8.2
高危
57 个模型检测该样本为恶意!
重新分析
更多

5bc7a56b2dcc47933032f0ebde41aae2f6792e90c8a012a90ffc4ad824ee0abd

90ed97fd14801fceaca28bf9e2ccb646.exe

分析耗时

74s

最近分析

文件大小

940.0KB
静态报毒 动态报毒 6SW@AOB@IRHI AD@8ROQPA AGEN AI SCORE=88 AIDETECTVM BENA CONFIDENCE DANABOT ELDORADO FSHP GENCIRC GENETIC HIGH CONFIDENCE HJZRRZ KCLOUD MALWARE1 NQ6E0U8C9KG QCENRXWWWAY R + TROJ R293847 SCORE SIGGEN9 SMTHA STATIC AI SUSPICIOUS PE TROJANBANKER UNSAFE ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
Alibaba TrojanDropper:Win32/DanaBot.a3438f2f 20190527 0.3.0.5
Avast Win32:Trojan-gen 20201210 21.1.5827.0
Tencent Malware.Win32.Gencirc.10ba288d 20201211 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft Win32.Troj.Banker.(kcloud) 20201211 2017.9.26.565
McAfee Trojan-FSHP!90ED97FD1480 20201211 6.0.6.653
静态指标
Queries for the computername (2 个事件)
Time & API Arguments Status Return Repeated
1619709566.7945
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619709568.106125
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Checks if process is being debugged by a debugger (1 个事件)
Time & API Arguments Status Return Repeated
1619709568.341125
IsDebuggerPresent
failed 0 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 个事件)
section .itext
section .didata
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name IDLB
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619709566.9505
__exception__
stacktrace: 
__dbk_fcall_wrapper+0x3d62d f0-0x6401b 90ed97~1+0x49379 @ 0x22c9379
__dbk_fcall_wrapper+0x6d56b f0-0x340dd 90ed97~1+0x792b7 @ 0x22f92b7
ServiceMain+0xa25 dbkFCallWrapperAddr-0xacf7 90ed97~1+0xb2935 @ 0x2332935
ServiceMain+0x5712 dbkFCallWrapperAddr-0x600a 90ed97~1+0xb7622 @ 0x2337622
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77d69930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77d6d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77d6d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77d6c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x752fd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x778f1d2a
regsvr32+0x20ff @ 0xad20ff
regsvr32+0x2669 @ 0xad2669
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3072292
registers.edi: 3073496
registers.eax: 0
registers.ebp: 3072416
registers.edx: 0
registers.ebx: 36948884
registers.esi: 36948932
registers.ecx: 259981951
exception.instruction_r: 8b 40 3c 99 03 04 24 13 54 24 04 83 c4 08 89 45
exception.instruction: mov eax, dword ptr [eax + 0x3c]
exception.exception_code: 0xc0000005
exception.symbol: __dbk_fcall_wrapper+0x16af1 f0-0x8ab57 90ed97~1+0x2283d
exception.address: 0x22a283d
success 0 0
1619709568.216125
__exception__
stacktrace: 
__dbk_fcall_wrapper+0x3d62d f0-0x6401b 90ed97~1+0x49379 @ 0x359379
__dbk_fcall_wrapper+0x6d56b f0-0x340dd 90ed97~1+0x792b7 @ 0x3892b7
ServiceMain+0xa25 dbkFCallWrapperAddr-0xacf7 90ed97~1+0xb2935 @ 0x3c2935
ServiceMain+0x5712 dbkFCallWrapperAddr-0x600a 90ed97~1+0xb7622 @ 0x3c7622
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77d69930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77d6d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77d6d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77d6c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x752fd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x778f1d2a
rundll32+0x14ed @ 0x7d14ed
rundll32+0x1baf @ 0x7d1baf
rundll32+0x12e8 @ 0x7d12e8
