1.1
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.69
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | DDoS:Win32/Nitol.ff09f04e | 20190527 | 0.3.0.5 |
| Avast | Win32:Nitol-B [Trj] | 20240215 | 23.9.8494.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (W) | 20231026 | 1.0 |
| Kingsoft | malware.kb.a.1000 | 20230906 | None |
| McAfee | GenericRXBM-PT!C44D5A3C6287 | 20240215 | 6.0.6.653 |
| Tencent | Trojan.Win32.Nitol.wa | 20240215 | 1.0.0.1 |
静态指标
动态指标
在 PE 资源中识别到外语
(9 个事件)
| name | RT_BITMAP | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0000d248 | size | 0x00000ac4 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0000c370 | size | 0x00000ea8 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0000c370 | size | 0x00000ea8 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0000c370 | size | 0x00000ea8 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0000c370 | size | 0x00000ea8 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0000c370 | size | 0x00000ea8 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0000c370 | size | 0x00000ea8 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0000d218 | size | 0x00000030 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0000d218 | size | 0x00000030 | ||||||||||||||||||
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 66 个反病毒引擎识别为恶意
(50 out of 66 个事件)
| ALYac | Trojan.GenericKDZ.94849 |
| APEX | Malicious |
| AVG | Win32:Nitol-B [Trj] |
| Acronis | suspicious |
| AhnLab-V3 | Trojan/Win32.Nitol.R205727 |
| Alibaba | DDoS:Win32/Nitol.ff09f04e |
| Antiy-AVL | Trojan/Win32.AGeneric |
| Arcabit | Trojan.Generic.D17281 |
| Avast | Win32:Nitol-B [Trj] |
| Avira | TR/AD.Nitol.elgkq |
| BitDefender | Trojan.GenericKDZ.94849 |
| BitDefenderTheta | Gen:NN.ZexaF.36744.eq2@amXqoikj |
| Bkav | W32.AIDetectMalware |
| CAT-QuickHeal | Trojan.Nitol.A |
| ClamAV | Win.Trojan.Nitol-6335025-0 |
| CrowdStrike | win/malicious_confidence_100% (W) |
| Cylance | unsafe |
| Cynet | Malicious (score: 100) |
| DeepInstinct | MALICIOUS |
| DrWeb | Trojan.DownLoader24.55874 |
| ESET-NOD32 | Win32/ServStart.IK |
| Elastic | malicious (high confidence) |
| Emsisoft | Trojan.GenericKDZ.94849 (B) |
| F-Secure | Trojan.TR/AD.Nitol.elgkq |
| FireEye | Generic.mg.c44d5a3c6287b8e2 |
| Fortinet | MalwThreat!E1E6IV |
| GData | Win32.Trojan.ServStart.F |
| Detected | |
| Gridinsoft | Backdoor.Win32.Nitol.sd!s1 |
| Ikarus | Trojan.Win32.Agent |
| Jiangmin | Trojan.Generic.daixb |
| K7AntiVirus | Riskware ( 0040eff71 ) |
| K7GW | Riskware ( 0040eff71 ) |
| Kaspersky | HEUR:Trojan-DDoS.Win32.Nitol.gen |
| Kingsoft | malware.kb.a.1000 |
| Lionic | Trojan.Win32.Generic.m2Bz |
| MAX | malware (ai score=87) |
| Malwarebytes | Generic.Malware.AI.DDS |
| MaxSecure | Trojan.Win32.Nitol.B |
| McAfee | GenericRXBM-PT!C44D5A3C6287 |
