9.0
极危
57 个模型检测该样本为恶意!
重新分析
更多

301fb66cb50056dca7644f1b087a2bfbba0f9649a8e5571fe1845d704cd78913

c67f60855d4ba3d15799f99b3fe23cf6.exe

分析耗时

77s

最近分析

文件大小

940.0KB
静态报毒 动态报毒 6SW@AOB@IRHI 8I92GNSWY AD@8ROQPA AGEN AI SCORE=85 AIDETECTVM BENA CONFIDENCE DANABOT ELDORADO FSHP GENASA GENCIRC GENETIC HIGH CONFIDENCE HJZRRZ KCLOUD MALWARE1 NQ6E0U8C9KG R + TROJ R293847 SCORE SIGGEN9 SMTHA STATIC AI SUSPICIOUS PE TROJANBANKER UNSAFE ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Trojan-FSHP!C67F60855D4B 20201211 6.0.6.653
Alibaba TrojanDropper:Win32/DanaBot.f50d6092 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20201210 21.1.5827.0
Tencent Malware.Win32.Gencirc.10ba288d 20201211 1.0.0.1
Kingsoft Win32.Troj.Banker.(kcloud) 20201211 2017.9.26.565
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
Queries for the computername (2 个事件)
Time & API Arguments Status Return Repeated
1620908310.344249
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620908311.734751
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Checks if process is being debugged by a debugger (1 个事件)
Time & API Arguments Status Return Repeated
1620908312.281751
IsDebuggerPresent
failed 0 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 个事件)
section .itext
section .didata
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name IDLB
One or more processes crashed (2 个事件)
Time & API Arguments Status Return Repeated
1620908310.547249
__exception__
stacktrace: 
__dbk_fcall_wrapper+0x3d62d f0-0x6401b c67f60~1+0x49379 @ 0x25a9379
__dbk_fcall_wrapper+0x6d56b f0-0x340dd c67f60~1+0x792b7 @ 0x25d92b7
ServiceMain+0xa25 dbkFCallWrapperAddr-0xacf7 c67f60~1+0xb2935 @ 0x2612935
ServiceMain+0x5712 dbkFCallWrapperAddr-0x600a c67f60~1+0xb7622 @ 0x2617622
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77d69930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77d6d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77d6d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77d6c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x752fd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x778f1d2a
regsvr32+0x20ff @ 0x3720ff
regsvr32+0x2669 @ 0x372669
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1434312
registers.edi: 1435516
registers.eax: 0
registers.ebp: 1434436
registers.edx: 0
registers.ebx: 39963540
registers.esi: 39963588
registers.ecx: 259981951
exception.instruction_r: 8b 40 3c 99 03 04 24 13 54 24 04 83 c4 08 89 45
exception.instruction: mov eax, dword ptr [eax + 0x3c]
exception.exception_code: 0xc0000005
exception.symbol: __dbk_fcall_wrapper+0x16af1 f0-0x8ab57 c67f60~1+0x2283d
exception.address: 0x258283d
success 0 0
1620908312.078751
__exception__
stacktrace: 
__dbk_fcall_wrapper+0x3d62d f0-0x6401b c67f60~1+0x49379 @ 0x879379
__dbk_fcall_wrapper+0x6d56b f0-0x340dd c67f60~1+0x792b7 @ 0x8a92b7
ServiceMain+0xa25 dbkFCallWrapperAddr-0xacf7 c67f60~1+0xb2935 @ 0x8e2935
ServiceMain+0x5712 dbkFCallWrapperAddr-0x600a c67f60~1+0xb7622 @ 0x8e7622
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77d69930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77d6d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77d6d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77d6c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x752fd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x778f1d2a