rundll32+0x1901 @ 0x7d1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 2879256
registers.edi: 2880460
registers.eax: 0
registers.ebp: 2879380
registers.edx: 0
registers.ebx: 3984276
registers.esi: 3984324
registers.ecx: 259981951
exception.instruction_r: 8b 40 3c 99 03 04 24 13 54 24 04 83 c4 08 89 45
exception.instruction: mov eax, dword ptr [eax + 0x3c]
exception.exception_code: 0xc0000005
exception.symbol: __dbk_fcall_wrapper+0x16af1 f0-0x8ab57 90ed97~1+0x2283d
exception.address: 0x33283d
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (20 个事件)
Time & API Arguments Status Return Repeated
1619709566.7165
NtProtectVirtualMemory
process_identifier: 340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02341000
success 0 0
1619709566.7165
NtProtectVirtualMemory
process_identifier: 340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x755d1000
success 0 0
1619709566.7165
NtProtectVirtualMemory
process_identifier: 340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x754f1000
success 0 0
1619709566.7165
NtProtectVirtualMemory
process_identifier: 340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75501000
success 0 0
1619709566.8725
NtProtectVirtualMemory
process_identifier: 340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75271000
success 0 0
1619709567.950125
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x003d1000
success 0 0
1619709567.950125
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75511000
success 0 0
1619709567.950125
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x755d1000
success 0 0
1619709567.950125
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x754f1000
success 0 0
1619709567.950125
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x752d1000
success 0 0
1619709567.950125
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76241000
success 0 0
1619709567.950125
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77711000
success 0 0
1619709567.950125
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76121000
success 0 0
1619709567.950125
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75d61000
success 0 0
1619709568.153125
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75271000
success 0 0
1619709568.341125
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x751b0000
success 0 0
1619709568.544125
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x750d1000
success 0 0
1619709568.700125
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75091000
success 0 0
1619709568.700125
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x74661000
success 0 0
1619709568.872125
NtProtectVirtualMemory
process_identifier: 944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77531000
success 0 0
Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (2 个事件)
Time & API Arguments Status Return Repeated
1619709566.7945
GetDiskFreeSpaceExW
root_path: C:\
free_bytes_available: 19595927552
total_number_of_free_bytes: 19595927552
total_number_of_bytes: 34252779520
success 1 0
1619709568.075125
GetDiskFreeSpaceExW
root_path: C:\
free_bytes_available: 19573727232
total_number_of_free_bytes: 19573727232
total_number_of_bytes: 34252779520
success 1 0
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\90ed97fd14801fceaca28bf9e2ccb646.dll
Creates a suspicious process (1 个事件)
