1.2
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.81
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | Worm:Win32/Mydoom.b9f2f6f8 | 20190527 | 0.3.0.5 |
| Avast | Win32:Malware-gen | 20200520 | 18.4.3895.0 |
| Baidu | Win32.Trojan.Delf.j | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_80% (W) | 20190702 | 1.0 |
| Kingsoft | None | 20200521 | 2013.8.14.323 |
| McAfee | Artemis!6098E63E140D | 20200521 | 6.0.6.653 |
| Tencent | Malware.Win32.Gencirc.10b07aad | 20200521 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(4 个事件)
| section | CODE |
| section | DATA |
| section | BSS |
| section |
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(6 个事件)
| section | {'name': 'CODE', 'virtual_address': '0x00001000', 'virtual_size': '0x0000a000', 'size_of_data': '0x00005600', 'entropy': 7.992235378339067} | entropy | 7.992235378339067 | description | 发现高熵的节 | |||||||||
| section | {'name': 'DATA', 'virtual_address': '0x0000b000', 'virtual_size': '0x00001000', 'size_of_data': '0x00000200', 'entropy': 7.537443661508319} | entropy | 7.537443661508319 | description | 发现高熵的节 | |||||||||
| section | {'name': '.idata', 'virtual_address': '0x0000e000', 'virtual_size': '0x00001000', 'size_of_data': '0x00000600', 'entropy': 7.871666928051274} | entropy | 7.871666928051274 | description | 发现高熵的节 | |||||||||
| section | {'name': '.rdata', 'virtual_address': '0x00010000', 'virtual_size': '0x00002000', 'size_of_data': '0x00000200', 'entropy': 7.582096724860129} | entropy | 7.582096724860129 | description | 发现高熵的节 | |||||||||
| section | {'name': '', 'virtual_address': '0x00013000', 'virtual_size': '0x00003000', 'size_of_data': '0x00002400', 'entropy': 7.596943615976609} | entropy | 7.596943615976609 | description | 发现高熵的节 | |||||||||
| entropy | 0.9705882352941176 | description | 此PE文件的整体熵值较高 | |||||||||||
网络通信
与未执行 DNS 查询的主机进行通信
(2 个事件)
| host | 114.114.114.114 | |||
| host | 8.8.8.8 | |||
文件已被 VirusTotal 上 62 个反病毒引擎识别为恶意
(50 out of 62 个事件)
| ALYac | Generic.Malware.Sdld.C44D850D |
| APEX | Malicious |
| AVG | Win32:Malware-gen |
| Acronis | suspicious |
| Ad-Aware | Generic.Malware.Sdld.C44D850D |
| AhnLab-V3 | Backdoor/Win32.Delf.R257860 |
| Alibaba | Worm:Win32/Mydoom.b9f2f6f8 |
| Antiy-AVL | Trojan[Backdoor]/Win32.Delf |
| Arcabit | Generic.Malware.Sdld.C44D850D |
| Avast | Win32:Malware-gen |
| Avira | TR/Dropper.Gen |
| Baidu | Win32.Trojan.Delf.j |
| BitDefender | Generic.Malware.Sdld.C44D850D |
| BitDefenderTheta | AI:Packer.3B2C2E2C21 |
| Comodo | Backdoor.Win32.Delf.ste@4wua2l |
| CrowdStrike | win/malicious_confidence_80% (W) |
| Cybereason | malicious.e140d5 |
| Cylance | Unsafe |
| Cyren | W32/SuspPack.R.gen!Eldorado |
| DrWeb | Trojan.Siggen3.61286 |
| ESET-NOD32 | a variant of Win32/LunaStorm.D |
| Emsisoft | Generic.Malware.Sdld.C44D850D (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/HLL-SysDlrSharer!Eldorado |
| F-Secure | Trojan.TR/Dropper.Gen |
| FireEye | Generic.mg.6098e63e140d5edf |
| Fortinet | W32/Delf.CST!tr |
| GData | Generic.Malware.Sdld.C44D850D |
| Ikarus | Worm.Win32.Lunastorm |
| Invincea | heuristic |
| Jiangmin | Backdoor.Delf.hzu |
| K7AntiVirus | Trojan ( 000010291 ) |
| K7GW | Trojan ( 000010291 ) |
| Kaspersky | Backdoor.Win32.Delf.cst |
| Lionic | Trojan.Win32.Delf.tpLp |
| MAX | malware (ai score=81) |
| Malwarebytes | Trojan.Delf |
| MaxSecure | Trojan.Malware.300983.susgen |
| McAfee | Artemis!6098E63E140D |