| MicroWorld-eScan | Trojan.GenericKDZ.94849 |
| Microsoft | DDoS:Win32/Nitol!atmnm |
| NANO-Antivirus | Trojan.Win32.GenKryptik.fnpyle |
| Panda | Trj/Genetic.gen |
| Rising | Backdoor.Overie!1.C6A2 (CLASSIC) |
| SUPERAntiSpyware | Trojan.Agent/Gen-ServStart |
| Sangfor | Suspicious.Win32.Save.ins |
| SentinelOne | Static AI - Malicious PE |
| Skyhigh | BehavesLike.Win32.Generic.km |
| Sophos | Troj/Agent-BEJD |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2017-05-07 00:04:14
PE Imphash
286870a926664a5129b8b68ed0d4a8eb
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x0000511c | 0x00006000 | 5.825276504152636 |
| .rdata | 0x00007000 | 0x00000b3c | 0x00001000 | 4.0677369231603935 |
| .data | 0x00008000 | 0x000014c8 | 0x00001000 | 4.925372910738758 |
| .rsrc | 0x0000a000 | 0x00005300 | 0x00006000 | 2.8167558926641685 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_BITMAP | 0x0000d248 | 0x00000ac4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_ICON | 0x0000c370 | 0x00000ea8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_ICON | 0x0000c370 | 0x00000ea8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_ICON | 0x0000c370 | 0x00000ea8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_ICON | 0x0000c370 | 0x00000ea8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_ICON | 0x0000c370 | 0x00000ea8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_ICON | 0x0000c370 | 0x00000ea8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_DIALOG | 0x0000e0d0 | 0x00000826 | LANG_ENGLISH | SUBLANG_ENGLISH_NZ | None |
| RT_DIALOG | 0x0000e0d0 | 0x00000826 | LANG_ENGLISH | SUBLANG_ENGLISH_NZ | None |
| RT_STRING | 0x0000f1d0 | 0x0000012a | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_GROUP_ICON | 0x0000d218 | 0x00000030 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_GROUP_ICON | 0x0000d218 | 0x00000030 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_VERSION | 0x0000dd10 | 0x000003c0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library MSVCRT.dll:
• 0x407078 _controlfp
• 0x40707c __set_app_type
• 0x407080 __p__fmode
• 0x407084 __p__commode
• 0x407088 _adjust_fdiv
• 0x40708c __setusermatherr
• 0x407090 _initterm
• 0x407094 __getmainargs
• 0x407098 _acmdln
• 0x40709c exit
• 0x4070a0 _XcptFilter
• 0x4070a4 _exit
• 0x4070a8 _except_handler3
• 0x4070ac strstr
• 0x4070b0 strcspn
• 0x4070b4 strncpy
• 0x4070b8 atoi
• 0x4070bc time
• 0x4070c0 srand
• 0x4070c4 rand
• 0x4070c8 realloc
• 0x4070cc free
• 0x4070d0 malloc
• 0x4070d4 sprintf
Library KERNEL32.dll:
• 0x407000 ReleaseMutex
• 0x407004 Sleep
• 0x407008 lstrcpyA
• 0x40700c CreateProcessA
• 0x407010 TerminateProcess
• 0x407014 ExitThread
• 0x407018 GetStartupInfoA
• 0x40701c GetModuleHandleA
• 0x407020 WaitForSingleObject
• 0x407024 GetModuleFileNameA
• 0x407028 CreateFileA
• 0x40702c SetFilePointer
