1.2
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.87
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Allaple [Wrm] | 20190914 | 18.4.3895.0 |
| Baidu | Win32.Trojan.Kryptik.gf | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | Worm.AllApleT.cz.67868 | 20190914 | 2013.8.14.323 |
| McAfee | W32/RAHack | 20190914 | 6.0.6.653 |
| Tencent | Worm.Win32.Allaple.e | 20190914 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(2 个事件)
| section | .rdata\x00p |
| section | .brdata |
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(3 个事件)
| section | {'name': '.data', 'virtual_address': '0x00015000', 'virtual_size': '0x0000a65a', 'size_of_data': '0x0000a800', 'entropy': 7.9961360785659625} | entropy | 7.9961360785659625 | description | 发现高熵的节 | |||||||||
| section | {'name': '.brdata', 'virtual_address': '0x00020000', 'virtual_size': '0x00005000', 'size_of_data': '0x00005000', 'entropy': 7.9923959437222605} | entropy | 7.9923959437222605 | description | 发现高熵的节 | |||||||||
| entropy | 0.8211920529801324 | description | 此PE文件的整体熵值较高 | |||||||||||
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 65 个反病毒引擎识别为恶意
(50 out of 65 个事件)
| ALYac | Win32.Worm.Allaple.Gen |
| APEX | Malicious |
| AVG | Win32:Allaple [Wrm] |
| Acronis | suspicious |
| Ad-Aware | Win32.Worm.Allaple.Gen |
| AhnLab-V3 | Win-Trojan/Starman2.Gen |
| Antiy-AVL | Worm[Net]/Win32.Allaple.gen |
| Arcabit | Win32.Worm.Allaple.Gen |
| Avast | Win32:Allaple [Wrm] |
| Avira | WORM/Allaple.gcuzf |
| Baidu | Win32.Trojan.Kryptik.gf |
| BitDefender | Win32.Worm.Allaple.Gen |
| Bkav | W32.CrypticB.Trojan |
| CAT-QuickHeal | I-Worm.Allaple.gen |
| CMC | Net-Worm.Win32.Allaple.1!O |
| ClamAV | Win.Worm.Allaple-204 |
| Comodo | NetWorm.Win32.Allaple.GEN@1ei64a |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.a55f5c |
| Cylance | Unsafe |
| Cyren | W32/Allaple.E.gen!Eldorado |
| DrWeb | Trojan.Starman.6712 |
| ESET-NOD32 | a variant of Win32/Allaple.Gen |
| Emsisoft | Win32.Worm.Allaple.Gen (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Allaple.A.gen!Eldorado |
| F-Secure | Net-Worm:W32/Allaple.gen!B |
| FireEye | Generic.mg.db81ba8a55f5c4e3 |
| Fortinet | W32/Allaple.gen!tr |
| GData | Win32.Worm.Allaple.Gen |
| Ikarus | Worm.Patched |
| Invincea | heuristic |
| Jiangmin | Worm/Allaple.Gen |
| K7AntiVirus | NetWorm ( f10000041 ) |
| K7GW | NetWorm ( f10000041 ) |
| Kaspersky | Net-Worm.Win32.Allaple.e |
| Kingsoft | Worm.AllApleT.cz.67868 |
| Lionic | Worm.Win32.Allaple.mzO6 |
| MAX | malware (ai score=81) |
| McAfee | W32/RAHack |
| McAfee-GW-Edition | BehavesLike.Win32.RAHack.mc |
| MicroWorld-eScan | Win32.Worm.Allaple.Gen |
| Microsoft | Worm:Win32/Allaple.A |
| NANO-Antivirus | Virus.Win32.Allaple.bkbmt |
| Panda | W32/Rahack.gen.worm |
| Qihoo-360 | Worm.Win32.Allaple.K |
| Rising | Worm.Allaple!1.AB29 (CLASSIC) |
| SUPERAntiSpyware | Worm.Agent/Gen-Allaple |
| SentinelOne | DFI - Malicious PE |
| Sophos | W32/Allaple-F |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
1989-09-06 20:23:06
PE Imphash
5d4b0986b7a32699fdf54f680e634fcb
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x00003428 | 0x00003600 | 6.689792278591837 |
| .rdata\x00p | 0x00005000 | 0x00010000 | 0x00000000 | 0.0 |
| .data | 0x00015000 | 0x0000a65a | 0x0000a800 | 7.9961360785659625 |
| .brdata | 0x00020000 | 0x00005000 | 0x00005000 | 7.9923959437222605 |
Imports
Library KERNEL32.dll:
• 0x40448c SetPriorityClass
• 0x404490 DeleteFileA
• 0x404494 GetLogicalDriveStringsA
• 0x404498 GetThreadPriority
• 0x40449c GetSystemInfo
• 0x4044a0 MapViewOfFileEx
• 0x4044a4 GetVersionExW
• 0x4044a8 GetCPInfoExA
• 0x4044ac ReadFileScatter
• 0x4044b0 FreeLibraryAndExitThread
• 0x4044b4 SetFilePointer
L!This program cannot be run in DOS mode.
opRichg
.rdata
.brdata
l2i!G)
?J? GN.TlQ\j6
7@U2(
qbb\PG:*5
Rj+Bt1"4It`on}
OKZ?9?