| McAfee-GW-Edition | BehavesLike.Win32.ExploitMydoom.mc |
| MicroWorld-eScan | Generic.Malware.Sdld.C44D850D |
| Microsoft | Worm:Win32/Mydoom.PB!MTB |
| NANO-Antivirus | Trojan.Win32.Delf.fnpcbp |
| Paloalto | generic.ml |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | Win32/Trojan.Delf.B |
| Rising | Backdoor.Delf!1.64C1 (CLOUD) |
| Sangfor | Malware |
| SentinelOne | DFI - Suspicious PE |
| Sophos | Troj/Agent-BBLI |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
1992-06-20 06:22:17
PE Imphash
3c0e70bfa5f73f1f1cef484e2bcb5bf8
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| CODE | 0x00001000 | 0x0000a000 | 0x00005600 | 7.992235378339067 |
| DATA | 0x0000b000 | 0x00001000 | 0x00000200 | 7.537443661508319 |
| BSS | 0x0000c000 | 0x00002000 | 0x00000000 | 0.0 |
| .idata | 0x0000e000 | 0x00001000 | 0x00000600 | 7.871666928051274 |
| .tls | 0x0000f000 | 0x00001000 | 0x00000000 | 0.0 |
| .rdata | 0x00010000 | 0x00002000 | 0x00000200 | 7.582096724860129 |
| .rsrc | 0x00012000 | 0x00001000 | 0x00000400 | 6.753357619284395 |
| 0x00013000 | 0x00003000 | 0x00002400 | 7.596943615976609 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x000150be | 0x000002e8 | LANG_ENGLISH | SUBLANG_ENGLISH_PHILIPPINES | None |
| RT_RCDATA | 0x00012448 | 0x000000a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_RCDATA | 0x00012448 | 0x000000a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_GROUP_ICON | 0x000150aa | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_PHILIPPINES | None |
Imports
Library kernel32.dll:
• 0x414c2e GetModuleHandleA
Library user32.dll:
• 0x414c36 MessageBoxA
L!This program must be run under Win32
.idata
.rdata
8\plJ
{{~nZc
9HGu X+r)"
xT{5-l;^`
y.%mtB)DHV
5)VBdY
t;jj+iOi%
nj`.J[D
,"V:&Q>|KE`
nST(>v
!*QqM5#
]Wi[m. 0P
PJ8Sn;La.v
3pyG(Tv;L=dxjp
rdK'p pQ
">nPccB
W? qK{_|
F<[Qg%
VTOoU}
r'a%=xF;
Nzv@UG~
/(>)Xod?T
/G@1w!K]@
Z{CDkZ$
37; WpA
&T;$c^_v>Bq
OdtG=yK
@w7ON2~7{
c&N1%4
B(N&U(gO.Q
xYb4~6Ys
1P \1S
sc~%Pa=A |94
G)Ek|u'8^/
Y Y &p!`e
;~c!,?y3_
%"L]GS[B
T n.AT
X\IkRl
Ko0X]ZH>K
$.a1X_w4'k.
:OgKcfp
@~3?rP+l/eE,
QZ_c}Wid@
<4fKN@h
;:.i%<FS
tv{%7/7vz
A/b'P<a:[AOL)>>0
(~)<.u
-%\UU8)
@'!Rfi
SiOIg'
RzP=\ ?o/T~P
w#6IBV^3f_
"(]x-@@P).,
4v&@m6IQ#
\mvD8+
:W ~/>H,
`YJ"td3
3@'@{KFe:'Y#q_ Q
^T"_z*
V#Sd:?rc
b{kZK<
NPcBsP
70eJ5X~{O-4J
$e([47t$
] >g2j
_p's;4*iG?mJNX
Td2Y9TN: v
z:lxXq
xj3eJ<IJ
9C_/W4m?+M<V"zJ
76(SY:
AG%%sO|;dm
$)8heVA
\dmY&0
NiG0[\s
]*}6K>j`g
^0t$DB;`6>l?-v%E$N U-tf
y-"'Z:
O,W6C'hF3|
{s5k){
)dh2]+
D .b[1fV
3>|X`NZdQF;?%>cWh,.9
}"P38*fO
ZeY,7JB
vt;vwHT
l (_\CV?
Xt%W,p
aHAkf,#
* !s2`WUmR
6j|f[gk)h
$G{!6y}g
b"7S#NaLr
Lv$9 ^
9.u2; zZS
_rtNCfa
$brI~u@2(q}')H
ZDFenI
`mZRj;
Bz:%E}
7n}@49
p,6Tl6eje
U 2KWD^4
V!grHg
$`t|F6z:
: %kh<F}WAcTvcQg
0HiA<k`<rdp}G!j
p,.-ZE]
a3<_bw]&
qH\zn!x
*Mj=gK$U?/[j)
dK Lot>GP_K9I2V
>H#T^=V9?ki
PbPhX
Cs" uuQ6+$K`t
gDvM\~
.MM[RMRG[~i;g
qUsVPEd/
r;zfk"Ye
K~#$18-q
M 12;-
0)}P"N'T*NR-
$-vog|
,5Gvd#
8d`bl)!
!5{y9/-b
UCbPK1>bx
r2fh1q
FEg[8<#
~KW7%e19IN
^@|?7u!
H9IQl_N4
7s:R7NL,KS
,&Y '`E
$7lp5G9
aWJfJwp
_-yJ5tw
p'L*qpQ
6,K@|[l6Y
K]^|7R0=
l\fS6QIjdnr0!qQqHSW
K%LycGu
R K^f@{
TW7fKD
@]Z"-?
4gu[3u[vT$~
n:{gNMh
)W+M S
5'U.+_:k
.5?/ BA=.2M
3-+:cv[[M
f~@07i%v
S,dxnQJ
:\,P@Ccst
KQ-wzN#}vC
JmsxP1MX"b%
% iSmOU
vfuUt}^
+wtp(f]
pM@=p)&
~S1%%aQdV
)vbM,D
F;gB7}jy|T
MfybNS)i[H<+w
Dov)XE
4Od4,`[oc]b
TU#,-Z
]NO|j&
$Tjms_'h=4
'BTzL&].
l.5yX}VzpJeg
,ndn{%
IeE-Ibfe
D"=XCvbf4>m/x7}y8>
< fX1?k=79q
BMA^{LRG
N }~l;
],PfO_:c
qhM}`\
Y5q:+=
kB`k+}e
Thn"WN
E o`J$.
