1a41661e3f16e868898678852dfb2b36ebefdaaa49b02e36eea3152239a78ef0
1a41661e3f16e868898678852dfb2b36ebefdaaa49b02e36eea3152239a78ef0.exe
静态报毒
动态报毒
CVE
FAMILY
METATYPE
PLATFORM
TYPE
UNKNOWN
WIN32
TROJAN
WORM
PICSYS
DACN
0.12
FACILE
1.00
IMCLNet
0.81
MFGraph
0.00
引擎 |
描述 |
特征 |
威胁分数 |
可能家族 |
检测耗时 |
DACN
|
基于动态分析和胶囊网络的可视化恶意软件检测
|
API调用、DLL以及注册表的修改情况
|
0.12
|
Unknown
|
0.28s
|
FACILE
|
利用改进的层次胶囊网络对二进制恶意软件图像进行识别分类
|
二进制图像映射为的灰度图像
|
1.00
|
Unknown
|
0.03s
|
IMCLNet
|
轻量化深度卷积网络模型实现恶意软件家族检测
|
原始二进制映射而成的可视化图像
|
0.81
|
Unknown
|
0.21s
|
MFGraph
|
利用静态特征构建图网络以检测恶意软件
|
原始二进制PE文件的静态特征节点
|
0.00
|
Unknown
|
0.00s
|
查杀引擎 |
查杀结果 |
查杀时间 |
查杀版本 |
Alibaba
|
None
|
20190527
|
0.3.0.5
|
Avast
|
Win32:Picsys-C@UPX [Wrm]
|
20200125
|
18.4.3895.0
|
Baidu
|
Win32.Worm.Picsys.a
|
20190318
|
1.0.0.2
|
CrowdStrike
|
win/malicious_confidence_100% (D)
|
20190702
|
1.0
|
Kingsoft
|
None
|
20200125
|
2013.8.14.323
|
McAfee
|
W32/Picsys.worm.c
|
20200125
|
6.0.6.653
|
Tencent
|
Worm.Win32.Picsys.a
|
20200125
|
1.0.0.1
|
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(2 个事件)
section |
{'name': 'UPX1', 'virtual_address': '0x00057000', 'virtual_size': '0x0000f000', 'size_of_data': '0x0000ec00', 'entropy': 7.9075039579713575} |
entropy |
7.9075039579713575 |
description |
发现高熵的节 |
entropy |
0.9833333333333333 |
description |
此PE文件的整体熵值较高 |
可执行文件使用UPX压缩
(2 个事件)
section |
UPX0 |
description |
节名称指示UPX |
section |
UPX1 |
description |
节名称指示UPX |
与未执行 DNS 查询的主机进行通信
(1 个事件)
文件已被 VirusTotal 上 66 个反病毒引擎识别为恶意
(50 out of 66 个事件)
ALYac |
Generic.Malware.G!hidp2p!prng.4205B45F |
APEX |
Malicious |
AVG |
Win32:Picsys-C@UPX [Wrm] |
Acronis |
suspicious |
Ad-Aware |
Generic.Malware.G!hidp2p!prng.4205B45F |
AhnLab-V3 |
Worm/Win32.Picsys.R7826 |
Arcabit |
Generic.Malware.G!hidp2p!prng.4205B45F |
Avast |
Win32:Picsys-C@UPX [Wrm] |
Avira |
DR/Delphi.Gen |
Baidu |
Win32.Worm.Picsys.a |
BitDefender |
Generic.Malware.G!hidp2p!prng.4205B45F |
BitDefenderTheta |
AI:Packer.B927EAE619 |
Bkav |
W32.BlackduA.Worm |
CAT-QuickHeal |
Trojan.Agent |
CMC |
P2P-Worm.Win32.Picsys!O |
ClamAV |
Win.Worm.Picsys-6804092-0 |
Comodo |
Worm.Win32.Picsys.C@1zj8 |
CrowdStrike |
win/malicious_confidence_100% (D) |
Cybereason |
malicious.9c70e4 |
Cylance |
Unsafe |
Cyren |
W32/Picsys.PYSN-0191 |
DrWeb |
Win32.HLLW.Morpheus.3 |
ESET-NOD32 |
Win32/Picsys.C |
Emsisoft |
Generic.Malware.G!hidp2p!prng.4205B45F (B) |
Endgame |
malicious (moderate confidence) |
F-Prot |
W32/Picsys |
F-Secure |
Dropper.DR/Delphi.Gen |
FireEye |
Generic.mg.1bbff369c70e49ba |
Fortinet |
W32/Generic.AC.1B!tr |
GData |
Generic.Malware.G!hidp2p!prng.4205B45F |
Ikarus |
Worm.Win32.Picsys |
Invincea |
heuristic |
Jiangmin |
Worm/Picsys.a |
K7AntiVirus |
Trojan ( 00500e151 ) |
K7GW |
Trojan ( 00500e151 ) |
Kaspersky |
P2P-Worm.Win32.Picsys.c |
MAX |
malware (ai score=83) |
Malwarebytes |
Worm.Agent |
MaxSecure |
Trojan.Malware.300983.susgen |
McAfee |
W32/Picsys.worm.c |
McAfee-GW-Edition |
BehavesLike.Win32.PUPXAX.nc |
MicroWorld-eScan |
Generic.Malware.G!hidp2p!prng.4205B45F |
Microsoft |
Worm:Win32/Picsys.C |
NANO-Antivirus |
Trojan.Win32.Sock4Proxy.gkyfpl |
Panda |
W32/Picsys.A.worm |
Qihoo-360 |
Worm.Win32.Picsys.A |
Rising |
Worm.Picsys!1.C132 (RDMK:cmRtazqvWtBn6A4y0P+Nany87aRs) |
SUPERAntiSpyware |
Trojan.Agent/Gen-Picsys |
Sangfor |
Malware |
SentinelOne |
DFI - Malicious PE |
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
👋 欢迎使用 ChatHawk
我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!
🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
PE Compile Time
1992-06-20 06:22:17
PE Imphash
359d89624a26d1e756c3e9d6782d6eb0
Sections
Name |
Virtual Address |
Virtual Size |
Size of Raw Data |
Entropy |
UPX0 |
0x00001000 |
0x00056000 |
0x00000000 |
0.0 |
UPX1 |
0x00057000 |
0x0000f000 |
0x0000ec00 |
7.9075039579713575 |
.rsrc |
0x00066000 |
0x00001000 |
0x00000400 |
2.791128521214198 |
Resources
Name |
Offset |
Size |
Language |
Sub-language |
File type |
RT_STRING |
0x00051958 |
0x000002a0 |
LANG_NEUTRAL |
SUBLANG_NEUTRAL |
None |
RT_STRING |
0x00051958 |
0x000002a0 |
LANG_NEUTRAL |
SUBLANG_NEUTRAL |
None |
RT_STRING |
0x00051958 |
0x000002a0 |
LANG_NEUTRAL |
SUBLANG_NEUTRAL |
None |
RT_STRING |
0x00051958 |
0x000002a0 |
LANG_NEUTRAL |
SUBLANG_NEUTRAL |
None |
RT_STRING |
0x00051958 |
0x000002a0 |
LANG_NEUTRAL |
SUBLANG_NEUTRAL |
None |
RT_RCDATA |
0x00063808 |
0x00000050 |
LANG_NEUTRAL |
SUBLANG_NEUTRAL |
None |
RT_RCDATA |
0x00063808 |
0x00000050 |
LANG_NEUTRAL |
SUBLANG_NEUTRAL |
None |
RT_RCDATA |
0x00063808 |
0x00000050 |
LANG_NEUTRAL |
SUBLANG_NEUTRAL |
None |
L!This program must be run under Win32
StringX
TObject%HD
dA0,(dA
rrTlr'hd
4Z]_Zts^2O
;aV{;t#
+WSXc;
t:s+An#4
y]Kni3;
vtPFHFML>5
+[:>GU
<HEx` 8S(@NC&
d2d"h'5
}7&-]S%
c3GJ/xr
%|JW6XJl7
+]rgbU
c;7~7+
M]H`T.
{ ,!tyT2
lDrp
+v6aH;=
pu,zPU`<
"]i]L-c}
zovj|Sg
9,vH.u!
?W[a,DE}
3YAt0t
WT:02[?
o!t1|9
< v/;"
8+;"up[a
w`-dAKg)0
<_EP3Gk<f
_k/Nmu
;Y&jV@
r4ELg`Zu{^\H
'vw6#|@!
W`R ZHQ69sk
&wc]ThhX+jd<gd[
4C=Br/
G8^7GK6
t>-tb
+t_$+xtZXtU0'>
DFw){-i}
~ExC[)A ;
*tAvar L0
Y12[g6
[1OH}DD
@C#m#
4.7@v:k
&DK_n2xHW
@aQYR@
b@"E@|oe@p+
BkU'9p|B0<RBM~QC/j\
Cv)/&D
dEJzEb
9;5Sc=];Z T7aZ%]g']
R`%uYnb
_PS5[ !A
AW{4h:Am\M
>Uhi20d E
C5@2dY
TOfpvT+
lOFTWARE\Borland\Delp~\RTL[
FPUMaValue6-9
9jK8Qb
uoVt6Vv<q!_~E!
fiYRjZjX)@tG
f}P6X^^
a;%~R5|
5l[%,y
#"4?P]Xp
RZ.;;
v).w U5
X;4zd,Y
l]u(h64R
(.u*5RNc
9Zd$,_
t=-oo."
/'=t&,*
?tq1(5
Q4pZ1P0,
Rn|t1S}h
5]_4V|K0nx]
f*+8:V
[$4V@Oa^
|BX"S-
\mBp-xX
~~:)~$Pt
!(Y6J4
}(VE<p#g{
JZ1!R:
Z).Cum/-Rf;0
Dk9:;//*
?OPyEV
oOEpq P7
JZXA$C
8t2SCn6,#
&I:H@W[yB0tX-o
lo}<v<
v,`[2B
>:2ld4Uf
*[1C9w
,K3A{JI'
{-Qu+P8V
m6.h{u
E)[Es$6C.
e`;>UF
cLtu*f
PV2e6{
+HP)^@_(.
?@Y6@pVY&
\kernel32.dllWGetLongPathNameA
l";H+bQaG;`g+J
jV4jxtd
5zjQof1
twareQcalesA+s
gml1h(
;Ufk#Z
V.*hGp-`dPDm
S0.J4?
m\b&d?,\
+KM<K MW <
3AP$#y HP$
Exceptim
gTPB$qEHeapZ
EOutOfMem%CyKvIX
EIn]Err[
t\ CBpWpBQ
EDivByZeroB Range#
6rInverflow4Tc
B cYe<UW<U6Xk`k
({UXW#^
_-M?PoinHV[
[Casto[$C
EC%i@^d<
EAcssVla"+`W`W.x
oStack
XolBtjlCklW
Fand(Y_+
fd(9;8[
D oSafecal
SysU"ls
$OZ,b3t
Bo3j3Ef
wV_$+X#
U?~(\>
_[KHWV
AlPO!>P[^_3
/0o/t!F<U
'lJ4<
Sp]64D
<%6Ju+E]}Q
}(_BMpZYN~vMD<*t"<0r9w9i
Xkot|'
9`]6Mi`
,FcW0vQp
?uvWr:
fVO_P+;"
NtyM=o0_
=t~U}&
%&;|C0
F8}l`},
9uX^`=
M/c/).
