1.0
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.49
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Kryptik-MGA [Trj] | 20191203 | 18.4.3895.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_80% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20191203 | 2013.8.14.323 |
| McAfee | Dropper-FGJ!03262465A307 | 20191203 | 6.0.6.653 |
| Tencent | None | 20191203 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(2 个事件)
| section | AUTO |
| section | DGROUP |
动态指标
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 55 个反病毒引擎识别为恶意
(50 out of 55 个事件)
| ALYac | Gen:Variant.Ulise.3105 |
| APEX | Malicious |
| AVG | Win32:Kryptik-MGA [Trj] |
| Acronis | suspicious |
| Ad-Aware | Gen:Variant.Ulise.3105 |
| AhnLab-V3 | Trojan/Win32.Dofoil.R72088 |
| Arcabit | Trojan.Ulise.DC21 |
| Avast | Win32:Kryptik-MGA [Trj] |
| Avira | TR/Crypt.ZPACK.Gen7 |
| BitDefender | Gen:Variant.Ulise.3105 |
| BitDefenderTheta | Gen:NN.ZexaF.32517.kuX@amJgrL |
| CAT-QuickHeal | TrojanDropper.Gepys.A |
| CMC | Trojan.Win32.Swizzor.1!O |
| ClamAV | Win.Packed.Quackbot-6898806-0 |
| Comodo | TrojWare.Win32.Kryptik.KDSZ@50zmcz |
| CrowdStrike | win/malicious_confidence_80% (D) |
| Cybereason | malicious.5a3070 |
| Cylance | Unsafe |
| Cyren | W32/A-bb6b5234!Eldorado |
| DrWeb | Trojan.Redirect.167 |
| ESET-NOD32 | a variant of Win32/Kryptik.BEGY |
| Emsisoft | Gen:Variant.Ulise.3105 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/A-bb6b5234!Eldorado |
| F-Secure | Trojan.TR/Crypt.ZPACK.Gen7 |
| FireEye | Generic.mg.03262465a30701ef |
| Fortinet | W32/Kryptik.BDUE!tr |
| GData | Gen:Variant.Ulise.3105 |
| Ikarus | Trojan.Crypt2 |
| Invincea | heuristic |
| Jiangmin | Trojan.Generic.hwxg |
| K7AntiVirus | Trojan ( 0040f4c81 ) |
| K7GW | Trojan ( 0040f4c81 ) |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| MAX | malware (ai score=85) |
| Malwarebytes | Trojan.Agent.RRE |
| McAfee | Dropper-FGJ!03262465A307 |
| McAfee-GW-Edition | Dropper-FGJ!03262465A307 |
| MicroWorld-eScan | Gen:Variant.Ulise.3105 |
| Microsoft | Trojan:Win32/Quackbot |
| NANO-Antivirus | Trojan.Win32.Redirect.ctkgdv |
| Panda | Generic Malware |
| Qihoo-360 | HEUR/QVM20.1.A1E1.Malware.Gen |
| Rising | Trojan.Crypto!8.364 (TFE:4:2Gi12ep9vkT) |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
| Sophos | Troj/Agent-ACIZ |
| Symantec | ML.Attribute.HighConfidence |
| Trapmine | malicious.high.ml.score |
| VBA32 | Trojan.ShipUp |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2012-04-24 01:42:58
PE Imphash
6a1d3dc009c0723adf295e1aace82465
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| AUTO | 0x00001000 | 0x0000218f | 0x00002200 | 6.409290933980502 |
| DGROUP | 0x00004000 | 0x000275ba | 0x00027600 | 5.561365809882183 |
