SmartHawk

4.0

中危

16 个模型检测该样本为恶意！

重新分析

下载样本

552509292d7e462ba6a022d2ef5af0f15bbb8f97c33ee67e05dddd24f9853c10

d58478855b76f01a4d00fa86787825db.exe

分析耗时

79s

最近分析

文件大小

440.9KB

静态报毒动态报毒 ABHH ARTEMIS BSCOPE DAPATO DOWNLOADER25 ELDORADO HFVYFR METERPRETER ZPEVDO 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba		20190527	0.3.0.5
CrowdStrike		20190702	1.0
Baidu		20190318	1.0.0.2
Avast		20200923	18.4.3895.0
Tencent		20200923	1.0.0.1
Kingsoft		20200923	2013.8.14.323
McAfee	Artemis!D58478855B76	20200922	6.0.6.653

This executable is signed

This executable has a PDB path (1 个事件)

pdb_path

c:\RHUB2\PCSetup\Release\PCSetup.pdb

The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)

resource name

SETUPTAG

Performs some HTTP requests (2 个事件)

request	GET http://turbomeeting.numerex.com/as/wapi/get_client_size?client=pc&rdm=1620978311
request	GET http://turbomeeting.numerex.com/as/wapi/get_client?client=pc&rdm=1620988155

Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620985511.749895 GetAdaptersAddresses	flags: 0 family: 0	failed	111	0

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

File has been identified by 16 AntiVirus engines on VirusTotal as malicious (16 个事件)

Zillya	Dropper.Dapato.Win32.73879
K7AntiVirus	Riskware ( 0040eff71 )
K7GW	Riskware ( 0040eff71 )
Cyren	W32/Dapato.Q.gen!Eldorado
Kaspersky	UDS:DangerousObject.Multi.Generic
NANO-Antivirus	Trojan.Win32.Dapato.hfvyfr
DrWeb	Trojan.DownLoader25.7077
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	Artemis
Jiangmin	TrojanDropper.Dapato.abhh
Microsoft	Trojan:Win32/Zpevdo.B
ZoneAlarm	UDS:DangerousObject.Multi.Generic
McAfee	Artemis!D58478855B76
VBA32	BScope.Trojan.Meterpreter
Yandex	Trojan.DownLoader!
Fortinet	W32/Dapato.7077!tr.dldr

Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)

Time & API	Arguments	Status
1620985514.327895 RegSetValueExA	key_handle: 0x00000424 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason	success
1620985514.327895 RegSetValueExA	key_handle: 0x00000424 value: Ð§ü«H× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime	success
1620985514.327895 RegSetValueExA	key_handle: 0x00000424 value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision	success
1620985514.327895 RegSetValueExW	key_handle: 0x00000424 value: 网络 2 regkey_r: WpadNetworkName reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName	success
1620985514.327895 RegSetValueExA	key_handle: 0x00000448 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason	success
1620985514.327895 RegSetValueExA	key_handle: 0x00000448 value: Ð§ü«H× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime	success
1620985514.327895 RegSetValueExA	key_handle: 0x00000448 value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision	success
1620985514.358895 RegSetValueExW	key_handle: 0x00000420 value: {40112ABE-63B3-43C3-BE93-1440EE3AF106} regkey_r: WpadLastNetwork reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork	success

Generates some ICMP traffic

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2013-09-09 19:00:40

Imports

Library KERNEL32.dll:

• 0x44b0e8 GetStartupInfoW

• 0x44b0ec ExitProcess

• 0x44b0f0 RtlUnwind

• 0x44b0f4 GetDriveTypeW

• 0x44b0f8 ExitThread

• 0x44b0fc CreateThread

• 0x44b100 HeapFree

• 0x44b104 GetSystemTimeAsFileTime

• 0x44b108 GetFileType

• 0x44b10c HeapAlloc

• 0x44b110 HeapReAlloc

• 0x44b114 HeapSize

• 0x44b118 VirtualProtect

• 0x44b11c VirtualAlloc

• 0x44b120 GetStdHandle

• 0x44b124 GetModuleFileNameA

• 0x44b128 UnhandledExceptionFilter

• 0x44b12c FreeEnvironmentStringsA

• 0x44b130 GetEnvironmentStrings

• 0x44b134 FreeEnvironmentStringsW

• 0x44b138 GetEnvironmentStringsW

• 0x44b13c GetCommandLineA

• 0x44b140 GetCommandLineW

• 0x44b144 SetHandleCount

• 0x44b148 HeapDestroy

• 0x44b14c HeapCreate

• 0x44b150 VirtualFree

• 0x44b154 GetCurrentDirectoryA

• 0x44b158 IsBadWritePtr

• 0x44b15c GetTimeZoneInformation

• 0x44b160 SetStdHandle

• 0x44b164 GetOEMCP

• 0x44b168 GetCPInfo

• 0x44b16c IsBadReadPtr

• 0x44b170 IsBadCodePtr

• 0x44b174 GetStringTypeA

• 0x44b178 GetStringTypeW

• 0x44b17c GetUserDefaultLCID

• 0x44b180 EnumSystemLocalesA

• 0x44b184 IsValidLocale

• 0x44b188 IsValidCodePage

• 0x44b18c LCMapStringA

• 0x44b190 LCMapStringW

• 0x44b194 CreateFileA

• 0x44b198 GetDriveTypeA

• 0x44b19c CompareStringA

• 0x44b1a0 CompareStringW

• 0x44b1a4 SetEnvironmentVariableA

• 0x44b1a8 GetTickCount

• 0x44b1ac FileTimeToSystemTime

• 0x44b1b0 SetErrorMode

• 0x44b1b4 GetFullPathNameW

• 0x44b1b8 GetVolumeInformationW

• 0x44b1bc DuplicateHandle

• 0x44b1c0 SetEndOfFile

• 0x44b1c4 UnlockFile

• 0x44b1c8 LockFile

• 0x44b1cc FlushFileBuffers

• 0x44b1d0 ReadFile

• 0x44b1d4 TlsFree

• 0x44b1d8 LocalReAlloc

• 0x44b1dc TlsSetValue

• 0x44b1e0 TlsAlloc

• 0x44b1e4 TlsGetValue

• 0x44b1e8 GlobalHandle

• 0x44b1ec GlobalReAlloc

• 0x44b1f0 LocalFree

• 0x44b1f4 LocalAlloc

• 0x44b1f8 GlobalFlags

• 0x44b1fc InterlockedIncrement

• 0x44b200 GetCurrentDirectoryW

• 0x44b204 lstrcpynW

• 0x44b208 MulDiv

• 0x44b20c SetLastError

• 0x44b210 GlobalUnlock

• 0x44b214 WritePrivateProfileStringW

• 0x44b218 FreeResource

• 0x44b21c GlobalFindAtomW

• 0x44b220 lstrlenA

• 0x44b224 GetModuleHandleA

• 0x44b228 lstrcatW

• 0x44b22c GetVersionExA

• 0x44b230 GlobalAddAtomW

• 0x44b234 InterlockedDecrement

