8.4
高危
该样本未表现出任何异常!
重新分析
更多

b7f07a690cd50f5f722ef1b5a7a940a5c64e341f6a46f94c4dcbe10f18d6b516

7fe950515eb618cbf4f596e02a279242.exe

分析耗时

98s

最近分析

文件大小

536.0KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619724422.196375
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (5 个事件)
Time & API Arguments Status Return Repeated
1619724413.914375
CryptGenKey
crypto_handle: 0x00584af8
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00584228
flags: 1
key: fzX¾Çõ€€q±"#™£O Z
success 1 0
1619724422.196375
CryptExportKey
crypto_handle: 0x00584af8
crypto_export_handle: 0x005849a0
buffer: f¤Õ0ÖýÒõ9)§nïkšŸ«ö˜W´ßÛð€¶‰Sলfù-O¸OLÆb։äŽÑÞÝ ­».>ûf…»™D|[,sV:Ð^¿ž¾V³4ÛÈð@ºlS¡-Ó
blob_type: 1
flags: 64
success 1 0
1619724449.758375
CryptExportKey
crypto_handle: 0x00584af8
crypto_export_handle: 0x005849a0
buffer: f¤:‰VÅjò ˆçw%98ÞÜÿñdyFU"Åz)—ñÅw¦“[c+J„ÇÎ]Í5-V…Ÿ‡ß–°ý‹szãiœ@}¦&Քí‚HijößÊÝܨæ ü¶Í
blob_type: 1
flags: 64
success 1 0
1619724455.321375
CryptExportKey
crypto_handle: 0x00584af8
crypto_export_handle: 0x005849a0
buffer: f¤F—?€ªtç±Òþ¿ 2HdoÖmS§’Êú¯¿ä†6ïÈ»Û1äŽãÏþ©ÜíÈ@S¬²Ôü±ÃµÉ,ë V৲“š`¯ -¡Y˜DL&WêÕ9³L§örûâèÈõ,ø
blob_type: 1
flags: 64
success 1 0
1619724478.993375
CryptExportKey
crypto_handle: 0x00584af8
crypto_export_handle: 0x005849a0
buffer: f¤GWù,¶YÁ||ûŸæ*ò|·+ædîµsŠ¤ÑUøÙj!VýéMŒ<,£ @ëõû˜f´‘çûµéœÔµŒ˜$H¯ÀMÓk#»-ûá´`])«9kÀÞJÒÁ…j
blob_type: 1
flags: 64
success 1 0
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (5 个事件)
Time & API Arguments Status Return Repeated
1619724408.383125
NtAllocateVirtualMemory
process_identifier: 580
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x007e0000
success 0 0
1619724408.399125
NtAllocateVirtualMemory
process_identifier: 580
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00810000
success 0 0
1619724041.293021
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000004090000
success 0 0
1619724413.680375
NtAllocateVirtualMemory
process_identifier: 2436
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003a0000
success 0 0
1619724413.696375
NtAllocateVirtualMemory
process_identifier: 2436
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003f0000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Moves the original executable to a new location (1 个事件)
Time & API Arguments Status Return Repeated
1619724409.336125
MoveFileWithProgressW
oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7fe950515eb618cbf4f596e02a279242.exe
newfilepath: C:\Windows\SysWOW64\KBDHEB\ieui.exe
newfilepath_r: C:\Windows\SysWOW64\KBDHEB\ieui.exe
flags: 3
oldfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7fe950515eb618cbf4f596e02a279242.exe
success 1 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619724422.805375
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process ieui.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619724422.493375
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (5 个事件)
host 172.217.24.14
host 209.236.123.42
host 216.10.40.16
host 77.55.211.77
host 91.121.54.71
Installs itself for autorun at Windows startup (1 个事件)
service_name ieui service_path C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\KBDHEB\ieui.exe"
Created a service where a service was also not started (1 个事件)
Time & API Arguments Status Return Repeated
1619724412.274125
CreateServiceW
service_start_name:
start_type: 2
service_handle: 0x02635068
display_name: ieui
error_control: 0
service_name: ieui
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\KBDHEB\ieui.exe"
filepath_r: "C:\Windows\SysWOW64\KBDHEB\ieui.exe"
service_manager_handle: 0x02634f50
desired_access: 2
service_type: 16
password:
success 40063080 0
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619724425.633375
RegSetValueExA
key_handle: 0x000003ac
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619724425.633375
RegSetValueExA
key_handle: 0x000003ac
value: j =×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619724425.633375
RegSetValueExA
key_handle: 0x000003ac
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619724425.633375
RegSetValueExW
key_handle: 0x000003ac
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619724425.633375
RegSetValueExA
key_handle: 0x000003c4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619724425.633375
RegSetValueExA
key_handle: 0x000003c4
value: j =×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619724425.633375
RegSetValueExA
key_handle: 0x000003c4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619724425.633375
RegSetValueExW
key_handle: 0x000003a8
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Attempts to remove evidence of file being downloaded from the Internet (1 个事件)
file C:\Windows\SysWOW64\KBDHEB\ieui.exe:Zone.Identifier
Generates some ICMP traffic
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (7 个事件)
dead_host 172.217.160.110:443
dead_host 77.55.211.77:8080
dead_host 172.217.24.14:443
dead_host 209.236.123.42:8080
dead_host 91.121.54.71:8080
dead_host 216.10.40.16:80
dead_host 192.168.56.101:49184
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-31 23:32:05

