1.3
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.79
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Malware-gen | 20200530 | 18.4.3895.0 |
| Baidu | Win32.Worm.Agent.fj | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200530 | 2013.8.14.323 |
| McAfee | GenericRXKN-BX!A5776ED3DA7D | 20200530 | 6.0.6.653 |
| Tencent | Malware.Win32.Gencirc.10b07ba5 | 20200530 | 1.0.0.1 |
静态指标
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(3 个事件)
| section | {'name': 'UPX1', 'virtual_address': '0x00012000', 'virtual_size': '0x0000a000', 'size_of_data': '0x00009200', 'entropy': 7.713058086740162} | entropy | 7.713058086740162 | description | 发现高熵的节 | |||||||||
| section | {'name': '.rsrc', 'virtual_address': '0x0001c000', 'virtual_size': '0x00002000', 'size_of_data': '0x00001e00', 'entropy': 7.633918786630199} | entropy | 7.633918786630199 | description | 发现高熵的节 | |||||||||
| entropy | 1.0 | description | 此PE文件的整体熵值较高 | |||||||||||
可执行文件使用UPX压缩
(2 个事件)
| section | UPX0 | description | 节名称指示UPX | ||||||
| section | UPX1 | description | 节名称指示UPX | ||||||
网络通信
与未执行 DNS 查询的主机进行通信
(2 个事件)
| host | 114.114.114.114 | |||
| host | 8.8.8.8 | |||
文件已被 VirusTotal 上 60 个反病毒引擎识别为恶意
(50 out of 60 个事件)
| ALYac | Generic.Malware.SP!V!Pk!prn.BBABDCDC |
| APEX | Malicious |
| AVG | Win32:Malware-gen |
| Acronis | suspicious |
| Ad-Aware | Generic.Malware.SP!V!Pk!prn.BBABDCDC |
| AhnLab-V3 | Worm/Win32.Agent.R304664 |
| Antiy-AVL | Worm/Win32.Agent.cp |
| Arcabit | Generic.Malware.SP!V!Pk!prn.BBABDCDC |
| Avast | Win32:Malware-gen |
| Avira | TR/Dropper.Gen |
| Baidu | Win32.Worm.Agent.fj |
| BitDefender | Generic.Malware.SP!V!Pk!prn.BBABDCDC |
| BitDefenderTheta | Gen:NN.ZexaF.34122.gmJfayAwqYb |
| CAT-QuickHeal | Worm.SfoneCS.S9535634 |
| CMC | Worm.Win32.Agent!O |
| ClamAV | Win.Malware.Bbabdcdc-7358312-0 |
| Comodo | TrojWare.Win32.Trojan.XPACK.Gen@2ho5ur |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.3da7d7 |
| Cylance | Unsafe |
| Cyren | W32/S-587afbdf!Eldorado |
| DrWeb | Win32.HLLW.Siggen.1607 |
| ESET-NOD32 | Win32/Agent.CP |
| Emsisoft | Generic.Malware.SP!V!Pk!prn.BBABDCDC (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/S-587afbdf!Eldorado |
| F-Secure | Trojan.TR/Dropper.Gen |
| FireEye | Generic.mg.a5776ed3da7d7ba6 |
| Fortinet | W32/Agent.CP!worm |
| GData | Generic.Malware.SP!V!Pk!prn.BBABDCDC |
| Ikarus | Worm.Win32.Agent |
| Invincea | heuristic |
| Jiangmin | Worm.Agent.tt |
| K7AntiVirus | Trojan ( 0051918e1 ) |
| K7GW | Trojan ( 0051918e1 ) |
| Kaspersky | Worm.Win32.Agent.cp |
| MAX | malware (ai score=80) |
| Malwarebytes | Worm.Agent.MSGR |
| MaxSecure | Trojan.Malware.300983.susgen |
| McAfee | GenericRXKN-BX!A5776ED3DA7D |
| McAfee-GW-Edition | BehavesLike.Win32.Generic.nc |
| MicroWorld-eScan | Generic.Malware.SP!V!Pk!prn.BBABDCDC |
| Microsoft | Worm:Win32/Sfone |
| NANO-Antivirus | Trojan.Win32.Agent.hakuu |
| Panda | Generic Suspicious |
| Qihoo-360 | HEUR/QVM18.1.9056.Malware.Gen |
| Rising | Worm.Agent!1.BDD2 (CLASSIC) |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
| Sophos | Troj/Agent-AGQR |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2006-03-03 01:50:37
PE Imphash
bc5994e55cbe4fadd0cc6ce15d753e0a
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| UPX0 | 0x00001000 | 0x00011000 | 0x00000000 | 0.0 |
| UPX1 | 0x00012000 | 0x0000a000 | 0x00009200 | 7.713058086740162 |
| .rsrc | 0x0001c000 | 0x00002000 | 0x00001e00 | 7.633918786630199 |
Imports
Library ADVAPI32.dll:
• 0x41b08c RegCloseKey
Library KERNEL32.DLL:
• 0x41b094 LoadLibraryA
• 0x41b098 ExitProcess
• 0x41b09c GetProcAddress
• 0x41b0a0 VirtualProtect
Library MPR.dll:
• 0x41b0a8 WNetOpenEnumA
Library SHELL32.dll:
• 0x41b0b0 ShellExecuteA
Library USER32.dll:
• 0x41b0b8 EnumWindows
Library WS2_32.dll:
• 0x41b0c0 gethostbyaddr
L!This program cannot be run in DOS mode.
