SmartHawk

10.6

0-day

55 个模型检测该样本为恶意！

重新分析

下载样本

ff0ebb75a316c61d851a3edfb2ec49a5c05a2054032dbb9f175b7990fd8959dc

328549191a15865db4e088aa1375a7b2.exe

分析耗时

78s

最近分析

文件大小

1.0MB

静态报毒动态报毒 AI SCORE=80 AIDETECTVM ALI1000123 ARTEMIS AUTOIT BTSQNI CONFIDENCE FORMBOOK GENERIC@ML GENERICKD HIGH CONFIDENCE HNBNAK IGENT KCLOUD LIQN MALITRAR MALWARE2 MALWARE@#1R0E8VGGK9K6W MULTIPLE DETECTIONS NETWIRE NETWIREDRC ODRX OPJDVTU46J2QVA2 PROBABLY HEUR R + MAL RARAUTORUN RDMK RUNNER SCORE STATIC AI SUSPICIOUS SFX SUSPICIOUSTROJAN TQA8 TSGENERIC TTZY UNSAFE WACATAC XDXLU YMACCO 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	Artemis!328549191A15	20201211	6.0.6.653
Alibaba	Trojan:Win32/runner.ali1000123	20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Avast	Win32:Malware-gen	20201210	21.1.5827.0
Tencent	Win32.Backdoor.Netwiredrc.Liqn	20201211	1.0.0.1
Kingsoft	Win32.Hack.NetWiredRC.l.(kcloud)	20201211	2017.9.26.565
CrowdStrike	win/malicious_confidence_70% (W)	20190702	1.0

Checks if process is being debugged by a debugger (3 个事件)

Time & API	Arguments	Status	Return	Repeated
1619364067.578751 IsDebuggerPresent		failed	0	0
1619364067.578751 IsDebuggerPresent		failed	0	0
1619364077.984501 IsDebuggerPresent		failed	0	0

This executable has a PDB path (1 个事件)

pdb_path

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619364067.672751 GlobalMemoryStatusEx		success	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)

section

.gfids

The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)

resource name

PNG

One or more processes crashed (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619364077.156751 __exception__	stacktrace: RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x77d5e003 GlobalFree+0x27 GlobalAlloc-0x11f kernelbase+0x13e88 @ 0x778f3e88 sghgbomj+0x10ccd @ 0xc80ccd sghgbomj+0x7536e @ 0xce536e sghgbomj+0x7557a @ 0xce557a sghgbomj+0x3fa6 @ 0xc73fa6 sghgbomj+0x8f8d @ 0xc78f8d sghgbomj+0x96f5 @ 0xc796f5 sghgbomj+0xa2f7 @ 0xc7a2f7 sghgbomj+0x962c @ 0xc7962c sghgbomj+0xa2f7 @ 0xc7a2f7 sghgbomj+0x962c @ 0xc7962c sghgbomj+0xa2f7 @ 0xc7a2f7 sghgbomj+0x962c @ 0xc7962c sghgbomj+0xa2f7 @ 0xc7a2f7 sghgbomj+0x962c @ 0xc7962c sghgbomj+0xd87e @ 0xc7d87e sghgbomj+0xd967 @ 0xc7d967 sghgbomj+0x1648e @ 0xc8648e BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5 registers.esp: 7006288 registers.edi: 14909912 registers.eax: 1394129972 registers.ebp: 7006340 registers.edx: 14909920 registers.ebx: 14909920 registers.esi: 16171536 registers.ecx: 15728640 exception.instruction_r: 8b 46 04 89 45 f4 c6 47 07 80 c6 47 06 00 8b 5e exception.symbol: RtlInitUnicodeString+0x196 RtlMultiByteToUnicodeN-0x1a7 ntdll+0x2e39e exception.instruction: mov eax, dword ptr [esi + 4] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 189342 exception.address: 0x77d5e39e	success	0	0

Time & API

Arguments

Status

Return

Repeated

1619364077.156751
__exception__

stacktrace:

RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x77d5e003
GlobalFree+0x27 GlobalAlloc-0x11f kernelbase+0x13e88 @ 0x778f3e88
sghgbomj+0x10ccd @ 0xc80ccd
sghgbomj+0x7536e @ 0xce536e
sghgbomj+0x7557a @ 0xce557a
sghgbomj+0x3fa6 @ 0xc73fa6
sghgbomj+0x8f8d @ 0xc78f8d
sghgbomj+0x96f5 @ 0xc796f5
sghgbomj+0xa2f7 @ 0xc7a2f7
sghgbomj+0x962c @ 0xc7962c
sghgbomj+0xa2f7 @ 0xc7a2f7
sghgbomj+0x962c @ 0xc7962c
sghgbomj+0xa2f7 @ 0xc7a2f7
sghgbomj+0x962c @ 0xc7962c
sghgbomj+0xa2f7 @ 0xc7a2f7
sghgbomj+0x962c @ 0xc7962c
sghgbomj+0xd87e @ 0xc7d87e
sghgbomj+0xd967 @ 0xc7d967
sghgbomj+0x1648e @ 0xc8648e
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 7006288
registers.edi: 14909912
registers.eax: 1394129972
registers.ebp: 7006340
registers.edx: 14909920
registers.ebx: 14909920
registers.esi: 16171536
registers.ecx: 15728640
exception.instruction_r: 8b 46 04 89 45 f4 c6 47 07 80 c6 47 06 00 8b 5e
exception.symbol: RtlInitUnicodeString+0x196 RtlMultiByteToUnicodeN-0x1a7 ntdll+0x2e39e
exception.instruction: mov eax, dword ptr [esi + 4]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 189342
exception.address: 0x77d5e39e

success

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Creates (office) documents on the filesystem (8 个事件)

file	C:\Users\Administrator.Oskar-PC\02912207\tmsht.pdf
file	C:\Users\Administrator.Oskar-PC\02912207\sffmrogra.docx
file	C:\Users\Administrator.Oskar-PC\02912207\dekhanjm.ppt
file	C:\Users\Administrator.Oskar-PC\02912207\nvarcf.docx
file	C:\Users\Administrator.Oskar-PC\02912207\ovohnvn.ppt
file	C:\Users\Administrator.Oskar-PC\02912207\rhsmkotio.xls
file	C:\Users\Administrator.Oskar-PC\02912207\lopunva.pdf
file	C:\Users\Administrator.Oskar-PC\02912207\dweoxfiti.ppt

Creates executable files on the filesystem (8 个事件)

file	C:\Users\Administrator.Oskar-PC\02912207\cxvqvt.vbs
file	C:\Users\Administrator.Oskar-PC\02912207\vvnrpwfgm.exe
file	C:\Users\Administrator.Oskar-PC\02912207\khox.dll
file	C:\Users\Administrator.Oskar-PC\02912207\qsjkou.cpl
file	C:\Users\Administrator.Oskar-PC\02912207\sghgbomj.pif
file	C:\Users\Administrator.Oskar-PC\02912207\sdcuum.dll
file	C:\Users\Administrator.Oskar-PC\temp\nbcpasvxvo.dll
file	C:\Users\Administrator.Oskar-PC\02912207\nbcpasvxvo.dll

Drops a binary and executes it (1 个事件)

file	C:\Users\Administrator.Oskar-PC\02912207\sghgbomj.pif

One or more of the buffers contains an embedded PE file (2 个事件)

buffer	Buffer with sha1: 423aab1230d7c0a3a21978e33cb2f9d0c0fd8129
buffer	Buffer with sha1: ad5282a243eb9c864b9073981d4fc6bef3f2d529

Communicates with host for which no DNS query was performed (2 个事件)

host	172.217.24.14
host	185.140.53.220

Allocates execute permission to another process indicative of possible code injection (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619364077.156751 NtAllocateVirtualMemory	process_identifier: 3380 region_size: 6066176 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0x000001a8 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x00300000	success	0	0

