SmartHawk

3.0

中危

53 个模型检测该样本为恶意！

重新分析

下载样本

3c630ef685a02e611037b6ae52a89d10355620ca159dd3fa136ca294ef2e7f7a

8e437da3d9b48bf6e54b8182b1842a1d.exe

分析耗时

78s

最近分析

文件大小

1.1MB

静态报毒动态报毒 0NA103DQ20 100% 8ZEPE5WUYU8 AIDETECTVM ARTEMIS ATTRIBUTE CONFIDENCE DROPBACK ECKH FR0@AGTLBULI GENERIC@ML GENERICKD HCGU HHBGVF HIGH CONFIDENCE HIGHCONFIDENCE KCLOUD KRYPTIK MALWARE1 MALWARE@#PFYG2U3DORY7 NF+UMXYQUTCKV+YPFVBX3W OCCAMY RDMK RDRBY SCORE STATIC AI SUSGEN SUSPICIOUS PE UNSAFE URSNIF WOVN ZEXAF 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
CrowdStrike	win/malicious_confidence_100% (W)	20190702	1.0
Alibaba	TrojanDropper:Win32/Dropback.a537eb56	20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Avast	Win32:Trojan-gen	20201228	21.1.5827.0
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)	20201228	2017.9.26.565
McAfee	Artemis!8E437DA3D9B4	20201228	6.0.6.653
Tencent	Win32.Trojan-dropper.Dropback.Eckh	20201228	1.0.0.1

The file contains an unknown PE resource name possibly indicative of a packer (2 个事件)

resource name	REGISTRY
resource name	STYLE_XML

One or more processes crashed (3 个事件)

Time & API	Arguments	Status
1619710704.918249 __exception__	stacktrace: WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7 SpInfGetIndirectString+0x391 SpInfFreeInfFile-0xf spinf+0x21c9 @ 0x750f21c9 SpInfFreeInfFile+0x23 SpInfLocateLine-0x48d spinf+0x21fb @ 0x750f21fb SetupCloseInfFile+0x31 pSetupMakeSurePathExists-0x4c5 setupapi+0xec32 @ 0x75a1ec32 8e437da3d9b48bf6e54b8182b1842a1d+0x699ca @ 0x4699ca 8e437da3d9b48bf6e54b8182b1842a1d+0x167e0 @ 0x4167e0 8e437da3d9b48bf6e54b8182b1842a1d+0x5110a @ 0x45110a 0xffffffff registers.esp: 1621356 registers.edi: 1621396 registers.eax: 651 registers.ebp: 1621364 registers.edx: 0 registers.ebx: 1621396 registers.esi: 643 registers.ecx: 2 exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468 exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 140392 exception.address: 0x77d52468	success
1619710704.918249 __exception__	stacktrace: WaitForMultipleObjectsEx+0x29 GetVersionExW-0x11e kernel32+0x119c7 @ 0x763519c7 SpInfGetIndirectString+0x391 SpInfFreeInfFile-0xf spinf+0x21c9 @ 0x750f21c9 SpInfFreeInfFile+0x23 SpInfLocateLine-0x48d spinf+0x21fb @ 0x750f21fb SetupCloseInfFile+0x31 pSetupMakeSurePathExists-0x4c5 setupapi+0xec32 @ 0x75a1ec32 8e437da3d9b48bf6e54b8182b1842a1d+0x69a78 @ 0x469a78 8e437da3d9b48bf6e54b8182b1842a1d+0x167e0 @ 0x4167e0 8e437da3d9b48bf6e54b8182b1842a1d+0x5110a @ 0x45110a 0xffffffff registers.esp: 1621356 registers.edi: 1621396 registers.eax: 651 registers.ebp: 1621364 registers.edx: 0 registers.ebx: 1621396 registers.esi: 643 registers.ecx: 2 exception.instruction_r: 8b 44 8e f8 89 44 8f f8 8b 44 8e fc 89 44 8f fc exception.symbol: memcpy+0x128 memset-0xbab8 ntdll+0x22468 exception.instruction: mov eax, dword ptr [esi + ecx*4 + 0xfffffff8] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 140392 exception.address: 0x77d52468	success
1619710705.574249 __exception__	stacktrace: registers.esp: 1619440 registers.edi: 1 registers.eax: 311055072 registers.ebp: 1619568 registers.edx: 2147942402 registers.ebx: 0 registers.esi: 1977 registers.ecx: 54144 exception.instruction_r: 03 91 99 00 00 00 89 55 28 eb 1f 0f b7 05 c0 5f exception.symbol: 8e437da3d9b48bf6e54b8182b1842a1d+0x66cb9 exception.instruction: add edx, dword ptr [ecx + 0x99] exception.module: 8e437da3d9b48bf6e54b8182b1842a1d.exe exception.exception_code: 0xc0000005 exception.offset: 421049 exception.address: 0x466cb9	success