+=8X9c
4;Q9}U'
wbb\PG
W!0Zd2
Dh-Rj+Bt1O4It`on}
OKZ?9?
+=8X9c
4;Q9}U'
wbb\PG
W!0Zd2
Dh-Rj+Bt1O4It`on}
OKZ?9?
+=8X9c
4;Q9}U'
wbb\PG
W!0Zd2
Dh-Rj+Bt1O4It`on}
OKZ?9?
+=8X9c
4;Q9}U'
wbb\PG
W!0Zd2
Dh-Rj+Bt1O4It`on}
OKZ?9?
+=8X9c
4;Q9}U'
wbb\PG
W!0Zd2
Dh-Rj+Bt1O4It`on}
Xm U!|,l s
amnT/g
'=7O0
hl<oz^x'<x,
T=3tFNEl<QAMJc9
H.0CqcJ
{sfw!f
hwdivp9
a" RIT
'D:c3Y
R}l&!}1UB<3?
L7,G'Gz3U !y
8oh X]:Ua|
0zo:t[
IWE2oS
/vkvCN|v
T$f3\$
\$+f3\$
\$ff+\$
L$|${nf
T$#f+3
D$f+D$
L$f33L$
\$f3D$
T$+|$3
\$f3T$
Afff33
\$f+\$
\$f#f+
|$D$f+f
L$f#D$
|$f+f3f33
T$f3L$
D$f+\$
D$f3T$
333f#@
f+|$T$f+f
L$+f#f+3
f+3f3f33
D$f3f3
f3+f33
\$+f3\$
\$ff33
L$f3L$
Vf#f#3
D$f#L$
D$#f+f
D$##T$
T$f+D$
|$h3X+
D$f+\$
D$#3\$
D$f+\$
T$f+\$
|$hT$X#ff3
|$h22X
D$f+f#
D$|$hf
D$##f3
|$4=1f
T$f+D$
|$h$f+Xf3
|$h3#X
|$h$hX
{?;)/dg
[ wrD?
D"9;%$#No
vLV<O1I
k T\s3
AXFS"r
Q,;afN'
NJ'185H
K'QW&mR}
!okBiZ:r
+'c0+W}*_h1d[
6eVE<L$
7hP{K>xw7c
2&_M6hcI
KERNEL32.dll
FiSetPriorityClass
DeleteFileA
GetLogicalDriveStringsA
GetThreadPriority
GetSystemInfo
tPMapViewOfFileEx
AGetVersionExW
GetCPInfoExA
lTReadFileScatter
FreeLibraryAndExitThread
tLSetFilePointer
'iR?R'
ki"t,!weI9Ru
IvH$L,_H
]k6_\3
{%7Yoax"S
lWudU<O
XfC\$7GT
3fmo|~78ijM@Q~
.PZr&L
iEFyD5j
K!u/cw+
3w`mt:|N?
ae7xnzP
f,lq'NL|{l&
Tj2\).Wb*~
4k1`XT@
nC2s]iH
/&ji=c
I5rZ[g
I.a[0vIfMw:u8G
]m'qI110
\w~l^}6v@\yb5
/v[zmw
hNI}Q~B:P
+V?EW]O
Y19s1w,
W3941Q)-]*Bm
SC]yHDtbk<
+c{`K_
wK1ue<ln
#e}&#gO-f
gB=`vLQ_
0j9n#2e
P<"DtGoZ
2>d1o1RS8}v+c{Vd
{-l(w5>
&p, MRx5
:$E-U*BV
kC {GlgIc
nZ8;uC
W5t9N}}Y!>tDA
qt8EW(
^iHJ7Yj
s<FqT eo
V\!5XGX!:K?x;lI6
V5j3h>
Bm>MKMk]"
5VL#^}/H zv{=1I
QM`*JWx
sWv[&pGsh
ZcIg7}n
"a9cz]
RWp\ tY.y
H| CBy&
}Ni}eq;
zb(OjYHk
(* `v2*8F-
XP*5n*rO
D7V&`K
*~%_)Eu
-C/8 00
U/o!7Dnl
FNTvsc^
PjP_n
,3.aH!DyR
Z^)-OjA
crZzdK3QI>
AM;cAhRe!
iw7@^4V`_
$p3E6DW;>G
]|{|a6
eo,+WW)0
y2bvd,O
p{Y6qAu 0(
TBgn-}Uo%:Zz'
t6CxjaH-
-;;"\i
qPH>Ug
1q"uBC
(z$T|p
EL%4TFX
.R(::iD
}EyH@@
`Fvu<<<w
kFhKk?Y
P-s6#5-EM
4fyHlg%=
TE/WyQQ(qplt
PD_C O
UWu]0V
rS(&> 9J
gYdgcC:t"
YkW"AH
c'T:aH
7g{m$$2Xn}x
NmLOp'
O`4*:~4W@Pi_(SE
3F]j .
