5.0
中危
54 个模型检测该样本为恶意!
重新分析
更多

9d71c01a2e63e041ca58886eba792d3fc0c0064198d225f2f0e2e70c6222365c

36a2061a6df7f0f3c608a8a140af14b3.exe

分析耗时

80s

最近分析

文件大小

1.3MB
静态报毒 动态报毒 78L7TF7MGKC AI SCORE=86 AIDETECTVM ATTRIBUTE AVEMARIA BULTJB CONFIDENCE DOWNLOADER34 EKLE ENDI FAREIT GDSDA GENCIRC GENERICKD GENKRYPTIK HIGH CONFIDENCE HIGHCONFIDENCE HPRQF HUHBNN IGENT INVALIDSIG MALICIOUS PE MALWARE2 R011C0PHU20 RATX SCORE SHY@AYYDJHLI UNCLASSIFIEDMALWARE@0 UNSAFE WACATAC YMACCO ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FUL!36A2061A6DF7 20200913 6.0.6.653
Alibaba TrojanSpy:Win32/Ymacco.c52928b3 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
Avast Win32:RATX-gen [Trj] 20200913 18.4.3895.0
Baidu 20190318 1.0.0.2
Kingsoft 20200914 2013.8.14.323
Tencent Malware.Win32.Gencirc.11adc251 20200914 1.0.0.1
静态指标
This executable is signed
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619345583.442499
__exception__
stacktrace: 
0x34eb62a
0x34eb65d
0x34eb57a
0x349f91c
0x34ec626
0x34ecde8
0x34be04e
0x34aef8e
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x775a77c4
DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x775a7bca
0x34e49d8
0x34ed1a7
36a2061a6df7f0f3c608a8a140af14b3+0x9907a @ 0x49907a
36a2061a6df7f0f3c608a8a140af14b3+0x99584 @ 0x499584
36a2061a6df7f0f3c608a8a140af14b3+0x9b32a @ 0x49b32a
36a2061a6df7f0f3c608a8a140af14b3+0x228b6 @ 0x4228b6
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x775a77c4
DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x775a7bca
36a2061a6df7f0f3c608a8a140af14b3+0x672e4 @ 0x4672e4
36a2061a6df7f0f3c608a8a140af14b3+0x9b647 @ 0x49b647
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1633616
registers.edi: 0
registers.eax: 1633616
registers.ebp: 1633696
registers.edx: 0
registers.ebx: 1635372
registers.esi: 61427940
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1619345535.911499
NtAllocateVirtualMemory
process_identifier: 324
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003a0000
success 0 0
1619345537.786499
NtAllocateVirtualMemory
process_identifier: 324
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x03410000
success 0 0
Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 个事件)
Time & API Arguments Status Return Repeated
1619345537.770499
NtProtectVirtualMemory
process_identifier: 324
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 380928
protection: 32 (PAGE_EXECUTE_READ)
process_handle: 0xffffffff
base_address: 0x03491000
success 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Disables proxy possibly for traffic interception (1 个事件)
Time & API Arguments Status Return Repeated
1619345553.958499
RegSetValueExA
key_handle: 0x000002e8
value: 0
regkey_r: ProxyEnable
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 31.13.81.4:443
