4.6
中危
52 个模型检测该样本为恶意!
重新分析
更多

c4915e0bad118912792555923bded5335a283aa6b0a8e78a10ca627679929c13

da4dc137cbb9aca4f4305079c76d208a.exe

分析耗时

79s

最近分析

文件大小

1.5MB
静态报毒 动态报毒 AGEN AI SCORE=80 ATTRIBUTE CONFIDENCE GDSDA GENERICKDZ GENERICRXKK HIGH CONFIDENCE HIGHCONFIDENCE HKDYEB HNW@ACQDUEG KILLPROC2 KRYPTIK MALWARE@#L864E0FRTSL9 MXRESICN OCCAMY ORBV R066C0PIK20 R335660 RNDCRYPT SCORE TROJANX UNSAFE WACATAC WRQJ ZEMSILF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee GenericRXKK-ZF!DA4DC137CBB9 20201211 6.0.6.653
Alibaba Trojan:MSIL/TrojanX.092138f7 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:TrojanX-gen [Trj] 20201210 21.1.5827.0
Tencent Msil.Trojan.Crypt.Wrqj 20201211 1.0.0.1
Kingsoft 20201211 2017.9.26.565
CrowdStrike win/malicious_confidence_70% (W) 20190702 1.0
静态指标
Checks if process is being debugged by a debugger (4 个事件)
Time & API Arguments Status Return Repeated
1619958982.0445
IsDebuggerPresent
failed 0 0
1619958982.0445
IsDebuggerPresent
failed 0 0
1619958984.263125
IsDebuggerPresent
failed 0 0
1619958984.263125
IsDebuggerPresent
failed 0 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619958982.0915
GlobalMemoryStatusEx
success 1 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (50 out of 340 个事件)
Time & API Arguments Status Return Repeated
1619958981.5135
NtAllocateVirtualMemory
process_identifier: 368
region_size: 2162688
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00a70000
success 0 0
1619958981.5135
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00c40000
success 0 0
1619958981.8885
NtAllocateVirtualMemory
process_identifier: 368
region_size: 1966080
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00c80000
success 0 0
1619958981.8885
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00e20000
success 0 0
1619958981.9665
NtProtectVirtualMemory
process_identifier: 368
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73e71000
success 0 0
1619958982.0445
NtAllocateVirtualMemory
process_identifier: 368
region_size: 2031616
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00e60000
success 0 0
1619958982.0445
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01010000
success 0 0
1619958982.0595
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0074a000
success 0 0
1619958982.0595
NtProtectVirtualMemory
process_identifier: 368
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73e72000
success 0 0
1619958982.0595
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00742000
success 0 0
1619958982.3095
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00852000
success 0 0
1619958982.4035
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00875000
success 0 0
1619958982.4035
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0087b000
success 0 0
1619958982.4035
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00877000
success 0 0
1619958982.5285
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00853000
success 0 0
1619958982.5445
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00854000
success 0 0
1619958982.5755
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0085c000
success 0 0
1619958982.6535
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00a10000
success 0 0
1619958982.6695
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00866000
success 0 0
1619958982.7165
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0086a000
success 0 0
1619958982.7165
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00867000
success 0 0
1619958982.7945
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00a11000
success 0 0
1619958982.9505
NtAllocateVirtualMemory
process_identifier: 368
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00855000
success 0 0
1619958983.2165
NtAllocateVirtualMemory
process_identifier: 368
region_size: 12288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00a70000
success 0 0
1619958984.169125
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75261000
success 0 0
1619958984.169125
NtAllocateVirtualMemory
process_identifier: 912
region_size: 1441792
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00df0000
success 0 0
1619958984.169125
NtAllocateVirtualMemory
process_identifier: 912
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00f10000
success 0 0
1619958984.216125
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73e71000
success 0 0
1619958984.216125
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x751a1000
success 0 0
1619958984.216125
NtAllocateVirtualMemory
process_identifier: 912
region_size: 2097152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00f50000
success 0 0
1619958984.216125
NtAllocateVirtualMemory
process_identifier: 912
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01110000
success 0 0
1619958984.216125
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73e71000
success 0 0
1619958984.263125
NtAllocateVirtualMemory
