1.0
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.75
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:RATX-gen [Trj] | 20200411 | 18.4.3895.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200412 | 2013.8.14.323 |
| McAfee | GenericRXEL-NI!55259F691F46 | 20200412 | 6.0.6.653 |
| Tencent | Malware.Win32.Gencirc.10b3acc9 | 20200412 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(3 个事件)
| section | CODE |
| section | DATA |
| section | BSS |
动态指标
网络通信
与未执行 DNS 查询的主机进行通信
(2 个事件)
| host | 114.114.114.114 | |||
| host | 8.8.8.8 | |||
文件已被 VirusTotal 上 52 个反病毒引擎识别为恶意
(50 out of 52 个事件)
| ALYac | Gen:Variant.Jacard.164951 |
| APEX | Malicious |
| AVG | Win32:RATX-gen [Trj] |
| Acronis | suspicious |
| Ad-Aware | Gen:Variant.Jacard.164951 |
| AhnLab-V3 | Trojan/Win32.Buzus.R215418 |
| Antiy-AVL | Trojan/Win32.Siscos |
| Arcabit | Trojan.Jacard.D28457 |
| Avast | Win32:RATX-gen [Trj] |
| BitDefender | Gen:Variant.Jacard.164951 |
| BitDefenderTheta | Gen:NN.ZelphiF.34106.dGY@aa7x34ai |
| CAT-QuickHeal | Backdoor.MSIL |
| ClamAV | Win.Trojan.Processhijack-6837478-0 |
| Comodo | TrojWare.Win32.Injector.LOB@4vtkjw |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.91f464 |
| Cylance | Unsafe |
| Cyren | W32/DelfInject.CC.gen!Eldorado |
| DrWeb | Trojan.DownLoader9.27474 |
| ESET-NOD32 | a variant of Win32/Injector.DEJV |
| Emsisoft | Gen:Variant.Jacard.164951 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/DelfInject.CC.gen!Eldorado |
| F-Secure | Trojan.TR/ATRAPS.Gen |
| FireEye | Generic.mg.55259f691f464a85 |
| Fortinet | W32/Injector.fam!tr |
| GData | Gen:Variant.Jacard.164951 |
| Invincea | heuristic |
| Jiangmin | Backdoor.MSIL.brum |
| K7AntiVirus | Trojan ( 004ff1d91 ) |
| K7GW | Trojan ( 004ff1d91 ) |
| Kaspersky | HEUR:Backdoor.MSIL.Generic |
| MAX | malware (ai score=82) |
| Malwarebytes | Trojan.Injector |
| McAfee | GenericRXEL-NI!55259F691F46 |
| McAfee-GW-Edition | BehavesLike.Win32.Wabot.kc |
| MicroWorld-eScan | Gen:Variant.Jacard.164951 |
| Microsoft | VirTool:Win32/DelfInject.gen!BI |
| NANO-Antivirus | Trojan.Win32.Graftor.fjzkkz |
| Qihoo-360 | HEUR/QVM05.1.829D.Malware.Gen |
| Rising | Backdoor.Pontoeb!1.6637 (RDMK:cmRtazoeSgCmTFKrC95xbt4C1i0f) |
| SUPERAntiSpyware | Trojan.Agent/Gen-Injector |
| SentinelOne | DFI - Suspicious PE |
| Sophos | Troj/EncPk-BR |
| Tencent | Malware.Win32.Gencirc.10b3acc9 |
| Trapmine | suspicious.low.ml.score |
| VBA32 | SScope.Trojan.MBRLock.2121 |
| Webroot | W32.Trojan.Gen |
| Yandex | Trojan.Injector!XXjGMak9sps |