$pAOFtG
0Cp{@GW
#sVh"3'aq
(y?+r}d8$2
QriL~@
r#oE:SI%y(g@{
_s]7[G
v4f.XO
K`! A%
rz2L1!(E
r!Qp]iIx
fu.,[%RShFp66
#G/ #W
4|f8\|5 T?>b$X8
qDRcJ&DV
1C4 O;[K@
gWS=O.dctf+
\K#H#n veo
dJH5vY}&85%V
W~3 L'7G@(t
[NWaeK
#M8>hyt)[5
Q4kco!fOMta
<5BpDh=
b:rKi)6DZ,_+
3sNZ2@,a}S
xNqz1eF!BG
QlQX-Ee
d^X [
;g|I[V
=->X%J
/)|*qI8
*o@0nt
4#_NIP
(R;Lx
NZJ8qLU
9(0L,?3
'9Yt;W|LW
QqX9.8Q
{g#y9a:
;oGP1'-U:6gnpL:
t#/4Qw3
& 6HycW
nM'e7A
)jdhiIYo&
|3ih#^
@D}`;i-
o.6QpQmPE% cZlZu
70o/7B
<D?](UwtcrU "
{F8V/dVED'*
><Bck9
o4ju~vkK|
lwK'15|Wx
Ep4x8L _p
?F}OG_=
G!FK8=
a0I$@7oY_yiKM
op.TNL$/*/'b>f
s!$m!9P[`
{1.UM;
sAm-qLa6
=`|mgl
W,,RoI
x*Qx/4
^zCo;X
E%yU|r
_VC dy.8HH]
%d$pZ
HSW59CB
:,kC1?5A4m}
SH=N- , l
`$,">:
[!%!;+]z~
I_G{qf
?fCQgn@,9;d=
,/z/buX
}C)P')
FAc$t{)0Y{"(i
uLD|obeV
{|b]"d
|%-g2H
UC,[<qal
Y?d*||B
4\;;2$"
2[4zu;O2|
WDbj\u@\ib[t
*^vIs4}%N$
DKUdj*6
..<NRi
P&-'_z
ItN=\s
|?xCBP
H\gd96
'yaJEO"AAN
)!9<Bg
^+h7Cfw<G
7/HQ U&Rd
eLNUOa
[b,_K8
d~R#Frk6U6n
X"nH^|-<Tl71
EX>mA,rb>Kou9$G?0I
bDAm|O]
bi%w )7R'+!w
2%&Lc~
(#Cp$d
@~=ADZP}IF}KBD
FBD!%Q:Z<z
+x&h!W
HM&AgSQQ_^
AO!}w
lOm-eH&wkc
'?0?F2
@uGyJ:=bHw*0;:F5161s
X[+@O]b
|!g9UKgD|?
x (Pbv
jDiI6.&c8&
llz 0f7}Ooiv
?vR{98
qId\Jq4dg
*22\tJ
@&)k<-
nKKi2OT1
c4aQ_SG?KDV&f3
~y;cis
lODtUw%{CZ:Gl/<fk[tXIRG6oI
)>WTsRT
R{xT^`
6+i/+u~S
0dzshrOxut
_a[ 5P
OV]VM+H>
_~_9ElI?FmL
G`MvBIS
Q!w{yLQ*~
=d:GO9
a_9(cl3
v#C{}nD8
gY66@S
&\XJ$I
~FeEY#
RDL:_p
6E"2P9l
l|9[W
K@AnZ~
:tRr|\'
l&{_~F_9P40;x. ;w5zC'
txgI'0
,"!<`jrQ
g|3J$.
r1H.dZ7sg
A>teG~
q~^|)^A@ <
,j_<ui K}nRQF{;f!En-?
[89M;4&
V^*R(nk
h;uVR(2 Cm
2kobW"
L}e^iD
NHip$e
A|E7TGy7B@';@V
lb{FNmMC
+zT58O
OBt"`]9
{B2=Kx
VD%#!byC
iq`61R
gq~caF
{R8E`>]b
b9#dI+
?_BwtT
4> \q6-
)`f.K+
|a\V(,)
!?g&!+g
Y=Ip2:
;sw l/;1)jVEm]q]
6v/G|2i
trO:mZ@-
gCgtd%b},
5S,GP=9
Hg)W:;o[+
#lP`KW
KYqfin
[/lq4cM
+bqyt;t
ipdl^djIx
>WN*ra
cal7K-s-
dX/$9
Hs%y\b
yR=@2Q
3ECUWV
!!$yzx
&W5II*@
Q^i ?h*
IK$if7;~(>
M*:wVY
~$^,EZJD.
/P |{j${w
3o2^,zZ+\M
R{<TN% sWbZXz
5.U2KcqGs%
E&W2V%SKf$XOa IL
SpSkZ`
Bt|q$|-
Cd{tts
rO<75s/P
U9z8Y@k/6& <
=q"$xB
(y&fK`
V|x[VT
HRKCLkR
t__C>eT%E
BPZAc+{
ixF:47Zr
S;>^`j
Qrt"CIh`
bxXQDJL
w&E4]#
q2txp[6O^
\.qd!#
1O[,x9e0
v@!#{Nf@@
:=d,=2Z
C d)3E
nGJctwdG
fu&X-o
q"<=HP,
]->Srljz/r
U<E5L\
q3Oul1z
PB1uaH
O6l{VC
h} Gjm
w$/t:TI1Q!=
,<+p4M_D
$]SGkNq
*&Bkd/E5Y
2T|gwP7H
_v?flM\`
CxuN;,Dsm
wuEPo[8
0+%.!r
b,]B4<SAW4[M
dHv9o+
z]7B5L
7bS`_&
T0kxeY
j Q=/i
n|?EWkal|m,?
