SmartHawk

5.6

高危

47 个模型检测该样本为恶意！

重新分析

下载样本

01da092bc20b08ea1bea6de68bc460606e7c34254de25501d0c4f385eb02e6bb

8c36b8354c1ac19f6afac3ab59ffa90c.exe

分析耗时

81s

最近分析

文件大小

328.5KB

静态报毒动态报毒 100% AI SCORE=82 AIDETECT ATTRIBUTE AUTO COBRA CONFIDENCE ENGZ FAREIT FORMBOOK GENERICKD HIGH CONFIDENCE HIGHCONFIDENCE HYODAUCA INJUKE JRSZA KCLOUD LHIA LOKI MALWARE1 MALWARE@#2DTNO80DIB471 NOON NSIS PWSTEAL REMCOS SCORE SIGGEN10 UNSAFE WACATAC 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	RDN/Loki	20210301	6.0.6.653
Avast	Win32:Malware-gen	20210301	21.1.5827.0
Baidu		20190318	1.0.0.2
Kingsoft	Win32.Hack.Undef.(kcloud)	20210301	2017.9.26.565
Tencent	Win32.Backdoor.Fareit.Auto	20210301	1.0.0.1
CrowdStrike	win/malicious_confidence_100% (W)	20210203	1.0

Checks if process is being debugged by a debugger (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620963556.877 IsDebuggerPresent		failed	0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620946609.789103 GlobalMemoryStatusEx		success	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)

section

.ndata

One or more processes crashed (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620963556.908 __exception__	stacktrace: LdrGetProcedureAddressEx+0x11f wcsstr-0x99d ntdll+0x302ea @ 0x77d602ea LdrGetProcedureAddress+0x18 LdrGetProcedureAddressEx-0x9 ntdll+0x301c2 @ 0x77d601c2 New_ntdll_LdrGetProcedureAddress@16+0x59 New_ntdll_LdrLoadDll@16-0xfb @ 0x7519d359 GetProcAddress+0x44 GetVersion-0x38 kernelbase+0x111c4 @ 0x778f11c4 SE_ProcessDying+0xce ApphelpCheckExe-0x5d02 apphelp+0x1008b @ 0x750c008b SE_ProcessDying+0x64 ApphelpCheckExe-0x5d6c apphelp+0x10021 @ 0x750c0021 hook+0x173 hook_get_mem-0x33a @ 0x75184e8e monitor_hook+0x5d monitor_unhook-0x1c @ 0x7518162d hook_library+0x1a unhook_library-0x3 @ 0x7518c6b9 New_ntdll_LdrLoadDll@16+0x112 New_ntdll_LdrUnloadDll@4-0x20 @ 0x7519d566 LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x778f1d2a LoadLibraryExA+0x26 FreeLibrary-0x18 kernelbase+0x11d7a @ 0x778f1d7a LoadLibraryA+0x31 HeapCreate-0x25 kernel32+0x14a08 @ 0x76354a08 winhttp+0x2479 @ 0x74812479 registers.esp: 1043896 registers.edi: 1033164613 registers.eax: 0 registers.ebp: 1044020 registers.edx: 2001928192 registers.ebx: 1036180037 registers.esi: 2001933840 registers.ecx: 1044118 exception.instruction_r: 8b 0c 87 03 ca 8b 55 e0 89 55 0c 8b 55 0c 8a 12 exception.symbol: LdrGetDllHandleEx+0x3c2 LdrGetProcedureAddress-0xd0 ntdll+0x300da exception.instruction: mov ecx, dword ptr [edi + eax*4] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 196826 exception.address: 0x77d600da	success	0	0

Time & API

Arguments

Status

Return

Repeated

1620963556.908
__exception__

stacktrace:

LdrGetProcedureAddressEx+0x11f wcsstr-0x99d ntdll+0x302ea @ 0x77d602ea
LdrGetProcedureAddress+0x18 LdrGetProcedureAddressEx-0x9 ntdll+0x301c2 @ 0x77d601c2
New_ntdll_LdrGetProcedureAddress@16+0x59 New_ntdll_LdrLoadDll@16-0xfb @ 0x7519d359
GetProcAddress+0x44 GetVersion-0x38 kernelbase+0x111c4 @ 0x778f11c4
SE_ProcessDying+0xce ApphelpCheckExe-0x5d02 apphelp+0x1008b @ 0x750c008b
SE_ProcessDying+0x64 ApphelpCheckExe-0x5d6c apphelp+0x10021 @ 0x750c0021
hook+0x173 hook_get_mem-0x33a @ 0x75184e8e
monitor_hook+0x5d monitor_unhook-0x1c @ 0x7518162d
hook_library+0x1a unhook_library-0x3 @ 0x7518c6b9
New_ntdll_LdrLoadDll@16+0x112 New_ntdll_LdrUnloadDll@4-0x20 @ 0x7519d566
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x778f1d2a
LoadLibraryExA+0x26 FreeLibrary-0x18 kernelbase+0x11d7a @ 0x778f1d7a
LoadLibraryA+0x31 HeapCreate-0x25 kernel32+0x14a08 @ 0x76354a08
winhttp+0x2479 @ 0x74812479

