SmartHawk

9.6

极危

54 个模型检测该样本为恶意！

重新分析

下载样本

4ff2a67b094bcc56df1aec016191465be4e7de348360fd307d1929dc9cbab39f

28833e121bb77c8262996af1f2aeef55.exe

分析耗时

91s

最近分析

文件大小

230.0KB

静态报毒动态报毒 357376T AI SCORE=100 AIDETECTVM ARTEMIS ATTRIBUTE BRRESMON CLASSIC CONFIDENCE GDDIY GENCIRC HIGH CONFIDENCE HIGHCONFIDENCE HTXUGT KIMSUKY KUDTU MALICIOUS PE MALWARE2 MALWARE@#2YADH9FZ8I8R4 MIKEY PLMV QVM10 R349544 SCORE TEABQ9O0F7I TROJANX UNSAFE XEYORAT YMACCO 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	Artemis!28833E121BB7	20201026	6.0.6.653
Alibaba	Trojan:Win32/Ymacco.d1a2a62c	20190527	0.3.0.5
CrowdStrike	win/malicious_confidence_70% (D)	20190702	1.0
Baidu		20190318	1.0.0.2
Avast	Win32:TrojanX-gen [Trj]	20201026	18.4.3895.0
Tencent	Malware.Win32.Gencirc.11adacb8	20201026	1.0.0.1
Kingsoft		20201026	2013.8.14.323

Queries for the computername (3 个事件)

Time & API	Arguments	Status	Return
1619355158.890625 GetComputerNameA	computer_name: OSKAR-PC	success	1
1619355145.26575 GetComputerNameW	computer_name: OSKAR-PC	success	1
1619355149.31275 GetComputerNameW	computer_name: OSKAR-PC	success	1

Command line console output was observed (10 个事件)

Time & API	Arguments	Status	Return
1619355145.28075 WriteConsoleW	buffer: 正在加载操作系统信息... console_handle: 0x0000000b	success	1
1619355146.60975 WriteConsoleW	buffer: 正在加载计算机信息... console_handle: 0x0000000b	success	1
1619355146.85975 WriteConsoleW	buffer: 正在加载处理器信息... console_handle: 0x0000000b	success	1
1619355148.87475 WriteConsoleW	buffer: 正在加载 BIOS 信息... console_handle: 0x0000000b	success	1
1619355148.96875 WriteConsoleW	buffer: 正在加载输入法区域设置信息... console_handle: 0x0000000b	success	1
1619355149.21875 WriteConsoleW	buffer: 正在加载时间区信息... console_handle: 0x0000000b	success	1
1619355149.31275 WriteConsoleW	buffer: 正在加载配置文件信息... console_handle: 0x0000000b	success	1
1619355150.20275 WriteConsoleW	buffer: 正在加载页面文件信息... console_handle: 0x0000000b	success	1
1619355150.68775 WriteConsoleW	buffer: 正在加载修补程序信息... console_handle: 0x0000000b	success	1
1619355161.82775 WriteConsoleW	buffer: 正在加载网卡信息... console_handle: 0x0000000b	success	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619355133.780625 GlobalMemoryStatusEx		success	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)

section

.gfids

The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)

resource name

JUYFON

Allocates read-write-execute memory (usually to unpack itself) (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619355135.093875 NtAllocateVirtualMemory	process_identifier: 2196 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x028b0000	success	0	0

Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (3 个事件)

Time & API	Arguments	Status	Return
1619355134.79675 GetDiskFreeSpaceExW	root_path: C:\Users\ADMINI~1.OSK\Desktop free_bytes_available: 19609137152 total_number_of_free_bytes: 19609137152 total_number_of_bytes: 34252779520	success	1
1619355138.328 GetDiskFreeSpaceExW	root_path: C:\Users\ADMINI~1.OSK\AppData\Roaming\MICROS~1\Windows\Recent free_bytes_available: 19609133056 total_number_of_free_bytes: 19609133056 total_number_of_bytes: 34252779520	success	1
1619355141.124625 GetDiskFreeSpaceExW	root_path: C:\PROGRA~2 free_bytes_available: 19609133056 total_number_of_free_bytes: 19609133056 total_number_of_bytes: 34252779520	success	1