| Zillya | Backdoor.Generic.Win32.22873 |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
1992-06-20 06:22:17
PE Imphash
c484513c371a4a0eb15e568b604daeee
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| CODE | 0x00001000 | 0x00006edc | 0x00007000 | 6.474669321195356 |
| DATA | 0x00008000 | 0x00000204 | 0x00000400 | 2.688891460742593 |
| BSS | 0x00009000 | 0x000018f9 | 0x00000000 | 0.0 |
| .idata | 0x0000b000 | 0x000007f0 | 0x00000800 | 4.468572458044098 |
| .tls | 0x0000c000 | 0x00000008 | 0x00000000 | 0.0 |
| .rdata | 0x0000d000 | 0x00000018 | 0x00000200 | 0.2044881574398449 |
| .reloc | 0x0000e000 | 0x00000904 | 0x00000a00 | 6.390084021330907 |
| .rsrc | 0x0000f000 | 0x0000163c | 0x00001800 | 4.405330693830351 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x0000fad0 | 0x00000568 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x0000fad0 | 0x00000568 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_STRING | 0x000104d0 | 0x000000da | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_STRING | 0x000104d0 | 0x000000da | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_STRING | 0x000104d0 | 0x000000da | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_RCDATA | 0x000105bc | 0x0000005c | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_RCDATA | 0x000105bc | 0x0000005c | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_GROUP_ICON | 0x00010618 | 0x00000022 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library kernel32.dll:
• 0x40b0c8 DeleteCriticalSection
• 0x40b0cc LeaveCriticalSection
• 0x40b0d0 EnterCriticalSection
• 0x40b0d4 InitializeCriticalSection
• 0x40b0d8 VirtualFree
• 0x40b0dc VirtualAlloc
• 0x40b0e0 LocalFree
• 0x40b0e4 LocalAlloc
• 0x40b0e8 GetVersion
• 0x40b0ec GetCurrentThreadId
• 0x40b0f0 lstrlenA
• 0x40b0f4 lstrcpynA
• 0x40b0f8 LoadLibraryExA
• 0x40b0fc GetThreadLocale
• 0x40b100 GetStartupInfoA
• 0x40b104 GetProcAddress
• 0x40b108 GetModuleHandleA
• 0x40b10c GetModuleFileNameA
• 0x40b110 GetLocaleInfoA
• 0x40b114 GetLastError
• 0x40b118 GetCommandLineA
• 0x40b11c FreeLibrary
• 0x40b120 FindFirstFileA
• 0x40b124 FindClose
• 0x40b128 ExitProcess
• 0x40b12c WriteFile
• 0x40b130 UnhandledExceptionFilter
• 0x40b134 SetFilePointer
• 0x40b138 SetEndOfFile
• 0x40b13c RtlUnwind
• 0x40b140 ReadFile
• 0x40b144 RaiseException
• 0x40b148 GetStdHandle
• 0x40b14c GetFileSize
• 0x40b150 GetFileType
• 0x40b154 CreateFileA
• 0x40b158 CloseHandle
Library oleaut32.dll:
• 0x40b180 SysFreeString
Library kernel32.dll:
• 0x40b188 TlsSetValue