HuJL@Gqw2NPjBPTv z
%#3G&h
8%~ =i6
cQP&)Q
/}d;7SB{Oss5v
6<_vl>([
@Z <KoP
V`GqBFY[0
v36W3|
A{5*m@G%Rj_j
Kzq)G=
^[7Q&x
l%1tp 4
[f/BjZ
2_/ikL
N5"f\ e2Y&Wv3db2 ;G7$T
t{=50U#2.
tT'V*8I
Xy/ye?vX
> T00QaZii]
X 6z'G
6VT]U
R_ c;{r
8jbRku
[vR\bP=A8Id
aE<^ M<>x?l%nrR
fr$@^Ea
W*YRwE
diOyG"*T
d)8f$&
gC$FY^<&`Q
K5fRvr2%
7=mer;
)"^R|i{7}zi
a)-'Xb
%YXKvR
5LLd1R@?G>alD$X6
*w{`&U]f{9',
e^)=PX
E+puVt
gF&6a@
j'd*JJyt
4b+#K'W
)Fu!^d
Bwr'2MM
bK}j+*
!u7azxC
#F"8q}+hH
I.Yog.
0dewvUW2Z+gt
=bh|IQm*6
`|8(oZVA
yp r(bF
pxC{n'0V
@Gd#~@](OI
"r+I|(*S,
6($Wb;zoOhJ
ff3z@K
)-Zpm&a
Hx:M9:
&RDMLp
qE=mi,OY
#l)b%B1>
8qO('/uO?/
_bo%SX__
4_[L0=
?@;a;f*
w3!PGt
:C ~@0Gg
&MD%')#D@
iG%}Dai=f>U
Sr_ }k
/>=^-v!Hvl47
-mE_=(Vd
NU<=87o
[3]="'
uw qG&PR!
BrfUI{)VZ'R<W
vm>^a6kw
O`mLr|JYXCj)3n."e@
W H}Be_x
9F`o`O
md]R(R
+t^I&5x*to5>c~A
$ZT7PKJIz'mm
Pb;#tt
AP<#%e
d(]ZV[z
j$\MB{9}?A
l-tF%$1
%qY'p8mR
7'}@s.DV
ev"pca!
K)b:y$SG
pC-g$(1*>
Na0M-:1J-#boT$
XS2@-:
\qQP) k%N
c5!~s{})l/`
O>B'S|7
c-,9bn
/:!IEn
@z/!5gG
zP$VU`q
r d`w4
quw5I&c9
NYt^.8tc
T#T\S>T=p
0EjZJLh;
?3X{[Ye{b
cK$4FoDR2k^a-
}f}~VIF
8_v>D0
M&(GhGj
biO&a9
3[dD7L
3\?z<]j*
Jkft2
boS/atJw>
%<ho[}
q3aQ||R
$1p9 [
_c}4&"J
|z Yf:e0*
fBAk*UUM`;
9^`EVtZ-
,WbJ~{K
Sj3lWHA tF=_
0]746F
AL,8x/xa
FXr\cDiC5
e7wSfx|
'JUx!D
<XXOQ8Iu
zKGS7%B
DR\fIxv<
r03QeBzR`+!,
D?!<yh:CXMMa
/kq ;i
_'gI["$c
h?8 Zi?-oO !i\,\y`
MkSh}U
x7,G2X
oQ6Q=|QA#B]
*Kq:>#npyatB^
C{r0dYZ
'*a<ld`!X
Jb;MrAEv^h/VWH
`Wge.0mmO
q":9})gD@
A)9ZdZsrB6S|[
ZSq(si
#kzkD.Wdj,,%Fz-u=6
.3U IO{|/RV?
wlm{q4z:|p,teo0F_[(
.-l2#hA6
?E@Wjz'
m2L#vF
v=i@ R1W
5@$(5K}x S^
{]OGk4
ixyuC43+
v}*arNi[mO<QT
WVyj[65|
bktp>&3i>
npof=E6mi
@Yx+KEPb[
-TP(0@aB
4:78Qyz A
DZ6yjp,
:Xjw`NfV
L?"#bxq
&/uJ3;BQ
O@2Ql&F)
{LifK%(
nMKoX{
Q/+p=IA$P(
'@W5 l%_!
<Zl%s4>'F
|qCq4]lX$tkaIxg8w}" N
i("a4w
#YD"rC
}vF(JY
gO~G=3
&M_T" a3<?3{=F)
0IT6mW ;!dkgAn=y
2-Iwf@
%.[h_,P\!
b/rE*g
Jb!U9
JLlyaa
k28oS15H8*
JbXC,~lg
7_pC9m{|G9
dTAN5je
(^sf/pIbjIa;@\{
|'DZMI
}x.,*\)
U.f/ zL!@
</8@{?
