8.2
高危
55 个模型检测该样本为恶意!
重新分析
更多

e127b93395eb2d0cf5b3b1e43257b342fb51f7b68e55615aed0366c2d313b875

b1e5cc8b0b26ca63431f37366bf59ad0.exe

分析耗时

74s

最近分析

文件大小

940.0KB
静态报毒 动态报毒 1QEZ5QJN5TU 6SW@AOB@IRHI AD@8ROQPA AGEN AI SCORE=85 AIDETECTVM BENA CONFIDENCE DANABOT ELDORADO FSHP GENCIRC GENETIC HIGH CONFIDENCE HJZRRZ KCLOUD MALWARE1 NQ6E0U8C9KG R + TROJ R293847 SCORE SIGGEN9 SMTHA STATIC AI SUSPICIOUS PE TROJANBANKER ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba TrojanDropper:Win32/DanaBot.62d8f594 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20201210 21.1.5827.0
Kingsoft Win32.Troj.Banker.(kcloud) 20201211 2017.9.26.565
McAfee Trojan-FSHP!B1E5CC8B0B26 20201211 6.0.6.653
Tencent Malware.Win32.Gencirc.10ba288d 20201211 1.0.0.1
静态指标
Queries for the computername (2 个事件)
Time & API Arguments Status Return Repeated
1619884135.896626
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619884137.443374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Checks if process is being debugged by a debugger (1 个事件)
Time & API Arguments Status Return Repeated
1619884137.771374
IsDebuggerPresent
failed 0 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 个事件)
section .itext
section .didata
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name IDLB
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1619884136.037626
__exception__
stacktrace: 
__dbk_fcall_wrapper+0x3d62d f0-0x6401b b1e5cc~1+0x49379 @ 0x2669379
__dbk_fcall_wrapper+0x6d56b f0-0x340dd b1e5cc~1+0x792b7 @ 0x26992b7
ServiceMain+0xa25 dbkFCallWrapperAddr-0xacf7 b1e5cc~1+0xb2935 @ 0x26d2935
ServiceMain+0x5712 dbkFCallWrapperAddr-0x600a b1e5cc~1+0xb7622 @ 0x26d7622
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77d69930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77d6d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77d6d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77d6c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x752fd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x778f1d2a
regsvr32+0x20ff @ 0x9920ff
regsvr32+0x2669 @ 0x992669
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1892136
registers.edi: 1893340
registers.eax: 0
registers.ebp: 1892260
registers.edx: 0
registers.ebx: 40749972
registers.esi: 40750020
registers.ecx: 259981951
exception.instruction_r: 8b 40 3c 99 03 04 24 13 54 24 04 83 c4 08 89 45
exception.instruction: mov eax, dword ptr [eax + 0x3c]
exception.exception_code: 0xc0000005
exception.symbol: __dbk_fcall_wrapper+0x16af1 f0-0x8ab57 b1e5cc~1+0x2283d
exception.address: 0x264283d
success 0 0
1619884137.583374
__exception__
stacktrace: 
__dbk_fcall_wrapper+0x3d62d f0-0x6401b b1e5cc~1+0x49379 @ 0x8f9379
__dbk_fcall_wrapper+0x6d56b f0-0x340dd b1e5cc~1+0x792b7 @ 0x9292b7
ServiceMain+0xa25 dbkFCallWrapperAddr-0xacf7 b1e5cc~1+0xb2935 @ 0x962935
ServiceMain+0x5712 dbkFCallWrapperAddr-0x600a b1e5cc~1+0xb7622 @ 0x967622
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77d69930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77d6d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77d6d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77d6c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x752fd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x778f1d2a
rundll32+0x14ed @ 0x5814ed
rundll32+0x1baf @ 0x581baf
rundll32+0x12e8 @ 0x5812e8
rundll32+0x1901 @ 0x581901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1699496
registers.edi: 1700700
registers.eax: 0
registers.ebp: 1699620
registers.edx: 0
registers.ebx: 9882516
registers.esi: 9882564
registers.ecx: 259981951