• 0x407030 WriteFile
• 0x407034 lstrcpynA
• 0x407038 lstrlenA
• 0x40703c OpenMutexA
• 0x407040 GetComputerNameA
• 0x407044 ExitProcess
• 0x407048 GetCurrentProcess
• 0x40704c GetCurrentThread
• 0x407050 CloseHandle
• 0x407054 CreateThread
• 0x407058 LoadLibraryA
• 0x40705c GetProcAddress
• 0x407060 GetSystemDefaultUILanguage
• 0x407064 GetTickCount
Library USER32.dll:
• 0x4070f4 wsprintfA
Library SHLWAPI.dll:
• 0x4070ec SHDeleteKeyA
Library WS2_32.dll:
• 0x4070fc setsockopt
• 0x407100 recv
• 0x407104 __WSAFDIsSet
• 0x407108 select
• 0x40710c send
• 0x407110 WSAIoctl
• 0x407114 WSAStartup
• 0x407118 htons
• 0x40711c inet_ntoa
• 0x407120 htonl
• 0x407124 socket
• 0x407128 connect
• 0x40712c closesocket
• 0x407130 inet_addr
• 0x407134 sendto
• 0x407138 WSACleanup
L!This program cannot be run in DOS mode.
|*8D8D8D
4DJ<DWN3DW@:D
O:D8EvD@;DO<DB9DRich8D
`.rdata
@.data
SUV5Xp@
D$tPhL@
20D$(ND$)T\$*L$8D$9D$:D$;\$<D$
L$@D$AD$BD$C3\$DD$HVD$IiD$JsD$KtD$La\$ML$ D$!8D$"T$#T$ST$,T$
D$QD$RD$
\$$D$07\$1L$PD$TRL$U\$V\$-L$
w0|$(3u
+t$h|$h
;u!8$j
PD$HSD$IP\$J
T$lD$xRT$xL$lPQSh@
PD$$MD$%HD$&z\$'
M D$XFD$\D$`rD$YiD$ZnD$[dD$]CD$^PD$_UD$aED$bD$cD$doD$e\$f|$X3+
T$pRW&
t$(S9^
D$$GD$%bD$&pD$'s\$(P-
D$,MD$-bD$.pD$/s\$0R
L$0D$,@\
QSUVt$
<=u>D$
txHtnHtaHtTHtG
tOHt>Ht#
n_^[SVW|$
WVWSMu]
_^[SVt$
WVSOu_
^[U@SVWj
Ku_^[U
SV5Xp@
j Y3)hl@
PQPPEj
SV5Xp@
VUVV_^[UjhPq@
|PSXSh
|Pd\SVhEj
PSpSxQuPVV
@|Pd\SxQupP
SV5Xp@
SEPhD@
SEPhX@
SEPhl@
SEPhP@
SPj@E3Y3j@fY3}|fj@3Y
|VPEPECEOEMESEPEEEC]U
EE/PPEcE EdEeElE ]E E>E EnEuEl]U
Ej@E|EE^h
]EOEpEeEn]]]uUh
t9VuUh
SVW=Xp@
VEPhl@
jL3YSh8
EuErElEmEoEnE.EdElEl]EUERELEDEoEwEnElEoEaEdETEoEFEiElEeEA]
Ht!Hu@
j@3Yh@
PEoEpEeEn]PPP
SPPEPS
j@3Yj fY3%$fPh
$PPUEP
j@3Yj fY3fPh
U_^[VSh
VZjA3YEVPh
PESEYESETEEEME\ECEuErErEeEnEtECEoEnEtErEoElESEeEtE\ESEeErEvEiEcEeEsE\]
V{jA3YdEVPdh
PESEYESETEEEME\ECEuErErEeEnEtECEoEnEtErEoElESEeEtE\ESEeErEvEiEcEeEsE\]
SV5Xp@
SEPh @
E%EcE%EcE%EcEhEoEsEtE.EeExEe
YaPEPLP
E\EDEeEbEue
}3EgE\+P
YY3jAEaYEt
EbE E+EaE e
Y3}E+EsE E+EhE E+ErE
EPU_^[U
SVWj@3Yfp@
j@Yfh
jA3Yp@
SV5Xp@
SEPj@E3Y3ESf}
3EYESETEEEME\ECEuErErEeEnEtECEoEnEtErEoElESEeEtE\ESEeErEvEiEcEeEsE\U+
X3Ujh`q@
jAY3ESEYESETEEEME\ECEuErErEeEnEtECEoEnEtErEoElESEeEtE\ESEeErEvEiEcEeEsE\]u
SSSSSu
ttPV83<<
`\hdpl
\H@8Pj
uV9u8=1
_^[39t
SUV5Xp@
VVVh.@
VVVVVh< @
SUV5Xp@
Ht~HtDHHu0j
VcYt e
EuPEV7@
j@Y3fPaj
33%p@
Ujhpq@
hSVWe3
EPEPEP
0u>"u:Fu
<"u>"u
> vFuj
YY3%xp@
SUV5Xp@
T$!D$"D$%T$&D$.D$2D$8D$:D$<rlx2D$
\D$ ID$ nL$#D$$nD$' D$(ET$)D$*p\$+D$,oL$-L$/D$0\D$1iT$3D$4p\$5D$6oL$7D$9.T$;D$=D$BL$
D$@PQ_^]
SUV5Xp@
D$0IP$P
t4-4q@
SQVOuj
SUV5Xp@
L$ QfD$
SUV5Xp@
D$$Ph|@
L$0f|$ Q
1tGT$ @j|P
SUV5Xp@
\$4\$8\$0\$(\$,\$$
D$LD$$L$ PT$,QD$8RL$8P$
t4D$,L$0T$(D$
D$6|$UD$:h
fD$FD$Xfj
t$Pf\$@
SPD$\T$dT$
D$8fD$4
j5fD$6@
D$TED$U
L$8fD$X3
ft$ZPD$`D$a
ft$bL$h
j5D$dfD$j
Rj fD$lft$nfD$lL$pj
L$x|$|
D$xD$p%D$p3
JBuCD$
D$}D$~
j,33L$hT$tfD$d$