PEC2^O
MnwPGuK@A}
7{E^`N
jP}YoH3?
.3D wL
-@H]X?
Ur`qe!
m[FSR`$#y
a\e5co
=LKOtR
]Z R0Ge0
ggBR!'$(%duD'b
*i+h [h]
Qt@\ZDDGK
]I#[f!BTZ)=P1ZLM]\U\v+&+
;l?Y7cRf
^pS&_h4!&A9r
jXZGD;HT{
M)N^WMVh>d
XGwpM>;}H
!j.([xQ
%`]!*'W1
T.m1QGNm'
[X/>Y!
govNZ81
s)tIKt
`82p3Wi#\:
?t>Yoe2[R-I-(\
'MRr/ES
2f uv|r !l
> YV #
YN 5%vf+
@`>=j:<$f
|jW3?S]
^nTEJs
[RPk|.=}Qi$cyYL
.W\rz!(N.Ab!x<]
^'~?(#P
ou80y\\=
IT:b"L
o3RjC+MS
bpFhMV
mdxjSkVk
O!DH!w
a6wv)M1
BMT@y83tV ,L
xUD; OvtW?
qw|0*aM
5;-bvI`
./ksF6x
}J@}Ylc`Y
DV4WEfH
["RN,vS>^6} N
)@>2La&->U
IYbI).A[o
)%cBp"
f1Y7RH
U!2[7|f
vNtc{y3\
W>qshVU
7d"5Vwq'A
oaG, *
L1XGq6r6lZPc
T7YNI].-yB
p:AY8M
COtZq1
Aq#|EA
Inh[7P
";hTz7L
WF"!lO
A0Nc,c
CE}y`5VVQ
o:Y[J}:&gb
4^fd;y
XtnpiwP:g
:4n-G<
Z 1lOJ
fYYzFIcH z.
z=Z$7P
zBCAfP
%JPb"I/ww(
mt@=u#M'JT I
&X^IL=v"y
[7]ra,}5U
X\534V
,GrR>8g%C8
,BD4q#x
Yi\)~U
hwqE".
n-1#2 k
_Iw3N$
5J?c] ||3VzQKe]
^uKkSd)Y/g
Wdt'h;
x~L`MOG)A)B
336P^\1~s\G
;M'pO3
tS3%2/z~e=HW\}
O-Wg9aK
3*+&)Um
wj)WU?0
6gWjq<".
Gz1LGtx
0`t]lb\
-%V"wz}zg|D
r\lwGF2$n
,P<`.9
/(`_s4&&4Gecs
~aw%"VO2x<#*R/t1
B|qWre(4>'
!_nY1Jg0
fa>j!?
cI6a/p
V\f-1rJA
ZZrzM_AeI8y`
Z&BR@'
OCQ%oPRmGizKTG ;mt0
BrauYlP
?:kRz'R'
j#??6Zp
),)HUl
:z"[r&B$
Q\8Gwm[v2djdyB
^b*)C?K^
F1ZW_-x
KembR+
:W,Y2E_
i1!2&z
e95/W@>
00L!=W0
?Q~BUQ7ZQ
^>9]nr
[V<m`~
=_U,h`>
'HBIY$6+28)5# #1OXW
l/{Fku
pioJ%JS--J
;]N%+%
i>l yS
R:'9g g
AAI<[QNDGR
C0*::}<(VKS
#n1^PT
D?9sU)
~{m5-apB\J@l
*"'p5Z[_
^}b#w[
2}F#WIa
`ua8j-
yH=1qgzl
h3YE/8
AbJk6]
pJS?9:#f/
hhrolyfRoL#R6l7~O"
FGt3pYYs
qT;UA6
t&#~HgJt(}
g~G.gY
]+R$8"{
GQqp+4sCq
))Oq([iP
`$|.w;
i^Rr~q0?
&_r70#
1 Yf`@jANqF
^&yV4uSs
;Z.23)Jy)3%]FX
m8GktKuF))d
LQe1S*|
_+p Rsd
WXU:3by
Y5{=hWtBr
;X7@ZE<(w/A
G[h#>X
i7#Ozu
pEC"\)j<9jEz
_-hRB5
>MJ#z_0>z
'MdtE5
s1\%F}-YkH}y
yX9r/z
mt?[)m
.&Mw3O
uG32f]
7z5s).