\BrK%{/k0G
<!pJ/J[
@=fl'S
D)PK&$f
ltc<r|(4TwESk]
FWoS3Dp
DwTh(R
pgR8%+4R
Q?>rMu!2
A'x'Z)_m
"6'eXH
ZJjo7DOn
1#$*<*j
!Q{>F6MIG
BUv$f d`o
^vN6jv&Y-kS
};O1eGrq>Al
'r3hi9
Nc8oQ&`
t1vWmJ
R#T2%unW|
_WY'M/
itk4Za@
9i*u^KZ
i3$SUaL
I8DuYrI|X3
8Yp(_P#R
fuj_s~{hb
BZwh8m
*:-9qJ2xX+j{
7- 3R><Peo
tXyZ->
[<cbr=@nE
c1 f,<t1
s?z0Jz
yHDaRm
D{$(>H
R(Grk1>m
n1vqrx
y?]yE.|O&
n|giR]1)_8bvU'
,<}}OY
w(NohE~6'3HC
hYRj&
'B;JJ*
%&!<#x
;h2(7jh7
XX((Q"]o-U
_cuWC
\LS2BVhz8@M)a
Eo^K9{"y,
MBo#vKJzk%|z
y=MU+c
^Zxh37#
ZeGb%u
f}T,`p
<-il}~|gB2t(
L+4GKd}
dE4>Ru*,PbxO .<
r)6Adr
p>,S3V41
6%Ohx:O
hjX/"-M
Wxl2x;
#Xf1OX=
5P'/?#p
Mm,.zI=u
zqd;j K3
7iU`}hJ8
&p`iUQ'cV
K#O!00_l j
[}#oG"d]\T
\9f8~;
%kCWB?y,cgL
s.{~ r^j,
L*1]8+
&Cj,&3]n
M@8x8V*
C#7Ir=|>DH
+e>MZN
GcV9x&Hx+$
: jy*"yJA
R)jSHm ke
(MM#NAD
%wzhiQ
(<)c%#
x|V#*VwB
#`]LX@y
s|v>}f3JH`t
2xOu=%)>EBA}
HM2u{0E
!CoFm)q
0%X3^/
{NGF+m,iG}`( V_L
#AY/En>2{hEOI,2@.r
dM22#IBX?
ocn0.?
Yf|*gzIf
j#e<:.TNM
+D"cMV'O{t3
hWs-~ 9X!I
"Px zoO8
9=cc[g$y+v
Jd1$M:hN=9Bb,s`
O- <VjN<l
O@NqMp#;Ma0&I
_R4:xd
FB4:|(
*a0R^g7~.20?!
\1I;ss:8W
,FFc$
aP3a}>ppl
esSSr}
RWsN9S{
',?! *
oyZ] ::
z72#*#^
5E JzV
7,RvRiD"sNDt
c){lz=B
/xhAU9$
X#SlY:
{{|.\9/g9
,g5I|$
%`bY"Qu>
%Y>O}pp
GIY5@8.M][_
h7Z8o2~S
ds<D+ A.e;PJrCHi =<1
2xX&CI
lWjo+L
k+b:{rE'pzJZW
GH@87]
`:$R,$|
Ym;?`bw3^#S
B|{X6W
Ww]6QN5ui
VAYdG6#e
(a'ws%
[DoCk)l+;
uyeX)e4
R*[MQ`
:;x+;&
Wmt!eo<IT
Cz[:"ST(A#6
x[`*QdfFM#[3
)%,aFU6=#iX
mn~ZH8
fv0t4P
T&%g1N)CYAT?o
; 1k<fX
5c&_ Xzu4
sKiBI
'n_?DhKl#
TB:st-
%LsM%?
ys"v-4XtW3~
#fIgl5Z
H.^ozNr,
[lA$Cf&F
HU`H&hFe:s
UswOu?
1iI[f)
8_+Bw?i
g _no3
0h.\$X
9v=P43qk$
/h%9Hx
m3w6KCE(aI
LMVJ 8ra\L2{^J&
7$fFmT{}qW5
~Bt_B28
H*W1/C-
uQR=\w
r(8S4"7t3
p~:kZ{v
x2Z_hafs4
I32v07F
\6#8{k
boyHLe
GEpm&:
@IE>d%-
"/*1%f
\!sJ]L
(Um+npVW/
4sg{PHMw
Z.L9f3Mk
tHBv~g-f9h
cQBsefB
Dk[#lP8 Q1J7
C-u+HS7mR
3oQxba' q
i@2c.J*3s?R
BBoyaGI
wuIX/_v9\h
n;bKG?n
gyw>9.
ayLVhy/(}>H
HUAU*/jl7F
q<~D<r.
x>[f32h:
Gk<e,Gs
)02G48#
s\#g2%
ZxL,d`q8
6j-D7z(Tbs"_$`
'+;d?V
.vzD1O]
Fq !:,@V}S
_8VGKY[`UQ;M
X) GLY2
JL~{An|J
=R&V9\G$mnb
}{I)bh
n1-*`WAa
Giy_,.|@p\
UchT%W
_AaDod
S,PteDC
bS,Zz3
C^mEz-/Lt<
}WiG,49
u=kE$mM}z|U
2~Dk~~?
