8.4
高危
55 个模型检测该样本为恶意!
重新分析
更多

2ebb449949741b280edbf04046379225f1d7ac1c72cf3fcc728c50bd4540d035

a56e9526814cb3b34350aab18efcd499.exe

分析耗时

44s

最近分析

文件大小

255.5KB
静态报毒 动态报毒 100% AGEN AGENSLA AI SCORE=83 BTVALJ CONFIDENCE EHVJ EHYY ELDORADO FORMBO FORMBOOK GDSDA GENERICKD GENERICRXKC GENKRYPTIK HIGH CONFIDENCE IAAEEF IGENT MALICIOUS PE MSILKRYPT NANOCORE PASSWORDSTEALER PM0@AEZOVV PONY R + TROJ R066C0DHK20 R331341 SCORE SIGGEN9 STATIC AI SUSGEN TROJANPSW TROJANX TSCOPE UNSAFE YAKBEEXMSIL ZEMSILF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba TrojanPSW:MSIL/Agensla.f834e8c6 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:TrojanX-gen [Trj] 20201210 21.1.5827.0
Tencent 20201211 1.0.0.1
Kingsoft 20201211 2017.9.26.565
McAfee GenericRXKC-MM!A56E9526814C 20201211 6.0.6.653
静态指标
Checks if process is being debugged by a debugger (2 个事件)
Time & API Arguments Status Return Repeated
1620808796.34375
IsDebuggerPresent
failed 0 0
1620808796.34375
IsDebuggerPresent
failed 0 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620808796.35975
GlobalMemoryStatusEx
success 1 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (32 个事件)
Time & API Arguments Status Return Repeated
1620808795.64075
NtAllocateVirtualMemory
process_identifier: 2436
region_size: 1114112
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x003f0000
success 0 0
1620808795.64075
NtAllocateVirtualMemory
process_identifier: 2436
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004c0000
success 0 0
1620808796.23475
NtAllocateVirtualMemory
process_identifier: 2436
region_size: 983040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x005b0000
success 0 0
1620808796.23475
NtAllocateVirtualMemory
process_identifier: 2436
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00660000
success 0 0
1620808796.28075
NtProtectVirtualMemory
process_identifier: 2436
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73b91000
success 0 0
1620808796.34375
NtAllocateVirtualMemory
process_identifier: 2436
region_size: 1507328
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00be0000
success 0 0
1620808796.34375
NtAllocateVirtualMemory
process_identifier: 2436
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00d10000
success 0 0
1620808796.34375
NtAllocateVirtualMemory
process_identifier: 2436
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002aa000
success 0 0
1620808796.34375
NtProtectVirtualMemory
process_identifier: 2436
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73b92000
success 0 0
1620808796.34375
NtAllocateVirtualMemory
process_identifier: 2436
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002a2000
success 0 0
1620808796.62475
NtAllocateVirtualMemory
process_identifier: 2436
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002b2000
success 0 0
1620808796.71875
NtAllocateVirtualMemory
process_identifier: 2436
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002e5000
success 0 0
1620808796.71875
NtAllocateVirtualMemory
process_identifier: 2436
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002eb000
success 0 0
1620808796.71875
NtAllocateVirtualMemory
process_identifier: 2436
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002e7000
success 0 0
1620808796.84375
NtAllocateVirtualMemory
process_identifier: 2436
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002b3000
success 0 0
1620808796.87475
NtAllocateVirtualMemory
process_identifier: 2436
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002bc000
success 0 0
1620808797.56275
NtAllocateVirtualMemory
process_identifier: 2436
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002b4000
success 0 0
1620808797.56275
NtAllocateVirtualMemory
process_identifier: 2436
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002b6000
success 0 0
1620808797.67175
NtAllocateVirtualMemory
process_identifier: 2436
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00500000
success 0 0
1620808797.82775
NtAllocateVirtualMemory
process_identifier: 2436
