SmartHawk

4.8

中危

52 个模型检测该样本为恶意！

重新分析

下载样本

7b4cd1ee97883ef51303a736c76ea5c3979874bb0a8abfcb7d3e331b6098acfc

dd0ae8b5284d456fe8bb74febf9ce961.exe

分析耗时

76s

最近分析

文件大小

372.1KB

静态报毒动态报毒 A6YJYWPW58Q AI SCORE=88 CLOUD CONFIDENCE ELDORADO EMOTET FHDGP GENCIRC GENERICKD GENETIC GRAYWARE HCYH HDIV HIGH CONFIDENCE ICEDID KRYPT KRYPTIK LIGOOC MALWARE@#1L66XJPFLCFJH PHOTODLDER R335693 SUSGEN TIGOCBAINU TRICKBOT UNSAFE WACATAC XY1@AMQIEDE ZEXAF 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	Emotet-FQC!DD0AE8B5284D	20200517	6.0.6.653
CrowdStrike	win/malicious_confidence_60% (W)	20190702	1.0
Alibaba	Trojan:Win32/Ligooc.1924957e	20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Kingsoft		20200517	2013.8.14.323
Tencent	Malware.Win32.Gencirc.10b9ecf5	20200517	1.0.0.1
Avast	Win32:Trojan-gen	20200517	18.4.3895.0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619948419.745184 GlobalMemoryStatusEx		success	1	0

The executable uses a known packer (1 个事件)

packer

Armadillo v1.71

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Performs some HTTP requests (3 个事件)

request	GET http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
request	GET https://support.microsoft.com/
request	GET https://support.microsoft.com/socbundles/jsll

Allocates read-write-execute memory (usually to unpack itself) (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619948418.589184 NtAllocateVirtualMemory	process_identifier: 428 region_size: 12288 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12289 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x00500000	success	0	0

Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619948474.214184 GetAdaptersAddresses	flags: 15 family: 0	failed	111	0

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)

dead_host

157.240.12.5:443

File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 个事件)

MicroWorld-eScan	Trojan.GenericKD.43102597
FireEye	Trojan.GenericKD.43102597
McAfee	Emotet-FQC!DD0AE8B5284D
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Malware
CrowdStrike	win/malicious_confidence_60% (W)
Alibaba	Trojan:Win32/Ligooc.1924957e
K7GW	Trojan ( 0056611e1 )
K7AntiVirus	Trojan ( 0056611e1 )
Arcabit	Trojan.Generic.D291B185
F-Prot	W32/Trickbot.DP.gen!Eldorado
APEX	Malicious
Kaspersky	Trojan.Win32.Ligooc.cr
BitDefender	Trojan.GenericKD.43102597
AegisLab	Trojan.Win32.Ligooc.4!c
Rising	Trojan.Kryptik!8.8 (CLOUD)
Ad-Aware	Trojan.GenericKD.43102597
Emsisoft	Trojan.GenericKD.43102597 (B)
Comodo	Malware@#1l66xjpflcfjh
F-Secure	Trojan.TR/AD.PhotoDlder.fhdgp
DrWeb	Trojan.IcedID.28
Zillya	Trojan.Kryptik.Win32.2012108
TrendMicro	Trojan.Win32.TRICKBOT.TIGOCBAINU
McAfee-GW-Edition	BehavesLike.Win32.Emotet.fm
Sophos	Mal/Generic-S
Cyren	W32/Trickbot.DP.gen!Eldorado
Jiangmin	Trojan.Banker.Emotet.nqm
Avira	TR/AD.PhotoDlder.fhdgp
Antiy-AVL	GrayWare/Win32.Generic
Microsoft	Trojan:Win32/Emotet.DEK!MTB
Endgame	malicious (high confidence)
ZoneAlarm	Trojan.Win32.Ligooc.cr
GData	Trojan.GenericKD.43102597
AhnLab-V3	Trojan/Win32.Trickbot.R335693
BitDefenderTheta	Gen:NN.ZexaF.34110.xy1@amqiedE
ALYac	Trojan.GenericKD.43102597
MAX	malware (ai score=88)
VBA32	Trojan.Wacatac
Malwarebytes	Trojan.Downloader
Panda	Trj/Genetic.gen
ESET-NOD32	a variant of Win32/Kryptik.HDIV
TrendMicro-HouseCall	Trojan.Win32.TRICKBOT.TIGOCBAINU
Tencent	Malware.Win32.Gencirc.10b9ecf5
Yandex	Trojan.Kryptik!A6YJYwpw58Q
Ikarus	Trojan.Win32.Krypt
MaxSecure	Trojan.Malware.100946251.susgen
Fortinet	W32/Kryptik.HCYH!tr
Webroot	W32.Trojan.Gen
AVG	Win32:Trojan-gen

