1.4
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.74
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Malware-gen | 20191026 | 18.4.3895.0 |
| Baidu | Win32.Trojan.Kryptik.jr | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20191026 | 2013.8.14.323 |
| McAfee | GenericRXIK-MI!1D1390ECF048 | 20191026 | 6.0.6.653 |
| Tencent | None | 20191026 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(1 个事件)
| section | .imports |
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(1 个事件)
| section | {'name': 'UPX1', 'virtual_address': '0x0000b000', 'virtual_size': '0x00003000', 'size_of_data': '0x00002200', 'entropy': 7.4677168355624035} | entropy | 7.4677168355624035 | description | 发现高熵的节 | |||||||||
可执行文件使用UPX压缩
(2 个事件)
| section | UPX0 | description | 节名称指示UPX | ||||||
| section | UPX1 | description | 节名称指示UPX | ||||||
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 55 个反病毒引擎识别为恶意
(50 out of 55 个事件)
| ALYac | Trojan.Downloader.JRZA |
| APEX | Malicious |
| AVG | Win32:Malware-gen |
| Acronis | suspicious |
| Ad-Aware | Trojan.Downloader.JRZA |
| AhnLab-V3 | Trojan/Win32.Upatre.R288149 |
| Antiy-AVL | Trojan[Downloader]/Win32.Upatre |
| Arcabit | Trojan.Downloader.JRZA |
| Avast | Win32:Malware-gen |
| Avira | TR/Spy.Zbot.sbboqv |
| Baidu | Win32.Trojan.Kryptik.jr |
| BitDefender | Trojan.Downloader.JRZA |
| ClamAV | Win.Downloader.Upatre-5744092-0 |
| Comodo | TrojWare.Win32.TrojanDownloader.Upatre.DOM@5st38w |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.cf0485 |
| Cylance | Unsafe |
| Cyren | W32/Upatre.KP.gen!Eldorado |
| DrWeb | Trojan.Upatre.5278 |
| ESET-NOD32 | a variant of Win32/Kryptik.GVBD |
| Emsisoft | Trojan.Downloader.JRZA (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Upatre.KP.gen!Eldorado |
| F-Secure | Trojan.TR/Spy.Zbot.sbboqv |
| FireEye | Generic.mg.1d1390ecf048521c |
| Fortinet | W32/Kryptik.DQAA!tr |
| GData | Win32.Trojan.Kryptik.CA |
| Ikarus | Trojan.Win32.Crypt |
| Invincea | heuristic |
| Jiangmin | TrojanDownloader.Upatre.rqi |
| K7AntiVirus | Trojan ( 00554e8d1 ) |
| K7GW | Trojan ( 00554e8d1 ) |
| Kaspersky | Trojan-Spy.Win32.Zbot.zrzb |
| MAX | malware (ai score=89) |
| MaxSecure | Trojan.Upatre.Gen |
| McAfee | GenericRXIK-MI!1D1390ECF048 |
| McAfee-GW-Edition | BehavesLike.Win32.Pluto.qm |
| MicroWorld-eScan | Trojan.Downloader.JRZA |
| Microsoft | TrojanDownloader:Win32/Upatre!rfn |
| NANO-Antivirus | Trojan.Win32.Kryptik.dtrwge |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | HEUR/QVM02.0.CEB5.Malware.Gen |
| Rising | Trojan.Waski!1.A489 (CLASSIC) |
| SUPERAntiSpyware | Trojan.Agent/Gen-Upatre |
| SentinelOne | DFI - Malicious PE |
| Sophos | Troj/Kryptik-JN |
| Symantec | Downloader.Upatre |
| Trapmine | malicious.high.ml.score |
| TrendMicro | TROJ_UPATRE.TOMB00000005 |
| TrendMicro-HouseCall | TROJ_UPATRE.TOMB00000005 |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2014-07-30 14:18:20
PE Imphash
1d4a1b4cd524c16b61e652ff6a68afd1
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| UPX0 | 0x00001000 | 0x0000a000 | 0x00003a00 | 5.470575566862463 |
| UPX1 | 0x0000b000 | 0x00003000 | 0x00002200 | 7.4677168355624035 |
| .rsrc | 0x0000e000 | 0x00005000 | 0x00004c00 | 5.238907526822473 |
| .imports | 0x00013000 | 0x00001000 | 0x00000400 | 4.547025274747384 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_CURSOR | 0x0000e23c | 0x00000134 | LANG_POLISH | SUBLANG_DEFAULT | None |
| RT_BITMAP | 0x0000e458 | 0x000000e8 | LANG_POLISH | SUBLANG_DEFAULT | None |
| RT_BITMAP | 0x0000e458 | 0x000000e8 | LANG_POLISH | SUBLANG_DEFAULT | None |