Foreign language identified in PE resource (10 个事件)

name

RT_ICON

language

LANG_KOREAN

offset

0x0003b654

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_KOREAN

size

0x00000468

name

RT_ICON

language

LANG_KOREAN

offset

0x0003b654

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_KOREAN

size

0x00000468

name

RT_ICON

language

LANG_KOREAN

offset

0x0003b654

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_KOREAN

size

0x00000468

name

RT_ICON

language

LANG_KOREAN

offset

0x0003b654

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_KOREAN

size

0x00000468

name

RT_ICON

language

LANG_KOREAN

offset

0x0003b654

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_KOREAN

size

0x00000468

name

RT_ICON

language

LANG_KOREAN

offset

0x0003b654

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_KOREAN

size

0x00000468

name

RT_ICON

language

LANG_KOREAN

offset

0x0003b654

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_KOREAN

size

0x00000468

name

RT_ICON

language

LANG_KOREAN

offset

0x0003b654

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_KOREAN

size

0x00000468

name

RT_ICON

language

LANG_KOREAN

offset

0x0003b654

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_KOREAN

size

0x00000468

name

RT_GROUP_ICON

language

LANG_KOREAN

offset

0x0003babc

filetype

data

sublanguage

SUBLANG_KOREAN

size

0x00000084

Creates (office) documents on the filesystem (2 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\4.[酒怕楷备]稠巩捧绊痹沥.docx
file	C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\HNC\wct.docx

Creates a suspicious process (8 个事件)

cmdline	"C:\Windows\system32\cmd.exe" /c dir C:\Users\ADMINI~1.OSK\AppData\Roaming\MICROS~1\Windows\Recent\ >> C:\Users\ADMINI~1.OSK\AppData\Roaming\MICROS~1\HNC\wct.docx
cmdline	"C:\Windows\system32\cmd.exe" /c systeminfo >> C:\Users\ADMINI~1.OSK\AppData\Roaming\MICROS~1\HNC\wct.docx
cmdline	C:\Windows\System32\cmd.exe /c systeminfo >> C:\Users\ADMINI~1.OSK\AppData\Roaming\MICROS~1\HNC\wct.docx
cmdline	C:\Windows\System32\cmd.exe /c dir C:\Users\ADMINI~1.OSK\AppData\Roaming\MICROS~1\Windows\Recent\ >> C:\Users\ADMINI~1.OSK\AppData\Roaming\MICROS~1\HNC\wct.docx
cmdline	"C:\Windows\system32\cmd.exe" /c dir C:\PROGRA~2\ >> C:\Users\ADMINI~1.OSK\AppData\Roaming\MICROS~1\HNC\wct.docx
cmdline	C:\Windows\System32\cmd.exe /c dir C:\PROGRA~2\ >> C:\Users\ADMINI~1.OSK\AppData\Roaming\MICROS~1\HNC\wct.docx
cmdline	C:\Windows\System32\cmd.exe /c dir C:\Users\ADMINI~1.OSK\Desktop\ >> C:\Users\ADMINI~1.OSK\AppData\Roaming\MICROS~1\HNC\wct.docx
cmdline	"C:\Windows\system32\cmd.exe" /c dir C:\Users\ADMINI~1.OSK\Desktop\ >> C:\Users\ADMINI~1.OSK\AppData\Roaming\MICROS~1\HNC\wct.docx

A process created a hidden window (4 个事件)

