SmartHawk

1.8

低危

16 个模型检测该样本为恶意！

重新分析

下载样本

30aa102769b654d0d767e40b0aef06e6b68fb3a7702c6b814e88fe8ff95f0167

033e4b84c38097a4e34f77c6aec02fa5.exe

分析耗时

78s

最近分析

文件大小

263.5KB

静态报毒动态报毒 AIDETECTVM ARTEMIS BADFILE CONFIDENCE HIGH CONFIDENCE MALWARE2 MALWARE@#32FI5FA1AOV37 QU0@A80GJREH SUSPICIOUS PE Z0FKLNVVREU ZEXAF 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
Baidu		20190318	1.0.0.2
Alibaba		20190527	0.3.0.5
Kingsoft		20201105	2013.8.14.323
McAfee	Artemis!033E4B84C380	20201104	6.0.6.653
Tencent		20201105	1.0.0.1
Avast		20201105	20.10.5736.0
CrowdStrike	win/malicious_confidence_60% (W)	20190702	1.0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)

section

.aspack

Foreign language identified in PE resource (50 out of 55 个事件)

name

RT_CURSOR

language

LANG_CHINESE

offset

0x00028ea4

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x00028ea4

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x00028ea4

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x00028ea4

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x00028ea4

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x00028ea4

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x00028ea4

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x00028ea4

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x00028ea4

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x00028ea4

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x00028ea4

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x00028ea4

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x00028ea4

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x00028ea4

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x00028ea4

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_CURSOR

language

LANG_CHINESE

offset

0x00028ea4

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000134

name

RT_BITMAP

language

LANG_CHINESE

offset

0x00029090

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_BITMAP

language

LANG_CHINESE

offset

0x00029090

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000144

name

RT_DIALOG

language

LANG_CHINESE

offset

0x0002f810

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000000e8

name

RT_DIALOG

language

LANG_CHINESE

offset

0x0002f810

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000000e8

name

RT_DIALOG

language

LANG_CHINESE

offset

0x0002f810

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000000e8

name

RT_DIALOG

language

LANG_CHINESE

offset

0x0002f810

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000000e8

name

RT_DIALOG

language

LANG_CHINESE

offset

0x0002f810

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x000000e8

name

RT_STRING

language

LANG_CHINESE

offset

0x000314d0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000042

name

RT_STRING

language

LANG_CHINESE

offset

0x000314d0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000042

name

RT_STRING

language

LANG_CHINESE

offset

0x000314d0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000042

name

RT_STRING

language

LANG_CHINESE

offset

0x000314d0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000042

name

RT_STRING

language

LANG_CHINESE

offset

0x000314d0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000042

name

RT_STRING

language

LANG_CHINESE

offset

0x000314d0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000042

name

RT_STRING

language

LANG_CHINESE

offset

0x000314d0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000042

name

RT_STRING

language

LANG_CHINESE

offset

0x000314d0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000042

name

RT_STRING

language

LANG_CHINESE

offset

0x000314d0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000042

