9.6
极危
52 个模型检测该样本为恶意!
重新分析
更多

405b7920cbfdcb9b49480c67b8bc801851d6ca5d21f4cfd392858ceeec552ce6

87e35ba7984dd29f7c5ee660bc040d67.exe

分析耗时

100s

最近分析

文件大小

304.0KB
静态报毒 动态报毒 AIDETECTVM BANKERX BFFL CLASSIC CONFIDENCE ELDORADO EMOTET GENCIRC GENERICKDZ GENETIC HFAA HIGH CONFIDENCE HOGMIX KCLOUD KRYPTIK MALWARE1 MALWARE@#1AOWWUWFIPKST QQNVE R + TROJ SCORE SOHFITLH6FG TQ0@AGBI89GK UNSAFE WACATAC ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Emotet-FRI!87E35BA7984D 20201211 6.0.6.653
Baidu 20190318 1.0.0.2
Avast 20201211 21.1.5827.0
Alibaba Trojan:Win32/Emotet.3c0a43e9 20190527 0.3.0.5
Tencent Malware.Win32.Gencirc.10cde1cb 20201211 1.0.0.1
Kingsoft Win32.Hack.Undef.(kcloud) 20201211 2017.9.26.565
CrowdStrike win/malicious_confidence_60% (W) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619693296.070375
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (4 个事件)
Time & API Arguments Status Return Repeated
1619693285.523375
CryptGenKey
crypto_handle: 0x0069ca58
algorithm_identifier: 0x0000660e ()
provider_handle: 0x0069db50
flags: 1
key: f'gïèKÄ¿ì5‹áÊÜó
success 1 0
1619693296.070375
CryptExportKey
crypto_handle: 0x0069ca58
crypto_export_handle: 0x0069c998
buffer: f¤Àëgpo7³&Ñh „Uà‡ã˜R`Dk·B1qYù(™|cñ¤¹ØeãAžE¥Ùªz)Æ©³ñÁ½²Ú\ŸGYŸM)g]•løq²éqM¶RþÆÚ*´ RÏ© ÙÇ
blob_type: 1
flags: 64
success 1 0
1619693324.867375
CryptExportKey
crypto_handle: 0x0069ca58
crypto_export_handle: 0x0069c998
buffer: f¤"é¯öÝ%fzùÑUH5ÜVHՅۘ øm­Öà-5ajÚJ®&ü“à«þáòYõ“cÉ:ãÙÃL»UM¦ôO0Ï·US ´/õüšâf›ª4 ]ø(s5Ý0¯
blob_type: 1
flags: 64
success 1 0
1619693348.867375
CryptExportKey
crypto_handle: 0x0069ca58
crypto_export_handle: 0x0069c998
buffer: f¤œ¹<P u9ݒ*/$qÛô¦k´öDÌ;t'ôTE>:š*Ç! ¯}ÚÅGf_£”›àåƵÓrºí®ñßg6æè OûÇyûB£^4ü¡OjÏ?@gzë{Ï¿¦"v
blob_type: 1
flags: 64
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1619693278.352
NtAllocateVirtualMemory
process_identifier: 2260
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00600000
success 0 0
1619693341.726625
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0000000004280000
success 0 0
1619693285.132375
NtAllocateVirtualMemory
process_identifier: 1804
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12289 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00570000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (8 个事件)
Moves the original executable to a new location (1 个事件)
Time & API Arguments Status Return Repeated
1619693279.211
MoveFileWithProgressW
oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\87e35ba7984dd29f7c5ee660bc040d67.exe
newfilepath: C:\Windows\SysWOW64\winsockhc\psr.exe
newfilepath_r: C:\Windows\SysWOW64\winsockhc\psr.exe
flags: 3
oldfilepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\87e35ba7984dd29f7c5ee660bc040d67.exe
success 1 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619693297.179375
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.34360062881296 section {'size_of_data': '0x0000d000', 'virtual_address': '0x00043000', 'entropy': 7.34360062881296, 'name': '.rsrc', 'virtual_size': '0x0000c110'} description A section with a high entropy has been found
Expresses interest in specific running processes (1 个事件)
process psr.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619693296.804375
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (4 个事件)
host 157.7.199.53
host 172.217.24.14
host 181.30.69.50
host 190.163.1.31
Installs itself for autorun at Windows startup (1 个事件)