.Uh;Q]
/Tpab1
!e^D"HyR
T&'`G
3mtWpS
1 A `9"2
+ZqoP*
ED`#bJ<
^;<];y
4Y =@p[&7Y
_~sw6w)~
)WTo!~
KX/fn()6P[\
spTW|y
M1)ADB_uf`=zi
/{v.>mN
.EyY(PP
s> 9yaY7eV1
5maiy/
B2yAiZ
!Z1'_:
274bY}D2
5M}g$O
|wu 47}Y
6n+xbJ
?~|2f+#fP\`M*YE
1gN0DN
k~82E#1
f~2`HrE5-
Z YhZu>u+\2o33&H
p]HY*An
|{R_8+
qM?yk:^3:Vsw4
Y'P `L>
np49unH,
G Xjqo=\E
!sT)L uP8
!@m<|@Pu9S
-bBBFU
v[ncH3
Ok#)o),|
)O2=5Y_
_~8KNWN
9Mf;H5HYTH96
"[n3xQ(*z
6@TM26Uy
D+'^w}
LlTe[k(Q@|LLk
V/V>LR
21PA;63|
Is'(Ga
+E]a t
mJSjCn
Wq5qPj!
M>$n1Q
Dm\[Kqq=
={ [),-
b9nbkejx"KQ2R&Z
[W"EosjM
8bfzyT
Kb'~c#aM
Fe]:CQ
8Z!Q7c
5NTl@P3
{:AV[L\k@7
Q(gFs#j
<'r(Uh/):|^o^
'{@K G
ELwt+t%
}40%yO
iow>M|c@d
aH_uI!
?UR1f~
WlhH4#l
;eS_*c9`%
Z#A"[yU]8&
>hJ(kk
[glE_YM<[
bfE5b5
k^}ExJHM
G|H,4>H=[C2xONI
6FA3;e
`:F2=.f~
Atc5/[n
|0~PCYA q
":hDF ` =Mfl_B
vg^V7vg
vzg}&+_$%m/riv6
*B~%mt2#XU(
QK/*cF
/d:1N(mi*
`G{a|$pvs6C]
kMClJ)B
dFWu%eDVd0!Oug
ES[Lmy
Fw{AUSqu,OG
-M7@;)&F
D*[g9<)NSO
uw6&/3O
VO*E'|9>
E5_(Dy
-}#K5g
.l\9XX7
"g@|(QURTEL
(hXJUPEy#[
c"$alu
TT>z&;WUl
]Sn_sm(~dcYawm
f7`7%q)Os
UEqP&|*yDQ?fu|
RplX]P
Ab4uzHnL)D
ygJF6u
GgYJ|mP
$yERJ@k
7W@_)s
B>Qf6oe P!
5,KwA`K
nJ_[zTz,B.W s&
='G$/V3:
d:R?6<q;
|t-WOO
H_*a6d
K d{ 5wqaq/
~Aa)}]Mp|Vl
7j6~"C
'P&{w2r4
<?-?1]
%!*>(E
A# uzUG
QLm,dn~Q
S^T*Br}6O4MTP
DP?%H6m#
cf8uT>-=`
CD]] 0
BUrX6QFK6
:=jyn[X
>q FD=IL3dA
%iYr;i`U
Bh.v<cssU
R hw'U
9(P&4)v
!XNOx!M7
2QBqm]]
w3Qp*]
&sqL/R
S4W2J{;%?[9
bykTb.
2A0dY.gMmj
`H?[Zw
/tl~|x
Cq*%0Zo 8F
an CnMUY
LgP)a:
ZEGd@L#
h!U)-9
L?LY#WMZ
mr+fr~
D1:|six*
\t~M22 bPGq^T
S/:s}PB7~z_
K_vPa"
x\S%+\
Z>2l&O_
[&nA7|'I
&)/ GYwKYlw
L00JU;
dA1UvY
YHa.eKnd1O9
:K|sIAo
lO=qnS
VtxhZE
>7[Y:`7
ztd>;_
RU9~:T
/w-/Cu]O2Q
YH#K=81
l:.%J*
DsjpM!.:tw6N
;\LnM>f\
8u1| ['AAG^ lG
hE-rWc%
g'CuHB
4M# ?~XC
U'x`rTH^5
q6+iiNj
pu_F oO_)Z
!2Po8C\Bz"F!\O
(yTk,9Wb\R
`W *S>
/q&!dj6
1=g|Nr
9Vm"z^Ky
p:/e)M
,@.&#aZM
"3/"t,D
/2n@"x
sVr! N
:y8j/KM}
M9+v1U%
JkZ4JmN|Ue
lM00]T2#V
LmE]_OB
2i:~x0
yDS+Kr
";!)R}N
9_/G h$ |_jU%;r
V;9=W+Ng{
/l'RoXA~js8
qgQmt HAY*)I{$xN~
H`b8UvA9
9|~6^ZMR$y
]Q| ajP
U6/]$i
%ujTBG/`P
-T2?2=ZK; GE
>8<(6ag/ImQs
j}v@h'
L kx:X1@\
,o'd]X
Org8Ap3
/8#nQ[
j.%eDk$o
?!5@2E
C+02cd
y0Go*=&aZ0m#
q&%C0z:
Lf#A`Pw
0HmLtm
)yOS3d-<
X`SP$^
&H&#l@t7.dl0>
.O=I:"c
562:Qq
9F<(d<
s%249XA5`;
V2^'~c
5Wq Y'
5bcl8:z
~3-[8K\$c
@[H~0 }s
R2'X]J
$53Wws
D1e*xsE1;$5BP
Y_w{ !
