1.0
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.63
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | TrojanDownloader:Win32/Zbot.fd027e16 | 20190527 | 0.3.0.5 |
| Avast | Win32:Agent-AUID [Trj] | 20191109 | 18.4.3895.0 |
| Baidu | Win32.Trojan-Downloader.Waski.a | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (W) | 20190702 | 1.0 |
| Kingsoft | None | 20191109 | 2013.8.14.323 |
| McAfee | GenericATG-FBPK!0FD4BF6722A1 | 20191108 | 6.0.6.653 |
| Tencent | Trojan-spy.Win32.Zbot.robza | 20191109 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(3 个事件)
| section | .MPRESS1 |
| section | .MPRESS2 |
| section | .imports |
动态指标
网络通信
与未执行 DNS 查询的主机进行通信
(2 个事件)
| host | 114.114.114.114 | |||
| host | 8.8.8.8 | |||
文件已被 VirusTotal 上 64 个反病毒引擎识别为恶意
(50 out of 64 个事件)
| ALYac | Trojan.Agent.BBVC |
| APEX | Malicious |
| AVG | Win32:Agent-AUID [Trj] |
| Acronis | suspicious |
| Ad-Aware | Trojan.Agent.BBVC |
| AhnLab-V3 | Trojan/Win32.Upatre.C3083145 |
| Alibaba | TrojanDownloader:Win32/Zbot.fd027e16 |
| Antiy-AVL | Trojan[Spy]/Win32.Zbot |
| Arcabit | Trojan.Agent.BBVC |
| Avast | Win32:Agent-AUID [Trj] |
| Avira | TR/Yarwi.AD.113 |
| Baidu | Win32.Trojan-Downloader.Waski.a |
| BitDefender | Trojan.Agent.BBVC |
| BitDefenderTheta | Gen:NN.ZexaF.32245.cqY@aOUb5ici |
| Bkav | W32.FamVT.GeND.Trojan |
| CAT-QuickHeal | Trojan.AgentCS.S5725868 |
| ClamAV | Win.Malware.Bavs-6804154-0 |
| Comodo | TrojWare.Win32.Upatre.O@58re0o |
| CrowdStrike | win/malicious_confidence_100% (W) |
| Cybereason | malicious.722a1f |
| Cylance | Unsafe |
| Cyren | W32/Upatre.IB.gen!Eldorado |
| DrWeb | Trojan.DownLoad3.28161 |
| ESET-NOD32 | Win32/TrojanDownloader.Waski.A |
| Emsisoft | Trojan.Agent.BBVC (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Upatre.IB.gen!Eldorado |
| F-Secure | Trojan.TR/Yarwi.AD.113 |
| FireEye | Generic.mg.0fd4bf6722a1fd9e |
| Fortinet | W32/Zbot.A!tr |
| GData | Trojan.Agent.BBVC |
| Ikarus | Trojan-Downloader.Win32.Upatre |
| Invincea | heuristic |
| Jiangmin | TrojanSpy.Zbot.ecat |
| K7AntiVirus | Trojan ( 0052964f1 ) |
| K7GW | Trojan ( 0052964f1 ) |
| Kaspersky | Trojan-Spy.Win32.Zbot.zmzc |
| Lionic | Trojan.Win32.Zbot.toaa |
| MAX | malware (ai score=87) |
| McAfee | GenericATG-FBPK!0FD4BF6722A1 |
| McAfee-GW-Edition | BehavesLike.Win32.Downloader.pt |
| MicroWorld-eScan | Trojan.Agent.BBVC |
| Microsoft | TrojanDownloader:Win32/Upatre.AA |
| NANO-Antivirus | Trojan.Win32.Zbot.ctnosh |
| Paloalto | generic.ml |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | Win32/Trojan.Spy.573 |
