9.0
极危
该样本未表现出任何异常!
重新分析
更多

87eb94e383abeeb3be792ad7a20caf13175fb0f656b72df8e1c91ee4f8ff2637

36ca4c01c1588cbd2a974b17319518f0.exe

分析耗时

59s

最近分析

文件大小

577.5KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Queries for the computername (2 个事件)
Time & API Arguments Status Return Repeated
1620747393.906852
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620747393.906852
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620747393.843852
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (6 个事件)
Time & API Arguments Status Return Repeated
1620747363.500875
NtAllocateVirtualMemory
process_identifier: 580
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00570000
success 0 0
1620747374.234875
NtProtectVirtualMemory
process_identifier: 580
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 28672
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01cc1000
success 0 0
1620747374.281875
NtAllocateVirtualMemory
process_identifier: 580
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01de0000
success 0 0
1620747376.200126
NtAllocateVirtualMemory
process_identifier: 2144
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003f0000
success 0 0
1620747388.950126
NtProtectVirtualMemory
process_identifier: 2144
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 28672
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x01db1000
success 0 0
1620747388.966126
NtAllocateVirtualMemory
process_identifier: 2144
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01ed0000
success 0 0
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\doc.vbs
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620747395.796852
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.299983452281363 section {'size_of_data': '0x00022e00', 'virtual_address': '0x00073000', 'entropy': 7.299983452281363, 'name': '.rsrc', 'virtual_size': '0x00022c3c'} description A section with a high entropy has been found
entropy 0.2419774501300954 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 172.217.24.14
host 203.208.41.66
Creates an Alternate Data Stream (ADS) (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\doc\tgem.exe:ZoneIdentifier
Installs itself for autorun at Windows startup (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\doc.vbs
Deletes executed files from disk (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\doc\tgem.exe
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1620747398.468852
RegSetValueExA
key_handle: 0x00000354
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620747398.468852
RegSetValueExA
key_handle: 0x00000354
value: 0Æ*èYF×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620747398.468852
RegSetValueExA
key_handle: 0x00000354
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620747398.468852
RegSetValueExW
key_handle: 0x00000354
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620747398.484852
RegSetValueExA
key_handle: 0x0000036c
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620747398.484852
RegSetValueExA
key_handle: 0x0000036c
value: 0Æ*èYF×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620747398.484852
RegSetValueExA
key_handle: 0x0000036c
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620747398.546852
RegSetValueExW
key_handle: 0x00000350
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2144 called NtSetContextThread to modify thread in remote process 1880
Time & API Arguments Status Return Repeated
1620747390.419126
NtSetContextThread
thread_handle: 0x000000f8
registers.eip: 2010382788
registers.esp: 1638384
registers.edi: 0
registers.eax: 4301304
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1880
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2144 resumed a thread in remote process 1880
Time & API Arguments Status Return Repeated
1620747390.935126
NtResumeThread
thread_handle: 0x000000f8
suspend_count: 1
process_identifier: 1880
success 0 0
Generates some ICMP traffic
Executed a process and injected code into it, probably while unpacking (9 个事件)
Time & API Arguments Status Return Repeated
1620747375.640875
CreateProcessInternalW
thread_identifier: 1060
thread_handle: 0x000000f0
process_identifier: 2144
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Roaming\doc\tgem.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Roaming\doc\tgem.exe
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x000000f8
inherit_handles: 0
success 1 0
1620747390.388126
CreateProcessInternalW
thread_identifier: 1908
thread_handle: 0x000000f8
process_identifier: 1880
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Roaming\doc\tgem.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x000000f0
inherit_handles: 0
success 1 0
1620747390.388126
NtGetContextThread
thread_handle: 0x000000f8
success 0 0
1620747390.388126
NtUnmapViewOfSection
process_identifier: 1880
region_size: 4096
process_handle: 0x000000f0
base_address: 0x00400000
success 0 0
1620747390.388126
NtMapViewOfSection
section_handle: 0x00000100
process_identifier: 1880
commit_size: 131072
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x000000f0
allocation_type: 0 ()
section_offset: 0
view_size: 131072
base_address: 0x00400000
success 0 0
1620747390.419126
NtMapViewOfSection
section_handle: 0x000000fc
process_identifier: 1880
commit_size: 4096
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x000000f0
allocation_type: 0 ()
section_offset: 0
view_size: 4096
base_address: 0x001e0000
success 0 0
1620747390.419126
NtSetContextThread
thread_handle: 0x000000f8
registers.eip: 2010382788
registers.esp: 1638384
registers.edi: 0
registers.eax: 4301304
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 1880
success 0 0
1620747390.935126
NtResumeThread
thread_handle: 0x000000f8
suspend_count: 1
process_identifier: 1880
success 0 0
1620747393.859852
NtResumeThread
thread_handle: 0x000000e8
suspend_count: 1
process_identifier: 1880
success 0 0
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-01-13 14:51:24