Imports

Library KERNEL32.dll:
0x440104 SetErrorMode
0x440108 GetTickCount
0x44010c RtlUnwind
0x440110 HeapAlloc
0x440114 HeapFree
0x440118 VirtualProtect
0x44011c GetSystemInfo
0x440120 VirtualQuery
0x440124 GetStartupInfoA
0x440128 GetCommandLineA
0x44012c TerminateProcess
0x440130 HeapReAlloc
0x440134 HeapSize
0x44013c HeapDestroy
0x440140 HeapCreate
0x440144 VirtualFree
0x440148 IsBadWritePtr
0x44014c GetShortPathNameA
0x440164 SetHandleCount
0x440168 GetFileType
0x440170 GetCurrentProcessId
0x440178 LCMapStringA
0x44017c LCMapStringW
0x440180 GetStringTypeA
0x440184 GetStringTypeW
0x44018c IsBadReadPtr
0x440190 IsBadCodePtr
0x440194 GetUserDefaultLCID
0x440198 EnumSystemLocalesA
0x44019c IsValidLocale
0x4401a0 IsValidCodePage
0x4401a4 SetStdHandle
0x4401a8 GetLocaleInfoW
0x4401b0 CreateFileA
0x4401b8 FindFirstFileA
0x4401bc FindClose
0x4401c0 GetCurrentProcess
0x4401c4 DuplicateHandle
0x4401c8 GetFileSize
0x4401cc SetEndOfFile
0x4401d0 UnlockFile
0x4401d4 LockFile
0x4401d8 FlushFileBuffers
0x4401dc SetFilePointer
0x4401e0 WriteFile
0x4401e4 ReadFile
0x4401e8 DeleteFileA
0x4401ec MoveFileA
0x4401f4 RaiseException
0x4401f8 GetOEMCP
0x4401fc GetCPInfo
0x440204 GlobalFlags
0x440208 TlsFree
0x440210 LocalReAlloc
0x440214 TlsSetValue
0x440218 TlsAlloc
0x440220 TlsGetValue
0x440228 GlobalHandle
0x44022c GlobalReAlloc
0x440234 LocalAlloc
0x440238 FormatMessageA
0x44023c LocalFree
0x440240 GetDiskFreeSpaceA
0x440244 GetFullPathNameA
0x440248 GetTempFileNameA
0x44024c GetFileTime
0x440250 SetFileTime
0x440254 GetFileAttributesA
0x440264 CloseHandle
0x440268 GetCurrentThread
0x44026c GlobalAlloc
0x440270 lstrcmpA
0x440274 GetModuleFileNameA
0x440280 lstrcpyA
0x440284 GlobalFree
0x440288 SizeofResource
0x44028c GlobalLock
0x440290 GlobalUnlock
0x440294 MulDiv
0x440298 SetLastError
0x4402a0 FindResourceA
0x4402a4 LoadResource
0x4402a8 LockResource
0x4402ac FreeResource
0x4402b0 GetCurrentThreadId
0x4402b4 GlobalGetAtomNameA
0x4402b8 GlobalAddAtomA
0x4402bc GlobalFindAtomA
0x4402c0 GlobalDeleteAtom
0x4402c4 LoadLibraryA
0x4402c8 FreeLibrary
0x4402cc lstrcatA
0x4402d0 lstrcmpW
0x4402d4 lstrcpynA
0x4402d8 GetModuleHandleA
0x4402dc GetStringTypeExA
0x4402e0 CompareStringW
0x4402e4 CompareStringA
0x4402e8 lstrlenA
0x4402ec lstrcmpiA
0x4402f0 GetVersion
0x4402f4 WideCharToMultiByte
0x4402f8 MultiByteToWideChar
0x4402fc GetVersionExA
0x440300 GetThreadLocale
0x440304 GetLocaleInfoA
0x440308 GetACP
0x44030c InterlockedExchange
0x440310 VirtualAlloc
0x440314 GetLastError
0x440318 LoadLibraryW
0x44031c GetProcAddress
0x440320 GetStdHandle
0x440324 ExitProcess
Library USER32.dll:
0x440388 GetMenuItemInfoA
0x44038c GetSysColorBrush
0x440390 LoadCursorA
0x440394 GetDCEx
0x440398 LockWindowUpdate
0x44039c SetCapture
0x4403a0 DestroyIcon
0x4403a4 CharNextA
0x4403ac InvalidateRgn
