8.6
极危
64 个模型检测该样本为恶意!
重新分析
更多

0e5c9ddbb8ec46a3af32d51332606dca4ad9a7608f931738035ab8e6190692f4

ff3857c1fded34594a715f7704a1a2e4.exe

分析耗时

93s

最近分析

文件大小

311.0KB
静态报毒 动态报毒 100% A + MAL AI SCORE=83 AIDETECTVM BSCOPE CHAPAK CNAR COINS CONFIDENCE CVE-2020-1672 CVE20167255 ELDORADO FDOUER FILECODER GANDCRAB GANDCRYPT GDE@7OO149 GENASA GENCIRC GENERICRXFR GENETIC GENKRYPTIK HIGH CONFIDENCE MALICIOUS PE MALWARE1 MALWAREX QVM10 RANSOMEWARE SCORE SI75QE8PLBY SMJS2 STATIC AI TSGENERIC TYX@AWFSOBI UNSAFE XEJY87AREAP ZEXAF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee GenericRXFR-KG!FF3857C1FDED 20201211 6.0.6.653
Alibaba Ransom:Win32/GandCrab.72a52730 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:MalwareX-gen [Trj] 20201210 21.1.5827.0
Tencent Malware.Win32.Gencirc.10b9d113 20201211 1.0.0.1
Kingsoft 20201211 2017.9.26.565
静态指标
Queries for the computername (2 个事件)
Time & API Arguments Status Return Repeated
1620817620.334001
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620817624.380001
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Checks if process is being debugged by a debugger (1 个事件)
Time & API Arguments Status Return Repeated
1620817620.240001
IsDebuggerPresent
failed 0 0
Uses Windows APIs to generate a cryptographic key (3 个事件)
Time & API Arguments Status Return Repeated
1620817624.349001
CryptGenKey
crypto_handle: 0x015817f0
algorithm_identifier: 0x0000a400 (CALG_RSA_KEYX)
provider_handle: 0x0156c288
flags: 134217729
key:
success 1 0
1620817624.349001
CryptExportKey
crypto_handle: 0x015817f0
crypto_export_handle: 0x00000000
buffer: ¤RSA1}˜"ï¹bWXöó3¯Ù³cÔ4Z`€7°ïFƒ4# ©3'·ŒºÚ¼“ÝTu0'7¤ÇDôK".@Bº¡k§ÓðۈÐX, YZD4Py=ïL6Ü.wçwO¦)»Ì‡DÀU3*»ÐV£Ý1h~ß°ºÖ¥¶~ïrU‡떟!î o#Œ›h*Eé-ØGÓk).>=†<‰ln$Võþ2õ)Hh1Ë´E“ü*߁iõ/ÎúƊ.Þ÷ËAéq'$ê’ýJ*tš¡/º:(Ê%+XhÞ;ŸÍöS5¢øò2B‡A‘ø žøš~·©=Ќä‘Núš– iŒ
blob_type: 6
flags: 0
success 1 0
1620817624.349001
CryptExportKey
crypto_handle: 0x015817f0
crypto_export_handle: 0x00000000
buffer: ¤RSA2}˜"ï¹bWXöó3¯Ù³cÔ4Z`€7°ïFƒ4# ©3'·ŒºÚ¼“ÝTu0'7¤ÇDôK".@Bº¡k§ÓðۈÐX, YZD4Py=ïL6Ü.wçwO¦)»Ì‡DÀU3*»ÐV£Ý1h~ß°ºÖ¥¶~ïrU‡떟!î o#Œ›h*Eé-ØGÓk).>=†<‰ln$Võþ2õ)Hh1Ë´E“ü*߁iõ/ÎúƊ.Þ÷ËAéq'$ê’ýJ*tš¡/º:(Ê%+XhÞ;ŸÍöS5¢øò2B‡A‘ø žøš~·©=Ќä‘Núš– iŒ ¸£Þ8·!F?å2ö¼Do¡NX”¼ó×ré.Va±_6Ñ_gÒ1å2jmb•kh £F+0ïõea×mõöv¢¨Ö 3ÿx²A–q´Ñ/+*©Þé0Ó¤(°ìtœ‹Ú³¾V®Ìc÷ÿ\±.l&»Õ¿¥q²<£ÛSÏyc>ÆÕñÚQ“íó’*€¯ h±à¥bŽ`Ÿ.§ eÜ-4œ‘Ç™béÕ÷üLˆ5Þ"¢T  ïî~Z•…<Ima±G_*N¡U†sÖÄý‘—#å,$ÏÝ)-™ã²àI–iÑÍÕ©’$©íy‡—3Zʜ]ìPÈÐCQµAš4¿䛚YtÌt\c…¿†’n€Ë‚ VÍ!QÉÅ3—ËÇ^`É@£°è_·C-V‚Ó«…ÊíºqéS´eÁñCnØpôt· Ò7Bd$/ÉaþÈтʔÝ*TqþÞTŞPRû‹Ã±Ð¿^‘£žߌ9„š¥^+ÚºŠy‘ôç-¹ÈMïÁ.<iﳪ¡»†îom(i[F|ºýÍXn÷ƶÆ6=Õ6Že¿%齒íFTÄïñ¹R¹?êË<|isT–§¹áYµ"™¡{ 4Gß×" ñðoÎïR¿¦Zh·.²éÃÐ[ñ ¨‚˜—¶z‡Î8®>àŸ5ô‡qXg©¾óoÕðž(m㠐~÷w7 }.\•µÂ5y–hà«æ·Lp¤U¨”Eb}¯é}¯ðuVÍÌ֔ÚâîNt¿yI&#³û+Í«·>À·sn©Y:·9 = õý|þ‘žóɹB¤â4¤1BKO¡uù’V–X¤Â…ŠŽ hPig-³6zî—.“€Îž9Ógý±°òIžFbZÿʸ<™û©+Q6u‡Ôø;fùMìcà wÅ/Š'Ó_õ±ø|è;›¯ÃomS鸣b,Ù¼‹áÉL-X¹ñ°Çô”ªSª2TÚ°µöRýÏ`<4í5m¤4µGÕ!øþ5`ôÿ.-ÑÅ¢ë¶ìv#_>æÝ[·<¡bsŽ fãÌÃêj Nõ òZÿ„–Á”k4)GáZSŸ~pOø•Í ͐ËûfÊT4›%z"s1“DYð~ŽõÖ¾ÜÜß±zñz û\ÒPJÛà ÒXwt
blob_type: 7
flags: 0
success 1 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620817629.239876
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .gfids
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name DJQKUWWUB
行为判定
动态指标
Performs some HTTP requests (1 个事件)
request GET http://carder.bit/
Resolves a suspicious Top Level Domain (TLD) (2 个事件)