• 0x40b18c TlsGetValue
• 0x40b190 LocalAlloc
• 0x40b194 GetModuleHandleA
Library kernel32.dll:
• 0x40b19c WriteProcessMemory
• 0x40b1a0 VirtualFree
• 0x40b1a4 VirtualAlloc
• 0x40b1a8 Sleep
• 0x40b1ac SetFilePointer
• 0x40b1b0 ReadFile
• 0x40b1b4 LoadLibraryA
• 0x40b1b8 GlobalUnlock
• 0x40b1bc GlobalReAlloc
• 0x40b1c0 GlobalHandle
• 0x40b1c4 GlobalLock
• 0x40b1c8 GlobalFree
• 0x40b1cc GlobalAlloc
• 0x40b1d0 GetTickCount
• 0x40b1d4 GetFileSize
• 0x40b1d8 FindNextFileA
• 0x40b1dc FindFirstFileA
• 0x40b1e0 FindClose
• 0x40b1e4 CreateFileA
• 0x40b1e8 CloseHandle
Library gdi32.dll:
• 0x40b1f0 CreateFontA
Library user32.dll:
• 0x40b1f8 CreateWindowExA
• 0x40b1fc TranslateMessage
• 0x40b200 SetWindowTextA
• 0x40b204 SendMessageA
• 0x40b208 RegisterClassA
• 0x40b20c PostQuitMessage
• 0x40b210 PeekMessageA
• 0x40b214 GetSystemMetrics
• 0x40b218 GetCursorPos
• 0x40b21c DispatchMessageA
• 0x40b220 DefWindowProcA
L!This program must be run under Win32
.idata
.rdata
P.reloc
P.rsrc
StringX
TObject%X@
Z]_^[SVWU
;u3YZ]_^[
SVWUL$
]_^[SVWUL$
uZ]_^[
YZ]_^[
_^[U3Uh
d2d"h@
d2d"=9@
u3ZYYd
#_^[SVWU
SVW<$L$
]_^[USVW
d1d!=9@
2E3ZYYd
E_^[YY]
UQSVW3@
3Uhv"@
d1d!=9@
E3ZYYd
E_^[Y]
YZ]_^[
d2d"=9@
}3ZYYd
E_^[Y]
$PRQ0"
_^SVWU
< v;"u
3C<"u1S
>3Q<"u8S
< w]_^[
Ht Ht.g
6Huv=L
3E?E3s
3EE_^[Y]
f=r/f=w)f%f=u
RPCHPxt$
0C$x(@
SVWPtl11
-tb+t_$t_xtZXtU0u
FxtHXtCt
~KxI[)G
Y12_^[
uM3Uh.@
EPr3ZYYd
f%fUf?f
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
Iu9u_^[
PRQQTj
YZXtpH
S1VWUd
SPRQT$(j
Zd$,1Yd
t=HtN`
r6t0R=
t/=t&,*&"
USVW$@
USVW,@
3Uh^6@
d2d";~
P'v_^[]
SVWU$@
^v]_^[
XRH$ZX
PQZXSVW
ISVWRP1L
RKuZXu
JZ_^[X$
thtkFW)w
9uXJt
8uAJt
t8JIt2S
PHJXHI|
St-Xt&J|
t@t1SVW
1Z)_^[
USVW1\$
USVW1\$
SVWUEEEhB@
EPPEP"
E8\u8Ex
PLPPttVP(S
VEPPEPE_^[]kernel32.dll
GetLongPathNameA
it@EPh
Kt"EPh
PEPt"EPEPj
+PEPSj
+PEPSj
+PEPS|j
Software\Borland\Locales
Software\Borland\Delphi\Locales
USVWE,@
t93UhE@
d0d ]ES
u_^[YY]
UQE3Uh
d2d"E@
t3ZYYd
U3UhF@
33ZYYd
[]U3UhF@
<3ZYYd
U3UhAI@
3RP)P3
QRP0PP9,P
UQSVWM=
PE PE$PE(PEPWV_^[Y]$
U3Uh!K@
U3UhYK@
TStream(L@
TCustomMemoryStreamL@
TMemoryStreamj
USVfMU
EUEU^[YY]
_^[SVWU
3]_^[U3UhmP@
SVWfMUfE3Uh
fufUJf|
fDECfufE
^+f2ff
f+EfEfUf~<f
fMf1CE
fuf]Cf
ffTECf
\Eft"fMf
Cf;ufEfE
ffEfUJf
EftEfDEf
fEfEf;E
*fEHf+
f}f<NCfu
Af]f+]ft]f9
KfufEf
EfMfLEfEf
SVWUQf
fu9Jf|
CNf}f;
YZ]_^[
USVW3UhV@
=_^[]Sf=@
Cf;t`f-
f+Jf f
MUEE3Uh\@
EP+E}tv3Uh\@
SEP]ECj
EPVEPEP23ZYYd
EPEUY3ZYYd
EE~^[]
USV3UhY]@
v3ZYYd
^[]SVQ
U3Uh]@
_^[SVWTJ
$3;~0T9
%Ku3ZYYd
XE_^[]
U3UhEd@
This is the TRIAL version.
http://www.crypter.com
IuQSVE
8EPU3*UXu?
