5.4
中危
49 个模型检测该样本为恶意!
重新分析
更多

bdac5afaee629b69cb044c868417bc09b42f3217cd3e5634233b4aa5a397c246

addeb4eee696f765e619034a9e6f3015.exe

分析耗时

135s

最近分析

文件大小

1.1MB
静态报毒 动态报毒 +YBIRCZM 100% AI SCORE=88 AIDETECT ARTEMIS ATTRIBUTE BULZ CLOUD CONFIDENCE GDSDA HGIASOGA HIGH CONFIDENCE HIGHCONFIDENCE HQOFBV IHEFG LRIS MALWARE2 NTEJ REMCOS RUGMI SCORE SUSGEN UNSAFE YMACCO 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Backdoor:Win32/Remcos.cb879c2e 20190527 0.3.0.5
Avast Win32:Malware-gen 20210301 21.1.5827.0
Tencent Win32.Backdoor.Remcos.Lris 20210302 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft 20210302 2017.9.26.565
McAfee Artemis!ADDEB4EEE696 20210301 6.0.6.653
CrowdStrike win/malicious_confidence_100% (W) 20210203 1.0
静态指标
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1620986355.266
NtAllocateVirtualMemory
process_identifier: 3044
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01e40000
success 0 0
1620986368.141
NtAllocateVirtualMemory
process_identifier: 3044
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01ec0000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620986389.546875
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 6.887109335316444 section {'size_of_data': '0x0000ea00', 'virtual_address': '0x000f5000', 'entropy': 6.887109335316444, 'name': '.data', 'virtual_size': '0x00013000'} description A section with a high entropy has been found
Uses Windows utilities for basic Windows functionality (1 个事件)
cmdline C:\Windows\System32\ipconfig.exe
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 172.217.24.14
host 203.208.40.34
host 203.208.41.33
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1620986392.171875
RegSetValueExA
key_handle: 0x00000414
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620986392.171875
RegSetValueExA
key_handle: 0x00000414
value: Ëxê™H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620986392.171875
RegSetValueExA
key_handle: 0x00000414
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620986392.171875
RegSetValueExW
key_handle: 0x00000414
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620986392.171875
RegSetValueExA
key_handle: 0x00000424
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620986392.171875
RegSetValueExA
key_handle: 0x00000424
value: Ëxê™H×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620986392.171875
RegSetValueExA
key_handle: 0x00000424
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620986392.234875
RegSetValueExW
key_handle: 0x00000410
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
File has been identified by 49 AntiVirus engines on VirusTotal as malicious (49 个事件)
Bkav W32.AIDetect.malware2
Elastic malicious (high confidence)
DrWeb BackDoor.Rat.281
MicroWorld-eScan Gen:Variant.Bulz.26378
FireEye Generic.mg.addeb4eee696f765
ALYac Gen:Variant.Bulz.26378
Cylance Unsafe
Zillya Downloader.Rugmi.Win32.82
AegisLab Trojan.Win32.Remcos.m!c
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Backdoor:Win32/Remcos.cb879c2e
K7GW Riskware ( 0040eff71 )
Cybereason malicious.ee696f
Arcabit Trojan.Bulz.D670A
Cyren W32/Trojan.NTEJ-1709
Symantec ML.Attribute.HighConfidence
ESET-NOD32 Win32/TrojanDownloader.Rugmi.FAH
APEX Malicious
Kaspersky Backdoor.Win32.Remcos.pti
BitDefender Gen:Variant.Bulz.26378
NANO-Antivirus Trojan.Win32.Remcos.hqofbv
Avast Win32:Malware-gen
Tencent Win32.Backdoor.Remcos.Lris
Ad-Aware Gen:Variant.Bulz.26378
Emsisoft Gen:Variant.Bulz.26378 (B)
F-Secure Backdoor.BDS/Remcos.ihefg
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition BehavesLike.Win32.Worm.th
Sophos Mal/Generic-S
Ikarus Trojan-Downloader.Win32.Rugmi
Jiangmin Backdoor.Remcos.ccf
Webroot W32.Trojan.Gen
Avira BDS/Remcos.ihefg
Microsoft Trojan:Win32/Ymacco.AABD
ZoneAlarm Backdoor.Win32.Remcos.pti
GData Gen:Variant.Bulz.26378
Cynet Malicious (score: 100)
McAfee Artemis!ADDEB4EEE696
MAX malware (ai score=88)
VBA32 Backdoor.Remcos
Malwarebytes Backdoor.Remcos
Rising Backdoor.Remcos!8.B89E (CLOUD)
Yandex Trojan.DL.Rugmi!WY/+yBIrcZM
Fortinet W32/Rugmi.FAH!tr.dldr
MaxSecure Trojan.Malware.1728101.susgen
AVG Win32:Malware-gen
Panda Trj/GdSda.A
CrowdStrike win/malicious_confidence_100% (W)
Qihoo-360 Win32/Backdoor.Remcos.HgIASOgA
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.27.142:443
dead_host 98.159.108.71:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-08-03 22:28:40

