1.2
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.74
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Malware-gen | 20200705 | 18.4.3895.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200705 | 2013.8.14.323 |
| McAfee | GenericRXKS-GQ!B526AB7C894C | 20200705 | 6.0.6.653 |
| Tencent | None | 20200705 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(8 个事件)
| section | CODE\x00Feb |
| section | DATA\x00Feb |
| section | BSS\x00:Feb |
| section | .idata\x00b |
| section | .tls\x00Feb |
| section | .cIn\x00\x00U |
| section | .mmmcixq |
| section | .jjbvazl |
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(2 个事件)
| section | {'name': 'CODE\\x00Feb', 'virtual_address': '0x00001000', 'virtual_size': '0x0000600c', 'size_of_data': '0x00006200', 'entropy': 7.947254493192296} | entropy | 7.947254493192296 | description | 发现高熵的节 | |||||||||
| entropy | 0.7538461538461538 | description | 此PE文件的整体熵值较高 | |||||||||||
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 53 个反病毒引擎识别为恶意
(50 out of 53 个事件)
| ALYac | Gen:Trojan.P2P-Worm.dSY@aGyBvr |
| APEX | Malicious |
| AVG | Win32:Malware-gen |
| Acronis | suspicious |
| Ad-Aware | Gen:Trojan.P2P-Worm.dSY@aGyBvr |
| AhnLab-V3 | Trojan/Win32.Hupigon.C34077 |
| Antiy-AVL | Worm/Win32.Eggnog |
| Arcabit | Trojan.P2P-Worm.E0EBDA |
| Avast | Win32:Malware-gen |
| Avira | DR/Delphi.Gen |
| BitDefender | Gen:Trojan.P2P-Worm.dSY@aGyBvr |
| BitDefenderTheta | AI:Packer.6BB1426121 |
| Bkav | W32.HfsAutoB. |
| CAT-QuickHeal | Trojan.GenericCS.S13649852 |
| ClamAV | Win.Worm.Eggnog-9 |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.5dcbc5 |
| Cylance | Unsafe |
| Cynet | Malicious (score: 100) |
| Cyren | W32/Eggnog.A2.gen!Eldorado |
| DrWeb | Win32.HLLW.Kazaa.512 |
| ESET-NOD32 | a variant of Win32/Eggnog.E |
| Emsisoft | Gen:Trojan.P2P-Worm.dSY@aGyBvr (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Eggnog.A2.gen!Eldorado |
| F-Secure | Dropper.DR/Delphi.Gen |
| FireEye | Generic.mg.b526ab7c894c3234 |
| Fortinet | W32/Parite.C |
| GData | Gen:Trojan.P2P-Worm.dSY@aGyBvr |
| Ikarus | Trojan-Dropper.Delf |
| Invincea | heuristic |
| Jiangmin | Trojan.Generic.fejfa |
| K7AntiVirus | Trojan ( 005568151 ) |
| K7GW | Trojan ( 005568151 ) |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| MAX | malware (ai score=84) |
| McAfee | GenericRXKS-GQ!B526AB7C894C |
| MicroWorld-eScan | Gen:Trojan.P2P-Worm.dSY@aGyBvr |
| Microsoft | Worm:Win32/Eggnog.D |
| NANO-Antivirus | Trojan.Win32.Kazaa.fvlecs |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | HEUR/QVM19.1.5AE5.Malware.Gen |
| Rising | Worm.Eggnog!8.2E8 (TFE:dGZlOgG4cHYguAUkqQ) |
| SentinelOne | DFI - Malicious PE |
| Sophos | W32/Systro-AB |
| Symantec | ML.Attribute.HighConfidence |
| Trapmine | malicious.high.ml.score |
| VBA32 | BScope.Worm.Eggnog |
| VIPRE | BehavesLike.Win32.Malware.tsc (mx-v) |