registers.esp: 1043896
registers.edi: 1033164613
registers.eax: 0
registers.ebp: 1044020
registers.edx: 2001928192
registers.ebx: 1036180037
registers.esi: 2001933840
registers.ecx: 1044118
exception.instruction_r: 8b 0c 87 03 ca 8b 55 e0 89 55 0c 8b 55 0c 8a 12
exception.symbol: LdrGetDllHandleEx+0x3c2 LdrGetProcedureAddress-0xd0 ntdll+0x300da
exception.instruction: mov ecx, dword ptr [edi + eax*4]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 196826
exception.address: 0x77d600da

success

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Allocates read-write-execute memory (usually to unpack itself) (13 个事件)

Time & API	Arguments	Status
1620963553.72 NtProtectVirtualMemory	process_identifier: 2240 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10008000	success
1620963553.72 NtProtectVirtualMemory	process_identifier: 2240 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x77531000	success
1620963553.72 NtProtectVirtualMemory	process_identifier: 2240 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x76121000	success
1620963556.861 NtProtectVirtualMemory	process_identifier: 2240 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x75110000	success
1620963556.892 NtProtectVirtualMemory	process_identifier: 2240 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x75091000	success
1620963556.892 NtAllocateVirtualMemory	process_identifier: 2240 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x00300000	success
1620963556.892 NtAllocateVirtualMemory	process_identifier: 2240 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x00310000	success
1620963556.892 NtProtectVirtualMemory	process_identifier: 2240 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x77531000	success
1620963556.892 NtProtectVirtualMemory	process_identifier: 2240 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x74811000	success
1620963556.892 NtProtectVirtualMemory	process_identifier: 2240 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x747c1000	success
1620963556.892 NtProtectVirtualMemory	process_identifier: 2240 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x74810000	success
1620963556.908 NtAllocateVirtualMemory	process_identifier: 2240 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x003b0000	success
1620963556.908 NtAllocateVirtualMemory	process_identifier: 2240 region_size: 147456 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x003c0000	success

Creates executable files on the filesystem (15 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\crontabs\create_account\index3\PermCalc.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Roaming\aspdnsfencrypt\piwik\bg\2.COMServerPS.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\crontabs\create_account\index3\22.opends60.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Roaming\insurance\consumer\offices\sbsmscorsec.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\crontabs\create_account\index3\pdmui.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\uninst.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\ClootAmp.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\dwr\cachemgr.cgi\u252000.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\crontabs\create_account\index3\60.opends60.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\dwr\cachemgr.cgi\vjscsvr.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\dwr\cachemgr.cgi\aspnetregbrowsers.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\dwr\cachemgr.cgi\vbapkgui.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\crontabs\create_account\index3\DevCfgUI.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Roaming\aspdnsfencrypt\piwik\bg\TwoLineListBoxEditor.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\dwr\cachemgr.cgi\63.opends60.dll

Drops an executable to the user AppData folder (11 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Roaming\aspdnsfencrypt\piwik\bg\TwoLineListBoxEditor.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\uninst.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\ClootAmp.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\crontabs\create_account\index3\pdmui.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\dwr\cachemgr.cgi\aspnetregbrowsers.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\dwr\cachemgr.cgi\vbapkgui.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\crontabs\create_account\index3\PermCalc.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\crontabs\create_account\index3\DevCfgUI.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\dwr\cachemgr.cgi\u252000.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Roaming\insurance\consumer\offices\sbsmscorsec.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\dwr\cachemgr.cgi\vjscsvr.exe

Communicates with host for which no DNS query was performed (3 个事件)

host	104.16.41.24
host	172.217.24.14
host	58.63.233.66

File has been identified by 47 AntiVirus engines on VirusTotal as malicious (47 个事件)