a`O7d4e}QA
Z`)|QMW!
x}KBuQ)iV
ps_:>#~
4o%`Z}
r<,-+,o|GRg
\8)9y#~c
;yapD2y~a~8$*v
IceVT5e2
R3Q4]5V8
O?(ru>qkVFNg
,?avQh
B3@&LL,E
fP[8*%%
~J[mfKR|bV-+|9p
C)C-S3Us`X
#Vkn-@8\
;Evl:#
uM?:MmV!`
(G3xkO&
:01QUnF
E[_lhfc<3(]DK
{GCc&XV+Kf
t|H<hrj >
CnXch_
|AJw04
9w|-7ou3
yO!i1(f%+H_
b\|Yr9U$
eu"QMDnOpWVh
8TtB"-8
G%x<I*}Y5
VOF IW57z
U,Phqc
3^7?msk
WpXg:o1tai%>(
VI.#/Eof
{F[Gk?&+`6
i8)K_-
J8N,1O?}
PtFBT6q
+z]|\Ho{q8
7KS$T]
5Uv_A&n'9P
PkXq/EAR=`g
&({@xt
K-7Vr0
dgi3:xXs])
1L(ETBf02G 5K
8P`Fi^\
m-{{*knf
]&l+bRE
atyOP'800Z7M[dh]IP
~a~P,yzw~T
^!.5I,
qXmt'UQ
ik8GLUs
Z^.dHk
)K9QO+;
>6*u3\w4
PgIjlP KW
`+;6HX
v';q@XZ
nQZ&P^$Dtke[5-'m
+%EY07
kyHk:}H:H=ZM7T
EQPe4EA
[/R~+oMTs-
^Wn]ahwe
n1}ZDu~
F__7 kQ~<K_
[dB1Na;Ed)0dAw
T ]LwH
XIyW{..T
SO?uH<
O>q}t~p
<`<CNE\
g[le#B
dX<qc[$1mho;,W76H
o8Gtw8|s9)$("6Y
*WG$`
/|p~|&
i=1Uy/<KJ*tLVm&S9E-ZEJ>$
X-}f(> L|
Yuq|jdi
1'g,XsJWOL
Zw)7sqf
*sGYoLC
7^(]:@
}rBtI4Y/
O}}5 +AM(!IEp
$)^%qb.
VEI+O3il
Pd,kQr
RqQj;7
.@onMc8?d4l1:
fq ~JnKbH
F |r?*4eF#m
d^qc5/V
:1]x".
>z"sNE<Sz#
fCQzJ(qMMiMHKt
tdBnf?Lq:
!"+c&3,Zw
,,zPOG
,XyP-MsH
I2UWG[406
@o"UnkO*s
l7`gQX
=s{e(\
s=y.fw
Ir:lAu
~<yP(Td
~ -.aFvkT
]Gm[\ ~IeiCNd8ikd|{
K+{S7w
&B488l7
uT#3b+j
DAB; [ZgA!K5{ 5-
_Sy6`#\>~F
sh|P$u`B6-j,
LW(4m<
&=R}D{
LS5xAW
L5qjMj
.%:_DGL1.
Aj`VS
YcL|/~v5]aH
$%/|{+,
K&/ `L
mMiQ?8-+
zceP/g}1u@u+
g0bEBLs7,
D("r3;`
_|nw-|A
k%h06\x
nA8@t_OZZ
(F'2^^(b
LsT1LWe9gK
3.OER1v
MDlP>}j,4JYO/
m^@WGiq~t/
IFv7s:XpHO8KN3R_C M,ln}[
r,i64=^IWS
xEuz6?D[&j|CDZ
k|j`mt
&L"-Fj
[P&h*a|
\'7 Ecd_ZC
7oSsnG
7S qD'&f}<
x=z9/LFq
5'eJ?*GN}_6j:a:o`<?V
)sjMFb
Q].>Ulj
G")0rl>^b
3w#g0k
"Elk||
\UR}-i
|R x9od
3*[`@,q?
bJNue(Cv
D7/H}!I
Yf8J1q
yQpgnG{a
B,8>UE
([20K>
k|eZSAM~l/FKE
Lf5C%-
,l4WBt
,MW@jFlM
=F6W32y8
y~<Hs$%^aNY
N86\|X>5
3"u({[1v
aB4[6m
Z@#ar|Et,UUJjq9!6E
jmN'N?