| Yandex | Trojan.Agent!bPgvKTAWNq8 |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
1992-06-20 06:22:17
PE Imphash
2deade72ab849e6107d0c9687fe3c88d
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| CODE\x00Feb | 0x00001000 | 0x0000600c | 0x00006200 | 7.947254493192296 |
| DATA\x00Feb | 0x00008000 | 0x00000120 | 0x00000200 | 2.6156111061348915 |
| BSS\x00:Feb | 0x00009000 | 0x00002109 | 0x00000000 | 0.0 |
| .idata\x00b | 0x0000c000 | 0x00000680 | 0x00000800 | 3.897667444130819 |
| .tls\x00Feb | 0x0000d000 | 0x00000008 | 0x00000000 | 0.0 |
| .rdata | 0x0000e000 | 0x00000018 | 0x00000200 | 0.2044881574398449 |
| .reloc | 0x0000f000 | 0x0000063c | 0x00000800 | 5.78756640603133 |
| .rsrc | 0x00010000 | 0x00000200 | 0x00000200 | 2.882662525235807 |
| .cIn\x00\x00U | 0x00011000 | 0x000001f2 | 0x00000200 | 0.18089075961189305 |
| .mmmcixq | 0x00012000 | 0x00000400 | 0x00000400 | 5.358348648973795 |
| .jjbvazl | 0x00013000 | 0x00000400 | 0x00000400 | 5.458120122269289 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_RCDATA | 0x000100c0 | 0x00000080 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_RCDATA | 0x000100c0 | 0x00000080 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
Imports
Library kernel32.dll:
• 0x40c0c8 DeleteCriticalSection
• 0x40c0cc LeaveCriticalSection
• 0x40c0d0 EnterCriticalSection
• 0x40c0d4 InitializeCriticalSection
• 0x40c0d8 VirtualFree
• 0x40c0dc VirtualAlloc
• 0x40c0e0 LocalFree
• 0x40c0e4 LocalAlloc
• 0x40c0e8 GetTickCount
• 0x40c0ec QueryPerformanceCounter
• 0x40c0f0 GetVersion
• 0x40c0f4 GetCurrentThreadId
• 0x40c0f8 GetThreadLocale
• 0x40c0fc GetStartupInfoA
• 0x40c100 GetModuleFileNameA
• 0x40c104 GetLocaleInfoA
• 0x40c108 GetLastError
• 0x40c10c GetCommandLineA
• 0x40c110 FreeLibrary
• 0x40c114 ExitProcess
• 0x40c118 WriteFile
• 0x40c11c UnhandledExceptionFilter
• 0x40c120 SetFilePointer
• 0x40c124 SetEndOfFile
• 0x40c128 RtlUnwind
• 0x40c12c ReadFile
• 0x40c130 RaiseException
• 0x40c134 GetStdHandle
• 0x40c138 GetFileSize
• 0x40c13c GetFileType
• 0x40c140 CreateFileA
• 0x40c144 CloseHandle
Library oleaut32.dll:
• 0x40c16c SysFreeString
Library kernel32.dll:
• 0x40c174 TlsSetValue
• 0x40c178 TlsGetValue
• 0x40c17c LocalAlloc
• 0x40c180 GetModuleHandleA
Library advapi32.dll:
• 0x40c188 RegSetValueExA
• 0x40c18c RegQueryValueExA
• 0x40c190 RegOpenKeyExA
• 0x40c194 RegFlushKey
• 0x40c198 RegCreateKeyExA
• 0x40c19c RegCloseKey
Library kernel32.dll:
• 0x40c1a4 WaitForSingleObject
• 0x40c1a8 GetVersionExA
• 0x40c1ac GetStdHandle
• 0x40c1b0 GetProcAddress
• 0x40c1b4 GetModuleHandleA
• 0x40c1b8 GetDiskFreeSpaceA
• 0x40c1bc CreateMutexA
Library user32.dll:
• 0x40c1c4 ShowWindow
• 0x40c1c8 SetWindowLongA
• 0x40c1cc MessageBoxA
• 0x40c1d0 GetWindowLongA
L!This program must be run under Win32
.idata
.rdata
P.reloc
P.rsrc
@.mmmcixq
`.jjbvazl
uxr_tWV
j`jOvJ saK2'(fP
E3p/2`G
10_)[.c
"*O>M%_eZ
bx.c}R
6uf_t$+]Z<Rfi#S$
,[P&A:
l8,kEhH{hGM!