File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
DrWeb Trojan.DownLoader34.29518
MicroWorld-eScan Trojan.GenericKD.43741836
CAT-QuickHeal Trojan.Multi
McAfee Fareit-FUL!36A2061A6DF7
Cylance Unsafe
Zillya Trojan.AveMaria.Win32.674
Sangfor Malware
K7AntiVirus Trojan-Downloader ( 0056d5121 )
Alibaba TrojanSpy:Win32/Ymacco.c52928b3
K7GW Trojan-Downloader ( 0056d5121 )
CrowdStrike win/malicious_confidence_90% (W)
Arcabit Trojan.Generic.D29B728C
Invincea Mal/Generic-S
BitDefenderTheta Gen:NN.ZelphiF.34216.sHY@ayyDJhli
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Injector.ENDI
TrendMicro-HouseCall TROJ_GEN.R011C0PHU20
Paloalto generic.ml
Kaspersky HEUR:Trojan-Spy.Win32.AveMaria.gen
BitDefender Trojan.GenericKD.43741836
NANO-Antivirus Trojan.Win32.AveMaria.huhbnn
Avast Win32:RATX-gen [Trj]
Rising Spyware.AveMaria!8.108C2 (TFE:5:78L7tf7mGkC)
Ad-Aware Trojan.GenericKD.43741836
Sophos Mal/Generic-S
Comodo .UnclassifiedMalware@0
F-Secure Trojan.TR/Injector.hprqf
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R011C0PHU20
FireEye Trojan.GenericKD.43741836
Emsisoft Trojan.GenericKD.43741836 (B)
SentinelOne DFI - Malicious PE
Jiangmin TrojanSpy.AveMaria.ki
Avira TR/Injector.hprqf
Antiy-AVL Trojan[Spy]/Win32.AveMaria
Microsoft Trojan:Win32/Ymacco.AA9D
ZoneAlarm HEUR:Trojan-Spy.Win32.AveMaria.gen
GData Trojan.GenericKD.43741836
Cynet Malicious (score: 100)
ALYac Trojan.PSW.AveMaria
VBA32 Trojan.Wacatac
Malwarebytes Trojan.MalPack.SMY
APEX Malicious
Tencent Malware.Win32.Gencirc.11adc251
Yandex Trojan.Igent.bUlTJB.16
MAX malware (ai score=86)
eGambit PE.Heur.InvalidSig
Fortinet W32/GenKryptik.EKLE!tr
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x49f18c VirtualFree
0x49f190 VirtualAlloc
0x49f194 LocalFree
0x49f198 LocalAlloc
0x49f19c GetTickCount
0x49f1a4 GetVersion
0x49f1a8 GetCurrentThreadId
0x49f1b4 VirtualQuery
0x49f1b8 WideCharToMultiByte
0x49f1bc MultiByteToWideChar
0x49f1c0 lstrlenA
0x49f1c4 lstrcpynA
0x49f1c8 LoadLibraryExA
0x49f1cc GetThreadLocale
0x49f1d0 GetStartupInfoA
0x49f1d4 GetProcAddress
0x49f1d8 GetModuleHandleA
0x49f1dc GetModuleFileNameA
0x49f1e0 GetLocaleInfoA
0x49f1e4 GetCommandLineA
0x49f1e8 FreeLibrary
0x49f1ec FindFirstFileA
0x49f1f0 FindClose
0x49f1f4 ExitProcess
0x49f1f8 WriteFile
0x49f200 RtlUnwind
0x49f204 RaiseException
0x49f208 GetStdHandle
Library user32.dll:
0x49f210 GetKeyboardType
0x49f214 LoadStringA
0x49f218 MessageBoxA
0x49f21c CharNextA
Library advapi32.dll:
0x49f224 RegQueryValueExA
0x49f228 RegOpenKeyExA
0x49f22c RegCloseKey
Library oleaut32.dll:
0x49f234 SysFreeString
0x49f238 SysReAllocStringLen
0x49f23c SysAllocStringLen
Library kernel32.dll:
0x49f244 TlsSetValue
0x49f248 TlsGetValue
0x49f24c LocalAlloc