DU.U7}n-]cg:s
Ic\@}B-ol
5-\zINFN
o)E]UJ
*Y/aHCTIt
m%ZT[YC
*$u_{(
Dw<D*Lm
|)A->
d69>{U3Q
c(o`CDHX`Ye,U"XG8C
|@`K1Y
_%9zp$$
'=XejK
6bAYwv
P!/>%A
Lp_5VR
|p/p;~^,Hm\
+2]&\m
CYGl!T{n{n/
a\=T8^
OY|jEal
L$H3X|
PPX;<=<o5
UD%tQ_
Fr,Z;&Z
Hk+F-97
aLGfLts_D[W
|Xs0fr
d1YSU
<HtHU3t7G5(
*LFO-Q
zVc0xZC
snuH>^
zH3j)SS
B|o3vF
$$Rp-Z
sxur\8Z4
=7;S4p
%MFWhaJf%<`]
PaBLN(NhN|
'"g_"3
hL^;41
o0}Wn9
6+Hu.jJL{
.?~iX
221`st
<?(.@3
dmH>#AK
pKhoNe#
+DiskFreeSpaceExAxT
p|4M5t
lxd4]$\
0TM5]L
<4M44,T$4MD
Ml4M5@l|
;xffXVi
b|An/xtt
,f{Ap#
lfn h/Hd
RJHfwdod
!G>30YS
L2D@84
s@x*`dd
on cu
/\(somyrape).mpg.exe
{ear-ld webc
"tpifOSlay stl
emuo1c
_X pro }/ger{("K
f]oepoJ
nk@"JpUnZR
&inYF''jje- x
} nurSVc}
3noth b-
us vic"f
^/d 6}3!'.nikki]ovaD"` huHD
kMjob6o
K1Sutr
pk6KY3BV MZCZ1WW+I@
[`eAbB
[kYop*cbbyk
i3uckfk*ZL
2F3 gMh]Uwx
vtuamcB
L@.6o(
13)#OLn/*MSN
-Z;wNd
w0`#-_m^
r7&v3lg iF0:
h4wKUffNwq
-%up>?
([Website2LM:fA
`1wtu~Uf
;u!<guy
BTY[sD
CD KC_+GICQ[HF
TA 3bvk8Gr"=fau^:
$D1C9j5p
a3Gm]Le
C()rN1y
V/M4vmt\
;gMdG;
9;pan?u
Dbt6A.
7!e"7d
g(zip/aim-H
gW@hAIM
01FZodC
5 tA %
/6kHsib 6d/g
sKQxdIPUn,`
?]X3w20
aHbu2N/.csCl
x)?CaG$a.[f?
R/7$CaBs
M?$c%4
REEYl2%aaZ/%l?!b+
)w2s_a
77eaNp",
1J!+C)|1?6
(V=m!6)W)ZW9i2
!P+Rn0:*
Og2`@%cA{h_Bo\0,3f
Uh`'sB02dQ@t
:nP8rf
6]c2d*Mbn
-dr&mz#
;m1G3m/=
Ln=l-ero
t#5:T+[sV1bqslu\h
weehay8`aMh&FtkU^5
!C.os^b!
]5gg'5bmX
6gq8qpkn-,
~xXq8EW8eeGL?j-
wYp-cLpl
Yk7w-MjsR#
>G+Ehq-pp@.Zpsy
c`lho|ipmCeB
oG9|eA&L1pGe
$Fr'4p43d;p_6
a7alp D
fxSo6ky-3fMpE
rbl1|;a
K.9=tZsguPxpV
utE0jH
L];P!xua
C6o7#mj-mR
pyhn@eHiiaAsDz&-t
B0wN0&
kyxZCz
s4po=0
j2+`hhsW/
Ecu`4`ndr!
Gs6H,Od\!%
a7"h(9x0;1.q"`YnJ(
i0enb+KI
iBcC\Spr
F$,;`>$4p3J0m"t?0hy
Ff2-a+
mroxwx!
; etJHH/0`'kiE
V /A$`v.x0tu}!
<pb31
+xb$l33W L!
`y>M-!
uec=pPt!zEac4C"Ex
85r[BIzRr
\,fadra0Bk
C#!;ph.
uAzjdo7sef1
!eIW7om=
8>H?`V
u1@$n*p`cV%6{ !aJb
%![pM:c
)$`by^
C1HOyz
hgL66u!`z
9]D56$
*MR-acya Vc
L_Tsa-#d-;N*
u3`5mKa
bnkqh`
C4wc;-+zyhH4E'
a\H9:d(b{2
79RUlley
:Hqx%W{
^djNtB]
g:f]mz
r$fbq-0bu
5P8=l8Dn/
^7_\C"
0z<}G5!Nd{/zBY!hcz=0,
,ChJvjpb,`
cZjIpl2S%
%cd80k
X$4d3*CiY
>WQ)+-X
r2y.7'6a
)d\ajh
|pdwg&,B(
tvaa7Y2
"_[1n|2,
u%T%_dX`6-XU
, C]"Bi
shZJ:T
FssNaC^
N$q-JX
lLX7iGQx
3%K+U<^
sZ`'98G
svw.7bIIp-iv
&-eRBPj4HD+zp{t)Ih
{BdK`50ae3
!7kA|+s
#x9seEbRy
#%5kyGe/!%c)+)WHpE\
SJY^Jjqj
LZRVbw
YWT=yJx
K[C@.~_KD
35i*VFmyS
0+tMICp'
1{YK]R
)pJ2y+5%L
\BMw,ew
Rk,@W}e
2Jt..[
%ef)aR/!