| .idata | 0x0002c000 | 0x0000050c | 0x00000600 | 4.506523453220873 |
| .reloc | 0x0002d000 | 0x00000000 | 0x00000400 | 5.122167136987848 |
| .rsrc | 0x0002e000 | 0x00000000 | 0x00000e00 | 3.814398840737083 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_DIALOG | 0x0002c388 | 0x00000650 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_DIALOG | 0x0002c388 | 0x00000650 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_DIALOG | 0x0002c388 | 0x00000650 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
Imports
Library USER32.DLL:
• 0x42c0f0 CloseDesktop
• 0x42c0f4 GetDesktopWindow
• 0x42c0f8 GetProcessWindowStation
• 0x42c0fc GetThreadDesktop
• 0x42c100 GetWindow
• 0x42c104 GetWindowTextW
• 0x42c108 GetWindowThreadProcessId
• 0x42c10c LoadCursorW
• 0x42c110 LoadIconW
• 0x42c114 OpenDesktopW
• 0x42c118 OpenWindowStationW
• 0x42c11c RegisterClassW
• 0x42c120 SetProcessWindowStation
• 0x42c124 SetThreadDesktop
Library KERNEL32.DLL:
• 0x42c12c CancelWaitableTimer
• 0x42c130 CloseHandle
• 0x42c134 CreateFileW
• 0x42c138 CreateThread
• 0x42c13c EnterCriticalSection
• 0x42c140 FindClose
• 0x42c144 FindFirstFileA
• 0x42c148 FindNextFileA
• 0x42c14c GetCurrentProcess
• 0x42c150 GetCurrentProcessId
• 0x42c154 GetCurrentThreadId
• 0x42c158 GetLastError
• 0x42c15c GetModuleHandleA
• 0x42c160 GetModuleHandleW
• 0x42c164 GetProcAddress
• 0x42c168 GetSystemTime
• 0x42c16c GetSystemTimeAsFileTime
• 0x42c170 GetTempPathW
• 0x42c174 GetTickCount
• 0x42c178 LoadLibraryA
• 0x42c17c QueryPerformanceCounter
• 0x42c180 SetUnhandledExceptionFilter
• 0x42c184 Sleep
• 0x42c188 TerminateProcess
• 0x42c18c UnhandledExceptionFilter
• 0x42c190 VirtualProtect
• 0x42c194 WriteFile
• 0x42c198 lstrlenW
• 0x42c19c LeaveCriticalSection
L!This is a Windows 95 executable
`DGROUP
.idata
.reloc
B.rsrc
muNI@@@\
@E@@@@G@
@@*@@@bQy$yb@?@_^S
q@@U@@IG@
0@@@@Uq@
@@@C@@m
@@@?@wf@E@@@
Y[SQRV
!@b@@@@@@@
J^ZY[SQ
@@Y[QR
f@@@@@
@]@@@(
vx@N$@@@5
@@@@Y[RVWL
@5@@@@5@MG@@h@@@@@ ?h@@$G@
@@_^ZQR
_ZYQR8
m\@@!V?h@
@@5SMbZYRV|
\@@U@x@@
@@*W@qE
@@_^ZRV
@@I^ZVW
@U:@@@
@@5U@@0@@@@@@_^QVW
;E|E;Eu
B1E~E~P
]_^ZY[SQ\
$@@@@f
Im5@@S
@@!@7@@V@@(5xw@
@b@xWj@@
@@@?@ZSQ
II?@@@5GEj@@@f@@@0>!
@@Y[VW
@@@G@_^QRV
@@;@@II^ZYSQRV
@@@@@@@@@@^ZY[SQR
@@ZY[RV$
IW@Pw@@!@@@RV@EN@w@E@@@U
@^ZSQRV
@@5@@@@f@@@@@@@@
@S;U@@@@@M
M@@\@U@@@IwI^ZY[SQR
@ZY[SQR
@@@x@!@@@@@@@?@Z@ZY[RV
@@@@^ZQR|
5@G@@h@@@@@SI$\@@?@@@0@
?b@h@@
I@@U?j@E
@@EU@Px
ZY[RVW
M@w@@U
!@wQ@0M6@UV@@?@ZYRVX
U@@@@@@^ZQRV
q@UQyV
^ZYQRVW
?@0@@d@"
@@@@@I@
@@_^ZYSQRVW(
@@\b@I@@@
@@@@\G
@@U_^ZY[QRV
@@@U@q
@@@@@@U
@w@@I@
6@I@U@^ZYRV
@jm0@@@@@
@@f@@@@@^Z1SQRV
Y^ZY[QRVh
U^ZYRV
@@@\@@@@^ZSQRVW
jU@@@3
b_^ZY[RVWH
?@@G@
@@b@G@@
@J@IIr@@@@@ @
]@_^ZQRV
@@@h@@
^ZYRVW
f@@@U0?0@bG@@@
@5@U@_^ZV
m/!6@@V@U@@@M
QQ@@@@?b@mE5wrE?^ZYSQ|
@@@@@@@!
