10.6
0-day
5 个模型检测该样本为恶意!
重新分析
更多

24f4c0790ea534f4a853c25a92c4fc9938f941bda87dcc7b08789f47856391ad

7fd8c9b9a9f748cdc1ed84842bcedfd0.exe

分析耗时

124s

最近分析

文件大小

11.6MB
静态报毒 动态报毒 BSCOPE CLOUD CONFIDENCE CRYPTO HW32 MALICIOUS OCCAMY 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20200707 6.0.6.653
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast 20200707 18.4.3895.0
Kingsoft 20200707 2013.8.14.323
Tencent 20200707 1.0.0.1
CrowdStrike win/malicious_confidence_60% (W) 20190702 1.0
静态指标
Queries for the computername (3 个事件)
Time & API Arguments Status Return Repeated
1620956882.105876
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620956883.074876
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620956883.199876
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620956855.667876
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .ndata
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (2 个事件)
suspicious_features GET method with no useragent header suspicious_request GET http://tjsearch.boshixitong.com/index.php/home/api/xget?channel=4&mid=9604b811cdbc518ae273bd3dffe15635
suspicious_features GET method with no useragent header suspicious_request GET http://mini.eastday.com/hanboshi/resouci.json
Performs some HTTP requests (14 个事件)
request GET http://search.hunfeng.top:80/4_360/config/config.ini
request GET http://search.hunfeng.top:80/4_360/icon/jietu.png
request GET http://search.hunfeng.top:80/4_360/icon/bd.png
request GET http://tjsearch.boshixitong.com/index.php/home/api/xget?channel=4&mid=9604b811cdbc518ae273bd3dffe15635
request GET http://search.hunfeng.top:80/4_360/icon/2345.png
request GET http://search.hunfeng.top:80/4_360/icon/tm.png
request GET http://search.hunfeng.top:80/4_360/icon/tb.png
request GET http://search.hunfeng.top:80/4_360/icon/jhs.png
request GET http://search.hunfeng.top:80/4_360/icon/9.9.png
request GET http://search.hunfeng.top:80/4_360/icon/jd.png
request GET http://search.hunfeng.top:80/4_360/icon/xx.png
request GET http://search.hunfeng.top:80/4_360/config/BrowserSearch.ini
request GET http://mini.eastday.com/hanboshi/resouci.json
request GET http://search.hunfeng.top:80/4_360/config/OpenURL.ini
Resolves a suspicious Top Level Domain (TLD) (1 个事件)
domain search.hunfeng.top description Generic top level domain TLD
Allocates read-write-execute memory (usually to unpack itself) (11 个事件)
Time & API Arguments Status Return Repeated
1620956871.902876
NtProtectVirtualMemory
process_identifier: 3064
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x74514000
success 0 0
1620956872.917876
NtProtectVirtualMemory
process_identifier: 2732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 12300288
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00f07000
success 0 0
1620956872.917876
NtProtectVirtualMemory
process_identifier: 2732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 1847296
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00cb1000
success 0 0
1620956874.699876
NtAllocateVirtualMemory
process_identifier: 2732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00550000
success 0 0
1620956874.699876
NtAllocateVirtualMemory
process_identifier: 2732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00580000
success 0 0
1620956874.714876
NtAllocateVirtualMemory
process_identifier: 2732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00590000
success 0 0
1620956874.714876
NtAllocateVirtualMemory
process_identifier: 2732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x005a0000
success 0 0
1620956874.714876
NtAllocateVirtualMemory
process_identifier: 2732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00ad0000
success 0 0
1620956874.714876
NtAllocateVirtualMemory
process_identifier: 2732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00b20000
success 0 0
1620956875.105876
NtAllocateVirtualMemory
process_identifier: 2732
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00b30000
success 0 0
1620956924.886999
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00000000050c0000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (1 个事件)
Time & API Arguments Status Return Repeated
1620956890.542999
GetDiskFreeSpaceExW
root_path: C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Explorer
free_bytes_available: 19265437696
total_number_of_free_bytes: 0
total_number_of_bytes: 0
success 1 0
Creates executable files on the filesystem (11 个事件)
file C:\Program Files\DesktopClient\Uninstall.exe