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-05-04 22:23:56

Imports

Library KERNEL32.dll:

• 0x449bcc SystemTimeToFileTime

• 0x449bd0 SetFileTime

• 0x449bd4 SetFileAttributesA

• 0x449bd8 FileTimeToSystemTime

• 0x449bdc FileTimeToLocalFileTime

• 0x449be0 RtlUnwind

• 0x449be4 GetStartupInfoA

• 0x449be8 GetCommandLineA

• 0x449bec ExitProcess

• 0x449bf0 TerminateProcess

• 0x449bf4 HeapFree

• 0x449bf8 CreateThread

• 0x449bfc ExitThread

• 0x449c00 HeapAlloc

• 0x449c04 RaiseException

• 0x449c08 HeapReAlloc

• 0x449c0c HeapSize

• 0x449c10 GetACP

• 0x449c14 GetTimeZoneInformation

• 0x449c18 GetSystemTime

• 0x449c1c GetLocalTime

• 0x449c20 UnhandledExceptionFilter

• 0x449c24 FreeEnvironmentStringsA

• 0x449c28 FreeEnvironmentStringsW

• 0x449c2c GetEnvironmentStrings

• 0x449c30 GetEnvironmentStringsW

• 0x449c34 SetHandleCount

• 0x449c38 GetStdHandle

• 0x449c3c LocalFileTimeToFileTime

• 0x449c40 HeapDestroy

• 0x449c44 HeapCreate

• 0x449c48 VirtualFree

• 0x449c4c FatalAppExitA

• 0x449c50 VirtualAlloc

• 0x449c54 IsBadWritePtr

• 0x449c58 LCMapStringA

• 0x449c5c LCMapStringW

• 0x449c60 SetUnhandledExceptionFilter

• 0x449c64 GetStringTypeA

• 0x449c68 GetStringTypeW

• 0x449c6c Sleep

• 0x449c70 IsBadReadPtr

• 0x449c74 IsBadCodePtr

• 0x449c78 IsValidLocale

• 0x449c7c IsValidCodePage

• 0x449c80 GetLocaleInfoA

• 0x449c84 EnumSystemLocalesA

• 0x449c88 GetUserDefaultLCID

• 0x449c8c GetVersionExA

• 0x449c90 SetConsoleCtrlHandler

• 0x449c94 SetStdHandle

• 0x449c98 CompareStringA

• 0x449c9c CompareStringW

• 0x449ca0 SetEnvironmentVariableA

• 0x449ca4 GetLocaleInfoW

• 0x449ca8 GetFileTime

• 0x449cac GetFileSize

• 0x449cb0 GetFileAttributesA

• 0x449cb4 GetShortPathNameA

• 0x449cb8 GetProfileStringA

• 0x449cbc GetThreadLocale

• 0x449cc0 GetStringTypeExA

• 0x449cc4 GetFullPathNameA

• 0x449cc8 GetVolumeInformationA

• 0x449ccc FindFirstFileA

• 0x449cd0 FindClose

• 0x449cd4 DeleteFileA

• 0x449cd8 MoveFileA