cmdline C:\Windows\system32\regsvr32.exe -s C:\Users\ADMINI~1.OSK\AppData\Local\Temp\90ED97~1.DLL f1 C:\Users\ADMINI~1.OSK\AppData\Local\Temp\90ED97~1.EXE@784
Drops an executable to the user AppData folder (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\90ed97fd14801fceaca28bf9e2ccb646.dll
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.998380627642725 section {'size_of_data': '0x000c1800', 'virtual_address': '0x00036000', 'entropy': 7.998380627642725, 'name': '.rsrc', 'virtual_size': '0x000c1800'} description A section with a high entropy has been found
entropy 0.8242811501597445 description Overall entropy of this PE file is high
网络通信
One or more of the buffers contains an embedded PE file (1 个事件)
buffer Buffer with sha1: 6b32fe798ee6980a9d2d5090ab4bac2e9a92bb31
Communicates with host for which no DNS query was performed (3 个事件)
host 172.217.24.14
host 172.81.129.196
host 51.255.134.130
A process performed obfuscation on information about the computer or sent it to a remote location indicative of CnC Traffic/Preperations. (3 个事件)
Time & API Arguments Status Return Repeated
1619709566.8725
CryptHashData
buffer: C:\38C63B4164OSKAR-PC28664634252779520{846ee340-7039-11de-9d20-806e6f6e6963}
flags: 0
hash_handle: 0x005d9bd8
success 1 0
1619709568.153125
CryptHashData
buffer: C:\38C63B4164OSKAR-PC28664634252779520{846ee340-7039-11de-9d20-806e6f6e6963}
flags: 0
hash_handle: 0x009f5978
success 1 0
1619709568.153125
CryptHashData
buffer: C:\38C63B4164OSKAR-PC28664634252779520{846ee340-7039-11de-9d20-806e6f6e6963}
flags: 0
hash_handle: 0x009f5978
success 1 0
File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
DrWeb Trojan.Siggen9.44975
MicroWorld-eScan Gen:Variant.Danabot.2
FireEye Generic.mg.90ed97fd14801fce
ALYac Spyware.Danabot.A
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Malware
CrowdStrike win/malicious_confidence_90% (W)
Alibaba TrojanDropper:Win32/DanaBot.a3438f2f
K7GW Trojan ( 005725751 )
K7AntiVirus Trojan ( 00557eeb1 )
Arcabit Trojan.Danabot.2
BitDefenderTheta Gen:NN.ZelphiF.34670.6SW@aOB@IRhi
Cyren W32/Danabot.S.gen!Eldorado
Symantec Trojan.Danabot
APEX Malicious
Avast Win32:Trojan-gen
Kaspersky HEUR:Trojan-Banker.Win32.Danabot.gen
BitDefender Gen:Variant.Danabot.2
NANO-Antivirus Trojan.Win32.Danabot.hjzrrz
Paloalto generic.ml
Tencent Malware.Win32.Gencirc.10ba288d
Ad-Aware Gen:Variant.Danabot.2
Emsisoft Gen:Variant.Danabot.2 (B)
Comodo TrojWare.Win32.TrojanDropper.Danabot.AD@8roqpa
F-Secure Heuristic.HEUR/AGEN.1115020
Zillya Dropper.Danabot.Win32.460
TrendMicro Trojan.Win32.DANABOT.SMTHA
McAfee-GW-Edition BehavesLike.Win32.Generic.dc
Sophos Mal/Generic-R + Troj/Agent-BENA
Ikarus Trojan-Dropper.Win32.Danabot
Jiangmin Trojan.Banker.Danabot.ckn
Avira HEUR/AGEN.1115020
Antiy-AVL Trojan[Banker]/Win32.Danabot
Kingsoft Win32.Troj.Banker.(kcloud)
Microsoft Trojan:Win32/DanaBot.GN!MTB
AegisLab Trojan.Win32.Danabot.7!c
ZoneAlarm HEUR:Trojan-Banker.Win32.Danabot.gen
GData Gen:Variant.Danabot.2
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.RL_Generic.R293847
Acronis suspicious
McAfee Trojan-FSHP!90ED97FD1480
MAX malware (ai score=88)
VBA32 TrojanBanker.Danabot
Malwarebytes Trojan.DanaBot
ESET-NOD32 a variant of Win32/TrojanDropper.Danabot.R
TrendMicro-HouseCall Trojan.Win32.DANABOT.SMTHA
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 51.255.134.130:443
dead_host 172.81.129.196:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-05-07 17:13:02