rundll32+0x14ed @ 0x2814ed
rundll32+0x1baf @ 0x281baf
rundll32+0x12e8 @ 0x2812e8
rundll32+0x1901 @ 0x281901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1438452
registers.edi: 1439656
registers.eax: 0
registers.ebp: 1438576
registers.edx: 0
registers.ebx: 9358228
registers.esi: 9358276
registers.ecx: 259981951
exception.instruction_r: 8b 40 3c 99 03 04 24 13 54 24 04 83 c4 08 89 45
exception.instruction: mov eax, dword ptr [eax + 0x3c]
exception.exception_code: 0xc0000005
exception.symbol: __dbk_fcall_wrapper+0x16af1 f0-0x8ab57 c67f60~1+0x2283d
exception.address: 0x85283d
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (20 个事件)
Time & API Arguments Status Return Repeated
1620908310.110249
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x02621000
success 0 0
1620908310.110249
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x755d1000
success 0 0
1620908310.110249
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x754f1000
success 0 0
1620908310.110249
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75501000
success 0 0
1620908310.407249
NtProtectVirtualMemory
process_identifier: 1176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75271000
success 0 0
1620908311.578751
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x008f1000
success 0 0
1620908311.578751
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75511000
success 0 0
1620908311.578751
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x755d1000
success 0 0
1620908311.578751
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x754f1000
success 0 0
1620908311.578751
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x752d1000
success 0 0
1620908311.578751
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76241000
success 0 0
1620908311.578751
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77711000
success 0 0
1620908311.578751
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76121000
success 0 0
1620908311.578751
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75d61000
success 0 0
1620908311.953751
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75271000
success 0 0
1620908312.281751
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x751b0000
success 0 0
1620908312.296751
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x750d1000
success 0 0
1620908312.406751
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75091000
success 0 0
1620908312.421751
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x74661000
success 0 0
1620908312.531751
NtProtectVirtualMemory
process_identifier: 428
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77531000
success 0 0
Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (2 个事件)
Time & API Arguments Status Return Repeated
1620908310.344249
GetDiskFreeSpaceExW
root_path: C:\
free_bytes_available: 19596754944
total_number_of_free_bytes: 19596754944
total_number_of_bytes: 34252779520
success 1 0
1620908311.703751
GetDiskFreeSpaceExW
root_path: C:\
free_bytes_available: 19595771904
total_number_of_free_bytes: 19595771904
total_number_of_bytes: 34252779520
success 1 0
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c67f60855d4ba3d15799f99b3fe23cf6.dll
Creates a suspicious process (1 个事件)
cmdline C:\Windows\system32\regsvr32.exe -s C:\Users\ADMINI~1.OSK\AppData\Local\Temp\C67F60~1.DLL f1 C:\Users\ADMINI~1.OSK\AppData\Local\Temp\C67F60~1.EXE@2364