file C:\Program Files\DesktopClient\data\appcache\Everything.exe
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\韩博士搜索工具\韩博士搜索工具.lnk
file C:\Program Files\DesktopClient\NewsModule.dll
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsyABAE.tmp\System.dll
file C:\Program Files\DesktopClient\FileSearchModule.dll
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\韩博士搜索工具\卸载.lnk
file C:\Users\Administrator.Oskar-PC\Desktop\韩博士搜索工具.lnk
file C:\Program Files\DesktopClient\update\Update.exe
file C:\Program Files\DesktopClient\DesktopClient_4.exe
file C:\Program Files\DesktopClient\data\appcache\ScreenShot.exe
Creates a shortcut to an executable file (3 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\韩博士搜索工具\卸载.lnk
file C:\Users\Administrator.Oskar-PC\Desktop\韩博士搜索工具.lnk
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\韩博士搜索工具\韩博士搜索工具.lnk
Drops a binary and executes it (2 个事件)
file C:\Program Files\DesktopClient\update\Update.exe
file C:\Program Files\DesktopClient\data\appcache\Everything.exe
Drops an executable to the user AppData folder (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsyABAE.tmp\System.dll
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1620956890.574876
ShellExecuteExW
parameters:
filepath: C:\Program Files\DesktopClient\data\appcache\Everything.exe
filepath_r: C:\Program Files\DesktopClient\data\appcache\Everything.exe
show_type: 0
success 1 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (4 个事件)
File has been identified by 5 AntiVirus engines on VirusTotal as malicious (5 个事件)
Bkav HW32.Packed.
APEX Malicious
Rising Trojan.Crypto!8.364 (CLOUD)
VBA32 BScope.Trojan.Occamy
CrowdStrike win/malicious_confidence_60% (W)
Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 个事件)
Time & API Arguments Status Return Repeated
1620956874.699876
NtProtectVirtualMemory
process_identifier: 2732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 32 (PAGE_EXECUTE_READ)
process_handle: 0xffffffff
base_address: 0x00550000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620956893.714876
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
网络通信
Communicates with host for which no DNS query was performed (4 个事件)
host 119.96.211.1
host 172.217.24.14
host 203.208.41.33
host 203.208.41.66
Installs itself for autorun at Windows startup (1 个事件)
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\韩博士搜索工具 reg_value "C:\Program Files\DesktopClient\DesktopClient_4.exe"
Deletes executed files from disk (3 个事件)
file C:\Program Files\DesktopClient\data\
file C:\Program Files\DesktopClient\data\appcache\
file C:\Program Files\DesktopClient\data\appcache\Everything.exe
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1620956896.027876
RegSetValueExA
key_handle: 0x00000504
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620956896.027876
RegSetValueExA
key_handle: 0x00000504
value: °>˜ËhH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620956896.027876
RegSetValueExA
key_handle: 0x00000504
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620956896.027876
RegSetValueExW
key_handle: 0x00000504
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620956896.042876
RegSetValueExA
key_handle: 0x00000524
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620956896.042876
RegSetValueExA
key_handle: 0x00000524
value: °>˜ËhH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620956896.042876
RegSetValueExA
key_handle: 0x00000524
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620956896.355876
RegSetValueExW
key_handle: 0x0000051c
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1620956897.574876
RegSetValueExA
key_handle: 0x0000034c
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620956897.574876
RegSetValueExA
key_handle: 0x0000034c
value: `L„ÌhH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620956897.574876
RegSetValueExA
key_handle: 0x0000034c
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620956897.574876
RegSetValueExW
key_handle: 0x0000034c
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620956897.574876
RegSetValueExA
key_handle: 0x00000350
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620956897.574876
RegSetValueExA
key_handle: 0x00000350
value: `L„ÌhH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620956897.574876
RegSetValueExA
key_handle: 0x00000350
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 172.217.160.110:443
dead_host 172.217.24.14:443
dead_host 172.217.160.78:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2018-02-11 12:50:51