@@$@@I@U@@
M@G~@@@Y[SQRVW
m@@Vy@@$EU@@@@
@@@@@U@@M@[@@@@hw@@M@?@@_^ZY[QV
@bI?h@@@U@$
j@@@\w@@
@@UZYRV
U@?@jx
@@b@^ZYQR
@y@@S@j@@@5@@@@@@@@@@@@@!@IIZYSQRVWt
!@M]@@@@@U@m@\@q_^ZY[SQVUP
|^Y[RV
@@@$@@@^ZSQRV4
@j@^ZY[SQ$
@VI@J@@@@
Y[SQR<
@jMU@@
@ZY[VWP
@@@@G@q@@@V@@@@@
@_^SQR,
N1ZY[SQR
@@UJZY[Qd
m@w@@@j?b\@@GM@V0@l
@3YQVW
>'_^YW
@@bxy@ryM@@
!$@@S@h
?\r@V@@h
@@@@hy@@@@EES@@
@EI0ZYRVWh
@53_^ZQVW(
M>f}1E
E@;u~U
UG;U9M)}
}_^YQRVWD
@U@@@j@
UIO@@@@
@@~\_^ZYQR
@ZYQRV
@G[I5Jb
@@;@@@@@@I@
drLdQE
rV`rVdrzveid1csf
ElErGlkErzPvcP
FEEzoEdV
eS`CtAP.E
`nuPrddu1ERAE3Pvy2l
FSnEWEnlV
irsnnoElgloeVazE
nrtEEEiBnEV
eGPStn
VarESldvEw
EnUEFpnSmlhFEdrzddunnEoP~dcMdV\dnliEenlrP
rrElnESVranEdEtvvEEzVpStFzeErttFFuEVEoXPEa1VEFneSEnsPnElet
EePdrErpr
RraaO1SVeEteiFPFuIPiV
EWe0E+ivN,h
e^}Sj+PV
sOJnr^eFK
Flj(0tE|d
QHEEH}>9
]xEo_aYAcNh
0tVPhj
VhhV=xhTj
t]XGMh
EWEjlY~U
(tZQVS
u]@9PM
QFEru<
WSPCu@^%
p_p@r71Y
usWXCo?
!JI8QA
*!-iIz
}IMMV,T
1hC1Kg
0o y)S
luIe.rni
exa .tFH
K8!S(C_
Arw(1
"1Y$Kui
?TmH]?
%UUs+H
+PPb9$N7
rk%HPT
KROfW{
Q+Y:+S
'z xN)
!,#%Pb
,K\0O<#
F5:@V4
@8J!xU5
,::5%nn
PsPPsZI
qNsqNS1
+.YL Hr.OPVWL1SCSv{IP\,E6 Yl
6RRSO/-
[A0#!Sh8
Cu'xK#\1V BrJ(#f%
Rx)z:b=+WQ4
\GY@ !
Q[9+3^
@^#[ho
HA/m+s.
[L:;=M
-W7%*X
wK9hU g
4>Hw~+
JP?<3=
_dnAx(
_/_ct~uSR
=D7sJn
ve+0P_G
l Ul=ZT
NtT><6
7z%Bra
0:g/RT'
v_X6IM.Po%
P._|]*mn
=Q3[fO,
u9iX'VAj
k='13B
-{'5sZ_x
E].E0lW
m\pWXk
B0Xb0|
HoOnQm$
n*'+|F#
U?+|fz
W+W.ZV'
l)aV}g%n.8e
Fmvw{w5
R3MdMsffS/12"
c+iQep
e"~ *y
C0a qvV|
J$r; 6$?p-
%tWGV<
ZPp{ZDh0B
{::Z?+*RB&1O
+gw]G}/
S0q;IA
=.k-ZDA
41V9Is
N|si;w.aU
BF3E b@
$Z?0y!