Drops an executable to the user AppData folder (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\c67f60855d4ba3d15799f99b3fe23cf6.dll
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.998380627642725 section {'size_of_data': '0x000c1800', 'virtual_address': '0x00036000', 'entropy': 7.998380627642725, 'name': '.rsrc', 'virtual_size': '0x000c1800'} description A section with a high entropy has been found
entropy 0.8242811501597445 description Overall entropy of this PE file is high
网络通信
One or more of the buffers contains an embedded PE file (1 个事件)
buffer Buffer with sha1: 6b32fe798ee6980a9d2d5090ab4bac2e9a92bb31
Communicates with host for which no DNS query was performed (3 个事件)
host 172.217.24.14
host 172.81.129.196
host 54.38.22.65
A process performed obfuscation on information about the computer or sent it to a remote location indicative of CnC Traffic/Preperations. (3 个事件)
Time & API Arguments Status Return Repeated
1620908310.438249
CryptHashData
buffer: C:\38C63B4164OSKAR-PC28664634252779520{846ee340-7039-11de-9d20-806e6f6e6963}
flags: 0
hash_handle: 0x00829bd8
success 1 0
1620908311.984751
CryptHashData
buffer: C:\38C63B4164OSKAR-PC28664634252779520{846ee340-7039-11de-9d20-806e6f6e6963}
flags: 0
hash_handle: 0x00455978
success 1 0
1620908311.984751
CryptHashData
buffer: C:\38C63B4164OSKAR-PC28664634252779520{846ee340-7039-11de-9d20-806e6f6e6963}
flags: 0
hash_handle: 0x00455978
success 1 0
Generates some ICMP traffic
File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Danabot.2
FireEye Generic.mg.c67f60855d4ba3d1
McAfee Trojan-FSHP!C67F60855D4B
Malwarebytes Trojan.DanaBot
Zillya Dropper.Danabot.Win32.568
Sangfor Malware
K7AntiVirus Trojan ( 00557eeb1 )
Alibaba TrojanDropper:Win32/DanaBot.f50d6092
K7GW Trojan ( 005725751 )
Arcabit Trojan.Danabot.2
BitDefenderTheta Gen:NN.ZelphiF.34670.6SW@aOB@IRhi
Cyren W32/Danabot.S.gen!Eldorado
Symantec Trojan.Danabot
APEX Malicious
Avast Win32:Trojan-gen
Kaspersky HEUR:Trojan-Banker.Win32.Danabot.gen
BitDefender Gen:Variant.Danabot.2
NANO-Antivirus Trojan.Win32.Danabot.hjzrrz
Paloalto generic.ml
Tencent Malware.Win32.Gencirc.10ba288d
Ad-Aware Gen:Variant.Danabot.2
Emsisoft Gen:Variant.Danabot.2 (B)
Comodo TrojWare.Win32.TrojanDropper.Danabot.AD@8roqpa
F-Secure Heuristic.HEUR/AGEN.1115020
DrWeb Trojan.Siggen9.44975
VIPRE Trojan.Win32.Generic!BT
TrendMicro Trojan.Win32.DANABOT.SMTHA
McAfee-GW-Edition BehavesLike.Win32.Generic.dc
Sophos Mal/Generic-R + Troj/Agent-BENA
Ikarus Trojan-Dropper.Win32.Danabot
Jiangmin Trojan.Banker.Danabot.ckn
Avira HEUR/AGEN.1115020
MAX malware (ai score=85)
Antiy-AVL Trojan[Banker]/Win32.Danabot
Kingsoft Win32.Troj.Banker.(kcloud)
Microsoft Trojan:Win32/DanaBot.GN!MTB
AegisLab Trojan.Win32.Danabot.7!c
ZoneAlarm HEUR:Trojan-Banker.Win32.Danabot.gen
GData Gen:Variant.Danabot.2
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.RL_Generic.R293847
Acronis suspicious
VBA32 TrojanBanker.Danabot
ALYac Spyware.Danabot.A
Cylance Unsafe
ESET-NOD32 a variant of Win32/TrojanDropper.Danabot.R
TrendMicro-HouseCall Trojan.Win32.DANABOT.SMTHA
Rising Dropper.Danabot!8.FAFD (TFE:5:nQ6E0U8C9KG)
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 54.38.22.65:443
dead_host 172.81.129.196:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-05-07 17:13:02