D"sM.w
_@793ut.j
cbUyT--
2ptcg6g+
FG.=|n^$B
jo%`%x
beb\k1
SDw!qu
.byT{{
V'#/(|
Hk.tD#n
uh` 7-b[
6j/]@QW"
W]Ba/[$A5y
o(b~bV!qAdw
03DK#Y
X)k=1gpzF
.D! S*
)CsZ>h
@N~D44&K~b4sWQ
#9n;rI M(X(ed
Utp$<Rd>hb@@
$XlEO-f
*)|-SN
T+m-I0'=E
w2`w=kAF
.+->ls
r^0GL]Mzd
<5UsYy
8svQ^]0_`
dVa(M ^
~C*{c$u
N2p#Yn>
C}vi,]
m|M2hG6[vm
iq8Z-T9jlsV7lR
PkmqGn
W~\85\F~,
qA=]C"
e;pVT5Z
gQJjY=fA
xV0Fqh
8~tvZBkLX*
#eLRwJ
.oEF.V2&z
8T(2]hx$Mw
Mj:u>}
{.k %),)~
!%@;4S
tj&|}!;)
HPBvl`=dy[
@{aui(T'
b>'!Y*`
lw0*[B
jHG)L0
8-8jOfs9
~f8]CA:
_/x${3(m[u6d
?Ym1x
%5H!ksTzl
e8Gd[o+M
\XrYq]d
tYM*W>GbH5
voz{zM
90jH;F
V/xet0_
|@>Tj5
7;a10 4aOK^
,_')L5
H{_>x8
Q9t3p'X
.YKpcG'
uQW]!q
c\\J`b3}1
!X fK'6
|@?. ?xv3
6=O}9{
j7Q$/18
:|8KGg!S,1
3+mU2r
PV7LKe
S#[o4?f8c"I
`T9P-/iP.#jkm
jV+ jd$
~O 'E"9S
r5XfB4z1
q]_vnx^*f*
9:Tc ^qT
\9ce"{
k4%Rac)C
0,+r)nT|mT
.MMMQ}%J0=D
+Q?W6u
k&cX<E>
e,H$ 1
fe*-?G
%{d7zX
Fbt)oC
GQ ur)
&6+8}Tw h
Z%yvjERyL;^
&6+8}Tw h
zT+-%+
b2.0tHi^rsAJe8WI
hyY~M{+D{
OwM+:|d:
V80V"Yp]F6
MIKA8w$O
F*,dw[
Z$|N[5<\|]i&B}=
\W"$;/hg
fjZmL%<9J
2y<vwj
646!N2A5qW
mZV-w.zs
6jC=xK'p\Ym
r^~$p$&
G9Ps+"
XeQJ>*
ugzYgSK@,=
}~iUpB.b
(%rWm@
')'L9@hR
=T2epW
JfU8swH
S,U YOC?i
]C_5k0
%3R9q,Q[N,y0s|
F|,<Xtr%
SIl82oU
B87vdW
2YFF28
yo[kH4]!
Js<`L.9%
}ouabNS;'E
xdPx=)j
@2zf$S?
Eh;{.?f
jv~Vv>+>u_
rdq]VJ6H#
s-!;m%l[
q(oGb)
LR[Q"A{rd_
Q<C{xuu1k#4H*
:L~wx@%`>?j-w
!cpXgm\Y=
W5"r/?V
eO,Y$J
DUKq-)Czj8
zQhd x
j>A04S0E&
0HQdAvJ{
<]%7{2::X}
b2 ?Cjum C:
VGGh:ZW "+va] X
.>Wro.Ok|
@4.\:O&kt
^P$>6(
|*<(i]c,u
,FI!MZPo
X/,DR%
,qdN!i4
Cg(E/iT
X@W])|}u
nM"yzIoJv
GQ-nh0(O
BU!n[19e
BRuVO'Jk7
2HbBp'
4<Hf J<(
"yP8%>
Qy<B$]
Cr]y@cENZ
>o?WsC
M:akn~'k
&_!LO}y'
C2=TA& a
a2l)kMK*o&"5hL PrLm!
_d,&HB
tIC<S&o]
2Ra^f?ee
vA"uur
z4tq%V,
y\s*Da
3Ni;W_
Sxm|pMz|E
j=hB}A&|
?VxFR?i
Dp @S;*PuY
~J/U ~F!
DP>B;"KKAu3
<p{iV{]Q(/
Mn0~/]
N;QkwV4[!Y
m7kCAP&]
.P&qLX6
_AYcgH,ml
+z#paQ
4hm[C-
OU"JY5]H
=}+i*s=
+'ra#g
gzg]jg
58"3yZ>#f
BHH#St
%F:m;K]%t
'}t_YcvF7@J
tnffMh"_Dvw>3
Ch^)NRc
s0<t'c
(;(vU`
BcD. 8
`nX<**O,dV
TVaAQp[
8;BZ~=NV
K&dh*oUX<O^pI
20W?}CQ
Z4bLdx.Z
^dw:L1of4#fBS
g#7HCri
j.FF#p4x
4/lGH>
1F%DYX
<2T(PDD
F8AH}U!