service_name psr service_path C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\winsockhc\psr.exe"
Created a service where a service was also not started (1 个事件)
Time & API Arguments Status Return Repeated
1619693284.055
CreateServiceW
service_start_name:
start_type: 2
service_handle: 0x03447b78
display_name: psr
error_control: 0
service_name: psr
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\"C:\Windows\SysWOW64\winsockhc\psr.exe"
filepath_r: "C:\Windows\SysWOW64\winsockhc\psr.exe"
service_manager_handle: 0x03467d88
desired_access: 2
service_type: 16
password:
success 54819704 0
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619693299.789375
RegSetValueExA
key_handle: 0x000003c4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619693299.789375
RegSetValueExA
key_handle: 0x000003c4
value: Ð7Jöç<×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619693299.789375
RegSetValueExA
key_handle: 0x000003c4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619693299.789375
RegSetValueExW
key_handle: 0x000003c4
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619693299.789375
RegSetValueExA
key_handle: 0x000003dc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619693299.789375
RegSetValueExA
key_handle: 0x000003dc
value: Ð7Jöç<×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619693299.789375
RegSetValueExA
key_handle: 0x000003dc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619693299.804375
RegSetValueExW
key_handle: 0x000003c0
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Attempts to remove evidence of file being downloaded from the Internet (1 个事件)
file C:\Windows\SysWOW64\winsockhc\psr.exe:Zone.Identifier
File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.68861
FireEye Trojan.GenericKDZ.68861
McAfee Emotet-FRI!87E35BA7984D
Malwarebytes Trojan.MalPack.TRE
Zillya Backdoor.Emotet.Win32.375
Sangfor Malware
K7AntiVirus Trojan ( 0056e08f1 )
BitDefender Trojan.GenericKDZ.68861
K7GW Trojan ( 0056e08f1 )
Arcabit Trojan.Generic.D10CFD
Cyren W32/Kryptik.BQM.gen!Eldorado
Symantec Trojan.Emotet
APEX Malicious
ClamAV Win.Packed.Emotet-9778865-0
Kaspersky HEUR:Trojan-Banker.Win32.Emotet.gen
Alibaba Trojan:Win32/Emotet.3c0a43e9
NANO-Antivirus Trojan.Win32.Emotet.hogmix
Tencent Malware.Win32.Gencirc.10cde1cb
Ad-Aware Trojan.GenericKDZ.68861
Emsisoft Trojan.Emotet (A)
Comodo Malware@#1aowwuwfipkst
F-Secure Trojan.TR/Crypt.Agent.qqnve
DrWeb Trojan.Emotet.987
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition BehavesLike.Win32.Emotet.fh
Sophos Mal/Generic-R + Troj/Agent-BFFL
Ikarus Trojan-Banker.Emotet
Jiangmin Backdoor.Emotet.ng
Avira TR/Crypt.Agent.qqnve
Antiy-AVL Trojan[Banker]/Win32.Emotet
Kingsoft Win32.Hack.Undef.(kcloud)
Gridinsoft Ransom.Win32.Wacatac.oa!s1
Microsoft Trojan:Win32/Emotet.ARJ!MTB
ZoneAlarm HEUR:Trojan-Banker.Win32.Emotet.gen
GData Trojan.GenericKDZ.68861
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.Generic.C4164696
BitDefenderTheta Gen:NN.ZexaF.34670.tq0@aGBI89gk
ALYac Trojan.Agent.Emotet
VBA32 Trojan.Emotet
Cylance Unsafe
Panda Trj/Genetic.gen
ESET-NOD32 a variant of Win32/Kryptik.HFAA
Rising Trojan.Kryptik!1.C89F (CLASSIC)
Yandex Trojan.Kryptik!soHFITLH6Fg
Fortinet W32/GenericKDZ.6889!tr
AVG Win32:BankerX-gen [Trj]
Paloalto generic.ml
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (4 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.110:443
dead_host 181.30.69.50:80
dead_host 157.7.199.53:8080
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-07-21 01:07:33