Installs itself for autorun at Windows startup (1 个事件)

reg_key

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\WindowsUpdate

reg_value

0\02912207\sghgbomj.pif 0\02912207\vasck.bcd

Potential code injection by writing to the memory of another process (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619364077.312751 WriteProcessMemory	process_identifier: 3380 buffer: ÿÿÿÿ0ú~ú~(ý~mèÿÿ jHâý~± process_handle: 0x000001a8 base_address: 0x7efde000	success	1	0

Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 3244 called NtSetContextThread to modify thread in remote process 3380
1619364077.328751 NtSetContextThread	thread_handle: 0x000001a4 registers.eip: 2010382788 registers.esp: 3144032 registers.edi: 0 registers.eax: 3156939 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 process_identifier: 3380	success	0	0

Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 3244 resumed a thread in remote process 3380
1619364077.687751 NtResumeThread	thread_handle: 0x000001a4 suspend_count: 1 process_identifier: 3380	success	0	0

Executed a process and injected code into it, probably while unpacking (9 个事件)

Time & API	Arguments	Status	Return
1619345038.091017 CreateProcessInternalW	thread_identifier: 3248 thread_handle: 0x00000264 process_identifier: 3244 current_directory: C:\Users\Administrator.Oskar-PC\02912207 filepath: C:\Users\Administrator.Oskar-PC\02912207\sghgbomj.pif track: 1 command_line: "C:\Users\Administrator.Oskar-PC\02912207\sghgbomj.pif" vasck.bcd filepath_r: C:\Users\Administrator.Oskar-PC\02912207\sghgbomj.pif stack_pivoted: 0 creation_flags: 67634196 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_SUSPENDED\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) process_handle: 0x0000027c inherit_handles: 0	success	1
1619364075.640751 NtResumeThread	thread_handle: 0x00000198 suspend_count: 1 process_identifier: 3244	success	0
1619364077.140751 CreateProcessInternalW	thread_identifier: 3384 thread_handle: 0x000001a4 process_identifier: 3380 current_directory: filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\RegSvcs.exe track: 1 command_line: filepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\RegSvcs.exe stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) process_handle: 0x000001a8 inherit_handles: 0	success	1
1619364077.156751 NtGetContextThread	thread_handle: 0x000001a4	success	0
1619364077.156751 NtAllocateVirtualMemory	process_identifier: 3380 region_size: 6066176 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0x000001a8 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x00300000	success	0
1619364077.172751 WriteProcessMemory	process_identifier: 3380 buffer: process_handle: 0x000001a8 base_address: 0x00300000	success	1
1619364077.312751 WriteProcessMemory	process_identifier: 3380 buffer: ÿÿÿÿ0ú~ú~(ý~mèÿÿ jHâý~± process_handle: 0x000001a8 base_address: 0x7efde000	success	1
1619364077.328751 NtSetContextThread	thread_handle: 0x000001a4 registers.eip: 2010382788 registers.esp: 3144032 registers.edi: 0 registers.eax: 3156939 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 process_identifier: 3380	success	0
1619364077.687751 NtResumeThread	thread_handle: 0x000001a4 suspend_count: 1 process_identifier: 3380	success	0

File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 个事件)