Tg<p>T)k
gX~@3Ne
wRIJNZ
F03EtToso2{p,GHa
1wCq%iz I|
P]he{Z
*sH)c#;e>=
Z8Es0/
,zMrV!?u
k#8"="
|S'hUe4> :
KnR%1z+Qy|_g
=d"I6* r"PJ}TI
$<"@>a
ae7\nVi
_o:Z4?
VPGF%Kg`QO
VtkV!*
+}-8h,A>Q
>M'q^ c_0;m
Gd9{5j
+}p=P~@
;SOjkz
iI%&eXFshLr"
F=TE%/
. 5M~uU^MU$c}k
syZ_7S+eDRtz
Urq-yzffhI/
:kOn[e)
p./mj&;y
crHy<o.
6/1ba>K
I\z^4tD`"aE9L
4Smlu+B+
J%G^>/7
yu`Rv!l9;
`'q%gCZf|
?FcMq.>a.7Ob/YkA
.sP)"BwL
&s$-`N
Ay>49T
4< >kW|_Q^F>
tZ[6`L}53_
Wq Ft~
Ai(r&)!=
u%trVjc1
3E,6Q\$7
tT}"<r
=9TW +qA
'(6FB6
N#MT"z4U
U> 6IK
%leb.W
IgXuQ$OiYq
m.'UM;oKnrP]
m%=,_/0:0C
yE~& .
Dj<@DZ#
:J]Rlg{Z
T=]14!@
V kkFT
Hw>95ve
('J%<s
Sk`LbpI./i
IWWUR34~-
M4KHJH
8Hxdtne%
~srH="=g
,+%>Y ^)YS-yz+
IL#s\x k
PDYC3\
T<c-6>L"}g}
8}!9Ea
5)R&+D
&O^8A_
,^_w\+#7I7
j@y%zLI4
iT,qlK
h~53FcX/ZQycp
~|(=z|
6Y-.qW
w4w3dw
(RI{a"j,Wa
*Nrp2#rQ~U
~ZI. ?x
"?RgLFrrMtBk2u
PPSBu%q
"AfT3S
cu=c.7[n
$M?vMe
+d!Y)B
6T7Ig(
jC7;I\
oIV!Zd
<@D5\o/
6bg9Q1z
eZC}_%
Sy5jPAww+
k8^<z4R|PQ
8,AKO,
bhnt7i(}ENj
FON}t j.Vr]
]uZ'{gJ
+X_)xUf
e'9S]xwm:
LU`]i:'
6 d:Z`
050ad+
./^0VKAI
cJlc^S:
Oh,>4!
Pg[@[Y7
-A&'\6xG&
P(}%Pw
rY ,Pou:)7D9;OS
{E0yLKA^7+
I,}CE|y
>2w79.}8n{/q.
2I/|n
d':%T%m%
r2!AMg
i^Q-KB#
+&0/"7dj
a,I&e7
V )q8h9
<rlJxL
uW^,75"lQcr@u
<$L"_*
,bRl<r]xP6hu#w
3djFy\
j"r9Q)]R5g}*]
<gN"I>]g
2dH!Xt,
zd'3CIeKg
f4oR&E^
f!"M.e0!2lq_%#0/"WE%$A'h.
I>cF?,
QNH/yJF3I
[@W*%6":}
qv;8X)-1gJ(
Zv$ Lq$
5P7=CQG}
n6)v -
gj/.]VV'T;G
P>P!*z
&/"21J
1a#0:e:
W6u_G*
iH kjw
2)zjMeei
?hV*Z*
: sNmW
KC`ND^jo
(BA~U/Y/
4;9fLM"KlJ
.C(X-q
.xb``|-
C)KkoG
KA?a-v
|Jza|YP.%aS
LYA8nPOmK1<=
m>x2Bei
#iRi0*
C- 47h8;
$)w:A-^
F]/Up1
\J!_*hn,+cdt!'n
-I gX,~y^
WR{=loU
1>\C7C
eN!'0"n
q|>q+6
L3I#\FI
lK;e>ls]@w9mXe>~QF
i2:IB,:
^ynh*b
?! ?P7}
H*'td"V
-_IpV;
QA-WXql
$-E!Q@
awoBr\
Vl<5@@
VJv%$(h&L-7Lc
rS<bx,U
b3DlUF yT~
|L_web`Z
|=Kmxd
srV DoRi5y%X>1p-<x7~>feH
Ni$&IdB/n:
c&"!nOk
"jEmC!
x6DIYK%+
2E"8/"K"d=hx
)X"sD:cY?