$wO,[
D?<|ykQ
ZV=0}v=
s /X`fmQa
0!Pjavab=
U$CN68l
a_a,)i
jR)z5|aA;\N
m.wz{F
'I.z$wa
i85KT m
KD <-0oU\
Cz{R f@GO
VMKSVh
K.z?Ug=
{e {W4
^~f>RAM
E6qf}$
7frmO+
olAu{{2YA
,Unt~&
]A^S'Q<
G&t[Ed$
;\~O.J
Cat2@"
AkB8epcuHf
A%}rq*Kf5K
lf6'5>?8
59NYor
tNpbvn
gJ q=v
uV7?s`
0c'/3,
kxM=_r5V
_BG/S!
lJxwQ
0Kw7fX
z;D@VQ
,4.vAI
@>?@>@@>
@@=d>@ @
j>8?W">@
@ H^h>@
@w>@t\
rhmnthmzp
lxa\oea
esoDnt
\\wiOt\
lSEHOF
CN.YrE.t
MT\rcdeTo
xITO y
L_\LVo
tonDtf
wiwAeo
rLopriWs\
\\tonpI
iT nuei_s
rDALItWIp
sniwVp
7\cbS'X
oeaWiieS
reSeay
TedaWyaueh
yruJyNe
Aumube
rrlepoA
Myd/Hd.
uaiy@
i@@rye
t2it x
hR@zir
xy1cu
st eontnte
Rofg u
a0l oap
nupi6neouel
oaoli
-nemott
-anagtei
o2ut n tltt
eh0nab8
i9leneRlr0g
6t a6cf0cf
deannoem
r6 t0ps
eaarh
irdrnddeux
cix oh6
tnu - ao/ c
eit i_
csotxRtlnt
lou2 r
6luetRct a0
uitxc2
5e-4 at
2too ae_ -
si-oii
RRpdin
6tslsiaz
oduct2s
2iintgnlfa c
t uiRwu
gn 76o
7oh-na
hluozeia
opti u il
uRoe2til
0 6i 6T
6n .iteiotRels3tC6n
zt dnh h
siiaChi
eot nzt
irt Ssoetultnfonurca
ni i vn sgopnrnc l ctceoomRt ofaiot/c/- (MciD
lne0r nlirnfl6nol ca3l
nofa.e ormo(.3sdfrls)rclidi)f mS 6r
cr Iauteano ctgMnu u omi n cmliuLmlvrl
aoao MeffItRpclota -l 0L
rMusoI
ooeibst
nlimar
oeiItooaupt
rlih nbet
syyi a
. slgi
Tkn nec
tsh g a
ncnSemnenv iaa
eovitme
omtitacth
i t lM pdm
lace i
seiruDI
TNrSeLre
erro r
vpYPu>aW
$H>Xp/X>aM
&=Q,*i|iU!
F)>i>r
w{|?{H+
5`EGi3
d(}`aU@4F
s>st}@Wt?jt@>s
#@>J@Wt+
it&i-iFsi
`P?}0!@Zn@o
E+:V{>v^1
H`9p00it{
vzYzwb
i>g:GMH*3,
x<}mI1W
-WD@V9I
)<zDHG ]q
t@1@Vt
G]tdM0}
zB.@ Mh
meV@r?t
MQrqqV
x<itD>{X
@zH@e%
{7tOHD
W@+TN]Dg
t{gzCnd
gts!gE
e~\);y/f
h~S1u3@)
{CM^K}
/Dyg@#zzdP
@@)sDH
8}0GD P
v0g{VH?
E{Cgk@
v@ /!1
~rr@~h
{ eD@E(
`,)E)Dw|
sk)DDDu
str)WD
u{Wsb@M
@0{Bbr
&jEH0jE@/s
tHN@@{
S@e?S<s
ul'81&
x3t7_7/{
EW d}WH9 ts
z|zqC9aM9M?ALMWt$
kjZllz
@CETzTxW )
||tm_j`
3ay{Yny
y];c\i
bDD/r?