domain ns1.wowservers.ru description Russian Federation domain TLD
domain ns2.wowservers.ru description Russian Federation domain TLD
Allocates read-write-execute memory (usually to unpack itself) (20 个事件)
Time & API Arguments Status Return Repeated
1620817620.271001
NtAllocateVirtualMemory
process_identifier: 2196
region_size: 110592
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x02d70000
success 0 0
1620817620.334001
NtProtectVirtualMemory
process_identifier: 2196
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 180224
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1620817621.646001
NtProtectVirtualMemory
process_identifier: 2196
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 81920
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00414000
success 0 0
1620817621.646001
NtAllocateVirtualMemory
process_identifier: 2196
region_size: 94208
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02d90000
success 0 0
1620817621.787001
NtProtectVirtualMemory
process_identifier: 2196
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 81920
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00414000
success 0 0
1620817622.802001
NtAllocateVirtualMemory
process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000b0000
success 0 0
1620817622.802001
NtAllocateVirtualMemory
process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000f0000
success 0 0
1620817623.193001
NtAllocateVirtualMemory
process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000a0000
success 0 0
1620817623.209001
NtAllocateVirtualMemory
process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00170000
success 0 0
1620817623.630001
NtAllocateVirtualMemory
process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02e70000
success 0 0
1620817623.724001
NtAllocateVirtualMemory
process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x02e20000
success 0 0
1620817623.771001
NtAllocateVirtualMemory
process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00110000
success 0 0
1620817623.771001
NtAllocateVirtualMemory
process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00120000
success 0 0
1620817624.880001
NtAllocateVirtualMemory
process_identifier: 2196
region_size: 12288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x03f50000
success 0 0
1620817624.912001
NtAllocateVirtualMemory
process_identifier: 2196
region_size: 12288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x03f60000
success 0 0
1620817628.677001
NtAllocateVirtualMemory
process_identifier: 2196
region_size: 98304
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x03f50000
success 0 0
1620817628.677001
NtAllocateVirtualMemory
process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x04a50000
success 0 0
1620817628.677001
NtAllocateVirtualMemory
process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x04a90000
success 0 0
1620817628.677001
NtAllocateVirtualMemory
process_identifier: 2196
region_size: 36864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x04a90000
success 0 0
1620817628.677001
NtAllocateVirtualMemory
process_identifier: 2196
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x04ab0000
success 0 0
Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (1 个事件)
Time & API Arguments Status Return Repeated