Bkav	W32.AIDetectVM.malware2
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.33998886
FireEye	Generic.mg.328549191a15865d
CAT-QuickHeal	Trojan.Multi
McAfee	Artemis!328549191A15
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
K7AntiVirus	Trojan ( 0056cb5f1 )
Alibaba	Trojan:Win32/runner.ali1000123
K7GW	Trojan ( 0056cb5f1 )
Cybereason	malicious.74c3c0
Arcabit	Trojan.Generic.D206C826
Cyren	W32/Trojan.ODRX-0142
Symantec	Trojan.Gen.2
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Dropper.NetWire-9102409-0
Kaspersky	Backdoor.Win32.NetWiredRC.lbx
BitDefender	Trojan.GenericKD.33998886
NANO-Antivirus	Trojan.Win32.NetWiredRC.hnbnak
AegisLab	Trojan.BAT.Crypter.tqa8
Avast	Win32:Malware-gen
Tencent	Win32.Backdoor.Netwiredrc.Liqn
Ad-Aware	Trojan.GenericKD.33998886
Sophos	Mal/Generic-R + Mal/MalitRar-I
Comodo	Malware@#1r0e8vggk9k6w
F-Secure	Trojan.TR/Agent.xdxlu
TrendMicro	TrojanSpy.Win32.FORMBOOK.BW
McAfee-GW-Edition	BehavesLike.Win32.Suspicioustrojan.tc
Emsisoft	Trojan.GenericKD.33998886 (B)
Ikarus	Trojan.Autoit
eGambit	Unsafe.AI_Score_97%
Avira	TR/Agent.xdxlu
MAX	malware (ai score=80)
Antiy-AVL	Trojan/Win32.TSGeneric
Kingsoft	Win32.Hack.NetWiredRC.l.(kcloud)
Microsoft	Trojan:Win32/Ymacco.AAFF
ZoneAlarm	Backdoor.Win32.NetWiredRC.lbx
GData	Trojan.GenericKD.33998886
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Autoit.C4115315
ALYac	Trojan.GenericKD.33998886
VBA32	Trojan.Wacatac
Malwarebytes	Trojan.Dropper.SFX
Zoner	Probably Heur.RARAutorun
ESET-NOD32	multiple detections
TrendMicro-HouseCall	TrojanSpy.Win32.FORMBOOK.BW
Rising	Trojan.Generic@ML.95 (RDMK:opJDVTU46J2QVa2/ttzy/Q)
Yandex	Trojan.Igent.bTSQNI.2

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)

dead_host	192.168.56.101:49181
dead_host	185.140.53.220:3363

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2019-04-28 04:03:27

Imports

Library KERNEL32.dll:

• 0x430000 GetLastError

• 0x430004 SetLastError

• 0x430008 GetCurrentProcess

• 0x43000c DeviceIoControl

• 0x430010 SetFileTime

• 0x430014 CloseHandle

• 0x430018 CreateDirectoryW

• 0x43001c RemoveDirectoryW

• 0x430020 CreateFileW

• 0x430024 DeleteFileW

• 0x430028 CreateHardLinkW

• 0x43002c GetShortPathNameW

• 0x430030 GetLongPathNameW

• 0x430034 MoveFileW

• 0x430038 GetFileType

• 0x43003c GetStdHandle

• 0x430040 WriteFile

• 0x430044 ReadFile

• 0x430048 FlushFileBuffers

• 0x43004c SetEndOfFile

• 0x430050 SetFilePointer

• 0x430054 SetFileAttributesW

• 0x430058 GetFileAttributesW

• 0x43005c FindClose

• 0x430060 FindFirstFileW

• 0x430064 FindNextFileW

• 0x430068 GetVersionExW

• 0x43006c GetCurrentDirectoryW

• 0x430070 GetFullPathNameW

• 0x430074 FoldStringW

• 0x430078 GetModuleFileNameW

• 0x43007c GetModuleHandleW

• 0x430080 FindResourceW

• 0x430084 FreeLibrary

• 0x430088 GetProcAddress

• 0x43008c GetCurrentProcessId

• 0x430090 ExitProcess

• 0x430094 SetThreadExecutionState

• 0x430098 Sleep

• 0x43009c LoadLibraryW

• 0x4300a0 GetSystemDirectoryW

• 0x4300a4 CompareStringW

• 0x4300a8 AllocConsole

• 0x4300ac FreeConsole

• 0x4300b0 AttachConsole

• 0x4300b4 WriteConsoleW

• 0x4300b8 GetProcessAffinityMask

• 0x4300bc CreateThread

• 0x4300c0 SetThreadPriority

• 0x4300c4 InitializeCriticalSection

• 0x4300c8 EnterCriticalSection

• 0x4300cc LeaveCriticalSection

• 0x4300d0 DeleteCriticalSection

• 0x4300d4 SetEvent

• 0x4300d8 ResetEvent

• 0x4300dc ReleaseSemaphore

• 0x4300e0 WaitForSingleObject

• 0x4300e4 CreateEventW

• 0x4300e8 CreateSemaphoreW

• 0x4300ec GetSystemTime

• 0x4300f0 SystemTimeToTzSpecificLocalTime

• 0x4300f4 TzSpecificLocalTimeToSystemTime

• 0x4300f8 SystemTimeToFileTime

• 0x4300fc FileTimeToLocalFileTime

• 0x430100 LocalFileTimeToFileTime

• 0x430104 FileTimeToSystemTime

• 0x430108 GetCPInfo

• 0x43010c IsDBCSLeadByte

• 0x430110 MultiByteToWideChar

• 0x430114 WideCharToMultiByte

• 0x430118 GlobalAlloc

• 0x43011c GetTickCount

• 0x430120 LockResource

• 0x430124 GlobalLock

• 0x430128 GlobalUnlock

• 0x43012c GlobalFree

• 0x430130 LoadResource

• 0x430134 SizeofResource

• 0x430138 SetCurrentDirectoryW

• 0x43013c GetExitCodeProcess

• 0x430140 GetLocalTime

• 0x430144 MapViewOfFile

• 0x430148 UnmapViewOfFile

• 0x43014c CreateFileMappingW

• 0x430150 OpenFileMappingW

• 0x430154 GetCommandLineW

• 0x430158 SetEnvironmentVariableW

• 0x43015c ExpandEnvironmentStringsW

• 0x430160 GetTempPathW

• 0x430164 MoveFileExW

• 0x430168 GetLocaleInfoW

• 0x43016c GetTimeFormatW

• 0x430170 GetDateFormatW

• 0x430174 GetNumberFormatW

• 0x430178 SetFilePointerEx

• 0x43017c GetConsoleMode

• 0x430180 GetConsoleCP

• 0x430184 HeapSize

• 0x430188 SetStdHandle

• 0x43018c GetProcessHeap

• 0x430190 RaiseException

• 0x430194 GetSystemInfo

• 0x430198 VirtualProtect

• 0x43019c VirtualQuery

• 0x4301a0 LoadLibraryExA

• 0x4301a4 IsProcessorFeaturePresent

• 0x4301a8 IsDebuggerPresent

• 0x4301ac UnhandledExceptionFilter

• 0x4301b0 SetUnhandledExceptionFilter

• 0x4301b4 GetStartupInfoW

• 0x4301b8 QueryPerformanceCounter

• 0x4301bc GetCurrentThreadId

• 0x4301c0 GetSystemTimeAsFileTime

• 0x4301c4 InitializeSListHead

• 0x4301c8 TerminateProcess

• 0x4301cc RtlUnwind

• 0x4301d0 EncodePointer

• 0x4301d4 InitializeCriticalSectionAndSpinCount

• 0x4301d8 TlsAlloc

• 0x4301dc TlsGetValue

• 0x4301e0 TlsSetValue

• 0x4301e4 TlsFree

• 0x4301e8 LoadLibraryExW

• 0x4301ec QueryPerformanceFrequency

• 0x4301f0 GetModuleHandleExW

• 0x4301f4 GetModuleFileNameA

• 0x4301f8 GetACP

• 0x4301fc HeapFree

• 0x430200 HeapAlloc

• 0x430204 HeapReAlloc

• 0x430208 GetStringTypeW

• 0x43020c LCMapStringW

• 0x430210 FindFirstFileExA

• 0x430214 FindNextFileA

• 0x430218 IsValidCodePage

• 0x43021c GetOEMCP

• 0x430220 GetCommandLineA

• 0x430224 GetEnvironmentStringsW

• 0x430228 FreeEnvironmentStringsW

• 0x43022c DecodePointer

Library gdiplus.dll:

• 0x430234 GdiplusShutdown

• 0x430238 GdiplusStartup

• 0x43023c GdipCreateHBITMAPFromBitmap

• 0x430240 GdipCreateBitmapFromStreamICM

• 0x430244 GdipCreateBitmapFromStream

• 0x430248 GdipDisposeImage

• 0x43024c GdipCloneImage

• 0x430250 GdipFree

• 0x430254 GdipAlloc

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
clients2.google.com	A 172.217.160.78 CNAME clients.l.google.com	172.217.160.78
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	51378	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58368	239.255.255.250	3702
192.168.56.101	58370	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702
192.168.56.101	62192	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.