fD$nD$4j
PVL$`j3QR
SUVWhp@
3|$<D$8D
D$LfD$P
D$ RPj
D$dL$dPT$hQ$
D$dRPl
SUVWhp@
3|$<D$8D
L$Lu.|q@
T$ QRj
tNPu$T$d$
PD$lRPQ$
SUV5Xp@
fD$(fD$
trj(p@$X
SUVWhp@
QRVVT$
SUVWhp@
QRVVT$
_^][Ujhu@
3)f(Ph
RSj((PMQ
SUV5Xp@
2.\$:L$;L$?L$A\$B43j
L$GL$HS3Sh
T$PD$Q9T$TD$U6D$V8T$X\$]fL$b
RfD$b$
Rt$ h`
@PfD$$$
5fD$*f
D$,\$0D$4PD$5
fD$6f\$8f\$:\$`D$a
t$p|$tfD$^L$\L$x
t$$|$|T$pj RF
|$xfD$<
D$xj(P
@L$DPh@
t$ f\$8
t$pt$$L$\D$(D$ L$x
|$|T$pD$tj R
|$xfD$<
D$xj(P
D$PL$`j
QST$|j(RP
D$LHD$L
SUV5Xp@
D$TP$t
D$HQ3j
_^]3[p
T$1T$5T$9T$=fT$AT$C=@
D$ D$!
BRT$@h@
L$TQD$(
SVWhp@
SUV5Xp@
D$(IP$
T$$-4q@
SQVOuj
SUVWhp@
QPVVT$
_^][Q=
B8t6t8t't
GET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm
MFC42.DLL
malloc
sprintf
realloc
strncpy
strcspn
strstr
_except_handler3
MSVCRT.dll
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
GetTickCount
lstrcpyA
GetComputerNameA
GetSystemDefaultUILanguage
GetProcAddress
LoadLibraryA
CreateThread
CloseHandle
GetCurrentThread
GetCurrentProcess
ExitProcess
ReleaseMutex
OpenMutexA
lstrlenA
lstrcpynA
WriteFile
SetFilePointer
CreateFileA
GetModuleFileNameA
WaitForSingleObject
GetModuleHandleA
GetStartupInfoA
KERNEL32.dll
wsprintfA
USER32.dll
SHChangeNotify
ShellExecuteExA
ShellExecuteA
SHELL32.dll
SHDeleteKeyA
SHLWAPI.dll
WSAIoctl
WS2_32.dll
GetIfTable
GetAdaptersInfo
iphlpapi.dll
ExitThread
TerminateProcess
CreateProcessA
RegOpenKeyExA
RegCloseKey
GetVersionExA
GetSystemInfo
GlobalMemoryStatusEx
RegQueryValueExA
KERNEL32.dll
ADVAPI32.dll
0.0.0.0
%d*%u%s
HARDWARE\DESCRIPTION\System\CentralProcessor\0
%s %s%d
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
KERNEL32.dll
ADVAPI32.dll
WS2_32.dll
CreateThread
closesocket
GetTempPathA
RegCloseKey
SetServiceStatus
RegisterServiceCtrlHandlerA
lstrcatA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
CopyFileA
RegSetValueExA
StartServiceA
RegOpenKeyA
UnlockServiceDatabase
ChangeServiceConfig2A
CreateServiceA
LockServiceDatabase
GetLastError
ExitProcess
GetCurrentThreadId
CreateMutexA
DeleteService
GetModuleFileNameA
GetShortPathNameA
GetEnvironmentVariableA
SetPriorityClass
SetThreadPriority
WinExec
RegOpenKeyExA
SetServiceStatus
WaitForSingleObject
GetModuleFileNameA
GetWindowsDirectoryA
StartServiceCtrlDispatcherA
CreateFileA
GetFileSize
VirtualAlloc
ReadFile
FindFirstFileA
WriteFile
FindClose
SetFileAttributesA
3d3d3R3m1h3c0eQJEhYQFxRD
Serpiei
Microsoft .Net Frameworek COMi+ Suppoot
Microsoft .NET COM+ Integration with SOAP
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
www.baidu.com
%d.exe
GetTickCount
gethostbyname
GetSystemDirectoryA
lstrcatA
lstrcpyA
setsockopt
WSAStartup
closesocket
WSASocketA
gethostname
KERNEL32.dll
WS2_32.dll
GET %s HTTP/1.1
Content-Type: text/html
Host: %s
Accept: text/html, */*
User-Agent:Mozilla/5.0 (X11; U; Linux i686; en-US; re:1.4.0) Gecko/20080808 Firefox/%d.0
GET %s HTTP/1.1
