SmartHawk

5.2

中危

2 个模型检测该样本为恶意！

重新分析

下载样本

038b0bca18f24782d959ab0bd02b1a6d4dd2c59ace237e356bacb3b353cc0c2a

df1e086ce0812331da6b8ccbee30cb4d.exe

分析耗时

87s

最近分析

文件大小

278.1KB

静态报毒动态报毒 AIDETECTVM BCBJ MALWARE2

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀时间	查杀版本
McAfee	20200324	6.0.6.653
Alibaba	20190527	0.3.0.5
Baidu	20190318	1.0.0.2
Avast	20200324	18.4.3895.0
Tencent	20200324	1.0.0.1
Kingsoft	20200324	2013.8.14.323
CrowdStrike	20190702	1.0

Checks if process is being debugged by a debugger (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620992333.704249 IsDebuggerPresent		failed	0	0

This executable is signed

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620992333.673249 GlobalMemoryStatusEx		success	1	0

Performs some HTTP requests (4 个事件)

request	GET http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D
request	GET http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQQX6Z6gAidtSefNc6DC0OInqPHDQQUD4BhHIIxYdUvKOeNRji0LOHG2eICEAgIbaejoEQqkc%2F0cnXxXa0%3D
request	GET https://download.mozilla.org/?os=win64&lang=en-US&product=firefox-nightly-latest
request	GET https://download-installer.cdn.mozilla.net/pub/firefox/nightly/latest-mozilla-central-l10n/firefox-90.0a1.en-US.win64.installer.exe

Allocates read-write-execute memory (usually to unpack itself) (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620992339.579126 NtProtectVirtualMemory	process_identifier: 2404 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10004000	success	0	0

Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1620992340.329126 GetDiskFreeSpaceExW	root_path: C:\Program Files\ free_bytes_available: 19612889088 total_number_of_free_bytes: 19612889088 total_number_of_bytes: 34252779520	success	1	0
1620992340.407126 GetDiskFreeSpaceExW	root_path: C:\Program Files\ free_bytes_available: 19612889088 total_number_of_free_bytes: 19612889088 total_number_of_bytes: 34252779520	success	1	0

Creates executable files on the filesystem (7 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7zS8D1BDA26\setup-stub.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsq71FF.tmp\nsDialogs.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsq71FF.tmp\download.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsq71FF.tmp\UAC.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsq71FF.tmp\System.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsq71FF.tmp\InetBgDL.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsq71FF.tmp\UserInfo.dll

Drops an executable to the user AppData folder (7 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsq71FF.tmp\InetBgDL.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsq71FF.tmp\System.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsq71FF.tmp\download.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsq71FF.tmp\nsDialogs.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7zS8D1BDA26\setup-stub.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsq71FF.tmp\UserInfo.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsq71FF.tmp\UAC.dll

File has been identified by 2 AntiVirus engines on VirusTotal as malicious (2 个事件)

Bkav	W32.AIDetectVM.malware2
Jiangmin	Trojan.Inject.bcbj

Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620992345.704126 GetAdaptersAddresses	flags: 0 family: 0	failed	111	0