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002da000
success 0 0
1620808797.82775
NtAllocateVirtualMemory
process_identifier: 2436
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002d7000
success 0 0
1620808798.45275
NtAllocateVirtualMemory
process_identifier: 2436
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002d6000
success 0 0
1620808799.01575
NtAllocateVirtualMemory
process_identifier: 2436
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00661000
success 0 0
1620808799.10975
NtAllocateVirtualMemory
process_identifier: 2436
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00501000
success 0 0
1620808799.79675
NtAllocateVirtualMemory
process_identifier: 2436
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002b7000
success 0 0
1620808799.89075
NtAllocateVirtualMemory
process_identifier: 2436
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002b8000
success 0 0
1620808799.92175
NtAllocateVirtualMemory
process_identifier: 2436
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002b9000
success 0 0
1620808800.01575
NtAllocateVirtualMemory
process_identifier: 2436
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00c40000
success 0 0
1620808800.03075
NtAllocateVirtualMemory
process_identifier: 2436
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00502000
success 0 0
1620808800.26575
NtAllocateVirtualMemory
process_identifier: 2436
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00503000
success 0 0
1620808800.31275
NtAllocateVirtualMemory
process_identifier: 2436
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00504000
success 0 0
1620836296.63175
NtAllocateVirtualMemory
process_identifier: 2104
region_size: 3158016
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00b90000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.872348983777239 section {'size_of_data': '0x0003f400', 'virtual_address': '0x00002000', 'entropy': 7.872348983777239, 'name': '.text', 'virtual_size': '0x0003f244'} description A section with a high entropy has been found
entropy 0.9921568627450981 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Allocates execute permission to another process indicative of possible code injection (1 个事件)
Time & API Arguments Status Return Repeated
1620808800.31275
NtAllocateVirtualMemory
process_identifier: 2104
region_size: 172032
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000224
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
success 0 0
Potential code injection by writing to the memory of another process (2 个事件)
Time & API Arguments Status Return Repeated
1620808800.31275
WriteProcessMemory
process_identifier: 2104
buffer: MZERèXƒè ‹ÈƒÀ<‹ÁƒÀ(ÿáÈº´ Í!¸LÍ!This program cannot be run in DOS mode. $wÏEÂ3®+‘3®+‘3®+‘\؀‘q®+‘\ص‘0®+‘\ض‘2®+‘Rich3®+‘PEL@à  Ž°· @ @.textTŽ `
process_handle: 0x00000224
base_address: 0x00400000
success 1 0
1620808800.31275
WriteProcessMemory
process_identifier: 2104
buffer: @
process_handle: 0x00000224
base_address: 0x7efde008
success 1 0
Code injection by writing an executable or DLL to the memory of another process (1 个事件)
Time & API Arguments Status Return Repeated
1620808800.31275
WriteProcessMemory
process_identifier: 2104
buffer: MZERèXƒè ‹ÈƒÀ<‹ÁƒÀ(ÿáÈº´ Í!¸LÍ!This program cannot be run in DOS mode. $wÏEÂ3®+‘3®+‘3®+‘\؀‘q®+‘\ص‘0®+‘\ض‘2®+‘Rich3®+‘PEL@à  Ž°· @ @.textTŽ `
process_handle: 0x00000224
base_address: 0x00400000
success 1 0
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2436 called NtSetContextThread to modify thread in remote process 2104
Time & API Arguments Status Return Repeated
1620808800.31275
NtSetContextThread
thread_handle: 0x00000220
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4306864
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2104
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2436 resumed a thread in remote process 2104
Time & API Arguments Status Return Repeated
1620808800.39075
NtResumeThread
thread_handle: 0x00000220
suspend_count: 1
process_identifier: 2104
