10.4
0-day
45 个模型检测该样本为恶意!
重新分析
更多

8c3f6d6af4559f727435f017ef79fe239eb09c412e78f892399b45436809eca0

f3f35f6057f1615c7803d68baac71464.exe

分析耗时

77s

最近分析

文件大小

955.9KB
静态报毒 动态报毒 AGEN AI SCORE=85 APPLICUNWNT@#1FI2UAX1AS32S ATTRIBUTE BMCJ CLOUD CONFIDENCE DISABLESECURITY GENERIC PUA LK GENERIC PUP HIGHCONFIDENCE MALREP MIKEY PASSVIEW PASSWORDSTEALER PSWTOOL R288947 SECXPLODED SONBOKLI THEAABO TIGGRE TOOL TROJANPWS UNSAFE XPLODER 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:VBS/DisableSecurity.fafbee1a 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20200603 18.4.3895.0
Kingsoft 20200603 2013.8.14.323
McAfee RDN/Generic PUP.x 20200603 6.0.6.653
Tencent 20200603 1.0.0.1
CrowdStrike win/malicious_confidence_60% (W) 20190702 1.0
静态指标
Queries for the computername (2 个事件)
Time & API Arguments Status Return Repeated
1619999685.101784
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620017786.55375
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Checks if process is being debugged by a debugger (1 个事件)
Time & API Arguments Status Return Repeated
1619999685.038784
IsDebuggerPresent
failed 0 0
Command line console output was observed (19 个事件)
Time & API Arguments Status Return Repeated
1620017769.397875
WriteConsoleW
buffer: 找不到文件 - C:\Users\Administrator.Oskar-PC\
console_handle: 0x00000013
success 1 0
1620017769.397875
WriteConsoleW
buffer: AppData\Roaming\AdobeP\Adobe INC\AadobeR
console_handle: 0x00000013
success 1 0
1620017769.397875
WriteConsoleW
buffer: ead\
console_handle: 0x00000013
success 1 0
1620017770.742125
WriteConsoleW
buffer: C:adob02.bat
console_handle: 0x00000013
success 1 0
1620017770.757125
WriteConsoleW
buffer: C:adobe01.bat
console_handle: 0x00000013
success 1 0
1620017770.757125
WriteConsoleW
buffer: C:adobedf.exe
console_handle: 0x00000013
success 1 0
1620017770.788125
WriteConsoleW
buffer: C:adobel.vbs
console_handle: 0x00000013
success 1 0
1620017770.804125
WriteConsoleW
buffer: C:adobepdf.exe
console_handle: 0x00000013
success 1 0
1620017770.820125
WriteConsoleW
buffer: C:ancp.exe
console_handle: 0x00000013
success 1 0
1620017770.898125
WriteConsoleW
buffer: C:Areada.exe
console_handle: 0x00000013
success 1 0
1620017770.913125
WriteConsoleW
buffer: C:docx.jpg
console_handle: 0x00000013
success 1 0
1620017770.929125
WriteConsoleW
buffer: 复制了 8 个文件
console_handle: 0x00000013
success 1 0
1620017777.303375
WriteConsoleW
buffer: 找不到 C:\Users\Administrator.Oskar-PC\AppData\Roaming\AdobeP\Adobe Inc\AadobeRead\*.092
console_handle: 0x0000000b
success 1 0
1620017777.334375
WriteConsoleW
buffer: 找不到 C:\Users\Administrator.Oskar-PC\AppData\Roaming\AdobeP\Adobe Inc\AadobeRead\*.093
console_handle: 0x0000000b
success 1 0
1620017777.366375
WriteConsoleW
buffer: 找不到 C:\Users\Administrator.Oskar-PC\AppData\Roaming\AdobeP\Adobe Inc\AadobeRead\333.333
console_handle: 0x0000000b
success 1 0
1620017777.381375
WriteConsoleW
buffer: 找不到 C:\Users\Administrator.Oskar-PC\AppData\Roaming\AdobeP\Adobe Inc\AadobeRead\222.222
console_handle: 0x0000000b
success 1 0
1620017788.116375
WriteConsoleW
buffer: 系统找不到指定的路径。
console_handle: 0x0000000b
success 1 0
1620017788.147375
WriteConsoleW
buffer: 系统找不到指定的路径。
console_handle: 0x0000000b
success 1 0
1620017818.25675
WriteConsoleA
buffer: Could not connect to ftps4.us.freehostia.com -- try again later (errno = 10060.
console_handle: 0x0000000b
success 1 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620017774.866375
GlobalMemoryStatusEx
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1620017777.116375
NtAllocateVirtualMemory
process_identifier: 3088
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x028b0000
success 0 0
Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (2 个事件)
Time & API Arguments Status Return Repeated
1620017784.476
GetDiskFreeSpaceW
root_path: C:
sectors_per_cluster: 8362495
number_of_free_clusters: 8362495
total_number_of_clusters: 8362495
bytes_per_sector: 512
success 1 0
1620017784.492
GetDiskFreeSpaceW
root_path: C:
sectors_per_cluster: 8362495
number_of_free_clusters: 8362495