?HE3jh
}nj$d@
w_CAgtH
@u$jgn
EeQ{) h
n<<(FxDmB
3+oh5T
h^$0ZJ
I&'8{H
AwDxEQA;ty{Q
4c~ @ }
Z8DD(@
vh@QDH
:jj00hLDj
C} (r8@j
yt[/y!@-
jjS@)5
@EkRM5
EBgidP
yEJ1(w/
N9k<)1
=DhjVj
@1@hEh
USER32.DLL
KERNEL32.DLL
CloseDesktop
GetDesktopWindow
GetProcessWindowStation
GetThreadDesktop
GetWindow
GetWindowTextW
GetWindowThreadProcessId
LoadCursorW
LoadIconW
OpenDesktopW
OpenWindowStationW
RegisterClassW
SetProcessWindowStation
SetThreadDesktop
CancelWaitableTimer
CloseHandle
CreateFileW
CreateThread
EnterCriticalSection
FindClose
FindFirstFileA
FindNextFileA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathW
GetTickCount
LoadLibraryA
QueryPerformanceCounter
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
VirtualProtect
WriteFile
lstrlenW
LeaveCriticalSection
0 0,0>0G0\0l000000000
1 1?1U1o1u11111111
2#2c222222
3:3l3z33333
4E4Z4h4}444444444
5,5C5N5a5z555555x66666666!7D7]77777777
8#858D8T8r8888888
9+9=9R9e9{9999999
:2:@:Y:p:z::::::::
;%;?;Q;`;x;;;;;;;
<+<@<R<[<p<z<<<<<<<
= =-=9=C=Y=^=h=|=============
>->>>N>^>g>t>y>>>>>>>>>>>
?%?6?U?f?x???????
0&0,0207080>0D0I0J0P0V0\0`0b0h0m0n0t0z0
0000000000000
1"151O1b1j1|1111111
2!272I2]2q22222222
3"3+3@3^3j3w3333333
4$4=4O4_4v44444444
515;5Q5d5r5|55555
6/6;6<7M7a7k7y7777777
2C''u*ST
O'Ri5}
.Uc=yJBj
+8HW'f?=
q*"|=/g@8^=H
YGe2E!"8Rd"
$Od i{[
FhEg8FIGSr',h4]
CnLw3 Xf
:~';aQ3
G+[{ ZDa-
5Re5){+W]$H@ 05d&(1<#
)Ssr'?Uz!p?
/XdG@&}Z2s1/
y=z is
M=XC+63R
Z-J!}6
<I0F8no
P![gsV'
CH<^u?7V>
cIWp+GyFH
oX=gw#-
~6rWtG9h"
E-hxKg
~brG|FSc#Rnc`9
9Hs ;Yp91/i0
ru ZbD
/k.[-T5DiNmD
J ."Ebn
:?8dqT
uCv.,MR
=[Z/7)^ DE]P
emhc0q~=^
med~Z5
hLm9ES[N(0yI>
-awuXa3
[%_36D?`]
pYrb35L
r*-U'itOI
/nwXy[C=?_c&
w<z`aY
XEyiYes
9VR*}h
lgyr7otD=
{f&7"xOGc4T
(pZ|BlS6*"0
D\ a!84e,
22`j[9o!x
`8*y3r
\(~CL"
^:N!|_|]65`
QaNX_v<X
UHRg;#G
o]_U:@
}#Ovc:
f>t# |m(9
./8C:v
]mq(gi
cXiD A
atjE:zuO
egQneY
a p4lxqcQ7DPZO
~hAT#6
A 4F>;
8'VoEru<[