Referer: http://%s:80/http://%s
Host: %s
Connection: Close
Cache-Control: no-cache
%s %s%s
GET %s HTTP/1.1
Content-Type: text/html
Host: %s:%d
Accept: text/html, */*
User-Agent:Mozilla/4.0 (compatible; MSIE %d.00; Windows NT %d.0; MyIE 3.01)
GET %s HTTP/1.1
Content-Type: text/html
Host: %s
Accept: text/html, */*
User-Agent:Mozilla/4.0 (compatible; MSIE %d.00; Windows NT %d.0; MyIE 3.01)
GET %s HTTP/1.1
Host: %s:%d
GET %s HTTP/1.1
Host: %s
GET %s HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent:Mozilla/4.0 (compatible; MSIE %d.0; Windows NT %d.1; SV1)
Host: %s:%d
Connection: Keep-Alive
GET %s HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent:Mozilla/4.0 (compatible; MSIE %d.0; Windows NT %d.1; SV1)
Host: %s
Connection: Keep-Alive
GET %s HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: %s
Connection: Keep-Alive
%d.%d.%d.%d
DDD@DDD@DDD@
DDD@DDD@
,",D@p
DD@DD@
D@ D@
DDLLDDDL
LLDDLDD
DDDLDLD
LDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
DDDDD@
zoqTvEpt6yzoqTvEpt6yzoqTvEpt6yzoqTvEpt6yzoqTvEpt6yxjF80X66xLxjF80X66xLxjF80X66xLxjF80X66xLxjF80X66xLg6ewSb7d9hg6ewSb7d9hg6ewSb7d9hg6ewSb7d9hg6ewSb7d9hFd1X4yzJdHFd1X4yzJdHFd1X4yzJdHFd1X4yzJdHFd1X4yzJdH496cfnLzub496cfnLzub496cfnLzub496cfnLzub496cfnLzubTM1iXxfUQDTM1iXxfUQDTM1iXxfUQDTM1iXxfUQDTM1iXxfUQDEpIQsLGPUZEpIQsLGPUZEpIQsLGPUZEpIQsLGPUZEpIQsLGPUZWxNZZCsLwFWxNZZCsLwFWxNZZCsLwFWxNZZCsLwFWxNZZCsLwFlwhyo9u8
lwhyo9u8
lwhyo9u8
lwhyo9u8
lwhyo9u8
5UaCpRQpCl5UaCpRQpCl5UaCpRQpCl5UaCpRQpCl5UaCpRQpCl56zU5vfpY
56zU5vfpY
56zU5vfpY
56zU5vfpY
56zU5vfpY
rC0Va4CXM
rC0Va4CXM
rC0Va4CXM
rC0Va4CXM
rC0Va4CXM
OtItbzkpjFOtItbzkpjFOtItbzkpjFOtItbzkpjFOtItbzkpjFpTVTzZMY5bpTVTzZMY5bpTVTzZMY5bpTVTzZMY5bpTVTzZMY5b95nLyoLfgD95nLyoLfgD95nLyoLfgD95nLyoLfgD95nLyoLfgDKQ3ugM2NgIKQ3ugM2NgIKQ3ugM2NgIKQ3ugM2NgIKQ3ugM2NgI1fufFwDgia1fufFwDgia1fufFwDgia1fufFwDgia1fufFwDgiacSqjPHqz
cSqjPHqz
cSqjPHqz
cSqjPHqz
cSqjPHqz
0yRlsO2gZa0yRlsO2gZa0yRlsO2gZa0yRlsO2gZa0yRlsO2gZaKpuc3IlpojKpuc3IlpojKpuc3IlpojKpuc3IlpojKpuc3Ilpoj4JLODqkL5
4JLODqkL5
4JLODqkL5
4JLODqkL5
4JLODqkL5
FKQNeJeZJkFKQNeJeZJkFKQNeJeZJkFKQNeJeZJkFKQNeJeZJkjaRdVntNDHjaRdVntNDHjaRdVntNDHjaRdVntNDHjaRdVntNDHaUjSiSVWZ
aUjSiSVWZ
aUjSiSVWZ
aUjSiSVWZ
aUjSiSVWZ
8vHUOJtOm98vHUOJtOm98vHUOJtOm98vHUOJtOm98vHUOJtOm9S3ZMsYtVrlS3ZMsYtVrlS3ZMsYtVrlS3ZMsYtVrlS3ZMsYtVrl4se0OkyoF
4se0OkyoF
4se0OkyoF
4se0OkyoF
4se0OkyoF
ytefIfrpa
ytefIfrpa
ytefIfrpa
ytefIfrpa
ytefIfrpa
wlFHQlexx
wlFHQlexx
wlFHQlexx
wlFHQlexx
wlFHQlexx
aUblvMHtOgaUblvMHtOgaUblvMHtOgaUblvMHtOgaUblvMHtOgXasNEdIadTXasNEdIadTXasNEdIadTXasNEdIadTXasNEdIadTLC6ElsjKd
LC6ElsjKd
LC6ElsjKd
LC6ElsjKd
LC6ElsjKd
YjllDXQ4YhYjllDXQ4YhYjllDXQ4YhYjllDXQ4YhYjllDXQ4YhidxEb1dVK
idxEb1dVK
idxEb1dVK
idxEb1dVK
idxEb1dVK
ZEgJpdf03
ZEgJpdf03
ZEgJpdf03
ZEgJpdf03
ZEgJpdf03
