generates some ICMP traffic
Drops 220 unknown file mime types indicative of ransomware writing encrypted files back to disk (50 out of 220 个事件)
file c:\program files\google\chrome\application\89.0.4389.114\locales\de.pak.conti
file c:\python27\include\dtoa.h.conti
file c:\python27\include\intrcheck.h.conti
file c:\program files (x86)\internet explorer\signup\install.ins.conti
file c:\program files\google\chrome\application\master_preferences.conti
file c:\programdata\microsoft\vault\ac658cb4-9126-49bd-b877-31eedab3f204\3ccd5499-87a8-4b10-a215-608888dd3b55.vsch.conti
file c:\programdata\microsoft\assistance\client\1.0\zh-cn\help_mtoc_help.h1h.conti
file c:\python27\include\bitset.h.conti
file c:\python27\agent.pyw.conti
file c:\program files\google\chrome\application\89.0.4389.114\locales\bn.pak.conti
file c:\program files\google\chrome\application\setupmetrics\20210411210756.pma.conti
file c:\programdata\microsoft\assistance\client\1.0\zh-cn_en-us\help_mvalidator.lck.conti
file c:\python27\include\import.h.conti
file c:\program files\google\chrome\application\89.0.4389.114\locales\fi.pak.conti
file c:\python27\dlls\winsound.pyd.conti
file c:\program files\google\chrome\application\89.0.4389.114\locales\th.pak.conti
file c:\python27\include\pymath.h.conti
file c:\python27\include\pygetopt.h.conti
file c:\program files (x86)\reference assemblies\microsoft\framework\v3.0\redistlist\frameworklist.xml.conti
file C:\Python27\include\stringobject.h
file c:\program files\reference assemblies\microsoft\framework\v3.0\winfxlist.xml.conti
file c:\program files\google\chrome\application\89.0.4389.114\locales\sl.pak.conti
file c:\program files\google\chrome\application\89.0.4389.114\locales\ar.pak.conti
file c:\python27\include\fileobject.h.conti
file c:\python27\include\cobject.h.conti
file c:\python27\include\code.h.conti
file c:\program files\oracle\virtualbox guest additions\vboxwddm.cat.conti
file c:\program files\google\chrome\application\89.0.4389.114\locales\fa.pak.conti
file c:\program files\google\chrome\application\89.0.4389.114\locales\fil.pak.conti
file c:\program files\google\chrome\application\89.0.4389.114\locales\te.pak.conti
file c:\python27\include\floatobject.h.conti
file c:\program files\google\chrome\application\89.0.4389.114\chrome_200_percent.pak.conti
file c:\program files\google\chrome\application\89.0.4389.114\locales\hr.pak.conti
file c:\program files\google\chrome\application\89.0.4389.114\default_apps\youtube.crx.conti
file c:\program files\google\chrome\application\89.0.4389.114\locales\en-gb.pak.conti
file c:\programdata\microsoft\rac\statedata\racwmidatabookmarks.dat.conti
file c:\python27\include\pymem.h.conti
file c:\program files\microsoft games\chess\desktop.ini.conti
file c:\program files\google\chrome\application\89.0.4389.114\visualelements\logo.png.conti
file c:\program files\google\chrome\application\89.0.4389.114\locales\kn.pak.conti
file c:\programdata\microsoft\user account pictures\guest.bmp.conti
file c:\python27\include\listobject.h.conti
file c:\program files\google\chrome\application\89.0.4389.114\extensions\external_extensions.json.conti
file c:\python27\include\python-ast.h.conti
file c:\program files (x86)\reference assemblies\microsoft\framework\v3.0\winfxlist.xml.conti
file c:\programdata\microsoft\mf\active.grl.conti
file c:\python27\include\graminit.h.conti
file c:\python27\include\memoryobject.h.conti
file c:\python27\include\marshal.h.conti
file c:\program files (x86)\microsoft.net\redistlist\assemblylist_4_client.xml.conti
File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 个事件)
Elastic malicious (high confidence)
DrWeb Trojan.Encoder.32212
MicroWorld-eScan Trojan.GenericKD.34242542
FireEye Trojan.GenericKD.34242542
CAT-QuickHeal Trojan.Delshad
ALYac Trojan.Ransom.Filecoder
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:Win32/DelShad.82488310
K7GW Riskware ( 0040eff71 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.Generic.D20A7FEE
BitDefenderTheta Gen:NN.ZexaF.34700.Yq0@ayHtNJck
Cyren W32/Trojan.APLA-0624
Symantec Trojan.Emotet
ESET-NOD32 Win32/Filecoder.Conti.B
APEX Malicious
Avast Win32:CobaltStrike-D [Trj]
ClamAV Win.Dropper.Ryuk-9791610-0
Kaspersky Trojan.Win32.DelShad.drr
BitDefender Trojan.GenericKD.34242542
NANO-Antivirus Trojan.Win32.DelShad.houmsw
Paloalto generic.ml
Tencent Win32.Trojan.Raas.Auto
Ad-Aware Trojan.GenericKD.34242542
Sophos Mal/Generic-S + Troj/TFRansom-B
Comodo Malware@#2r89xmyfjr2xz
F-Secure Trojan.TR/TrickBot.jwrfx
Zillya Trojan.DelShad.Win32.597
TrendMicro Ransom.Win32.CONTI.G
McAfee-GW-Edition Emotet-FRH!C9CE7A9E59BC
Emsisoft Trojan.GenericKD.34242542 (B)
Jiangmin Trojan.DelShad.acm
Webroot W32.DelShad
Avira TR/TrickBot.jwrfx
MAX malware (ai score=100)
Antiy-AVL Trojan/Win32.DelShad
Kingsoft Win32.Troj.DelShad.d.(kcloud)
Gridinsoft Trojan.Win32.TrickBot.oa
Microsoft Ransom:Win32/FileCryptor.O!MTB
AegisLab Trojan.Win32.DelShad.4!c
ZoneAlarm Trojan.Win32.DelShad.drr
GData Win32.Trojan.Kryptik.3UVR5X
Cynet Malicious (score: 90)
AhnLab-V3 Trojan/Win32.Trickbot.C4170418
McAfee Emotet-FRH!C9CE7A9E59BC
VBA32 Trojan.DelShad
Malwarebytes Ransom.Conti
Zoner Trojan.Win32.94606
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.78:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-07-22 04:50:07