Imports

Library kernel32.dll:
0x467114 VirtualFree
0x467118 VirtualAlloc
0x46711c LocalFree
0x467120 LocalAlloc
0x467124 GetCurrentThreadId
0x467130 VirtualQuery
0x467134 WideCharToMultiByte
0x467138 MultiByteToWideChar
0x46713c lstrlenA
0x467140 lstrcpynA
0x467144 LoadLibraryExA
0x467148 GetThreadLocale
0x46714c GetStartupInfoA
0x467150 GetProcAddress
0x467154 GetModuleHandleA
0x467158 GetModuleFileNameA
0x46715c GetLocaleInfoA
0x467160 GetLastError
0x467164 GetCommandLineA
0x467168 FreeLibrary
0x46716c FindFirstFileA
0x467170 FindClose
0x467174 ExitProcess
0x467178 WriteFile
0x467180 SetFilePointer
0x467184 SetEndOfFile
0x467188 RtlUnwind
0x46718c ReadFile
0x467190 RaiseException
0x467194 GetStdHandle
0x467198 GetFileSize
0x46719c GetFileType
0x4671a0 CreateFileA
0x4671a4 CloseHandle
Library user32.dll:
0x4671ac GetKeyboardType
0x4671b0 LoadStringA
0x4671b4 MessageBoxA
0x4671b8 CharNextA
Library advapi32.dll:
0x4671c0 RegQueryValueExA
0x4671c4 RegOpenKeyExA
0x4671c8 RegCloseKey
Library oleaut32.dll:
0x4671d0 SysFreeString
0x4671d4 SysReAllocStringLen
0x4671d8 SysAllocStringLen
Library kernel32.dll:
0x4671e0 TlsSetValue
0x4671e4 TlsGetValue
0x4671e8 LocalAlloc
0x4671ec GetModuleHandleA
Library advapi32.dll:
0x4671f4 RegQueryValueExA
0x4671f8 RegOpenKeyExA
0x4671fc RegCloseKey
Library kernel32.dll:
0x467204 lstrcpyA
0x467208 WriteFile
0x46720c WaitForSingleObject
0x467210 VirtualQuery
0x467214 VirtualProtect
0x467218 VirtualFree
0x46721c VirtualAlloc
0x467220 SleepEx
0x467224 Sleep
0x467228 SizeofResource
0x46722c SetThreadLocale
0x467230 SetFilePointer
0x467234 SetEvent
0x467238 SetErrorMode
0x46723c SetEndOfFile
0x467240 ResetEvent
0x467244 ReadFile
0x467248 MulDiv
0x46724c LockResource
0x467250 LoadResource
0x467254 LoadLibraryA
0x467260 GlobalUnlock
0x467264 GlobalReAlloc
0x467268 GlobalHandle
0x46726c GlobalLock
0x467270 GlobalFree
0x467274 GlobalFindAtomA
0x467278 GlobalDeleteAtom
0x46727c GlobalAlloc
0x467280 GlobalAddAtomA
0x467284 GetVersionExA
0x467288 GetVersion
0x46728c GetTickCount
0x467290 GetThreadLocale
0x467294 GetSystemInfo
0x467298 GetStringTypeExA
0x46729c GetStdHandle
0x4672a0 GetProcAddress
0x4672a4 GetModuleHandleA
0x4672a8 GetModuleFileNameA
0x4672ac GetLocaleInfoA
0x4672b0 GetLocalTime
0x4672b4 GetLastError
0x4672b8 GetDiskFreeSpaceA
0x4672bc GetCurrentThreadId
0x4672c0 GetCurrentProcessId
0x4672c4 GetCPInfo
0x4672c8 GetACP
0x4672cc FreeResource
0x4672d0 FreeLibrary
0x4672d4 FormatMessageA
0x4672d8 FindResourceA
0x4672dc EnumCalendarInfoA
0x4672e8 CreateThread
0x4672ec CreateFileA
0x4672f0 CreateEventA
0x4672f4 CompareStringA
0x4672f8 CloseHandle
Library gdi32.dll:
0x467300 UnrealizeObject
0x467304 StretchBlt
0x467308 SetWindowOrgEx