ketDnX
xe<$5?>
`pUQi{@*
3%.Z57&]}'ESiAGk
1cGFpk;t;Y
LGi{gsG+J2cyqP
ha1Em){
= `z~_C-
!b}K*:Z!Z
&Q0<`gG
hE*E0,Tg$W P
{'^+4r3qH2
.=bLA6`F{%;C
QWisY]Xo
>X:?h=Q\
!Wmclk~j
&iV!0\
]&7W/(+8f>bfia%
-E+MZXV=T
$c@+)%W#
j/f*5nfM+=-[
5@OxzH
&/0,7xXZ
2acW>9k
Q@~jv~!e=O
I dliR>lWis
$V~U>0fkb:AP
y^c{+H`Y
vC A]n`Hv:
{bw6={3
rx#(;v9p%
wSJoC/Y
m?dB[x
Mt+^n&C:
@00W{lS
@f}8&-
r YP'=3u9
!gLV2^
ODtAHe2
a~>!~&
f@^ $*gC
nd$o|E
&_+dw36
]S`QZfF4]
PC ?{>0*
,VoyGF
qn1eKu{t
BV=Ov#j7
uS.5p[z3
_kuT]&o
(, C1eylY
!9_D[]JDbq|
I]h!(|
xr7$tTd
vE7->In(Ue
9>0D_i00R
*r@="3:
PC Gn)>;
!\4E<Pu[Z?y
38Fd9FV
uBBea]S
$8//QNtA*
U'V/iaD<
b$P ux
.AC5md
oh=he{>
yJ?4`Mo
IB-qqR)P)GW
fHiqOw
>-wtEnjlC;
b$O0HK*6@FU+l+
w_'VQ\Q#c
-:T;~Z
HWyUr,z
lG(i}6Q) NYsX
+QS>%W
Cu>Ke[.
xS3>V,<t1
\IB[-[eo$
b9BV=\v
1$EWm7
_m_A)jwd
MuA:z]V
}*e3D=
meux.*dx
Y+vwt !
1=z70{YW:w/
EAXBwx
r|U|CBS
EGN*_=>
nzohW1
pv6ihgF
YRMRG|81y
"8q>rz]:pG
pQ=RkXr
y>d/"pN
Uz]N"
98i&9h
o*P,bc5D
L`*>iID2
qPMGi@9x0vaH:|=
9N<ui=Q
<tS{<wy@
d.4_PE
@&oxk/
PVmUqT
f&;b$9Z3)
`uU(~Ux,q
,~era-2<!o\`&Oc
:]?D28'1m
=jKA?`#w'8,|Kjzr
oRJLf=q|e
olD"R}4x
U]lt}C
>Zys/S
A2P'xh*i_&)K*=.>:B
*Rmf]AP
_m=/79I\/(
J/-V';
C>!{JFS
>0 P_,
y{Tge=
"6:biUQ}%{~0#
H=ZmSt
hTkSH2[PCw7
bx:7im
\J4}Zv"I7{8dGF!0p,/<
PoG4WIL
Yg7sP&E
pxi{FrJaFI9<
)8O2EmPp
DZ{I`]n
;$1hH~^
's8 ]M4
NBx7=\/
tk+,)C
!*Ix{PWa$H+i8jeY#oM[{`HD
NEMEgZD
\u=8if
cU}S@[QWv*)
@?ka1-q]
}9My R
:OcJ]`
dy4M5{}#O.RTYH
X{nDH~kkHk-
\7XPkc0P3Z}o-RTGm7
j+TKQ%b
N Kqxe&
5qH]&w%
61+@D1Q_\
i$yf=#/t :YuDY
u2(kso#8
3z?ffQ}
i$Bb--?