h� �Y�Z�V�E�H� �F�y�m�Z�o� �c�V�S�Q�j�I�r�y�c�m�W� �o�O�m� �e�k�N�Q�q�f�o�S�x�O�F�Q�e�J�A�A�P�I�I�s�F�V�r� � �
M�S� �S�a�n�s� �S�e�r�i�f�
R� �H�y�j�k�s�w�V�j�w�i�E�a�C� �W�C�B�A�
M�S� �S�a�n�s� �S�e�r�i�f�
s�I�n�D�m�u�T�B�n�o�x�m�a�T�v�r�
�H�C�t�T�U�E�y�r�l�
f�h�u�C�C�A�d�E�z�X�R�S�e�f�V�K�S� �D�F�k�B� �F�s�D�i�x�e�r�v� �A�G�
M� �g�R�G�P� �D� � �d�i�j�H�Y� �s�i�r�R�M� �R�s�L�H�z�g�n�
M�S� �S�a�n�s� �S�e�r�i�f�
c�P�N�f�f�E�k�t�E� �B�y�P�V�D�v�O�t�B�H�P�a�u�H�X�
z�S�U�c�L�o�Z�N� �h�b� �u�X�q�V�D�u�L�I� �m�Y�X�b�Y�h�z� � �d�l�f�W�Y�G�R� �W�a�Y�O� � �R�I�J�o�r�
S�y�s�L�i�s�t�V�i�e�w�3�2�
E�b�C�v�r� � �Q�
x� �K�e�W�y�k�u�w�K�t�g�H�B� �N�j�A�j�T�f�R�P�Y�r�b�c�E�i�W�X�T�w�e�h�B�t�y�M�K�D�V�c�G�A�O�Q� �Q� �
n� �q�l�U�j�M�D� � � �a�V�S�o�t�Y�j�L�w�o�G�m�S�D�m�W�P�Z�k�
V�b�D�y� �l�k�Q�t�x�G�w�O�E�c�z� �Q�I� �p�R�k�Z�z� �C�R�d�G� �v�j�Z�x�Q�
V�g�B�M�a�M�z� �I�c�l�c�f�X�l�J�p�N�E�f�U� �m�C�g�Z�O�v�W�m�d� �U�H�t�w�q�K�o�T�g�
i� � �l�U�C� �d� �R�B�A�p� �B�c�g�E� �P�z�K�h�q� �g�
� � �m�a�b� �P�c� �W� �n�C�G�h�J�V�i�C�H�S�T�s�S�P�D�E�Z�L�C�C�i�W�h�y�w�t�G�
m� �c�u�X�a�N�F�g� �n�o�d�c�r�J�s�Z�j�t�G�r�
�P�v�E� �b�h�T�D�a� �Q�I�k�J�y�u�C� �c�J�o�u� �R�G�f�N�n�O�d�y�a�k�g�z�l�T�B�l�t�
K�J�v�g�b�C�X�
i�w�A�m�L�D�r� �v�n�j�F�W�t�Q�C�j�F�u�E�
v� �f�h�N�J� �T�X�Q�U�k�Z�x�b�Q�f�x�F�o�T�l�s�r�k�E�f�D�S�t� �J�T�V�i�B� �X�L�N�X�m�i�A�I� �
k�t�O�P�r�H�T�A�E�n�r�H�m�x�f�s�H�S�m�p�V�U�L�N�h�L�H�A�x� �d�o�z�r�j� �F�E�w�M�
r�s�L�W�a�P�a�N�y�t�g�p�B� � �n�w�D�k� �F�A� �l�J�R�J�h�j�a�B�m�T�x�L�p�J�A�e�u�W� �V�B�V�M�p�H�X� �W�A�q�F�c�D�u�o�k�A�c�S�C�z� �D�V�D�q�n�Z�j�S�n�M�q�p�K�
M�S� �S�a�n�s� �S�e�r�i�f�
F�Z�i�f�k� �l�K�E�y�S�U�M�A� �S�H�K�
i�k�G�J�Q�k�u� �c�i�R�e�T�G�L�q�K�C� �l�w�l�u�b� � �p�r�C�y�E�
C� �L�i�X�e�e�T�r�U�a�z�k�D�o�U�u�M�U�i� �Q� �B�M�
I�K�p�M�V�T�k�L�m� �S�a�a�f�M�g�n�d� �U�d�g�a�H�X�G�K�e� �p�M�I� �k�X�N�E�
x�X�X�x� �E�j�b�i�O�S�O�m�X�L�d�Z�Z�B�P�q�K�p�a�m�t�c�o�f�X� �V�q�H�A� � �R�D� �v�Z�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.