Imports

Library oleaut32.dll:
0x42d2dc SysFreeString
0x42d2e0 SysReAllocStringLen
0x42d2e4 SysAllocStringLen
Library advapi32.dll:
0x42d2ec RegQueryValueExW
0x42d2f0 RegOpenKeyExW
0x42d2f4 RegCloseKey
Library user32.dll:
0x42d2fc CharNextW
0x42d300 LoadStringW
Library kernel32.dll:
0x42d308 Sleep
0x42d30c VirtualFree
0x42d310 VirtualAlloc
0x42d314 lstrlenW
0x42d318 VirtualQuery
0x42d31c GetTickCount
0x42d320 GetSystemInfo
0x42d324 GetVersion
0x42d328 CompareStringW
0x42d32c IsValidLocale
0x42d330 SetThreadLocale
0x42d33c GetLocaleInfoW
0x42d340 WideCharToMultiByte
0x42d344 MultiByteToWideChar
0x42d348 GetACP
0x42d34c LoadLibraryExW
0x42d350 GetStartupInfoW
0x42d354 GetProcAddress
0x42d358 GetModuleHandleW
0x42d35c GetModuleFileNameW
0x42d360 GetCommandLineW
0x42d364 FreeLibrary
0x42d368 GetLastError
0x42d370 RtlUnwind
0x42d374 RaiseException
0x42d378 ExitProcess
0x42d37c SwitchToThread
0x42d380 GetCurrentThreadId
0x42d394 FindFirstFileW
0x42d398 FindClose
0x42d39c WriteFile
0x42d3a0 GetStdHandle
0x42d3a4 CloseHandle
Library kernel32.dll:
0x42d3ac GetProcAddress
0x42d3b0 RaiseException
0x42d3b4 LoadLibraryA
0x42d3b8 GetLastError
0x42d3bc TlsSetValue
0x42d3c0 TlsGetValue
0x42d3c4 LocalFree
0x42d3c8 LocalAlloc
0x42d3cc GetModuleHandleW
0x42d3d0 FreeLibrary
Library user32.dll:
0x42d3d8 MessageBoxW
0x42d3dc LoadStringW
0x42d3e0 GetSystemMetrics
0x42d3e4 CharUpperBuffW
0x42d3e8 CharUpperW
0x42d3ec CharLowerBuffW
Library version.dll:
0x42d3f4 VerQueryValueW
0x42d3fc GetFileVersionInfoW
Library kernel32.dll:
0x42d404 WriteFile
0x42d408 WideCharToMultiByte
0x42d40c WaitForSingleObject
0x42d410 VirtualQuery
0x42d414 VerSetConditionMask
0x42d418 VerifyVersionInfoW
0x42d41c SizeofResource
0x42d420 SetEvent
0x42d424 ResetEvent
0x42d428 LockResource
0x42d42c LoadResource
0x42d430 LoadLibraryW
0x42d434 IsValidLocale
0x42d438 GetVersionExW
0x42d43c GetThreadLocale
0x42d440 GetSystemDirectoryW
0x42d444 GetStdHandle
0x42d448 GetShortPathNameW
0x42d44c GetProcAddress
0x42d450 GetModuleHandleW
0x42d454 GetModuleFileNameW
0x42d458 GetLocaleInfoW
0x42d45c GetLocalTime
0x42d460 GetDiskFreeSpaceW
0x42d464 GetCurrentProcessId
0x42d468 GetCPInfo
0x42d46c FreeResource
0x42d470 FreeLibrary
0x42d474 FreeConsole
0x42d478 FindResourceW
0x42d47c FindFirstFileW
0x42d480 EnumSystemLocalesW
0x42d484 EnumCalendarInfoW
0x42d488 DeleteFileW
0x42d48c CreateProcessW
0x42d490 CreateFileW
0x42d494 CreateEventW
0x42d498 CompareStringW
0x42d49c CloseHandle
Library netapi32.dll:
0x42d4a4 NetApiBufferFree
0x42d4a8 NetWkstaGetInfo
Library advapi32.dll:
0x42d4b4 CryptDecrypt
0x42d4b8 CryptImportKey
0x42d4bc CryptDeriveKey
0x42d4c0 CryptDestroyKey
0x42d4c4 CryptReleaseContext
0x42d4c8 CryptDestroyHash
0x42d4cc CryptHashData
0x42d4d0 CryptCreateHash

Exports

Ordinal Address Name
2 0x40b490 __dbk_fcall_wrapper
1 0x42a628 dbkFCallWrapperAddr

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49238 239.255.255.250 1900
192.168.56.101 57757 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62319 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.