Imports

Library oleaut32.dll:
0x42d2dc SysFreeString
0x42d2e0 SysReAllocStringLen
0x42d2e4 SysAllocStringLen
Library advapi32.dll:
0x42d2ec RegQueryValueExW
0x42d2f0 RegOpenKeyExW
0x42d2f4 RegCloseKey
Library user32.dll:
0x42d2fc CharNextW
0x42d300 LoadStringW
Library kernel32.dll:
0x42d308 Sleep
0x42d30c VirtualFree
0x42d310 VirtualAlloc
0x42d314 lstrlenW
0x42d318 VirtualQuery
0x42d31c GetTickCount
0x42d320 GetSystemInfo
0x42d324 GetVersion
0x42d328 CompareStringW
0x42d32c IsValidLocale
0x42d330 SetThreadLocale
0x42d33c GetLocaleInfoW
0x42d340 WideCharToMultiByte
0x42d344 MultiByteToWideChar
0x42d348 GetACP
0x42d34c LoadLibraryExW
0x42d350 GetStartupInfoW
0x42d354 GetProcAddress
0x42d358 GetModuleHandleW
0x42d35c GetModuleFileNameW
0x42d360 GetCommandLineW
0x42d364 FreeLibrary
0x42d368 GetLastError
0x42d370 RtlUnwind
0x42d374 RaiseException
0x42d378 ExitProcess
0x42d37c SwitchToThread
0x42d380 GetCurrentThreadId
0x42d394 FindFirstFileW
0x42d398 FindClose
0x42d39c WriteFile
0x42d3a0 GetStdHandle
0x42d3a4 CloseHandle
Library kernel32.dll:
0x42d3ac GetProcAddress
0x42d3b0 RaiseException
0x42d3b4 LoadLibraryA
0x42d3b8 GetLastError
0x42d3bc TlsSetValue
0x42d3c0 TlsGetValue
0x42d3c4 LocalFree
0x42d3c8 LocalAlloc
0x42d3cc GetModuleHandleW
0x42d3d0 FreeLibrary
Library user32.dll:
0x42d3d8 MessageBoxW
0x42d3dc LoadStringW
0x42d3e0 GetSystemMetrics
0x42d3e4 CharUpperBuffW
0x42d3e8 CharUpperW
0x42d3ec CharLowerBuffW
Library version.dll:
0x42d3f4 VerQueryValueW
0x42d3fc GetFileVersionInfoW
Library kernel32.dll:
0x42d404 WriteFile
0x42d408 WideCharToMultiByte
0x42d40c WaitForSingleObject
0x42d410 VirtualQuery
0x42d414 VerSetConditionMask
0x42d418 VerifyVersionInfoW
0x42d41c SizeofResource
0x42d420 SetEvent
0x42d424 ResetEvent
0x42d428 LockResource
0x42d42c LoadResource
0x42d430 LoadLibraryW
0x42d434 IsValidLocale
0x42d438 GetVersionExW
0x42d43c GetThreadLocale
0x42d440 GetSystemDirectoryW
0x42d444 GetStdHandle
0x42d448 GetShortPathNameW
0x42d44c GetProcAddress
0x42d450 GetModuleHandleW
0x42d454 GetModuleFileNameW
0x42d458 GetLocaleInfoW
0x42d45c GetLocalTime
0x42d460 GetDiskFreeSpaceW
0x42d464 GetCurrentProcessId
0x42d468 GetCPInfo
0x42d46c FreeResource
0x42d470 FreeLibrary
0x42d474 FreeConsole
0x42d478 FindResourceW
0x42d47c FindFirstFileW
0x42d480 EnumSystemLocalesW
0x42d484 EnumCalendarInfoW
0x42d488 DeleteFileW
0x42d48c CreateProcessW
0x42d490 CreateFileW
0x42d494 CreateEventW
0x42d498 CompareStringW
0x42d49c CloseHandle
Library netapi32.dll:
0x42d4a4 NetApiBufferFree
0x42d4a8 NetWkstaGetInfo
Library advapi32.dll:
0x42d4b4 CryptDecrypt
0x42d4b8 CryptImportKey
0x42d4bc CryptDeriveKey
0x42d4c0 CryptDestroyKey
0x42d4c4 CryptReleaseContext
0x42d4c8 CryptDestroyHash
0x42d4cc CryptHashData
0x42d4d0 CryptCreateHash

Exports

Ordinal Address Name
2 0x40b490 __dbk_fcall_wrapper
1 0x42a628 dbkFCallWrapperAddr

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 50537 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.