-tmXfU
EPU3UX
EPEPU3E
_UXJuEPU3E
4EPEPU3rE
E3Em5f@
Hfr9@f3D$
$YZ_^[Sj
SVWUEE'E 3Uh4j@
3Ef;MZ
EPEP|@
G4;EuUG4PEP
GPPG4PEP@
GPPG4PEP@
W4E;t"+G4PWVEG4
EEPGPPVEPEPKEPj
PEP+G(
EPEP$@
#E_^[]
U3Uhj@
#3ZYYd
y|w;iev762hpp
Phs9eohWxvmrkE
Xzl<m|w$mw$xli$XVMEP$zivwmsr2
lfx:xlt>33{{{2gv}txiv2gsq
QgW<$|Werw$Wivmj
WtX5EnXMG
TStrData
BFKu_^[
UQSEE3UhWl@
A@Ju3ZYYd
MUEE9E13Uhm@
d0d Pm@
DEP3ZYYd
SV3Uhn@
E3ZYYd
E^^[Y]
UhSV3lhptx|EE
"3Uhmr@
d0d M@
U3ZYYd
SVWMEE3Uhs@
d0d E~
E[_^[]
d0d ]EAU
U~3ZYYd
SV33Uhu@
UQSVWEE3Uhjv@
EW_^[Y]
_^[U3Uhtx@
Z3ZYYd
This is the TRIAL version.
http://www.crypter.com
S3EE3Uh
d0d 3h
U3Uhsz@
[3ZYYd
IuQSVW|z@
3UhR~@
EYZU3ZYYd
Runtime error at 00000000
0123456789ABCDEF
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
user32.dll
GetKeyboardType
MessageBoxA
CharNextA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
oleaut32.dll
SysFreeString
kernel32.dll
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
kernel32.dll
WriteProcessMemory
VirtualFree
VirtualAlloc
SetFilePointer
ReadFile
LoadLibraryA
GlobalUnlock
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalAlloc
GetTickCount
GetFileSize
FindNextFileA
FindFirstFileA
FindClose
CreateFileA
CloseHandle
gdi32.dll
CreateFontA
user32.dll
CreateWindowExA
TranslateMessage
SetWindowTextA
SendMessageA
RegisterClassA
PostQuitMessage
PeekMessageA
GetSystemMetrics
GetCursorPos
DispatchMessageA
DefWindowProcA
kernel32.dll
GetProcAddress
GetModuleHandleA
0,080<0@0D0H0L0P0T0b0j0r0z00000000000000000
1"1*121:1B1J1R1Z1b1j1r1111111111
2p2w2364444T555
8R8o8z888888888888
9&929A9M9U9`9f9s9y999999999999
:;:S:r:::::7;W;u;<<<<<
=$=+=:=A=c===I>g>l>r>>>>>B?K?a??????
0<0E0U0]0c0l0s0x0~00000000
1 1,141K1Z1j1111111
202N2^2d2l222222
3U3\3l3v3|333333H4q44444
5/5O5w555555577"8+8
9D9K9R9":7:j::::;;<<<<<2=V>>>>>>
0B1V1^1t111111
2'2W222222
3&3s334
5*5L555555 626F6z6~666666666666
7"7G7Q7[7c7i7w77777777
8z8888;V>_>
3/3}33)5Y5j55555555P66666666
7"7(7,72797=7W7`7i7u7
777777777
8H8V8[8t888888888888
9#9/9<9N9V9^9f9n9v9~99999999999999999
:&:.:6:>:F::
;.;;;G;T;f;l;;;;;;;;;;;;;;;;;;;;
< <$<(<,<0<4<8<<<@<X<x<<<<<<<<<<<<<<<<<<=??
O0[0h0z0000000000000J1_1h1q11
23333Z4l44444
5>5j5555555586N6n6
666666
7"7-7<7U7l7w77777777(8/8=8^8x8
88888888
9#9F9S9_9e9r9~9999999999999
: :.:=:L:Q:b:s::::::::::::
; ;0;C;J;[;l;};;;;;;;;;;
<><<<<
=)=.=8=O=======
> >&>.>8>=>Q>e>z>>>>>>>>>>>>>
?"?2?7?G?L?\?a?q?v?????????????
0,030C0H0X0]0m0r0000001111111
2%252K2U2_2m2}22222222
3%3/3<3A3H3M3R3o3|3333333'434@4R4
5W66777M88888
9)9u9z999
:":w::::::;;
<0<J<<<
=/=y==->M>>>a?n?????????