'r@U_
s]V?dhZ3
\g$G PD
$abU'/0g
A38oM{@qe68om9q
jf/=V/
xQ-<,`
k_=/.${
l,zw3O^sY
"?tR6oi\
UsHv^/"14V9/L9C;
7/BAj:
7M4q!xf
X<>Qyb?Z
@+QHCLD
*ChICg'ANf.n
BH#_Kiqw
@NBVI8
Hkh%UtE
6>mqbCBsZ*hk?Bn
Vw;DQ$
cCAEwzm*]H
#*s1oa !my
>ND`)c
g0WzXx AE;L|
B}oLEv#?
{(U5v;:C_
Fa;`A[
,:RpCx
gvi2oJ
I_Gp9M?P>
;U<W|tm&1]\
;YNxOD
[|P \vc
6SaBG&,
mbx'oTqH]
bAseR'
2?uk(:d d
|KIav5I
,#Xf?'^E8:sG
xtR\n
:q&y/rD
57{t@W$l&(
q>UU+L
s(fJOfh
>Rm`}?GGts^1
Xo]b2OHi
_ND; s
-b7A;z
db\"-um
rjk"vP
<iE@Cz
Um"_9m
mclm9wJ/
7<(Dn[4
H2#R*1v-?
j{TLbOXx,,$8fS_K+ew{bLQ
xBk<`(]=C
3 }Ej{eO
SKyNcS
m6#fgB
Pj(@I"]?
Y6y4C*m;;
=`HmuV+/dF
Ef5VK$td?K
QV+6a\,^d]AI
~!{M _
fL@E1S:
Zslb@8U[
>P=b0)
OvM:~A
1fC*(MP
_G=yQE
`+)Gx%
DC\a7uf%L
etX:*&4;
=e)[uV
qH3f]x5qe
C)/BaoY2U
SWC)If@
XofHUbS'
$R`Y]3n3
ME4mD`
{YQ]Sj
6m?YNr
/Md#\H)TV
0MuHmey>T*^Whl/{wjg
D>$i] 7E7
lkxQ$
awZ?o7`
Ys0nu]8
{$<-`E4x]$\S{:
0'r@[j
Ev5~C"/
n>fdeK[
]*<D9 W|VL:
6dljs/0$7
(dCkX+
Ld` U*
ds'y`E`Qq8q-q)q
\FNB[1E`
73iSkh
0XZ#K>D
h@:yS~C
)A@H{_K
|t`\no
*>/+-2
u(M21,
SK9b6l
.X;b\UH[
"|oxMm
>HUS$x
+<HO}<G|U%P
`t0$ cq
4xUm)OxP3Rz6uv
7Q+c/l|
PuNVIg{%D5
BVW8_rV\
.Mu\"m
MzY}A*
?8?oRO
K9#C9y%
m`$Iz5;`
0C< {q[Qz[GX
X&o:yG
]K>o[aP3}F
=P`tt[[
#!e)/V2
JFo<>+=
YDIaDy
ZM*S>w
-/BImj,F
|P kXe481
rRt==:pF_/
EjOv]V?$
ONV]DW@
F;BY_<H0E5
NmW3slR
`9nt\J
}YH_ebw5
c|&-9_"g
%RbhXG
2HW'dDuOX
z867o:
+c{Y 714
u(gDSf@>Lm`=x.oO83*p!@$\>p
ad)K]akcx
wTyf" V
Guq{/JaoM*P
->o\LjUh
=^r.Z@
D2KmbsLUw<T
I6j2j{
yq7fEY+
x5X3"^S$x $-1-q
PQv}D0J
DpP#}2(TDs8$zYqAV.<^Kb0sF
={*E!6
R~2MdgXkK6K
Bn4O.Lu\)5T
<R1YY<mV
]t'Y$**\N
B>__<iP
Gfb0S3
DaCp5B=
l Xc)?Ss
$lc<34/
t{2^J+
:3/~^S
=~&&~Tr
+?i]aID
Mdp)Q[mu
T2Fe(88
`,jNI{@
{k_9~p>h}s
SOz%Aa
B6Lfq?4J8yW3M
(f_;kN"iLz?
