1.2
低危
63 个模型检测该样本为恶意!
重新分析
更多

22808e49be085d0edad697a85cdbe6b9f896edab7afe3b9f9d5a4becff88960f

22808e49be085d0edad697a85cdbe6b9f896edab7afe3b9f9d5a4becff88960f.exe

分析耗时

195s

最近分析

367天前

文件大小

66.0KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 RISKWARE WORM ALLAPLE
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.86
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba None 20190527 0.3.0.5
Avast Win32:Allaple [Wrm] 20191024 18.4.3895.0
Baidu Win32.Trojan.Kryptik.gf 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
Kingsoft Worm.AllApleT.cz.67868 20191024 2013.8.14.323
McAfee W32/RAHack 20191024 6.0.6.653
Tencent Worm.Win32.Allaple.e 20191024 1.0.0.1
行为判定
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具 (2 个事件)
section {'name': '.data', 'virtual_address': '0x00015000', 'virtual_size': '0x00011800', 'size_of_data': '0x0000ce00', 'entropy': 7.995791803850976} entropy 7.995791803850976 description 发现高熵的节
entropy 0.7923076923076923 description 此PE文件的整体熵值较高
网络通信
与未执行 DNS 查询的主机进行通信 (2 个事件)
host 114.114.114.114
host 8.8.8.8
文件已被 VirusTotal 上 63 个反病毒引擎识别为恶意 (50 out of 63 个事件)
ALYac Win32.Worm.Allaple.Gen
APEX Malicious
AVG Win32:Allaple [Wrm]
Acronis suspicious
Ad-Aware Win32.Worm.Allaple.Gen
AhnLab-V3 Win-Trojan/Starman.Gen
Antiy-AVL Worm[Net]/Win32.Allaple.gen
Arcabit Win32.Worm.Allaple.Gen
Avast Win32:Allaple [Wrm]
Avira WORM/Allaple.Gen
Baidu Win32.Trojan.Kryptik.gf
BitDefender Win32.Worm.Allaple.Gen
Bkav W32.CrypticB.Trojan
CAT-QuickHeal I-Worm.Allaple.gen
CMC Net-Worm.Win32.Allaple.1!O
ClamAV Win.Worm.Allaple-315
Comodo NetWorm.Win32.Allaple.GEN@1ei64a
CrowdStrike win/malicious_confidence_100% (D)
Cybereason malicious.01ac2f
Cylance Unsafe
Cyren W32/Allaple.E.gen!Eldorado
DrWeb Trojan.Starman.6712
ESET-NOD32 a variant of Win32/Allaple.Gen
Emsisoft Win32.Worm.Allaple.Gen (B)
Endgame malicious (high confidence)
F-Prot W32/Allaple.A.gen!Eldorado
F-Secure Net-Worm:W32/Allaple.gen!B
FireEye Generic.mg.30d317d01ac2f335
Fortinet W32/Allaple.gen!tr
GData Win32.Worm.Allaple.Gen
Ikarus Net-Worm.Win32.Allaple
Invincea heuristic
Jiangmin Worm/Allaple.Gen
K7AntiVirus NetWorm ( f10000041 )
K7GW NetWorm ( f10000041 )
Kaspersky Net-Worm.Win32.Allaple.a
Kingsoft Worm.AllApleT.cz.67868
MAX malware (ai score=84)
Malwarebytes Worm.Allaple
McAfee W32/RAHack
McAfee-GW-Edition BehavesLike.Win32.RAHack.kc
MicroWorld-eScan Win32.Worm.Allaple.Gen
Microsoft Worm:Win32/Allaple.A
NANO-Antivirus Virus.Win32.Allaple.bkbmt
Panda W32/Rahack.gen.worm
Qihoo-360 Worm.Win32.Allaple.Z
Rising Worm.Allaple!1.AB29 (CLASSIC)
SentinelOne DFI - Malicious PE
Sophos W32/Allaple-F
Symantec W32.Rahack.H
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1990-04-14 15:46:08

PE Imphash

26290e56b0e344c6c537b3ca66573292

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00003428 0x00003600 6.6058785932516635
rdata 0x00005000 0x00010000 0x00000000 0.0
.data 0x00015000 0x00011800 0x0000ce00 7.995791803850976