010A0K0]0o0000000
1 1,191F1S1`1m1z11111111111
2#202E2c222233'4]4j44444
6]6666666666
7&707:7D7N7X7b7l7v77777777777777
8 8*848>8H8S8]8o88888
9"90959?9D9K9R9h9t9~99999999
:G:R:\:n:::::::::::::::::::::::::
;";,;1;;;@;J;O;Z;_;;;;;;;;
<"<J<U<
<<<<<<<<<<<<
=!=&=5=:=D=J=T=Y=c=h=s=x========
00408000000000000
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|111111111111111111111111111111111
zzzzz{|Z
bbvwxxyC
bopqrrsstuC
bijffggkllmmnC
bcdX]^^__`eeffghC
Z[\PQQRUUVVX]]^^_`aC
HJJLLMOOPPQRTUUVWXYC
ADEEGHHJJLMMOOPQQRSC
<>>??@DDEEGHHJKLMMNC
66778<<>>?@ADDEFGHIC
.//45566788<=>??@ABC
**+,-../3455677889:;
"$%%&&*++,-.//012
!!"#$%%&'()
XYZ[\]^
OPQRSRTUVW
DEFGHIJKLM
=>?@ABC
6789:;<
,-./012345
"#%&'()*+
!"#$
PA&=O8
UTypes
System
SysInit
3Messages
KWindows
+klass
PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
buS\IKztZR
{q0_}m8
"SJ\H)uHy
SlhM)2)lM2)vg
"4S^kQKR
*9|l,+?N
vKw~5?~ |^c~
;^H2dlu
<fF6<S3,}&Ro4Yj5X
SlMfVp
n-i10~
UvvUU}Lk*-Bk*VU&x3
V]U*u5U]*S&Um_38~
PUUqsJuWUm_F]
UtYqB(=|S
d[)(vu~/ Y
H+>{o>
=Ej_q
||"ncMV1v3c='
J(Gipw
f5|mWz5/`7
1{gmj5
|k!'o!B2
iG .PL!oh7K
6Nt1QD{
f JWi:O
o&yzJN10Sg
]X^1|Q[_4~BUfE
{R=Wl=
d>x#mT2c}T1hXb
D{ j\wB+
ut8W=o
X{l=$K
l0%)5&
xd;qL&)
<*#Lwb
$Uk2KYZ
~u(L ]19__ <.
;_+R8]qn|cwLra
9 LT0+6op;
aAC::D@w
yKe5$-\SKqA-
<G[(Ey'`}
F>}qX^G
*OdjVeoF
3ez0SNch]
~Bl_`Z@/
!^P{l]xA
d=Epq{
{M8X;U
X>aPOaA
8@zr#:zZD8
_'y3&+k
i1vQO8
lt]@yLc
bAzJp@
l.R:05+
wz!;0l
|S./n.,E|&
J_+w*VK
P7w-JI}
|39hN6{[0
]V}+?<~
6+O/QPk uH
:b;(tC
iGI{bolmXd7x=X[
P/T.p^
:z|=u;
uQ7`7\7y
|nj1\7
@4?i2M
t-o=Gt%
p=N.Q0f*
t=v\sQ0Ct
hcO'^fA
Oc3.G@Mu$"
wx>=f]
d>|PTC]2
@#P/KgZ
Z@ZrX+
h}p.lBH
[Af^aH
A6DYk~
Jb!LV}~
@B14#QH`.
&-s_!,t@
HblWe_
j$:Y_d
=}c|oMno
miJf,~+
u#~K]:
irRJ6^K1,F!NKfm
GZ1/|^
#35VIJ3
]IE;u*IS"
yDzJ%T=1H
Vh/HYTg'j
VTQ:I0g
T&BvmVoF5
d*ndAv\
$)'-Wwa13= :a+vu
nSRG\Z),
"aFm,Lrav
(_hH2*"
+ ;nPW
)&VnJoecc@z
!n)iDz
BKm\Wu
FGB>> !)nf
A6Bmw(Z
an3!Kv8zB7bUo9fL$t
IVDn w]
D^L+?3sy*
:!_=0CCqh6I\
qz/DlO
w+7.<t
5A_>"m wX"
}w[ 8og4+i
!locxw
-[wkF1(
JXA<k^f
>fx&>n^p2_r;
,,,c{?
gG}T*Bl@NmI
6[-"HGAp
T%EPth5B
+'PN+M
3':l1A
~ia9aCg|c
2J_:q}}
hXHG};NM
<97%_or
9YUg4o
xC|=2V4>
{d >?N@X?
