SmartHawk

6.2

高危

57 个模型检测该样本为恶意！

重新分析

下载样本

915c3441f6637976dfe4c25a115911d8ec6cea3c0eb8f6d4c89daf8a33be58e2

9d5d00bb183e7e2690c3adf041565b02.exe

分析耗时

104s

最近分析

文件大小

1.2MB

静态报毒动态报毒 AI SCORE=85 AIDETECTVM AVADDONCRYPT BSCOPE CLASSIC CONFIDENCE CRIDEX DANGEROUSSIG EHLS ELDORADO ENCPK ERXJ GEN4 GENETIC GRAYWARE HDXN HIGH CONFIDENCE INVALIDSIG KCLOUD KRYPT KRYPTIK KVMH008 LZ1@A0BSSIBI MALICIOUS PE MALWARE1 MALWARE@#5MUT81SQUI20 QAKBOT QBOT R + MAL R339837 SCORE STATIC AI UNSAFE ZEXAF ZPACK 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	Packed-GCI!9D5D00BB183E	20201211	6.0.6.653
Alibaba	Ransom:Win32/AvaddonCrypt.194751f9	20190527	0.3.0.5
Avast	Win32:DangerousSig [Trj]	20201210	21.1.5827.0
Baidu		20190318	1.0.0.2
Kingsoft	Win32.Heur.KVMH008.a.(kcloud)	20201211	2017.9.26.565
CrowdStrike	win/malicious_confidence_90% (W)	20190702	1.0

Queries for the computername (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1619784542.50875 GetComputerNameW	computer_name: OSKAR-PC	success	1	0
1619784553.41525 GetComputerNameW	computer_name: OSKAR-PC	success	1	0

This executable is signed

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)

section	r2
section	r3
section	r33

One or more processes crashed (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1619784554.05625 __exception__	stacktrace: 9d5d00bb183e7e2690c3adf041565b02+0x3f07 @ 0x403f07 9d5d00bb183e7e2690c3adf041565b02+0x1b25 @ 0x401b25 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5 registers.esp: 1637624 registers.edi: 0 registers.eax: 1447909480 registers.ebp: 1637684 registers.edx: 22104 registers.ebx: 1 registers.esi: 7244216 registers.ecx: 10 exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb exception.symbol: 9d5d00bb183e7e2690c3adf041565b02+0x3449 exception.instruction: in eax, dx exception.module: 9d5d00bb183e7e2690c3adf041565b02.exe exception.exception_code: 0xc0000096 exception.offset: 13385 exception.address: 0x403449	success	0	0
1619784554.05625 __exception__	stacktrace: 9d5d00bb183e7e2690c3adf041565b02+0x3f10 @ 0x403f10 9d5d00bb183e7e2690c3adf041565b02+0x1b25 @ 0x401b25 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5 registers.esp: 1637628 registers.edi: 0 registers.eax: 1447909480 registers.ebp: 1637684 registers.edx: 22104 registers.ebx: 1 registers.esi: 7244216 registers.ecx: 20 exception.instruction_r: ed 89 45 e4 5a 59 5b 58 83 4d fc ff eb 11 33 c0 exception.symbol: 9d5d00bb183e7e2690c3adf041565b02+0x34e2 exception.instruction: in eax, dx exception.module: 9d5d00bb183e7e2690c3adf041565b02.exe exception.exception_code: 0xc0000096 exception.offset: 13538 exception.address: 0x4034e2	success	0	0

Allocates read-write-execute memory (usually to unpack itself) (6 个事件)

Time & API	Arguments	Status
1619784542.39875 NtAllocateVirtualMemory	process_identifier: 1940 region_size: 225280 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x003a0000	success
1619784542.39875 NtAllocateVirtualMemory	process_identifier: 1940 region_size: 221184 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x006d0000	success
1619784542.39875 NtProtectVirtualMemory	process_identifier: 1940 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 237568 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x00400000	success
1619784553.39925 NtAllocateVirtualMemory	process_identifier: 2940 region_size: 225280 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x022e0000	success
1619784553.39925 NtAllocateVirtualMemory	process_identifier: 2940 region_size: 221184 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x02320000	success
1619784553.39925 NtProtectVirtualMemory	process_identifier: 2940 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 237568 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x00400000	success