• 0x449cdc SetEndOfFile

• 0x449ce0 UnlockFile

• 0x449ce4 LockFile

• 0x449ce8 FlushFileBuffers

• 0x449cec SetFilePointer

• 0x449cf0 WriteFile

• 0x449cf4 ReadFile

• 0x449cf8 CreateFileA

• 0x449cfc DuplicateHandle

• 0x449d00 SetErrorMode

• 0x449d04 GetOEMCP

• 0x449d08 GetCPInfo

• 0x449d0c SizeofResource

• 0x449d10 GetProcessVersion

• 0x449d14 GetLastError

• 0x449d18 WritePrivateProfileStringA

• 0x449d1c GetPrivateProfileStringA

• 0x449d20 GetPrivateProfileIntA

• 0x449d24 GlobalFlags

• 0x449d28 lstrcpynA

• 0x449d2c TlsGetValue

• 0x449d30 LocalReAlloc

• 0x449d34 TlsSetValue

• 0x449d38 EnterCriticalSection

• 0x449d3c GlobalReAlloc

• 0x449d40 LeaveCriticalSection

• 0x449d44 TlsFree

• 0x449d48 GlobalHandle

• 0x449d4c DeleteCriticalSection

• 0x449d50 TlsAlloc

• 0x449d54 InitializeCriticalSection

• 0x449d58 LocalFree

• 0x449d5c LocalAlloc

• 0x449d60 MulDiv

• 0x449d64 SetLastError

• 0x449d68 LoadLibraryA

• 0x449d6c FreeLibrary

• 0x449d70 GetVersion

• 0x449d74 lstrcatA

• 0x449d78 GlobalGetAtomNameA

• 0x449d7c GlobalAddAtomA

• 0x449d80 GlobalFindAtomA

• 0x449d84 lstrcpyA

• 0x449d88 GetModuleHandleA

• 0x449d8c GetProcAddress

• 0x449d90 MultiByteToWideChar

• 0x449d94 WideCharToMultiByte

• 0x449d98 lstrlenA

• 0x449d9c InterlockedDecrement

• 0x449da0 GetCurrentProcess

• 0x449da4 InterlockedIncrement

• 0x449da8 GlobalUnlock

• 0x449dac GlobalFree

• 0x449db0 LockResource

• 0x449db4 CreateEventA

• 0x449db8 SuspendThread

• 0x449dbc SetThreadPriority

• 0x449dc0 ResumeThread

• 0x449dc4 SetEvent

• 0x449dc8 WaitForSingleObject

• 0x449dcc CloseHandle

• 0x449dd0 GetModuleFileNameA

• 0x449dd4 GlobalLock

• 0x449dd8 GlobalAlloc

• 0x449ddc GlobalDeleteAtom

• 0x449de0 lstrcmpA

• 0x449de4 lstrcmpiA

• 0x449de8 GetCurrentThread

• 0x449dec GetCurrentThreadId

• 0x449df0 GetCurrentDirectoryA

• 0x449df4 LoadLibraryExW

• 0x449df8 FindResourceA

• 0x449dfc LoadResource

• 0x449e00 GetFileType

Library USER32.dll:

• 0x449ee8 CopyRect

• 0x449eec BeginDeferWindowPos

• 0x449ef0 DeferWindowPos

• 0x449ef4 EqualRect

• 0x449ef8 ScreenToClient

• 0x449efc AdjustWindowRectEx

• 0x449f00 SetFocus

• 0x449f04 GetSysColor

• 0x449f08 MapWindowPoints

• 0x449f0c SendDlgItemMessageA

• 0x449f10 UpdateWindow

• 0x449f14 CheckDlgButton

• 0x449f18 CheckRadioButton

• 0x449f1c GetDlgItemInt

• 0x449f20 GetDlgItemTextA

• 0x449f24 SetDlgItemInt

• 0x449f28 SetDlgItemTextA

• 0x449f2c IsDlgButtonChecked

• 0x449f30 ScrollWindowEx

• 0x449f34 IsDialogMessageA

• 0x449f38 SetWindowTextA

• 0x449f3c MoveWindow

• 0x449f40 ShowWindow

• 0x449f44 wvsprintfA

• 0x449f48 LoadStringA

• 0x449f4c DestroyMenu

• 0x449f50 ClientToScreen

• 0x449f54 GetDC

• 0x449f58 ReleaseDC

• 0x449f5c GetWindowDC

• 0x449f60 BeginPaint

• 0x449f64 EndPaint

• 0x449f68 TabbedTextOutA

• 0x449f6c DrawTextA

• 0x449f70 GrayStringA

• 0x449f74 LoadCursorA

• 0x449f78 SetCapture

• 0x449f7c ReleaseCapture

• 0x449f80 WaitMessage

• 0x449f84 GetDesktopWindow

• 0x449f88 GetWindowThreadProcessId

• 0x449f8c WindowFromPoint

• 0x449f90 GetClassNameA

• 0x449f94 PtInRect

• 0x449f98 InsertMenuA

• 0x449f9c DeleteMenu

• 0x449fa0 GetMenuStringA

• 0x449fa4 GetSysColorBrush

• 0x449fa8 GetDialogBaseUnits

• 0x449fac SetRectEmpty

• 0x449fb0 LoadAcceleratorsA

• 0x449fb4 TranslateAcceleratorA

• 0x449fb8 LoadMenuA

• 0x449fbc SetMenu

• 0x449fc0 ReuseDDElParam

• 0x449fc4 UnpackDDElParam

• 0x449fc8 BringWindowToTop

• 0x449fcc CharUpperA

• 0x449fd0 GetScrollPos

• 0x449fd4 SetScrollPos

• 0x449fd8 GetTopWindow

• 0x449fdc IsChild

• 0x449fe0 GetCapture

• 0x449fe4 WinHelpA

• 0x449fe8 wsprintfA

• 0x449fec GetClassInfoA

• 0x449ff0 RegisterClassA

• 0x449ff4 GetMenu

• 0x449ff8 GetMenuItemCount

• 0x449ffc GetSubMenu

• 0x44a000 EndDeferWindowPos

• 0x44a004 TrackPopupMenu

• 0x44a008 SetWindowPlacement

• 0x44a00c GetWindowTextLengthA

• 0x44a010 GetWindowTextA

• 0x44a014 GetDlgCtrlID

• 0x44a018 DefWindowProcA

• 0x44a01c CreateWindowExA

• 0x44a020 GetClassLongA

• 0x44a024 SetPropA

• 0x44a028 UnhookWindowsHookEx

• 0x44a02c GetPropA

• 0x44a030 RemovePropA

• 0x44a034 GetMessageTime

• 0x44a038 GetMessagePos

• 0x44a03c GetForegroundWindow

• 0x44a040 SetForegroundWindow

• 0x44a044 GetWindow

• 0x44a048 SetWindowLongA

• 0x44a04c SetWindowPos

• 0x44a050 RegisterWindowMessageA

• 0x44a054 OffsetRect

• 0x44a058 IntersectRect

• 0x44a05c SystemParametersInfoA

• 0x44a060 GetWindowPlacement

• 0x44a064 OemToCharA

• 0x44a068 CharToOemA

• 0x44a06c EndDialog

• 0x44a070 SetActiveWindow

• 0x44a074 IsWindow

• 0x44a078 CreateDialogIndirectParamA

• 0x44a07c DestroyWindow

• 0x44a080 GetDlgItem

• 0x44a084 GetMenuCheckMarkDimensions

• 0x44a088 LoadBitmapA

• 0x44a08c GetMenuState

• 0x44a090 ModifyMenuA

• 0x44a094 SetMenuItemBitmaps

• 0x44a098 CheckMenuItem

• 0x44a09c EnableMenuItem

• 0x44a0a0 GetFocus

• 0x44a0a4 GetNextDlgTabItem

• 0x44a0a8 GetMessageA

• 0x44a0ac TranslateMessage

• 0x44a0b0 DispatchMessageA

• 0x44a0b4 GetActiveWindow

• 0x44a0b8 GetKeyState

• 0x44a0bc CallNextHookEx