An executable file was downloaded by the process setup-stub.exe (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620992369.594126 InternetReadFile	buffer: MZÿÿ¸@ðº´ Í!¸LÍ!This program cannot be run in DOS mode. $ù Î`YÎ`YÎ`YMnYÉ`Y&dYÌ`Y ?YÏ`Y =YÍ`YÎaYb`Y&jYÔ`Y&kY`YvfYÏ`YRichÎ`YPEL9m[à@ OP`@`\|´aL[´`Lû FaÐ&0ñUPX0@àUPX1P@à.rsrc`ü@À3.95UPX! ïUåh£+<(ÿð& ]ÿÿÿÿD$ÿt$@jPÿQÂVñ&Nè÷þû 1#FPf\Æ^ÂÿnÙþH3ÀF@DHÃÁ3ÉeëÚHYeY (,0}ûe48<Ã¸@¡AI<Qÿöÿ¿RuW~ÇW}ðÿÀFNºöÛÛeü V;Nu;P¬«SýÿÖ¬RQPÿSÀ[uN+snës7ÂUÜwwï-RÿuÚuPÞMN%»¹ÖSW2Q]éÚåß2MÉtÙïþöMôÚ_^d ÉÂÿ1÷ ·½¢ì¸E,S]ÿ¿mwÉ CÏMìþK0ÁçöoÃÿÈM´EÔ; ÇÕE´P./ü·ÝË52/4}¸ ¶ EÌvÚßþ ¾@éZ<ÿpïÞl \|ÆEü,º<þíÞPJs-VøÀj·Û¶íS4,`()`2í·íkÐþÐt.ò`¿ýÛR;Ðrwñv¾}Û·Û? u u;ëe6us¿Ùÿì>tFPydn .,üaìp\v\t ¸Q0vsjLhîÚvg"'#YßµtïÄÈCëLkìP»ÝÌATÎã¢JHTû»îÁ"É{rRNXÿ+\|;Át«9M¸rènmÛÜj=´R¦4Ñ-l;§E ~_fw·Ñ4vô6aÆï´·ÝBûvgþu9(4®ëlw·" ÕÄ9u¨%»Ù~íîÚUR{PO öØÙ®HÅ[ÿEè)Îçþíèæ;E¸t¯¸Ù>T.ø\|DÝëþmÆ#ÕPC,Û¶Ý½Ù MÑËÐ½älÛÞnÚQÁà¬°à`wnc¬×äãuÜ.üô4ùux²}ca3ÜÆ 0¶Fxnã·mðÇ®ðQhHÍÀWµ£5l G>ð®K¶µÓm)cØ:Axï,øð²tÑ2ÈeE °m²<8H# d(h§Kï¿Vúÿ)9±0ð¤Ö_hîþW%°Évö[BÜ^»±°b87nf}ù!×k_ïø3ÒE¿ÂRW"øR=sÞ$OWXÚ'eèrlØ¸FÃÒÁ;ðwÞÆPÞYë^úeà5 &#³LrÈ?àÜÞhÏÝ½àm7uÔëV(ìÆU¼þûXûnãíÂø;uÐAÀ;Ý[nwrì)ëx@°ðë Jq%gD«µdiá&üJY?u×jüÉMü±ë¸hwÉÿ`\|2n¸îzLÊWMÜðm/¶">lCÈv ÄöK¦¿ÅÐ9t@»ÈrðÈ4û~·ÒÅìLÆJTÆ+ÆÒßZCòW88:¶ÝÜÒÜ7ðÇÐ8Ö±é8íþ@EV7·ûä;`¡tx °ÁdØXh®9>Iübn«TôÏmÛÛèêEä[°7?