-O.&Dc
kso58Pt
J5glv>B
@O~Pe'
^!(^dcF
ov(+9ZKq X'qu,
nBb&+`D
%5mH&Ly!x)#CWu(2,
X`Pyi
!s[YA
#Ha\(%kh`,*$gRSj*L
YAasMg\;otAk
`YS9%M(
rH+(p ,
cBIF;%`N[#&
2/+i& ja
x37a2An
xw=lgos!o
;0I6VF^5X(K$
cqB,<jteQ
,'+,&2temdU
~D+!&%C
p`!cFS
lb;L)h
WUck_ y]Fup
wZlspH_f>
fmQa3<
%DkxL
*t"Y>0$y
|r-`F$\z
(aa 3oB#+[^K
.!+2M 2
8iHCk1
7E!HHEg2
Nji?%+\2&
0B5XRgw
!_"-2g46H
X8f Vs
DNsG!N1
+#E|HID
j!w}]
r[h/J
026fdyu
rd,ika`
H-$NS;
FzV.I8
tQbITj
BW#f`*<s9S
zD7x4j
6UGnjK(GL
xcfe U/a@$
k;\Z\CrVDap
:8+S9!c
^7)9{X
lhWH~<
<A{2wg
0,%d6}r$
ZEzGlq(
TwB.Ah
AP~Setup8, %
Kazaa
j45:3r98
6789ABCDEF
$,4ii<DLT\idlt|iiiMl
rr<UHV 'O
pRYMg|
i(Di:i
8Xp4M@
iiD`xi
$d,0tntn
6M,<|,,Yl8xie
iM(XM,4`
ef TMtO
h6M6$;
iDt O,
0\l T4M '
0g?NwMGIt
{/;MAv
LNN4947{3
<3kM{!
&T?,[N
uF-i/a
tq7Lwd
afolg!
fJOn+a[\iF
l,}utt
Ax`i9nl3cfhi
Euesup
o?/}/e
}k-a6=Cem
Xl7o%)
b<FrE
cysGv}l)
doi.}p
t1$Jx8M09
%"uh{tP
mWQbwpz
) s-CR
w=IayIg
SooSyen-
ad+i5D%
nq7`<Ycp+
7program Lbe run/
?Win32
$7CPEL
7ilt(i
6C/ODE
h'BSSvdy
j.idat>
'l@tls5
@Peloc
x'0=sr&'
dA@<8dA
!@ ?U5@ ?
lC v8SbS$Bc
_%?q;k
N \Tc
Lxc9
O c/yP
DWs`C0&r
>9cf0!Ga
`y%A@c
@8c1y#
'Ac(I
rA$$A@:J> chv
dJc_2$
`Ghx1QA[
WaSWK7
()At)$)>|(
3I5c$*,
| i|d"X[J>r;p
?;stv)P##J
CDU]wc
#>@Xs@-$)>Qrb
@@7\ g
0r 900&+wZ2
'H91OX
@^5-@fWF
6($_P'v
L8l$(,
@N$W '
@[,5O>
@41[N>$v
#G@O;!
9|{nu"
~!_~u_IYJ/$6
9himkWw
Hw;1$?_B
]g[>@1S
V8>OW4
#HOU*p
:,TqBI\
B_l@ts@$#
@ydo^
@+nGV~o
2 TPL2 HD@
20,(Id$3i
QWi $SQRXNr0Jc
2xtplr hE\
6AC *0[{
@H8Ev
/yIEGHa
G8}WK3$
N4V*KqbErMg
vMcHi&#
! RL3
&Iw2R!r
Mw'tO.
?8!ZF
gV,XP
F)=pzP
@b(s76f
b_%P)D
(h;gq#'Pa
Pe%*p@x
9 fRB-)FW!9
1YhHY*
@HtJU'|/\
=PIj2-#
@8UpZj@UV{N
RG#C22!7p
fAC[h<>e
v: 1.31
Se0}rpath
OS type
directRy
dos*Ox
%urtim:
Driv-`a
[ (Siz^
82-*|#
JV;oXPmou
od.]s:S
3^Z$\'
k8'fFg
.<'$si<
5+jglfG
-#.EfzkEj,\f
>tV<<Q
C{rh`R
uc$h<9
GET /cgi-b/w.
d@&?AB
F HTTP/
%4SHost*_
s-Agen
(nx/7.5
aSm}{0
:&<e9)hpdG
P{bz883
b)r5(eS
g-\V0u
"<*D5G
)h+N<h
=l9'ThS]
fc90h\T
GV_J]BN][
l)!Ia;pXq9
yh>su(`qk
='%H@V#K
"ht2SL
m{Pk<p6
W3A@&i
wNK2PW}#
f>9Y>O8
HtTcc.
Z0^NR;
A7OMl
=,&VSR
'dvKERNEL
DLLReg&:D
icePro
RC0xFF0BH`
7\mZexc'krn
lf|H!i
*8HiTbx,i
4M".J\lM4Mx
v4M4tn
"8M4MJ^n~0M4u'MW
Rdvn4Ml
YcalSu
G*'kThH$Id
6A-S[pj?{foA
9'L/XP*OG
_Lin:L
E{a3Ex
E-Of<Afxvtl@wi
dHk[GL{
u35w-|Keybo
d9Mage
[Box9r2xt
e7hJpi9GQuJybE,
o{aut?Fvg1STls8[
ofsourc
2$4NpH{
{@E9opy
47Trsl
UacYZ
tE0ar Isb
>WSACn
AsyncS
c2CCv|4n
r7v1oh
JbiIwI;YhS
{![/G_K
KANS
-b -%o!T/i
olPu=7RichI
'Td`^-
|v<Wn@(
{d@.&%|
3*oLUN&9}
jn4xP39U
}$0/tPA%
BP;-|WE
U"YR[7C
nwY~^3
8@b(II
N,RF0+
c0^zW/
^1^,2p
XSv,WMFTq
|GtKxj
Yt;3w,39YFj
syBUCW3.