0x4403b0 GetNextDlgGroupItem
0x4403b4 MessageBeep
0x4403bc PostThreadMessageA
0x4403c0 EndPaint
0x4403c4 BeginPaint
0x4403c8 GetWindowDC
0x4403cc ReleaseDC
0x4403d0 GetDC
0x4403d4 ClientToScreen
0x4403d8 GrayStringA
0x4403dc DrawTextExA
0x4403e0 DrawTextA
0x4403e4 TabbedTextOutA
0x4403e8 FillRect
0x4403f0 WinHelpA
0x4403f4 GetCapture
0x4403f8 CreateWindowExA
0x4403fc SetWindowsHookExA
0x440400 CallNextHookEx
0x440404 GetClassLongA
0x440408 GetClassInfoExA
0x44040c GetClassNameA
0x440410 SetPropA
0x440414 GetPropA
0x440418 RemovePropA
0x44041c SendDlgItemMessageA
0x440420 GetFocus
0x440424 IsWindow
0x440428 SetFocus
0x44042c IsChild
0x440434 GetWindowTextA
0x440438 GetForegroundWindow
0x44043c GetLastActivePopup
0x440440 SetActiveWindow
0x440444 DispatchMessageA
0x440448 BeginDeferWindowPos
0x44044c GetNextDlgTabItem
0x440450 GetDlgItem
0x440454 GetTopWindow
0x440458 DestroyWindow
0x44045c UnhookWindowsHookEx
0x440460 GetMessageTime
0x440464 GetMessagePos
0x440468 LoadIconA
0x44046c PeekMessageA
0x440470 MapWindowPoints
0x440474 MessageBoxA
0x440478 TrackPopupMenu
0x44047c GetKeyState
0x440480 GetMenuStringA
0x440484 SetForegroundWindow
0x440488 IsWindowVisible
0x44048c GetMenu
0x440490 PostMessageA
0x440494 GetSubMenu
0x440498 GetMenuItemID
0x44049c GetMenuItemCount
0x4404a0 AdjustWindowRectEx
0x4404a4 GetParent
0x4404a8 ScreenToClient
0x4404ac EqualRect
0x4404b0 DeferWindowPos
0x4404b4 GetClassInfoA
0x4404b8 RegisterClassA
0x4404bc UnregisterClassA
0x4404c0 GetDlgCtrlID
0x4404c4 SendMessageA
0x4404c8 DefWindowProcA
0x4404cc CallWindowProcA
0x4404d0 GetWindowLongA
0x4404d4 SetWindowLongA
0x4404d8 SetWindowPos
0x4404dc OffsetRect
0x4404e0 IntersectRect
0x4404e8 IsIconic
0x4404ec GetWindowPlacement
0x4404f0 GetSystemMetrics
0x4404f4 CopyRect
0x4404f8 PtInRect
0x4404fc EndDialog
0x440500 IsZoomed
0x440504 wsprintfA
0x440508 LoadMenuA
0x44050c DestroyMenu
0x440510 GetActiveWindow
0x440514 UnpackDDElParam
0x440518 ReuseDDElParam
0x44051c SetCursor
0x440520 ReleaseCapture
0x440524 LoadAcceleratorsA
0x440528 InsertMenuItemA
0x44052c CreatePopupMenu
0x440530 BringWindowToTop
0x440534 SetMenu
0x440538 GetDesktopWindow
0x440540 SetMenuItemBitmaps
0x440544 ModifyMenuA
0x440548 GetMenuState
0x44054c EnableMenuItem
0x440550 CheckMenuItem
0x440558 GetCursorPos
0x44055c WindowFromPoint
0x440560 KillTimer
0x440564 IsDialogMessageA
0x440568 SetRect
0x44056c InflateRect
0x440570 SetParent
0x440574 InsertMenuA
0x44057c MapDialogRect
0x440580 GetMessageA
0x440584 GetWindow
0x440588 GetWindowRect
0x44058c CharUpperA
0x440590 UpdateWindow
0x440594 EnableWindow
0x440598 GetSysColor
0x44059c InvalidateRect
0x4405a0 GetClientRect
0x4405a4 LoadBitmapA
0x4405a8 TranslateMessage
0x4405ac ValidateRect
0x4405b0 ShowOwnedPopups
0x4405b4 PostQuitMessage
0x4405bc GetSystemMenu
0x4405c0 AppendMenuA