Imports

Library KERNEL32.dll:
0x40443e WideCharToMultiByte
0x404442 SetCPGlobal
0x404446 RtlCaptureContext
0x40444a ResetEvent
0x40444e DeactivateActCtx
0x404452 Heap32ListFirst
0x404456 HeapUsage
0x40445a Process32Next
0x40445e UnlockFileEx
0x404462 RemoveDirectoryA
0x404466 GetThreadTimes
L!This program cannot be run in DOS mode.
FFFNFNFRichg
`rdata
E%1G*q
$Uy>q5$
Y=p/s{Zu4}\-FPIa
y|-\|jv
LO"g_WM3
}`O$'o$/K@AZ|D
*_Kd8':
VLA|M:VY9G
^PP(fo
gZg];p~
#t"B6Lm~Gg
gy};Jb
yS^|clNMk3|
}mJ)wXO+&'
6_0m#t}"B6Le~G
gy};Jb
yS^|clNMk3|
}mJ)wXO+&'
6_0m#t}"B6Le~G
gy};Jb
yS^|clNMk3|
}mJ)wXO+&'
6_0m#t}"B6Le~G
gy};Jb
yS^|clNMk3|
}mJ)wXO+&'
6_0m#t}"B6Le~G
gy};Jb
yS^|clNMk3|
}mJ)wXO+&'
6_0m#t}"B6Le~G
gy};Jb
ypjFAj4h
2we1oLB
mbAwm[E3gh
]{_5g_]f@B
`(IDM\5[=o
GjDX2)
x+f#D$
f3f#f#3
T$f#\$
L$#|$3
|$1)#f
|$hD$X#3
\$f+|$
\$+fL$
\$f+D$
T$f+D$
1ff+f3
D$f+D$
L$f#T$
DGf#+f
+#ff+3
\$f3\$
L$f#L$
\$f#fD$
|$\$ff+3
D$f+T$
L$+3#\$
T$f3D$
|${@#f3
T$f#|$
\f+f3f3
|$T$f+
|$f+}@
L$+3|$T$3f3
D$+fD$
D$f3\$
|$33fP
L$f+D$
T$f+D$
L$ff3|$Tf3
L$|$T$
8`#f++3
\$#f+L$
L$f3L$
D$|$@f3
D$#|$h@
D$f#D$
|$h5}XZ
|$hD$X_
L$f|$h3Xf33
|$h3X#f
D$#|$h3
D$f#D$
K+IQ)h1
A6gJ3:-
!sDK\
T:z(k`iO
bORo"'sF
Q*wg_=
$a0W2C{)m<
Kn"J>k
N<[qpf"'@
u1WTQ#
{Jp*|5 [
xNFfZee5*
&?cc9-sV
k?L"Ogu,,O'.
hUswAN
KERNEL32.dll
eMWideCharToMultiByte
CSetCPGlobal
heRtlCaptureContext
LeResetEvent
DeactivateActCtx
txHeap32ListFirst
eFHeapUsage
CBProcess32Next
atUnlockFileEx
eTRemoveDirectoryA
GetThreadTimes
ngSetConsoleCtrlHandler
]HCsU+Z
AA;Q '
&c?}y8p
YM5-6q.XIg$k
PCJ.@]$
{}t\2+
"DU/6.
iZdx*u
\[@7T@6`g?g3MI_=rQLLa
G2z9
c:pH*f+p
_ng!i-mE
TBpPDNP
*K}I~ d+Cr~#P!w
1@?h+i3"
`|i>mc|?
v<\jt{Lx%
x}xk>QM3
9+4ZL;7l??
:uH4oI>
U U5=Xj
^*B6E]
p#w$14'
\yc=#Y
1x}0I:G
#lAV2zjvK
KO#[c@<rU
k/;`0t
CK:pD>eT4O
WA[Zc2>
Sp6TUYu%
RkIX\n
P%%=7/)
_%#[j%5{i)7
NvX=[^q(A
_yhdf[%I
g&1AF+p<3P\