Imports

Library KERNEL32.dll:
0x408070 Sleep
0x408074 GetTickCount
0x408078 ReadFile
0x40807c CreateFileA
0x408080 GetFileSize
0x408084 GetModuleFileNameA
0x408088 GetCurrentProcess
0x40808c CopyFileA
0x408090 ExitProcess
0x40809c GetTempPathA
0x4080a0 GetCommandLineA
0x4080a4 lstrlenA
0x4080a8 GetVersion
0x4080ac SetErrorMode
0x4080b0 lstrcpynA
0x4080b4 SetFileAttributesA
0x4080b8 GlobalUnlock
0x4080bc GlobalLock
0x4080c0 CreateThread
0x4080c4 CreateDirectoryA
0x4080c8 CreateProcessA
0x4080cc GetTempFileNameA
0x4080d0 WriteFile
0x4080d4 lstrcatA
0x4080d8 GetSystemDirectoryA
0x4080dc GetProcAddress
0x4080e0 GetExitCodeProcess
0x4080e4 WaitForSingleObject
0x4080e8 RemoveDirectoryA
0x4080ec lstrcpyA
0x4080f0 MoveFileExA
0x4080f4 GetFileAttributesA
0x4080fc GetLastError
0x408100 MoveFileA
0x408104 GetFullPathNameA
0x408108 GetShortPathNameA
0x40810c SearchPathA
0x408110 CompareFileTime
0x408114 SetFileTime
0x408118 CloseHandle
0x40811c lstrcmpiA
0x408120 lstrcmpA
0x408128 GlobalAlloc
0x40812c GlobalFree
0x408130 GetModuleHandleA
0x408134 LoadLibraryExA
0x408138 FreeLibrary
0x40813c MultiByteToWideChar
0x408144 MulDiv
0x40814c SetFilePointer
0x408150 FindClose
0x408154 FindNextFileA
0x408158 FindFirstFileA
0x40815c DeleteFileA
0x408160 GetDiskFreeSpaceA
Library USER32.dll:
0x408184 GetMessagePos
0x408188 CallWindowProcA
0x40818c IsWindowVisible
0x408190 LoadBitmapA
0x408194 CloseClipboard
0x408198 SetClipboardData
0x40819c EmptyClipboard
0x4081a0 OpenClipboard
0x4081a4 TrackPopupMenu
0x4081a8 GetWindowRect
0x4081ac AppendMenuA
0x4081b0 CreatePopupMenu
0x4081b4 GetSystemMetrics
0x4081b8 EndDialog
0x4081bc EnableMenuItem
0x4081c0 GetSystemMenu
0x4081c4 SetClassLongA
0x4081c8 IsWindowEnabled
0x4081cc SetWindowPos
0x4081d0 DialogBoxParamA
0x4081d4 ScreenToClient
0x4081d8 CreateWindowExA
0x4081e0 RegisterClassA
0x4081e4 SetDlgItemTextA
0x4081e8 GetDlgItemTextA
0x4081ec MessageBoxIndirectA
0x4081f0 CharPrevA
0x4081f4 wvsprintfA
0x4081f8 DispatchMessageA
0x4081fc PeekMessageA
0x408200 GetSysColor
0x408204 CharNextA
0x408208 ExitWindowsEx
0x40820c DestroyWindow
0x408210 CreateDialogParamA
0x408214 SetTimer
0x408218 SetWindowTextA
0x40821c SetForegroundWindow
0x408220 ShowWindow
0x408224 IsDlgButtonChecked
0x408228 GetAsyncKeyState
0x40822c CheckDlgButton
0x408230 LoadCursorA
0x408234 SetCursor
0x408238 GetClassInfoA
0x40823c GetWindowLongA
0x408240 wsprintfA
0x408244 SendMessageTimeoutA
0x408248 FindWindowExA
0x40824c IsWindow
0x408250 GetDlgItem
0x408254 SetWindowLongA
0x408258 LoadImageA
0x40825c GetDC
0x408260 ReleaseDC
0x408264 EnableWindow
0x408268 InvalidateRect
0x40826c SendMessageA
0x408270 DefWindowProcA
0x408274 BeginPaint
0x408278 GetClientRect
0x40827c FillRect
0x408280 DrawTextA
0x408284 EndPaint
0x408288 PostQuitMessage
Library GDI32.dll:
0x40804c SetBkColor
0x408050 GetDeviceCaps
0x408054 DeleteObject
0x408058 CreateBrushIndirect
0x40805c CreateFontIndirectA
0x408060 SetBkMode
0x408064 SetTextColor
0x408068 SelectObject
Library SHELL32.dll:
0x408168 ShellExecuteExA
0x40816c SHBrowseForFolderA
0x408174 SHGetFileInfoA
0x408178 SHFileOperationA
Library ADVAPI32.dll:
0x408000 RegQueryValueExA
0x408008 RegDeleteValueA
0x40800c RegSetValueExA
0x408010 RegCreateKeyExA
0x408014 RegOpenKeyExA
0x408018 SetFileSecurityA
0x40801c OpenProcessToken
0x408020 RegDeleteKeyA
0x408024 RegCloseKey
0x408028 RegEnumKeyA
0x40802c RegEnumValueA
Library COMCTL32.dll:
0x408038 ImageList_Destroy
0x40803c ImageList_AddMasked
0x408040
0x408044 ImageList_Create
Library ole32.dll:
0x408290 OleUninitialize
0x408294 OleInitialize
0x408298 CoTaskMemFree
0x40829c CoCreateInstance

