SmartHawk

11.6

0-day

54 个模型检测该样本为恶意！

重新分析

下载样本

e13913aa4153b0a0fcc5951f9b9502496471ef63cb98b110da3b15dddac64600

068f1c8ce5fb17a05015995505bc031e.exe

分析耗时

79s

最近分析

文件大小

1.0MB

静态报毒动态报毒 AI SCORE=89 ARTEMIS AUTOIT CLASSIC CONFIDENCE DOGBQEDHP9A FORMBOOK GENASA GENERICKD HIGH CONFIDENCE HKATXM KCW@AEE MALITRAR MALWARE@#LDAMYXX260K7 MULTIPLE DETECTIONS NANOCORE NETWIRE NETWIREDRC ODRX PACK PROBABLY HEUR R + MAL RARAUTORUN SCORE STATIC AI SUSPICIOUS SFX SUSPICIOUSTROJAN TQA8 TSGENERIC UNSAFE WACATAC WEECNAW WIRENET ZEXAF 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
CrowdStrike	win/malicious_confidence_60% (W)	20190702	1.0
Alibaba	Backdoor:Win32/NetWiredRC.edddf8f0	20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Avast	Win32:Trojan-gen	20201210	21.1.5827.0
Tencent	Win32.Backdoor.Netwiredrc.Fil	20201211	1.0.0.1
Kingsoft		20201211	2017.9.26.565
McAfee	Artemis!068F1C8CE5FB	20201211	6.0.6.653

Checks if process is being debugged by a debugger (4 个事件)

Time & API	Arguments	Status	Return	Repeated
1620124017.502375 IsDebuggerPresent		failed	0	0
1620124017.7995 IsDebuggerPresent		failed	0	0
1620124017.8155 IsDebuggerPresent		failed	0	0
1620124024.76825 IsDebuggerPresent		failed	0	0

This executable has a PDB path (1 个事件)

pdb_path

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620124017.8935 GlobalMemoryStatusEx		success	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)

section

.gfids

The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)

resource name

PNG

One or more processes crashed (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620124023.1125 __exception__	stacktrace: RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x77d5e003 GlobalFree+0x27 GlobalAlloc-0x11f kernelbase+0x13e88 @ 0x778f3e88 pgixe+0x10ccd @ 0x3a0ccd pgixe+0x7536e @ 0x40536e pgixe+0x7557a @ 0x40557a pgixe+0x3fa6 @ 0x393fa6 pgixe+0x8f8d @ 0x398f8d pgixe+0x96f5 @ 0x3996f5 pgixe+0xa2f7 @ 0x39a2f7 pgixe+0x962c @ 0x39962c pgixe+0xa2f7 @ 0x39a2f7 pgixe+0x962c @ 0x39962c pgixe+0xa2f7 @ 0x39a2f7 pgixe+0x962c @ 0x39962c pgixe+0xa2f7 @ 0x39a2f7 pgixe+0x962c @ 0x39962c pgixe+0xd87e @ 0x39d87e pgixe+0xd967 @ 0x39d967 pgixe+0x1648e @ 0x3a648e BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5 registers.esp: 10152608 registers.edi: 1267597312 registers.eax: 41158043 registers.ebp: 10152660 registers.edx: 631 registers.ebx: 1267598748 registers.esi: 43757944 registers.ecx: 41361374 exception.instruction_r: 89 30 8b 45 e0 8b 55 e4 8d 7e 08 f0 0f c7 0f 3b exception.symbol: RtlInitUnicodeString+0x1f3 RtlMultiByteToUnicodeN-0x14a ntdll+0x2e3fb exception.instruction: mov dword ptr [eax], esi exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 189435 exception.address: 0x77d5e3fb	success	0	0

Time & API

Arguments

Status

Return

Repeated

1620124023.1125
__exception__

stacktrace:

RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x77d5e003
GlobalFree+0x27 GlobalAlloc-0x11f kernelbase+0x13e88 @ 0x778f3e88
pgixe+0x10ccd @ 0x3a0ccd
pgixe+0x7536e @ 0x40536e
pgixe+0x7557a @ 0x40557a
pgixe+0x3fa6 @ 0x393fa6
pgixe+0x8f8d @ 0x398f8d
pgixe+0x96f5 @ 0x3996f5
pgixe+0xa2f7 @ 0x39a2f7
pgixe+0x962c @ 0x39962c
pgixe+0xa2f7 @ 0x39a2f7
pgixe+0x962c @ 0x39962c
pgixe+0xa2f7 @ 0x39a2f7
pgixe+0x962c @ 0x39962c
pgixe+0xa2f7 @ 0x39a2f7
pgixe+0x962c @ 0x39962c
pgixe+0xd87e @ 0x39d87e
pgixe+0xd967 @ 0x39d967
pgixe+0x1648e @ 0x3a648e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 10152608
registers.edi: 1267597312
registers.eax: 41158043
registers.ebp: 10152660
registers.edx: 631
registers.ebx: 1267598748
registers.esi: 43757944
registers.ecx: 41361374
exception.instruction_r: 89 30 8b 45 e0 8b 55 e4 8d 7e 08 f0 0f c7 0f 3b
exception.symbol: RtlInitUnicodeString+0x1f3 RtlMultiByteToUnicodeN-0x14a ntdll+0x2e3fb
exception.instruction: mov dword ptr [eax], esi
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 189435
exception.address: 0x77d5e3fb

success

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Creates (office) documents on the filesystem (5 个事件)

file	C:\59871915\edteb.xls
file	C:\59871915\umlfph.docx
file	C:\59871915\ijibweefkd.docx
file	C:\59871915\ckvtigsm.ppt
file	C:\59871915\emll.xls

Creates executable files on the filesystem (6 个事件)

file	C:\59871915\vwfb.dll
file	C:\59871915\Host.exe
file	C:\59871915\pgixe.pif
file	C:\59871915\cfsrvjlpu.vbs
file	C:\59871915\vomlg.dll
file	C:\59871915\jobga.dll

Drops a binary and executes it (2 个事件)

file	C:\59871915\Host.exe
file	C:\59871915\pgixe.pif

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (7 个事件)

Time & API	Arguments	Status	Return
1620124023.8625 Process32NextW	process_name: pythonw.exe snapshot_handle: 0x000001ac process_identifier: 1380	success	1
1620124023.8625 Process32NextW	process_name: mobsync.exe snapshot_handle: 0x000001ac process_identifier: 2996	success	1
1620124023.8625 Process32NextW	process_name: taskhost.exe snapshot_handle: 0x000001ac process_identifier: 340	success	1
1620124023.8625 Process32NextW	process_name: Host.exe snapshot_handle: 0x000001ac process_identifier: 3164	success	1
1620124023.8625 Process32NextW	process_name: pgixe.pif snapshot_handle: 0x000001ac process_identifier: 3216	success	1
1620124023.8625 Process32NextW	process_name: inject-x86.exe snapshot_handle: 0x000001ac process_identifier: 3284	success	1
1620124023.8625 Process32NextW	process_name: RegSvcs.exe snapshot_handle: 0x000001ac process_identifier: 3332	success	1

Expresses interest in specific running processes (1 个事件)

process

regsvcs.exe

One or more of the buffers contains an embedded PE file (2 个事件)

buffer	Buffer with sha1: 67ccda37c8176f93b92083abda0b17d3c3de0374
buffer	Buffer with sha1: 137f1f706a25408813bfbf5c6c2a7d7f6d7ea050

Communicates with host for which no DNS query was performed (2 个事件)

host	172.217.24.14
host	185.140.53.23

Allocates execute permission to another process indicative of possible code injection (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620124023.1125 NtAllocateVirtualMemory	process_identifier: 3332 region_size: 7598080 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0x000001a4 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x003a0000	success	0	0

Installs itself for autorun at Windows startup (1 个事件)

reg_key

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\WindowsUpdate

reg_value

0\59871915\pgixe.pif 0\59871915\eshf.kqk

Potential code injection by writing to the memory of another process (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620124023.8625 WriteProcessMemory	process_identifier: 3332 buffer: ÿÿÿÿ:ú~ú~(ý~mèÿÿ jHâý~± process_handle: 0x000001a4 base_address: 0x7efde000	success	1	0

Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 3216 called NtSetContextThread to modify thread in remote process 3332
1620124023.8625 NtSetContextThread	thread_handle: 0x000001a0 registers.eip: 2010382788 registers.esp: 3800472 registers.edi: 0 registers.eax: 3810349 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 process_identifier: 3332	success	0	0

Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 3216 resumed a thread in remote process 3332
1620124024.3775 NtResumeThread	thread_handle: 0x000001a0 suspend_count: 1 process_identifier: 3332	success	0	0

Executed a process and injected code into it, probably while unpacking (10 个事件)

Time & API	Arguments	Status	Return
1620119617.007315 CreateProcessInternalW	thread_identifier: 3168 thread_handle: 0x00000180 process_identifier: 3164 current_directory: C:\59871915 filepath: C:\59871915\Host.exe track: 1 command_line: "C:\59871915\Host.exe" Community portal â€“ Bulletin board, filepath_r: C:\59871915\Host.exe stack_pivoted: 0 creation_flags: 67634196 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_SUSPENDED\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) process_handle: 0x00000240 inherit_handles: 0	success	1
1620119617.601315 CreateProcessInternalW	thread_identifier: 3220 thread_handle: 0x00000294 process_identifier: 3216 current_directory: C:\59871915 filepath: C:\59871915\pgixe.pif track: 1 command_line: "C:\59871915\pgixe.pif" eshf.kqk filepath_r: C:\59871915\pgixe.pif stack_pivoted: 0 creation_flags: 67634196 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_SUSPENDED\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) process_handle: 0x0000029c inherit_handles: 0	success	1
1620124021.6435 NtResumeThread	thread_handle: 0x00000194 suspend_count: 1 process_identifier: 3216	success	0
1620124023.0965 CreateProcessInternalW	thread_identifier: 3336 thread_handle: 0x000001a0 process_identifier: 3332 current_directory: filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\RegSvcs.exe track: 1 command_line: filepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\RegSvcs.exe stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) process_handle: 0x000001a4 inherit_handles: 0	success	1
1620124023.1125 NtGetContextThread	thread_handle: 0x000001a0	success	0
1620124023.1125 NtAllocateVirtualMemory	process_identifier: 3332 region_size: 7598080 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0x000001a4 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x003a0000	success	0
1620124023.6905 WriteProcessMemory	process_identifier: 3332 buffer: process_handle: 0x000001a4 base_address: 0x003a0000	success	1
1620124023.8625 WriteProcessMemory	process_identifier: 3332 buffer: ÿÿÿÿ:ú~ú~(ý~mèÿÿ jHâý~± process_handle: 0x000001a4 base_address: 0x7efde000	success	1
1620124023.8625 NtSetContextThread	thread_handle: 0x000001a0 registers.eip: 2010382788 registers.esp: 3800472 registers.edi: 0 registers.eax: 3810349 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 process_identifier: 3332	success	0
1620124024.3775 NtResumeThread	thread_handle: 0x000001a0 suspend_count: 1 process_identifier: 3332	success	0

File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 个事件)