0x49f250 GetModuleHandleA
Library advapi32.dll:
0x49f258 RegQueryValueExA
0x49f25c RegOpenKeyExA
0x49f260 RegCloseKey
Library kernel32.dll:
0x49f268 lstrcpyA
0x49f26c lstrcmpiA
0x49f270 lstrcmpA
0x49f274 WriteFile
0x49f278 WaitForSingleObject
0x49f27c VirtualQuery
0x49f280 VirtualProtect
0x49f284 VirtualAlloc
0x49f288 Sleep
0x49f28c SizeofResource
0x49f290 SetThreadLocale
0x49f294 SetFilePointer
0x49f298 SetEvent
0x49f29c SetErrorMode
0x49f2a0 SetEndOfFile
0x49f2a4 ResetEvent
0x49f2a8 ReadFile
0x49f2ac MulDiv
0x49f2b0 LockResource
0x49f2b4 LoadResource
0x49f2b8 LoadLibraryA
0x49f2c4 GlobalUnlock
0x49f2c8 GlobalSize
0x49f2cc GlobalReAlloc
0x49f2d0 GlobalHandle
0x49f2d4 GlobalLock
0x49f2d8 GlobalFree
0x49f2dc GlobalFindAtomA
0x49f2e0 GlobalDeleteAtom
0x49f2e4 GlobalAlloc
0x49f2e8 GlobalAddAtomA
0x49f2ec GetVersionExA
0x49f2f0 GetVersion
0x49f2f4 GetTickCount
0x49f2f8 GetThreadLocale
0x49f2fc GetSystemInfo
0x49f300 GetStringTypeExA
0x49f304 GetStdHandle
0x49f308 GetProfileStringA
0x49f30c GetProcAddress
0x49f310 GetModuleHandleA
0x49f314 GetModuleFileNameA
0x49f318 GetLocaleInfoA
0x49f31c GetLocalTime
0x49f320 GetLastError
0x49f324 GetFullPathNameA
0x49f328 GetDiskFreeSpaceA
0x49f32c GetDateFormatA
0x49f330 GetCurrentThreadId
0x49f334 GetCurrentProcessId
0x49f338 GetCPInfo
0x49f33c GetACP
0x49f340 FreeResource
0x49f344 InterlockedExchange
0x49f348 FreeLibrary
0x49f34c FormatMessageA
0x49f350 FindResourceA
0x49f354 FindFirstFileA
0x49f358 FindClose
0x49f364 EnumCalendarInfoA
0x49f36c DeleteFileA
0x49f374 CreateThread
0x49f378 CreateFileA
0x49f37c CreateEventA
0x49f380 CompareStringA
0x49f384 CloseHandle
Library version.dll:
0x49f38c VerQueryValueA
0x49f394 GetFileVersionInfoA
Library gdi32.dll:
0x49f39c UnrealizeObject
0x49f3a0 StretchBlt
0x49f3a4 SetWindowOrgEx
0x49f3a8 SetWinMetaFileBits
0x49f3ac SetViewportOrgEx
0x49f3b0 SetTextColor
0x49f3b4 SetStretchBltMode
0x49f3b8 SetROP2
0x49f3bc SetPixel
0x49f3c0 SetEnhMetaFileBits
0x49f3c4 SetDIBColorTable
0x49f3c8 SetBrushOrgEx
0x49f3cc SetBkMode
0x49f3d0 SetBkColor
0x49f3d4 SelectPalette
0x49f3d8 SelectObject
0x49f3dc SelectClipRgn
0x49f3e0 SaveDC
0x49f3e4 RestoreDC
0x49f3e8 Rectangle
0x49f3ec RectVisible
0x49f3f0 RealizePalette
0x49f3f4 Polyline
0x49f3f8 Polygon
0x49f3fc PlayEnhMetaFile
0x49f400 PatBlt
0x49f404 MoveToEx
0x49f408 MaskBlt
0x49f40c LineTo
0x49f410 IntersectClipRect
0x49f414 GetWindowOrgEx
0x49f418 GetWinMetaFileBits
0x49f41c GetTextMetricsA
0x49f420 GetTextExtentPointA
0x49f428 GetTextAlign
0x49f430 GetStockObject
0x49f434 GetROP2
0x49f438 GetPolyFillMode
0x49f43c GetPixelFormat
0x49f440 GetPixel
0x49f444 GetPaletteEntries
0x49f448 GetObjectA
0x49f44c GetGraphicsMode
0x49f458 GetEnhMetaFileBits
0x49f45c GetDeviceCaps
0x49f460 GetDIBits