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49219 117.24.11.18 mini.eastday.com 80
192.168.56.101 49186 120.76.246.204 ssgjz.qishixitong.com 8023
192.168.56.101 49195 120.76.246.204 ssgjz.qishixitong.com 8023
192.168.56.101 49203 47.75.150.85 tjsearch.boshixitong.com 80
192.168.56.101 49198 58.218.215.130 search.hunfeng.top 80
192.168.56.101 49201 58.218.215.130 search.hunfeng.top 80
192.168.56.101 49202 58.218.215.130 search.hunfeng.top 80
192.168.56.101 49204 58.218.215.130 search.hunfeng.top 80
192.168.56.101 49206 58.218.215.130 search.hunfeng.top 80
192.168.56.101 49208 58.218.215.130 search.hunfeng.top 80
192.168.56.101 49210 58.218.215.130 search.hunfeng.top 80
192.168.56.101 49212 58.218.215.130 search.hunfeng.top 80
192.168.56.101 49214 58.218.215.130 search.hunfeng.top 80
192.168.56.101 49215 58.218.215.130 search.hunfeng.top 80
192.168.56.101 49218 58.218.215.130 search.hunfeng.top 80
192.168.56.101 49220 58.218.215.130 search.hunfeng.top 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 53380 114.114.114.114 53
192.168.56.101 54178 114.114.114.114 53
192.168.56.101 54991 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 58970 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 63497 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 54260 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://search.hunfeng.top:80/4_360/icon/xx.png 
GET /4_360/icon/xx.png HTTP/1.1
Accept:*/* 
Accept-Language: zh-cn 
Accept-Encoding: gzip,deflate 
User-Agent: sess Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 
Connection:Keep-Alive 
Host: search.hunfeng.top:80
http://search.hunfeng.top:80/4_360/icon/jhs.png 
GET /4_360/icon/jhs.png HTTP/1.1
Accept:*/* 
Accept-Language: zh-cn 
Accept-Encoding: gzip,deflate 
User-Agent: sess Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 
Connection:Keep-Alive 
Host: search.hunfeng.top:80
http://tjsearch.boshixitong.com/index.php/home/api/xget?channel=4&mid=9604b811cdbc518ae273bd3dffe15635 
GET /index.php/home/api/xget?channel=4&mid=9604b811cdbc518ae273bd3dffe15635 HTTP/1.1
Host: tjsearch.boshixitong.com
http://search.hunfeng.top:80/4_360/icon/tb.png 
GET /4_360/icon/tb.png HTTP/1.1
Accept:*/* 
Accept-Language: zh-cn 
Accept-Encoding: gzip,deflate 
User-Agent: sess Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 
Connection:Keep-Alive 
Host: search.hunfeng.top:80
http://search.hunfeng.top:80/4_360/config/OpenURL.ini 
GET /4_360/config/OpenURL.ini HTTP/1.1
Accept:*/* 
Accept-Language: zh-cn 
Accept-Encoding: gzip,deflate 
User-Agent: sess Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 
Connection:Keep-Alive 
Host: search.hunfeng.top:80
http://search.hunfeng.top:80/4_360/icon/tm.png 
GET /4_360/icon/tm.png HTTP/1.1
Accept:*/* 
Accept-Language: zh-cn 
Accept-Encoding: gzip,deflate 
User-Agent: sess Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 
Connection:Keep-Alive 
Host: search.hunfeng.top:80
http://search.hunfeng.top:80/4_360/config/BrowserSearch.ini 
GET /4_360/config/BrowserSearch.ini HTTP/1.1
Accept:*/* 
Accept-Language: zh-cn 
Accept-Encoding: gzip,deflate 
User-Agent: sess Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 
Connection:Keep-Alive 
Host: search.hunfeng.top:80
http://search.hunfeng.top:80/4_360/icon/jietu.png 
GET /4_360/icon/jietu.png HTTP/1.1
Accept:*/* 
Accept-Language: zh-cn 
Accept-Encoding: gzip,deflate 
User-Agent: sess Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 
Connection:Keep-Alive 
Host: search.hunfeng.top:80
http://search.hunfeng.top:80/4_360/icon/2345.png 
GET /4_360/icon/2345.png HTTP/1.1
Accept:*/* 
Accept-Language: zh-cn 
Accept-Encoding: gzip,deflate 
User-Agent: sess Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 
Connection:Keep-Alive 
Host: search.hunfeng.top:80
http://mini.eastday.com/hanboshi/resouci.json 
GET /hanboshi/resouci.json HTTP/1.1
Host: mini.eastday.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.