• 0x44a0c0 ValidateRect

• 0x44a0c4 PeekMessageA

• 0x44a0c8 GetCursorPos

• 0x44a0cc SetWindowsHookExA

• 0x44a0d0 GetParent

• 0x44a0d4 GetLastActivePopup

• 0x44a0d8 IsWindowEnabled

• 0x44a0dc GetWindowLongA

• 0x44a0e0 MessageBoxA

• 0x44a0e4 SetCursor

• 0x44a0e8 LoadIconA

• 0x44a0ec SendMessageA

• 0x44a0f0 AppendMenuA

• 0x44a0f4 GetSystemMenu

• 0x44a0f8 UnregisterClassA

• 0x44a0fc HideCaret

• 0x44a100 ShowOwnedPopups

• 0x44a104 PostQuitMessage

• 0x44a108 PostMessageA

• 0x44a10c EnableWindow

• 0x44a110 InvalidateRect

• 0x44a114 IsIconic

• 0x44a118 GetSystemMetrics

• 0x44a11c GetClientRect

• 0x44a120 DrawIcon

• 0x44a124 ScrollWindow

• 0x44a128 GetScrollInfo

• 0x44a12c SetScrollInfo

• 0x44a130 ShowScrollBar

• 0x44a134 GetScrollRange

• 0x44a138 GetMenuItemID

• 0x44a13c SetScrollRange

• 0x44a140 IsWindowVisible

• 0x44a144 IsRectEmpty

• 0x44a148 ShowCaret

• 0x44a14c ExcludeUpdateRgn

• 0x44a150 DrawFocusRect

• 0x44a154 DefDlgProcA

• 0x44a158 GetWindowRect

• 0x44a15c IsWindowUnicode

• 0x44a160 CharNextA

• 0x44a164 InflateRect

• 0x44a168 CallWindowProcA

Library GDI32.dll:

• 0x449a40 GetStockObject

• 0x449a44 SelectPalette

• 0x449a48 SetBkMode

• 0x449a4c SetPolyFillMode

• 0x449a50 SetROP2

• 0x449a54 SetStretchBltMode

• 0x449a58 SetMapMode

• 0x449a5c SetViewportOrgEx

• 0x449a60 OffsetViewportOrgEx

• 0x449a64 SetViewportExtEx

• 0x449a68 ScaleViewportExtEx

• 0x449a6c SetWindowOrgEx

• 0x449a70 OffsetWindowOrgEx

• 0x449a74 SetWindowExtEx

• 0x449a78 ScaleWindowExtEx

• 0x449a7c SelectClipRgn

• 0x449a80 ExcludeClipRect

• 0x449a84 IntersectClipRect

• 0x449a88 OffsetClipRgn

• 0x449a8c MoveToEx

• 0x449a90 LineTo

• 0x449a94 SetTextAlign

• 0x449a98 SetTextJustification

• 0x449a9c SetTextCharacterExtra

• 0x449aa0 SetMapperFlags

• 0x449aa4 GetCurrentPositionEx

• 0x449aa8 ArcTo

• 0x449aac SetArcDirection

• 0x449ab0 PolyDraw

• 0x449ab4 SelectObject

• 0x449ab8 SetColorAdjustment

• 0x449abc PolyBezierTo

• 0x449ac0 DeleteObject

• 0x449ac4 GetClipRgn

• 0x449ac8 CreateRectRgn

• 0x449acc SelectClipPath

• 0x449ad0 ExtSelectClipRgn

• 0x449ad4 PlayMetaFileRecord

• 0x449ad8 GetObjectType

• 0x449adc EnumMetaFile

• 0x449ae0 PlayMetaFile

• 0x449ae4 GetDeviceCaps

• 0x449ae8 GetViewportExtEx

• 0x449aec GetWindowExtEx

• 0x449af0 CreatePen

• 0x449af4 ExtCreatePen

• 0x449af8 CreateSolidBrush

• 0x449afc CreateHatchBrush

• 0x449b00 CreatePatternBrush

• 0x449b04 CreateDIBPatternBrushPt

• 0x449b08 PtVisible

• 0x449b0c RectVisible

• 0x449b10 TextOutA

• 0x449b14 ExtTextOutA

• 0x449b18 Escape

• 0x449b1c GetTextExtentPoint32A

• 0x449b20 GetTextMetricsA

• 0x449b24 CreateFontIndirectA

• 0x449b28 RestoreDC

• 0x449b2c SaveDC

• 0x449b30 StartDocA

• 0x449b34 DeleteDC

• 0x449b38 GetObjectA

• 0x449b3c SetBkColor

• 0x449b40 SetTextColor

• 0x449b44 GetClipBox

• 0x449b48 GetDCOrgEx

• 0x449b4c PolylineTo

• 0x449b50 CreateDIBitmap

• 0x449b54 PatBlt

• 0x449b58 GetTextExtentPointA

• 0x449b5c BitBlt

• 0x449b60 CreateCompatibleDC

• 0x449b64 CreateBitmap

Library comdlg32.dll:

• 0x44a250 GetFileTitleA

Library WINSPOOL.DRV:

• 0x44a218 ClosePrinter

• 0x44a21c DocumentPropertiesA

• 0x44a220 OpenPrinterA

Library ADVAPI32.dll:

• 0x4499c0 RegSetValueExA

• 0x4499c4 RegOpenKeyA

• 0x4499c8 RegDeleteKeyA

• 0x4499cc RegDeleteValueA

• 0x4499d0 RegCloseKey

• 0x4499d4 RegQueryValueExA

• 0x4499d8 RegOpenKeyExA

• 0x4499dc RegCreateKeyExA

Library SHELL32.dll:

• 0x449ea0 DragQueryFileA

• 0x449ea4 DragFinish

• 0x449ea8 DragAcceptFiles

• 0x449eac SHBrowseForFolderA

• 0x449eb0 SHGetPathFromIDListA

• 0x449eb4 SHGetFileInfoA

Library COMCTL32.dll:

• 0x449a10

Library ole32.dll:

• 0x44a280 CoInitializeEx

• 0x44a284 CoGetMalloc

• 0x44a288 CoUninitialize

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
support.oracle.com	CNAME e870.x.akamaiedge.net A 23.9.89.201 CNAME support.oracle.com.edgekey.net	23.9.89.201
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
help.twitter.com	A 157.240.12.5	157.240.12.5
support.apple.com	CNAME support-china.apple-support.akadns.net A 58.222.43.220 CNAME ioshost.qtlcdn.com CNAME prod-support.apple-support.akadns.net	113.16.209.193
www.download.windowsupdate.com	CNAME www.download.windowsupdate.com.cdn.dnsv1.com CNAME 2-01-3cf7-0009.cdx.cedexis.net A 124.225.105.97 A 121.12.123.242 A 218.75.176.168 A 175.6.92.186 CNAME windowsupdate.sched.s11.tdnsv5.com CNAME 3573033.pack.cdntip.com A 119.147.227.210 CNAME wu-fg-shim.trafficmanager.net A 218.75.176.148	124.229.53.1
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
knockaddress.xyz
support.microsoft.com	CNAME e3843.g.akamaiedge.net CNAME ev.support.microsoft.com.edgekey.net A 23.204.249.53	23.204.249.53
teredo.ipv6.microsoft.com		127.0.0.1

TCP

Source	Source Port	Destination	Destination Port
192.168.56.101	49181	218.75.176.168 www.download.windowsupdate.com	80
192.168.56.101	49173	23.204.249.53 support.microsoft.com	443
192.168.56.101	49176	23.9.89.201 support.oracle.com	443
192.168.56.101	49177	23.9.89.201 support.oracle.com	443
192.168.56.101	49178	58.222.43.220 support.apple.com	443

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49713	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	51378	114.114.114.114	53
192.168.56.101	51808	114.114.114.114	53
192.168.56.101	53657	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	57874	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	49235	224.0.0.252	5355
192.168.56.101	50002	224.0.0.252	5355
192.168.56.101	50568	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57756	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900

HTTP & HTTPS Requests

URI	Data
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab	GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1 Cache-Control: max-age = 3600 Connection: Keep-Alive Accept: / If-Modified-Since: Wed, 03 Mar 2021 06:32:16 GMT If-None-Match: "0d8f4f3f6fd71:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: www.download.windowsupdate.com

URI

Data

http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab

GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Cache-Control: max-age = 3600
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 03 Mar 2021 06:32:16 GMT
If-None-Match: "0d8f4f3f6fd71:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.download.windowsupdate.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.