Ni|M@6S
kaVh-p4
n<Nj,(9j
y[p].W]c
7'j/z7wuona
UmP8=?Emh#
U9eZnJ
YfhX/fm
UM|[yFY;)m
^E/LD&
lpJ}LR
bGewD@3p$DGD
p%}]hP
P4#i:k4
g7/Zp~
uHU$(?S
l5E\|$
Y^(2;J
a%KkL1$
6nap[dY;
F[(Di5
`FA0=j
VCEtn^
3j>=B0pa
sr-^Tt
#JQm:>_s
@K"ZF=
eWSn$:
HB3 u4_v
r)$h#_
ug#F!G?Mu
D<4_4,$
NaoXOVKw
(<%0[s
B7bVEd
8t68t't
FRlGA&#p
ngniMv
k/4TXi
kl_<hhh
a[5"s^h
C|GWh(
jhGL<Pu
ifUcQ6@
CH;rWu
p7SUH6(
/V[X pe
sN)0)Qw
^;^}%95AFzL~
QWy+AD
GEA7 VQB
Mxvk-j
FQy?m5F, ZH
(KLT^t
jWfdb{od%
U6?2pJzO
FtdPXqKP
{x`,!>\8@f
v[,V-qv
"nKSd+!
@/$Y%U@r
x,lePp[
X5x [ss
WY_6]l{`W
P,=K-QA
u+u!9$
@>;vbn
!mLRIrJ
{&(,QC2
[(4d(+BK,
e~< ~
x[i[.|s
uYn$s{
J-]:D7
t)f?\XMv
fj d_[
HN$a }+
hA[bfj
E0\3K@d4xt*A
WZKC|N$
(Bw<GwHn ^
V,v7Vo{
F_&{[J
zP`NCu
LJOI;\[
NY'>__;SL>!\
NKYKA&YYY\
)YK6\3
!OGZs9
u{X,jKYKK<L\
4,a9<$<
YKe6p7WlI2Pntl
(08@r|DdP=
FuoWWGShH0
4</ s.u$
R8gtfa
}s{tVdgtvu
AFJ"gB^iI
6Ff@$`
WtgB>+s
aneWP32
U-En:
0W*lG$H
t-[pTyHHt
,*uD,P#X-R
4a.|GG'w
%':0G3
7lo@@!
lK<2^)
"g:`v*G
t3V`$,Bt
^lk$ Y]
-:)GQ_aWC
#5]'<+/@
|kXRPW)
oWp9g~
'A^'Mf.B%
\5m]Y+jQR
fE-N~!
.> -bA
00ww:;
FKd9#=
~X>uFX^=
9N=>=C~
`,92n
@~DUtJA0hy,"]S[A6
pPjh|J5,
.$t(4v.
hcF5ZER'
YVC20XC0
ek>!s{
ltEVUk
]^ZroA
3x<%!F
`=A8t
b[I"UU
7UuDhG
Y/'$PV5
@"t)h%
k-PH+Jf(
"\J3@,
@X@P{!0
zpI!-?p&33u
4;2l]#
VS's#Lt<%J`Ht
Bn+@jfS
dgh<94
|9=g}VL
^F?kC;|`#
@*whqu!h2
'hl,[&k0
V@VU];,
XCd$z2
hVtc<Q
fXy3[JV
2)_{u-
/Opd [3A::
_uu{Uc0
WQOS}vM&QM[i
:Gt~I:[
BCYP)C8-[jZm
8Lf@8pyYs
+;as)[-
)v-+I|
mU5YAFI
6,663i
)=sQV|
c Ap,|
"2 CQI3$W*
V+rKbq~X
NL`%3o*nP-;n_
n3XW2H
tt0B=td
b1Vw!@%d
@V|yaOR
c}e}5Pv_;P
|7SWUU
BuMPBBBY_[j
3'z]=\
)ttwsc
;Y5.'G8t,A<
vWNAZ '&
.EK997t2
V2y{i{It
~]VGk<E(u
#o@>@<FT-
<Z)?Eu7f
oQn53TG
nJF;s|,"9
?-h@rf
|0t$j6
d^jIS\
:==6V,
x @L4MXlM4M
*8FTiib~,
,M4MBRb~uM4
(6HTfilx{
(8PXu
)(null
CTLOSS
SING_~@
R60pE28
R-pSf7'7U[e
lowi8e 07
S6std55
A<pdvbA3c#
(_nS4_*ex\/Xv^
W#70$mt
@n!rm{t
Q.+8<Sargu(s_02EAfnu`O:
ADembm=
gneAil'
g_WSKG{{C7yC?;3{n#
C;7{/'#
TSOCK}
CT!trl
z%2@aSjPa{;be
gZlK-zxf
W.e;/ToMBy
NHTO5R
7aP9|IP
f[Buff
d^yh H "E
/html9
^,>:</
#hCm>Tnns`
'%s'1.#r.(
404 Nkh-s
a[9n?A
7200k\o@_bMX
>I /2..2;4h
pOBfTp:tps:Z
lW_Y{l
8(;C6P
"@Kj@D:
^__j2J91~@4r
0,4M($
iii/ii
xpd\iPD@<4
X/A/cpe'kST[PD?$v
PROG[`
F_8ib[&
`e=O!s.hV<
Impla4Vl
cpxBase
[CLS:CS`
DLG:IDD_CHOEPAE*(Exf
U.S.))1b
@Ddb=7
1=V(C_TY.D,f%,1342373892~`FILE$1772%J
L3PWD1@
!CRbO:
t(x1u,
'_hX*z$`
BeP&5;
DG*oaQ
nwd}"M
]hLn_[>*N
0$hZ\6;{n8sj
SZwDnQZ
J4{ION
I^Mg;|
? Wqv2
PHBV'c
Z9:)V="
|t>6in
8[kPlf
|.jhdA
-^<37Y
O=o#[w
$UL2 (e~
v*B?42/tc
(Gudwhoise'
3QicHu
lysri-a
@Ef+953@
LiE/-i@udFr! mt
P7boo:f67]8,
rje""7N@Ej
l0Ck?8Y*K
0ul_port
(sO%jVcx)=[
'ID/X*h-,
Ek*f!lZ<-a\9!l\
fG6e1!a
p_W~s4A
s`<LhP
e&y520oN<
Gr%30fn>rpc!nfen!ML1chEve
MITk&Dwsk2F%
:-rgQ'
Guu4}I
IKkP4/PNTQi
>P^nixiie
/M4M4M=T
M0:DT8*Y+8K0Ew?k4
;sFYAGG
+KqMYAl)O
+MCV@.YC
emcpy5k"
CRT#'(
1109pF
`9142a
45p%C497s
Ry0)d#85:V-
ad3R/!Ey
(^l>i/a
ePJFa!`
cd,aQquqdQq
o`^Dd4Nsao
`V6B'w
KERNEL32.DLL
advapi32.dll
oleaut32.dll
user32.dll
LoadLibraryA
GetProcAddress
ExitProcess
RegOpenKeyA
SysFreeString
CharNextA
[3!KNP42lnU8
}p)eqFllR|
LLpyH\bY^NzE!