<A.OBD{
Af|: 0
&9/I[e
EGPjZWF!/4t`~+P
vVIP[B%~S
:dfG)Z<|
1ec:y
JMR6QH}
UIaxPGk
|zcE9d
n7\\+oK$^,4
o-ItLG3
y^e$^5o
$%:vVy,
;x*o%AB
@SMjr_=(m0
X$;~=t
n@u&(z)
G/ ie)K
@2=q!Hb
Rbg!X[4fO!Ff8^
P"Amk[
39flGc
)]C(HFI,_D$
%FK}_,
Xx^1ojO0pCrvJ
kzg'WK3NO|r
\0GRaUXukM
Fto+R.\YSh
CldQ@6\9Z
#=Z)l&1
t0hg6Q
a@@,O@h
sL=u^\
IT%T1Ol
3=j"7K#
0Cz)}k
a%K[wrk@2
C)f7^9c`8
*ffYTci"=^`
oE*FW
Abf[k1A
l?pD_}k
yNK1;LR/4
Q2j|c_
kKr|4IKs
erGWT ]
_GDc0or&#
&8&e@0u
GuWbV@\HM}5H^}f*56w
i r2B4+^-
_?m<Q"U#
xx>AXei
_U*O-!
ml7'Q4
[-2'mS
5xR8<n
!y.,+D
|1jj$0-/9EW
=(P[.4`e
JNMn'Et%
4/JS:|h
E&J0wq
zgM&-96H
)i1LU\
h5EPeX||
~KPsuLXw7!8
C'dGs)
F6kGgZG4
\[d(8RNBeBOIf
bd/)6{Dk
LRa)*-,^N
b#.aU*|@7CG^C(Wo'S
<OUBRWfH8s!' yrO
`*yy[}
h|]}$%]
T^i8@-LY|
LSq5g,G8U's]o
vvHi7A-
wb}\_~=
Mx`k?F3
_ tjCU))GVzc
i3R&g"aXe92t
8bhXF.>+k"Wu
<W9(d.a%
=uln8l|SW f
@iJ`GC
v.Zk`*
@-C#I@GY@
u|,dBx
cE[T[U
9rIhLh
VlzEEg
rhao^+;ze&
=S$Nc{Nb
'MHyP/KQI%
Cb\?K
b-X?;]=9o>X)Q,G#
o|v9uxJ{dl-B
dsXr]Y1g
JAvE]H(-n
3*S8==>.
|g3'K7N. lt=oPo
jsP)=W
_,~l0v #
JO4aXl")V4P6nv;
(oRJN4
68x%bU
X-BpC#
?<))WFRe
u?!5A!
@nvX8#ZQ6Z0qT_&6T
<T$)v3q|6K
X?;:djT
s=Lq:nV
(]OgS*C
6dVRs)_KI?3M:JRA
-QPwa!DE
JPKeFD
Q#s~WlGE
scDELC
7Poh5@f
VDSu&!*
}Hqx5l#{c?
A_&s:oEw
@}R'CR
MUa% K
RUWLih-Q
,4*E3@8
KMgl|]uw]
#E]%!L
ViY<k^"+Z
9$(E>U
mr@L(wh
{jF2c~Y
:l>+<9;(
ds)`t*P),B4O
[lRhg8A
F*bSu3Jz
.Fz>-J7k?)f8Z$
pqCysb?q
1>EhE]
Lsn<?A
<{Kg<QZF9
^|C!_za3fJ&
?&EGWMu
s$? Pi
|S,D)t.1u-|c
Jto8P-`BXA
ij1c$W(Ah
W12AT<dMt!n9>T(i
]<(:&U#X}dY
IYkOMol
YoyMCF'
AXf<L|6
yP%MA6
Pq0IJ6i
P}1akkG"'VJ},
!?jNOe
SEu4AO
+_< =!1R36S
.[ZF$k
rE )P6z"e3)Z\U
KuHaCmHi
4jJ|'"
,lu8{]_BU{dAc;
>3-F4g6
=\F9=ygvN*
ob tvCZ(
#\d*eLj.t)
=u8aWm
M|rCnuy
=+ORX$b&f
_6,q%n*zjO!
5mt^.U4v)
'xt?gY-W
MQnaOry"0!
.BNlMcx<>G/A
*K3P?z{d
/LoK=VEljt1
QZ_7n4`
20S\DW@#
xrmi80g
kTH5c?
Hz)(5,eh
Ri}2M=
`K(4i377&n!
|6`[:,\
<u]GHj*
>@Fii{Z
b,@-r^Z,[\Pz