Imports

Library COMCTL32.dll:
0x405018 ImageList_Create
0x40501c ImageList_AddMasked
0x405024 ImageList_Destroy
0x405028
0x40502c ImageList_Draw
Library KERNEL32.dll:
0x405060 GetFileSize
0x405068 GetCurrentProcessId
0x40506c GetCurrentThreadId
0x405070 GetTickCount
0x405078 IsDebuggerPresent
0x405084 TerminateProcess
0x405088 ReadFile
0x405090 Sleep
0x405094 InterlockedExchange
0x405098 SetFilePointer
0x40509c FreeLibrary
0x4050a0 LoadLibraryW
0x4050a4 GetStartupInfoA
0x4050a8 GetVersionExW
0x4050ac LoadLibraryExA
0x4050b0 LoadLibraryExW
0x4050b4 ExitProcess
0x4050b8 CloseHandle
0x4050c0 GetProcAddress
0x4050c4 GetLastError
0x4050c8 lstrlenW
0x4050cc MultiByteToWideChar
0x4050d0 GetCurrentProcess
0x4050d4 CreateFileW
Library USER32.dll:
0x4051cc EndDialog
0x4051d0 DefWindowProcW
0x4051d4 GetSysColor
0x4051d8 BeginPaint
0x4051dc GetClientRect
0x4051e0 LoadCursorW
0x4051e4 RegisterClassExW
0x4051e8 LoadIconW
0x4051ec GetSysColorBrush
0x4051f0 GetDlgItemInt
0x4051f4 PostQuitMessage
0x4051f8 DialogBoxParamW
0x4051fc SetFocus
0x405200 InvalidateRect
0x405204 GetWindowLongW
0x405208 FillRect
0x40520c SetWindowLongW
0x405210 GetDlgItem
0x405214 SendDlgItemMessageW
0x405218 LoadStringW
0x40521c LoadBitmapW
0x405220 IsDlgButtonChecked
0x405224 CreateWindowExW
0x405228 MessageBoxW
0x40522c SetDlgItemTextW
0x405230 SendMessageW
0x405234 EnableWindow
0x405238 SetWindowTextW
0x40523c EndPaint
Library GDI32.dll:
0x405040 SelectObject
0x405044 DeleteDC
0x405048 CreateCompatibleDC
0x40504c StretchBlt
0x405050 DeleteObject
0x405054 CreateSolidBrush
Library COMDLG32.dll:
0x405034 GetOpenFileNameW
0x405038 GetSaveFileNameW
Library ADVAPI32.dll:
0x405000 RegQueryValueExW
0x405004 RegOpenKeyExW
0x405008 RegCloseKey
0x40500c RegSetValueExW
0x405010 RegCreateKeyExW
Library ole32.dll:
0x405244 CoCreateInstance
0x405248 CoTaskMemFree
0x40524c CoTaskMemAlloc
0x405250 CoUninitialize
0x405254 CoInitialize
Library OLEAUT32.dll:
0x4051c0 SysAllocString
0x4051c4 SysFreeString
Library MSVCR90.dll:
0x4050f4 _invoke_watson
0x4050fc __CxxFrameHandler3
0x405100 _decode_pointer
0x405104 _controlfp_s
0x405108 _onexit
0x40510c _lock
0x405110 __dllonexit
0x405114 _unlock
0x40511c ?terminate@@YAXXZ
0x405120 _crt_debugger_hook
0x405124 _CxxThrowException
0x405128 malloc
0x40512c _callnewh
0x405130 ??3@YAXPAX@Z
0x405134 memcpy
0x405138 wcschr
0x40513c swprintf_s
0x405140 memcmp
0x405144 free
0x405148 calloc
0x40514c _ultow_s
0x405150 wcslen
0x405154 _recalloc
0x405158 memset
0x40515c ??_V@YAXPAX@Z
0x405160 memcpy_s
0x405164 wcscat_s
0x405168 wcsncmp
0x40516c wcscpy_s
0x405170 _wcsdup
0x405174 atoi
0x405178 _amsg_exit
0x40517c __getmainargs
0x405180 _cexit
0x405184 _exit
0x405188 _XcptFilter
0x40518c _ismbblead
0x405190 exit
0x405194 _acmdln
0x405198 _initterm
0x40519c _initterm_e
0x4051a0 _configthreadlocale
0x4051a4 __setusermatherr
0x4051a8 _adjust_fdiv
0x4051ac __p__commode
0x4051b0 __p__fmode
0x4051b4 _encode_pointer
0x4051b8 __set_app_type
Library MSVCP90.dll:

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49235 192.168.56.1 445

UDP

Source Source Port Destination Destination Port
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 60385 192.168.56.1 0
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 60386 192.168.56.255 0
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.