Time & API	Arguments	Status	Return
1619355134.577625 ShellExecuteExW	parameters: /c dir C:\Users\ADMINI~1.OSK\Desktop\ >> C:\Users\ADMINI~1.OSK\AppData\Roaming\MICROS~1\HNC\wct.docx filepath: C:\Windows\System32\cmd.exe filepath_r: C:\Windows\system32\cmd.exe show_type: 0	success	1
1619355137.687625 ShellExecuteExW	parameters: /c dir C:\Users\ADMINI~1.OSK\AppData\Roaming\MICROS~1\Windows\Recent\ >> C:\Users\ADMINI~1.OSK\AppData\Roaming\MICROS~1\HNC\wct.docx filepath: C:\Windows\System32\cmd.exe filepath_r: C:\Windows\system32\cmd.exe show_type: 0	success	1
1619355140.780625 ShellExecuteExW	parameters: /c dir C:\PROGRA~2\ >> C:\Users\ADMINI~1.OSK\AppData\Roaming\MICROS~1\HNC\wct.docx filepath: C:\Windows\System32\cmd.exe filepath_r: C:\Windows\system32\cmd.exe show_type: 0	success	1
1619355143.874625 ShellExecuteExW	parameters: /c systeminfo >> C:\Users\ADMINI~1.OSK\AppData\Roaming\MICROS~1\HNC\wct.docx filepath: C:\Windows\System32\cmd.exe filepath_r: C:\Windows\system32\cmd.exe show_type: 0	success	1

Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619355160.265625 GetAdaptersAddresses	flags: 0 family: 0	failed	111	0

The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)

entropy

7.6764443222094

section

{'size_of_data': '0x0001ce00', 'virtual_address': '0x0001f000', 'entropy': 7.6764443222094, 'name': '.rsrc', 'virtual_size': '0x0001cd64'}

description

A section with a high entropy has been found

entropy

0.5043668122270742

description

Overall entropy of this PE file is high

Uses Windows utilities for basic Windows functionality (9 个事件)

cmdline	"C:\Windows\system32\cmd.exe" /c dir C:\Users\ADMINI~1.OSK\AppData\Roaming\MICROS~1\Windows\Recent\ >> C:\Users\ADMINI~1.OSK\AppData\Roaming\MICROS~1\HNC\wct.docx
cmdline	"C:\Windows\system32\cmd.exe" /c systeminfo >> C:\Users\ADMINI~1.OSK\AppData\Roaming\MICROS~1\HNC\wct.docx
cmdline	C:\Windows\System32\cmd.exe /c systeminfo >> C:\Users\ADMINI~1.OSK\AppData\Roaming\MICROS~1\HNC\wct.docx
cmdline	C:\Windows\System32\cmd.exe /c dir C:\Users\ADMINI~1.OSK\AppData\Roaming\MICROS~1\Windows\Recent\ >> C:\Users\ADMINI~1.OSK\AppData\Roaming\MICROS~1\HNC\wct.docx
cmdline	"C:\Windows\system32\cmd.exe" /c dir C:\PROGRA~2\ >> C:\Users\ADMINI~1.OSK\AppData\Roaming\MICROS~1\HNC\wct.docx
cmdline	C:\Windows\System32\cmd.exe /c dir C:\PROGRA~2\ >> C:\Users\ADMINI~1.OSK\AppData\Roaming\MICROS~1\HNC\wct.docx
cmdline	systeminfo
cmdline	C:\Windows\System32\cmd.exe /c dir C:\Users\ADMINI~1.OSK\Desktop\ >> C:\Users\ADMINI~1.OSK\AppData\Roaming\MICROS~1\HNC\wct.docx
cmdline	"C:\Windows\system32\cmd.exe" /c dir C:\Users\ADMINI~1.OSK\Desktop\ >> C:\Users\ADMINI~1.OSK\AppData\Roaming\MICROS~1\HNC\wct.docx

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)

Time & API	Arguments	Status
1619355162.843625 RegSetValueExA	key_handle: 0x00000408 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason	success
1619355162.843625 RegSetValueExA	key_handle: 0x00000408 value: 0Î´Æ9× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime	success
1619355162.843625 RegSetValueExA	key_handle: 0x00000408 value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision	success
1619355162.843625 RegSetValueExW	key_handle: 0x00000408 value: 网络 2 regkey_r: WpadNetworkName reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName	success
1619355162.843625 RegSetValueExA	key_handle: 0x00000420 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason	success
1619355162.843625 RegSetValueExA	key_handle: 0x00000420 value: 0Î´Æ9× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime	success
1619355162.843625 RegSetValueExA	key_handle: 0x00000420 value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision	success
1619355162.874625 RegSetValueExW	key_handle: 0x00000404 value: {40112ABE-63B3-43C3-BE93-1440EE3AF106} regkey_r: WpadLastNetwork reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork	success