0x4405c4 DeleteMenu
0x4405c8 SetRectEmpty
0x4405cc IsRectEmpty
0x4405d0 IsWindowEnabled
0x4405d4 ShowWindow
0x4405d8 MoveWindow
0x4405dc EndDeferWindowPos
0x4405e0 SetWindowTextA
0x4405e4 SetTimer
Library GDI32.dll:
0x440014 SetBkMode
0x440018 SetMapMode
0x44001c ExcludeClipRect
0x440020 IntersectClipRect
0x440024 DeleteObject
0x440028 SelectClipRgn
0x44002c CreateRectRgn
0x440030 GetViewportExtEx
0x440034 GetWindowExtEx
0x440038 PtVisible
0x44003c RectVisible
0x440040 TextOutA
0x440044 ExtTextOutA
0x440048 Escape
0x44004c SetViewportOrgEx
0x440050 OffsetViewportOrgEx
0x440054 SetViewportExtEx
0x440058 ScaleViewportExtEx
0x44005c SetWindowExtEx
0x440060 ScaleWindowExtEx
0x440064 RestoreDC
0x440068 ExtSelectClipRgn
0x44006c DeleteDC
0x440070 CreatePatternBrush
0x440074 CreateBitmap
0x440078 GetStockObject
0x44007c GetDeviceCaps
0x440080 CreatePen
0x440084 CreateSolidBrush
0x440088 CreateFontIndirectA
0x440090 SetRectRgn
0x440094 CombineRgn
0x440098 GetMapMode
0x44009c PatBlt
0x4400a0 GetBkColor
0x4400a8 GetTextMetricsA
0x4400b0 StretchDIBits
0x4400b4 GetCharWidthA
0x4400b8 CreateFontA
0x4400bc GetTextColor
0x4400c0 GetRgnBox
0x4400c4 SaveDC
0x4400c8 SetBkColor
0x4400cc SetTextColor
0x4400d0 GetClipBox
0x4400d4 SetPixel
0x4400d8 GetPixel
0x4400dc BitBlt
0x4400e0 RoundRect
0x4400e4 SelectObject
0x4400e8 GetObjectA
0x4400ec CreateCompatibleDC
Library comdlg32.dll:
0x44063c GetSaveFileNameA
0x440640 GetFileTitleA
0x440644 GetOpenFileNameA
Library WINSPOOL.DRV:
0x4405ec OpenPrinterA
0x4405f0 DocumentPropertiesA
0x4405f4 ClosePrinter
Library advapi32.dll:
0x4405fc SetFileSecurityA
0x440600 GetFileSecurityA
0x440604 RegSetValueA
0x440608 RegCreateKeyA
0x44060c RegSetValueExA
0x440610 RegDeleteValueA
0x440614 RevertToSelf
0x440618 RegCloseKey
0x44061c RegQueryValueExA
0x440620 RegOpenKeyExA
0x440624 RegDeleteKeyA
0x440628 RegEnumKeyA
0x44062c RegOpenKeyA
0x440630 RegQueryValueA
0x440634 RegCreateKeyExA
Library SHELL32.dll:
0x440360 DragQueryFileA
0x440364 ExtractIconA
0x440368 SHGetFileInfoA
0x44036c DragFinish
Library COMCTL32.dll:
0x440000 ImageList_Destroy
0x440008 ImageList_Draw
0x44000c
Library SHLWAPI.dll:
0x440374 PathFindFileNameA
0x440378 PathStripToRootA
0x44037c PathFindExtensionA
0x440380 PathIsUNCA
Library oledlg.dll:
0x44068c
Library ole32.dll:
0x44064c CoTaskMemFree
0x440650 CLSIDFromProgID
0x440658 OleFlushClipboard
0x440660 CoRevokeClassObject
0x440664 OleInitialize
0x44066c OleUninitialize
0x44067c CoGetClassObject
0x440680 CoTaskMemAlloc
0x440684 CLSIDFromString
Library OLEAUT32.dll:
0x44032c VariantClear
0x440330 VariantInit
0x440334 SysAllocStringLen
0x440338 SysFreeString
0x44033c SysStringLen
0x44034c SafeArrayDestroy
0x440350 SysAllocString
0x440354 VariantCopy
0x440358 VariantChangeType

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.