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
DrWeb	Trojan.Siggen10.17414
MicroWorld-eScan	Trojan.GenericKD.43819386
FireEye	Generic.mg.8c36b8354c1ac19f
McAfee	RDN/Loki
Cylance	Unsafe
Zillya	Backdoor.Remcos.Win32.3024
Sangfor	Trojan.Win32.Formbook.MK
K7AntiVirus	Trojan ( 0056e27a1 )
K7GW	Trojan ( 0056e27a1 )
Cybereason	malicious.54c1ac
Arcabit	Trojan.Generic.D29CA17A
Cyren	W32/Trojan.LHIA-7217
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Trojan.Win32.Injuke.vho
BitDefender	Trojan.GenericKD.43819386
Avast	Win32:Malware-gen
Ad-Aware	Trojan.GenericKD.43819386
Emsisoft	Trojan.Injector (A)
Comodo	Malware@#2dtno80dib471
VIPRE	Trojan.Win32.Generic.pak!cobra
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.Injector
Avira	TR/Injector.jrsza
MAX	malware (ai score=82)
Kingsoft	Win32.Hack.Undef.(kcloud)
Gridinsoft	Ransom.Win32.Wacatac.oa
Microsoft	Trojan:Win32/Pwsteal.Q!bit
AegisLab	Trojan.Win32.Injuke.4!c
ZoneAlarm	HEUR:Trojan.Win32.Injuke.vho
GData	Trojan.GenericKD.43819386
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Agent.C4151720
VBA32	TrojanSpy.Noon
Malwarebytes	Trojan.MalPack.NSIS
Zoner	Trojan.Win32.93819
ESET-NOD32	a variant of Win32/Injector.ENGZ
Tencent	Win32.Backdoor.Fareit.Auto
Fortinet	W32/Remcos!tr
Webroot	W32.Trojan.Gen
AVG	Win32:Malware-gen
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_100% (W)
Qihoo-360	Win32/Trojan.Injuke.HyoDaUcA

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)

dead_host	192.168.56.101:49234
dead_host	192.168.56.101:49235

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2019-12-16 08:51:03

Imports

Library KERNEL32.dll:

• 0x408070 SetEnvironmentVariableA

• 0x408074 CreateFileA

• 0x408078 GetFileSize

• 0x40807c GetModuleFileNameA

• 0x408080 ReadFile

• 0x408084 GetCurrentProcess

• 0x408088 CopyFileA

• 0x40808c Sleep

• 0x408090 GetTickCount

• 0x408094 GetWindowsDirectoryA

• 0x408098 GetTempPathA

• 0x40809c GetCommandLineA

• 0x4080a0 lstrlenA

• 0x4080a4 GetVersion

• 0x4080a8 SetErrorMode

• 0x4080ac lstrcpynA

• 0x4080b0 ExitProcess

• 0x4080b4 SetFileAttributesA

• 0x4080b8 GlobalLock

• 0x4080bc CreateThread

• 0x4080c0 GetLastError

• 0x4080c4 CreateDirectoryA

• 0x4080c8 CreateProcessA

• 0x4080cc RemoveDirectoryA

• 0x4080d0 GetTempFileNameA

• 0x4080d4 WriteFile

• 0x4080d8 lstrcpyA

• 0x4080dc MoveFileExA

• 0x4080e0 lstrcatA

• 0x4080e4 GetSystemDirectoryA

• 0x4080e8 GetProcAddress

• 0x4080ec GetExitCodeProcess

• 0x4080f0 WaitForSingleObject

• 0x4080f4 CompareFileTime

• 0x4080f8 SetFileTime

• 0x4080fc GetFileAttributesA

• 0x408100 SetCurrentDirectoryA

• 0x408104 MoveFileA

• 0x408108 GetFullPathNameA

• 0x40810c GetShortPathNameA

• 0x408110 SearchPathA

• 0x408114 CloseHandle

• 0x408118 lstrcmpiA

• 0x40811c GlobalUnlock

• 0x408120 GetDiskFreeSpaceA

• 0x408124 lstrcmpA

• 0x408128 DeleteFileA

• 0x40812c FindFirstFileA

• 0x408130 FindNextFileA

• 0x408134 FindClose

• 0x408138 SetFilePointer

• 0x40813c GetPrivateProfileStringA

• 0x408140 WritePrivateProfileStringA

• 0x408144 MulDiv

• 0x408148 MultiByteToWideChar

• 0x40814c FreeLibrary

• 0x408150 LoadLibraryExA

• 0x408154 GetModuleHandleA

• 0x408158 GlobalAlloc

• 0x40815c GlobalFree

• 0x408160 ExpandEnvironmentStringsA

Library USER32.dll:

• 0x408184 GetSystemMenu

• 0x408188 SetClassLongA

• 0x40818c EnableMenuItem

• 0x408190 IsWindowEnabled

• 0x408194 SetWindowPos

• 0x408198 GetSysColor

• 0x40819c GetWindowLongA

• 0x4081a0 SetCursor

• 0x4081a4 LoadCursorA

• 0x4081a8 CheckDlgButton

• 0x4081ac GetMessagePos

• 0x4081b0 CallWindowProcA

• 0x4081b4 IsWindowVisible

• 0x4081b8 CloseClipboard

• 0x4081bc SetClipboardData

• 0x4081c0 EmptyClipboard

• 0x4081c4 OpenClipboard

• 0x4081c8 ScreenToClient

• 0x4081cc GetWindowRect

• 0x4081d0 GetDlgItem

• 0x4081d4 GetSystemMetrics

• 0x4081d8 SetDlgItemTextA

• 0x4081dc GetDlgItemTextA

• 0x4081e0 MessageBoxIndirectA

• 0x4081e4 CharPrevA

• 0x4081e8 DispatchMessageA

• 0x4081ec PeekMessageA

• 0x4081f0 GetDC

• 0x4081f4 ReleaseDC

• 0x4081f8 EnableWindow

• 0x4081fc InvalidateRect

• 0x408200 SendMessageA

• 0x408204 DefWindowProcA

• 0x408208 BeginPaint

• 0x40820c GetClientRect

• 0x408210 FillRect

• 0x408214 EndDialog

• 0x408218 RegisterClassA

• 0x40821c SystemParametersInfoA

• 0x408220 CreateWindowExA

• 0x408224 GetClassInfoA

• 0x408228 DialogBoxParamA

• 0x40822c CharNextA

• 0x408230 ExitWindowsEx

• 0x408234 LoadImageA

• 0x408238 CreateDialogParamA

• 0x40823c SetTimer

• 0x408240 SetWindowTextA

• 0x408244 SetForegroundWindow

• 0x408248 ShowWindow

• 0x40824c SetWindowLongA

• 0x408250 SendMessageTimeoutA

• 0x408254 FindWindowExA

• 0x408258 IsWindow

• 0x40825c AppendMenuA

• 0x408260 TrackPopupMenu

• 0x408264 CreatePopupMenu

• 0x408268 DrawTextA

• 0x40826c EndPaint

• 0x408270 DestroyWindow

• 0x408274 wsprintfA

• 0x408278 PostQuitMessage

Library GDI32.dll:

• 0x40804c SelectObject

• 0x408050 SetTextColor

• 0x408054 SetBkMode

• 0x408058 CreateFontIndirectA

• 0x40805c CreateBrushIndirect

• 0x408060 DeleteObject

• 0x408064 GetDeviceCaps

• 0x408068 SetBkColor

Library SHELL32.dll:

• 0x408168 SHGetSpecialFolderLocation

• 0x40816c ShellExecuteExA

• 0x408170 SHGetPathFromIDListA

• 0x408174 SHBrowseForFolderA

• 0x408178 SHGetFileInfoA

• 0x40817c SHFileOperationA

Library ADVAPI32.dll:

• 0x408000 AdjustTokenPrivileges

• 0x408004 RegCreateKeyExA

• 0x408008 RegOpenKeyExA

• 0x40800c SetFileSecurityA

• 0x408010 OpenProcessToken

• 0x408014 LookupPrivilegeValueA

• 0x408018 RegEnumValueA

• 0x40801c RegDeleteKeyA

• 0x408020 RegDeleteValueA

• 0x408024 RegCloseKey

• 0x408028 RegSetValueExA

• 0x40802c RegQueryValueExA

• 0x408030 RegEnumKeyA

Library COMCTL32.dll:

• 0x408038 ImageList_Create

• 0x40803c ImageList_AddMasked

• 0x408040

• 0x408044 ImageList_Destroy

Library ole32.dll:

• 0x408280 OleUninitialize

• 0x408284 OleInitialize

• 0x408288 CoTaskMemFree

• 0x40828c CoCreateInstance

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49713	114.114.114.114	53
192.168.56.101	50002	114.114.114.114	53
192.168.56.101	53657	114.114.114.114	53
192.168.56.101	57756	114.114.114.114	53
192.168.56.101	60384	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51808	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	62318	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	53658	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.