name

RT_STRING

language

LANG_CHINESE

offset

0x000314d0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000042

name

RT_STRING

language

LANG_CHINESE

offset

0x000314d0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000042

name

RT_STRING

language

LANG_CHINESE

offset

0x000314d0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000042

name

RT_STRING

language

LANG_CHINESE

offset

0x000314d0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000042

name

RT_STRING

language

LANG_CHINESE

offset

0x000314d0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000042

name

RT_STRING

language

LANG_CHINESE

offset

0x000314d0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000042

name

RT_STRING

language

LANG_CHINESE

offset

0x000314d0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000042

name

RT_STRING

language

LANG_CHINESE

offset

0x000314d0

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000042

name

RT_GROUP_CURSOR

language

LANG_CHINESE

offset

0x0003163c

filetype

Lotus unknown worksheet or configuration, revision 0x1

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000014

name

RT_GROUP_CURSOR

language

LANG_CHINESE

offset

0x0003163c

filetype

Lotus unknown worksheet or configuration, revision 0x1

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000014

name

RT_GROUP_CURSOR

language

LANG_CHINESE

offset

0x0003163c

filetype

Lotus unknown worksheet or configuration, revision 0x1

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000014

name

RT_GROUP_CURSOR

language

LANG_CHINESE

offset

0x0003163c

filetype

Lotus unknown worksheet or configuration, revision 0x1

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000014

name

RT_GROUP_CURSOR

language

LANG_CHINESE

offset

0x0003163c

filetype

Lotus unknown worksheet or configuration, revision 0x1

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000014

name

RT_GROUP_CURSOR

language

LANG_CHINESE

offset

0x0003163c

filetype

Lotus unknown worksheet or configuration, revision 0x1

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000014

name

RT_GROUP_CURSOR

language

LANG_CHINESE

offset

0x0003163c

filetype

Lotus unknown worksheet or configuration, revision 0x1

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000014

name

RT_GROUP_CURSOR

language

LANG_CHINESE

offset

0x0003163c

filetype

Lotus unknown worksheet or configuration, revision 0x1

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000014

name

RT_GROUP_CURSOR

language

LANG_CHINESE

offset

0x0003163c

filetype

Lotus unknown worksheet or configuration, revision 0x1

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000014

name

RT_GROUP_CURSOR

language

LANG_CHINESE

offset

0x0003163c

filetype

Lotus unknown worksheet or configuration, revision 0x1

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

size

0x00000014

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

File has been identified by 16 AntiVirus engines on VirusTotal as malicious (16 个事件)

Bkav	W32.AIDetectVM.malware2
Elastic	malicious (high confidence)
Cybereason	malicious.268f3d
APEX	Malicious
Paloalto	generic.ml
Comodo	Malware@#32fi5fa1aov37
McAfee-GW-Edition	BehavesLike.Win32.BadFile.dt
FireEye	Generic.mg.033e4b84c38097a4
SentinelOne	DFI - Suspicious PE
AegisLab	Trojan.Win32.Generic.4!c
McAfee	Artemis!033E4B84C380
VBA32	Backdoor.Agent
Yandex	TrojanSpy.Agent!Z0fkLNVVREU
Ikarus	Trojan.Win32.Spy
BitDefenderTheta	Gen:NN.ZexaF.34590.qu0@a80gJReH
CrowdStrike	win/malicious_confidence_60% (W)

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2029-10-13 23:59:23

Imports

Library VERSION.dll:

• 0x41a434 GetFileVersionInfoW

• 0x41a438 GetFileVersionInfoSizeW

• 0x41a43c VerQueryValueW

Library KERNEL32.dll:

• 0x41a094 GetStartupInfoW

• 0x41a098 ExitProcess

• 0x41a09c RtlUnwind

• 0x41a0a0 HeapFree

• 0x41a0a4 TerminateProcess

• 0x41a0a8 HeapAlloc

• 0x41a0ac HeapReAlloc

• 0x41a0b0 HeapSize

• 0x41a0b4 VirtualProtect

• 0x41a0b8 VirtualAlloc

• 0x41a0bc GetSystemInfo

• 0x41a0c0 VirtualQuery

• 0x41a0c4 GetStdHandle

• 0x41a0c8 GetModuleFileNameA

• 0x41a0cc UnhandledExceptionFilter

• 0x41a0d0 FreeEnvironmentStringsA

• 0x41a0d4 GetEnvironmentStrings

• 0x41a0d8 FreeEnvironmentStringsW

• 0x41a0dc GetEnvironmentStringsW

• 0x41a0e0 GetCommandLineA

• 0x41a0e4 GetCommandLineW

• 0x41a0e8 SetHandleCount

• 0x41a0ec GetFileType

• 0x41a0f0 GetStartupInfoA

• 0x41a0f4 HeapCreate

• 0x41a0f8 VirtualFree

• 0x41a0fc QueryPerformanceCounter

• 0x41a100 GetTickCount

• 0x41a104 GetCurrentProcessId

• 0x41a108 GetSystemTimeAsFileTime

• 0x41a10c IsBadWritePtr

• 0x41a110 SetUnhandledExceptionFilter

• 0x41a114 GetOEMCP

• 0x41a118 GetCPInfo

• 0x41a11c IsBadReadPtr

• 0x41a120 IsBadCodePtr

• 0x41a124 GetStringTypeA

• 0x41a128 GetStringTypeW

• 0x41a12c LCMapStringA

• 0x41a130 LCMapStringW

• 0x41a134 SetStdHandle

• 0x41a138 SetErrorMode

• 0x41a13c GetCurrentProcess

• 0x41a140 FlushFileBuffers

• 0x41a144 WriteFile

• 0x41a148 TlsFree

• 0x41a14c LocalReAlloc

• 0x41a150 TlsSetValue

• 0x41a154 TlsAlloc

• 0x41a158 TlsGetValue

• 0x41a15c EnterCriticalSection

• 0x41a160 GlobalHandle

• 0x41a164 GlobalReAlloc

• 0x41a168 LeaveCriticalSection

• 0x41a16c LocalAlloc

• 0x41a170 DeleteCriticalSection

• 0x41a174 InitializeCriticalSection

• 0x41a178 RaiseException

• 0x41a17c GlobalFlags

• 0x41a180 InterlockedIncrement

• 0x41a184 lstrcmpiW

• 0x41a188 WritePrivateProfileStringW

• 0x41a18c GlobalFindAtomW

• 0x41a190 lstrlenA

• 0x41a194 GetModuleHandleA

• 0x41a198 LoadLibraryA

• 0x41a19c lstrcatW

• 0x41a1a0 GetVersionExA

• 0x41a1a4 InterlockedDecrement

• 0x41a1a8 FreeResource

• 0x41a1ac GlobalAddAtomW

• 0x41a1b0 GetLastError

• 0x41a1b4 SetLastError

• 0x41a1b8 GlobalFree

• 0x41a1bc MulDiv

• 0x41a1c0 GlobalUnlock

• 0x41a1c4 FormatMessageW

• 0x41a1c8 lstrcpynW

• 0x41a1cc LocalFree

• 0x41a1d0 lstrlenW

• 0x41a1d4 GetCurrentThread

• 0x41a1d8 GetCurrentThreadId

• 0x41a1dc MultiByteToWideChar

• 0x41a1e0 GlobalLock

• 0x41a1e4 lstrcmpW

• 0x41a1e8 GlobalAlloc

• 0x41a1ec GlobalDeleteAtom

• 0x41a1f0 WideCharToMultiByte

• 0x41a1f4 GetModuleFileNameW

• 0x41a1f8 GetModuleHandleW

• 0x41a1fc ConvertDefaultLocale

• 0x41a200 GetVersion

• 0x41a204 EnumResourceLanguagesW

• 0x41a208 lstrcpyW

• 0x41a20c GetLocaleInfoW

• 0x41a210 LoadLibraryW

• 0x41a214 GetProcAddress

• 0x41a218 CreateFileMappingW

• 0x41a21c MapViewOfFile

• 0x41a220 UnmapViewOfFile

• 0x41a224 CopyFileW

• 0x41a228 CreateFileW

• 0x41a22c GetFileSize

• 0x41a230 SetFilePointer

• 0x41a234 ReadFile

• 0x41a238 CloseHandle

• 0x41a23c FreeLibrary

• 0x41a240 GetSystemDirectoryW

• 0x41a244 GetFileAttributesW

• 0x41a248 Sleep

• 0x41a24c FindResourceW

• 0x41a250 LoadResource

• 0x41a254 LockResource

• 0x41a258 SizeofResource

• 0x41a25c GetVersionExW

• 0x41a260 GetThreadLocale

• 0x41a264 GetLocaleInfoA

• 0x41a268 GetACP

• 0x41a26c InterlockedExchange

• 0x41a270 HeapDestroy

Library USER32.dll:

• 0x41a29c DestroyMenu

• 0x41a2a0 GetSysColorBrush

• 0x41a2a4 LoadCursorW

• 0x41a2a8 EndPaint

• 0x41a2ac BeginPaint

• 0x41a2b0 ReleaseDC

• 0x41a2b4 GetDC

• 0x41a2b8 ClientToScreen

• 0x41a2bc GrayStringW

• 0x41a2c0 DrawTextExW

• 0x41a2c4 DrawTextW

• 0x41a2c8 TabbedTextOutW

• 0x41a2cc wsprintfW

• 0x41a2d0 ShowWindow

• 0x41a2d4 SetWindowTextW

• 0x41a2d8 IsDialogMessageW

• 0x41a2dc RegisterWindowMessageW

• 0x41a2e0 WinHelpW

• 0x41a2e4 GetCapture

• 0x41a2e8 CreateWindowExW

• 0x41a2ec GetClassInfoExW

• 0x41a2f0 GetClassLongW

• 0x41a2f4 GetClassNameW

• 0x41a2f8 SetPropW

• 0x41a2fc RemovePropW

• 0x41a300 SendDlgItemMessageW

• 0x41a304 SendDlgItemMessageA

• 0x41a308 SetFocus

• 0x41a30c GetWindowTextLengthW

• 0x41a310 GetWindowTextW

• 0x41a314 GetForegroundWindow

• 0x41a318 GetTopWindow

• 0x41a31c GetMessageTime

• 0x41a320 GetMessagePos

• 0x41a324 MapWindowPoints

• 0x41a328 SetForegroundWindow

• 0x41a32c UpdateWindow

• 0x41a330 GetMenu

• 0x41a334 AdjustWindowRectEx

• 0x41a338 GetClassInfoW

• 0x41a33c RegisterClassW

• 0x41a340 UnregisterClassW

• 0x41a344 GetDlgCtrlID

• 0x41a348 DefWindowProcW

• 0x41a34c CallWindowProcW

• 0x41a350 SetWindowLongW

• 0x41a354 SetWindowPos

• 0x41a358 SystemParametersInfoA

• 0x41a35c GetWindowPlacement

• 0x41a360 GetWindowRect

• 0x41a364 CopyRect

• 0x41a368 PtInRect

• 0x41a36c GetWindow

• 0x41a370 UnhookWindowsHookEx

• 0x41a374 GetDesktopWindow

• 0x41a378 SetActiveWindow

• 0x41a37c CreateDialogIndirectParamW

• 0x41a380 DestroyWindow

• 0x41a384 IsWindow

• 0x41a388 GetDlgItem

• 0x41a38c GetNextDlgTabItem

• 0x41a390 EndDialog

• 0x41a394 SetMenuItemBitmaps

• 0x41a398 GetFocus

• 0x41a39c ModifyMenuW

• 0x41a3a0 EnableMenuItem

• 0x41a3a4 CheckMenuItem

• 0x41a3a8 GetMenuCheckMarkDimensions

• 0x41a3ac LoadBitmapW

• 0x41a3b0 SetWindowsHookExW

• 0x41a3b4 CallNextHookEx

• 0x41a3b8 GetMessageW

• 0x41a3bc TranslateMessage

• 0x41a3c0 DispatchMessageW

• 0x41a3c4 GetActiveWindow

• 0x41a3c8 IsWindowVisible

• 0x41a3cc GetKeyState

• 0x41a3d0 PeekMessageW

• 0x41a3d4 GetCursorPos

• 0x41a3d8 ValidateRect

• 0x41a3dc MessageBoxW

• 0x41a3e0 GetParent

• 0x41a3e4 GetWindowLongW

• 0x41a3e8 GetLastActivePopup

• 0x41a3ec IsWindowEnabled

• 0x41a3f0 SetCursor

• 0x41a3f4 GetMenuState

• 0x41a3f8 GetMenuItemID

• 0x41a3fc GetMenuItemCount

• 0x41a400 GetSubMenu

• 0x41a404 PostMessageW

• 0x41a408 PostQuitMessage

• 0x41a40c GetSysColor

• 0x41a410 GetSystemMetrics

• 0x41a414 LoadIconW

• 0x41a418 EnableWindow

• 0x41a41c GetClientRect

• 0x41a420 IsIconic

• 0x41a424 SendMessageW

• 0x41a428 DrawIcon

• 0x41a42c GetPropW

Library GDI32.dll:

• 0x41a030 RectVisible

• 0x41a034 PtVisible

• 0x41a038 DeleteObject

• 0x41a03c GetStockObject

• 0x41a040 DeleteDC

• 0x41a044 ScaleWindowExtEx

• 0x41a048 SetWindowExtEx

• 0x41a04c ScaleViewportExtEx

• 0x41a050 SetViewportExtEx

• 0x41a054 OffsetViewportOrgEx

• 0x41a058 SetViewportOrgEx

• 0x41a05c SelectObject

• 0x41a060 Escape

• 0x41a064 ExtTextOutW

• 0x41a068 CreateBitmap

• 0x41a06c GetDeviceCaps

• 0x41a070 SetMapMode

• 0x41a074 RestoreDC

• 0x41a078 SaveDC

• 0x41a07c GetObjectW

• 0x41a080 SetBkColor

• 0x41a084 SetTextColor

• 0x41a088 GetClipBox

• 0x41a08c TextOutW

Library WINSPOOL.DRV:

• 0x41a444 ClosePrinter

• 0x41a448 DocumentPropertiesW

• 0x41a44c OpenPrinterW

Library ADVAPI32.dll:

• 0x41a000 RegQueryValueExW

• 0x41a004 RegOpenKeyExW

• 0x41a008 RegOpenKeyW

• 0x41a00c RegDeleteKeyW

• 0x41a010 RegEnumKeyW

• 0x41a014 RegQueryValueW

• 0x41a018 RegCreateKeyExW

• 0x41a01c RegSetValueExW

• 0x41a020 RegCloseKey

Library SHELL32.dll:

• 0x41a288 ShellExecuteW

Library COMCTL32.dll:

• 0x41a028

Library SHLWAPI.dll:

• 0x41a290 PathFindFileNameW

• 0x41a294 PathFindExtensionW

Library OLEAUT32.dll:

• 0x41a278 VariantInit

• 0x41a27c VariantChangeType

• 0x41a280 VariantClear

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58368	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.