Imports

Library ADVAPI32.DLL:
0x50a0d8 RegCloseKey
0x50a0dc RegDeleteValueW
0x50a0e0 RegEnumKeyA
0x50a0e4 RegOpenKeyA
0x50a0e8 RegOpenKeyExA
0x50a0ec RegQueryValueA
0x50a0f0 RegQueryValueExA
0x50a0f4 RegSaveKeyW
Library KERNEL32.DLL:
0x50a280 CloseHandle
0x50a284 CompareStringA
0x50a288 CreateEventA
0x50a28c CreateFileA
0x50a290 CreateThread
0x50a29c EnumCalendarInfoA
0x50a2a0 ExitProcess
0x50a2a4 FindClose
0x50a2a8 FindFirstFileA
0x50a2ac FindResourceA
0x50a2b0 FormatMessageA
0x50a2b4 FreeLibrary
0x50a2b8 FreeResource
0x50a2bc GetACP
0x50a2c0 GetCPInfo
0x50a2c4 GetCommandLineA
0x50a2c8 GetComputerNameA
0x50a2cc GetCurrentProcessId
0x50a2d0 GetCurrentThreadId
0x50a2d4 GetDateFormatA
0x50a2d8 GetDiskFreeSpaceA
0x50a2e0 GetFileSize
0x50a2e4 GetFileType
0x50a2e8 GetLastError
0x50a2ec GetLocalTime
0x50a2f0 GetLocaleInfoA
0x50a2f4 GetModuleFileNameA
0x50a2f8 GetModuleHandleA
0x50a2fc GetOEMCP
0x50a300 GetProcAddress
0x50a304 GetProcessHeap
0x50a308 GetStartupInfoA
0x50a30c GetStdHandle
0x50a310 GetStringTypeExA
0x50a314 GetStringTypeW
0x50a318 GetSystemInfo
0x50a31c GetSystemTime
0x50a320 GetThreadLocale
0x50a324 GetTickCount
0x50a32c GetVersion
0x50a330 GetVersionExA
0x50a334 GlobalAddAtomA
0x50a338 GlobalAlloc
0x50a33c GlobalDeleteAtom
0x50a340 GlobalFindAtomA
0x50a344 GlobalFree
0x50a348 GlobalHandle
0x50a34c GlobalLock
0x50a350 GlobalReAlloc
0x50a354 GlobalUnlock
0x50a358 HeapAlloc
0x50a35c HeapFree
0x50a370 LoadLibraryA
0x50a374 LoadLibraryExA
0x50a378 LoadResource
0x50a37c LocalAlloc
0x50a380 LocalFree
0x50a384 LockResource
0x50a388 MulDiv
0x50a38c MultiByteToWideChar
0x50a390 RaiseException
0x50a394 ReadFile
0x50a398 ResetEvent
0x50a39c RtlUnwind
0x50a3a4 SetEndOfFile
0x50a3a8 SetErrorMode
0x50a3ac SetEvent
0x50a3b0 SetFilePointer
0x50a3b4 SetHandleCount
0x50a3b8 SetLastError
0x50a3bc SetThreadLocale
0x50a3c0 SizeofResource
0x50a3c4 Sleep
0x50a3c8 TlsAlloc
0x50a3cc TlsFree
0x50a3d0 TlsGetValue
0x50a3d4 TlsSetValue
0x50a3dc VirtualAlloc
0x50a3e0 VirtualFree
0x50a3e4 VirtualQuery
0x50a3e8 WaitForSingleObject
0x50a3ec WideCharToMultiByte
0x50a3f0 WriteFile
0x50a3f4 lstrcpyA
0x50a3f8 lstrcpynA
0x50a3fc lstrlenA
Library COMCTL32.DLL:
0x50a460 ImageList_Add
0x50a464 ImageList_BeginDrag
0x50a468 ImageList_Create
0x50a46c ImageList_Destroy
0x50a470 ImageList_DragEnter
0x50a474 ImageList_DragLeave
0x50a478 ImageList_DragMove
0x50a480 ImageList_Draw
0x50a484 ImageList_DrawEx