1620817624.427001
GetDiskFreeSpaceW
root_path: C:\
sectors_per_cluster: 8
number_of_free_clusters: 4787803
total_number_of_clusters: 8362495
bytes_per_sector: 512
success 1 0
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\blrdgh.exe
Drops an executable to the user AppData folder (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\blrdgh.exe
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620817625.584001
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.8370978624432945 section {'size_of_data': '0x0001d200', 'virtual_address': '0x0104a000', 'entropy': 7.8370978624432945, 'name': '.rsrc', 'virtual_size': '0x0001d02c'} description A section with a high entropy has been found
entropy 0.3758064516129032 description Overall entropy of this PE file is high
Uses Windows utilities for basic Windows functionality (4 个事件)
cmdline nslookup carder.bit ns1.wowservers.ru
cmdline nslookup carder.bit ns2.wowservers.ru
cmdline nslookup ransomware.bit ns2.wowservers.ru
cmdline nslookup ransomware.bit ns1.wowservers.ru
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Checks the CPU name from registry, possibly for anti-virtualization (1 个事件)
registry HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString
Installs itself for autorun at Windows startup (1 个事件)
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\brunfoxfkbo reg_value "C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\blrdgh.exe"
Generates some ICMP traffic
File has been identified by 64 AntiVirus engines on VirusTotal as malicious (50 out of 64 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.Ransom.GandCrab.Gen.2
FireEye Generic.mg.ff3857c1fded3459
CAT-QuickHeal Trojan.Chapak.ZZ6
Qihoo-360 Generic/HEUR/QVM10.2.A8AF.Malware.Gen
McAfee GenericRXFR-KG!FF3857C1FDED
Cylance Unsafe
Zillya Trojan.Coins.Win32.168
SUPERAntiSpyware Ransom.GandCrab/Variant
Sangfor Malware
K7AntiVirus Trojan ( 00533b5d1 )
Alibaba Ransom:Win32/GandCrab.72a52730
K7GW Trojan ( 00533b5d1 )
CrowdStrike win/malicious_confidence_100% (W)
BitDefenderTheta Gen:NN.ZexaF.34670.tyX@aWfSOBi
Cyren W32/S-ba9a9755!Eldorado
Symantec Packed.Generic.525
APEX Malicious
Avast Win32:MalwareX-gen [Trj]
ClamAV Win.Packed.Gandcrab-6520432-4
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Trojan.Ransom.GandCrab.Gen.2
NANO-Antivirus Trojan.Win32.Encoder.fdouer
Paloalto generic.ml
ViRobot Trojan.Win32.GandCrab.Gen.A
Tencent Malware.Win32.Gencirc.10b9d113
Ad-Aware Trojan.Ransom.GandCrab.Gen.2
Emsisoft Trojan.Ransom.GandCrab.Gen.2 (B)
Comodo TrojWare.Win32.Chapak.GDE@7oo149
F-Secure Trojan.TR/FileCoder.FB
DrWeb Trojan.Encoder.24384
VIPRE Trojan.Win32.Generic!BT
TrendMicro Ransom_GANDCRAB.SMJS2
McAfee-GW-Edition BehavesLike.Win32.Generic.fc
Sophos ML/PE-A + Mal/Agent-AUL
Ikarus Trojan-Ransom.GandCrab
Jiangmin Trojan.GandCrypt.di
Avira TR/FileCoder.FB
MAX malware (ai score=83)
Antiy-AVL Trojan/Win32.TSGeneric
Microsoft Ransom:Win32/GandCrab.AE
Arcabit Trojan.Ransom.GandCrab.Gen.2
AegisLab Trojan.Win32.Generic.4!c
ZoneAlarm HEUR:Trojan.Win32.Generic
GData Trojan.Ransom.GandCrab.Gen.2
Cynet Malicious (score: 100)
AhnLab-V3 Win-Trojan/Gandcrab.Exp
Acronis suspicious
VBA32 BScope.TrojanRansom.GandCrypt
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2018-06-05 10:34:55