FlP-HYJ
5%Mzb0o
TF!!HKzN'
\.EGRO
IuwJXQ
7g39|v.~G
$1P9uFFSh1w
UWVS|$
t$dD$\
T$L1;\$L
t$t#t$lD$`T$x
D$t#D$hl$x
D$t+D$\$
D$@d$@L$@
9s#D$H
t".)D$H)
T$8L$PL$xf
D$\l$TD$X1|$`
D$`L$D
9s`)L$4|$4
t$4D$H|$t
D$`D$t+D$\D
*BT$t1
l$8f))
D$T&))
T$TD$PT$PL$XL$Tl$\D$\l$X1|$`
9s/D$H
9s;D$H
t$(Nt$(uL$0
T$,|$`
l$$Ml$$uP
)D$H)
$L$ d$
p4$Ft$\tYL$
9l$\w_$
BD$tIt
GPGWHU
XPTPSWXaD$j
ADVAPI32.dll
KERNEL32.DLL
MPR.dll
SHELL32.dll
USER32.dll
WS2_32.dll
RegCloseKey
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
WNetOpenEnumA
ShellExecuteA
EnumWindows
kernel32.dll
LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
wSbMs'$&H=
g_,9?p%
!CO&:I
RGM63^/
`O$y3g:
BEg v/
dbe;LvH
#;F+d`~Hz
E@K v|$ h
H[=Q]W
Mdi^h?
F@t'RmCL3
>-7%QTr
SCi1D|
i ?`S6
;=DdTE@8i@
@@@D@Hh@Z@ @M>@h@
@q@Ww@yL
V@0@!S@R
#2H )d
eCU_%!
pjWi3&\
GUZE7<V
Ye*9U.;l
@+r_?%!
8NyS D\
r1k6&2
#G`RL+WRE[hO
ModuHan8
Virtopc>ken*32+
[da @K
+~2>/P
H+SlM8!
{BtpyL(+
P/(#vjE#hM!"xV4
!J*YO*AW$^@f;M
_^] C[u&0Y
P<mdA4
#d9r1MB;sj!
RU9<c6
$ C|"LF;P)9!
(IRnF(
z%}<TF`<WW
gW"B&a3
;[.0Ez
D,a)u)
WH,k6C
yp' } C
r'R,,7INGQVR/
90s$M
-G-2n>jFd
TkLb4`
cN,4+K
?/P(&H
R?!-S@
uDD3YZ,
QB9@4(
Z`;2=i2
GXH$VnR2*
}&nH+6D^
+I\q^'"
-I-@'HVW(+F
\GaP;wd(
Q j@Rf;3
]#:9F:
3!{PWQ&S}E@
F4R,tO$|
AF|Qq@:d MZh0]oM
r~$tiv"
u8BmsvrbApl
icaton er
u.T>he<cd
%s5lyvn}tAba6idS8DLG5Ld,al J3*u
b;M~a{g
Ptfq`ExitRPnL
C}3|Opd
?lAc:k'CAOWb!
z$U[Y9
%20kvX
`t$$|$(3
r+|$(|$
USQWVRW
ZPR3C
Z^_Y[]
]]*-0S&
!0O h|
|(/.c;yT9'
(p&=y,\?
8\2H##
Y'K .O
%;._f*;_<
:[!>@'T
di07N?
w30{&eY<
"B0.r/
6#=x;$t*
5i%f2i
0 1h.!WNY<O
8T2@/
*nf#H\
1!;Ni'};
`!?,U8
M}G7Ty
zCm8*$6E4
?Lu01>19&#<
;21&B[
/$1$3(
as2P?'u
1A~{2B0
Zp?2C
}a;A)c=g
'%4B>r
C/$.,#y6I
39>' U&{
1E=)0nC0$Ww
"gu=++
w 50>Q0{
/eR?;c",<W2
jI,5"'
r!)/1'U&3|5X
N>UE8~0/&X
5@.4623
.{Z=l"=
/N1\l>
3'8Y5LJe
o$^'%-T ~X
5&[U(*p<
,E.G2B3)E&a\
D5m1(@N
J,K,S$
$aK%0E?/N+
L/i*4d(\582?
L9{%f@5WY%S
c0n (=k
&8kH96(>Gn
eK:/T+
~."+1vE QL4p>.
|1v&=)N^2
]~L,q,qK4
%%qAX;4G
F/*#w"
~)Xz+}!.
7Z'f!%
!c"VL<7O'
8$).;*)
2@;)Q/
B%'w4th
Sq$n#4[?.
.[4:B5c?
kkr'*=#s8
6V0Em!j
x8Y.gw
Wf,^<Tf
6!i3};>
0'* c Z."NF?
q<+A::
/ R;]W97p
L=TH-=
q!%/w*
#!{,U7
zj_-uz
!>Uc_ Vz)5Pq
A?o1KA
OH"3*YI2l=
D-?&+.
r/.$7&.
C+${(Cj 5@,A
9a. 8<
)ZF7$Q
>d=P?WRj
>)y8"o
8g)1;o(
2:>VFm.
aD?#/PV
;tX/=x
$5L{:j
.m|K:fR
B4Be"i G
|,'1sG
^\;M68(e
@,L%E_
s <0t(
k!7**<T
C[ eC"c
s1a2Gq
w#8)t+
bP v<06&(j*
"~&Q0Og
9"?Jw8lv<+
#DN.9*
NrW3q6bs,9P
y:&d99:
s \#Mz
y,'I4 '
Hj 73.}
<@e+@y
U+"Uz5-)@
4:QhC8
v7 ?:.q
|T#3v9'
F#n3/=
~C.-9o),7%
Yh?4$q
w$p4b
)-tw+2u/
>'p-<13$+
$/&Sv,V@n0-
Z1KE!