0x49f464 GetDIBColorTable
0x49f468 GetDCOrgEx
0x49f46c GetDCPenColor
0x49f474 GetClipRgn
0x49f478 GetClipBox
0x49f47c GetBrushOrgEx
0x49f480 GetBkMode
0x49f484 GetBkColor
0x49f488 GetBitmapBits
0x49f48c GdiFlush
0x49f490 ExtTextOutA
0x49f494 ExcludeClipRect
0x49f498 EndPage
0x49f49c EndDoc
0x49f4a0 DeleteObject
0x49f4a4 DeleteEnhMetaFile
0x49f4a8 DeleteDC
0x49f4ac CreateSolidBrush
0x49f4b0 CreateRectRgn
0x49f4b4 CreatePenIndirect
0x49f4b8 CreatePalette
0x49f4bc CreateICA
0x49f4c4 CreateFontIndirectA
0x49f4c8 CreateDIBitmap
0x49f4cc CreateDIBSection
0x49f4d0 CreateDCA
0x49f4d4 CreateCompatibleDC
0x49f4dc CreateBrushIndirect
0x49f4e0 CreateBitmap
0x49f4e4 CopyEnhMetaFileA
0x49f4e8 BitBlt
Library user32.dll:
0x49f4f0 CreateWindowExA
0x49f4f4 WindowFromPoint
0x49f4f8 WinHelpA
0x49f4fc WaitMessage
0x49f500 UpdateWindow
0x49f504 UnregisterClassA
0x49f508 UnhookWindowsHookEx
0x49f50c TranslateMessage
0x49f514 TrackPopupMenu
0x49f51c ShowWindow
0x49f520 ShowScrollBar
0x49f524 ShowOwnedPopups
0x49f528 ShowCursor
0x49f52c ShowCaret
0x49f530 SetWindowsHookExA
0x49f534 SetWindowTextA
0x49f538 SetWindowPos
0x49f53c SetWindowPlacement
0x49f540 SetWindowLongA
0x49f544 SetTimer
0x49f548 SetScrollRange
0x49f54c SetScrollPos
0x49f550 SetScrollInfo
0x49f554 SetRect
0x49f558 SetPropA
0x49f55c SetParent
0x49f560 SetMenuItemInfoA
0x49f564 SetMenu
0x49f568 SetForegroundWindow
0x49f56c SetFocus
0x49f570 SetCursor
0x49f574 SetClipboardData
0x49f578 SetClassLongA
0x49f57c SetCapture
0x49f580 SetActiveWindow
0x49f584 SendMessageA
0x49f588 ScrollWindow
0x49f58c ScreenToClient
0x49f590 RemovePropA
0x49f594 RemoveMenu
0x49f598 ReleaseDC
0x49f59c ReleaseCapture
0x49f5a8 RegisterClassA
0x49f5ac RedrawWindow
0x49f5b0 PtInRect
0x49f5b4 PostQuitMessage
0x49f5b8 PostMessageA
0x49f5bc PeekMessageA
0x49f5c0 OpenClipboard
0x49f5c4 OffsetRect
0x49f5c8 OemToCharA
0x49f5cc MessageBoxA
0x49f5d0 MessageBeep
0x49f5d4 MapWindowPoints
0x49f5d8 MapVirtualKeyA
0x49f5dc LoadStringA
0x49f5e0 LoadKeyboardLayoutA
0x49f5e4 LoadIconA
0x49f5e8 LoadCursorA
0x49f5ec LoadBitmapA
0x49f5f0 KillTimer
0x49f5f4 IsZoomed
0x49f5f8 IsWindowVisible
0x49f5fc IsWindowEnabled
0x49f600 IsWindow
0x49f604 IsRectEmpty
0x49f608 IsIconic
0x49f60c IsDialogMessageA
0x49f610 IsChild
0x49f614 InvalidateRect
0x49f618 IntersectRect
0x49f61c InsertMenuItemA
0x49f620 InsertMenuA
0x49f624 InflateRect
0x49f628 HideCaret
0x49f630 GetWindowTextA
0x49f634 GetWindowRect
0x49f638 GetWindowPlacement
0x49f63c GetWindowLongA
0x49f640 GetWindowDC
0x49f644 GetTopWindow
0x49f648 GetSystemMetrics
0x49f64c GetSystemMenu
0x49f650 GetSysColorBrush
0x49f654 GetSysColor
0x49f658 GetSubMenu
0x49f65c GetScrollRange
0x49f660 GetScrollPos
0x49f664 GetScrollInfo
0x49f668 GetPropA