T3fMaq8uptT3fMaq8uptT3fMaq8uptT3fMaq8uptT3fMaq8uptEII6kYVmjEEII6kYVmjEEII6kYVmjEEII6kYVmjEEII6kYVmjEQOVe8RL7ePQOVe8RL7ePQOVe8RL7ePQOVe8RL7ePQOVe8RL7ePQ3IPFsRaJnQ3IPFsRaJnQ3IPFsRaJnQ3IPFsRaJnQ3IPFsRaJnr3iIOvcdJzr3iIOvcdJzr3iIOvcdJzr3iIOvcdJzr3iIOvcdJzzzt6ZC8a4
zzt6ZC8a4
zzt6ZC8a4
zzt6ZC8a4
zzt6ZC8a4
O3JmKpblZ
O3JmKpblZ
O3JmKpblZ
O3JmKpblZ
O3JmKpblZ
7rPtxVSdDw7rPtxVSdDw7rPtxVSdDw7rPtxVSdDw7rPtxVSdDwtkV0v4j3C
tkV0v4j3C
tkV0v4j3C
tkV0v4j3C
tkV0v4j3C
hiYNSRMiw5hiYNSRMiw5hiYNSRMiw5hiYNSRMiw5hiYNSRMiw5yFZfteR0aqyFZfteR0aqyFZfteR0aqyFZfteR0aqyFZfteR0aq3hW8FFm9b83hW8FFm9b83hW8FFm9b83hW8FFm9b83hW8FFm9b8fuai7lbfgofuai7lbfgofuai7lbfgofuai7lbfgofuai7lbfgoqxXJPYlxmQqxXJPYlxmQqxXJPYlxmQqxXJPYlxmQqxXJPYlxmQM6q9xHnvX
M6q9xHnvX
M6q9xHnvX
M6q9xHnvX
M6q9xHnvX
4nRt1YlReM4nRt1YlReM4nRt1YlReM4nRt1YlReM4nRt1YlReM6TnRPNbKC
6TnRPNbKC
6TnRPNbKC
6TnRPNbKC
6TnRPNbKC
QdrdE8Wgt
QdrdE8Wgt
QdrdE8Wgt
QdrdE8Wgt
QdrdE8Wgt
vP9htL00o7vP9htL00o7vP9htL00o7vP9htL00o7vP9htL00o7IJMem6dS5wIJMem6dS5wIJMem6dS5wIJMem6dS5wIJMem6dS5wgiOr7Y7dq
giOr7Y7dq
giOr7Y7dq
giOr7Y7dq
giOr7Y7dq
2OtptdFOH62OtptdFOH62OtptdFOH62OtptdFOH62OtptdFOH60FIaMUwQUx0FIaMUwQUx0FIaMUwQUx0FIaMUwQUx0FIaMUwQUxura69kRNv
ura69kRNv
ura69kRNv
ura69kRNv
ura69kRNv
1XFE8gujvr1XFE8gujvr1XFE8gujvr1XFE8gujvr1XFE8gujvr2Gu4UOwYDE2Gu4UOwYDE2Gu4UOwYDE2Gu4UOwYDE2Gu4UOwYDEUeVRSYmG7QUeVRSYmG7QUeVRSYmG7QUeVRSYmG7QUeVRSYmG7Q9NvgGt4aj
9NvgGt4aj
9NvgGt4aj
9NvgGt4aj
9NvgGt4aj
jiy1l1WIogjiy1l1WIogjiy1l1WIogjiy1l1WIogjiy1l1WIogKRZ0dVx7gsKRZ0dVx7gsKRZ0dVx7gsKRZ0dVx7gsKRZ0dVx7gsvoM85V9ML
voM85V9ML
voM85V9ML
voM85V9ML
voM85V9ML
aC5IHlee4naC5IHlee4naC5IHlee4naC5IHlee4naC5IHlee4nFJbtJRTQR
FJbtJRTQR
FJbtJRTQR
FJbtJRTQR
FJbtJRTQR
3a9gE84qsk3a9gE84qsk3a9gE84qsk3a9gE84qsk3a9gE84qskaoQQGWE9o
aoQQGWE9o
aoQQGWE9o
aoQQGWE9o
aoQQGWE9o
JdKlk8Ju
JdKlk8Ju
JdKlk8Ju
JdKlk8Ju
JdKlk8Ju
pZshWx5KNepZshWx5KNepZshWx5KNepZshWx5KNepZshWx5KNeZc0097p4JtZc0097p4JtZc0097p4JtZc0097p4JtZc0097p4JttRmpuSoLb
tRmpuSoLb
tRmpuSoLb
tRmpuSoLb
tRmpuSoLb
GFbvFwQoK
GFbvFwQoK
GFbvFwQoK
GFbvFwQoK
GFbvFwQoK
90XcNYhC2
90XcNYhC2
90XcNYhC2
90XcNYhC2
90XcNYhC2
SPnZTmoEURSPnZTmoEURSPnZTmoEURSPnZTmoEURSPnZTmoEURw26hEFlMbCw26hEFlMbCw26hEFlMbCw26hEFlMbCw26hEFlMbC0r61HghcRf0r61HghcRf0r61HghcRf0r61HghcRf0r61HghcRfxxNc6xiJS
xxNc6xiJS
xxNc6xiJS
xxNc6xiJS
xxNc6xiJS
oci21NcN9Zoci21NcN9Zoci21NcN9Zoci21NcN9Zoci21NcN9ZvHqxu9kQnOvHqxu9kQnOvHqxu9kQnOvHqxu9kQnOvHqxu9kQnOLjvYnJGTL6LjvYnJGTL6LjvYnJGTL6LjvYnJGTL6LjvYnJGTL6Hggk7XaEgLHggk7XaEgLHggk7XaEgLHggk7XaEgLHggk7XaEgLiMuwQWPi70iMuwQWPi70iMuwQWPi70iMuwQWPi70iMuwQWPi7096zVEzogR
96zVEzogR
96zVEzogR
96zVEzogR
96zVEzogR
UaalWyF9uWUaalWyF9uWUaalWyF9uWUaalWyF9uWUaalWyF9uW4Gqg7g19Np4Gqg7g19Np4Gqg7g19Np4Gqg7g19Np4Gqg7g19NpWj5PN7iWMvWj5PN7iWMvWj5PN7iWMvWj5PN7iWMvWj5PN7iWMvozMf9Uc8cMozMf9Uc8cMozMf9Uc8cMozMf9Uc8cMozMf9Uc8cM88K5Gqetw
88K5Gqetw
88K5Gqetw
88K5Gqetw
88K5Gqetw
xSnIJGEUj
xSnIJGEUj
xSnIJGEUj
xSnIJGEUj
xSnIJGEUj
X8zrpfIgC
X8zrpfIgC
X8zrpfIgC
X8zrpfIgC
X8zrpfIgC