exception.instruction_r: 8b 40 3c 99 03 04 24 13 54 24 04 83 c4 08 89 45
exception.instruction: mov eax, dword ptr [eax + 0x3c]
exception.exception_code: 0xc0000005
exception.symbol: __dbk_fcall_wrapper+0x16af1 f0-0x8ab57 b1e5cc~1+0x2283d
exception.address: 0x8d283d
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (20 个事件)
Time & API Arguments Status Return Repeated
1619884135.740626
NtProtectVirtualMemory
process_identifier: 2120
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x026e1000
success 0 0
1619884135.740626
NtProtectVirtualMemory
process_identifier: 2120
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x755d1000
success 0 0
1619884135.740626
NtProtectVirtualMemory
process_identifier: 2120
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x754f1000
success 0 0
1619884135.740626
NtProtectVirtualMemory
process_identifier: 2120
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75501000
success 0 0
1619884135.958626
NtProtectVirtualMemory
process_identifier: 2120
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75271000
success 0 0
1619884137.365374
NtProtectVirtualMemory
process_identifier: 2772
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00971000
success 0 0
1619884137.365374
NtProtectVirtualMemory
process_identifier: 2772
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75511000
success 0 0
1619884137.365374
NtProtectVirtualMemory
process_identifier: 2772
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x755d1000
success 0 0
1619884137.365374
NtProtectVirtualMemory
process_identifier: 2772
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x754f1000
success 0 0
1619884137.365374
NtProtectVirtualMemory
process_identifier: 2772
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x752d1000
success 0 0
1619884137.365374
NtProtectVirtualMemory
process_identifier: 2772
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76241000
success 0 0
1619884137.365374
NtProtectVirtualMemory
process_identifier: 2772
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77711000
success 0 0
1619884137.365374
NtProtectVirtualMemory
process_identifier: 2772
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76121000
success 0 0
1619884137.365374
NtProtectVirtualMemory
process_identifier: 2772
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75d61000
success 0 0
1619884137.505374
NtProtectVirtualMemory
process_identifier: 2772
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75271000
success 0 0
1619884137.771374
NtProtectVirtualMemory
process_identifier: 2772
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x751b0000
success 0 0
1619884137.787374
NtProtectVirtualMemory
process_identifier: 2772
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x750d1000
success 0 0
1619884137.896374
NtProtectVirtualMemory
process_identifier: 2772
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75091000
success 0 0
1619884137.896374
NtProtectVirtualMemory
process_identifier: 2772
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x74661000
success 0 0
1619884138.021374
NtProtectVirtualMemory
process_identifier: 2772
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77531000
success 0 0
Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (2 个事件)
Time & API Arguments Status Return Repeated
1619884135.865626
GetDiskFreeSpaceExW
root_path: C:\
free_bytes_available: 19597426688
total_number_of_free_bytes: 19597426688
total_number_of_bytes: 34252779520
success 1 0
1619884137.443374
GetDiskFreeSpaceExW
root_path: C:\
free_bytes_available: 19596640256
total_number_of_free_bytes: 19596640256
total_number_of_bytes: 34252779520