Allocates read-write-execute memory (usually to unpack itself) (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619710698.777249 NtAllocateVirtualMemory	process_identifier: 732 region_size: 98304 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x02630000	success	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)

entropy

7.660552413556529

section

{'size_of_data': '0x00048200', 'virtual_address': '0x00139000', 'entropy': 7.660552413556529, 'name': '.rsrc', 'virtual_size': '0x000481cc'}

description

A section with a high entropy has been found

entropy

0.2587443946188341

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 个事件)

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.33567613
ALYac	Spyware.Ursnif
Cylance	Unsafe
Sangfor	Malware
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	TrojanDropper:Win32/Dropback.a537eb56
K7GW	Trojan ( 005636d41 )
K7AntiVirus	Trojan ( 005636d41 )
Arcabit	Trojan.Generic.D200337D
Cyren	W32/Trojan.WOVN-7438
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Trojan-gen
Kaspersky	Trojan-Dropper.Win32.Dropback.lp
BitDefender	Trojan.GenericKD.33567613
NANO-Antivirus	Trojan.Win32.Dropback.hhbgvf
Paloalto	generic.ml
Rising	Trojan.Generic@ML.80 (RDMK:Nf+umxYqUtcKV+ypFVBx3w)
Ad-Aware	Trojan.GenericKD.33567613
Sophos	Mal/Generic-S
Comodo	Malware@#pfyg2u3dory7
F-Secure	Trojan.TR/Crypt.Agent.rdrby
DrWeb	Trojan.PWS.Stealer.23680
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_FRS.0NA103DQ20
McAfee-GW-Edition	BehavesLike.Win32.Worm.th
FireEye	Generic.mg.8e437da3d9b48bf6
Emsisoft	Trojan.GenericKD.33567613 (B)
SentinelOne	Static AI - Suspicious PE
Jiangmin	TrojanDropper.Dropback.bq
Avira	TR/Crypt.Agent.rdrby
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)
Gridinsoft	Trojan.Win32.Kryptik.cc
Microsoft	Trojan:Win32/Occamy.C3C
ZoneAlarm	Trojan-Dropper.Win32.Dropback.lp
GData	Trojan.GenericKD.33567613
Cynet	Malicious (score: 85)
McAfee	Artemis!8E437DA3D9B4
VBA32	TrojanDropper.Dropback
Malwarebytes	Trojan.Dropper
ESET-NOD32	a variant of Win32/Kryptik.HCGU
TrendMicro-HouseCall	TROJ_FRS.0NA103DQ20
Tencent	Win32.Trojan-dropper.Dropback.Eckh
Yandex	Trojan.Kryptik!8ZEpE5wUyU8
Ikarus	Trojan-Banker.UrSnif
MaxSecure	Trojan.Malware.1728101.susgen
Fortinet	W32/Kryptik.HCGU!tr
BitDefenderTheta	Gen:NN.ZexaF.34700.fr0@aGtlBUli