tM%p$[[
y!KHt4ew
sWpb[xU3B
-#;9|bO
@fn-s3DKWt
qi-+3`
$5(s[W
kbK@$7,R .@q
3j9&K.Xc6``d#
.nqkg4
~:-s`h
~[+E.d|
_lOfn<
='|pRP[5
tc0#l*I?D
tIyo4x
ax76{'/
9]6Oj}P"M
tVXwcoX
"9,\l({
PS$,-j]^pW?
]vwDNx0w
?+rpg^
A2x"_eFj7Qqi6_)O($
xaMI'p
1s[q]3Pjs
HX:arV9eECB
$I;7vy=/\
1,K+aK-|9
wgmaZ8
#j[~y-
zbspmwMY
9?v5hJ[
=S7 xFZ
^,'Iv<2
iT!aj4:
HE&[w7\s
rV.&.k'
g{q5lh]9p]4
G9R~w
s)-+#7
GCep&8d
#qnVa8?Tn/<Sg
BI-=?K
uZ|]4q|uO$V
7KeG9i!IkCs
V[QZL_-
P [&g3_;/{xgz[,
d^4K\5Yh
eqR\BM>
=I?UW[
Ls[[yJl%D3K>
9sE~|,W
eoB]P>iT
s4nX^sao
nx05=LtN!_h2,^zT;
c:~2EEk6(ps!,
z_[hqy
I38M@_dp=
eU"Otv
9_vBJN
s7NmOz`
-H64eO
MVsG@A
@h=.*Rc
BQO(k8Dq
Iv\6I [
&HkG9Yw<W
=AJjF\+FvuPo
a/uVWliM`:j{
@C(k; kD+
>U#}w_
L\ 4c*
7ng?B%~$zJ0~@6,I=
`H;?H]6
1J27_Z=
T|"]L2O
}KFSj}2
WBzR_>
DU <K/
$%zOKsu
$vd!DvC]
`Uu?-z_k
KO\T,)L)(T)fHys|
;)\`BG
E5Jp|]
5R8)LK
eG?F'E
@YI5M|
*%(@1;VNN
z8--Z`:8hj8
;v(zGH#J6X-G
%\QG*baL
Y03gLNJ
%[*wH/#}"R;
Dg[B"o1n
l?i~#'
Qz`!%_
-BedIL~.n
R!pe-ou
yzRLZ18
_M6_a]'^u-iUl
Ay<L9sX
FOjGC?
"tmWHK>
>A4%y"
NxnK{*]
]L43F`
5JmC5g~@~j
"o<&0='G.
ly`8a(
Efg'8G7q0DQ
cg=ro;
WNQ%mWrgg-d
EV' f_lU
zG,7(`
RuD7-/+4o
K"_`"T
Loieb*
#Lf!yEOf,.M[
C"E<]w
cZ\o}uh
Fn&:!l
B*tj)@
R!y$Ze
V{zXu
=6(<4K00Osu
'YWW#^A@e
Xq|G^+aS
D<CF&>K
Y\'t|^>
?q)P7.
Qk+m,os7
8M/=`D
Kfx3Ri-
k$0w<ft|@
e5ouoJd
g[T9a+D
3{qwy}
=GXbl6
('T,w-im['H
V%J?&?NJj-G6$=1
q8[)U#0'U=
NzjB+.o!
ruA"4S403kX
9\[w{Y
UcmLPp
AL(QDz!=,Q7
J,P+%w^
|{QKhIms
b-6o~!^P
WaH[3.