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 172.217.160.110:443
Executed a process and injected code into it, probably while unpacking (11 个事件)
Time & API Arguments Status Return Repeated
1620808796.34375
NtResumeThread
thread_handle: 0x000000d8
suspend_count: 1
process_identifier: 2436
success 0 0
1620808796.35975
NtResumeThread
thread_handle: 0x00000124
suspend_count: 1
process_identifier: 2436
success 0 0
1620808796.35975
NtResumeThread
thread_handle: 0x0000016c
suspend_count: 1
process_identifier: 2436
success 0 0
1620808800.31275
CreateProcessInternalW
thread_identifier: 472
thread_handle: 0x00000220
process_identifier: 2104
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\a56e9526814cb3b34350aab18efcd499.exe
track: 1
command_line: "{path}"
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\a56e9526814cb3b34350aab18efcd499.exe
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000224
inherit_handles: 0
success 1 0
1620808800.31275
NtGetContextThread
thread_handle: 0x00000220
success 0 0
1620808800.31275
NtAllocateVirtualMemory
process_identifier: 2104
region_size: 172032
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000224
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
success 0 0
1620808800.31275
WriteProcessMemory
process_identifier: 2104
buffer: MZERèXƒè ‹ÈƒÀ<‹ÁƒÀ(ÿáÈº´ Í!¸LÍ!This program cannot be run in DOS mode. $wÏEÂ3®+‘3®+‘3®+‘\؀‘q®+‘\ص‘0®+‘\ض‘2®+‘Rich3®+‘PEL@à  Ž°· @ @.textTŽ `
process_handle: 0x00000224
base_address: 0x00400000
success 1 0
1620808800.31275
WriteProcessMemory
process_identifier: 2104
buffer:
process_handle: 0x00000224
base_address: 0x00401000
success 1 0
1620808800.31275
WriteProcessMemory
process_identifier: 2104
buffer: @
process_handle: 0x00000224
base_address: 0x7efde008
success 1 0
1620808800.31275
NtSetContextThread
thread_handle: 0x00000220
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4306864
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2104
success 0 0
1620808800.39075
NtResumeThread
thread_handle: 0x00000220
suspend_count: 1
process_identifier: 2104
success 0 0
File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.33613323
FireEye Generic.mg.a56e9526814cb3b3
CAT-QuickHeal Trojan.YakbeexMSIL.ZZ4
ALYac Trojan.Agent.FormBook
Cylance Unsafe
Zillya Trojan.GenKryptik.Win32.45683
Sangfor Malware
K7AntiVirus Trojan ( 00563ff01 )
Alibaba TrojanPSW:MSIL/Agensla.f834e8c6
K7GW Trojan ( 00563ff01 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.Generic.D200E60B
Cyren W32/MSIL_Agent.BFC.gen!Eldorado
Symantec Trojan Horse
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Trojan-PSW.MSIL.Agensla.gen
BitDefender Trojan.GenericKD.33613323
NANO-Antivirus Trojan.Win32.Agensla.iaaeef
Avast Win32:TrojanX-gen [Trj]
Ad-Aware Trojan.GenericKD.33613323
Emsisoft Trojan.GenericKD.33613323 (B)
F-Secure Heuristic.HEUR/AGEN.1132803
DrWeb Trojan.Siggen9.33739
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R066C0DHK20
McAfee-GW-Edition BehavesLike.Win32.Generic.dc
Sophos Mal/Generic-R + Troj/Formbo-L
SentinelOne Static AI - Malicious PE
Webroot W32.Malware.Gen
Avira HEUR/AGEN.1132803
Antiy-AVL Trojan[PSW]/MSIL.Agensla
Gridinsoft Adware.Win32.NanoCore.dd!n
Microsoft Trojan:MSIL/Pony!MTB
AegisLab Trojan.Multi.Generic.4!c
ZoneAlarm HEUR:Trojan-PSW.MSIL.Agensla.gen
GData Trojan.GenericKD.33613323
Cynet Malicious (score: 85)
AhnLab-V3 Trojan/Win32.MSILKrypt.R331341
McAfee GenericRXKC-MM!A56E9526814C
MAX malware (ai score=83)
VBA32 TScope.Trojan.MSIL
Malwarebytes Spyware.PasswordStealer
ESET-NOD32 a variant of MSIL/GenKryptik.EHVJ
TrendMicro-HouseCall TROJ_GEN.R066C0DHK20
Yandex Trojan.Igent.bTvALj.2
Ikarus Trojan.MSIL.Inject
MaxSecure Trojan.Malware.300983.susgen
Fortinet MSIL/GenKryptik.EHYY!tr
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-04-05 23:47:11

Imports

Library mscoree.dll:
0x402000 _CorExeMain

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 61680 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49236 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.