.MqiiCk.
%=.).pxa2J
zZei3@6MSts9:Gb#
A%H>pI0
IF,fyN+T\
vWBFrn
[o*$;yt
UC[e~O
$ H|."
[N;bZ8:7;'9Rpl
8"no'C>Jc
k0k[[zm+fP%
*Z XS,
K9wD7|lY3sj
GiwMN-J< c
<BPck9
l^Nz>v
!2)3Ep
6h_ZG/)m2a4w
RY[6I'Zv*75"
g-Qt+]
i_*=_9kT
=YwvArX,tra
V>)4UYD?fE\t^y
ySJ>P5
u;*q!f>
;&&iQ$P/
uE9"w\
S@XVhS6
D";xO4u6cs
gvhF;0
Fu'm5o
|"+'kM
r@\h1m
Iro}HB
xe0tE}i
lf5Pu^2gw 3,+
Fh@xn/(0Sc>]Jb%
5gH6T'
!n*{P!
[%eViJI'
U,=3c(
,T^AC`#v
sEx<>1;
tQRp^ 33gxGgXE
u'" N$Z51saJ%GwPVw
=^E00B
c{(T`a$
zPHb;4]
3-|QtLo>
3Q!rB{6gHKa
mSL}_Uz]
$ H\c0b<
BJJ-;+'
{2.Zdnz>T"
d]O!oT|D
|:roazX'[sfm4y
7LraH]j
dZt@'$2
Mz*M&{-Q]
8.J^7Gp!rL
S{eNgi[@
LCd'bg6#
{<:y&q
DI>nip
C*ShlAP7
+ockvpMY
aFu3nc
boV>!MyD>N
xBIO$fc=?&<W
X.b|2zUi{gG#lih!jP7]9j
33es#Lzy
Ac-YUEIA+YdeQNmw'
iA|8RtY#
+d!JS?
J0}UR
@8je9D<W
6r,&$l
[9}*UV<mXt08iP
DPGP?HrTrD
M{UouM
g!t]4{
vl +^LW^Yk
K66-Q\$J&vZ
A\#N2!
6{>=64
tBO\~|o/vj VSh8(#MnXVT1\
ATc@G:kg
:b'|vhtv&|
WRG1`v/
0KrFTSuU4
tM2u#vd.:ljG za N
T>5,BD
SJz'"6#
M.c\'"fG
!n+m1b,
y7LtB~s
RdVCQa"YmVVk
XZebx8
oIFv4d(TaX
"T:T. 286DV<VPBDJHVhNhbTV\ZJ
fLn5Q8x@.p\'~\?
@QgS6dXA
"-}"!Y;G_Y(&
H0JA=4dWZqr$04Bl
rC,-0fYG
e$9 Ff
m1&pLZDb_Ge
[ar6!j
gIi@|2
b`-bc'z
18>0?vHfjJf
hq<q%!?
Er}Ey\
c6mQTf
F%vU+R
,sOj=k
H)%~ji\
Me>nosj:+$1F&+%H^/
#qVEf(+k+*m!
[%G4d~Q>
lq-JWe
P]M[=7(e
S&s?'/
7q#7!QS[
%'c-jZq_-q
Mi_jtW
W~`v|Fx}
g56~^Q
&i]/F\[C
v=kT :[2oQ
=@DA+W~|)G>
>>:v!r2M$
MF<w:l}I
?Cx*rg,K~TM
=>#$h\
whVB=B
3&%._N5
E..if,hr
'h2c<1
%=1{~DvY
a=#IDU
$ aQ*|'.D
Z=hylltY
F9fKL#
`f:]sa%n
d]NV>Cs7B0
_Vwt8z
^:5#tL
%Ej^@%TC
_2ugrW-l
6:MUiL{c})PW
5|4;28r?*2l<eY
k4E/Tf
FOXj[R
U})vly]
`KPStqG?NrFXhOr
#BLxn.*
`m64J{
C&f&r:
2 {.LXg>
ROt;{rC:H6v_-
k=/4OzK
KUE*EFMTZ
p(O!&1,Gi88$+
P? cQc
^qh7HM
&pL+B*26
Jw3TI|X1
dke!\eS@os
|1,Z5E'L:6
8;JdHm
v;"^c==
>GO$=!&
/vPR;0:
,LwA7'
Q^P_{pw!mG9
LaUKzK
z.~t7w
.6.,?B
N$AMjN]\ GCa6
8!C0$4ELj^
v1w'Sg
0xI:uf#V
u6Pr,;\~L
cE'UiCB
ox/+t[
>T.:x7
F.m q3X
D)-_rL8$P>r42
aF,lF,
=nky12
E0s'u{3eu
k?$J;=L{
qB>f5Y
?hswN-gS
kernel32.dll
user32.dll
GetModuleHandleA
MessageBoxA
uhPD;ywpY}&l>
i.BI{7<#v(nH"P
Z9Z<"sens\~
L==Qp*d[0
\;+Lw~sC~
tbjxNZ(
Mr![jm6O~2
6PI& $NZb~
bqdrRZ7
A=nMkx7.
z F&&Lfos@~
hcdxXU
Z7%Pj~e
|:=yho6F?^d`c=Q
>}I! Rcbb
<^!ubnO
F4-Vj+
t-H30"
Gggfv@
&vvggd
wwgbvt
1wwwr"gf@
1wwwr"vv@
wr""gf@
wr""&f@
ww"w""@
1wr'""@
3333;31
333333
sp`x`laE
jrYVK\~NA8XvC
W}vy_jmx
LL@GGNv
8Y>cPH
^.~_T@\|p
1qx0zi
-i7g~jw
.9'n#\{?