Imports

Library KERNEL32.dll:
0x4310c8 SetHandleCount
0x4310cc GetStdHandle
0x4310d0 GetFileType
0x4310e8 HeapDestroy
0x4310ec HeapCreate
0x4310f0 VirtualFree
0x4310f4 VirtualAlloc
0x4310f8 IsBadWritePtr
0x431100 LCMapStringA
0x431104 LCMapStringW
0x431108 GetStringTypeA
0x43110c Sleep
0x431110 SetStdHandle
0x431114 IsBadReadPtr
0x431118 IsBadCodePtr
0x43111c CompareStringA
0x431120 CompareStringW
0x43112c GetACP
0x431130 GetProfileStringA
0x431134 InterlockedExchange
0x431138 HeapSize
0x43113c HeapReAlloc
0x431140 RaiseException
0x431144 TerminateProcess
0x431148 HeapFree
0x43114c HeapAlloc
0x431150 ExitProcess
0x431154 GetCommandLineA
0x431158 GetStartupInfoA
0x43115c RtlUnwind
0x431160 GetFileTime
0x431164 GetFileSize
0x431168 GetFileAttributesA
0x43116c GetTickCount
0x431178 GetFullPathNameA
0x431180 FindFirstFileA
0x431184 FindClose
0x431188 SetEndOfFile
0x43118c UnlockFile
0x431190 LockFile
0x431194 FlushFileBuffers
0x431198 SetFilePointer
0x43119c WriteFile
0x4311a0 ReadFile
0x4311a4 CreateFileA
0x4311a8 DuplicateHandle
0x4311ac SetErrorMode
0x4311b0 FormatMessageA
0x4311b4 GetOEMCP
0x4311b8 GetCPInfo
0x4311bc GetThreadLocale
0x4311c0 GetProcessVersion
0x4311c8 GlobalFlags
0x4311cc MulDiv
0x4311d0 TlsGetValue
0x4311d4 LocalReAlloc
0x4311d8 TlsSetValue
0x4311e0 GlobalReAlloc
0x4311e8 TlsFree
0x4311ec GlobalHandle
0x4311f4 TlsAlloc
0x4311fc LocalFree
0x431200 LocalAlloc
0x431204 GetLastError
0x431208 SetLastError
0x43120c lstrcpynA
0x431210 MultiByteToWideChar
0x431214 WideCharToMultiByte
0x431220 lstrlenA
0x431224 GetVersion
0x431228 lstrcatA
0x43122c GlobalGetAtomNameA
0x431230 GlobalAddAtomA
0x431234 GlobalFindAtomA
0x431238 lstrcpyA
0x43123c GetModuleHandleA
0x431240 LoadLibraryA
0x431244 FreeLibrary
0x431248 GlobalUnlock
0x43124c GlobalFree
0x431250 LockResource
0x431254 FindResourceA
0x431258 LoadResource
0x43125c CloseHandle
0x431260 GetModuleFileNameA
0x431264 GlobalLock
0x431268 GlobalAlloc
0x43126c GlobalDeleteAtom
0x431270 lstrcmpA
0x431274 lstrcmpiA
0x431278 GetCurrentThread
0x43127c GetCurrentThreadId
0x431280 LoadLibraryExA
0x431284 GetProcAddress
0x431288 SizeofResource
0x43128c GetCurrentProcess
0x431290 GetStringTypeW
Library USER32.dll:
0x4312c8 PostThreadMessageA
0x4312cc GetDC
0x4312d0 ReleaseDC
0x4312d4 MoveWindow
0x4312d8 SetWindowTextA
0x4312dc IsDialogMessageA
0x4312e0 SendDlgItemMessageA
0x4312e4 MapWindowPoints
0x4312e8 GetSysColor
0x4312ec SetFocus
0x4312f0 AdjustWindowRectEx
0x4312f4 GetClientRect
0x4312f8 CopyRect
0x4312fc GetTopWindow
0x431300 IsChild
0x431304 GetCapture
0x431308 WinHelpA
0x43130c wsprintfA
0x431310 GetClassInfoA
0x431314 RegisterClassA
0x431318 GetMenu
0x43131c GetMenuItemCount
0x431320 GetMenuItemID
0x431328 GetWindowTextA
0x43132c GetDlgCtrlID
0x431330 DefWindowProcA
0x431334 CreateWindowExA
0x431338 GetClassLongA
0x43133c SetPropA
0x431340 UnhookWindowsHookEx
0x431344 GetPropA
0x431348 CallWindowProcA
0x43134c RemovePropA
0x431350 GetMessageTime
0x431354 SetForegroundWindow
0x431358 SetWindowLongA
0x431360 OffsetRect
0x431368 IsIconic
0x43136c GetWindowPlacement
0x431370 GetWindowRect
0x431374 MapDialogRect
0x431378 SetWindowPos
0x43137c GetWindow
0x431384 EndDialog
0x431388 SetActiveWindow
0x43138c IsWindow
0x431390 GetSystemMetrics
0x431398 DestroyWindow
0x43139c GetDlgItem
0x4313a4 LoadBitmapA
0x4313a8 GetMenuState