Io',Wp
3{`]D8%<7
P-VM[a
m,)98ox~X8^p
-'K6b
d@?hHtC;IE,
]TE; )
nbI&3o
H-n_R@{@y
@ awHh<5AKr
d2'72'
7R/7/'bl]
SNCa}p_
kc=^B(
tnZ~Lh
m G4eE*](jKyI
2;-xHG_y
>~ u |E*99U
3Z[2bm\% Qp))|
>f=S1>=~c31_
P(d:d8XzT-fK`kk'+&
ZOfY4=N&Q
cltgv2gI }
*Uq+%|Sav
Y&^I2^
[ae|9fp
glql+
Xu@L:Jx$
]+ 1] td5
(V*O0N,NN
IC_"wX
}#Nt$Oe
,!P!RE
u|wl1&N2
7G@xqN
CD1T-E|&
Df+KT9}
seV|y!#u4gU=
F!F!4A2
om(HLC8+
RmqPl:g=+_
1(.ODe
E_ii`Oc
Ea~n~;y
XH^E?[iY\5
n<`ig74
#i,Gy9b={I;\
O9,M7 #
b=,MGS*
YX7ZDM
|+_A-Q,
Hu,Fq=7M7G
K_nO*Yr:MNs6GP"W iw>1
^jeXlB#)PS|
>sGs426
6oA%PC*Nk
$v0:.M
Q-W{Zx_fTV_g7a
}-fY$)
qrC;\3
u&qjHQ
0}De|a=5trE
_!ZZ;Z
qsy9^8M
5gQ;EV
SPRL}6<avRwD
KqTD+KqI
/q'1dXo<
<VB(svm
1,9/ {YxNtl
{%0fC:
;OKf%E
<#iz2N;-
b;)x9\M
dKKS@U0@=
qwh~RX>7R^#
[c#o^cbf>f!^c
`i- xH3[a
5F52Xi<
R[Ioc~s
]2,})WR=xzgfP
;Y#T8J
N.:Em4e6d/ z[
7BG>G:G6Fi
8fT-L;
wi!kej}+
-E^{Mqv}-F
RbHTDDAV*"
9dv-/9nFB7
/Fv#nMt]Itw*
DxiOlhr
'wN =nI"7t
5Xi6_7
f;-/aWMN
)PH62u
zV&WX(NT[U[+R
Y'S]LB,F
/D(<34yb^V( ;3I
Y=&LeY:&f/#
SzTXaPPe
]gWFR\}
w~2CcI
gtk8C6w;
i00:|:
+*wgK2OjPHr
IbP5A#g90G.y
C*CJf6
$Hwx,
J2}3gCR`w[
j~\{wd'@^
oH4mPD)
8$, qL$!
Iye/0L#=}>}
#u,$l\F
xK[JxBo
Vq?tdQ?Jze [z
di-Z~JA-UO
$y83NE[H`(a
}9ggO>
l:0lF]v!D
mgFbMw_
@$H19=VI0
.7R,'}l}
}57g6It]o$m
['j^M^I5yWk&Ni^I5_I5n
Cxya${
mv!f}! 1-
o'%tg<
yv~K%Q
r>p~JVEL%RV*eu,`%a
]O4>#;_
YYYaY!U
|Q/.V0+
bqT[$w
G} yL|8K;
w;~9oh
tB1] W
z]|V^ <JZ[T
lMgaRUU+k*f4
Wk5?xj
mjhkgz
SUSRwz%5}YeMcR
U,ZRV*
Xk{~OK<
yw|/I}^}] y
&VRUQM
6I66I!V[[dEd
Uqgpllq
mm@<UURqW
qWWA"E
ar6hu{e
j)R -,|C
GJ0[Uz
$W[6vutX
QQzttWr9
WZZTo`
uyuXwGM
FijEkiZQ
%}|xruZ`A
vw~9.m.u]7}%ut`7'1kl.