Network activity contains more than one unique useragent (2 个事件)

process	28833e121bb77c8262996af1f2aeef55.exe				useragent	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; .NET CLR 1.1.4322)
process	28833e121bb77c8262996af1f2aeef55.exe				useragent	Mozilla/5.0

Resumed a suspended thread in a remote process potentially indicative of process injection (8 个事件)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 196 resumed a thread in remote process 1068
Process injection	Process 196 resumed a thread in remote process 3116
Process injection	Process 196 resumed a thread in remote process 3256
Process injection	Process 196 resumed a thread in remote process 3420
1619355134.577625 NtResumeThread	thread_handle: 0x000001a8 suspend_count: 1 process_identifier: 1068	success	0	0
1619355137.687625 NtResumeThread	thread_handle: 0x00000148 suspend_count: 1 process_identifier: 3116	success	0	0
1619355140.780625 NtResumeThread	thread_handle: 0x000001a8 suspend_count: 1 process_identifier: 3256	success	0	0
1619355143.874625 NtResumeThread	thread_handle: 0x000000b0 suspend_count: 1 process_identifier: 3420	success	0	0

File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 个事件)

Bkav	W32.AIDetectVM.malware2
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Mikey.115193
FireEye	Generic.mg.28833e121bb77c82
CAT-QuickHeal	Trojan.Generic
McAfee	Artemis!28833E121BB7
Cylance	Unsafe
Sangfor	Malware
K7AntiVirus	Trojan ( 0056b3241 )
Alibaba	Trojan:Win32/Ymacco.d1a2a62c
K7GW	Trojan ( 0056b3241 )
CrowdStrike	win/malicious_confidence_70% (D)
Arcabit	Trojan.Mikey.D1C1F9
Cyren	W32/Trojan.PLMV-4547
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:TrojanX-gen [Trj]
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Mikey.115193
NANO-Antivirus	Trojan.Win32.XeyoRat.htxugt
Paloalto	generic.ml
AegisLab	Trojan.Win32.Generic.4!c
Tencent	Malware.Win32.Gencirc.11adacb8
Ad-Aware	Gen:Variant.Mikey.115193
Comodo	Malware@#2yadh9fz8i8r4
DrWeb	BackDoor.Spy.3773
VIPRE	Trojan.Win32.Generic!BT
Invincea	Mal/Generic-S
McAfee-GW-Edition	BehavesLike.Win32.Generic.dc
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.Xeyorat
Jiangmin	Trojan.Generic.gddiy
Webroot	W32.Gen.BT
Avira	TR/Brresmon.kudtu
Microsoft	Trojan:Win32/Ymacco.AA4F
ViRobot	Trojan.Win32.S.Agent.235520.FG
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Gen:Variant.Mikey.115193
TACHYON	Trojan/W32.Kimsuky.235520
AhnLab-V3	Trojan/Win32.Agent.R349544
BitDefenderTheta	AI:Packer.9307B6351F
ALYac	Trojan.Agent.357376T
MAX	malware (ai score=100)
VBA32	suspected of Trojan.Downloader.gen.h
ESET-NOD32	a variant of Win32/XeyoRat.G
Rising	Trojan.XeyoRat!1.CBCF (CLASSIC)
Yandex	Trojan.XeyoRat!tEABq9O0F7I
SentinelOne	DFI - Malicious PE
eGambit	Unsafe.AI_Score_99%
Fortinet	Riskware/Generic

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)

dead_host	172.217.24.14:443
dead_host	172.217.160.110:443

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-08-13 14:33:24

Imports

Library KERNEL32.dll:

• 0x413008 GetComputerNameA

• 0x41300c LoadLibraryA

• 0x413010 GetProcAddress

• 0x413014 CloseHandle

• 0x413018 GetEnvironmentVariableA

• 0x41301c GetShortPathNameA

• 0x413020 Sleep

• 0x413024 GetCurrentProcess

• 0x413028 lstrcatA

• 0x41302c FreeLibrary

• 0x413030 DeleteFileA

• 0x413034 FindResourceA

• 0x413038 SizeofResource

• 0x41303c LoadResource

• 0x413040 LockResource

• 0x413044 GetTempPathA

• 0x413048 DeleteCriticalSection

• 0x41304c WriteFile

• 0x413050 CreateThread

• 0x413054 UnhandledExceptionFilter

• 0x413058 SetUnhandledExceptionFilter

• 0x41305c TerminateProcess

• 0x413060 IsProcessorFeaturePresent

• 0x413064 IsDebuggerPresent

• 0x413068 GetStartupInfoW

• 0x41306c GetModuleHandleW

• 0x413070 QueryPerformanceCounter

• 0x413074 GetCurrentProcessId

• 0x413078 GetCurrentThreadId

• 0x41307c GetSystemTimeAsFileTime

• 0x413080 InitializeSListHead

• 0x413084 OutputDebugStringW

• 0x413088 EnterCriticalSection

• 0x41308c LeaveCriticalSection

• 0x413090 WriteConsoleW

• 0x413094 HeapReAlloc

• 0x413098 HeapSize

• 0x41309c DecodePointer

• 0x4130a0 RaiseException

• 0x4130a4 GetLastError

• 0x4130a8 CreateFileA

• 0x4130ac FindNextFileA

• 0x4130b0 FindFirstFileExA

• 0x4130b4 FindClose

• 0x4130b8 GetModuleFileNameW

• 0x4130bc SetLastError

• 0x4130c0 RtlUnwind

• 0x4130c4 InitializeCriticalSectionAndSpinCount

• 0x4130c8 TlsAlloc

• 0x4130cc TlsGetValue

• 0x4130d0 TlsSetValue

• 0x4130d4 TlsFree

• 0x4130d8 LoadLibraryExW

• 0x4130dc ReadFile

• 0x4130e0 CreateFileW

• 0x4130e4 GetFileType

• 0x4130e8 ExitProcess

• 0x4130ec GetModuleHandleExW

• 0x4130f0 MultiByteToWideChar

• 0x4130f4 WideCharToMultiByte

• 0x4130f8 GetStdHandle

• 0x4130fc GetModuleFileNameA

• 0x413100 GetACP

• 0x413104 HeapFree

• 0x413108 HeapAlloc

• 0x41310c SetFilePointerEx

• 0x413110 GetConsoleMode

• 0x413114 ReadConsoleW

• 0x413118 FlushFileBuffers

• 0x41311c GetConsoleCP

• 0x413120 SetStdHandle

• 0x413124 SetEndOfFile

• 0x413128 LCMapStringW

• 0x41312c GetStringTypeW

• 0x413130 IsValidCodePage

• 0x413134 GetOEMCP

• 0x413138 GetCPInfo

• 0x41313c GetEnvironmentStringsW

• 0x413140 FreeEnvironmentStringsW

• 0x413144 GetProcessHeap

• 0x413148 GetCommandLineA

• 0x41314c GetCommandLineW

• 0x413150 InitializeCriticalSectionEx

Library USER32.dll:

• 0x413168 wsprintfA

Library ADVAPI32.dll:

• 0x413000 SystemFunction036

Library SHELL32.dll:

• 0x413158 SHGetSpecialFolderPathA

• 0x41315c ShellExecuteA

• 0x413160 ShellExecuteExA

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
clients2.google.com	A 172.217.160.110 CNAME clients.l.google.com	172.217.160.78
portable.epizy.com
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	53237	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	60123	114.114.114.114	53
192.168.56.101	60384	114.114.114.114	53
192.168.56.101	62912	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49713	224.0.0.252	5355
192.168.56.101	53210	224.0.0.252	5355
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	58367	224.0.0.252	5355
192.168.56.101	61680	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	62318	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	65004	224.0.0.252	5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.