process_identifier: 912
region_size: 1572864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00f50000
success 0 0
1619958984.263125
NtAllocateVirtualMemory
process_identifier: 912
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01090000
success 0 0
1619958984.263125
NtAllocateVirtualMemory
process_identifier: 912
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0069a000
success 0 0
1619958984.263125
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73e72000
success 0 0
1619958984.263125
NtAllocateVirtualMemory
process_identifier: 912
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00692000
success 0 0
1619958984.294125
NtAllocateVirtualMemory
process_identifier: 912
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x006a2000
success 0 0
1619958984.309125
NtAllocateVirtualMemory
process_identifier: 912
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x006c5000
success 0 0
1619958984.309125
NtAllocateVirtualMemory
process_identifier: 912
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x006cb000
success 0 0
1619958984.309125
NtAllocateVirtualMemory
process_identifier: 912
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x006c7000
success 0 0
1619958984.309125
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x755f1000
success 0 0
1619958984.325125
NtAllocateVirtualMemory
process_identifier: 912
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x006a3000
success 0 0
1619958984.325125
NtProtectVirtualMemory
process_identifier: 912
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x747f1000
success 0 0
1619958984.356125
NtAllocateVirtualMemory
process_identifier: 912
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x006ac000
success 0 0
1619958984.356125
NtAllocateVirtualMemory
process_identifier: 912
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x006a4000
success 0 0
1619958984.356125
NtAllocateVirtualMemory
process_identifier: 912
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00d30000
success 0 0
1619958984.356125
NtAllocateVirtualMemory
process_identifier: 912
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x006a5000
success 0 0
1619958984.450125
NtAllocateVirtualMemory
process_identifier: 912
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x006a6000
success 0 0
1619958984.559125
NtAllocateVirtualMemory
process_identifier: 912
region_size: 28672
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00d31000
success 0 0
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Costura\8E3603ED8A0381E02887C1DBBE921340\32\sqlite.interop.dll
Drops an executable to the user AppData folder (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Costura\8E3603ED8A0381E02887C1DBBE921340\32\sqlite.interop.dll
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.839806762133049 section {'size_of_data': '0x00183e00', 'virtual_address': '0x00002000', 'entropy': 7.839806762133049, 'name': '.text', 'virtual_size': '0x00183c44'} description A section with a high entropy has been found
entropy 0.9993558776167472 description Overall entropy of this PE file is high
Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)
Time & API Arguments Status Return Repeated
1619958985.044125
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.67017
FireEye Generic.mg.da4dc137cbb9aca4
McAfee GenericRXKK-ZF!DA4DC137CBB9
Cylance Unsafe
Zillya Trojan.Agent.Win32.1335876
K7AntiVirus Trojan ( 0056081c1 )
Alibaba Trojan:MSIL/TrojanX.092138f7
K7GW Trojan ( 0056081c1 )
Cybereason malicious.d796f5
Arcabit Trojan.Generic.D105C9
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:TrojanX-gen [Trj]
Kaspersky HEUR:Trojan.MSIL.Crypt.gen
BitDefender Trojan.GenericKDZ.67017
NANO-Antivirus Trojan.Win32.KillProc2.hkdyeb
Paloalto generic.ml
AegisLab Trojan.MSIL.Crypt.4!c
Tencent Msil.Trojan.Crypt.Wrqj
Ad-Aware Trojan.GenericKDZ.67017
Emsisoft Trojan.GenericKDZ.67017 (B)
Comodo Malware@#l864e0frtsl9
F-Secure Heuristic.HEUR/AGEN.1106069
DrWeb Trojan.KillProc2.10304
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R066C0PIK20
McAfee-GW-Edition BehavesLike.Win32.Generic.tc
Sophos Mal/Generic-S
Jiangmin Trojan.MSIL.orbv
Webroot W32.Trojan.Gen
Avira HEUR/AGEN.1106069
Antiy-AVL Trojan/Win32.Wacatac
Microsoft Trojan:Win32/Occamy.AA
ZoneAlarm HEUR:Trojan.MSIL.Crypt.gen
GData Trojan.GenericKDZ.67017
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Kryptik.R335660
Acronis suspicious
BitDefenderTheta Gen:NN.ZemsilF.34670.HnW@aCqDueg
ALYac Trojan.GenericKDZ.67017
MAX malware (ai score=80)
Malwarebytes Trojan.RNDCrypt.MSIL.Generic
ESET-NOD32 MSIL/Agent.TTF
TrendMicro-HouseCall TROJ_GEN.R066C0PIK20
Ikarus Trojan.Inject
eGambit Unsafe.AI_Score_99%
Fortinet MSIL/Injector.UVN!tr
MaxSecure Win.MxResIcn.Heur.Gen
AVG Win32:TrojanX-gen [Trj]
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-05-05 19:00:07

Imports

Library mscoree.dll:
0x402000 _CorExeMain

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.