Imports

Library KERNEL32.dll:
0x420000 VirtualAlloc
0x420004 GetCurrentProcess
0x420008 RaiseException
0x42000c GetLastError
0x420010 ResetEvent
0x420014 PulseEvent
0x420018 GetNativeSystemInfo
0x42001c lstrlenA
0x420020 lstrlenW
0x420024 LoadLibraryW
0x420028 FindAtomA
0x42002c GetComputerNameW
0x420030 GetVersionExA
0x420038 SetThreadLocale
0x42003c SetConsoleMode
0x420040 AddConsoleAliasA
0x420044 WriteConsoleW
0x420048 GetConsoleCP
0x42004c FlushFileBuffers
0x420050 HeapSize
0x420054 SetFilePointerEx
0x420058 SetStdHandle
0x420064 GetCommandLineW
0x420068 GetCommandLineA
0x42006c GetOEMCP
0x420070 IsValidCodePage
0x420074 WideCharToMultiByte
0x420084 MultiByteToWideChar
0x420088 EncodePointer
0x42008c DecodePointer
0x420090 SetLastError
0x420098 CreateEventW
0x42009c TlsAlloc
0x4200a0 TlsGetValue
0x4200a4 TlsSetValue
0x4200a8 TlsFree
0x4200b0 GetModuleHandleW
0x4200b4 GetProcAddress
0x4200b8 LCMapStringW
0x4200bc GetLocaleInfoW
0x4200c0 GetStringTypeW
0x4200c4 GetCPInfo
0x4200c8 CloseHandle
0x4200cc SetEvent
0x4200d8 IsDebuggerPresent
0x4200e4 GetStartupInfoW
0x4200ec GetCurrentProcessId
0x4200f0 GetCurrentThreadId
0x4200f4 InitializeSListHead
0x4200f8 TerminateProcess
0x4200fc RtlUnwind
0x420100 FreeLibrary
0x420104 LoadLibraryExW
0x420108 HeapAlloc
0x42010c HeapFree
0x420110 HeapReAlloc
0x420114 ExitProcess
0x420118 GetModuleHandleExW
0x42011c GetModuleFileNameA
0x420120 GetStdHandle
0x420124 WriteFile
0x420128 GetACP
0x42012c ReadFile
0x420130 GetConsoleMode
0x420134 ReadConsoleW
0x420138 GetFileType
0x42013c IsValidLocale
0x420140 GetUserDefaultLCID
0x420144 EnumSystemLocalesW
0x420148 GetProcessHeap
0x42014c FindClose
0x420150 FindFirstFileExA
0x420154 FindNextFileA
0x420158 CreateFileW
Library USER32.dll:
0x420160 DrawEdge
0x420164 DefFrameProcW
0x420168 DestroyCursor
0x42016c CreateCursor
0x420170 LoadCursorFromFileW
0x420174 SetWindowsHookW
0x420178 UpdateWindow
0x42017c SetMenuInfo
0x420180 DeleteMenu
0x420184 LoadMenuW
0x420188 MapVirtualKeyA
0x42018c ReplyMessage
0x420190 PostMessageW
0x420194 DrawCaption
Library ole32.dll:
0x42019c OleLoadFromStream

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49176 66.171.248.178 ipv4bot.whatismyipaddress.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 61681 114.114.114.114 53
192.168.56.101 61682 114.114.114.114 53
192.168.56.101 61683 114.114.114.114 53
192.168.56.101 61684 114.114.114.114 53
192.168.56.101 61685 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 62913 114.114.114.114 53
192.168.56.101 62914 114.114.114.114 53
192.168.56.101 62915 114.114.114.114 53
192.168.56.101 62916 114.114.114.114 53
192.168.56.101 62917 114.114.114.114 53
192.168.56.101 62918 114.114.114.114 53
192.168.56.101 62919 114.114.114.114 53

HTTP & HTTPS Requests

URI Data
http://carder.bit/ 
GET / HTTP/1.1
Host: carder.bit
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Cache-Control: no-cache

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.