0x46730c SetViewportOrgEx
0x467310 SetTextColor
0x467314 SetStretchBltMode
0x467318 SetROP2
0x46731c SetPixel
0x467320 SetDIBColorTable
0x467324 SetBrushOrgEx
0x467328 SetBkMode
0x46732c SetBkColor
0x467330 SelectPalette
0x467334 SelectObject
0x467338 SelectClipRgn
0x46733c SaveDC
0x467340 RestoreDC
0x467344 Rectangle
0x467348 RectVisible
0x46734c RealizePalette
0x467350 Polyline
0x467354 PatBlt
0x467358 MoveToEx
0x46735c MaskBlt
0x467360 LineTo
0x467364 IntersectClipRect
0x467368 GetWindowOrgEx
0x46736c GetTextMetricsA
0x467378 GetStockObject
0x46737c GetPixel
0x467380 GetPaletteEntries
0x467384 GetObjectA
0x467388 GetDeviceCaps
0x46738c GetDIBits
0x467390 GetDIBColorTable
0x467394 GetDCOrgEx
0x46739c GetClipRgn
0x4673a0 GetClipBox
0x4673a4 GetBrushOrgEx
0x4673a8 GetBitmapBits
0x4673ac ExcludeClipRect
0x4673b0 DeleteObject
0x4673b4 DeleteDC
0x4673b8 CreateSolidBrush
0x4673bc CreateRectRgn
0x4673c0 CreatePenIndirect
0x4673c4 CreatePalette
0x4673cc CreateFontIndirectA
0x4673d0 CreateDIBitmap
0x4673d4 CreateDIBSection
0x4673d8 CreateCompatibleDC
0x4673e0 CreateBrushIndirect
0x4673e4 CreateBitmap
0x4673e8 BitBlt
Library user32.dll:
0x4673f0 WindowFromPoint
0x4673f4 WinHelpA
0x4673f8 WaitMessage
0x4673fc UpdateWindow
0x467400 UnregisterClassA
0x467404 UnhookWindowsHookEx
0x467408 TranslateMessage
0x467410 TrackPopupMenu
0x467418 ShowWindow
0x46741c ShowScrollBar
0x467420 ShowOwnedPopups
0x467424 ShowCursor
0x467428 SetWindowsHookExA
0x46742c SetWindowPos
0x467430 SetWindowPlacement
0x467434 SetWindowLongA
0x467438 SetTimer
0x46743c SetScrollRange
0x467440 SetScrollPos
0x467444 SetScrollInfo
0x467448 SetRect
0x46744c SetPropA
0x467450 SetMenuItemInfoA
0x467454 SetMenu
0x467458 SetForegroundWindow
0x46745c SetFocus
0x467460 SetCursor
0x467464 SetClassLongA
0x467468 SetCapture
0x46746c SetActiveWindow
0x467470 SendMessageA
0x467474 ScrollWindow
0x467478 ScreenToClient
0x46747c RemovePropA
0x467480 RemoveMenu
0x467484 ReleaseDC
0x467488 ReleaseCapture
0x467494 RegisterClassA
0x467498 RedrawWindow
0x46749c PtInRect
0x4674a0 PostQuitMessage
0x4674a4 PostMessageA
0x4674a8 PeekMessageA
0x4674ac OffsetRect
0x4674b0 OemToCharA
0x4674b4 MessageBoxA
0x4674b8 MapWindowPoints
0x4674bc MapVirtualKeyA
0x4674c0 LoadStringA
0x4674c4 LoadKeyboardLayoutA
0x4674c8 LoadIconA
0x4674cc LoadCursorA
0x4674d0 LoadBitmapA
0x4674d4 KillTimer
0x4674d8 IsZoomed
0x4674dc IsWindowVisible
0x4674e0 IsWindowEnabled
0x4674e4 IsWindow
0x4674e8 IsRectEmpty
0x4674ec IsIconic
0x4674f0 IsDialogMessageA
0x4674f4 IsChild
0x4674f8 InvalidateRect
0x4674fc IntersectRect
0x467500 InsertMenuItemA
0x467504 InsertMenuA
0x467508 InflateRect
0x467510 GetWindowTextA
0x467514 GetWindowRect