j;RRUW,4M:
#dDiA_F
/l1>LF
w}@cm@<sOo1w9}C~ft
6;(JB\
Na|5]u
;bZ7Y=
q$YADVE7
:0%e0J+-yQ
~gS$5D=knY
vzL1hfC
@I"aRo
M2P7"xA
9Uf$9Oza&]2j
~]x: 9=,
A:4C_+v
GXoj HbZto7
}cVD6@
[yy!.C8
IM64T\~
jx6O!_,k"
m?159V>j'z:dN
7@2V08Ov
"e|j:<
Oxrbfo>
()U[hZVuAh3(F5
D>a!JLYan$
OKo[O9
'w}M49
]& MNhH=u=<2~n
6H:?NE\
V<7p M:
&d_>[li
P#B*}6H:b=)H:
0-}j.c
hY8@ex&
N'M+#[
O]mhjAU4xgbF
3jh7_VA
I1/y~D
#aAu G.tG U
/6z bs
X]A6TUUN
k MtUY
8%S]D(U1
\%AlBS:
<>@;iG
<<g}HYgrl
HaWV]@
zxI}dYz
zmyh_C|,w
_3S:l\
I).Pm%C6
A>\WRj
;@59_I-(*wD:t
;`]zghFUI~$i^5hBf0
DoAdT(F6
VV}F}YU
6^^HZqo\D
L2uO)_q
/DohEg
] J:MKnM$` j
lN:trCR
6n5lr/hyiPj
p@ML>vY
6t:e}/6
R>~qVL
{)0Q(I2
JBw6Fa
'%YeS5.2 i'
V"<R3s
qUuc+Z_>+n
`~#RZ[i+dc!l
J,[G"&UdVhSeVVK5
yf:(G+am
X(1^bmM8s Z
>K>d-fo
uZUgD'
XB+B<#(4
MV(Jdb&
,pl\N]a'7
~>k4}X_
E(_v Cu7q:!ly
v~KGeB J{{
9jQqG0/AE|d2T]
(9Tf*BC3n#up
q-7F`+DX
QC,D9K
orM'aic)!
S+)>IOC
E8B@0$
GGH;LE
/WxvI]K
NcAY#K|
Kj|;id
}z~V04/aw
VWB6:@n&x=,7BF-
[2tfaX,
_biHrM\
*9*!S%]
E?R+Fu
~y1=>ZFN2Ns*ba|
O'7Sm~'`
atDRF/C
;/kY(y%]#\
:lJY/]{}j
W2JM][_
$w)p||fgSh%!
J(OPIB
BzS_GX
tZg*^=p.
COD@:B
t^?m?yv-0
Nj;lmuI
=H B/Gt:9,
e<U=E+
,4]C,n
<64QrU^k
vZOcE8
#gP(`J
w!MRph><kt
FLu`)F5#gQ3/
7ctb y%l`d
B&Z5,rMn
5m.swRTU
D@ig_5
jffv49smq
GpWIS%J
XF{(x^ZVmN,}\L
3dRSpDxB)1
|szQ'| ]HMMOr
xJSk4l^)8lhEC62N"w+`-m&5
^]()|nc3Vpi!T;e
;Rq~p0
a.F>FbJ
Adbj)EJpw
SLchGwZ
$!;6v2`
9UH/|V
OjYak]
-,"R$o|r
U` :J@R
PbT\I^Z.
nU.}=6@::fveO
<E ;LNI|H
A%4@I+
WBU:)s
+!EKf]-s
gq=rH9=G9
PFs=6)MWRClJ2
x&4MLS
iuKrx$S
#>] OPS`
TflJY1mpO
mJ {gFky
rsl5ZNv^
&]0rSI
GSlTxyY
//7)aBXxwn4gRu
]Q\)ci,b
7F 3GS1`B
T><jEC
0]0 3dss7
a$K=IR/v
rcMA%tG
40 ``BJ~
[dBw7$r
YPX$!92aK6LGh
>OxYDWS{
"<fF3X8;
x`[IU]`YA.
_z`zBS;t
(:5<^*<X[eq]
4% X7q
/9;X@?%"
'RD"4K
3PWAKk);,
M2B*2V
`F"8?,#F>8mM$
iZI{}O
%r9@l~6<#
}s_oL8a%
Nw@dP2=)$
syefRW?+I
D6~j(WC
wi[lMYE?2
nr[Gd4 V
Cs_5L8'%
vhuaZN:L'
UG9y+fR
zl^{PhTBA-4
}ujVgC/Y
Fn8[G*4
ykp]]IO6"A
s_Kt8$f
<.ua N:
SwcEP<7)
xyejR>\+
I};jV-C/
`lXRE1D
nZwG3i
?1p#]I
VrH_K:8$,
{tmaM_:&Q
>ye0R>"+
qc{gUT@G-
jzVBl/
KnZ=G3/
~pp\bI5T"
At3aM%:&
tfvXcOJ<(<
y}eQo>*a
N}i@VB2/
keXDW1
D6p\(I5
wi[r^MK7?$
t`rM9d&
QxCeQ5>*'
vzhgSZ@,L
zl^mPZFB3 4
ou\Hg5!Y
K=/!r^
Ft`8M9*&
ykvb]O;O(
<z.gS @,
}oa|SiUEB.7
~xkWjD0\
Io;\H-5!
|nq`^JR7#D
t`Lw9%i
?1vb#O;
VxdHQ=:*
{zfmS?_,
L~>kW0D0"
qcmYUF2G
\zH4l!