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.43282916
FireEye	Generic.mg.068f1c8ce5fb17a0
CAT-QuickHeal	Trojan.Multi
ALYac	Trojan.GenericKD.43282916
Cylance	Unsafe
CrowdStrike	win/malicious_confidence_60% (W)
Alibaba	Backdoor:Win32/NetWiredRC.edddf8f0
K7GW	Trojan ( 0056cb5f1 )
K7AntiVirus	Trojan ( 0056cb5f1 )
Arcabit	Trojan.Generic.D29471E4
Cyren	W32/Trojan.ODRX-0142
Symantec	Trojan.Gen.2
APEX	Malicious
Avast	Win32:Trojan-gen
ClamAV	Win.Dropper.NetWire-9102409-0
Kaspersky	HEUR:Trojan.Win32.NetWire.vho
BitDefender	Trojan.GenericKD.43282916
NANO-Antivirus	Trojan.Win32.Weecnaw.hkatxm
Paloalto	generic.ml
Tencent	Win32.Backdoor.Netwiredrc.Fil
Ad-Aware	Trojan.GenericKD.43282916
Sophos	Mal/Generic-R + Mal/MalitRar-I
Comodo	Malware@#ldamyxx260k7
F-Secure	Trojan.TR/Spy.Gen
DrWeb	BackDoor.Wirenet.556
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TrojanSpy.Win32.FORMBOOK.BW
McAfee-GW-Edition	BehavesLike.Win32.Suspicioustrojan.tc
Emsisoft	Trojan.GenericKD.43282916 (B)
SentinelOne	Static AI - Suspicious SFX
Avira	TR/Spy.Gen
Antiy-AVL	Trojan/Win32.TSGeneric
Gridinsoft	Spy.Win32.Keylogger.vb!s1
Microsoft	Trojan:Win32/Nanocore.AC!MTB
AegisLab	Trojan.BAT.Crypter.tqa8
ZoneAlarm	HEUR:Trojan.Win32.NetWire.vho
GData	Win32.Trojan.Netwire.C
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Autoit.C4115315
McAfee	Artemis!068F1C8CE5FB
MAX	malware (ai score=89)
VBA32	Trojan.Wacatac
Malwarebytes	Trojan.Agent.AutoIt
Zoner	Probably Heur.RARAutorun
ESET-NOD32	multiple detections
TrendMicro-HouseCall	TrojanSpy.Win32.FORMBOOK.BW
Rising	Trojan.Pack-RAR!1.BB61 (CLASSIC)
Yandex	Trojan.GenAsa!DOgbQEDHp9A
Ikarus	Trojan.Autoit

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)

dead_host	192.168.56.101:49180
dead_host	185.140.53.23:4068
dead_host	192.168.56.101:49187

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2019-04-28 04:03:27

Imports

Library KERNEL32.dll:

• 0x430000 GetLastError

• 0x430004 SetLastError

• 0x430008 GetCurrentProcess

• 0x43000c DeviceIoControl

• 0x430010 SetFileTime

• 0x430014 CloseHandle

• 0x430018 CreateDirectoryW

• 0x43001c RemoveDirectoryW

• 0x430020 CreateFileW

• 0x430024 DeleteFileW

• 0x430028 CreateHardLinkW

• 0x43002c GetShortPathNameW

• 0x430030 GetLongPathNameW

• 0x430034 MoveFileW

• 0x430038 GetFileType

• 0x43003c GetStdHandle

• 0x430040 WriteFile

• 0x430044 ReadFile

• 0x430048 FlushFileBuffers

• 0x43004c SetEndOfFile

• 0x430050 SetFilePointer

• 0x430054 SetFileAttributesW

• 0x430058 GetFileAttributesW

• 0x43005c FindClose

• 0x430060 FindFirstFileW

• 0x430064 FindNextFileW

• 0x430068 GetVersionExW

• 0x43006c GetCurrentDirectoryW

• 0x430070 GetFullPathNameW

• 0x430074 FoldStringW

• 0x430078 GetModuleFileNameW

• 0x43007c GetModuleHandleW

• 0x430080 FindResourceW

• 0x430084 FreeLibrary

• 0x430088 GetProcAddress

• 0x43008c GetCurrentProcessId

• 0x430090 ExitProcess

• 0x430094 SetThreadExecutionState

• 0x430098 Sleep

• 0x43009c LoadLibraryW

• 0x4300a0 GetSystemDirectoryW

• 0x4300a4 CompareStringW

• 0x4300a8 AllocConsole

• 0x4300ac FreeConsole

• 0x4300b0 AttachConsole

• 0x4300b4 WriteConsoleW

• 0x4300b8 GetProcessAffinityMask

• 0x4300bc CreateThread

• 0x4300c0 SetThreadPriority

• 0x4300c4 InitializeCriticalSection

• 0x4300c8 EnterCriticalSection

• 0x4300cc LeaveCriticalSection

• 0x4300d0 DeleteCriticalSection

• 0x4300d4 SetEvent

• 0x4300d8 ResetEvent

• 0x4300dc ReleaseSemaphore

• 0x4300e0 WaitForSingleObject

• 0x4300e4 CreateEventW

• 0x4300e8 CreateSemaphoreW

• 0x4300ec GetSystemTime

• 0x4300f0 SystemTimeToTzSpecificLocalTime

• 0x4300f4 TzSpecificLocalTimeToSystemTime

• 0x4300f8 SystemTimeToFileTime

• 0x4300fc FileTimeToLocalFileTime

• 0x430100 LocalFileTimeToFileTime

• 0x430104 FileTimeToSystemTime

• 0x430108 GetCPInfo

• 0x43010c IsDBCSLeadByte

• 0x430110 MultiByteToWideChar

• 0x430114 WideCharToMultiByte

• 0x430118 GlobalAlloc

• 0x43011c GetTickCount

• 0x430120 LockResource

• 0x430124 GlobalLock

• 0x430128 GlobalUnlock

• 0x43012c GlobalFree

• 0x430130 LoadResource

• 0x430134 SizeofResource

• 0x430138 SetCurrentDirectoryW

• 0x43013c GetExitCodeProcess

• 0x430140 GetLocalTime

• 0x430144 MapViewOfFile

• 0x430148 UnmapViewOfFile

• 0x43014c CreateFileMappingW

• 0x430150 OpenFileMappingW

• 0x430154 GetCommandLineW

• 0x430158 SetEnvironmentVariableW

• 0x43015c ExpandEnvironmentStringsW

• 0x430160 GetTempPathW

• 0x430164 MoveFileExW

• 0x430168 GetLocaleInfoW

• 0x43016c GetTimeFormatW

• 0x430170 GetDateFormatW

• 0x430174 GetNumberFormatW

• 0x430178 SetFilePointerEx

• 0x43017c GetConsoleMode

• 0x430180 GetConsoleCP

• 0x430184 HeapSize

• 0x430188 SetStdHandle

• 0x43018c GetProcessHeap

• 0x430190 RaiseException

• 0x430194 GetSystemInfo

• 0x430198 VirtualProtect

• 0x43019c VirtualQuery

• 0x4301a0 LoadLibraryExA

• 0x4301a4 IsProcessorFeaturePresent

• 0x4301a8 IsDebuggerPresent

• 0x4301ac UnhandledExceptionFilter

• 0x4301b0 SetUnhandledExceptionFilter

• 0x4301b4 GetStartupInfoW

• 0x4301b8 QueryPerformanceCounter

• 0x4301bc GetCurrentThreadId

• 0x4301c0 GetSystemTimeAsFileTime

• 0x4301c4 InitializeSListHead

• 0x4301c8 TerminateProcess

• 0x4301cc RtlUnwind

• 0x4301d0 EncodePointer

• 0x4301d4 InitializeCriticalSectionAndSpinCount

• 0x4301d8 TlsAlloc

• 0x4301dc TlsGetValue

• 0x4301e0 TlsSetValue

• 0x4301e4 TlsFree

• 0x4301e8 LoadLibraryExW

• 0x4301ec QueryPerformanceFrequency

• 0x4301f0 GetModuleHandleExW

• 0x4301f4 GetModuleFileNameA

• 0x4301f8 GetACP

• 0x4301fc HeapFree

• 0x430200 HeapAlloc

• 0x430204 HeapReAlloc

• 0x430208 GetStringTypeW

• 0x43020c LCMapStringW

• 0x430210 FindFirstFileExA

• 0x430214 FindNextFileA

• 0x430218 IsValidCodePage

• 0x43021c GetOEMCP

• 0x430220 GetCommandLineA

• 0x430224 GetEnvironmentStringsW

• 0x430228 FreeEnvironmentStringsW

• 0x43022c DecodePointer

Library gdiplus.dll:

• 0x430234 GdiplusShutdown

• 0x430238 GdiplusStartup

• 0x43023c GdipCreateHBITMAPFromBitmap

• 0x430240 GdipCreateBitmapFromStreamICM

• 0x430244 GdipCreateBitmapFromStream

• 0x430248 GdipDisposeImage

• 0x43024c GdipCloneImage

• 0x430250 GdipFree

• 0x430254 GdipAlloc

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58368	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.