4?5t<M
EQ<2*q`
[xT?rP
B7+'#.Z
GsR90><n
.g{(A/
(n@'{6
wQ6fa )=
x-5&,'iWM!], X>5|
_?)R7=p7
6y?:*]T
!j /=(
5x/zO)T
4T6OK/N,
R=4k8t
S)'ZK2o
8P$7V5&J
w+$`8GtH;B
.7N \/(
#I'+c,l
.Q1i`{=
3WV2:z
`: `2+
Ez7|!x+>VV
h3D~"}(
Q$%o+R
].92v317
7[/F=`Ip
(q7#F!O#
-#1!4F$]*")
Z:_1#+!U
"+ME8J&
Em%1$#o/
N3(q<3
L-C 5Z[
V:?=a $
m28<@>fk3
+'*1EC]0>%4#!
xVL:=M9(
,+.2g}a n+>{
%QcV=T7/r?K
#=w'{
=]m$,(
v0D66t-uh&3+$
A$+ x(
1?^'&6l!=oq
fI62<l4&`+0
g'4U1-SI
oZt3$$5Mh
(-%"2)+
H6[kP98Z
>h#? "
6H#{]
|y7I9v
<21/l,
u.J5-,ir/n
c6(;:=3
+V>(=@
Y!D8$6 G$q
$NCY&
b!=_}0ll*x
w;;#m 0
c2.E=sI!f)
6<)2=:)n$ w1(=
]X8x`=
i{]%Q=1H
,?:4K:~
/Q:&/+i
x;'/h!Q
2DI( #
9=mv,v*
55\8*~
al.?"!W
L3`x?
\.-#o0
?$?j:;t
&^+~4Hu
*L,SC*
)Xx%7Z;+E08d=dw
wjw/n=1q6
m+g%o2v
b>'Y;:|.Q^
RU>} 9,
q 5=-|
A>xs3{
uY$m4
3p0V!/?&
59J'5f?
,:Z%l!
#'f,o=
Oq,=>_
=N3Jb0
V.Q7u{
"+j-#M=M
\\*M<XV-
Lq0St}"B()'
?1y=3Gy
-v+eJ
e&]5?R?
0xj~==>%4s
3G)}.h}V
>/V$%+
OX*\X0_
$1>Pc}<-Q
yG/o.7V4
UN9JW4
!Z-m]E;
aH0"M'#
2Gz "B$# =r
7S toe
I]88n1
,/H8j )
n4(Q--
b)y/
;iC:6&g
0/e6n|'
9:"8wH
,>j++|&N5i>!vf4"B
v!/8<j$
4',P/ls0
i%#A<)
PHI -m
$!)\mh2
d0;,3r%M
7Z&y++s6'@
=a1%w9I4
1.B&_r"
.Uo22l9
^%/y!a
<}~'ck[
0f9=.xt
$p'j,%
&?25<6(#p_{32
gd2w%]K
W=TXB> `I=
g ;3L?!0
q2Qc0"j
Ti1NZ'FH
O3,Ab.
FN3/. 1S'W'%
[Q x-
!L/i#i
p/:d-j8
#@5n6="
b'_944
(<N0#=0m
6v *s$=E
3=;@!
G4W9fS(
d68-'>
G}b2( <
7 9+>[41>
R2*w3v
=?9]5+p)81x5:L??!
?rm#`<9lr\
sL6q(9
%}XV"1.
\W!>=N#<
-@/Aw%
B{.|'B E7
\1q$?)
3,,+&X*Z
<&"M>8 $G~
"*@)7%
0U$IR/
(eZ9iC#n-e
<<D,!|o
R`;1g+
/0#6vh5)>x3
>+p(QT)
m&&'(@X [%
(P1U:L,N+
D&="1
m)\$ =
<R1.'{
-4F.<2@
H[5Lo8(&>O"o
at $!'
YM3:6C
<X-c/1
=T&i"e
j`?b8E92<|
0 ?%w:-$F.5$
t,`$*+%!
W5I,b?g)
z:8?9)
L/N'N(
<uR'~=
(OX.)#d
&`#M"3&k!3;X"7
)2^"Cz/&H
l)Z3K";8
^7$~(QH
(h&ek+d5g
=-7%3#
>-t^*^$.
j-(4 Er1"
52d90}
y'40%_U;
}c*<\ !M-(V6Oy-
-25%n%
uE=P,J
!.&&4#.,5Mq{
T;bZ)"$
=)rF?+
6oE<^,)
%7#x4g#,O<t
6!*4'35
'm*n(7As 6m
1*dr5K3$6B_
9ni>sz(
S |@8=
4(46W#p0~-
)]*R/-
) y0u"\
1?/^0
C5X,M Yk*
NB=%u D
%?|8OI
j(ey)` 2
oc+S,y,[4V@
" %)8M
%C-&u$S-
;D9!.M '-
x(?^E#R
<=*t.2Q!d
I $$[7
8Eh) 8M>B<<
.*{)R#C'w
(e]?P?