iI;wfP6A
>v`eILU
/Xf9o~Wd:x^
L({cFU
{Q]h\2X.
BK2yyA
Vyc}KHi<.#iO
m_J q0
W"9%=A"t_Xg{`57bc!%;p
(iH@Z&@,
j)ae"[`m.
_zLk^_x
Ohp^r(
)IAYw&R7{#'x@%mfeUJB
,GF5{m7;\W
hhngQN&}
TnLM]<xT8c
57#5'\_
ayM'6O?
j/`G$[x;Ln;8
VL-lmn
D&9X&d[l
.P;l(J)
FVZ+)z~
pRs&k3KKb
sot;F?
12rO1f5e
?\.\MT
kIB!l
5t%fLjeFvN1(
|(sjz-aB.R0
^:cUSt_
1`6|sX#$&
.:94gm
BH{Ck6K
T_}1T{
$XwznX{I
6ubxuJ0
A? 3/!/
(Ts$ZT
|ZnG*mc_
]{BjCW9[=
cFw&c>{ZF`
v6qKq~
h$pYD@ MLg+
:|4'2\
czAl<tOlAb?
sqlbOXQ6T
=0fZ:?)bND[FFt7.zs#
F#%S6!0sn7
8l_Ma2u@|1
@Io]kra
p='tCM5X
G`xd(Y
q$SK~(_F9
ROP:"_/^
faY5Y
0m>&vJ+~6l
Q{~` S
3\Wq%5lUIN
pa`[Af1
DC8cTP`c
ox^E*"3
JN(uWi5gve))+B[
`@E*u*
0-OMx6,.gQ_
^_S1T!^?--*&7Z
o|>Z<JA*}
a5Rjl(F0
/d:{b8r{0pCrR
3?GzX0;
ubIQSYy[U
8ewvC(@='
|oUM<-@a:!@-B2wJ
\Un[$
G1J\V`
cp_XdXxrR@l%OX
~*x4s0M@Le
o2]NyzDGvD
zx\G4>_o
(s=2WT6wTK
8hzcqf5
w.>`aO)7px~rhqnF8
F.MN2dZ
=,ar*k
KH@P"'
BJpVe%dV
$T44#d{C|xp$
6h\lM4(x
sm;k"nzEC2\{
B#9S1"
^fG#*hF
/5Zzq0CB-EQ
x<0)$[
qKI?Ig#
>L4Naw6
}LdU;Rea
i2g]dhZTLK
=6xmQ,
e>xahj~q
jUwbkcF
OT"Xrh
8n9A}gIcfy^-{:
R[0J*
OYDp=jQ
y0w^}?kh29WQ
hS^#En
HC/>]mW*~@y);K
bD x-U
M-~=(="t*
7nXR~t
O9\!/PO]
<yQnegr}}
)VaKk8q+
N#SIWT
`'z0S/7)}
srpQn wA
(3JQu!P
LoG<DF
MmGv+JG|@C$
^_G7J^)h:5
OSzdiOeQl6!
J&Ph%0u
vF?RGM
:Qax`p
T\f0g7(In
>tTI$W=;?PVG
]q 2ypc
#:Q$-mw4
='uP*8&
7Zisx`my
joPFW8x
Qp(,F_y|
)*VWi|-
'1;`0[O`
vK8^mkQF
e5gjLN{K(B/\g&V 9
g!D\-+
B_]<dMoVw%m
y6n(A]
j}OWZ4]u.wL>
9?S%*$<)$[@h1
dBUUt9GBu4*
K(SZD[
c8{SWQD
+g<s8tL
[mo1w4P4<>
_M\\>
&$,!DH
t4_hEcA\\ho
v[8FwlZ
.9uJcQ
J-;E&[VgGujx
BsDv[m
tJ'5rz#.
](7]4~di$) 's
IC9<At
F,HiK=sR
Uu3L3@zbLCu
O!`j#B)
!%-#Bseh
N U|4t
7+u)7N(OAP
&,#kBbEI
W,,Fryua^`5
8FD4rADE
DW+h`TbD
oI1yvKegF`{gn7F[
RjU2SE
ie@a8u
wi)~KD
\1eDQ$
5"Gps/5%cy
^ul1#?P
`ZT"zP
1Ed0pI
D7P5{$x
>0c>b#O
*u$S*5
)Bk|_p
U3lDH4z
WZg(kywmiP
I.,Tq
UW}%uM
lVU9M&'E
M,9'W"6u[`O_"e_
ekfh^|
1}6y!"*
c$E#f_:
\ny !9Q
C]fD7aQ
<8/KTffO
xdK5Rz
X"jymh5
9/]dIn
n15@$H(&D
kq"{[3?d
}iZPW%T$*
j>k^]ZGc
uNg4pr
=&tsYa=5@z
0."bYs(i={
wQR KPm"^
tT0CH$"
sM]Cl{Q8
w.Nf@6
~X0n|TcPM
9L35&PD
q]>e5"
Sc+pU[W"
F/I)o;1J
[i_>TIG#a
(4#N'}]]
-_L\vaX>0B-|2
a8-U=k3
;~s41?
\f%/;<-
mT*y0
9M6A&]`t
&[(K@w
B8P_wIBY
gaJgoTw0
q6fWEL$!B'
X%Y84\
antRb@x\
&SW6zM4C;v
dGVG2Ao%VTu2N'
z\}SSn;
?M<,jn
zii(7d0G1L#}
3Q~D}R)w
JB^e=K
'-=Q/?\,[
T*}Y2_,h
1VD*{b
xbjR`./ <4
6F.'X`@
FGQ(Fok
VLRTXnu(]b
kh_!7$yc
tFG-)db+
Z<W'[(8
Xh+wPK
aN8sBli
6!3svM\]
ez,nAx
tkO[M,
a|"O5$]0
F]HUbB_
mG?%65S@>2:L8
nN&{?[\F
iIy4m9O-.J
S5eqnWoRpsvn
/-fg8
TJCk]/P
tAA.UUAf.Lb
5[<1bh$M^kn+l
P7xR``
NU1)@D2H_-
RUZqp?m
YNB}nT8
xy)I- s
?kL:;-^L%
;V1si%
eiWxK4t
RCQ8<$R
zIF%;LP]}
*vnb6M
l7P)G%
g`a7.
<QI6mk`6].=
lfUV TQW
kvi=[|
B_!yY&~!=4zP~99G]
)ER68jx
cF{s6[# pfp4~9
"|el>83=
4@!-FBM2
1jqvJet<l
c|!dhl
z(KEk,
WIb!<y
?xb#h5E[Y
I]!9:M;!qtiPi
'W&U3/U
I$30Qx
+pwO74\
2GFyj
B`$f-&
f'Y~mIFOyG*
"rblLcDBcVN5&\vE
P0\?bd*6<lc~
~}RpP66iXm<*
WCy4,y
XH',8<9[ZK
LT$'H+r>
=h/F``rn_%T
FG(dT[
"W[0@fc+
cUezC/N
_V`R=4*iP
P>/5@-CAT
"F;Ge]
,GFic&\K!_
;PyJ~(56$gK
z,M/$gg$
,j1dR39~
K6\&2wKGsAr
|tk_~Wq
a>c\C-Fpopp
2rkxd-
!0##GdN
B;}eFpP@
M!/p;wmEfl
:Sj(wW
*Ql-|e
R~K|n^#U
7:%[U@^#!
DS!|gv<P
%$9$G.=-
D2MWoh}S#FN5we
u,-]Gi3
yjqjtf
-vfV}66
^TGHwQlC
iH:y2$5Xc-P*
xtYb/*
;5>7Zi
dEfVN2
nH%H^)
}Xs^h.0J#[a
FRi_Phlu]xC7^
G#kr4Y?CH'L
DJ(-HTM$
30iMreidSc&
WY"("A
m[=Pfj.'
n}eF[I@bb
nGD&!X
YN'loM")
8s#/Q%p&Fa
|gb8ep
4o+G+/;MT{+_<Y'02ocW
Kd&Au|v;$skG
"C>mtC
r_wLfV2ujJ
;D)OfOh&
{1$an}`5GPN"E
~w7/msuP
jXCGcZ
6R;mB"#I8LK;q:g
*!"i2U4
S?T,1C.*k+
'5OpJ.L
=Q"N2e
ONl[2}Y
h!xCPI8CM
pD+L"Y
UM$b;[~7_Z9#\IG
)jg{*@(
I=_L>z
0yOZX[L
O-x?8Gd
<fKF}w6]U s
b9+1],
<SLro)B
F|]@u>^
l:93r-qd
P5!*s8*(HIw
-y\[6B
-oMnJwfK
`qT<x!
Av-^'b
8Swe4
'Fsjj]`(H
t@B4?b`'"
|Wh!!:L
qj~v|fyE1kNO
_f3q<jq[L\r[y=!
YHi5 r9_
Fipiav!3
!=g5QGD