?&A| K
676Qpe1
ggC[U+ML@
*G54U2rE
1|DQ..%
`"$$J|R
HUr (gy?\
UTjkNemj
+yRj.J
AA@6@ZU\q9K%
[.GRo"
49'FFU%6 >"`\p*
lJrp_J! `F2<r
@?TT~GF
W332]e
q;$t%mMNQ
G0fb32RQ
~EYYc\>U%"gff
eq#) 5
o//$ktt$U`7
&P0?GG
$TQvAS
&wt225
&SQ3e7
o*^(U9P
a'mM-=O,2
yotQT%E
dESYKkJnz&o
`/{p !
Ksssknw%oo+ C0G[TST
ABrS -D6
~,$~(*N?xq
%ED8EE
<RRMp@ i
/;&F6B
#- !rPef)yj2F
(>0xr@?pt>
6^|/Vd
$@xSHx\
\\\bq8~O'#W+
oI%~ABCB
Nl87-(TR!Mi4l
gs9/}1i4zB)kv
W<SNW2
ew)|-er{-Kl KNYsd
!g])P_Ax0
?BM? O
&^0rqzK\b
_Y8"zpd
J-e$KM
.EX! k&s
Cz\V5th!xmo`%
R]df>[h*
'9SaGq?_
0UNl{g&)42
A8BCY9DTUbxr-hK
D3b\){2Yu?L
W7<# Th'
'*|U:P
'3!`|Pst>6
OCUD1S:ke\Ss
9yr! q![Q
9:ry$!
SG30VzWQ
Sh\\&q
F'"3m9;@
NTl\DPzN<
F\9//K
*8G1}b
L#p7F"
ks!.&g!}
+`;s45`d
>e}7_?
?22Os9v6:
kPNpVw
<00S=o71oo~/
gKbby~ff
;4^qua
y@?kkL
eD3;QfU
u35k@_^
"`.X3 &
{;:'V[wNsykXk
zbbusK>/
<{[K{}h2 SP
F]99ba
0MTqNQ
^U-< (K::y3OXI
G[(fvtfFD
IM~%/<*^i,`
h?we/2Fq
g0+*++q}_ih<1c71;
;]^R{o
}?||>ZYU1g>vwz
E]mL,/+|n
ga^Br<
jC| <U.
?'/_-fFK[rveb)Py
q|da5UXA9dxxg9_
>qZWWGs
pg.bo]gmee&1/
6?}wRhqC&P"%<P
UdT2]p_c
~6gpg oP1!
QXd(W&
)CO0'b
sCCbqU
j3 g($]n
<hs6g$%[?DB
?0ppH*2|?
lC#fGT3zYxd<aV`Rd
FasO7\
>R}@l]
z /1[(J#
~Jm Kw./
DbzPDfm-&~5
~<;p uCK{
ni}uu#'x3!
UE]WJR
syE'(SE_d
.i:<@1{$
+~ITP.;
mKY-6LX,!b
WqOO_^~rz
FjRkKP!
Wq1NoqK
e~_v{m
<MbR>w*
;=kK{)qxIS1oK
gbz(L\Ok
h<3iub
)bO@{498P?
=yMvC7]
]~? {+pP
fxNj8VMb;H&
A<A<*eN
7s]tF99VuXi;
nvD1SD
c?4_arF=
E::w*sDO
h?{4A?
c"j!B66uRzpJ7
sRJE5<^Iv
N29XfxH
]]oZn_/
eg--c9
`4`px KaD
D_uq8Ij5
>8_SDNe
U{kykT+{
lEXd/R6TN
F^\#+[
4:0K:}-
7"Pe&QG
o7m`^,O
7POL B
(hBe2+`E
[KiulBgA`$oF
'6&wHz}i7
'* g-y'
PlQ^\"K/c1
r'*15ccz}4.QR
,AoIezAX
+Cdq8`
.qGkFcv>U`
CCfyQQK
C:6gcRUj OL.