?" wBQ
?hD^v[Q
a{Hjev
jC?UQ67
lIb9oa
M'Jg%|
76r@q"-t,MiX
4LW N1D-N
$@-*{
>3uwZ 6H7W
OzOXr4V|7i?Q
5';+FV
3jNqz2(X'!
_i0oT>`"SbXm
#vocUdi
@FS,_-*
:--KWrw
Ku'{q}L
)ye(Y)bVt
|qxf+0
K'(6*sq,*n
$cc6];A
Xw76>#w|
BoH^,_
u/?2~(
4ja74JLf:hT[H=/TZ
pu{,0CU:
p.9t"u\6x5vq
gTG(1@T[i/3
&>*[j:<G_1H%M
)x-e9|
?)6sUtP;n
rPfh/3Au
hx_iyd
WzfFIp]8s.`
/Ie8B}?}>F zCN"VC S
7YQ(GP
= 14e('3p
EV[/k*u
6)2t=%
-]`F`E
u&oLz^:
FXozq^
Qt>aP"Sm8Du)uli99d
H4f>Mb
mfAL=F
n+8?J`S
0nM"W5Xz
^/SZoqM
:m*OsP
kZX2f .
<Oj@O.
@^;7"<hCX
G=^9FE
I;'l+r7
UeEfi,
K9yo1N.|.
\zZ)1V
;%\}y"4^
*XfP&[PN5
u&`1"hA%'
3~wpNb@
ElYrxsBgCQ0
Iw5Nya5
MO92mw
`#IW,W
eEa+Ge!
]<tHRU+%
Wk>0R]$<{
%@GaTmbD%fpJ'f9A}kH
B?R;b@
:jm/N%o?
D~:=h*
C+QyD8+!m
^2(A5I0E$[ Fk#[
U/ xT)
%hKWCev
5J}NzHK+XL;[r
,b5"XO[vs1
jGWB]!0$h
}s._l"w
=:Sg:?
Y!As<saQ {"
e|H\*5
BSW-l(
`Y{.|f4F,$
_XNfFi;
y+m[kh
"h& ?wby&M
gyD,):t0GF\-
-Noix;^5
'"0@"eI?l
ZLRC- bs
uxt.Ou$
+Bjt(uQDSc'2lw5
n sRPAmN_W
kZ0=jZI
Mrpn]v
9ueh"S
(K,v>_4Y
5y4Q#mP}
B#nJ01mT0
fF_M1=11
?4I/yJ&FR
2 +20D"
n0!kx7
&XBz!)O@FA~
j<Qj)T!:R
%bMk FkE
yYV YN_f8
@={\8Wv@_8$
g2jOl>q
.D]zl>Z!i \
5(DQ++1)s
fk9]2$hl4mV;
7D1$P
uD0A`y@#
xCqbQq
Y`.e"\Y
`9~DZPs
_nM@[.U
$tX`'yxy
G?(4TJ&xhr
eC+g*JM*
UB#t4nXY
37/4.M
kL9bjWO
PX\V2<-v
?N=LP0
*]YyZ)4q|n
ctQ$j,y
hU=%GBPh{v-=RKN
(V@y-Eq[[
ulMo<k
&g'%G=0$n6
&|`k2>Ih
sbHmfHX&+|
l-7VfDj
kdTO2nJfL-f3
c/X *7
7 7|u\[A
7$R}hq="
E/I6I%Kk
(s9y;%=
GBi!~8[@,
ip$|eO
Y!*kj^9 _
)Ap/%.O<f]
vt61z7X
q2zVpvSWVeI
w&TGv|
_`G_9k\v
'SlRBz5
$quv`\s$G
xgJ,RrR
uKUG{+O
gZ![)Ppz~Bd
."#t`XL
jX~5wP
4Ca,ne
,7>kt=E
e;Tg:])7_
"i?$aje4}hR`z[
PTdfw&NqV
UwQp7N_(c
Z8W:2T
%qZYOyG%{W
5oSG&\.P
nAl#kG$Kof
(/K} _(
?eCnc;
IImLrYk
AQK{7v
5%>@U$pit1
Ab Y{7
eMo-%m"
,i VM8
-4'.51$
EiwP&FKcG
Z+<pVH
+yp:!TVUC}G
23:c-p8Li"e
?PeG678
U 7('D'
V.8mG#?"
Y>:c#US0a
Y}TJl6
I3-S7{f
QfFta`
z=gM)-
H:6H^lJ$
r~2Io];G}{Y
U[W O;b
Rn_S1e-N7
I= *z2TN
h->$!W
_h)qAx
XflCst
yJ )kj_Fg>x+1
TL#Z)_
N^+r \:(
!\RGZ1
C#8rO\
z5A*M-d
vKiKAh
n|#EPL
1ak]s,
\~l_E8Bf
,jNG_;;I
ZK[8?v^x
jDA8DC
Mrz6;6v*%G
4SR"FS
[n[lG([P
4s|svn$FuTBcj*F
QD0F#.]qE;
2(t5I0BrtO7Y
NWa`g6X%4gN7S
\R45<$8V
]YdX5Y8
9w`'y>w
m,dJO)
[V5h"uy+];
S*]OM1Ul
c<GQ3^!
fCbl1L
#I*FZ
vJ+h[z
xw\k6H_V
kF_TI|8
.n4o*c
PKF90C
6#>=hf
ThHKyf"
f)YXjh
_hY;]9hqk
f6u~:`!\
sBP"\6H
id1cNb)xvx8P
oRnUK*/
?Fzk_Z
.|>,l@&]:Fh
f'JUXr
N3uDQ=(J$
:n.]{YaL
g{=Go[Q5G4gW
Yd.rEZ9p;wxS
}2}+W&NV
{x<q+`
Hn0[;U
bjc ~P
XB?=1]d
?C5.F\@5Jy
ku}qy~
[bF9",d9N{wN
k]|@ICF2J
&@?'5]=Y\<d
g.w8yp
_<yY-Um
1nk<>+3-F!