| Rising | Worm.Allaple!1.AB29 (CLASSIC) |
| SentinelOne | DFI - Malicious PE |
| Sophos | Troj/ZBot-HQH |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2012-08-22 16:41:37
PE Imphash
1daa496caaaddcfabb11d00256706dda
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .MPRESS1 | 0x00001000 | 0x00005000 | 0x00004600 | 3.2463917788846763 |
| .MPRESS2 | 0x00006000 | 0x00001000 | 0x00000400 | 5.892839290312011 |
| .rsrc | 0x00007000 | 0x00003000 | 0x00002600 | 4.780403912270365 |
| .imports | 0x0000a000 | 0x00001000 | 0x00000200 | 4.307410073100323 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_BITMAP | 0x00005530 | 0x000000ae | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x000070a8 | 0x00002428 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_GROUP_ICON | 0x00009510 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library USER32.dll:
• 0x402050 MessageBoxW
• 0x402054 SendMessageW
• 0x402058 EndDialog
• 0x40205c GetDlgItem
• 0x402060 DialogBoxIndirectParamW
• 0x402064 ClientToScreen
• 0x402068 wsprintfW
• 0x40206c GetDialogBaseUnits
Library KERNEL32.dll:
• 0x402000 GetStartupInfoA
• 0x402004 GetModuleHandleA
• 0x402008 GetFileSize
• 0x40200c CloseHandle
• 0x402010 CreateFileW
Library MSVCRT.dll:
• 0x402018 __set_app_type
• 0x40201c __p__fmode
• 0x402020 _except_handler3
• 0x402024 _controlfp
• 0x402028 _exit
• 0x40202c _XcptFilter
• 0x402030 exit
• 0x402034 _acmdln
• 0x402038 __getmainargs
• 0x40203c _initterm
• 0x402040 __setusermatherr
• 0x402044 _adjust_fdiv
• 0x402048 __p__commode
L!Win32 .EXE.
.MPRESS1
.MPRESS2
.imports
MuM!]@ @UE
M!@]]!M
u@u@]]
!u!!]MMMM]uu u]]]@! ]!!]M ]MuM! u@
QHM] @@]M M]MM]u
] MMMu @!u !! ]M!
M uH<E
u@]@!!
]@M Mu
@u@!]
M!u ]@MMM!
M@@MM
8u ] ]M]u@u ]!M@u@!
!M]u! ! ]@
uH @]u !]!M @@M]!@]
] ]]@]@u!@]
! ]]@]@u!
Mu]]@M!@@uM]$
uM M!]!@ !]!@]]]=!Mu/
]_MvzU
ZMuSSAWVAf9
KIM3EE
GEGEGMG;r
]]u @]! M !]u@u@u ]
!]]!u!uUV3W}
FG3@_^]
@@uu!u@uM ]@u
]]]]@u="@
3!M.l F^M:
_S,4hs)-.7
IS."hs)08
<s@ uJb
OD,3Cs
jS$3Cs]:(
6]d8+$
_W10M3
[A]+=9 LT("gb)
:!3 XvM
Bu/NX_M8
,0 y|Ueu
mKMU-dZ
/@=!M'0
I>!MvE
}8ZZ RDMva?"lF
4y.Pw'hzX-T
/@=!M!uD
2!=#M}
wbKvzu)
/@=!M!u
38I>nx%uE
^a?f?!M
z ?TOe^_
,kw'.0s_Mu a
7Mvh1kw9
6:w_"M$S
:2aUZE
^m}G<!M#
kv 2udj ]R
?Mu[+u9
MS(7Ip8_9
7_M'kd+Nb.d_+K
}Lub?$
DCzME,*Kps'M
_Nf-6,
y[Wb]^
7mo cE-wu8+
@! @!u @M!M]@M
M @u@!M@]]
IuKXG[O_
u!!!uM M]
]]uM M
@GKYUVu
^]hUjh&@
hSVWe3
EEP5&@
EPEPEP
0u>"u:Fu
<"u>"u
> vFuj
YY3% @
8Muex<
KERNEL32
VirtualProtect
G(XPTPjxWXt=
-5$09+
E!4*B#0&=9
1)E(>6> &. )<B
#,"< D=&
;%)$+.3
":E?0!-03 -(
k!l4l/t
;09>,7
*4$.B7
($; 9(3
D1>D.39=6
,C0*A!
770 ;'C
,8?;=2
% !CD;
4'-=.D-2!