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-03-26 03:38:41

Imports

Library KERNEL32.dll:

• 0x4970d4 GetModuleFileNameA

• 0x4970d8 GetOEMCP

• 0x4970dc GetACP

• 0x4970e0 IsValidCodePage

• 0x4970e4 LoadLibraryExW

• 0x4970e8 SetFilePointerEx

• 0x4970ec GetConsoleMode

• 0x4970f0 GetConsoleCP

• 0x4970f4 GetModuleFileNameW

• 0x4970f8 GetCurrentThreadId

• 0x4970fc IsDebuggerPresent

• 0x497100 GetProcessHeap

• 0x497104 HeapSize

• 0x497108 EnumSystemLocalesW

• 0x49710c GetUserDefaultLCID

• 0x497110 IsValidLocale

• 0x497114 GetLocaleInfoW

• 0x497118 LCMapStringW

• 0x49711c CompareStringW

• 0x497120 IsProcessorFeaturePresent

• 0x497124 GetModuleHandleW

• 0x497128 GetStartupInfoW

• 0x49712c TlsFree

• 0x497130 GetEnvironmentStringsW

• 0x497134 TlsGetValue

• 0x497138 QueryPerformanceCounter

• 0x49713c TerminateProcess

• 0x497140 GetCurrentProcess

• 0x497144 Sleep

• 0x497148 InitializeCriticalSectionAndSpinCount

• 0x49714c SetLastError

• 0x497150 SetUnhandledExceptionFilter

• 0x497154 UnhandledExceptionFilter

• 0x497158 GetCPInfo

• 0x49715c GetCommandLineA

• 0x497160 AreFileApisANSI

• 0x497164 GetModuleHandleExW

• 0x497168 HeapAlloc

• 0x49716c GetSystemTimeAsFileTime

• 0x497170 GetFileType

• 0x497174 SetStdHandle

• 0x497178 RtlUnwind

• 0x49717c RaiseException

• 0x497180 HeapFree

• 0x497184 GetStringTypeW

• 0x497188 MultiByteToWideChar

• 0x49718c DecodePointer

• 0x497190 EncodePointer

• 0x497194 DeleteCriticalSection

• 0x497198 LeaveCriticalSection

• 0x49719c EnterCriticalSection

• 0x4971a0 FreeEnvironmentStringsW

• 0x4971a4 HeapReAlloc

• 0x4971a8 OutputDebugStringW

• 0x4971ac WriteConsoleW

• 0x4971b0 TlsAlloc

• 0x4971b4 GetCurrentProcessId

• 0x4971b8 ReadConsoleW

• 0x4971bc GetExitCodeProcess

• 0x4971c0 CreateProcessA

• 0x4971c4 GetFileAttributesExW

• 0x4971c8 SetEnvironmentVariableA

• 0x4971cc CreateFileW

• 0x4971d0 ReleaseMutex

• 0x4971d4 WideCharToMultiByte

• 0x4971d8 LoadLibraryA

• 0x4971dc CreateEventA

• 0x4971e0 lstrcatA

• 0x4971e4 GetLastError

• 0x4971e8 VirtualAlloc

• 0x4971ec GetLocalTime

• 0x4971f0 GetExitCodeThread

• 0x4971f4 GetProcAddress

• 0x4971f8 BuildCommDCBA

• 0x4971fc SetCommTimeouts

• 0x497200 SetCommState

• 0x497204 GetCommTimeouts

• 0x497208 GetCommState

• 0x49720c FlushFileBuffers

• 0x497210 WriteFile

• 0x497214 FindNextFileA

• 0x497218 FindFirstFileA

• 0x49721c CreateFileA

• 0x497220 CreateMutexA

• 0x497224 CloseHandle

• 0x497228 FindClose

• 0x49722c ReadFile

• 0x497230 GetFileSize

• 0x497234 GlobalUnlock

• 0x497238 GlobalLock

• 0x49723c GlobalAlloc

• 0x497240 GetConsoleWindow

• 0x497244 SetConsoleTitleA

• 0x497248 FreeConsole

• 0x49724c AllocConsole

• 0x497250 WriteConsoleInputA

• 0x497254 GetModuleHandleA

• 0x497258 GetStdHandle

• 0x49725c CreateThread

• 0x497260 ExitProcess

• 0x497264 WaitForSingleObject

• 0x497268 TlsSetValue

• 0x49726c SetEndOfFile

Library USER32.dll:

• 0x4973b0 CallWindowProcA

• 0x4973b4 RegisterClassExA

• 0x4973b8 SetLayeredWindowAttributes

• 0x4973bc SetDlgItemInt

• 0x4973c0 GetDlgItemInt

• 0x4973c4 GetDlgCtrlID

• 0x4973c8 GetFocus

• 0x4973cc KillTimer

• 0x4973d0 DrawMenuBar

• 0x4973d4 GetSystemMenu

• 0x4973d8 TrackPopupMenu

• 0x4973dc DrawTextW

• 0x4973e0 GetForegroundWindow

• 0x4973e4 CheckMenuRadioItem

• 0x4973e8 GetWindowTextA

• 0x4973ec EnableScrollBar

• 0x4973f0 GetWindowTextLengthA

• 0x4973f4 MapWindowPoints

• 0x4973f8 GetScrollInfo

• 0x4973fc DrawFocusRect

• 0x497400 SetRectEmpty

• 0x497404 InflateRect

• 0x497408 PtInRect

• 0x49740c GetParent

• 0x497410 DestroyIcon

• 0x497414 DrawIconEx

• 0x497418 GetMenuItemInfoA

• 0x49741c ModifyMenuA

• 0x497420 CheckMenuItem

• 0x497424 TranslateAcceleratorA

• 0x497428 LoadAcceleratorsA

• 0x49742c GetMenu

• 0x497430 EnableMenuItem

• 0x497434 SetWindowPos

• 0x497438 DialogBoxParamA

• 0x49743c EndDialog

• 0x497440 GetDlgItemTextA

• 0x497444 GetSysColor

• 0x497448 SetScrollInfo

• 0x49744c SetScrollPos

• 0x497450 GetWindowTextW

• 0x497454 wsprintfA

• 0x497458 DefMDIChildProcA

• 0x49745c SendMessageA

• 0x497460 GetDlgItem

• 0x497464 WindowFromDC

• 0x497468 SetDlgItemTextA

• 0x49746c GetAncestor

• 0x497470 GetIconInfo

• 0x497474 CheckDlgButton

• 0x497478 CheckRadioButton

• 0x49747c IsDlgButtonChecked

• 0x497480 OpenClipboard

• 0x497484 CloseClipboard

• 0x497488 SetClipboardData

• 0x49748c EmptyClipboard

• 0x497490 EnableWindow

• 0x497494 UpdateWindow

• 0x497498 InvalidateRect

• 0x49749c GetWindowRect

• 0x4974a0 MessageBoxA

• 0x4974a4 GetWindowLongA

• 0x4974a8 SetWindowLongA

• 0x4974ac EnumDisplayMonitors

• 0x4974b0 ShowCursor

• 0x4974b4 AdjustWindowRectEx

• 0x4974b8 DestroyWindow

• 0x4974bc CreateWindowExA

• 0x4974c0 UnregisterClassA

• 0x4974c4 CopyRect

• 0x4974c8 SetRect

• 0x4974cc GetMonitorInfoA

• 0x4974d0 MonitorFromWindow

• 0x4974d4 OffsetRect

• 0x4974d8 ChildWindowFromPoint

• 0x4974dc GetClientRect

• 0x4974e0 SetWindowTextA

• 0x4974e4 GetUpdateRect

• 0x4974e8 EndPaint

• 0x4974ec BeginPaint

• 0x4974f0 SetActiveWindow

• 0x4974f4 MsgWaitForMultipleObjects

• 0x4974f8 ReleaseCapture

• 0x4974fc SetCapture

• 0x497500 ToAscii

• 0x497504 GetKeyboardState

• 0x497508 GetKeyState

• 0x49750c IsZoomed