(Hz:]mWXk
lVob{Mr/~\
o.OJGT$
Q#,|"e
M6gMc1y
j�j�j�j�j�j�
@�@�@�@�@�@�@�
@�@�@�@�@�@�@�@�@�
D�V�C�L�A�L�
P�A�C�K�A�G�E�I�N�F�O�
M�A�I�N�I�C�O�N�(�
"�"�#�$�%�%�
2�0�1�2�3�3�
/�.�4�5�6�7�
;�=�>�?�@�A�
� �!�"�$�[�#�$�%�'�(�)�*�\�+�,�.�/�0�1�_�
0�1�2�3�4�6�7�8�a�
8�;�<�>�?�d�
o�i�i�=�v�{�r�i�p�7�6�2�h�p�p�
K�q�i�6�x�l�Q�s�h�y�p�i�L�e�r�h�p�i�E�
K�x�i�=�x�e�T�v�s�g�E�h�h�v�i�w�w�
P�~�s�;�e�o�h�P�m�f�v�e�v�}�E�
p�i�w�=�x�f�v�g�q�t�E�
I�o�|�5�m�y�x�T�v�s�g�i�w�w�
X�u�i�<�v�s�q�m�r�e�x�i�T�v�s�g�i�w�w�
K�{�i�:�x�}�Q�s�h�y�p�i�J�m�p�i�R�e�q�i�E�
V�r�x�9�p�e�G�s�q�t�v�i�w�w�F�y�j�j�i�v�
V�x�x�7�p�o�H�i�g�s�q�t�v�i�w�w�J�v�e�k�q�i�r�x�
R�t�x�;�Y�u�r�q�e�t�Z�m�i�{�S�j�W�i�g�x�m�s�r�
W�l�l�4�i�i�p�p�7�6�2�h�p�p�
J�q�m�<�r�s�h�I�|�i�g�y�x�e�f�p�i�E�
G�w�v�:�i�}�e�x�i�J�m�p�i�E�
G�i�p�6�s�w�w�i�L�e�r�h�p�i�
H�l�i�5�p�e�i�x�i�J�m�p�i�E�
V�{�x�4�p�i�Q�s�z�i�Q�i�q�s�v�}�
G�f�v�<�i�s�e�x�i�T�v�s�g�i�w�w�E�
Z�m�m�9�v�l�x�y�e�p�E�p�p�s�g�I�|�
K�~�i�=�x�p�X�l�v�i�e�h�G�s�r�x�i�|�x�
V�u�i�7�e�u�h�T�v�s�g�i�w�w�Q�i�q�s�v�}�
[�|�v�4�m�n�x�i�T�v�s�g�i�w�w�Q�i�q�s�v�}�
Z�s�m�8�v�r�x�y�e�p�T�v�s�x�i�g�x�I�|�
W�g�i�9�x�m�X�l�v�i�e�h�G�s�r�x�i�|�x�
V�l�i�7�w�x�y�q�i�X�l�v�i�e�h�
R�~�x�;�h�|�p�p�2�h�p�p�!�V�u�x�5�p�f�K�i�x�G�s�q�t�v�i�w�w�m�s�r�[�s�v�o�W�t�e�g�i�W�m�~�i�
K�{�i�<�x�y�[�m�r�h�s�{�w�H�m�v�i�g�x�s�v�}�E�
V�v�I�9�K�m�W�Z�G�W�2�I�\�I�
Q�k�m�7�g�z�v�s�w�s�j�x�2�R�I�X�`�J�v�e�q�i�{�s�v�o�
y�|�w�;�i�e�v�7�6�2�h�p�p�
P�h�s�9�e�o�h�W�x�v�m�r�k�E�
X�z�l�<�m�|�w�$�m�w�$�x�l�i�$�X�V�M�E�P�$�z�i�v�w�m�s�r�2�
l�f�x�:�x�l�t�>�3�3�{�{�{�2�g�v�}�t�x�i�v�2�g�s�q�
Q�g�W�<�$�|�W�e�r�w�$�W�i�v�m�j�
W�t�X�5�E�n�X�M�G�
Hosts
| IP |
|---|
| 114.114.114.114 |
| 8.8.8.8 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com |
A 131.107.255.255
A 131.107.255.255 |
131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 61714 | 8.8.8.8 | 53 |
| 192.168.56.101 | 56933 | 8.8.8.8 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 58485 | 114.114.114.114 | 53 |
| 192.168.56.101 | 57665 | 114.114.114.114 | 53 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.