0x50a488 ImageList_EndDrag
0x50a49c ImageList_Read
0x50a4a0 ImageList_Remove
0x50a4b4 ImageList_Write
Library GDI32.DLL:
0x50a618 Arc
0x50a61c BitBlt
0x50a620 CopyEnhMetaFileA
0x50a624 CreateBitmap
0x50a628 CreateBrushIndirect
0x50a630 CreateCompatibleDC
0x50a634 CreateDIBSection
0x50a638 CreateDIBitmap
0x50a63c CreateFontIndirectA
0x50a644 CreatePalette
0x50a648 CreatePenIndirect
0x50a64c CreatePolygonRgn
0x50a650 CreateRectRgn
0x50a654 CreateSolidBrush
0x50a658 DeleteDC
0x50a65c DeleteEnhMetaFile
0x50a660 DeleteObject
0x50a664 Ellipse
0x50a668 ExcludeClipRect
0x50a66c ExtCreatePen
0x50a670 ExtSelectClipRgn
0x50a674 ExtTextOutA
0x50a678 GetBitmapBits
0x50a67c GetBkColor
0x50a680 GetBkMode
0x50a684 GetBrushOrgEx
0x50a688 GetClipBox
0x50a690 GetDCOrgEx
0x50a694 GetDIBColorTable
0x50a698 GetDIBits
0x50a69c GetDeviceCaps
0x50a6a0 GetEnhMetaFileBits
0x50a6ac GetObjectA
0x50a6b0 GetPaletteEntries
0x50a6b4 GetPixel
0x50a6b8 GetStockObject
0x50a6c0 GetTextAlign
0x50a6c8 GetTextMetricsA
0x50a6cc GetWinMetaFileBits
0x50a6d0 GetWindowOrgEx
0x50a6d4 IntersectClipRect
0x50a6d8 LPtoDP
0x50a6dc LineTo
0x50a6e0 MaskBlt
0x50a6e4 MoveToEx
0x50a6e8 PatBlt
0x50a6ec Pie
0x50a6f0 PlayEnhMetaFile
0x50a6f4 PolyPolyline
0x50a6f8 Polygon
0x50a6fc Polyline
0x50a700 RealizePalette
0x50a704 RectVisible
0x50a708 Rectangle
0x50a70c RestoreDC
0x50a710 RoundRect
0x50a714 SaveDC
0x50a718 SelectClipRgn
0x50a71c SelectObject
0x50a720 SelectPalette
0x50a724 SetBkColor
0x50a728 SetBkMode
0x50a72c SetBrushOrgEx
0x50a730 SetDIBColorTable
0x50a734 SetEnhMetaFileBits
0x50a738 SetMapMode
0x50a73c SetPixel
0x50a740 SetROP2
0x50a744 SetStretchBltMode
0x50a748 SetTextAlign
0x50a74c SetTextColor
0x50a750 SetViewportExtEx
0x50a754 SetViewportOrgEx
0x50a758 SetWinMetaFileBits
0x50a75c SetWindowExtEx
0x50a760 SetWindowOrgEx
0x50a764 StretchBlt
0x50a768 TextOutA
0x50a76c UnrealizeObject
Library USER32.DLL:
0x50aa34 AdjustWindowRectEx
0x50aa38 BeginPaint
0x50aa3c CallNextHookEx
0x50aa40 CallWindowProcA
0x50aa44 CharLowerA
0x50aa48 CharLowerBuffA
0x50aa4c CharNextA
0x50aa50 CharUpperBuffA
0x50aa54 CheckMenuItem
0x50aa58 ClientToScreen
0x50aa5c CloseClipboard
0x50aa60 CreateIcon
0x50aa64 CreateMenu
0x50aa68 CreatePopupMenu
0x50aa6c CreateWindowExA
0x50aa70 DefFrameProcA
0x50aa74 DefMDIChildProcA
0x50aa78 DefWindowProcA
0x50aa7c DeleteMenu
0x50aa80 DestroyCursor
0x50aa84 DestroyIcon
0x50aa88 DestroyMenu
0x50aa8c DestroyWindow