0x467518 GetWindowPlacement
0x46751c GetWindowLongA
0x467520 GetWindowDC
0x467524 GetTopWindow
0x467528 GetSystemMetrics
0x46752c GetSystemMenu
0x467530 GetSysColor
0x467534 GetSubMenu
0x467538 GetScrollRange
0x46753c GetScrollPos
0x467540 GetScrollInfo
0x467544 GetPropA
0x467548 GetParent
0x46754c GetWindow
0x467550 GetMenuStringA
0x467554 GetMenuState
0x467558 GetMenuItemInfoA
0x46755c GetMenuItemID
0x467560 GetMenuItemCount
0x467564 GetMenu
0x467568 GetLastInputInfo
0x46756c GetLastActivePopup
0x467570 GetKeyboardState
0x467578 GetKeyboardLayout
0x46757c GetKeyState
0x467580 GetKeyNameTextA
0x467584 GetIconInfo
0x467588 GetForegroundWindow
0x46758c GetFocus
0x467590 GetDesktopWindow
0x467594 GetDCEx
0x467598 GetDC
0x46759c GetCursorPos
0x4675a0 GetCursor
0x4675a4 GetClientRect
0x4675a8 GetClassNameA
0x4675ac GetClassInfoA
0x4675b0 GetCapture
0x4675b4 GetActiveWindow
0x4675b8 FrameRect
0x4675bc FindWindowA
0x4675c0 FillRect
0x4675c4 EqualRect
0x4675c8 EnumWindows
0x4675cc EnumThreadWindows
0x4675d0 EndPaint
0x4675d4 EndDeferWindowPos
0x4675d8 EnableWindow
0x4675dc EnableScrollBar
0x4675e0 EnableMenuItem
0x4675e4 DrawTextA
0x4675e8 DrawMenuBar
0x4675ec DrawIconEx
0x4675f0 DrawIcon
0x4675f4 DrawFrameControl
0x4675f8 DrawFocusRect
0x4675fc DrawEdge
0x467600 DispatchMessageA
0x467604 DestroyWindow
0x467608 DestroyMenu
0x46760c DestroyIcon
0x467610 DestroyCursor
0x467614 DeleteMenu
0x467618 DeferWindowPos
0x46761c DefWindowProcA
0x467620 DefMDIChildProcA
0x467624 DefFrameProcA
0x467628 CreateWindowExA
0x46762c CreatePopupMenu
0x467630 CreateMenu
0x467634 CreateIcon
0x467638 ClientToScreen
0x46763c CheckMenuItem
0x467640 CallWindowProcA
0x467644 CallNextHookEx
0x467648 BeginPaint
0x46764c BeginDeferWindowPos
0x467650 CharNextA
0x467654 CharLowerA
0x467658 AdjustWindowRectEx
Library kernel32.dll:
0x467664 Sleep
Library oleaut32.dll:
0x46766c SafeArrayPtrOfIndex
0x467670 SafeArrayPutElement
0x467674 SafeArrayGetElement
0x467678 SafeArrayGetUBound
0x46767c SafeArrayGetLBound
0x467680 SafeArrayRedim
0x467684 SafeArrayCreate
0x467688 VariantChangeTypeEx
0x46768c VariantCopyInd
0x467690 VariantCopy
0x467694 VariantClear
0x467698 VariantInit
Library comctl32.dll:
0x4676a8 ImageList_Write
0x4676ac ImageList_Read
0x4676bc ImageList_DragMove
0x4676c0 ImageList_DragLeave
0x4676c4 ImageList_DragEnter
0x4676c8 ImageList_EndDrag
0x4676cc ImageList_BeginDrag
0x4676d0 ImageList_Remove
0x4676d4 ImageList_DrawEx
0x4676d8 ImageList_Replace
0x4676dc ImageList_Draw
0x4676ec ImageList_Add
0x4676f4 ImageList_Destroy
0x4676f8 ImageList_Create

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
203.208.41.66 443 192.168.56.101 49372

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.