?{/ZTL!Moe<o1 j
`Rj9dbKz
3PFd$I&iz
L%\7+"R
'v!|)ykcEa1
xKcRG-nX
d65{yZ*
Zw!jDzZs/ <
L;wP=~
;vbPSSRa-^# A6
t7vs081{
N5SIcl
4g;6jCV
s{}|"\x
E~/|7fg?
?$V7oNE
u>0=eL{+
3e>Z'RU!
0}dobxchB1
R%D*|@Vq
-:ms8*
qw">#3
, pg)s@~k@^|
<3yfl/fe
|knaS{2E
uR>21[
{j.H1s/Xb
P|t@]n3E
$l];cG
t$%'@H[
r0/r\vw
D%S?<f
cV0Je?Pt9
|;=P`EN^
cT#T1HMu
lD"yv1Um
T+u,Ql%`
Pm`rt`
O{qAg}
[aPJc'
bjKw(G_3X
j'L|9K<Ry{y
=P`H1I
khwd%Hk
99RrHd&zkC
uv5uxFP
xJisu'#
9zyIs)
(TqqV2
Q"M6]#3X
D_s(IqH3
miQJ:$_Hqg/
5n>yo\I
$kf=^NI
GG[0mk<m
?PHsS$)B9T$\?y
nhkxQ3[n
PQvD4G_gl
r4S+]mmqo)OPZ~z*A+
<o(hE:
-xoLE)HnV
JV`cjQ|,"lW}11
'xCS+rU <
;ahu'0av
y|V{Q3Sn6$
&t!1yw8qte
c0dpr\H
|P[| A
D]K?o[aNP{
---qHK
&9M|z(mW+
q\vr5xl
s<>T2w
PNwl#I=NQw3/b%7
u>w(kMxQ
Awi.`0be
L|vj='
4qHFqi*
=qgUFNl
PE5<t_bMU
']+!PX
XniPLUk4
<S<dCuuC,q
/C'[aP&6fVi
T,5g )/UQ`
1ni1{=VF
5lL:Wn
}1>cD`IV
xY9Fmde
=v#3jav9?Vi#+r
jQf`d/
6"?#jk
7?&z-x
(ijQjL[)r44R
gP[2B_
t{/.1u
rxpbZ`uJ.RFk#jJ
qZpq5Ezr@
pfP={XH?g
ST~"K<
()|_UZ
QiY9ZGH
jGtE,"C$
TD`v{G
.]BH]q
h =*KG=W>W?
l.jEoa7lS
9&5.>q&9q\A
=v5xK,C'+T[S{X
>@I%}W
CdiJSn
=K+gUmqP)
!}x[WP~l.v1ef\r
Runtime error at 00000000
0123456789ABCDEF
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
GetThreadLocale
GetStartupInfoA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
ExitProcess
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
user32.dll
GetKeyboardType
MessageBoxA
CharNextA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
oleaut32.dll
SysFreeString
kernel32.dll
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
advapi32.dll
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCreateKeyExA
RegCloseKey
kernel32.dll
WaitForSingleObject
GetVersionExA
GetStdHandle
GetProcAddress
GetModuleHandleA
GetDiskFreeSpaceA
CreateMutexA
user32.dll
ShowWindow
SetWindowLongA
MessageBoxA
GetWindowLongA
kernel32.dll
GetProcAddress
LoadLibraryA
0,080<0@0D0H0L0P0T0b0j0r0z00000000000000000
1"1*121:1B1J1v1~1111111111H2O23
4]444,5p5555
667*8G8R8]8e8o8y888888888888
9%9-989>9K9Q9k9r9|99999999999
:+:J:b:j:::
;/;M;w<<<<<<<<<
=;===!>?>D>J>>>>>
?#?9?_?k?s????