@A<C{/?#jKh)C$F
iq!f`3
_PNsBN
DL)n/Xj<ll
zp$_y>~B)
R7*!ig797RN^
G^-#3N
;-+hPb
9:EMLa@
W7oUQ&G
vynFyo
tp3&`:w'BW
HV6!cB
&K%j.gl2)
]xq7~-u,
{0EhVvCe
pThhl !/
:^z[Xa
tNpp!i
l&XfTG
\3.ULV"4D
MyIG|CD?@\2n
QbQKI6V$kgVtpJn4P
JCibI
-fT(9O
6YVminW
EUC1pvr
i9.'PQ
Q\l??u
8"VY;qi
`4nBgk_>8n}9
^R[I~;&lg
}Lp8#,
a`m}FK$
+L?'lB(m,]
huP9)@
6ze_ukO
taM~co
jH;J *
xw[CWRn#
utH(n!
ZO;L<Ub7pR
(Lb7Q#
HDLb!&v4x#
^ubp5Fb)9*tm?
m")Qd[h
`QFX^zj/
Jes`=%*p[Q
Ky-.QB9|$
Ti09G20p,D
rzI:X1a[F
,fnb#ty1E"vE
`1f-Jq%J
`88aI^dUr
iZ,=9T
5RG9Qf
bay5Yf
C&M.#M
_M6'R'V"
w^v;:k
Lm7 0Ov
Hty"V_
.DbC]e
;x#!FlB6^JI.y
HlP4RQ8
[tu5BZh^9
RVzm2j 5>e!2
wZJciJ<ShjNcgGZKh^v
a-Nl!5
!!:H;=2
csFAN+/
FA['mpD\c
gkcw[J4
:(9t#m%
kW}r!-J
aI/3I}
|6HUVrug
XGz3n?
+}~ZW]
e9&>YrG
/B7,L'O]
SLG*6qoBcrU
8I>@NM(
iY%'I:
;~z}U&z
j'X[Q b
p@>[&WP*
c]Tmw:1
=zo(w,v
d!YI3g@Q^Ae=z
d4O,10<V:
JZ%@WoOh;5GEQ
?Iy@|O
Ac0%#L;i"
-={=)6h
z(p3V7\
HT9kmh
YH#!F"5
%.'l@Dj
7Ufb*W)D=
@c[&z0/bE8
&+=ZH=[&LI5y{I
=<P)kwW"
n$lJ?Ja
bVoQ}+?
h6[7[]K
%Pi@x
2nN!CBk
-8q9DZ
\<.3v
vcsm.*
o:)>G;BU"
^m:`4YSz
NKIr8Q
X (GkBi7ZP
0{cP|u e
l>TBX4M3
+^O`rA
"cuHkCI
jh4<Wc-D[2mP\n
qq|a{n-
3?A|mS
)[nTHU
Ll_"<C
m|TPTroZ?m&C
t6NS}(
<r!CBhK** g$
v1t_[cw64i
,<SH'>
?sk%=}
YhpG#]e"
rL\?4
fPvkKM
&h'a1q#=7
SBd5Gl
{T=AkjQ
uY9D9-
]JQ^|6wrZm
knu;ED
[oq-n)
}SOJa(]
}/ckB:G
)3s)9zG
~X|z:R
.?BBf_TZQ1
-t3:poy
X>pb]`Sr
6#t]!W(^
QB|J8" y]
%6x|G <W7/
GFn'P?jAR6cPX
-'@P(hqC
A[)MG4
XsEk#/@r
\"Yx<l
dDi)_I<dt
q22XNXA3
(^7ET`
JzLRxUff>[H:L
@HJf;v*
'|l!;^W>soy
@0x!k|JdHz;z!..
xZkcYD
-'@&Q7k
X+8\A8Nie:
xgy6IS|
UB`4wC?
b)Z6`Q8c
E/ulEw
m=0Yz\
5\o:L1D
e~}"T 8n'
E)]-A^
VNSJgZ
@M|W'$E)
m=0Yz\
5\o:L1D
e~}"T 8n'
E)]-A^
VNSJgZ
Fz%KE`
/u#dEzl
D:L1s~
F7arF;]
/P[nGZ
=Yz=p*
:?7%s}"
_+:\eMb
H_7MgGz(Yg
NI5un8!_s7-`_
-6s]A(
]Y.gtmX
{OQC]bm-
/4W$5cOr
pmh=08
_siz"@uGGP
p,:wwpW
GIQ*k%
KM$17=e
\T#/"[
`SH9@b+
sYT|(mX
BUHnl{
RxSf!
5.L^R(%M