0x49f66c GetParent
0x49f670 GetWindow
0x49f674 GetMessagePos
0x49f678 GetMenuStringA
0x49f67c GetMenuState
0x49f680 GetMenuItemInfoA
0x49f684 GetMenuItemID
0x49f688 GetMenuItemCount
0x49f68c GetMenu
0x49f690 GetLastActivePopup
0x49f694 GetKeyboardState
0x49f69c GetKeyboardLayout
0x49f6a0 GetKeyState
0x49f6a4 GetKeyNameTextA
0x49f6a8 GetIconInfo
0x49f6ac GetForegroundWindow
0x49f6b0 GetFocus
0x49f6b4 GetDlgItem
0x49f6b8 GetDesktopWindow
0x49f6bc GetDCEx
0x49f6c0 GetDC
0x49f6c4 GetCursorPos
0x49f6c8 GetCursor
0x49f6cc GetClipboardData
0x49f6d0 GetClientRect
0x49f6d4 GetClassNameA
0x49f6d8 GetClassInfoA
0x49f6dc GetCapture
0x49f6e0 GetActiveWindow
0x49f6e4 FrameRect
0x49f6e8 FindWindowA
0x49f6ec FillRect
0x49f6f0 EqualRect
0x49f6f4 EnumWindows
0x49f6f8 EnumThreadWindows
0x49f6fc EndPaint
0x49f700 EnableWindow
0x49f704 EnableScrollBar
0x49f708 EnableMenuItem
0x49f70c EmptyClipboard
0x49f710 DrawTextA
0x49f714 DrawStateA
0x49f718 DrawMenuBar
0x49f71c DrawIconEx
0x49f720 DrawIcon
0x49f724 DrawFrameControl
0x49f728 DrawFocusRect
0x49f72c DrawEdge
0x49f730 DispatchMessageA
0x49f734 DestroyWindow
0x49f738 DestroyMenu
0x49f73c DestroyIcon
0x49f740 DestroyCursor
0x49f744 DeleteMenu
0x49f748 DefWindowProcA
0x49f74c DefMDIChildProcA
0x49f750 DefFrameProcA
0x49f754 CreatePopupMenu
0x49f758 CreateMenu
0x49f75c CreateIcon
0x49f760 CloseClipboard
0x49f764 ClientToScreen
0x49f76c CheckMenuItem
0x49f770 CallWindowProcA
0x49f774 CallNextHookEx
0x49f778 BeginPaint
0x49f77c CharNextA
0x49f780 CharLowerBuffA
0x49f784 CharLowerA
0x49f788 CharUpperBuffA
0x49f78c CharToOemA
0x49f790 AdjustWindowRectEx
Library kernel32.dll:
0x49f79c Sleep
Library oleaut32.dll:
0x49f7a4 SafeArrayPtrOfIndex
0x49f7a8 SafeArrayGetUBound
0x49f7ac SafeArrayGetLBound
0x49f7b0 SafeArrayCreate
0x49f7b4 VariantChangeType
0x49f7b8 VariantCopy
0x49f7bc VariantClear
0x49f7c0 VariantInit
Library ole32.dll:
0x49f7c8 CoTaskMemAlloc
0x49f7cc CoCreateInstance
0x49f7d0 CoUninitialize
0x49f7d4 CoInitialize
Library comctl32.dll:
0x49f7e4 ImageList_Write
0x49f7e8 ImageList_Read
0x49f7f8 ImageList_DragMove
0x49f7fc ImageList_DragLeave
0x49f800 ImageList_DragEnter
0x49f804 ImageList_EndDrag
0x49f808 ImageList_BeginDrag
0x49f80c ImageList_Remove
0x49f810 ImageList_DrawEx
0x49f814 ImageList_Replace
0x49f818 ImageList_Draw
0x49f828 ImageList_Add
0x49f834 ImageList_Destroy
0x49f838 ImageList_Create
0x49f83c InitCommonControls
Library winspool.drv:
0x49f844 OpenPrinterA
0x49f848 EnumPrintersA
0x49f84c DocumentPropertiesA
0x49f850 ClosePrinter
Library comdlg32.dll:
0x49f858 PrintDlgA
0x49f85c GetSaveFileNameA
0x49f860 GetOpenFileNameA
Library winmm.dll:
0x49f868 sndPlaySoundA
Library UrL:
0x49f870 InetIsOffline

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.