0x4313ac SetMenuItemBitmaps
0x4313b0 CheckMenuItem
0x4313b4 EnableMenuItem
0x4313b8 GetFocus
0x4313bc GetNextDlgTabItem
0x4313c0 GetMessageA
0x4313c4 TranslateMessage
0x4313c8 DispatchMessageA
0x4313cc LoadIconA
0x4313d0 GetSystemMenu
0x4313d4 EnableWindow
0x4313d8 UnregisterClassA
0x4313dc HideCaret
0x4313e0 ShowCaret
0x4313e4 ExcludeUpdateRgn
0x4313e8 DrawFocusRect
0x4313ec DefDlgProcA
0x4313f0 IsWindowUnicode
0x4313f4 SendMessageA
0x4313f8 RemoveMenu
0x4313fc GetActiveWindow
0x431400 GetKeyState
0x431404 CallNextHookEx
0x431408 ValidateRect
0x43140c IsWindowVisible
0x431410 PeekMessageA
0x431414 SetWindowsHookExA
0x431418 GetParent
0x43141c GetLastActivePopup
0x431420 IsWindowEnabled
0x431424 GetWindowLongA
0x431428 MessageBoxA
0x43142c PostQuitMessage
0x431430 PostMessageA
0x431438 CharUpperA
0x43143c GetForegroundWindow
0x431440 LoadMenuA
0x431444 GetSubMenu
0x431448 ModifyMenuA
0x43144c GetCursorPos
0x431450 TrackPopupMenu
0x431454 LockWindowUpdate
0x431458 UpdateWindow
0x43145c LoadCursorA
0x431460 SetCursor
0x431464 GetMessagePos
0x431468 ScreenToClient
0x43146c InflateRect
0x431470 DestroyMenu
0x431474 GetNextDlgGroupItem
0x43147c CharNextA
0x431480 MessageBeep
0x431484 SetRect
0x431488 InvalidateRect
0x43148c GetSysColorBrush
0x431490 GrayStringA
0x431494 DrawTextA
0x431498 TabbedTextOutA
0x43149c EndPaint
0x4314a0 BeginPaint
0x4314a4 GetWindowDC
0x4314a8 PtInRect
0x4314ac GetClassNameA
0x4314b0 ClientToScreen
0x4314b4 GetDesktopWindow
0x4314b8 LoadStringA
0x4314bc IntersectRect
0x4314c0 ShowWindow
Library GDI32.dll:
0x431028 SetWindowExtEx
0x43102c ScaleWindowExtEx
0x431030 IntersectClipRect
0x431034 GetDeviceCaps
0x431038 GetViewportExtEx
0x43103c CreateSolidBrush
0x431040 PtVisible
0x431044 RectVisible
0x431048 TextOutA
0x43104c ExtTextOutA
0x431050 Escape
0x431054 DPtoLP
0x431058 GetTextColor
0x43105c GetBkColor
0x431060 LPtoDP
0x431064 GetMapMode
0x431068 ScaleViewportExtEx
0x43106c SetViewportExtEx
0x431070 OffsetViewportOrgEx
0x431074 SetViewportOrgEx
0x431078 SetMapMode
0x43107c SetBkMode
0x431080 GetStockObject
0x431084 SelectObject
0x431088 RestoreDC
0x43108c SaveDC
0x431090 DeleteDC
0x431094 DeleteObject
0x431098 PatBlt
0x43109c GetObjectA
0x4310a0 SetBkColor
0x4310a4 SetTextColor
0x4310a8 GetClipBox
0x4310ac GetWindowExtEx
0x4310b0 CreateDIBitmap
0x4310b4 GetTextExtentPointA
0x4310b8 BitBlt
0x4310bc CreateCompatibleDC
0x4310c0 CreateBitmap
Library comdlg32.dll:
0x4314d8 GetOpenFileNameA
0x4314dc GetSaveFileNameA
0x4314e0 GetFileTitleA
Library WINSPOOL.DRV:
0x4314c8 OpenPrinterA
0x4314cc DocumentPropertiesA
0x4314d0 ClosePrinter
Library ADVAPI32.dll:
0x431000 RegCreateKeyExA
0x431004 RegOpenKeyExA
0x431008 RegSetValueExA
0x43100c RegCloseKey
Library COMCTL32.dll:
0x431018
0x43101c ImageList_Destroy
0x431020 ImageList_Create
Library oledlg.dll:
0x431528
Library ole32.dll:
0x4314ec OleUninitialize
0x4314f0 OleInitialize
0x4314f4 CoTaskMemAlloc
0x4314f8 CoTaskMemFree
0x431508 CoGetClassObject
0x43150c CLSIDFromString
0x431510 CLSIDFromProgID
0x431518 CoRevokeClassObject
0x43151c OleFlushClipboard
Library OLEPRO32.DLL:
0x4312c0
Library OLEAUT32.dll:
0x431298 SysFreeString
0x43129c SysAllocStringLen
0x4312a0 VariantClear
0x4312a8 VariantCopy
0x4312ac VariantChangeType
0x4312b0 SysAllocString
0x4312b8 SysStringLen

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.