0g;@h =9
0DR<DH
Q{A|YG'!J
R.T6W@
}2Fr9r~v:nw$IJ\F"P@y M;5#H
K{J H/A
$:-7E]
mxF8vh
BtXq[qUY
}Bvj3;
t_1YT+&;
!YZdgaWk
O-7oo h
>N71
_B/Y7GH
,J*xB&
=;oMk@
_; >&l*1`_2k$
lt$:'N-F
#GX.50=e
N!fj5AXkO}C
`eTZ<j?6+O2
_XC<Xy
y2]e=JA|9'
Ej1HiH
&s^I59ToY
O/wXNk?
m0HR[N
]qs9%tL
VlwGW5
2L3h'e!U
s9R3UZ+
+3KcXjf
#}hfb7{]U|"
*MXLIvS.G/S
`j:*s,
dv$jB'rB
P[#a-F]
MVV}{41
|@3X^z
-5];jf`.
KE{2"\>N
x,e=0|
MkH+zgG
i@{~q(ot@tISAxy
9^vYh,V=Wg=A
CEKm4%iD>*
q9mWq+2/}
z&B?b"
;^-E "k
i`F1UdRM 4B*
b3YSQ434d(*LM
9~V[$wiw
@-h-Z^*x
u^kOHY K
`FZ7wBd.a&
:z-XjNOO30
bU<'Qx4$k~
F^Y!ZnoJU
("]8Yq
1TZA/:
<nW;|~%mp
<0psosLxE]tL$Y
S_eB[gX2
{oU*nb.LYC
m.YWcY-b]T
68ccvfY
?S^{um,Fo8q
7hP^ roTdw19!]
s)v^qQ
?*:&a
Q<ps!?
<M`C#<
?W/GH^3W
4C,?wY
9[;5"nd3
i f,/<
ozY_AL
K{u['{X
~O]4fo
V;"E2:jG~
g"in\,r^M| N!z]
C6Z^`Y
% :Yxw<
#[:b^5q
Q.lOcP=*
~o[4AlA
?/R_|n>\>
XT3Ly+
^Lc;#X<[
/lf,JJ
c,6_Qz
2Q)^Vt
>-: Z$$QM
n_kq?%
3cd\g&
pfy/x.X8;k@4{C=Z( Pk
\c2<xoH
b~of.Ld<8
vBBFc?y?LF
C-.]9A
LRXYEk8
rpAd0i
q6@|&.
0EdKC/ba
{yVs!ZJF
<yIQZk6$^Es
h?eDQ-
Pjpi~ZY
a>f4wL ex
n*rqq/S
[aQJ\+zeqgT
Nra=&G
Np[?~--
'1WWNE
w{ 0}t"
T\w8E}\
OT/oVyE0!
G-]CH'JP6
IISX:4Wc
65ZN~<d
wRmw'N!
1_s1zf]XX
;`Lrm5
D05c! K8}
|Z !{ukC
].$EP\
S"Viu8
BB$!={
iv;)PN
BT{>%2i\
u-j0N4%&O
8:$J<yE-
:P&l8%p
ymod[t_g
~.|$5m
9'hg6%_)C~
j9.Q<}u\.
6r`K=Q
i- vS*H?.
#@6oa'm'4w
kiIvS$lDeh5r
;!!vjS}K-
Lh(}NFLLDrN
iS]"X@
MMcI\z
]^Gro"
Ir3/yUw
0mGL9z.
ar2V7.fiu-l?
OG {59V`{-h
^kKoNd
2_:G| |k}
63l8@9U>
*5ICS
F7PA_yF
HnqP^Lt hD<
~Cd][_;
x;D:)<r
pw|5n26
"&](\x[u
&q+=va
n,_?nI6
2FsW.DhtK0[
/+n_A^,r[v
K4fPyDG
i,li|5c
Ge,V3{j,;vJ
<'X#(Uw
#hr_%"
Z%@JtIS)
xHiqRYY
av+*K_5ya]H
]Es:prnbd
;[uNN(
}3( w=;
-vfEyQG
by[y#U&/"
(krWw;d
H!1K(1
'b!W3*
, o-VU2GD>z`'
qm{~Ybw
3kd J(
h&$"B)S
<JS'I)<
n.\@vZ/&b`
}5c}vnw+
|:v&9u*}u
7):d^n5
_{~G^vJ#`c
6?%+ZO{
skqvU
k@;7&c)x0sb%8M
";=}v\B2
p}7f+Q/O
-MrW?6fwIx
"/x8`HKxhR96R
2WN`(2Q
+|c3`p
YSO %T
+9[3A%mbD+
z;tS["
]PCt&E 'TlWvI%
|[#<[|:AR
_G%W !k?m6p
)Gu1F1
S>Gs\'oJT.y.