Ý>}¬YY[¸üÔ3Û,lnú9] tE8]tí7PÅ]jÝÂº0H¾ÃhüzÍÃ:6ÆÏm VÌrÀ°@b7Ø`?gs<ë[²kO¬QMÅiÇhÁY@c.Y´?´E(ñ3ÿ;ûÇ24îÖ=RÈ¨]K[iávI´0ßÁÞ`ãQCUáS±V2½ÿ:@Á»ïe÷\3SH[îR"dIYåñ´þÛ7_bû½+ñ?]xu&7}mnû7SLVMdð9ZÂÇ¶Í3ÁÛOëKj äm»Á-uYt`Z`^îv¡õÇÐÁ9öë°e/Û:ÚSk0 ìÝ ÖpXj(JÛÆF\Y.tXàXÝÀd¶JÀ´ÎöV¶c·E!`A>IKÛ` ×GíOÛv+OÅf ~FB^Ø´BMß^;ÃL¦I¶E0fÚV07Ñýþ`Ë±ÞÞÄØTt¹ÁvÁ¢å¶$Yûí lCÚvrje[\úA;Ë9UúIÜöU0$zkôvXÿq`@XÊ1uYjØöxt7Å$Ïû Ýë-§ÁÂu`ÜÓ\·3¯°8PJ SvÐ^.ÇE$ã´Ô\,ëçVu±åõØ3_V¼=Yeµ0afËãB ì#ÃëOKäè,PÆK25mI[J8Gµ(4Ì¼¬P+öFwYl¸(f JQõA1°iOTQ'maêÃÙ4v;d°(6¦6jÄ^.å\|ùÅÆÞñWÆG{eÌnKµ$ºFG(uj¶mh445¶]fF~ÌÏÆFÐTx«aµ,Ûhlpt%;ÝñÇìÿÇà=½<XkHLVeÙ^SLPTX¬¶j_`N\5AU¡Y·q8N&¼´H©f`4Yjm»öhpÎ.%&BB÷ûæju õÿ@h-p3\|ë¸Ð4¥!XÛAh¹h [Zës/7At´ Ò$ìêCsW°,¸g¼å¸-¹¯mð®xÇ8¤¶'rlÍ!±_b{,d ÷ÙÉ#m.¨Ý^ÞPÎÀ`A`DrÿÉÈ¶Z ~¥¸ÌBC<½E7ÁK\Np26 ,d©@.äH cÇ§UìS~}-TaÛþýgD_FËôÚöcE®È¢DC¹Ûv~v&vÿ·öâÊÂÿñëyIõ;>rÚ^ww;ÐSXH_ O@Ûn7´O!_D9Çv)¡LÂV»Ñ7HX,bklÿW@ÊMDj]+ÐÙ(LFZìVDCÇS®U¿9¡W9FvsCÜôö÷@{rïá]Âë¶µrÅDAUAÜZk·VïðnóèsX Á%W;øÅ¡À` ¤ÒvÏQB3Û8+ù;¬Øj[àÛÁcUrêq4SMÃ/Év1oØn/ãU)Çzã];u ÞÃ;um>ËDOÛmurÞ D;9#³íí[æP@+Ñm uB\ 2¶å±Y×9r9}å[æØr1lßD+À<öìw\|>uB£;Ñrñ°ì2Y3ÆXEõ@ÆKsõñûMºRt2! C_]ÂË¬¹À:2ÖÔ]7w226oV;¤WHÒlAiF/eF>2ÖÉLÃ¼Àæ²w/Ùô¶MÿZXa»À\|v°¥ÁFÁB{^µO/bj"5Ãä\/,½Ý(;ÞuÆëI¦{î~vZÌ $;íõÎkVÒ%Þ³·F_tÿ320÷Û¥Nñê[º]@¡©Û¸£hÙV¶·ÉBÐs#jNa+GÂ°Yáko.W!uß_Sd'i8^5[¸UÝ®´ùwUCÃ²mgUÛªËAgìSPä[ÿ7_ request_handle: 0x00cc000c	success	1	0