,I%46jX
)O2*G^
J.F%L7=(4h
:/5p4x
za ?;6
b.qu#
C0-^*[(
!=! *N
7:H/3&2
L7k9 l
ZU"/:d,;e
,{s0*A
W%<;$k9!7[3
w( w]-(=
Rc1WR:
{P/$J'
9{ pN2o&"
xs gH-F0P
N5~03r
}nB&4b _=N!
[9PU8=
" -b*y*X6
N1u6%J@4~?
%+u1C>
J:2_%z>[n#
1H3cd4Z
JT2s}4
b%>&x'!
D;l'R17
V;wvP,x!"
:NYb=?&~Mv
QJq?D$
.P:L?uo5%+oY
~j4-!g
\5w9z{. #
B4\?6-B
^S%-Hv|
- Kw/I595ry
"g(f; S*4mp*8%
*+<tv+
#Ia0sn18
",' *?1F?
;.W| 3
/f(>Cd*
N,V&},8$
jE M%D
@t'F=:
!) 5LB
MnR3&i#
%3%*I.
5B@,cF<P
H-9.tv>
ELk$f0%P1M
]Y,8%=
E;v9^D
i&48j9v
0/s i6,:
51-Fb6Q)n
#]P=>`
6'&}<P0%.v
O")26"
5y3a37
o>2!>!
Ja>*43
he=+?8
8N8P2 _
<";jn/t`)a
Bm #[6
f%W)F8.6
<y,{>#3
%/l ,&
!!:{(49X+
OW+R51T%qo,Y
)O`.z9]
>`>;&r&+Up
&>!358
\~)o!XJM=%w
9^w&M)ZO C
,=@/GH1V1I
(Y2c(<*8j&e
0+(=u#"
a-,J*(/p<$
%9}+%!`
|Ss6O/P2
+w>7+P
R3?=z.<E'9
UtS.^$!p
?%e=&/
X3#];[79
R;y+C/B
c_/C3,u
<*s2(0*
F");$.Xw
{6{5>l!*e>6U GR>5A17+
t" no@9
!(\"f
3#QW6TO;.":Y!
b, @<+
3i1_S*
w; j>]a
Z.GO9/f
|)p4?y
#Jw+9y9mH>
G'?b!b"HQ
-V{8_&
3>7QV'$
.yt=3\
%ic7rQ7
;X4E+,(
#)D=7U>r
E0#Zi`)@'
lh7so8<8c
!",x?&e
k/f4='
FS"'v>!rS
R6~:4Z+L
1.?C$C4
q6?<52
6oq3XY
g$*?u)14w}
kA9b4A-
&&1F1y
&U.#?6V
`2$K*67
^N+%??H
r$G'+Mk"8}
0*#-g,
}&)O=[`
!1|>*n)
7U.T?wc2'i/n??S0
1==i;
_*Ua;5
2Q,xV5
s9>0%5
,,}6];7
X^#?$P
D2u T>
Vu1_=&42
$''@R
0W.&y #$2
^5z 4 j
&68[a)'
|)c7.2#*.:;8
H3ff,S
7B;I{(\+Wn;
6&{SX6j
<b)ey59
V^.7W >*v&` #xI
6Lh!-,
1"/w~v
]9 M;$K
\*;!,!
C e>u7$
e4u>!M2g
"QI?&x6
5$./:A.4a
r=;rb4
.Vj"M2
3?^h)m8
+:{:%TA
l!d>A"
er^(6I8u>}2G"
"u(=25t
#x.[28t
i,&,,0
hK&m,X
q8m1v"
q0@-7`H
2/py^
x1N< B32t"9U
=%M#j-y
;!t2$/
2Hc#+6"
2rOY7)h#
@2.c$'
L!;=#)
<0k-3[)
Z^>k:&ds
x#;Syl
n&iJ5<
`%B?& 5w
K3*4jc
<i M1W
"A]'np
a/V(!R0E%qa v
D;05{s
T*Vu0]
2a59&Xm{<?O*d1
!,z*OGS
nr2~o5
-',JV#
H(/4k<
+i%2\;%F
,x%)q
r<}6mj;(/8'$
L*6CV)
K!70Z*
8'E"$k<?d{
v&<!B17L
,51<*N"C
I9J4G7W
g~9|f,O
>!wF7 G6
9j0 K!
R(5,7y
>e95pl :=
,I\-`0
)}!C#
"[.H2F
{;Uv-}:
1}J1p-w
ll(-/,7D%A
Y3|;9NX
OhW?\&
M2W.b%7
'H9&Vi
`%=!.o
>X0Mh)Q.'
&8F*C>
<(3d?I#*7/
PP:DM'
wi7,=>1I
,h*j:4T
"<D?'*(
Q65%|!
{%FIU7
E;M8%F(
g'g`/`U
<U<y$Xw1a
4586ys
Y2B:&"
q/a7>Li1C{q6X/
%8a.E:#u,B/
<t("m.<\;!
B7~/I(
f%{h<cj6
)} :nW
4%+>6=
Tf7*kC
x&x%E.>eV",0
0Q8v1|;6S0
=F)| `7: ])Z
7E7/n2b
o!CW7v?