0-050;0D0K0P0V0i0r00000000
1#121B1b1z111111
2&262<2D2222222-343D3N3T3\3b3h3o3y3 4I4g4s4{4444
5'5O5h55555577888899
:b:t::F;;!<,<<<<<
?!?7?U?k????
+1111111
222>2R2\2o2222
3E3L3n333+5S5Z5r55555
6g6z66666666666
787C7`7j77777777777
8"8'8I8]88888<N?W?
1/1M1V1b1i11
2'232:2D2N2e2v22222222222222
3'383B3J3R3Z3b3333333
4#4(4/464@4W4c4p4444444444444
5"5*525:5B5J5R5Z5b5o5{55555556666666
7 7$7)7.73787=7B7[7g7r7}7777777777777
8!838K8W8q8888888888888888
9":/:Z::d;
<D<=M>>
?W?c?p????????
11"2/2S22222222222222
3%3-353:3@3L3T3\3d3l3q3w33333333333333333
4~444>5s5
5555=====2>E>R>W>^>k>p>>>>0?Q?a?r????
1-1Q111111111
2P2]2o2
3%3*383q33333333334444
5 5%52575D5J5f5l5q5v555555576A6F6T66666
7 7%7*7Q7e7k7~7 8)8.8<8q8}888888
9L9\9h9m9z9
:#:.:3:8:C:O:Y:^::
;O;[;b;m;w;;;;;;;;==
>%>:>?>J>T>Z>i>x>>>>>>>
?#?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|???????????
0040800000000
Google
3Messages
System
SysInit
KWindows
UTypes
8Registry
<AclUtils
SClasses
IniFiles
hw'WuL}Y
\""E!i?Ad
'Tt~?}\x!PE4
lh<@6(XhFD4
sfB(@(5
Tt~#}\x!D4
lh<lA6(XGD4
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
uxr_tWV
j`jOvJ saK2'(fP
E3p/2`G
10_)[.c
"*O>M%_eZ
bx.c}R
6uf_t$+]Z<Rfi#S$
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU:
w@nF:YWn+
04]X2P[A
9O^,IU
z-cxC2
ro*KL8
f^>e6*1|
R?rr }O
[ 9FPm
?&5UBp
,QExF0V!
Hy=RGLpGm&%
XNbxnl[2
Dt0e7Zg
oV@H-O
dg*,G>AE`
?Z'HxK
8/nC]d/
pb1:Hkz}
{N\@T-6ZwPD}Q
O e<8_B%
Xq{-q9-*\2pv
;oBc?i
<u>BB_G
K=*V3~fS
WmGcPK5
1Z$82B#Sb8NAw
p~\\ZH
"FMHy+?Dwy;<
,E0(;8
5$Dp,JA:a
|ej}&]:#
4we;!80dN8/49
S>a&a%1
p40YAdB
w@nF:YWn+
04]X2P[A
9O^,IU
z-cxC2
ro*KL8
f^>e6*1|
R?rr }O
[ 9FPm
?&5UBp
,QExF0V!
Hy=RGLpGm&%
XNbxnl[2
Dt0e7Zg
oV@H-O
dg*,G>AE`
?Z'HxK
8/nC]d/
pb1:Hkz}
{N\@T-6ZwPD}Q
W6*.\'N3d7MZTRqNU
1|/$#Z8H
%'WQS%J
{OwX}t
GbUdBc
R&KRC:Y@
I/vbhy
Wk~ `|iO
5TDxB+8
7x0&rk
t$.R1|W_s{
m/yQ7M]2>]8
r*'KYd
vfw'5<0Lq
44lr=p{9bJ<~^k7;
{st-3Hfq){
d"a#dA
YlSDrh*\@x
h!&hr&B
4=Z!Vu5m5rnTsM(p
HP*4,b?u
#ZduWi1~1W5F
>Z\bWj_N
v?\Ge^
mMG+f>6=Kn'"FH0
S% f|i55
=@~01#f){yA
'#XWs@.Y1
_6rYQJ"
^Pz0pPT x
|<{x8\hwW
`YU RY
VHVvX#"_
42Z5oh
n~0vy*,
aZi"Yhq9
-s}']
NyDYRqX8MQ"F
H uY)L?d
BjxybRJ\
t""vN S3~Tw
*08Jgu
sT]D~(od
NGnU[-Dao&Xc-
o?qNS\a*
_2L]E(
8BR4Bg2VNEh|
3\yOgN
3V66}f
X=9#rP
k} '~qp!r/nZ+:s?