total_number_of_clusters: 8362495
bytes_per_sector: 512
success 1 0
Steals private information from local Internet browsers (50 out of 60 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Login Data-wal
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Subresource Filter\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\AutofillStates\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\RecoveryImproved\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crowd Deny\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\WidevineCdm\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crowd Deny\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Safe Browsing\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Safe Browsing\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\CertificateRevocation\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\SwReporter\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\FontLookupTableCache\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\FileTypePolicies\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\hyphen-data\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Floc\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\FileTypePolicies\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\FontLookupTableCache\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\pnacl\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\pnacl\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\CertificateRevocation\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ShaderCache\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\WidevineCdm\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\GrShaderCache\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ShaderCache\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Floc\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\hyphen-data\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\SafetyTips\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Local State
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\GrShaderCache\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ZxcvbnData\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ZxcvbnData\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Subresource Filter\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\MEIPreload\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\MEIPreload\Web Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\TLSDeprecationConfig\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\SwReporter\Login Data
Creates executable files on the filesystem (14 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Local\Adobe\Pdf\low\adobe01.bat
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\AdobeP\Adobe Inc\AadobeRead\adobel.vbs
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Local\Adobe\Pdf\low\Areada.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Local\Adobe\Pdf\low\adobel.vbs
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Local\Adobe\Pdf\low\ancp.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\AdobeP\Adobe Inc\AadobeRead\ancp.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\AdobeP\Adobe Inc\AadobeRead\adobepdf.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\AdobeP\Adobe Inc\AadobeRead\adobe01.bat
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\AdobeP\Adobe Inc\AadobeRead\adobedf.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Local\Adobe\Pdf\low\adob02.bat
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Local\Adobe\Pdf\low\adobepdf.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Local\Adobe\Pdf\low\adobedf.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\AdobeP\Adobe Inc\AadobeRead\adob02.bat
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\AdobeP\Adobe Inc\AadobeRead\Areada.exe
Creates a suspicious process (1 个事件)
cmdline C:\Windows\system32\cmd.exe /K "C:\Users\Administrator.Oskar-PC\AppData\Roaming\AdobeP\Adobe Inc\AadobeRead\adob02.bat"