"_.9z$8
y;+z{1R:M2&E
A)I #V\
(0M%;e
t/C#($j
%1*=a w
@0J7y +\P56x
tg;Cl(9r
,k><L>
KT/6:'
sk=5h<!9;
2G /eO-
-p0!:
n4<#5
{9O 0y<1,$
3<|%G7;m
mVU56\)y0+
>Q>"S,#;93
+#v~;1t
|",PQ2
hg&.)=F<
~A( @[;
-1l(A
U>=zfT
7!n$Xn
?,`f<3W2|
;Ou+\l |<&g`
.F7F5@b
Er}(>&
BX-&2)IO;<r
O0Uf!,HJ0i%n:{#?
6.6$,%B
l> C6T4SS/
Rc==)4
{P5F,Q|/jY%7 '
=Dun)7
,l}z$'.:
q_g%Xs=O
6pY.M>#m
23zJ%L%
2&$,+u
`9aA9\>; 5
w$%P/t.&
3;(9,)&
1E;O$h&;.\;
;c-.7H'6
i:(X-A
qX2+y?!xU
0:"$X()R
!YP=R5
?4~x</C
l6UaH-
ht,_:N.^ _zV
XxR;AW
\G76%".;:
(e+=SIQ
a1Z- 2 vo+M
9K8+qT!
#bc0.9
(G^4* =17E
{V>6!f
-B8#)ex
/-cI 0+
#vuy>J!?x.*
+ 26i0-""*~0
p(Q4*>
l')!9?-h6
c7z5v)$q
-?&NM<`.
ua!>[
w8_%f)2+L=P<:
)^#@Q/
Be6=mQ1
s(;6 -"
6<1\;7+(
=45Z ;6f-i)
,G>T):#+O
4$,0%)"~a#
5 Wu0]
;l|3)
pS./*.x
h{E>O8(~
$K"Y/Q
g!1bI
H2_<'z
'V'L!P!*
A)1&[o%'&4
+(9-a!
(Jo5U/`@
-@(Y-H
CZ/1\6y )
<'=*: 3(,X *;
Isn?nu+
*3:X*e!:
WB$)}y5T8
1EV_$@Q$g7v
$=&:D(4wR
(Ov3=,
+]j<voc"r*
DI$/V
=l'>(4
*J"u?y
0m7q??YG
q1+uk<%
!-E:NE2}C#2
=k54E8
A8;6"#9!
MQ3\K0_*JL
j<>?U8
:47o'w4'K
$u"U1
Sa0q0#r3Ga
-k}v4s
:5d1;d
-U/!20$-$
-nS.iJ
/gie!d".,
vlf;]y_'>/
Z33L9$
+ L<>X
<%?:>Tv
0><a+=S
_ ?W&0z
/)9 4r
AI4oM.H*^;\?
*P>;5f
* r0?,
41EH(8
=C<--6Gb
dW;cb+*
3I2+'fd
14jc)#
pw4I(P
.)7!0"!<
"";]Rx
0FS;"H
Z6D04f
l{v; V7z
%#+9&og
-,-P)!V
0__4\u
-xi/[n
2E/K5N4HLB
3?^,q.g2C-
%/0<v(c
[h}3j
275)({W
&f!+Gc
&!$I+q&
7W#*).
x+5x04G #/
(>i,J?
,h+=-.
e2xE$vf
i-j8,1
yi'Ov"4>
) ,Dh;=<9R[
]+,"22q~&c
5,T1l;
p7'}6-Y+
69D=1
~S79R
0N\8}N%
V>-I/|
A&(KF+
172\*Z{o
B<l)*n<C
So3.g '&
BFb?m7w
o8BG"x
wV6;TU#x9
"f1*C+jC
|_1Q*j
Up/$6!
.6#yp3z
.D*>E#
t.3mP#,
k;<$<#
u7N.I ?i
6f"m%=)/
a+15<{={`
Ge@8O$'mh)E'kC
d/L+^:-
|4cY!n[
e7a#;9u
a&(11#j w
c.Ws?Nq&j
jB=j6"]
hE8\X?
)8!#4/h
eS$":6
=?~<Xr?
y$2)4$(U)
]Y `']
-+'<>:
\c2}!b$
'6Z*d`;c;
.2K/;y
D @7.,f%M07F
4^')E,j
VY$fX$
mi.n=6
A=')tK^
{MU7Z:c&q1"7
2W-b?s&d+
>9! Kh
k,# k,
v1u#`CX:.*>"aY"T?:!wg
V4e6V\
qt/Nsy"
58&"#f
a;6#=72Y*
v-Pd$u-M4
0:J,?l:
+ !%^9
&!*'\P
Lw*#[a
;Jr.^:!3d!)&
J1*B 2/#H`
h?.-;Ky
t!<<.G*C'
.95Gg"
I#e2!a
(! 'o70$[*'O
<!d`=s
]u:(2?
?j()76T4
t(q2p{$
l/5vZ<$9
=%D<T3e1'9'96-
%:q"i$
Hosts
| IP |
|---|
| 114.114.114.114 |
| 8.8.8.8 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | |
| dns.msftncsi.com |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 61714 | 8.8.8.8 | 53 |
| 192.168.56.101 | 56933 | 8.8.8.8 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 58485 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58485 | 8.8.8.8 | 53 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.