success 1 0
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\b1e5cc8b0b26ca63431f37366bf59ad0.dll
Creates a suspicious process (1 个事件)
cmdline C:\Windows\system32\regsvr32.exe -s C:\Users\ADMINI~1.OSK\AppData\Local\Temp\B1E5CC~1.DLL f1 C:\Users\ADMINI~1.OSK\AppData\Local\Temp\B1E5CC~1.EXE@732
Drops an executable to the user AppData folder (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\b1e5cc8b0b26ca63431f37366bf59ad0.dll
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.998380627642725 section {'size_of_data': '0x000c1800', 'virtual_address': '0x00036000', 'entropy': 7.998380627642725, 'name': '.rsrc', 'virtual_size': '0x000c1800'} description A section with a high entropy has been found
entropy 0.8242811501597445 description Overall entropy of this PE file is high
网络通信
One or more of the buffers contains an embedded PE file (1 个事件)
buffer Buffer with sha1: 6b32fe798ee6980a9d2d5090ab4bac2e9a92bb31
Communicates with host for which no DNS query was performed (3 个事件)
host 172.217.24.14
host 192.236.179.73
host 23.82.140.201
A process performed obfuscation on information about the computer or sent it to a remote location indicative of CnC Traffic/Preperations. (3 个事件)
Time & API Arguments Status Return Repeated
1619884135.974626
CryptHashData
buffer: C:\38C63B4164OSKAR-PC28664634252779520{846ee340-7039-11de-9d20-806e6f6e6963}
flags: 0
hash_handle: 0x002c9bd8
success 1 0
1619884137.521374
CryptHashData
buffer: C:\38C63B4164OSKAR-PC28664634252779520{846ee340-7039-11de-9d20-806e6f6e6963}
flags: 0
hash_handle: 0x002e5978
success 1 0
1619884137.521374
CryptHashData
buffer: C:\38C63B4164OSKAR-PC28664634252779520{846ee340-7039-11de-9d20-806e6f6e6963}
flags: 0
hash_handle: 0x002e5978
success 1 0
File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Danabot.2
FireEye Generic.mg.b1e5cc8b0b26ca63
ALYac Spyware.Danabot.A
Malwarebytes Trojan.DanaBot
Zillya Dropper.Danabot.Win32.957
Sangfor Malware
K7AntiVirus Trojan ( 00557eeb1 )
Alibaba TrojanDropper:Win32/DanaBot.62d8f594
K7GW Trojan ( 005725751 )
CrowdStrike win/malicious_confidence_90% (W)
Arcabit Trojan.Danabot.2
BitDefenderTheta Gen:NN.ZelphiF.34670.6SW@aOB@IRhi
Cyren W32/Danabot.S.gen!Eldorado
Symantec Trojan.Danabot
APEX Malicious
Avast Win32:Trojan-gen
Kaspersky HEUR:Trojan-Banker.Win32.Danabot.gen
BitDefender Gen:Variant.Danabot.2
NANO-Antivirus Trojan.Win32.Danabot.hjzrrz
Paloalto generic.ml
AegisLab Trojan.Win32.Danabot.7!c
Rising Dropper.Danabot!8.FAFD (TFE:5:nQ6E0U8C9KG)
Ad-Aware Gen:Variant.Danabot.2
Emsisoft Gen:Variant.Danabot.2 (B)
Comodo TrojWare.Win32.TrojanDropper.Danabot.AD@8roqpa
F-Secure Heuristic.HEUR/AGEN.1115020
DrWeb Trojan.Siggen9.44975
VIPRE Trojan.Win32.Generic!BT
TrendMicro Trojan.Win32.DANABOT.SMTHA
McAfee-GW-Edition BehavesLike.Win32.Generic.dc
Sophos Mal/Generic-R + Troj/Agent-BENA
SentinelOne Static AI - Suspicious PE
Jiangmin Trojan.Banker.Danabot.ckn
Avira HEUR/AGEN.1115020
Antiy-AVL Trojan[Banker]/Win32.Danabot
Kingsoft Win32.Troj.Banker.(kcloud)
Microsoft Trojan:Win32/DanaBot.GN!MTB
ZoneAlarm HEUR:Trojan-Banker.Win32.Danabot.gen
GData Gen:Variant.Danabot.2
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.RL_Generic.R293847
Acronis suspicious
McAfee Trojan-FSHP!B1E5CC8B0B26
VBA32 TrojanBanker.Danabot
ESET-NOD32 a variant of Win32/TrojanDropper.Danabot.R
TrendMicro-HouseCall Trojan.Win32.DANABOT.SMTHA
Tencent Malware.Win32.Gencirc.10ba288d
Yandex Trojan.DR.Danabot!1QEZ5QJN5tU
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 192.236.179.73:443
dead_host 23.82.140.201:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-05-07 17:13:02