• 0x497510 IsIconic

• 0x497514 ShowWindow

• 0x497518 PostQuitMessage

• 0x49751c DefWindowProcA

• 0x497520 GetMessagePos

• 0x497524 PeekMessageA

• 0x497528 DispatchMessageA

• 0x49752c TranslateMessage

• 0x497530 GetMessageA

• 0x497534 TrackMouseEvent

• 0x497538 LoadIconA

• 0x49753c GetDesktopWindow

• 0x497540 ReleaseDC

• 0x497544 GetDC

• 0x497548 GetSystemMetrics

• 0x49754c GetClassInfoA

• 0x497550 RegisterClassA

• 0x497554 EnumDisplaySettingsA

• 0x497558 ChangeDisplaySettingsExA

• 0x49755c LoadCursorA

• 0x497560 SetClassLongA

• 0x497564 ScreenToClient

• 0x497568 ClientToScreen

• 0x49756c GetCursorPos

• 0x497570 SetCursor

• 0x497574 SetCursorPos

• 0x497578 PostMessageA

Library GDI32.dll:

• 0x497040 BitBlt

• 0x497044 CreateEllipticRgn

• 0x497048 CreateFontA

• 0x49704c CreatePen

• 0x497050 EnumFontsA

• 0x497054 ExcludeClipRect

• 0x497058 GetPixel

• 0x49705c GetStockObject

• 0x497060 GetWindowOrgEx

• 0x497064 SetStretchBltMode

• 0x497068 SetDCPenColor

• 0x49706c SetBkMode

• 0x497070 SelectObject

• 0x497074 CreateDIBSection

• 0x497078 SetAbortProc

• 0x49707c GetObjectA

• 0x497080 SetViewportOrgEx

• 0x497084 SetWindowOrgEx

• 0x497088 StretchBlt

• 0x49708c CreateDCA

• 0x497090 SetBitmapBits

• 0x497094 DeleteDC

• 0x497098 GetDeviceCaps

• 0x49709c DescribePixelFormat

• 0x4970a0 GetPixelFormat

• 0x4970a4 ChoosePixelFormat

• 0x4970a8 SetPixelFormat

• 0x4970ac CreateCompatibleBitmap

• 0x4970b0 DeleteObject

• 0x4970b4 SetTextColor

• 0x4970b8 SwapBuffers

• 0x4970bc CreateCompatibleDC

• 0x4970c0 Rectangle

• 0x4970c4 CreateSolidBrush

Library COMDLG32.dll:

• 0x497034 GetOpenFileNameA

• 0x497038 GetSaveFileNameA

Library ADVAPI32.dll:

• 0x497000 RegCloseKey

• 0x497004 RegQueryValueExA

• 0x497008 DuplicateTokenEx

• 0x49700c CreateProcessAsUserA

• 0x497010 AllocateAndInitializeSid

• 0x497014 RegOpenKeyExA

• 0x497018 RegOpenKeyA

Library SHELL32.dll:

• 0x497384 SHGetSpecialFolderPathA

• 0x497388 SHGetFileInfoW

• 0x49738c SHBrowseForFolderA

• 0x497390 SHGetPathFromIDListA

• 0x497394 DragFinish

• 0x497398 DragQueryFileA

• 0x49739c

• 0x4973a0

Library ole32.dll:

• 0x4975b8 CoTaskMemFree

• 0x4975bc CreateStreamOnHGlobal

• 0x4975c0 StringFromCLSID

Library OLEAUT32.dll:

• 0x49727c LoadTypeLib

Library OPENGL32.dll:

• 0x497284 glVertex3f

• 0x497288 glScalef

• 0x49728c glRotatef

• 0x497290 glReadPixels

• 0x497294 glRasterPos2f

• 0x497298 glNormal3f

• 0x49729c glLightfv

• 0x4972a0 glLightModelfv

• 0x4972a4 glEnable

• 0x4972a8 glColor3f

• 0x4972ac glColor3d

• 0x4972b0 glClearColor

• 0x4972b4 glClear

• 0x4972b8 wglGetCurrentDC

• 0x4972bc wglDeleteContext

• 0x4972c0 glGetIntegerv

• 0x4972c4 glGetBooleanv

• 0x4972c8 wglMakeCurrent

• 0x4972cc wglGetCurrentContext

• 0x4972d0 wglCreateContext

• 0x4972d4 wglGetProcAddress

• 0x4972d8 glDrawBuffer

• 0x4972dc glGetString

• 0x4972e0 glGetError

• 0x4972e4 glVertex2i

• 0x4972e8 glRasterPos2i

• 0x4972ec glPushMatrix

• 0x4972f0 glPushAttrib

• 0x4972f4 glPopMatrix

• 0x4972f8 glPopAttrib

• 0x4972fc glOrtho

• 0x497300 glMatrixMode

• 0x497304 glLoadIdentity

• 0x497308 glDisable

• 0x49730c glColor4fv

• 0x497310 glVertexPointer

• 0x497314 glTexCoordPointer

• 0x497318 glEnableClientState

• 0x49731c glGetFloatv

• 0x497320 glDrawElements

• 0x497324 glDrawArrays

• 0x497328 glDisableClientState

• 0x49732c glReadBuffer

• 0x497330 glNormalPointer

• 0x497334 glViewport

• 0x497338 glFlush

• 0x49733c glBegin

• 0x497340 glBitmap

• 0x497344 glEnd

• 0x497348 glPixelStorei

• 0x49734c glPopClientAttrib

• 0x497350 glPushClientAttrib

• 0x497354 glTranslatef

• 0x497358 glVertex2f

• 0x49735c glColor4f

Library GLU32.dll:

• 0x4970cc gluPerspective

Library COMCTL32.dll:

• 0x497028 CreateToolbarEx

• 0x49702c

Library WINMM.dll:

• 0x497580 timeGetTime

• 0x497584 joyGetPosEx

• 0x497588 timeBeginPeriod

• 0x49758c timeEndPeriod

• 0x497590 joyGetDevCapsA

Library SHLWAPI.dll:

• 0x4973a8 PathFindExtensionA

Library SETUPAPI.dll:

• 0x497364 SetupDefaultQueueCallbackA

• 0x497368 SetupTermDefaultQueueCallback

• 0x49736c SetupInitDefaultQueueCallback

• 0x497370 SetupSetDirectoryIdA

• 0x497374 SetupCloseInfFile

• 0x497378 SetupOpenInfFileA

• 0x49737c SetupInstallFromInfSectionA

Library MSIMG32.dll:

• 0x497274 AlphaBlend

Library urlmon.dll:

• 0x4975d0 HlinkNavigateMoniker

• 0x4975d4 CreateFormatEnumerator

• 0x4975d8 HlinkGoForward

Library WTSAPI32.dll:

• 0x497598 WTSQuerySessionInformationA

• 0x49759c WTSEnumerateSessionsA

• 0x4975a0 WTSFreeMemory

• 0x4975a4 WTSQueryUserToken

Library pdh.dll:

• 0x4975c8 PdhCollectQueryData

Library credui.dll:

• 0x4975ac CredUIConfirmCredentialsA

• 0x4975b0 CredUICmdLinePromptForCredentialsA

Library AUTHZ.dll:

• 0x497020 AuthzUnregisterSecurityEventSource

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	60123	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50535	239.255.255.250	3702
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.