&q5#1)8R`AB^|j
G2sfKTP"&IQR%U>
*B&ClNS,9F
6"v6|'/
cVa\ntG4
#<s<tVf
*>K\5l
6.~A~"9WM>
<k+iPe<<vv
4J5%.#.!Cl &eW2l
xY-n@(s9 :
+y]tK@
-o(54U
:.M&<P*
afR!v##
'fItH
k^)Enhpgu
+-l9>KvZ>
7$#A:aI
@ZidC"
e/[t);(^
U!bL:+ecu
[]+6K8V^
.ex;VZ
in,=GC*
$m4]HkC -[kO
SVlS/Z
f-s5\]Kt.X
H*|@Fv
3MB?]A
}AH@",e
l7{=\O=;=
`6"i'/]
ARcgb[
[jYdIhv}zM
v(Z>{vx/)|
lI&8fg
9g*`o
.f-9LnYD
SVC\Ko
AIgGxg
ELA<594|
n|vs+"PO
.1?Ih=#T<M
_I$/\C4D=
zQ4<\E\
6mV4<9K*
@q26'Q}\uyV
/Jq'yTII
Cb!lP:P,0%
"+31 + nn%
@dD_[]D
ui{6w:'F8j59&
Lc?IKfm
8J9Y\'
R6!%`
0)OZ3O
?CB&lCR,9F
fRKtI#
zOT1sd>kH-=[
C[. FLQ'eGjHkGXM[h5N
u3#=}2+
qOH818
#U~lHgG
.{68}d%.
ljo]JZofC9~)
*#dx(R]0
Fz}H%`If|h
J]14oX
M0'_u`
"LE|Vg
>lw]<-)
%VN'<V/p~
UNz0gf}|seL?"
ORWVo4y;r
OgbM4AV
AV.JKNPT)Me:
un@+ec[1
>SVQOTn
XrJIfRI
Hh,4S%r
5y<+YGD2
R'z:"Y
}u17b;=e3.
^-_}0e
_T%#]X
r}'QJb
L46t4406Q~m![(
Qo4gec\b
eU_tr#-1
]JZ/E^
f3:O/Pl~
YE|Hk?
Fhz"F3eU?}
V^XDx'5`
/J/I{$#*!#
yGz)t"
l!n(13
IVIS/2AHY.
pm=@<[
Y&/\:"\
`<Ds2W
~[>~t^
^Z>4Y}
:n87-sRb
,E64|h-;
!zg\|`j
&ol`~V`
6]>>-=3g
[n7G'M
zTYEgi:
}9-puY
<Z/xv=
iuuE*'AI&i8d
e9{8D*tN!
RFOgbWm
VQEhyY
SY~[IrF~jJ
o\dH3eV
!)sV\A5&N
XLacnj
F\dFHpc
fh=[MQ
V>{vxl)|(jqNm
8QM'\'
k7,hPwO]iG7UB
J3M><[
HQ&eqHk,
Q}>3vXL5_t`6'L
wwR,)3Zdvaw2T6
6n3=]
K@Oz~4tz
y/,%(N]]
Y/hQ poMKQ
!o`a'*=
rt)X),=fK
OHw51bE
;LlL;wj/4s-
m[hlX7
_hz"&H
o~^-(h
t>t[`fwS/&
k#'OwW
.v44:v
{vxLPE_[
N1<V/~U
p$>t|xpj>
Aev]>g
hKL}0(k
K#UDOe40AiD{H
I+/\kp&Iq%Uk5bYHi.<V/~?&g
].`|Vr>#S9}i?!JO
f'G0!7
'3e1u,]7?d8>
vu2#1)8R;
K^7MlkSc3'hkAN
EZLqAeBug
%&8P-A^
VNSJgZ
@M|W'$E)
m=0Yz\
5\o:L1D
e~}"T 8n'
E)]N8Ub5)g
VNSJgZ

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 61714 8.8.8.8 53
192.168.56.101 56933 8.8.8.8 53
192.168.56.101 138 192.168.56.255 138
192.168.56.101 58485 114.114.114.114 53
192.168.56.101 58485 8.8.8.8 53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.