A process created a hidden window (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619784543.19575 CreateProcessInternalW	thread_identifier: 2216 thread_handle: 0x00000140 process_identifier: 2940 current_directory: filepath: track: 1 command_line: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\9d5d00bb183e7e2690c3adf041565b02.exe /C filepath_r: stack_pivoted: 0 creation_flags: 134217728 (CREATE_NO_WINDOW) process_handle: 0x00000144 inherit_handles: 0	success	1	0

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (6 个事件)

Time & API	Arguments	Status	Return
1619784543.07075 Process32NextW	process_name: wsqmcons.exe snapshot_handle: 0x00000140 process_identifier: 284	success	1
1619784543.08675 Process32NextW	process_name: sdclt.exe snapshot_handle: 0x00000140 process_identifier: 2104	success	1
1619784543.10275 Process32NextW	process_name: taskhost.exe snapshot_handle: 0x00000140 process_identifier: 368	success	1
1619784543.14875 Process32NextW	process_name: mobsync.exe snapshot_handle: 0x00000140 process_identifier: 364	success	1
1619784543.16475 Process32NextW	process_name: schtasks.exe snapshot_handle: 0x00000140 process_identifier: 2476	success	1
1619784543.18075 Process32NextW	process_name: conhost.exe snapshot_handle: 0x00000140 process_identifier: 2956	success	1

Expresses interest in specific running processes (1 个事件)

process

vboxservice.exe

Communicates with host for which no DNS query was performed (3 个事件)

host	172.217.24.14
host	203.208.40.98
host	203.208.41.65

Detects VMWare through the in instruction feature (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619784554.05625 __exception__	stacktrace: 9d5d00bb183e7e2690c3adf041565b02+0x3f07 @ 0x403f07 9d5d00bb183e7e2690c3adf041565b02+0x1b25 @ 0x401b25 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5 registers.esp: 1637624 registers.edi: 0 registers.eax: 1447909480 registers.ebp: 1637684 registers.edx: 22104 registers.ebx: 1 registers.esi: 7244216 registers.ecx: 10 exception.instruction_r: ed 89 5d e4 89 4d e0 5a 59 5b 58 83 4d fc ff eb exception.symbol: 9d5d00bb183e7e2690c3adf041565b02+0x3449 exception.instruction: in eax, dx exception.module: 9d5d00bb183e7e2690c3adf041565b02.exe exception.exception_code: 0xc0000096 exception.offset: 13385 exception.address: 0x403449	success	0	0

File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 个事件)

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
DrWeb	Trojan.QakBot.10
MicroWorld-eScan	Trojan.Agent.ERXJ
FireEye	Generic.mg.9d5d00bb183e7e26
McAfee	Packed-GCI!9D5D00BB183E
Cylance	Unsafe
Zillya	Trojan.Kryptik.Win32.2042674
Sangfor	Malware
K7AntiVirus	Trojan ( 0056a68e1 )
Alibaba	Ransom:Win32/AvaddonCrypt.194751f9
K7GW	Trojan ( 0056a68e1 )
Cybereason	malicious.2ed3b4
Arcabit	Trojan.Agent.ERXJ
BitDefenderTheta	Gen:NN.ZexaF.34670.lz1@a0bsSIbi
Cyren	W32/Trojan.FAA.gen!Eldorado
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win32/Kryptik.HDXN
APEX	Malicious
Avast	Win32:DangerousSig [Trj]
Kaspersky	HEUR:Trojan-Banker.Win32.Qbot.pef
BitDefender	Trojan.Agent.ERXJ
Paloalto	generic.ml
Ad-Aware	Trojan.Agent.ERXJ
Sophos	Mal/Generic-R + Mal/EncPk-APV
Comodo	Malware@#5mut81squi20
F-Secure	Trojan.TR/Crypt.ZPACK.Gen4
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Backdoor.Win32.QAKBOT.SME
McAfee-GW-Edition	Packed-GCI!9D5D00BB183E
Emsisoft	Trojan.Agent.ERXJ (B)
Ikarus	Trojan.Win32.Krypt
Jiangmin	Trojan.Banker.Qbot.qw
Avira	TR/Crypt.ZPACK.Gen4
Antiy-AVL	GrayWare/Win32.Kryptik.ehls
Kingsoft	Win32.Heur.KVMH008.a.(kcloud)
Gridinsoft	Trojan.Win32.Kryptik.ba!s1
Microsoft	Ransom:Win32/AvaddonCrypt.SO!MTB
ZoneAlarm	HEUR:Trojan-Banker.Win32.Qbot.pef
GData	Trojan.Agent.ERXJ
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Agent.R339837
Acronis	suspicious
VBA32	BScope.Trojan.Inject
ALYac	Trojan.Agent.ERXJ
MAX	malware (ai score=85)
Malwarebytes	Trojan.Qbot
TrendMicro-HouseCall	Backdoor.Win32.QAKBOT.SME
Rising	Trojan.Kryptik!1.C745 (CLASSIC)
SentinelOne	Static AI - Malicious PE