B4q&^J
ugYsK`L=9%/
~upbNb;'T
Azf3S?%,
tf|hXUAJ.
k}WCo0
SE7)mY
No[@H42!
sq]eJ6W#
Du6bN(;'
wiw[dPM=)?
zfRr?+d
VH:,|h
Q~jCWC50
vlhYEZ2
G9q]+J6
zl^s_PL8B%
uauN:g'
K=/w!dP
TyFfR8?+*
y{khT]A-O
<l.YE 2
}oanS[GE4 7
px]Ij6"\
N@2$s_
Iua;N:-'
|nwc`P<R)
?{1hT#A-
rd}VjVHC/:
{lXmE1_
Lp>]I06""
qrc_KU8$G
B4wc&P<
ugYyeKR>=+
~{gpT@b-
AlX3E1%
tfnZXG3J
]}I5o"
aSE7r)_K
xj\tNaM@:&2
vscOe<(W
D{g6T@(-
wi}i[VBM/
VH:,nZ
Qp\CI55"
vr^hK7Z$
Gv9cO+<(
zlx^eQP>*B
{gSu@,g
=/}i!VB
kFXD81
ymkZF]3 O
<r^.K7 $
}oat`SM9E&
vbxO;j(
N@2x$eQ
WzIgS;@,-
||niU`B.R
?m1ZF#3
rdoV\HH5!:
r{^Jm7#_
Lvb>O;0(
qxdcQ=U*
B|4iU&B.
ug~YkWKD0=
~mYpF2b
OqA^J37#%
tsf`LX9%J
E7xd)Q=
xj\zfNS?@,
|hsUAe.
I;-~ kW
DmY6F2(
wio[[H4M!
dVH:s,`L
{m_uQbNC;'5
wvdPh=)Z
G|h9UA+.
zl~j^WCP0
=/o[!H4
Tq]FJ68#
ys_kL8]%
Jw<dP.=)
}oyafRS?+E
|hTxA-j
@2~j$WC
WlIYE;2
|nn[G`4 R
?s_1L8#%
rduaVN:H'
d{P<m)
QC5y'fR
vhZ{LhT>A-0
}qjVcC/U
Bn4[G&4
ugpY]IK6"=
s~_Kp8$b
wh~^M4
;}~8^^=a
bu:-zb
(jGzx)jZ
13w6M^
<CM:-zb
(jGzx)jZ
JyS+"^M4=
;:M Wj
ptk(jGzx)jZ
6]n7O4
U$T3"D
U4U#3"D
u443"D
FG&W70
74g&VU7G&p
6V6V7F
6VWV7WFTW
FW&WDvWD6V7FVE7F
WE&VFUD@
%?]]_hV_ZP
lBp<hx<pX
^x<pNC=
S5`Ee%fF
:H>>oo
5%o?0H0<%
P.=5%h 7H<`
ET_3<`C<?
P4n8p?%5
A(oo8<0DnO>
:E-'PXda-,3<
N`<nd^$ (>%LQh
Ug 4 R;
_s$!QBH
/E$<AP
`<7a~g=
>%{a.j%h8VU`/
Qdbz0F8
>M>pS`pU-
Vj1>D*
Di'4%VDOa&'h-4$x
?@hhv_@>
@Y;P`_L
px}AF?$0
C<)N&*<
hTZDp)P8
}BKG7EE #r@h
[hF-84lCC
T])\6]'^
& tNd5R
4_*aq qo\
(h\5O0
s~W,SD
~g,|90
}i<T]S
b8%V!7
|gdwekFZSU
Q$P$4(C
Dbk^e)K
{>`d@+2
;uykBY
R=\c/|W@
"BPLG^x
wl7j9B%>q
6>q|{[v8
`^xb>-;l0uc
m&TS] N:9+
BB2(\NXGj
u?"_swBhB
}R9v\{"
O<~zti
LYR>@-SXj8
T%X"MoY0^
'k&QF=
MO-qS>
Nnom|^P""
/?n|B3Mtjy7
,}AmjzT)
jr8GcFDfb\Mzg=V
\'#B|2(t4
7RR<#)<<c
l4FT04[G
Pg}?xn|jeK<
P;EG@8q$
-a= LJ~F
5d bbBY5!
e}6.vFsso
>(r)] 1}b7T{.#B
UC8m`!
xp^=88_
fQ]{F$H|[
7BcO2uT
iSi;f;
TWn/i~P
0j;J9xP%5gO
1M^cO%
oWkF*o
!sY8.2!
'33t&Np
'}v i6,/B
%2O^;LUH
3T!8-Mg
$ruNP1
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.