UURVWU
QVVVVWU
USER32.dll
MessageBoxW
SendMessageW
EndDialog
GetDlgItem
DialogBoxIndirectParamW
ClientToScreen
wsprintfW
GetDialogBaseUnits
KERNEL32.dll
GetStartupInfoA
GetModuleHandleA
GetFileSize
CloseHandle
CreateFileW
MSVCRT.dll
__set_app_type
__p__fmode
_except_handler3
_controlfp
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
"""""""
"""#"""
"""DB""
"""BB""
""$BD""
""$"$""
""$"$""
"""""""
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
USER32.dll
EndDialog
MSVCRT.dll
t7Kt'Kt
ZXWZYXZZXZZX
KKMM""
uuDD--
117722
}}^^mm
I'6*(******************++""
!!##**********************::v
DZ5Lar|||
'@WmAYG_
_p\\\n
`s]]]m
L$f3L$
USER32.dll
MessageBoxW
SendMessageW
EndDialog
GetDlgItem
DialogBoxIndirectParamW
ClientToScreen
wsprintfW
GetDialogBaseUnits
KERNEL32.dll
GetStartupInfoA
GetModuleHandleA
GetFileSize
CloseHandle
CreateFileW
MSVCRT.dll
__set_app_type
__p__fmode
_except_handler3
_controlfp
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
M�S� �S�a�n�s� �S�e�r�i�f�
P�u�s�h� �t�o� �e�x�i�t�
s�2�4�1�5�7�a�c�f�4�7�1�6�b�6�0�9�2�1�4�c�c�6�c�4�3�7�b�d�
C�:�\�L�P�T�l�F�n�m�n�.�e�x�e�
C�:�\�8�b�s�O�0�7�A�a�.�e�x�e�
C�:�\�2�1�c�f�d�1�4�0�a�5�8�3�1�d�c�8�b�2�9�2�c�5�5�5�b�b�4�8�8�a�5�e�0�9�9�7�e�d�f�3�6�0�b�a�d�6�7�b�c�b�4�5�9�9�3�e�8�c�8�6�a�d�7�f�
C�:�\�6�c�f�5�7�c�5�b�d�a�6�5�9�f�e�b�2�d�5�5�e�7�f�e�1�c�b�6�2�9�9�8�3�6�6�6�4�5�7�2�f�1�d�5�4�b�b�3�8�c�b�4�c�a�c�4�7�1�6�5�5�2�4�1�
C�:�\�5�9�8�c�3�f�f�7�9�e�4�f�d�b�e�3�0�b�8�6�2�2�c�5�e�5�f�9�8�b�b�8�e�8�2�7�6�1�c�3�4�5�4�e�6�d�7�4�5�a�9�2�7�7�4�b�c�9�b�b�5�c�6�4�
C�:�\�b�c�1�f�e�b�c�5�a�1�b�4�1�7�e�6�a�b�1�b�2�b�5�c�1�3�f�1�1�3�e�e�7�e�1�0�f�6�e�f�3�4�5�1�b�2�9�2�0�d�1�a�a�f�5�1�2�8�b�e�4�9�b�3�
c�:�\�t�a�s�k�\�1�B�8�A�5�F�5�4�2�E�8�2�1�E�A�2�1�B�8�4�1�B�2�F�E�2�3�D�0�6�A�4�.�e�x�e�
c�:�\�t�a�s�k�\�8�0�9�F�E�A�A�F�4�6�B�4�9�4�C�B�1�E�9�D�8�D�6�1�F�3�E�3�9�F�5�0�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�m�v�K�i�j�r�N�V�.�e�x�e�
C�:�\�d�d�8�9�b�a�f�3�5�4�1�a�3�b�2�4�f�4�d�9�2�f�8�6�f�1�0�1�4�7�d�6�4�5�e�7�4�f�8�f�9�4�9�7�3�3�6�d�f�7�7�f�7�7�d�c�1�c�6�e�5�d�c�3�
C�:�\�4�a�6�e�6�1�4�9�3�e�c�e�d�4�6�e�c�e�0�4�f�d�e�4�3�5�f�4�1�1�3�8�0�1�7�e�4�d�a�1�3�d�0�9�8�f�7�5�2�f�1�9�d�3�5�a�9�a�6�d�3�2�a�c�
C�:�\�4�1�8�d�8�f�9�9�b�4�0�2�1�0�9�a�d�b�f�1�6�0�6�1�8�e�3�3�4�7�c�d�2�d�1�d�1�a�9�d�a�d�7�c�c�2�c�0�f�a�7�b�1�c�7�8�d�2�1�6�f�7�a�7�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�D�T�P�i�W�d�Z�N�.�e�x�e�
C�:�\�U�s�e�r�s�\�V�i�r�t�u�a�l�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�f�7�7�1�2�6�a�d�8�5�8�5�d�0�9�4�1�8�5�0�d�8�8�f�f�b�d�f�3�3�2�d�5�b�6�b�d�2�8�4�d�c�2�3�9�1�7�c�5�9�5�a�5�5�9�a�3�5�a�f�5�f�4�1�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�J�2�K�c�Q�U�b�L�.�e�x�e�
C�:�\�0�d�b�6�a�0�0�1�b�1�5�2�4�d�c�5�9�a�7�2�a�7�b�9�d�7�a�e�3�d�1�9�c�3�f�9�0�a�f�b�2�4�3�e�d�4�0�f�2�5�6�d�0�e�b�e�0�2�1�1�0�b�a�6�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�S�Z�4�I�e�j�X�j�.�e�x�e�
C�:�\�K�F�C�X�i�7�d�e�.�e�x�e�
C�:�\�d�9�8�c�5�f�8�e�6�6�4�2�7�d�c�d�9�c�1�0�b�1�e�0�3�4�2�2�3�c�7�d�e�7�a�3�4�a�c�b�6�6�8�1�9�3�2�2�1�3�2�c�7�9�0�4�9�d�7�7�7�a�1�2�
C�:�\�e�d�d�a�9�8�7�f�3�5�f�8�c�f�a�0�e�9�1�d�3�9�1�c�9�5�7�e�d�e�6�7�4�7�7�6�c�d�3�f�e�9�9�e�1�8�f�b�f�f�3�2�c�c�c�8�8�4�2�9�4�3�b�c�
C�:�\�3�9�b�8�e�6�f�0�a�6�3�c�c�b�0�2�3�c�a�6�6�f�6�1�1�f�2�3�b�d�8�7�7�e�7�a�4�3�8�9�c�b�8�1�d�c�7�1�d�8�4�6�0�e�d�8�4�6�e�3�d�b�4�9�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�v�W�U�o�q�9�O�p�.�e�x�e�
C�:�\�3�7�a�9�6�e�3�7�5�d�4�2�0�8�c�4�9�2�b�e�b�6�5�4�0�5�4�1�9�2�1�d�1�4�8�d�0�5�7�2�e�0�c�4�8�6�4�c�5�a�c�d�d�1�c�d�5�6�6�5�0�e�4�e�
C�:�\�p�8�m�0�e�G�8�6�.�e�x�e�
C�:�\�a�f�5�d�4�8�1�4�5�0�d�e�a�1�3�c�e�0�8�5�7�3�4�4�f�6�0�e�3�4�a�f�7�a�f�3�7�d�9�c�6�8�d�b�0�6�2�4�c�5�e�e�b�0�e�d�c�7�9�c�a�d�c�3�
C�:�\�9�e�4�e�f�1�1�5�0�9�8�7�8�b�8�0�d�b�8�e�a�8�9�4�d�0�f�9�4�a�c�4�f�1�8�9�1�3�9�f�e�4�4�1�7�1�6�9�a�2�d�e�c�0�f�b�2�c�f�e�8�7�8�0�
C�:�\�c�8�b�7�7�e�6�9�7�8�f�e�7�b�7�8�a�3�d�4�d�b�b�6�e�8�4�6�a�0�0�c�f�0�8�a�8�9�d�4�e�8�1�a�7�d�d�2�4�b�8�7�0�b�4�6�f�e�1�c�4�2�1�5�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�l�u�s�e�r�\�D�e�s�k�t�o�p�\�Z�h�t�j�O�a�b�5�.�e�x�e�
C�:�\�J�2�D�B�j�G�U�f�.�e�x�e�
C�:�\�b�8�6�0�a�b�a�e�4�1�e�0�9�6�8�6�0�3�1�8�d�4�2�0�b�4�0�3�6�c�b�8�6�d�2�f�d�c�e�2�d�e�9�a�8�8�a�8�4�5�1�d�5�1�b�9�f�4�9�0�5�c�a�2�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�L�l�r�R�x�I�V�7�.�e�x�e�
C�:�\�f�b�1�9�a�c�f�0�0�c�a�d�0�f�b�e�f�b�c�5�a�f�8�a�b�2�3�7�9�4�2�c�7�8�6�1�b�2�3�7�e�2�f�9�f�1�0�f�1�d�9�3�a�c�3�6�2�b�4�6�6�e�2�8�
C�:�\�3�1�a�5�6�f�2�0�9�8�5�e�e�2�2�9�8�9�f�8�f�8�5�d�5�7�1�a�3�5�1�c�6�7�4�6�4�4�3�9�e�d�f�9�9�3�2�e�7�3�9�7�3�2�0�e�1�8�f�4�1�1�6�1�
C�:�\�b�1�b�e�5�a�8�f�1�7�7�4�7�0�a�5�5�c�6�3�9�a�2�d�1�0�e�0�a�d�d�0�5�5�a�8�d�2�5�f�c�1�1�f�c�0�8�1�0�f�c�e�1�0�d�d�0�2�c�5�7�b�0�a�
C�:�\�4�2�f�6�f�c�f�f�9�f�8�5�7�7�a�6�2�2�8�4�6�5�c�3�4�a�0�a�0�9�e�5�3�5�e�f�d�0�3�e�a�a�e�0�c�b�a�e�0�4�f�6�7�a�e�1�4�3�a�5�6�a�3�1�
C�:�\�S�h�0�K�M�a�Y�9�.�e�x�e�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�y�4�m�L�h�8�a�J�.�e�x�e�
C�:�\�o�L�I�Y�B�p�H�m�.�e�x�e�
C�:�\�5�2�7�2�6�c�0�1�1�0�a�1�d�c�3�4�0�d�e�5�b�4�7�3�1�4�7�2�d�9�d�8�4�3�2�6�8�8�8�d�3�f�c�3�b�e�1�3�d�3�d�d�f�5�0�f�d�4�6�1�6�e�2�a�
C�:�\�f�f�6�b�6�1�a�b�0�9�0�c�4�2�3�9�e�4�9�d�3�3�4�e�6�8�b�c�b�b�9�a�a�7�b�e�1�d�4�a�1�9�e�a�f�9�e�4�1�1�f�b�7�c�d�d�9�a�3�c�a�6�6�2�
C�:�\�5�2�4�f�7�e�4�d�5�4�1�9�5�f�5�e�d�5�3�2�5�e�7�e�2�8�7�2�2�4�2�6�b�f�9�5�0�d�5�2�1�3�b�9�e�5�a�a�e�3�7�c�6�d�0�5�7�7�8�9�c�f�f�c�
C�:�\�5�9�7�c�a�d�1�9�9�9�e�1�2�4�9�8�1�f�a�6�d�b�c�6�b�3�1�f�6�a�3�d�7�0�e�6�a�5�6�b�1�0�c�4�5�6�c�5�1�8�e�4�b�d�8�b�c�b�7�b�a�8�c�7�
C�:�\�7�7�b�5�8�9�1�9�2�2�2�1�0�7�b�6�d�1�c�6�6�9�c�0�a�2�4�d�d�8�6�7�9�c�6�4�8�c�3�d�b�0�f�a�9�1�4�6�1�5�e�f�0�4�a�3�2�e�e�3�8�0�f�1�
C�:�\�d�7�Q�X�m�y�1�W�.�e�x�e�
C�:�\�9�2�a�c�b�1�8�7�c�0�3�2�0�d�c�8�7�4�2�5�9�0�f�6�c�0�0�c�2�4�d�1�d�0�c�3�f�0�2�9�a�0�6�3�b�d�3�c�f�b�0�6�7�6�9�c�f�8�8�8�1�4�e�6�
C�:�\�c�1�d�5�b�9�f�3�c�7�4�8�f�2�3�d�2�e�f�c�7�4�e�8�1�0�9�3�d�7�c�1�9�7�d�a�9�4�0�e�8�a�6�6�1�0�2�9�2�b�6�2�1�0�f�6�e�2�a�c�0�b�d�8�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�p�l�t�h�M�k�z�r�.�e�x�e�
C�:�\�n�2�n�L�i�c�M�C�.�e�x�e�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�Y�c�P�b�E�q�k�t�.�e�x�e�
C�:�\�7�c�a�9�2�b�0�c�f�1�3�2�f�2�3�d�7�8�a�8�e�1�d�4�0�b�1�0�e�9�8�c�4�d�a�7�d�3�1�1�e�7�b�a�7�5�a�5�2�7�2�d�1�9�0�f�2�d�f�0�8�c�d�d�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�r�K�0�J�K�Z�N�d�.�e�x�e�
C�:�\�1�e�b�e�6�0�7�4�0�f�e�1�0�a�b�3�e�3�0�0�2�6�8�7�2�4�8�1�e�1�c�3�8�e�c�0�b�0�4�1�b�3�0�d�2�8�b�1�a�a�8�6�b�0�8�3�c�a�c�d�3�7�f�f�
C�:�\�9�1�e�4�5�c�e�e�8�e�4�2�2�6�1�4�3�0�e�5�6�5�d�5�5�4�4�e�a�d�6�c�5�4�6�b�d�e�f�1�4�b�7�f�4�5�2�f�d�1�7�4�e�9�a�1�d�4�3�9�6�2�c�0�
C�:�\�f�9�d�3�1�4�2�2�2�8�9�a�8�b�5�0�d�5�e�f�d�8�f�0�f�7�c�1�1�4�d�0�b�b�d�e�8�2�8�0�4�c�d�a�8�a�a�2�d�9�4�8�9�7�1�8�3�0�4�b�5�b�e�e�
C�:�\�7�8�1�2�e�5�3�4�2�6�c�2�e�e�5�2�c�f�7�c�2�4�0�8�f�1�9�1�6�6�4�b�3�7�e�7�6�6�0�3�d�f�5�5�7�d�4�9�2�9�c�f�7�1�8�a�f�e�d�c�c�8�9�8�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�g�j�X�L�L�E�K�F�.�e�x�e�
C�:�\�5�6�e�a�9�f�1�2�1�1�d�8�d�7�4�0�1�6�8�8�4�e�a�9�c�b�1�9�3�7�1�c�5�c�8�6�6�7�c�5�4�c�2�f�5�f�2�b�0�4�4�0�e�c�d�2�7�d�d�3�f�b�c�f�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�B�E�V�E�2�y�z�z�.�e�x�e�
C�:�\�1�6�b�7�9�2�0�b�e�9�6�4�9�e�0�3�f�8�7�e�c�f�6�d�a�c�c�4�7�a�d�1�6�a�8�2�1�f�b�c�d�c�e�8�f�1�c�d�5�9�9�1�0�7�3�5�9�5�b�6�e�f�2�2�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�8�h�e�T�b�0�n�6�.�e�x�e�
C�:�\�M�a�u�f�u�v�q�x�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�f�i�l�e�.�p�e�3�2�
C�:�\�a�b�e�d�0�3�8�2�9�c�3�5�0�0�7�e�2�c�a�e�d�6�3�9�3�d�7�9�d�c�8�e�8�6�3�6�c�1�1�a�e�2�0�c�6�9�f�d�7�0�b�d�e�2�5�c�b�4�1�0�5�c�1�2�
C�:�\�f�1�0�e�e�7�4�d�7�4�b�8�e�6�b�a�0�1�c�0�5�5�d�a�a�6�b�0�2�7�7�d�1�2�7�b�b�1�7�5�7�7�e�3�e�4�b�c�1�b�6�6�d�5�4�d�b�f�9�6�a�8�a�4�
C�:�\�f�7�1�e�3�e�7�f�5�1�6�b�3�3�6�8�5�5�f�2�c�2�b�3�6�6�0�5�b�3�e�8�1�b�6�d�0�0�5�e�7�5�f�a�1�6�0�3�5�c�b�3�7�c�9�5�1�e�8�c�f�1�e�c�
C�:�\�3�8�4�1�2�8�2�2�8�e�c�7�9�4�9�9�0�c�f�f�1�1�9�8�e�6�1�d�c�1�e�2�2�0�e�d�1�5�6�7�6�d�e�9�9�c�5�b�7�8�6�c�8�4�0�4�a�7�9�3�9�9�3�f�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�Y�J�5�b�3�6�4�l�.�e�x�e�
C�:�\�t�S�h�r�8�u�p�e�.�e�x�e�
C�:�\�3�a�a�0�a�6�b�7�d�d�8�2�a�7�f�8�e�1�5�0�0�1�c�9�6�8�a�2�4�f�d�b�3�7�4�5�0�9�d�a�5�d�9�6�8�b�8�6�9�7�e�7�f�f�c�a�0�5�6�c�c�5�f�0�
C�:�\�7�c�8�6�8�b�e�b�4�a�e�9�a�9�1�f�5�8�4�7�2�6�2�9�3�2�5�a�d�6�0�e�b�9�c�b�d�a�b�0�c�f�9�e�b�5�1�9�8�e�b�2�9�8�f�6�d�7�f�8�5�0�b�d�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�u�p�d�a�t�e�-�p�d�f�.�p�e�3�2�
C�:�\�7�3�7�3�6�9�e�c�2�6�c�9�2�b�7�2�2�e�8�5�a�2�f�a�e�c�d�3�a�4�3�2�8�c�b�6�a�f�1�c�f�8�e�3�f�3�7�e�3�4�4�b�d�7�8�a�9�a�b�a�c�3�9�7�
C�:�\�6�0�c�3�0�b�2�7�1�c�5�b�e�e�9�6�0�f�4�b�3�6�d�9�a�0�d�9�7�7�d�e�b�c�e�e�b�1�a�0�8�d�2�a�2�3�e�c�8�7�0�9�c�0�e�5�6�a�2�e�1�d�6�2�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�w�X�E�u�G�C�O�U�.�e�x�e�
C�:�\�X�q�I�0�M�I�p�a�.�e�x�e�
c�:�\�t�a�s�k�\�4�4�F�8�A�C�7�0�4�F�D�5�7�2�3�1�5�9�C�B�F�C�0�4�5�C�7�A�9�E�4�6�.�e�x�e�
c�:�\�t�a�s�k�\�8�B�1�C�1�1�D�A�2�2�1�C�7�C�8�1�0�C�1�7�1�9�F�D�3�F�7�5�F�D�1�F�.�e�x�e�
c�:�\�t�a�s�k�\�0�5�E�8�9�5�C�1�A�4�E�2�5�6�4�2�D�9�F�2�D�B�E�1�6�0�D�F�6�A�A�9�.�e�x�e�
C�:�\�B�z�L�k�d�f�X�V�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�b�b�a�2�c�3�1�0�e�6�9�d�b�d�0�d�f�1�b�e�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�m�p�o�r�t�a�n�t�_�d�o�c�u�m�e�n�t�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�m�p�o�r�t�a�n�t�_�d�o�c�u�m�e�n�t�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�m�p�o�r�t�a�n�t�_�d�o�c�u�m�e�n�t�.�e�x�e�
C�:�\�6�1�3�2�5�e�4�e�c�d�0�f�8�4�7�3�5�d�3�b�1�8�2�5�6�0�a�e�3�9�3�b�0�3�9�b�8�2�8�5�b�e�9�f�0�9�4�4�0�d�7�1�b�7�8�6�d�d�c�3�b�d�a�9�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�m�p�o�r�t�a�n�t�_�d�o�c�u�m�e�n�t�.�e�x�e�
C�:�\�d�5�f�4�c�4�5�6�2�0�1�8�7�4�b�9�3�c�6�0�7�b�f�b�9�b�1�e�e�7�7�9�9�5�0�7�9�7�b�f�7�a�2�8�7�3�8�e�6�4�5�b�7�9�d�a�e�e�2�4�7�3�c�0�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�v�V�q�B�8�m�w�k�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�f�a�c�t�u�r�a�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�s�a�m�p�l�e�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�n�v�o�i�c�e�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�f�a�c�t�u�r�a�.�e�x�e�
C�:�\�9�b�f�c�e�c�e�6�e�7�d�f�a�0�b�e�f�e�a�9�c�a�5�e�f�d�5�4�e�b�c�1�2�8�c�b�a�3�6�1�c�c�3�0�5�4�8�4�f�b�0�b�a�2�7�4�b�c�b�3�d�6�2�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�m�p�o�r�t�a�n�t�_�d�o�c�u�m�e�n�t�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�m�p�o�r�t�a�n�t�_�d�o�c�u�m�e�n�t�.�e�x�e�
C�:�\�7�0�9�1�a�8�6�5�2�c�5�c�b�a�a�f�1�3�2�2�7�a�8�f�1�1�d�f�d�f�4�a�5�1�b�a�c�d�e�f�a�2�1�3�7�a�5�7�2�6�d�c�8�2�a�7�8�7�6�6�c�b�a�c�
C�:�\�6�e�9�0�9�7�9�1�9�c�3�8�3�c�5�2�c�8�6�7�d�d�7�4�5�4�a�b�1�d�6�c�c�d�7�6�0�9�8�8�2�c�0�3�b�b�9�0�5�c�9�d�8�2�0�5�2�c�e�6�7�5�1�7�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�f�a�c�t�u�r�a�.�e�x�e�
C�:�\�e�a�9�T�e�r�f�o�.�e�x�e�
C�:�\�2�0�4�b�a�d�2�0�7�4�b�e�7�0�a�e�0�f�6�3�d�e�0�e�d�1�f�5�0�1�c�2�9�e�9�2�0�8�c�5�c�d�e�5�a�4�b�3�8�c�0�4�1�6�5�e�b�9�0�8�a�a�3�1�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�f�a�c�t�u�r�a�.�e�x�e�
C�:�\�Z�W�v�b�2�P�V�M�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�n�v�o�i�c�e�.�e�x�e�
C�:�\�f�9�f�1�7�3�e�f�d�c�e�6�9�e�5�c�f�a�e�e�1�8�0�5�a�d�f�5�1�6�6�b�3�c�c�2�c�8�b�7�f�7�d�5�2�6�d�e�2�9�c�4�4�5�0�8�a�1�1�a�1�8�5�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�5�Y�1�0�J�L�n�C�.�e�x�e�
C�:�\�A�K�k�0�R�2�9�6�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�m�p�o�r�t�a�n�t�_�d�o�c�u�m�e�n�t�.�e�x�e�
C�:�\�4�2�d�4�4�8�6�f�d�6�5�c�a�b�f�7�c�2�b�2�c�5�2�4�e�8�9�d�f�d�c�7�7�1�c�9�b�c�8�e�3�a�0�c�6�2�5�9�1�e�d�1�a�5�3�a�9�4�3�5�8�2�c�4�
C�:�\�5�4�1�f�0�f�b�8�f�4�2�b�2�e�e�f�d�f�7�a�b�5�6�7�1�a�9�a�1�f�b�5�3�d�7�4�d�e�5�e�f�c�1�4�b�2�6�4�0�0�2�6�2�e�0�d�c�d�f�b�8�0�1�a�
C�:�\�5�d�f�a�2�c�3�e�7�3�0�1�5�9�e�4�a�1�c�d�3�c�2�9�f�7�a�3�6�7�7�6�9�7�f�1�8�0�0�b�f�6�0�1�c�4�d�6�0�6�e�3�1�b�c�b�0�4�a�b�7�b�1�5�
C�:�\�a�8�6�6�9�5�9�c�9�5�b�5�b�4�0�9�e�a�7�a�a�a�8�7�4�9�4�1�d�4�1�a�0�a�d�9�e�3�d�9�a�e�1�d�6�7�9�a�d�6�c�b�9�b�b�a�4�c�b�9�4�3�b�4�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�u�p�d�a�t�e�-�p�d�f�.�p�e�3�2�
C�:�\�1�3�e�1�9�8�7�6�2�a�7�8�e�8�f�d�c�3�7�0�0�3�3�7�b�9�4�e�a�c�1�d�d�b�b�7�1�6�a�9�a�6�4�7�2�9�6�0�4�a�9�8�5�f�0�c�5�3�4�b�3�6�c�3�
C�:�\�e�b�8�I�0�4�o�c�.�e�x�e�
C�:�\�b�8�c�7�4�1�e�3�1�c�d�a�a�9�2�0�0�5�5�6�6�d�7�b�f�0�b�a�5�7�f�8�b�f�2�e�9�9�2�a�6�9�c�c�1�d�9�3�8�6�2�7�d�6�b�7�c�1�c�f�2�f�7�d�
C�:�\�c�d�7�7�4�9�d�2�d�6�6�0�a�a�7�8�7�1�1�4�c�e�6�a�3�e�2�c�9�7�2�4�a�4�f�e�4�f�9�4�4�5�0�f�6�5�7�4�7�f�b�b�2�9�8�7�0�f�6�d�4�a�c�1�
Hosts
| IP |
|---|
| 114.114.114.114 |
| 8.8.8.8 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | |
| dns.msftncsi.com |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 61714 | 8.8.8.8 | 53 |
| 192.168.56.101 | 56933 | 8.8.8.8 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 58485 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58485 | 8.8.8.8 | 53 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.