Drops an executable to the user AppData folder (4 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\AdobeP\Adobe INC\AadobeRead\adobedf.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Local\Adobe\Pdf\low\Areada.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Local\Adobe\Pdf\low\ancp.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\AdobeP\Adobe INC\AadobeRead\adobepdf.exe
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1620017768.69475
ShellExecuteExW
parameters: /quiet /norestart
filepath: adobe01.bat
filepath_r: adobe01.bat
show_type: 0
success 1 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (2 个事件)
Uses Windows utilities for basic Windows functionality (3 个事件)
cmdline adobe01.bat /quiet /norestart
cmdline attrib +r +a +s +h "C:\Users\Administrator.Oskar-PC\AppData\Roaming\AdobeP\Adobe INC\AadobeRead\"
cmdline attrib +r +a +s +h "C:\Users\Administrator.Oskar-PC\AppData\Roaming\Local\Adobe\Pdf\low"
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Harvests information related to installed instant messenger clients (1 个事件)
registry HKEY_CURRENT_USER\Software\Google\Google Talk\Accounts
Harvests credentials from local email clients (6 个事件)
registry HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts
registry HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail
registry HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
registry HKEY_CURRENT_USER\Identities\{586FBF3B-F35E-46E2-9DB8-9E15DC75E9A1}\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts
registry HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Thunderbird
registry HKEY_CURRENT_USER\Software\Google\Google Talk\Accounts
One or more non-safelisted processes were created (2 个事件)
parent_process wscript.exe martian_process adobe01.bat /quiet /norestart
parent_process wscript.exe martian_process "C:\Users\Administrator.Oskar-PC\AppData\Roaming\Local\Adobe\Pdf\low\adobe01.bat" /quiet /norestart
Resumed a suspended thread in a remote process potentially indicative of process injection (4 个事件)
Process injection Process 2772 resumed a thread in remote process 2136
Process injection Process 2264 resumed a thread in remote process 3088
Time & API Arguments Status Return Repeated
1619999688.663784
NtResumeThread
thread_handle: 0x0000020c
suspend_count: 1
process_identifier: 2136
success 0 0
1620017773.11675
NtResumeThread
thread_handle: 0x00000084
suspend_count: 0
process_identifier: 3088
success 0 0
The process wscript.exe wrote an executable file to disk (1 个事件)
file C:\Windows\SysWOW64\wscript.exe
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 162.210.102.230:21
File has been identified by 45 AntiVirus engines on VirusTotal as malicious (45 个事件)
MicroWorld-eScan Gen:Variant.Mikey.102286
CAT-QuickHeal Trojanpws.Bat
ALYac Gen:Variant.Mikey.102286
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:VBS/DisableSecurity.fafbee1a
K7GW Riskware ( 0040eff71 )
Cybereason malicious.057f16
Arcabit Trojan.Mikey.D18F8E
TrendMicro Trojan.Win32.MALREP.THEAABO
F-Prot W32/SecXploded.F
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:Malware-gen
ClamAV Win.Malware.Xploder-7082344-0
GData Gen:Variant.Mikey.102286
Kaspersky not-a-virus:HEUR:PSWTool.Win32.PassView.b
BitDefender Gen:Variant.Mikey.102286
Paloalto generic.ml
Rising Trojan.Sonbokli!8.10198 (CLOUD)
Ad-Aware Gen:Variant.Mikey.102286
Sophos Generic PUA LK (PUA)
Comodo ApplicUnwnt@#1fi2uax1as32s
F-Secure Heuristic.HEUR/AGEN.1133219
DrWeb Tool.PassView.1941
Invincea heuristic
McAfee-GW-Edition RDN/Generic PUP.x
FireEye Gen:Variant.Mikey.102286
Emsisoft Gen:Variant.Mikey.102286 (B)
Cyren W32/Tool.BMCJ-7427
Webroot W32.Malware.Gen
Avira HEUR/AGEN.1133219
Microsoft Trojan:Win32/Tiggre!rfn
ZoneAlarm Trojan-PSW.Win32.Xploder.qk
AhnLab-V3 Malware/Gen.RL_Generic.R288947
McAfee RDN/Generic PUP.x
Malwarebytes Spyware.PasswordStealer
TrendMicro-HouseCall Trojan.Win32.MALREP.THEAABO
MAX malware (ai score=85)
Fortinet Riskware/PassView
AVG Win32:Malware-gen
Panda Trj/CI.A
CrowdStrike win/malicious_confidence_60% (W)
Qihoo-360 Win32/Virus.PSW.337
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2013-07-17 01:19:51