0x50aa90 DispatchMessageA
0x50aa94 DrawEdge
0x50aa98 DrawFocusRect
0x50aa9c DrawFrameControl
0x50aaa0 DrawIcon
0x50aaa4 DrawIconEx
0x50aaa8 DrawMenuBar
0x50aaac DrawTextA
0x50aab0 EmptyClipboard
0x50aab4 EnableMenuItem
0x50aab8 EnableScrollBar
0x50aabc EnableWindow
0x50aac0 EndPaint
0x50aac8 EnumThreadWindows
0x50aacc EnumWindows
0x50aad0 EqualRect
0x50aad4 FillRect
0x50aad8 FindWindowA
0x50aadc FrameRect
0x50aae0 GetActiveWindow
0x50aae4 GetCapture
0x50aae8 GetCaretPos
0x50aaec GetClassInfoA
0x50aaf0 GetClassNameA
0x50aaf4 GetClientRect
0x50aaf8 GetClipboardData
0x50aafc GetCursor
0x50ab00 GetCursorPos
0x50ab04 GetDC
0x50ab08 GetDCEx
0x50ab0c GetDesktopWindow
0x50ab10 GetDoubleClickTime
0x50ab14 GetFocus
0x50ab18 GetForegroundWindow
0x50ab1c GetIconInfo
0x50ab20 GetKeyNameTextA
0x50ab24 GetKeyState
0x50ab28 GetKeyboardLayout
0x50ab30 GetKeyboardState
0x50ab34 GetKeyboardType
0x50ab38 GetLastActivePopup
0x50ab3c GetMenu
0x50ab40 GetMenuItemCount
0x50ab44 GetMenuItemID
0x50ab48 GetMenuItemInfoA
0x50ab4c GetMenuState
0x50ab50 GetMenuStringA
0x50ab54 GetMessageTime
0x50ab58 GetParent
0x50ab5c GetPropA
0x50ab60 GetScrollInfo
0x50ab64 GetScrollPos
0x50ab68 GetScrollRange
0x50ab6c GetSubMenu
0x50ab70 GetSystemMenu
0x50ab74 GetSystemMetrics
0x50ab78 GetTopWindow
0x50ab7c GetWindow
0x50ab80 GetWindowDC
0x50ab84 GetWindowLongA
0x50ab88 GetWindowPlacement
0x50ab8c GetWindowRect
0x50ab90 GetWindowTextA
0x50ab98 InflateRect
0x50ab9c InsertMenuA
0x50aba0 InsertMenuItemA
0x50aba4 IntersectRect
0x50aba8 InvalidateRect
0x50abac IsCharAlphaA
0x50abb0 IsCharAlphaNumericA
0x50abb4 IsChild
0x50abb8 IsDialogMessageA
0x50abbc IsIconic
0x50abc0 IsRectEmpty
0x50abc4 IsWindow
0x50abc8 IsWindowEnabled
0x50abcc IsWindowVisible
0x50abd0 IsZoomed
0x50abd4 KillTimer
0x50abd8 LoadBitmapA
0x50abdc LoadCursorA
0x50abe0 LoadIconA
0x50abe4 LoadKeyboardLayoutA
0x50abe8 LoadStringA
0x50abec MapVirtualKeyA
0x50abf0 MapWindowPoints
0x50abf4 MessageBeep
0x50abf8 MessageBoxA
0x50abfc OemToCharA
0x50ac00 OffsetRect
0x50ac04 OpenClipboard
0x50ac08 PeekMessageA
0x50ac0c PostMessageA
0x50ac10 PostQuitMessage
0x50ac14 PtInRect
0x50ac18 RedrawWindow
0x50ac1c RegisterClassA
0x50ac28 ReleaseCapture
0x50ac2c ReleaseDC
0x50ac30 RemoveMenu
0x50ac34 RemovePropA
0x50ac38 ScreenToClient
0x50ac3c ScrollWindow
0x50ac40 ScrollWindowEx
0x50ac44 SendMessageA
0x50ac48 SetActiveWindow
0x50ac4c SetCapture
0x50ac50 SetClassLongA
