SmartHawk

4.0

中危

46 个模型检测该样本为恶意！

重新分析

下载样本

2fb68ceb6e39968b9f4c4dd0112b8add52ff39bcf837f24ad59d6bd8fa9b4faa

de152d815071deadf3d5ef2fc0af8af2.exe

分析耗时

53s

最近分析

文件大小

286.0KB

静态报毒动态报毒 AGENTTESLA AI SCORE=89 ATTRIBUTE BLX1 CONFIDENCE ELDORADO GDSDA GENERICKD GENERICRXLS HIGH CONFIDENCE HIGHCONFIDENCE HSNTWK KRYPT KRYPTIK MALICIOUS PE MALWARE@#2M2H8KMC36NAE MSILFC POSSIBLETHREAT R + TROJ RM0@AKESDRK S15904180 SCORE UNSAFE WRZX ZEMSILF ZSXTA8RMYJC 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	GenericRXLS-OE!DE152D815071	20201024	6.0.6.653
Alibaba	Trojan:MSIL/Kryptik.8db7d871	20190527	0.3.0.5
CrowdStrike	win/malicious_confidence_70% (W)	20190702	1.0
Baidu		20190318	1.0.0.2
Avast	Win32:Trojan-gen	20201024	18.4.3895.0
Tencent	Msil.Trojan.Agent.Wrzx	20201024	1.0.0.1
Kingsoft		20201024	2013.8.14.323

Queries for the computername (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1619948446.591689 GetComputerNameA	computer_name: OSKAR-PC	success	1	0
1619948446.591689 GetComputerNameW	computer_name: OSKAR-PC	success	1	0

Checks if process is being debugged by a debugger (4 个事件)

Time & API	Arguments	Status	Return	Repeated
1619948411.123689 IsDebuggerPresent		failed	0	0
1619948411.123689 IsDebuggerPresent		failed	0	0
1619948446.576689 IsDebuggerPresent		failed	0	0
1619948446.607689 IsDebuggerPresent		failed	0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619948411.170689 GlobalMemoryStatusEx		success	1	0

Allocates read-write-execute memory (usually to unpack itself) (50 out of 64 个事件)

Time & API	Arguments	Status
1619948409.966689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 524288 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 8192 (MEM_RESERVE) base_address: 0x00480000	success
1619948409.966689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x004c0000	success
1619948410.545689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 2228224 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 8192 (MEM_RESERVE) base_address: 0x00c70000	success
1619948410.545689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00e50000	success
1619948410.763689 NtProtectVirtualMemory	process_identifier: 2864 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x73e71000	success
1619948411.123689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 458752 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 8192 (MEM_RESERVE) base_address: 0x00500000	success
1619948411.123689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00530000	success
1619948411.123689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003ba000	success
1619948411.123689 NtProtectVirtualMemory	process_identifier: 2864 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x73e72000	success
1619948411.123689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003b2000	success
1619948411.466689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003c2000	success
1619948411.732689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003e5000	success
1619948411.748689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003eb000	success
1619948411.748689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003e7000	success
1619948411.982689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003c3000	success
1619948412.045689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003cc000	success
1619948412.576689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003c4000	success
1619948412.591689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003c6000	success
1619948412.732689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00ac0000	success
1619948412.873689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003da000	success
1619948412.873689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003d7000	success
1619948413.373689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003d6000	success
1619948413.373689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003ca000	success
1619948443.873689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003bc000	success
1619948443.904689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003c7000	success
1619948443.920689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003c8000	success
1619948444.060689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003c9000	success
1619948444.248689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00ac1000	success
1619948444.404689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 12288 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00ac2000	success
1619948444.435689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00e90000	success
1619948444.654689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00e91000	success
1619948444.701689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00e92000	success
1619948444.716689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00e93000	success
1619948444.716689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003cd000	success
1619948444.716689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00e94000	success
1619948444.748689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00ac5000	success
1619948444.779689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00e95000	success
1619948444.810689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00eaf000	success
1619948444.810689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00ea0000	success
1619948444.873689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00ac7000	success
1619948444.873689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00e96000	success
1619948445.623689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00e97000	success
1619948445.623689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00e98000	success
1619948445.638689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00ac8000	success
1619948445.654689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00e99000	success
1619948445.654689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00e9a000	success
1619948445.670689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00e9b000	success
1619948445.670689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x003ce000	success
1619948445.685689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00e9c000	success
1619948445.716689 NtAllocateVirtualMemory	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x06330000	success

Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619948446.466689 GetAdaptersAddresses	flags: 15 family: 0	failed	111	0

The binary likely contains encrypted or compressed data indicative of a packer (3 个事件)

entropy

7.990984375786257

section

{'size_of_data': '0x0003fe00', 'virtual_address': '0x00002000', 'entropy': 7.990984375786257, 'name': '.text', 'virtual_size': '0x0003fdc4'}

description

A section with a high entropy has been found

entropy

7.808172960590694

section

{'size_of_data': '0x00007600', 'virtual_address': '0x00042000', 'entropy': 7.808172960590694, 'name': '.rsrc', 'virtual_size': '0x00007548'}

description

A section with a high entropy has been found

entropy

0.9982486865148862

description

Overall entropy of this PE file is high

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619948444.529689 LookupPrivilegeValueW	system_name: privilege_name: SeDebugPrivilege	success	1	0

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

File has been identified by 46 AntiVirus engines on VirusTotal as malicious (46 个事件)

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.34388075
FireEye	Generic.mg.de152d815071dead
CAT-QuickHeal	Trojan.MsilFC.S15904180
McAfee	GenericRXLS-OE!DE152D815071
Cylance	Unsafe
K7AntiVirus	Trojan ( 0056cc0a1 )
Alibaba	Trojan:MSIL/Kryptik.8db7d871
K7GW	Trojan ( 0056cc0a1 )
CrowdStrike	win/malicious_confidence_70% (W)
Arcabit	Trojan.Generic.D20CB86B
Cyren	W32/MSIL_Kryptik.BLX1.ge!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Trojan.MSIL.Agent.gen
BitDefender	Trojan.GenericKD.34388075
NANO-Antivirus	Trojan.Win32.Stealer.hsntwk
Avast	Win32:Trojan-gen
Tencent	Msil.Trojan.Agent.Wrzx
Ad-Aware	Trojan.GenericKD.34388075
Comodo	Malware@#2m2h8kmc36nae
DrWeb	Trojan.PWS.Stealer.29105
VIPRE	Trojan.Win32.Generic!BT
Invincea	Mal/Generic-R + Troj/MSIL-PMZ
McAfee-GW-Edition	BehavesLike.Win32.Packed.dc
Sophos	Troj/MSIL-PMZ
Ikarus	Trojan.MSIL.Krypt
Avira	TR/Dropper.MSIL.Gen
Microsoft	Trojan:Win32/AgentTesla!ml
AegisLab	Trojan.Win32.Malicious.4!c
ZoneAlarm	HEUR:Trojan.MSIL.Agent.gen
GData	Trojan.GenericKD.34388075
AhnLab-V3	Trojan/Win32.Kryptik.C4183268
BitDefenderTheta	Gen:NN.ZemsilF.34590.rm0@aKEsDRk
ALYac	Trojan.GenericKD.34388075
MAX	malware (ai score=89)
ESET-NOD32	a variant of MSIL/Kryptik.XZI
Yandex	Trojan.Agent!zsxta8rMyJc
SentinelOne	DFI - Malicious PE
eGambit	Unsafe.AI_Score_99%
Fortinet	PossibleThreat
AVG	Win32:Trojan-gen
Cybereason	malicious.1c4f17
Panda	Trj/GdSda.A
Qihoo-360	Generic/Trojan.289

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-08-18 05:03:47

Imports

Library mscoree.dll:

• 0x402000 _CorExeMain

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	63429	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	50535	239.255.255.250	3702
192.168.56.101	50537	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58707	239.255.255.250	3702
192.168.56.101	62192	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.