The binary likely contains encrypted or compressed data indicative of a packer (3 个事件)

entropy

7.896992627555109

section

{'size_of_data': '0x0000f600', 'virtual_address': '0x00025000', 'entropy': 7.896992627555109, 'name': 'UPX1', 'virtual_size': '0x00010000'}

description

A section with a high entropy has been found

entropy

7.397427641487308

section

{'size_of_data': '0x0000f200', 'virtual_address': '0x00035000', 'entropy': 7.397427641487308, 'name': '.rsrc', 'virtual_size': '0x00010000'}

description

A section with a high entropy has been found

entropy

1.0

description

Overall entropy of this PE file is high

The executable is compressed using UPX (2 个事件)

section	UPX0				description	Section name indicates UPX
section	UPX1				description	Section name indicates UPX

Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)

Time & API	Arguments	Status
1620992348.423126 RegSetValueExA	key_handle: 0x00000470 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason	success
1620992348.423126 RegSetValueExA	key_handle: 0x00000470 value: À^Ù×H× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime	success
1620992348.423126 RegSetValueExA	key_handle: 0x00000470 value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision	success
1620992348.423126 RegSetValueExW	key_handle: 0x00000470 value: 网络 2 regkey_r: WpadNetworkName reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName	success
1620992348.438126 RegSetValueExA	key_handle: 0x0000048c value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason	success
1620992348.438126 RegSetValueExA	key_handle: 0x0000048c value: À^Ù×H× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime	success
1620992348.438126 RegSetValueExA	key_handle: 0x0000048c value: 3 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision	success
1620992348.579126 RegSetValueExW	key_handle: 0x0000046c value: {40112ABE-63B3-43C3-BE93-1440EE3AF106} regkey_r: WpadLastNetwork reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork	success
1620992368.907126 RegSetValueExA	key_handle: 0x00000244 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason	success
1620992368.907126 RegSetValueExA	key_handle: 0x00000244 value: ±DäH× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime	success
1620992368.907126 RegSetValueExA	key_handle: 0x00000244 value: 0 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision	success
1620992368.907126 RegSetValueExW	key_handle: 0x00000244 value: 网络 2 regkey_r: WpadNetworkName reg_type: 1 (REG_SZ) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName	success
1620992368.907126 RegSetValueExA	key_handle: 0x00000240 value: 1 regkey_r: WpadDecisionReason reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason	success
1620992368.923126 RegSetValueExA	key_handle: 0x00000240 value: ±DäH× regkey_r: WpadDecisionTime reg_type: 3 (REG_BINARY) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime	success
1620992368.923126 RegSetValueExA	key_handle: 0x00000240 value: 0 regkey_r: WpadDecision reg_type: 4 (REG_DWORD) regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision	success

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2018-08-31 06:18:33

Imports

Library KERNEL32.DLL:

• 0x444068 LoadLibraryA

• 0x44406c ExitProcess

• 0x444070 GetProcAddress

• 0x444074 VirtualProtect

Library MSVCRT.dll:

• 0x44407c free

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
clients2.google.com	A 172.217.24.14 CNAME clients.l.google.com	172.217.24.14
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
download-installer.cdn.mozilla.net	CNAME dn6m9t4qll5h.cloudfront.net A 54.192.117.89	13.224.253.56
ocsp.digicert.com	CNAME cs9.wac.phicdn.net A 117.18.237.29	117.18.237.29
download.mozilla.org	A 44.236.127.103 A 52.43.82.148 CNAME bouncer-bouncer-elb.prod.mozaws.net A 44.224.229.39	44.224.229.39
teredo.ipv6.microsoft.com

TCP

Source	Source Port	Destination	Destination Port
192.168.56.101	49189	117.18.237.29 ocsp.digicert.com	80
192.168.56.101	49181	52.43.82.148 download.mozilla.org	443
192.168.56.101	49195	54.192.117.89 download-installer.cdn.mozilla.net	443

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	53210	114.114.114.114	53
192.168.56.101	53657	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	61680	114.114.114.114	53
192.168.56.101	62318	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	49713	224.0.0.252	5355
192.168.56.101	50568	224.0.0.252	5355
192.168.56.101	51808	224.0.0.252	5355
192.168.56.101	53380	224.0.0.252	5355
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57756	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355

HTTP & HTTPS Requests

URI	Data
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D	GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.digicert.com
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQQX6Z6gAidtSefNc6DC0OInqPHDQQUD4BhHIIxYdUvKOeNRji0LOHG2eICEAgIbaejoEQqkc%2F0cnXxXa0%3D	GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQQX6Z6gAidtSefNc6DC0OInqPHDQQUD4BhHIIxYdUvKOeNRji0LOHG2eICEAgIbaejoEQqkc%2F0cnXxXa0%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.digicert.com

URI

Data

http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com

http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQQX6Z6gAidtSefNc6DC0OInqPHDQQUD4BhHIIxYdUvKOeNRji0LOHG2eICEAgIbaejoEQqkc%2F0cnXxXa0%3D

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQQX6Z6gAidtSefNc6DC0OInqPHDQQUD4BhHIIxYdUvKOeNRji0LOHG2eICEAgIbaejoEQqkc%2F0cnXxXa0%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.