0x50ac54 SetClipboardData
0x50ac58 SetCursor
0x50ac5c SetFocus
0x50ac60 SetForegroundWindow
0x50ac64 SetKeyboardState
0x50ac68 SetMenu
0x50ac6c SetMenuItemInfoA
0x50ac70 SetParent
0x50ac74 SetPropA
0x50ac78 SetRect
0x50ac7c SetScrollInfo
0x50ac80 SetScrollPos
0x50ac84 SetScrollRange
0x50ac88 SetTimer
0x50ac8c SetWindowLongA
0x50ac90 SetWindowPlacement
0x50ac94 SetWindowPos
0x50ac98 SetWindowTextA
0x50ac9c SetWindowsHookExA
0x50aca0 ShowCursor
0x50aca4 ShowOwnedPopups
0x50aca8 ShowScrollBar
0x50acac ShowWindow
0x50acb4 TrackPopupMenu
0x50acbc TranslateMessage
0x50acc0 UnhookWindowsHookEx
0x50acc4 UnionRect
0x50acc8 UnregisterClassA
0x50accc UpdateWindow
0x50acd0 ValidateRect
0x50acd4 WaitMessage
0x50acd8 WinHelpA
0x50acdc WindowFromPoint
0x50ace0 wsprintfA
0x50ace4 GetSysColor
Library OLE32.DLL:
0x50ad14 CLSIDFromProgID
0x50ad18 CLSIDFromString
0x50ad1c CoCreateInstance
0x50ad20 CoInitialize
0x50ad24 CoTaskMemFree
0x50ad28 CoUninitialize
0x50ad2c IsEqualGUID
0x50ad30 ProgIDFromCLSID
0x50ad34 StringFromCLSID
Library OLEAUT32.DLL:
0x50adb8 CreateErrorInfo
0x50adbc GetErrorInfo
0x50adc0 SafeArrayAccessData
0x50adc4 SafeArrayCreate
0x50adc8 SafeArrayGetElement
0x50adcc SafeArrayGetLBound
0x50add0 SafeArrayGetUBound
0x50add4 SafeArrayPtrOfIndex
0x50add8 SafeArrayPutElement
0x50addc SafeArrayRedim
0x50ade4 SetErrorInfo
0x50ade8 SysAllocStringLen
0x50adec SysFreeString
0x50adf0 SysReAllocStringLen
0x50adf4 VarBoolFromStr
0x50adf8 VarBstrFromBool
0x50adfc VarBstrFromCy
0x50ae00 VarBstrFromDate
0x50ae04 VarCyFromStr
0x50ae08 VarDateFromStr
0x50ae0c VarI4FromStr
0x50ae10 VarNeg
0x50ae14 VarNot
0x50ae18 VarR8FromStr
0x50ae1c VariantChangeTypeEx
0x50ae20 VariantClear
0x50ae24 VariantCopy
0x50ae28 VariantCopyInd
0x50ae2c VariantInit
Library WININET.DLL:
0x50ae74 HttpOpenRequestA
0x50ae78 HttpQueryInfoA
0x50ae7c HttpSendRequestA
0x50ae84 InternetCloseHandle
0x50ae88 InternetConnectA
0x50ae8c InternetCrackUrlA
0x50ae90 InternetErrorDlg
0x50ae94 InternetOpenA
0x50aea0 InternetReadFile
0x50aea4 InternetSetOptionA

Exports

Ordinal Address Name
3 0x402714 @@Dick@Finalize
2 0x402704 @@Dick@Initialize
5 0x503884 _Form1
1 0x4015f5 __GetExceptDLLinfo
4 0x4f5098 ___CPPdebugHook

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 57236 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50002 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 54178 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.