HV|V]E+a9L
iDyDHi2i)
o$Q.T53v
(Y~Le+W[{! J6
|< 74pn
QVi"C!!KYNkw*g
%)fowyK
Ts)R-DvO
Hx+(+$n
_A'FVM
;<W6X;
.7U~Bj/z]V)ss
MN(&P.x+0 `m*~fM
`e#_KQFc+
J$'M|ZO
25"4=getnewFV
WYo!=#c=g@
+F1a7]j%
:']58,Nbs
XVHD/aT'hkk@
F~`R\A
7xB0k`
/xfMQ9
B|zr}E
[j<;K@h
ZmVc/Z,2a,
D3g/Xe5N
+ !,xA3D
p3pAB<
j3"F&HB
AM;-m^
XIps4_XM
TN!f",*`
@nh&.gy
8Z78~v[
[)O cV:j
aN;1|9h
*8\r*~}
OH1>VfL8G
`"&Lh}^'
Um:Rq`I
orVi2|B
$h]!OB&Y!:
gsaGP/Fy
xAR5jV
b'RfLg
$EVG%.
KG0*;Ex0u
QcLAw8R-Aro
@jhY{KJOqn
;1N7.;;F>|yu%g;
m9)*c.P>.
B"f[&>
s 'jqF!@-'
r DnY;&
(PGK70
o{:(I(_"_
%I0UR.uX; U#ajwYB
.I"BF8
Z}[BuaG
H~X[b9
HwHl)9
nbOtX`
~7fj:L
=,7"2#~5
+@LM%rLX
UMDIf!
8)_8D=
LI5ai~
pcT@A"Z3cq
xOlz2fP.DZ
w8}J)_U
DzI;M4
d/c=`,e
AG$ "p2
eY&@mm
(;b8Mj\pq
ce9VYoR
Z^C`!x
%O?0W[M6
*Ng@1LQ
mOx4W`
{Gq=_v0]H~mMHjmDNM
P&Abd788w
zwEBjAH@
p|b,a
u;p# 9
jV|o%2&_[
T0_{EO$
J@h"-~?x
d4RNR'9
UO/Eqj
O%TU/Za+
=]gKlP
\VD6bKCokD
T]o[ie
[^/iB$`
`.z~P; T
Je>4CmQaD
8%4ayq*:9
6>y'q[A
ZAtW,|;$Kn
ovOiGUx3
!c%Yq$h+ mF<2e`|
-kQJ^R$Vc-r6(2
Eo>Fh'cQ
zEVZ9{0L
?94YU^
!g:L$$'
irBV{md
Tr!,AK
r4Gjil0}h}R
f^SB$_
|K6e"zEt487N
'>n%,'MU+*|Ry)W$
eSdnpvm
I8i7s/COl4Rn
l7~.l=
.&Z*J<
HJgTCl
"sNCs]D}
9VqI?D;7c?
NRj_:;
tBf|]EL
(#n1%]~
{-my=?|x
r5[ T%i"
brRZhg
[u0Y0;BT}z$S`8Z_KsQQw'
h!#&_KP0h$
25~L'!
,2hrD%xu
%-ohm4{
)cW0M%/
7|Luo,dlo
[Q Asf$!{b
a>zxAwl
E9M.JT
hvN_zBou
U;HB2a&G
]~AcEI"k@_
/Br Rvsa#P
^]$V"?;n>
sP cen
8)u=AB
VW?%z+[O+b
"@tJ^H }
-dn0q+b?>
FlCUB7
$D:* jS
cbTVljr/
yh"N,oL
d3 a'7%
z}FYgY
l+3ziI
^g9//R
V?$,ia+
hO'?X!~
>T?n1M}
-e[Os}fd
;^+e]%%Ac
K .awi&
-bK,+*
5=Hb'"x
:Ut`Pb3[@+
Ku*p!/
yvg6wS@$=q
.uOlJ0
s[ 3{3bpHu
^8v?Oz++
4(XQfT:)
?rGL;i
qVhA3i<
}_55-hmHHZ'%
I:ro<YEtz
8,V2q
4BHzlnR@c+
K+K*9H>A
UDSE9|xDenf
3U7*rD9$
mKA"zG8
E V%;1
3mS>T'1"9z]FE
MT'_d",Fi
,~[$d3(
](?Bba
IB9iag$~5@
IybV?v{nOD
XO@I9R
7lVf >(MG
VLv>mBW
gSd$8ZTO/a
DJgW52oZ=
CrQd/o
Gy#?jM
kn =>8^8
:R}wv>N<h\KR
Sb( v3
CDv=$9
Ce0*Q<3
[Mwf$%P
6y"&\~\
DxoU`fqc@
P%m\Y3{%t
B`M[5!y
O|WKnBnb
U4f#"-eE
O<Y!-t
!}\b]'MXV
m,6{-+2
"O*3,W0
Ie# '*>g8l-
[kb{6K
c0:1 2
Pt}c,L:
R>n0Iz<qlSM${Q
b%:6ui#S`q
R+be:O}
!?|vr=RX
ahb`U)
E'e"&6
M+<luI6`Ch72f
0)%$!f{UYCLHGWOC*T
ND1 :;d
{$=y<DO*"
@)I4K",w
Lf8ub{C$ Cw']
)rb#5
+r9+F2N
yOs[;9xOOy
86{eOdL
E0y3Vr?k`B
[D=;(=?Y`m3t
:}6l% 7a
)Dj3MobI+S
kIsv8&
fwNz L&6
@+k_dM
YCYf!IL
HyyH>Q+Y2I3P
%HjruR0 B0D
cPz%M,h
N#lZVu~UJ0DB
cyC]8[),i@yMg.5]@x
`b6r[x`NNtI%e
(~(s*n9
I'eBdV,zE'nAocpn&
2Y=KyOsPr
=np ?1)
0V5[@sw||nFOq-
21RE_(
/DAn&+B
xY?!ry)
i8Kolx&
f(e'?b
-utcG^gxx
XY |06
@C.yT_
WV"f5r;32;T
J'qma.