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)

dead_host	172.217.24.14:443
dead_host	172.217.27.142:443

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-06-08 23:04:45

Imports

Library KERNEL32.dll:

• 0x415720 GetModuleHandleW

• 0x415724 GetLastError

• 0x415728 Sleep

• 0x41572c LoadLibraryA

• 0x415730 GetProcAddress

• 0x415734 GetModuleFileNameA

• 0x415738 FreeEnvironmentStringsA

• 0x41573c GetEnvironmentStrings

• 0x415740 FreeEnvironmentStringsW

• 0x415744 WideCharToMultiByte

• 0x415748 GetEnvironmentStringsW

• 0x41574c SetHandleCount

• 0x415750 GetFileType

• 0x415754 HeapDestroy

• 0x415758 HeapCreate

• 0x41575c VirtualFree

• 0x415760 HeapFree

• 0x415764 HeapAlloc

• 0x415768 HeapReAlloc

• 0x41576c HeapSize

• 0x415770 GetACP

• 0x415774 GetOEMCP

• 0x415778 GetCPInfo

• 0x41577c VirtualAlloc

• 0x415780 RtlUnwind

• 0x415784 InterlockedExchange

• 0x415788 VirtualQuery

• 0x41578c RaiseException

• 0x415790 LCMapStringA

• 0x415794 MultiByteToWideChar

• 0x415798 LCMapStringW

• 0x41579c GetStringTypeA

• 0x4157a0 GetStringTypeW

• 0x4157a4 GetLocaleInfoA

• 0x4157a8 VirtualProtect

• 0x4157ac GetSystemInfo

• 0x4157b0 GetStdHandle

• 0x4157b4 GetModuleHandleA

• 0x4157b8 ExitProcess

• 0x4157bc GetCommandLineA

• 0x4157c0 GetStartupInfoA

• 0x4157c4 SetUnhandledExceptionFilter

• 0x4157c8 UnhandledExceptionFilter

• 0x4157cc GetCurrentProcess

• 0x4157d0 TerminateProcess

• 0x4157d4 GetSystemTimeAsFileTime

• 0x4157d8 GetCurrentProcessId

• 0x4157dc GetCurrentThreadId

• 0x4157e0 GetTickCount

• 0x4157e4 CreateFileW

• 0x4157e8 QueryPerformanceCounter

• 0x4157ec MulDiv

• 0x4157f0 lstrlenW

• 0x4157f4 GetVersionExA

• 0x4157f8 WriteFile

• 0x4157fc GetFileSize

• 0x415800 GlobalAlloc

• 0x415804 ReadFile

• 0x415808 lstrcpyW

• 0x41580c CloseHandle

• 0x415810 GlobalFree

• 0x415814 lstrcatW

• 0x415818 Process32First

• 0x41581c GlobalDeleteAtom

• 0x415820 GetCurrentDirectoryA

• 0x415824 WriteProfileSectionW

Library USER32.dll:

• 0x41582c EndMenu

• 0x415830 CloseClipboard

• 0x415834 CreatePopupMenu

• 0x415838 CountClipboardFormats

• 0x41583c AnyPopup

• 0x415840 CreateMenu

• 0x415844 LoadCursorFromFileW

• 0x415848 GetWindowDC

• 0x41584c GetWindowTextLengthW

• 0x415850 IsCharLowerW

• 0x415854 LoadCursorFromFileA

• 0x415858 GetWindowRect

• 0x41585c InvalidateRect

• 0x415860 EndDialog

• 0x415864 PeekMessageW

• 0x415868 EnableMenuItem

• 0x41586c GetMenu

• 0x415870 DialogBoxParamW

• 0x415874 LoadStringW

• 0x415878 MessageBoxW

• 0x41587c ReleaseDC

• 0x415880 GetDC

• 0x415884 SetCapture

• 0x415888 GetWindowPlacement

• 0x41588c IsIconic

• 0x415890 IsZoomed

• 0x415894 DrawMenuBar

• 0x415898 DrawTextW

• 0x41589c SetRect

• 0x4158a0 FrameRect

• 0x4158a4 FillRect

• 0x4158a8 OffsetRect

• 0x4158ac InvertRect

• 0x4158b0 IntersectRect

• 0x4158b4 ReleaseCapture

• 0x4158b8 UpdateWindow

• 0x4158bc PostMessageW

• 0x4158c0 PtInRect

• 0x4158c4 GetSubMenu

• 0x4158c8 GetDesktopWindow

• 0x4158cc MoveWindow

• 0x4158d0 DefWindowProcW

• 0x4158d4 GetForegroundWindow

• 0x4158d8 ShowWindow

• 0x4158dc GetSystemMetrics

• 0x4158e0 PostQuitMessage

• 0x4158e4 EndPaint

• 0x4158e8 BeginPaint

• 0x4158ec DestroyWindow

• 0x4158f0 WaitMessage

• 0x4158f4 DispatchMessageW

• 0x4158f8 TranslateMessage

• 0x4158fc TranslateAcceleratorW

• 0x415900 GetMessageW

• 0x415904 LoadAcceleratorsW

• 0x415908 CreateWindowExW

• 0x41590c RegisterClassW

• 0x415910 LoadCursorW

• 0x415914 LoadIconW

• 0x415918 MessageBoxA

• 0x41591c LoadStringA

• 0x415920 SetDlgItemTextW

• 0x415924 GetDlgItem

• 0x415928 WinHelpW

• 0x41592c CheckDlgButton

• 0x415930 IsDlgButtonChecked

• 0x415934 CheckRadioButton

• 0x415938 GetDlgItemTextW

• 0x41593c UnionRect

• 0x415940 SendMessageW

• 0x415944 SetTimer

• 0x415948 LoadBitmapW

• 0x41594c wsprintfW

• 0x415950 GetClientRect

• 0x415954 GetParent

• 0x415958 OemToCharA

• 0x41595c GetUserObjectInformationW

• 0x415960 MessageBoxIndirectW

• 0x415964 SetSysColors

• 0x415968 DefDlgProcW

• 0x41596c DdeQueryStringA

• 0x415970 SetMenuItemBitmaps

• 0x415974 SetWindowsHookA

• 0x415978 GetTopWindow

• 0x41597c EnumWindowStationsW

• 0x415980 InSendMessage

• 0x415984 GetKeyboardState

• 0x415988 DdePostAdvise

• 0x41598c InsertMenuItemW

• 0x415990 CreateMDIWindowW

• 0x415994 HiliteMenuItem

• 0x415998 CreateDialogIndirectParamA

• 0x41599c DdeSetUserHandle

• 0x4159a0 GetMenuState

• 0x4159a4 GetAncestor

Library GDI32.dll:

• 0x4159ac PathToRegion

• 0x4159b0 GetSystemPaletteUse

• 0x4159b4 RealizePalette

• 0x4159b8 UpdateColors

• 0x4159bc GetPixelFormat

• 0x4159c0 SwapBuffers

• 0x4159c4 GetTextAlign

• 0x4159c8 GetObjectType

• 0x4159cc GetLayout

• 0x4159d0 SetMetaRgn

• 0x4159d4 StrokePath

• 0x4159d8 GetGraphicsMode

• 0x4159dc GetStockObject

• 0x4159e0 UnrealizeObject

• 0x4159e4 GetTextCharacterExtra

• 0x4159e8 SaveDC

• 0x4159ec GetPolyFillMode

• 0x4159f0 WidenPath

• 0x4159f4 GetStretchBltMode

• 0x4159f8 GetMapMode

• 0x4159fc GetTextColor

• 0x415a00 GetROP2

• 0x415a04 GetTextCharset

• 0x415a08 CreatePatternBrush

• 0x415a0c CreateMetaFileW

• 0x415a10 AbortPath

• 0x415a14 DeleteColorSpace

• 0x415a18 GetEnhMetaFileA

• 0x415a1c BeginPath

• 0x415a20 EndPage

• 0x415a24 AddFontResourceA

• 0x415a28 CreateCompatibleDC

• 0x415a2c EndDoc

• 0x415a30 DeleteObject

• 0x415a34 GetBkColor

• 0x415a38 GdiGetBatchLimit

• 0x415a3c GetDeviceCaps

• 0x415a40 CreateFontIndirectW

• 0x415a44 Ellipse

• 0x415a48 GetTextExtentPoint32W

• 0x415a4c GetPixel

• 0x415a50 GdiFlush

• 0x415a54 ExcludeClipRect

• 0x415a58 RestoreDC

• 0x415a5c CreateCompatibleBitmap

• 0x415a60 CreateSolidBrush

• 0x415a64 GetBkMode

• 0x415a68 SetBkMode

• 0x415a6c SetTextColor

• 0x415a70 SetPixel

• 0x415a74 MoveToEx

• 0x415a78 LineTo

• 0x415a7c SelectObject

• 0x415a80 BitBlt

• 0x415a84 DeleteDC

• 0x415a88 FONTOBJ_vGetInfo

• 0x415a8c GdiGetLocalDC

• 0x415a90 OffsetClipRgn

• 0x415a94 GetEnhMetaFilePixelFormat

• 0x415a98 CopyEnhMetaFileW

• 0x415a9c CreateFontW

• 0x415aa0 GetColorAdjustment

• 0x415aa4 IntersectClipRect

• 0x415aa8 LPtoDP

• 0x415aac GetOutlineTextMetricsA

• 0x415ab0 RemoveFontResourceExW

• 0x415ab4 CreateDIBSection

• 0x415ab8 RectVisible

• 0x415abc GetSystemPaletteEntries

• 0x415ac0 GetNearestPaletteIndex

• 0x415ac4 GdiEntry11

• 0x415ac8 SelectBrushLocal

• 0x415acc SetBitmapBits

• 0x415ad0 GdiGetLocalBrush

• 0x415ad4 TranslateCharsetInfo

• 0x415ad8 SetSystemPaletteUse

• 0x415adc SelectClipRgn

• 0x415ae0 GdiReleaseDC

• 0x415ae4 GetPath

• 0x415ae8 CLIPOBJ_ppoGetPath

• 0x415aec EnumICMProfilesA

• 0x415af0 SetWindowOrgEx

• 0x415af4 ExtCreatePen

• 0x415af8 EngMultiByteToUnicodeN

• 0x415afc RemoveFontResourceA

• 0x415b00 GdiFullscreenControl

• 0x415b04 GdiQueryTable

• 0x415b08 GetICMProfileA

• 0x415b0c EngDeletePalette

• 0x415b10 DPtoLP

• 0x415b14 EngStretchBlt

Library ADVAPI32.dll:

• 0x415b1c GetUserNameA

• 0x415b20 RegOpenKeyA

• 0x415b24 RegQueryValueExA

• 0x415b28 RegCloseKey

• 0x415b2c RegQueryValueExW

• 0x415b30 RegOpenKeyExW

• 0x415b34 RegSetValueExW

• 0x415b38 RegCreateKeyExW

• 0x415b3c RegOpenKeyExA

• 0x415b40 RegOpenKeyW

Library SHELL32.dll:

• 0x415b48 SHGetSpecialFolderPathW

Library COMCTL32.dll:

• 0x415b50 InitCommonControlsEx

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
clients2.google.com	CNAME clients.l.google.com A 172.217.27.142	172.217.160.78
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	53237	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	60123	114.114.114.114	53
192.168.56.101	60215	114.114.114.114	53
192.168.56.101	63429	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49713	224.0.0.252	5355
192.168.56.101	50568	224.0.0.252	5355
192.168.56.101	53210	224.0.0.252	5355
192.168.56.101	53657	224.0.0.252	5355
192.168.56.101	56539	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	58367	224.0.0.252	5355
192.168.56.101	62318	224.0.0.252	5355
192.168.56.101	62912	224.0.0.252	5355
192.168.56.101	65004	224.0.0.252	5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.