Imports

Library oleaut32.dll:
0x42d2dc SysFreeString
0x42d2e0 SysReAllocStringLen
0x42d2e4 SysAllocStringLen
Library advapi32.dll:
0x42d2ec RegQueryValueExW
0x42d2f0 RegOpenKeyExW
0x42d2f4 RegCloseKey
Library user32.dll:
0x42d2fc CharNextW
0x42d300 LoadStringW
Library kernel32.dll:
0x42d308 Sleep
0x42d30c VirtualFree
0x42d310 VirtualAlloc
0x42d314 lstrlenW
0x42d318 VirtualQuery
0x42d31c GetTickCount
0x42d320 GetSystemInfo
0x42d324 GetVersion
0x42d328 CompareStringW
0x42d32c IsValidLocale
0x42d330 SetThreadLocale
0x42d33c GetLocaleInfoW
0x42d340 WideCharToMultiByte
0x42d344 MultiByteToWideChar
0x42d348 GetACP
0x42d34c LoadLibraryExW
0x42d350 GetStartupInfoW
0x42d354 GetProcAddress
0x42d358 GetModuleHandleW
0x42d35c GetModuleFileNameW
0x42d360 GetCommandLineW
0x42d364 FreeLibrary
0x42d368 GetLastError
0x42d370 RtlUnwind
0x42d374 RaiseException
0x42d378 ExitProcess
0x42d37c SwitchToThread
0x42d380 GetCurrentThreadId
0x42d394 FindFirstFileW
0x42d398 FindClose
0x42d39c WriteFile
0x42d3a0 GetStdHandle
0x42d3a4 CloseHandle
Library kernel32.dll:
0x42d3ac GetProcAddress
0x42d3b0 RaiseException
0x42d3b4 LoadLibraryA
0x42d3b8 GetLastError
0x42d3bc TlsSetValue
0x42d3c0 TlsGetValue
0x42d3c4 LocalFree
0x42d3c8 LocalAlloc
0x42d3cc GetModuleHandleW
0x42d3d0 FreeLibrary
Library user32.dll:
0x42d3d8 MessageBoxW
0x42d3dc LoadStringW
0x42d3e0 GetSystemMetrics
0x42d3e4 CharUpperBuffW
0x42d3e8 CharUpperW
0x42d3ec CharLowerBuffW
Library version.dll:
0x42d3f4 VerQueryValueW
0x42d3fc GetFileVersionInfoW
Library kernel32.dll:
0x42d404 WriteFile
0x42d408 WideCharToMultiByte
0x42d40c WaitForSingleObject
0x42d410 VirtualQuery
0x42d414 VerSetConditionMask
0x42d418 VerifyVersionInfoW
0x42d41c SizeofResource
0x42d420 SetEvent
0x42d424 ResetEvent
0x42d428 LockResource
0x42d42c LoadResource
0x42d430 LoadLibraryW
0x42d434 IsValidLocale
0x42d438 GetVersionExW
0x42d43c GetThreadLocale
0x42d440 GetSystemDirectoryW
0x42d444 GetStdHandle
0x42d448 GetShortPathNameW
0x42d44c GetProcAddress
0x42d450 GetModuleHandleW
0x42d454 GetModuleFileNameW
0x42d458 GetLocaleInfoW
0x42d45c GetLocalTime
0x42d460 GetDiskFreeSpaceW
0x42d464 GetCurrentProcessId
0x42d468 GetCPInfo
0x42d46c FreeResource
0x42d470 FreeLibrary
0x42d474 FreeConsole
0x42d478 FindResourceW
0x42d47c FindFirstFileW
0x42d480 EnumSystemLocalesW
0x42d484 EnumCalendarInfoW
0x42d488 DeleteFileW
0x42d48c CreateProcessW
0x42d490 CreateFileW
0x42d494 CreateEventW
0x42d498 CompareStringW
0x42d49c CloseHandle
Library netapi32.dll:
0x42d4a4 NetApiBufferFree
0x42d4a8 NetWkstaGetInfo
Library advapi32.dll:
0x42d4b4 CryptDecrypt
0x42d4b8 CryptImportKey
0x42d4bc CryptDeriveKey
0x42d4c0 CryptDestroyKey
0x42d4c4 CryptReleaseContext
0x42d4c8 CryptDestroyHash
0x42d4cc CryptHashData
0x42d4d0 CryptCreateHash

Exports

Ordinal Address Name
2 0x40b490 __dbk_fcall_wrapper
1 0x42a628 dbkFCallWrapperAddr

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.