1@@0y20
W"^yIsn^H#6=S
oJm=y?!
FMu(O%c{@T>4
$LgG=<
~9s:2L
O"heMjV
Fe;k*ucN|
8*umM.X
c`3.tdw J=
-=i{6`x
"dSKE*Hm
sSKBxA[I
`"Z"1P
a>7(zL'e+ Li
*:{$-k
,6<1=3%
,D//?e{6,C:TtY
p*Yp;+ajr
Yz!5z?xxa
IK{\7[
9*<]Ig,i
-,n1"!<taX}H
TC!Y235y
([P^Kb
\* 7Zq
&}-wPU
oZ$vRU
JAR3;P
IELL a2
KT/Efo0R.)
H^i<Tm
O9,\wJCvF
I"BWw,dI@
uv? nM
/]4(Imz
}PrTuiX~
!zgt'tU
P!,=j*]1hW7>
3-~1i{j`d3`>|r
)/{%D?Qk
8mcDEc&
SZt)L)
&63thw,6DvXYC[-
ZoJn_+X6l(n
Wb0)y?#Ue
aiWD0wc@"Wv_p
QkVex}E
gzWf&Z7
b.$f*o=
Y,JPEc7,*N
=f!76?
C)2X-bZ
R`#\_B
&qCSY%
{c~]Y#<bQBf#
C?Q)WvR
*.r8.UQ
UQz^k_
M\xM6T;=
}(`<lT9
N:kUIMJ
)%O4A:{Y
5lQLGm<B=$&f
U@(l6)
~+~Dd42-4
-JyT2s
4b"TgMA
|PBmL5
S>G={K!
#,6qHQ
w?@\)]
HWm=!8
zR\ 79
c$<>kH6%
",jSLp_Bp@N$@
8sAWB1
)l+Uo]
5@)Km`
$VG4'D7zXGyu.A<[-Pt'=C
dbJ4_iAxop#"H
5 ?=lP=\$PhbsLg
IJ5;h-
o7|Q {
.?DZi3
G CX"M
%26U=s
[!1;HA
N#jGNVY
N4PQ#2N6
CFo dG)`m
>D eu\[ }Hu
5%'r1tw#
n?DWrvQ
C|K>-z
#B%^rd
fCmPOO9
~Y?&],|
:$s{CBS@+
~4d&>!>MQ
R@C.q)?_t
aed(;#
P5;QS;44yd/16&*>h\Yw
?="Ij=86Z0t(oZ2
OiF`-Otd.
;so7wC
P3;K!#HxA`f6
a0S1)H
P4z9[)
&ssR&E'<@u
rJkV/bz<
XyOeusfWNnlm
N%Wm)kXTz
bA@|.NO4CYMc
s`?"6]
;[7NyI
KP9EyFV
}/+<]4
B(X`N[
Ul_+e9w_
.%MGVp-dA0
Y^Dja0
7S55zgw
"VR7)d-
NlZG0;p<#.
.GDr}$b
.@#}_hc[I,M%@t
K;09GJ
fHV=Y`E3
:\>p-$Y
.HF~>M
t;le'u
.N;G7'+'eX]fPnJ=O)i/'Vo>sZ"&
}ExUmzYHI
'7+(k+
.S.a}B o
POuoE`
&v,VfUG'&
GqK.rw7
E`1trwc
B~S"g6
VelB!f
I|QMs>$eWp=gj^ks
r\Vmxw
#dj([YbpV
,bw<?1v
|s!0qDKd :>=
|4vtEII*)iMo`zsU
eNG|DxQ1}r>nsp
h& SK.R'mtF
ZaCy[i
hltGj*
L#O-@
mjzs"}
@HJd)!o-
/EjmZ/
q{"Qc`>,
kJ}=a<f
,Q<2D/J{zR
3nbfs'
hg+8IW
w^UUs0?
rEszO|dTu0Qc(?:G
R+cIsOBz?
X??_YW)
:]KTwa
KoU+xI eXg|
A<aeuV- pgr
`Bc'O"p
]K>.7qz
hIawan
BP2!e|8498
N[bygoO{"
!jP18A
Y4!KU~
\!f]"{Sk0lMfJP)
{:O,)p0BH
d;@L!C
Zq*1T2r('
*M=bX<+
+?0+!M0y [?c
[Us2"- M
'+p,#d:
k%^6CB
[ !>QR+
>-$IQab*z
is\yH1
aQo$]8fO{"=As7UB
*e_4~:
$M?/[M1q
iZ cUKAZ7r
`gc?i!u.
z-o.hco#V@
2U>d7'
.!}[e#g$
D�V�C�L�A�L�
P�A�C�K�A�G�E�I�N�F�O�
M�A�I�N�I�C�O�N�
Hosts
| IP |
|---|
| 114.114.114.114 |
| 8.8.8.8 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com |
A 131.107.255.255
A 131.107.255.255 |
|
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 61714 | 8.8.8.8 | 53 |
| 192.168.56.101 | 56933 | 8.8.8.8 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 58485 | 114.114.114.114 | 53 |
| 192.168.56.101 | 57665 | 114.114.114.114 | 53 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.