'!*;i:
LZ(Pav%
U(Xjp$
F?&Ew9{
NNLr=Ys
Y|'-U
qZ`I0%A+M$
w9Ls;W73?sn>(kPYx
hB'{u)
r15?LX
~;Ba4
{f^5b.w
6D}i`vi&3#X2`
u:V%w4
D;fg?I%
pvu+Ly2
++H3HOtS#c,G
++C]=1
$+->r7#"S%
#u7t-g#
{9G&B@/
)AX cz2
v'&A){B$q'eq
0dvCbBa[-<$Df-lx-
[zXII/X5
Jts;)-
&7IT1RT
gNz*I65
ojk)RVs#
&+_ QUCx
Q2/(wj
dHIVu5O
-Zef?R#>$0(10;E
_ZcEliW
0&YU.XI
=4&jU`
\gGaP=)EL
59eU0)
iDSlHL
;_;yIF
pe,i]]C>7W
93NeW(
~EbM$^S
`(h Fo
T H@R(H2
E,lvFF
u_e];kIl
7d<X|1L@
;ko#aT
\5z3.E
}X~RvOy9B
E@x^H?
kP]!j
H<5wm(lHnK+H:
fwm1]!wTWz:
mCU@tuJ"c
^,a;iCAwv-U
SS_,VVU[R*
5GS!Ct?
u!r8f$aZ|
y4DO^EF?
q:#tS iN
bJv"Yq
!g{k{Kuj
d&)|4C
4`^lTy:
dA!1^Jp/@PE
}~^hT1
"KxwL\zv
YH(wg}
m@RI&[5oy
LPNJ, _k
-]E^QGp
Lbms$,x
0=cW_/Cch
aOlxAm
4bh|\1D.1
0&wD]7
GlL>r*
y*Z(XIno6Vb3
;=xpt[Zy*
4/"R{
DZKNu/
@,;!3R"Gx6
lM9m$h"
@<'|{8Ev
##I<^&b8
{V/Ppb
V<3Wa^X
^`Z)QI
$O[R@Je!
tlSk]:
]Pz>10RT
j(hba`N
8g3P(>B
Gs,dOKi3SE
]c62"M
;JhzL4o=
';{QI[/e@
xKP@0$9l
<Y(i9\}(*&-
x;>a/qk
cY X&^
|jJh9ibBu3?
F`A]|~6[dc
<{e(I:n$IcQ*\`kR(
fDUa1s=H
N2Xgr_$z`
G{6:N%
U*wEvs7[
5^`x&zxdZWj#&
f]xppW
[<e4Jqu
BDa/)|
]a3A%xi
"4)()v;4jx@
Ag`5~rkv
M\wB&Hs
o-P=BnL
`=]OI03QRGD.
I_<o#`
'CL&V[jR9[FA|
bw2L2p3
Hq93Jr,
k.U~[>TwihpA
o?x*Tj
7T|7PJLM/{
$% E 1
bRcalD
x=m/;w
fM3kH:
PhLJ3FlxF@%
AZVFG])Pw3L9}
D<4 LwC|=
W\j+Z#*}T1'G<
B0[5>~
fn:lDZ6RYM~EJh
r5?Qxe
Ee7k"vDB
B>}h>.
qr?q7:gFj5
-kAc\=
{o[mv\
[bE44\*
IX&G37
W|}9v'fz
P,;Y8j F
!k/EClt^\
!^t0ir
D!z9~Y%!y
dxi>HPpc\o+
EQF(Ul2i%a(hS
fZj-cRA
J`LBL\
SDV1]K
b?#):J*-
5gfD
N4ECl;zCI;
@!65F(
*}exYa
Z%XNOSW
#tsI}=
y|y%U.
(r:SG:
6OGeP\:my9
j-2E5.R
tLhy),]#
brCNp]
y`hb>+du,o
S8cj>gdDVv.k
vt6m9Y
qIJhf$|
=Q-c,U
<-.)q=
Ddi&1<
7{ 9s-+:
agZYM&#%{S
T1PzvfF
]:b/sO
-;_Oe|<Rc|
%w(xS.B'q
*x`ZVJ
bt$X`z
,W[Tx"E7
C.Xe5e'o$afm
X}xi3Tzhj&N
cKb=Ac()
R`d9Yi
HsIDtq
SK*f|kM
/>mDFG.a:.p
p4?//:;]l#
b:dn\;
@)V*.@p
^/mX}8Y
{l3zyjCkOY
vhwON}
)K$n>*
%IeM_rZIWSNX&
sw}eGi
'7((y}
%@<e{9
qmOwloa'eE
'J fN9T~yAD,`)]
!UP}ZMf
SM>.x*pY*
+xpAO#08t
~PQ;-MG
=ay:(9
6c&iCcc
;#C(g?=
cK#7\CiKS1
pj_,\a*`W1BV
Q*Oyh?5
ADTgo)
J(PZ)'
8;*#t&
Nwj)?R
)&eW<`
\?7`9t
<!tK?=9
2!cY]#b:
-~.t!RW
lN%DVuW/4
@)tGVMo
,Ac(Fd
dKGzDk
df,L9(;u
6p/5u._
g"HC,/p
uX0f@YB<[0
o6C:[e
oku]b&yeW
G#Y"e\2U+
}C6fM_Z7ao@
xlIL5^V
!y4s^ZJIf*3bj##6r
QtGp&H
{)n;gB[P7
|=>nah
fd0UV~
P~)g^z
Asz$s
;'i,\kyeo}=iXl0+"
tUf-R2
Rx|K5Q"eu4V@(
!)xiq]^GHP
/R\oh(
VCh47g
=1*:mE
UJSoQ`h\&t6A
pZg8Ni*a0CSJ
g,*/2V4$
g-?H:+.Nc.0|5
Xn[^lG
e$yz/nA
inXcK>
C>/^@6%#1
Y9Z`KDX^
Q\Tns_~#
mrX}@i
KyBbwEC=~#i
nvlH96ob
d^%8!1
OGa'}Zx1P!{
BU9&47
H$'$cB4ra)"%!7.