bVrFW2jtv4bVrFW2jtv4bVrFW2jtv4bVrFW2jtv4bVrFW2jtv4TJ7YTqow7STJ7YTqow7STJ7YTqow7STJ7YTqow7STJ7YTqow7SiyZUsTzKS
iyZUsTzKS
iyZUsTzKS
iyZUsTzKS
iyZUsTzKS
mFSWaXc335mFSWaXc335mFSWaXc335mFSWaXc335mFSWaXc335pRqyY2edx
pRqyY2edx
pRqyY2edx
pRqyY2edx
pRqyY2edx
2swlZ1RyXn2swlZ1RyXn2swlZ1RyXn2swlZ1RyXn2swlZ1RyXnKSu6vyGN27KSu6vyGN27KSu6vyGN27KSu6vyGN27KSu6vyGN27p4myW1tOS
p4myW1tOS
p4myW1tOS
p4myW1tOS
p4myW1tOS
ujC9dZjkPpujC9dZjkPpujC9dZjkPpujC9dZjkPpujC9dZjkPpyXDTf0fWFJyXDTf0fWFJyXDTf0fWFJyXDTf0fWFJyXDTf0fWFJqggskQMg4
qggskQMg4
qggskQMg4
qggskQMg4
qggskQMg4
hp1Hfq5veehp1Hfq5veehp1Hfq5veehp1Hfq5veehp1Hfq5veercp3UpLykXrcp3UpLykXrcp3UpLykXrcp3UpLykXrcp3UpLykXz09jdtnEG3z09jdtnEG3z09jdtnEG3z09jdtnEG3z09jdtnEG3D0xbg9v7K
D0xbg9v7K
D0xbg9v7K
D0xbg9v7K
D0xbg9v7K
WvKv0KsJnmWvKv0KsJnmWvKv0KsJnmWvKv0KsJnmWvKv0KsJnmKnunMFQrv
KnunMFQrv
KnunMFQrv
KnunMFQrv
KnunMFQrv
hk9EYcru3Shk9EYcru3Shk9EYcru3Shk9EYcru3Shk9EYcru3SsmOHojgj0bsmOHojgj0bsmOHojgj0bsmOHojgj0bsmOHojgj0bTYVWRnUHaVTYVWRnUHaVTYVWRnUHaVTYVWRnUHaVTYVWRnUHaVUEbaDIE0s
UEbaDIE0s
UEbaDIE0s
UEbaDIE0s
UEbaDIE0s
YOIzMJbZx1YOIzMJbZx1YOIzMJbZx1YOIzMJbZx1YOIzMJbZx1GKm4XLGj
GKm4XLGj
GKm4XLGj
GKm4XLGj
GKm4XLGj
8GQtTdpqNz8GQtTdpqNz8GQtTdpqNz8GQtTdpqNz8GQtTdpqNzl0mNSEwGbil0mNSEwGbil0mNSEwGbil0mNSEwGbil0mNSEwGbiGH1QG6YtRHGH1QG6YtRHGH1QG6YtRHGH1QG6YtRHGH1QG6YtRH4NmHndcY8R4NmHndcY8R4NmHndcY8R4NmHndcY8R4NmHndcY8Rl3mS4yfVHql3mS4yfVHql3mS4yfVHql3mS4yfVHql3mS4yfVHqEnjfJzZc3vEnjfJzZc3vEnjfJzZc3vEnjfJzZc3vEnjfJzZc3vcCGtCUp3
cCGtCUp3
cCGtCUp3
cCGtCUp3
cCGtCUp3
pkZzGl0Mm
pkZzGl0Mm
pkZzGl0Mm
pkZzGl0Mm
pkZzGl0Mm
tJe859DZKutJe859DZKutJe859DZKutJe859DZKutJe859DZKub9I7OrGM
b9I7OrGM
b9I7OrGM
b9I7OrGM
b9I7OrGM
sQhG2uSEo
sQhG2uSEo
sQhG2uSEo
sQhG2uSEo
sQhG2uSEo
SKcexQuVreSKcexQuVreSKcexQuVreSKcexQuVreSKcexQuVreWPRzpciX6
WPRzpciX6
WPRzpciX6
WPRzpciX6
WPRzpciX6
P5t4pzmrZ
P5t4pzmrZ
P5t4pzmrZ
P5t4pzmrZ
P5t4pzmrZ
mWKNjKysK
mWKNjKysK
mWKNjKysK
mWKNjKysK
mWKNjKysK
NlD1FQpR9
NlD1FQpR9
NlD1FQpR9
NlD1FQpR9
NlD1FQpR9
yCIgxDY1
yCIgxDY1
yCIgxDY1
yCIgxDY1
yCIgxDY1
9fdVyGw6Ms9fdVyGw6Ms9fdVyGw6Ms9fdVyGw6Ms9fdVyGw6Ms7hLZnszeru7hLZnszeru7hLZnszeru7hLZnszeru7hLZnszeruZFQLq4oqksZFQLq4oqksZFQLq4oqksZFQLq4oqksZFQLq4oqksGpPRC0dYHRGpPRC0dYHRGpPRC0dYHRGpPRC0dYHRGpPRC0dYHReCF4EykcVgeCF4EykcVgeCF4EykcVgeCF4EykcVgeCF4EykcVgqE5D3a953JqE5D3a953JqE5D3a953JqE5D3a953JqE5D3a953JVN1QPvQWnkVN1QPvQWnkVN1QPvQWnkVN1QPvQWnkVN1QPvQWnkwhtTRFnJ7
whtTRFnJ7
whtTRFnJ7
whtTRFnJ7
whtTRFnJ7
Wa8gaQJ1O
Wa8gaQJ1O
Wa8gaQJ1O
Wa8gaQJ1O
Wa8gaQJ1O
jS5YbQQ685jS5YbQQ685jS5YbQQ685jS5YbQQ685jS5YbQQ685Kc9uj9uxD
Kc9uj9uxD
Kc9uj9uxD
Kc9uj9uxD
Kc9uj9uxD
vPejoIRUz2vPejoIRUz2vPejoIRUz2vPejoIRUz2vPejoIRUz2CDxsnNMzq1CDxsnNMzq1CDxsnNMzq1CDxsnNMzq1CDxsnNMzq17J0jKlzUxM7J0jKlzUxM7J0jKlzUxM7J0jKlzUxM7J0jKlzUxMzLS2TlHZmIzLS2TlHZmIzLS2TlHZmIzLS2TlHZmIzLS2TlHZmIbN3SeafZ
bN3SeafZ
bN3SeafZ
bN3SeafZ
bN3SeafZ
JHOUkQhUhZJHOUkQhUhZJHOUkQhUhZJHOUkQhUhZJHOUkQhUhZPFNfMc29g
PFNfMc29g
PFNfMc29g
PFNfMc29g