Imports

Library KERNEL32.dll:
0x43c018 WaitForSingleObject
0x43c020 SetEndOfFile
0x43c024 GetStringTypeW
0x43c028 GetStringTypeA
0x43c02c LoadLibraryA
0x43c034 CompareStringW
0x43c038 CompareStringA
0x43c03c GetCPInfo
0x43c040 CreateProcessA
0x43c044 IsBadCodePtr
0x43c048 IsBadReadPtr
0x43c050 FlushFileBuffers
0x43c054 SetStdHandle
0x43c058 IsBadWritePtr
0x43c05c VirtualAlloc
0x43c060 LCMapStringW
0x43c064 LCMapStringA
0x43c068 MultiByteToWideChar
0x43c06c GetProcAddress
0x43c070 VirtualFree
0x43c074 HeapCreate
0x43c078 HeapDestroy
0x43c07c GetFileType
0x43c080 GetStdHandle
0x43c084 SetHandleCount
0x43c09c WideCharToMultiByte
0x43c0a0 HeapFree
0x43c0a4 HeapSize
0x43c0a8 GetLastError
0x43c0ac SetFileTime
0x43c0b4 GetFullPathNameW
0x43c0b8 GetFullPathNameA
0x43c0bc GetTempPathW
0x43c0c0 GetTempPathA
0x43c0c4 GetModuleFileNameW
0x43c0c8 DeleteFileW
0x43c0cc DeleteFileA
0x43c0d0 SetFilePointer
0x43c0d4 GetFileAttributesW
0x43c0d8 CreateDirectoryW
0x43c0e4 SetFileAttributesW
0x43c0e8 RemoveDirectoryW
0x43c0ec CreateDirectoryA
0x43c0f0 SetFileAttributesA
0x43c0f4 GetFileAttributesA
0x43c0f8 CreateFileA
0x43c0fc Sleep
0x43c100 GetTickCount
0x43c104 GetACP
0x43c108 GetOEMCP
0x43c10c GetComputerNameW
0x43c110 FormatMessageA
0x43c114 GetModuleFileNameA
0x43c118 CloseHandle
0x43c11c ReadFile
0x43c120 WriteFile
0x43c124 GetFileSize
0x43c130 GetLocalTime
0x43c134 GetVersionExA
0x43c138 CreateFileW
0x43c13c GetCurrentThreadId
0x43c140 RtlUnwind
0x43c144 ExitProcess
0x43c148 TerminateProcess
0x43c14c GetCurrentProcess
0x43c150 GetModuleHandleA
0x43c154 GetStartupInfoA
0x43c158 GetCommandLineA
0x43c15c GetVersion
0x43c164 HeapReAlloc
0x43c168 HeapAlloc
0x43c16c GetExitCodeProcess
Library USER32.dll:
0x43c188 PostMessageA
0x43c18c SetTimer
0x43c190 GetDlgItemTextA
0x43c194 LoadStringA
0x43c198 DefWindowProcA
0x43c19c DestroyWindow
0x43c1a0 BeginPaint
0x43c1a4 EndPaint
0x43c1a8 GetDlgItemTextW
0x43c1ac SetWindowTextW
0x43c1b0 MoveWindow
0x43c1b4 SetDlgItemTextW
0x43c1b8 EnableWindow
0x43c1bc EndDialog
0x43c1c0 PostQuitMessage
0x43c1c4 MessageBoxW
0x43c1c8 GetDlgItem
0x43c1cc SendMessageA
0x43c1d0 GetDesktopWindow
0x43c1d4 GetWindowRect
0x43c1d8 CopyRect
0x43c1dc OffsetRect
0x43c1e0 SetWindowPos
0x43c1e4 CreateWindowExW
0x43c1e8 DialogBoxParamW
0x43c1ec LoadCursorA
0x43c1f0 RegisterClassExW
0x43c1f4 LoadStringW
0x43c1f8 GetMessageA
0x43c1fc TranslateMessage
0x43c200 DispatchMessageA
0x43c204 MessageBoxA
0x43c208 SetDlgItemTextA
Library SHELL32.dll:
0x43c174 ShellExecuteExW
0x43c178 SHBrowseForFolderW
0x43c180 SHGetMalloc
Library ADVAPI32.dll:
0x43c004 CryptReleaseContext
0x43c008 CryptGenRandom
0x43c00c GetUserNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.