{856=XQBw
]<U|`YKZ;
6 {/Jk
M/;!R5o4?n;
8M^k*]35:
xH "& ^}u
p-/3{7
^kCVn"+-igX0oH
mOt)5#{b(<
T?ysZW4/w
R^vyG]
`#dAq?G\O
$ g(W8<f>I6D~
(qkOK_
_=B)X:
xgh~\8}VTS
m%!n<:@
BDE;2Wq
Sy'KpT`
Ipvp"Xbb*
7OB&IWba%
*[\~*C
%Z7cw((M
1tH!\9?6
(i%M-d
qnN9T`(mD
eJvE0<x_1
m^A)Ee@\cC\
?~2scE
YYLnPV(>2X
e/p<=i|h{WkFAI
t$EZ;0_2P0
yMW\}wPq5
>;hp?]q
)X{pq5L
Ua#;Z5\Fj
Hp%LpeES
lk+$p]k/Q
TwNZE2?\
/^lr|I&P"ZF
LDv1?$ftLi
K<c"/#0a
q~=u6FR/x0
xEDJhte
M DXq^jCx&F
W\/KF:yI
HM>Co6Sg
.@~Rm{-s
fyX.j"
Ji4!&l
t9#!#Q0NZJ1
'@ 6Jj
R6Rm2{U2
W||I]7z(
a1E$?Q
Dt;ed<*=N
u.X=}@
|t.7sPa
E%Ro%aB
x&[2<ajmmS$
B#F1>82]
E"epU$
"u[vS@/J
cJ>[lnnn<xX>
=Z1+eW;<^
R'do4~GYxaF5;
Yh"6^}2: 'U[
[O31`|(6G EW
WJ9CySf/
75+[wuvkDWM
{G/O*`0Q
v^Ri<
`l=Yk~g
>5Jk05[l
qpMPRo>R*3NS8
?9[x0\Pka)}j-
\6_n4J9?
%9e=#bD
0d:bO?
R}6$Gs=X)
~"A,yAt
@H2Nsz
8vKckk:z
Uygv8l
]qg,%M<.
-'lB6M
GQNM=J
iRB=5#sS
Zd #EA
>M1T<C.m
3n/V*~=FMCI[
c?l+*Q
*jq/^6.t
_2a=_&?*EKv55
,THe`[#Y,:^Jd>ii[$8&
Y Vhf=
.iB|+
L45fD1
1@TLsxQuq
/-n+#+'3
0uuBFEJ6
i"n=hTz;J5~D,
RVtr{;{
|85?j+l/?'
8?LJ\X
a#<1b:2
R9Xy+`+I$8Wu
z^h!)
,Kqqv#
T(8h1')Q
'd-b4ov,
$RbUlhoC
i:>#QN
S-4k1,Y4xk.
FK<ZccfG2S&:[}6
MbJ;$G
.zK<A@fJ
M^}U8jL
UXGkJ/f74s/4k
8nU*U=
'1? GxL
7'L*_bAND
K*k+,.
U3.};j"wwYR&Q
zb&/"zYyq
) f|9Qe\]lRX{[w
O:3^ gT
E?E!NH[
,cC2=\
']@p&S.
U tgVsK
9rx9Z&+v
2<P|d
:T(BlrABC,=I?4f
4TU#Y(/l
32bQt:jJw
Q!%sK2)d^I#
9*$YLfJJ[E
.2q?W3d
V;%lIW
Mz?L.o
v@AlMo
q\>R#\emG
hM6p|r
H-Zee{
=3lI^x=
@-<I&IkB
l*]KP4Gw(M=z#YHD5z
=PF{A&N
&Lz;.x?&
BUUQjr+BA.AJ
Hq%tbW:W.
;.%cz`y<
i9R9JF.P5I:
"35(L85
vy*Tq#c86
IgZKbq
t,6!2Z`A<2q0l
E^k>\N
'z)[C|[^F{QWLNG
++b3mZ
zkM1aR
00h!T1b
;J-g}29X4hXU
Z}6Enk
JjZ&zM
~n7+H7}r
N.&y')
>n|ujX
~8x<X5k"+RL2
};|lGD
_<s&\c`^Ul\d
K\QLVq
ie0I%J
&gw<?#
MDNskOSi_
JBTM<o
:<kK:k
52kVFa+dM
%n%U^h@O<F,e
iqCmSfg)4
o_SGtena
8Bi2S%}
|#<:Vh&
a?YzAO0U{-J`
pX%v%v
#*f#hW
s>Qw93"ju
vyEk~
YLZY#*aCwxW9
dv_tSuP
CBJ'P_
4ByX~Y
$uH<5M
^}g,Jp>EH
kA1$>k-HGC0
!bx3aCRUru$-uh
RWj%X%v=i`;usb3uf8
i""aret
ld@qNt
yOZj7A!h
5VtTwD=}+
FSlNkZhH1#=>\d*
fxT3pp<w
kbt'7z
:BU<OYo
?V FSi
I'*Q=l]hhL
tVvCZ'2aBiBzO
DM_dV9U(:Xe/Mlo^;uZ/
SBMQ>d
0w'qD$
Mvo8^fPLX
so"fHk1q(7G(=v
hCrnsi
E7dF'2/-
k:PwP+2+D
YBvo%*
J~`V-h
Yo:CmLqu,A
4vNy\d:h#c
d57-/T
aqTGW;UF|F]
Hucy_+
M%c4gC
dU3e{
^i,nCz~*
mhQ'@qNd
qSiKIjV
Ppo5"Y
4kPlMEJqzq
]Io?Tu
Mexg"E*Q
w)s`Ha
D V C L A L
P A C K A G E I N F O
TCP
No TCP connections recorded.
UDP
Source |
Source Port |
Destination |
Destination Port |
192.168.56.101 |
53179 |
224.0.0.252 |
5355 |
192.168.56.101 |
49642 |
224.0.0.252 |
5355 |
192.168.56.101 |
137 |
192.168.56.255 |
137 |
192.168.56.101 |
61714 |
114.114.114.114 |
53 |
192.168.56.101 |
56933 |
114.114.114.114 |
53 |
192.168.56.101 |
138 |
192.168.56.255 |
138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped buffers.