ajghzA
*|Q'Uf[l
<1EO#7
eLO_v;0
g(sWPn
N;8XOvUC
L/^ *l`q
qu(^?b
<:'liOTbM
cuIaU3
HBS<~>
wiVahHY
&i"ds9+
w/bNvkjNIH\_$}d^eK
VIQ`Y^ dX\HN=
1>"9JiJF
Q/,U,('
5g2fP8*LBl
EpW2e+
0Zw{fc[
,:5|L1
/c|<;kK
o3fw*gE"<<WI05XT_^
g]fOXE-7]9H
fNy%I8[d+6
D[HS\xX
"f'm.,
NkXHB{Ovj2363
]sLpUt?
2nIHK"z
ozG@JC+
,%|9o5^
i$-j_E
khpQh{(Nl;
v^(fZ[Q
EWq,MFt/
FrRH7I
hO?eCZcqy [~X+
'^\_-&V+&bi
=R"t49:
2z%cB)_%
BtM=c5
X8zK\"%6h
Ov5avLD.&((
rG TNmY
\o#y5z
PXS~:[xLK3C
3<i5h0
SJg%z`
xmc~S3kasW
lYJ0+$
^Y~/Dsmq*
duw<CL
FG*^^|
Z]v4,H!
w+f2L{T=
!b0^!&Wn+
n@]WFMG#Ef|H0~
Sjy;D_3XG7g&D5'
/,v=IeW
W oj-(YwnyM
iWa?tZT3m ;]*
6T%RUW
X]R8>;
K|1=dB
T%ZwmVHc_DH
%mqwu>n
j.#wMOQj;#
8$<uXqxAh7s
+@=H#~
S>4YoZ
BtFZ.9`8
#d8=-'
qmY=}JiUJJKP["
I*ob-h:[qT-
FfRgXzQL
1v6O{zi/m
.CdR4j
4_S*Xf8^
BpkJ"@%C>
eZ{{dLO
w,{-.9<_
LBg>2_
R+ vho7qD`
n8Kb=FG{
)X4;]
j2|XL>
N|m3w)m
{=JS'/0JX
t8M4G;
Wb;HO6
+XsPsGjg\U
@K~V%/
K{}0i:7A t
g7H#~tnj>[
&9XM>Or_
=tc-Ub1Z
Xskp|J[
TIlG~s'
gMr`?S
^5VLU,EK
=8uL-%R}eIv}v
l1_!Q'CQX'
|m*M!8e}M!
kAN5y?N
Pvy|:Z|C-
<KC[Z.
45![>G5
n-`nYF0Q
Kw:$W^
"^3=pRdt
Gh=$ZEcC
rjdGMpgr
A{-J`U
X@N-2P9?
]W"/h#
B5A#gBRThHBY
7&OR0>
fP,F;f
SmLS1V05
$~7pBi
m>r4A'x"wVJt
TFt`/20g"Uf
+[3)LOj
<m$z[bdl-
J[,<jy
(2vy<v
0!&/y-#-/\
v "#R3
^UM0'@P^
<QlIy'u`i
i|3+NOi
bC6q4y
JBG_}D
lx//Kp
F2zm;^,l
Y9I]W=oeZ[yUkKvNYin2/34AsT>
"-%8^X
(8:z~{}jbR
jwwK7"bjWoe
s,cvs$oftAu
Ri;AUvL%
J)m !'_
jzPhD7
5/cm"~Yd
Nd{K`=*$P.EF
GM/Co`j\<
CA_'r6
D�V�C�L�A�L�
P�A�C�K�A�G�E�I�N�F�O�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.