PFNfMc29g
54XaHKSKvQ54XaHKSKvQ54XaHKSKvQ54XaHKSKvQ54XaHKSKvQqEr0U1UkfwqEr0U1UkfwqEr0U1UkfwqEr0U1UkfwqEr0U1Ukfwg8aMLy4HXEg8aMLy4HXEg8aMLy4HXEg8aMLy4HXEg8aMLy4HXEWNvM4cfDzWWNvM4cfDzWWNvM4cfDzWWNvM4cfDzWWNvM4cfDzWSJXbVRfDX0SJXbVRfDX0SJXbVRfDX0SJXbVRfDX0SJXbVRfDX0kUmk4aPU3
kUmk4aPU3
kUmk4aPU3
kUmk4aPU3
kUmk4aPU3
YjumadlJtVYjumadlJtVYjumadlJtVYjumadlJtVYjumadlJtVt7Xfsf3NK6t7Xfsf3NK6t7Xfsf3NK6t7Xfsf3NK6t7Xfsf3NK61nZq6OlKUL1nZq6OlKUL1nZq6OlKUL1nZq6OlKUL1nZq6OlKULdI2DFmsr02dI2DFmsr02dI2DFmsr02dI2DFmsr02dI2DFmsr02HJ3iw9jPXHHJ3iw9jPXHHJ3iw9jPXHHJ3iw9jPXHHJ3iw9jPXHG7Elks3CyCG7Elks3CyCG7Elks3CyCG7Elks3CyCG7Elks3CyCypSkZMWYxnypSkZMWYxnypSkZMWYxnypSkZMWYxnypSkZMWYxnc4v7vLL99Tc4v7vLL99Tc4v7vLL99Tc4v7vLL99Tc4v7vLL99T9xW3cwmrG
9xW3cwmrG
9xW3cwmrG
9xW3cwmrG
9xW3cwmrG
8Vn5ySDDLI8Vn5ySDDLI8Vn5ySDDLI8Vn5ySDDLI8Vn5ySDDLIGY7dV1lCh
GY7dV1lCh
GY7dV1lCh
GY7dV1lCh
GY7dV1lCh
itigM6OmmpitigM6OmmpitigM6OmmpitigM6OmmpitigM6OmmpFsewUOWhgQFsewUOWhgQFsewUOWhgQFsewUOWhgQFsewUOWhgQ4pOrQubLvo4pOrQubLvo4pOrQubLvo4pOrQubLvo4pOrQubLvoJpuJwRZVk6JpuJwRZVk6JpuJwRZVk6JpuJwRZVk6JpuJwRZVk6zLrPTaHFCbzLrPTaHFCbzLrPTaHFCbzLrPTaHFCbzLrPTaHFCbHZVVx5ht7
HZVVx5ht7
HZVVx5ht7
HZVVx5ht7
HZVVx5ht7
dhZq03a8qTdhZq03a8qTdhZq03a8qTdhZq03a8qTdhZq03a8qTtP9NibHekgtP9NibHekgtP9NibHekgtP9NibHekgtP9NibHekgToe7V1rOkvToe7V1rOkvToe7V1rOkvToe7V1rOkvToe7V1rOkvo7VjXO13bKo7VjXO13bKo7VjXO13bKo7VjXO13bKo7VjXO13bK
f�f�f�3�3�f�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�4�0�9�0�4�b�0�
C�o�m�m�e�n�t�s�
C�o�m�p�a�n�y�N�a�m�e�
H�e�l�l�o� �W�o�r�l�d�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
C�l�i�e�n� �L�o�c�a�l� �R�u�n�P�r�o�c�e�s�s�
F�i�l�e�V�e�r�s�i�o�n�
1�0�.�0�.�1�4�3�9�3�.�0� �(�r�s�1�_�r�e�l�e�a�s�e�.�1�6�0�7�1�5�-�1�6�1�6�)�
I�n�t�e�r�n�a�l�N�a�m�e�
h�e�l�l�o�.�e�x�e�
L�e�g�a�l�C�o�p�y�r�i�g�h�t�
A�l�l� �r�i�g�h�t�s� �r�e�s�e�r�v�e�d�.�
L�e�g�a�l�T�r�a�d�e�m�a�r�k�s�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
H�e�l�l�o� �W�o�r�l�d�
P�r�i�v�a�t�e�B�u�i�l�d�
P�r�o�d�u�c�t�N�a�m�e�
H�e�l�l�o� �W�o�r�l�d�
�O�p�e�r�a�t�i�n�g� �S�y�s�t�e�m�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
1�7�.�0�0�0�.�1�4�3�9�3�.�0�8�
S�p�e�c�i�a�l�B�u�i�l�d�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
M�S� �S�a�n�s� �S�e�r�i�f�
T�O�D�O�:� �P�l�a�c�e� �d�i�a�l�h�g�d�c�c�j�k� �v�f�y�t�d�f�g� �c�x� � �g�d� �f�d�g�h� �j�d�o�g� �c�o�n�t�r�o�l�s� �h�e�r�e�.�
C�a�n�c�e�l�
C�a�n�c�e�l�
C�a�n�c�e�l�
C�a�n�c�e�l�
C�a�n�c�e�l�
C�a�n�c�e�l�
C�a�n�c�e�l�
C�a�n�c�e�l�
A�b�o�u�t� �M�F�C�
M�S� �S�a�n�s� �S�e�r�i�f�
U�O�L�E� �i�n�i�t�i�a�l�i�z�a�t�i�o�n� �n�a�i�l�e�d�.� � �M�a�k�e� �s�u�r�e� �t�h�a�t� �t�h�e� �O�L�E� �l�i�b�r�a�r�i�e�s� �a�r�e� �t�h�e� �c�o�r�r�e�c�t� �v�e�r�s�i�o�n�.�
&�A�b�o�u�t� �M�F�C�.�.�.�
#�W�i�n�d�o�w�s� �s�o�c�k�e�t�s� �i�n�a�l�i�z�a�t�i�o�n� �f�a�i�l�e�d�.�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.