• 0x44b238 GlobalLock

• 0x44b23c lstrcmpW

• 0x44b240 GlobalDeleteAtom

• 0x44b244 GetModuleHandleW

• 0x44b248 ConvertDefaultLocale

• 0x44b24c GetVersion

• 0x44b250 EnumResourceLanguagesW

• 0x44b254 GetLocaleInfoW

• 0x44b258 LoadLibraryA

• 0x44b25c GetTempPathA

• 0x44b260 GetTempFileNameA

• 0x44b264 DeleteFileA

• 0x44b268 Sleep

• 0x44b26c DeleteCriticalSection

• 0x44b270 InitializeCriticalSection

• 0x44b274 LeaveCriticalSection

• 0x44b278 EnterCriticalSection

• 0x44b27c CreateProcessW

• 0x44b280 GetCurrentThread

• 0x44b284 OpenProcess

• 0x44b288 TerminateProcess

• 0x44b28c GetLongPathNameW

• 0x44b290 CopyFileW

• 0x44b294 CreateToolhelp32Snapshot

• 0x44b298 Process32FirstW

• 0x44b29c Process32NextW

• 0x44b2a0 QueryPerformanceFrequency

• 0x44b2a4 QueryPerformanceCounter

• 0x44b2a8 GlobalAlloc

• 0x44b2ac GlobalFree

• 0x44b2b0 GetFileAttributesW

• 0x44b2b4 CreateDirectoryW

• 0x44b2b8 FindFirstFileW

• 0x44b2bc RemoveDirectoryW

• 0x44b2c0 SetFileAttributesW

• 0x44b2c4 DeleteFileW

• 0x44b2c8 FindNextFileW

• 0x44b2cc FindClose

• 0x44b2d0 MultiByteToWideChar

• 0x44b2d4 SetThreadPriority

• 0x44b2d8 SetEvent

• 0x44b2dc CreateEventW

• 0x44b2e0 lstrcpyW

• 0x44b2e4 SetFilePointer

• 0x44b2e8 IsDebuggerPresent

• 0x44b2ec GetLastError

• 0x44b2f0 FormatMessageW

• 0x44b2f4 lstrcmpiW

• 0x44b2f8 GetSystemInfo

• 0x44b2fc VirtualQuery

• 0x44b300 CreateFileW

• 0x44b304 GetFileSize

• 0x44b308 GetFileTime

• 0x44b30c CloseHandle

• 0x44b310 FileTimeToLocalFileTime

• 0x44b314 FileTimeToDosDateTime

• 0x44b318 OutputDebugStringW

• 0x44b31c RaiseException

• 0x44b320 GetCurrentThreadId

• 0x44b324 GetModuleFileNameW

• 0x44b328 LoadLibraryW

• 0x44b32c GetTempPathW

• 0x44b330 GetCurrentProcessId

• 0x44b334 GetProcAddress

• 0x44b338 GetCurrentProcess

• 0x44b33c FreeLibrary

• 0x44b340 lstrlenW

• 0x44b344 WriteFile

• 0x44b348 WideCharToMultiByte

• 0x44b34c SetUnhandledExceptionFilter

• 0x44b350 FindResourceW

• 0x44b354 LoadResource

• 0x44b358 LockResource

• 0x44b35c SizeofResource

• 0x44b360 GetVersionExW

• 0x44b364 GetThreadLocale

• 0x44b368 GetLocaleInfoA

• 0x44b36c GetACP

• 0x44b370 GetStartupInfoA

• 0x44b374 InterlockedExchange

Library USER32.dll:

• 0x44b3dc PostThreadMessageW

• 0x44b3e0 RegisterClipboardFormatW

• 0x44b3e4 MessageBeep

• 0x44b3e8 GetNextDlgGroupItem

• 0x44b3ec InvalidateRgn

• 0x44b3f0 CopyAcceleratorTableW

• 0x44b3f4 SetRect

• 0x44b3f8 IsRectEmpty

• 0x44b3fc CharNextW

• 0x44b400 DestroyMenu

• 0x44b404 CharUpperW

• 0x44b408 GetSysColorBrush

• 0x44b40c LoadCursorW

• 0x44b410 ShowWindow

• 0x44b414 MoveWindow

• 0x44b418 SetWindowTextW

• 0x44b41c IsDialogMessageW

• 0x44b420 EndPaint

• 0x44b424 BeginPaint

• 0x44b428 GetWindowDC

• 0x44b42c ReleaseDC

• 0x44b430 GetDC

• 0x44b434 ClientToScreen

• 0x44b438 GrayStringW

• 0x44b43c DrawTextExW

• 0x44b440 DrawTextW

• 0x44b444 TabbedTextOutW

• 0x44b448 CreateDialogIndirectParamW

• 0x44b44c GetNextDlgTabItem

• 0x44b450 EndDialog

• 0x44b454 SetWindowContextHelpId

• 0x44b458 MapDialogRect

• 0x44b45c RegisterWindowMessageW

• 0x44b460 WinHelpW

• 0x44b464 CreateWindowExW

• 0x44b468 GetClassInfoExW

• 0x44b46c GetClassLongW

• 0x44b470 SetPropW

• 0x44b474 GetPropW

• 0x44b478 RemovePropW

• 0x44b47c SendDlgItemMessageW

• 0x44b480 SendDlgItemMessageA

• 0x44b484 IsWindow

• 0x44b488 SetFocus

• 0x44b48c IsChild

• 0x44b490 GetWindowTextW

• 0x44b494 GetForegroundWindow

• 0x44b498 PostMessageW

• 0x44b49c GetClassInfoW

• 0x44b4a0 OffsetRect

• 0x44b4a4 GetWindowRect

• 0x44b4a8 GetClientRect

• 0x44b4ac InvalidateRect

• 0x44b4b0 GetCapture

• 0x44b4b4 SendMessageW

• 0x44b4b8 EnableWindow

• 0x44b4bc LoadIconW

• 0x44b4c0 LoadBitmapW

• 0x44b4c4 ReleaseCapture

• 0x44b4c8 SetActiveWindow

• 0x44b4cc GetDlgItem

• 0x44b4d0 GetTopWindow

• 0x44b4d4 DestroyWindow

• 0x44b4d8 GetMessageTime

• 0x44b4dc GetMessagePos

• 0x44b4e0 MapWindowPoints

• 0x44b4e4 SetForegroundWindow

• 0x44b4e8 UpdateWindow

• 0x44b4ec GetMenu

• 0x44b4f0 GetSubMenu

• 0x44b4f4 GetMenuItemID

• 0x44b4f8 GetMenuItemCount

• 0x44b4fc GetSysColor

• 0x44b500 AdjustWindowRectEx

• 0x44b504 ScreenToClient

• 0x44b508 EqualRect

• 0x44b50c RegisterClassW

• 0x44b510 UnregisterClassW

• 0x44b514 GetDlgCtrlID

• 0x44b518 DefWindowProcW

• 0x44b51c CallWindowProcW

• 0x44b520 SetWindowLongW

• 0x44b524 SetWindowPos

• 0x44b528 IntersectRect

• 0x44b52c SystemParametersInfoA

• 0x44b530 IsIconic

• 0x44b534 GetWindowPlacement

• 0x44b538 GetSystemMetrics

• 0x44b53c CopyRect

• 0x44b540 PtInRect

• 0x44b544 GetWindow

• 0x44b548 SetMenuItemBitmaps

• 0x44b54c GetFocus

• 0x44b550 ModifyMenuW

• 0x44b554 GetClassNameW

• 0x44b558 PostQuitMessage

• 0x44b55c DispatchMessageW

• 0x44b560 GetMessageW

• 0x44b564 PeekMessageW

• 0x44b568 wvsprintfW

• 0x44b56c wsprintfW

• 0x44b570 FindWindowW

• 0x44b574 MessageBoxW

• 0x44b578 GetActiveWindow

• 0x44b57c GetDesktopWindow

• 0x44b580 UnhookWindowsHookEx

• 0x44b584 SetCursor

• 0x44b588 IsWindowEnabled

• 0x44b58c GetLastActivePopup

• 0x44b590 GetWindowLongW

• 0x44b594 GetParent

• 0x44b598 ValidateRect

• 0x44b59c GetCursorPos

• 0x44b5a0 GetKeyState

• 0x44b5a4 IsWindowVisible

• 0x44b5a8 TranslateMessage

• 0x44b5ac CallNextHookEx

• 0x44b5b0 SetWindowsHookExW

• 0x44b5b4 GetMenuCheckMarkDimensions

• 0x44b5b8 CheckMenuItem

• 0x44b5bc EnableMenuItem

• 0x44b5c0 GetMenuState

• 0x44b5c4 SetCapture

Library GDI32.dll:

• 0x44b054 GetMapMode

• 0x44b058 GetRgnBox

• 0x44b05c GetTextColor

• 0x44b060 GetBkColor

• 0x44b064 CreateRectRgnIndirect

• 0x44b068 GetDeviceCaps

• 0x44b06c SetWindowExtEx

• 0x44b070 ScaleViewportExtEx

• 0x44b074 SetViewportExtEx

• 0x44b078 OffsetViewportOrgEx

• 0x44b07c SetViewportOrgEx

• 0x44b080 SelectObject

• 0x44b084 GetStockObject

• 0x44b088 DeleteDC

• 0x44b08c ExtSelectClipRgn

• 0x44b090 CreateRoundRectRgn

• 0x44b094 Escape

• 0x44b098 ExtTextOutW

• 0x44b09c TextOutW

• 0x44b0a0 RectVisible

• 0x44b0a4 PtVisible

• 0x44b0a8 GetWindowExtEx

• 0x44b0ac GetViewportExtEx

• 0x44b0b0 DeleteObject

• 0x44b0b4 SetMapMode

• 0x44b0b8 SetBkMode

• 0x44b0bc RestoreDC

• 0x44b0c0 SaveDC

• 0x44b0c4 GetObjectW

• 0x44b0c8 SetBkColor

• 0x44b0cc SetTextColor

• 0x44b0d0 GetClipBox

• 0x44b0d4 CreateBitmap

• 0x44b0d8 FrameRgn

• 0x44b0dc CreateSolidBrush

• 0x44b0e0 ScaleWindowExtEx

Library comdlg32.dll:

• 0x44b66c GetFileTitleW

Library WINSPOOL.DRV:

• 0x44b610 OpenPrinterW

• 0x44b614 ClosePrinter

• 0x44b618 DocumentPropertiesW

Library ADVAPI32.dll:

• 0x44b000 RegOpenKeyExW

• 0x44b004 RegQueryValueExW

• 0x44b008 RegDeleteKeyW

• 0x44b00c GetUserNameW

• 0x44b010 AdjustTokenPrivileges

• 0x44b014 LookupPrivilegeValueW

• 0x44b018 ImpersonateSelf

• 0x44b01c RegQueryValueW

• 0x44b020 RegOpenKeyW

• 0x44b024 RegEnumKeyW

• 0x44b028 OpenSCManagerW

• 0x44b02c OpenServiceW

• 0x44b030 ControlService

• 0x44b034 CloseServiceHandle

• 0x44b038 RegCreateKeyExW

• 0x44b03c RegSetValueExW

• 0x44b040 OpenThreadToken

• 0x44b044 RegCloseKey

Library SHELL32.dll:

• 0x44b3b0 ShellExecuteW

• 0x44b3b4 SHCreateDirectoryExW

• 0x44b3b8 SHGetFolderPathW

• 0x44b3bc SHGetSpecialFolderPathW

Library COMCTL32.dll:

• 0x44b04c

Library SHLWAPI.dll:

• 0x44b3c4 PathStripToRootW

• 0x44b3c8 PathFindFileNameW

• 0x44b3cc PathFindExtensionW

• 0x44b3d0 PathRemoveFileSpecW

• 0x44b3d4 PathIsUNCW

Library oledlg.dll:

• 0x44b6b4 OleUIBusyW

Library ole32.dll:

• 0x44b674 CoRevokeClassObject

• 0x44b678 CLSIDFromProgID

• 0x44b67c CLSIDFromString

• 0x44b680 CoTaskMemFree

• 0x44b684 CoTaskMemAlloc

• 0x44b688 OleInitialize

• 0x44b68c CoGetClassObject

• 0x44b690 StgOpenStorageOnILockBytes

• 0x44b694 StgCreateDocfileOnILockBytes

• 0x44b698 CreateILockBytesOnHGlobal

• 0x44b69c OleUninitialize

• 0x44b6a0 CoFreeUnusedLibraries

• 0x44b6a4 CoRegisterMessageFilter

• 0x44b6a8 OleFlushClipboard

• 0x44b6ac OleIsCurrentClipboard

Library OLEAUT32.dll:

• 0x44b37c SysAllocStringLen

• 0x44b380 VariantClear

• 0x44b384 VariantChangeType

• 0x44b388 VariantInit

• 0x44b38c SysFreeString

• 0x44b390 SysStringLen

• 0x44b394 OleCreateFontIndirect

• 0x44b398 VariantTimeToSystemTime

• 0x44b39c SystemTimeToVariantTime

• 0x44b3a0 SafeArrayDestroy

• 0x44b3a4 SysAllocString

• 0x44b3a8 VariantCopy

Library urlmon.dll:

• 0x44b6bc URLDownloadToFileA

Library WININET.dll:

• 0x44b5cc HttpSendRequestW

• 0x44b5d0 HttpOpenRequestW

• 0x44b5d4 InternetConnectW

• 0x44b5d8 InternetOpenW

• 0x44b5dc InternetReadFile

• 0x44b5e0 DetectAutoProxyUrl

• 0x44b5e4 InternetReadFileExA

• 0x44b5e8 InternetErrorDlg

• 0x44b5ec HttpQueryInfoA

• 0x44b5f0 HttpSendRequestA

• 0x44b5f4 InternetQueryOptionA

• 0x44b5f8 HttpOpenRequestA

• 0x44b5fc InternetConnectA

• 0x44b600 InternetOpenA

• 0x44b604 InternetSetOptionA

• 0x44b608 InternetCloseHandle

Library WS2_32.dll:

• 0x44b620 recv

• 0x44b624 shutdown

• 0x44b628 send

• 0x44b62c connect

• 0x44b630 setsockopt

• 0x44b634 socket

• 0x44b638 closesocket

• 0x44b63c inet_addr

• 0x44b640 WSALookupServiceEnd

• 0x44b644 WSAAddressToStringW

• 0x44b648 WSALookupServiceNextW

• 0x44b64c WSALookupServiceBeginW

• 0x44b650 WSAStartup

• 0x44b654 inet_ntoa

• 0x44b658 gethostbyname

• 0x44b65c gethostname

• 0x44b660 htons

• 0x44b664 WSAGetLastError

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
turbomeeting.numerex.com	A 192.119.178.149	192.119.178.149
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com

TCP

Source	Source Port	Destination	Destination Port
192.168.56.101	49173	192.119.178.149 turbomeeting.numerex.com	80
192.168.56.101	49176	192.119.178.149 turbomeeting.numerex.com	80

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	51378	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	53658	239.255.255.250	3702
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702
192.168.56.101	58367	8.8.8.8	53

HTTP & HTTPS Requests

URI	Data
http://turbomeeting.numerex.com/as/wapi/get_client?client=pc&rdm=1620988155	GET /as/wapi/get_client?client=pc&rdm=1620988155 HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: turbomeeting.numerex.com
http://turbomeeting.numerex.com/as/wapi/get_client_size?client=pc&rdm=1620978311	GET /as/wapi/get_client_size?client=pc&rdm=1620978311 HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: turbomeeting.numerex.com

URI

Data

http://turbomeeting.numerex.com/as/wapi/get_client?client=pc&rdm=1620988155

GET /as/wapi/get_client?client=pc&rdm=1620988155 HTTP/1.1
User-Agent: Microsoft Internet Explorer
Host: turbomeeting.numerex.com

http://turbomeeting.numerex.com/as/wapi/get_client_size?client=pc&rdm=1620978311

GET /as/wapi/get_client_size?client=pc&rdm=1620978311 HTTP/1.1
User-Agent: Microsoft Internet Explorer
Host: turbomeeting.numerex.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.