| RT_ICON | 0x0000e544 | 0x00004228 | LANG_POLISH | SUBLANG_DEFAULT | None |
| RT_DIALOG | 0x00012770 | 0x00000062 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_GROUP_CURSOR | 0x000127d8 | 0x00000014 | LANG_POLISH | SUBLANG_DEFAULT | None |
| RT_GROUP_ICON | 0x000127f0 | 0x00000014 | LANG_POLISH | SUBLANG_DEFAULT | None |
| RT_MANIFEST | 0x00012808 | 0x0000020f | LANG_POLISH | SUBLANG_DEFAULT | None |
Imports
Library KERNEL32.DLL:
• 0x404010 FindFirstFileW
• 0x404014 GetLastError
• 0x404018 lstrcpynA
• 0x40401c lstrlenA
• 0x404020 GetModuleHandleA
• 0x404024 LoadLibraryA
• 0x404028 FindClose
• 0x40402c GetStartupInfoA
• 0x404030 CreateDirectoryW
• 0x404034 Sleep
• 0x404038 FindNextFileW
• 0x40403c GlobalAlloc
• 0x404040 WaitForSingleObject
• 0x404044 CreateThread
• 0x404048 TerminateThread
• 0x40404c CreateMutexW
• 0x404050 ReleaseMutex
• 0x404054 GlobalSize
Library COMCTL32.dll:
• 0x404000 None
Library GDI32.dll:
• 0x404008 TextOutA
Library MSVCRT.dll:
• 0x40405c _controlfp
• 0x404060 _except_handler3
• 0x404064 __set_app_type
• 0x404068 __p__fmode
• 0x40406c __p__commode
• 0x404070 _adjust_fdiv
• 0x404074 __setusermatherr
• 0x404078 _initterm
• 0x40407c __getmainargs
• 0x404080 __p__acmdln
• 0x404084 exit
• 0x404088 _XcptFilter
• 0x40408c _exit
• 0x404090 ??2@YAPAXI@Z
• 0x404094 ??3@YAXPAX@Z
Library USER32.dll:
• 0x40409c GetMessageA
• 0x4040a0 TranslateMessage
• 0x4040a4 RegisterClassExA
• 0x4040a8 LoadAcceleratorsA
• 0x4040ac LoadCursorA
• 0x4040b0 LoadIconA
• 0x4040b4 LoadStringA
• 0x4040b8 CreateWindowExA
• 0x4040bc PostQuitMessage
• 0x4040c0 EndPaint
• 0x4040c4 BeginPaint
• 0x4040c8 DefWindowProcA
• 0x4040cc DialogBoxParamA
• 0x4040d0 DestroyWindow
• 0x4040d4 PostMessageA
• 0x4040d8 SendMessageA
• 0x4040dc SetWindowTextA
• 0x4040e0 EndDialog
• 0x4040e4 TranslateAcceleratorA
• 0x4040e8 DispatchMessageA
L!This program cannot be run in DOS mode.
7"aich
.imports
qi57vvG=
si57uuh.
vGuv57iu~
vGtih.
uqu57vvG=
vGtih.
vGqih.
rv57vqh.
qi57iuw
GG0vd8^,O|<
HH6e@6md
X?0BDgHC,w
)JRk7oZmHk
6{G{N.Z,C[K
sbW0ED}s0tei
7teD/.K
.20,_G([
3DZ GpG0
q./n 1PFr Z
e25{.CC
G8^Kn :0d1[Sd(1d1w.k6!
wViSiI^
DuakHDdm
S._ZWe
F{,cD< Dee
!@C18bM:[W
FM@{0
!F>Z2zG
JVH!De2N
mF{2H2e
25{GJCe2m<S
DWEZse
D[F{{GeZ{zJZteJz#0,'#
DSF{c.>Z3C
0.>Z2v
0@{G2Z!
DO<B2Hse
gZJZEw0
z{E.C.{
[[7tfh
HZld02
0CG.ERa
0d#.8bBDG2!
*gZHv#Z
GhZG>0h
rDL{-D
Ij.30H:
?De-<U
Hu3!Eu
JFFRXu
UU3H_@
_^]PuVF8%
L3]AUM
Mu^FF#
NMIIII
GHuGHHGH
Au^H9Et:YEP6e
VWW_^]
Ujh(F@
QUREPMQ
<"u>"u
fFu%@@
UWQ%_C@
jdh`F@
t,EPMQUR
TTEhlE@
Rj jdh
Pj jdh
EjdhE@
hRdPMQ
MX9OOQ
GVT1G%V6
Kilimanmen
Horapplist
Bisanoled Maxek
button
richedit
3+3:')
RICHED32.DLL
Hokeuj
think probably it was quite an attractive
ardly thought of it since then - that he had a charm
ardly thought of it since then - that he had a charm
FindFirstFileW
GetLastError
lstrcpynA
lstrlenA
GetModuleHandleA
LoadLibraryA
FindClose
GetStartupInfoA
CreateDirectoryW
FindNextFileW
GlobalAlloc
WaitForSingleObject
CreateThread
TerminateThread
CreateMutexW
ReleaseMutex
GlobalSize
TextOutA
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p__acmdln
_XcptFilter
??2@YAPAXI@Z
??3@YAXPAX@Z
GetMessageA
TranslateMessage
RegisterClassExA
LoadAcceleratorsA
LoadCursorA
LoadIconA
LoadStringA
CreateWindowExA
PostQuitMessage
EndPaint
BeginPaint
DefWindowProcA
DialogBoxParamA
DestroyWindow
PostMessageA
SendMessageA
SetWindowTextA
EndDialog
TranslateAcceleratorA
DispatchMessageA
`.data
@.reloc
.t5%4uC5E
5,tb544r
sWZ'M#Ym4T3
JHIM7/CN
/o>0vd8^,O
_HH6e@6md
h6zRoo|IB
-<ePG"
Xm?0BDgHC,w
1>~[c0R
W0ED}s0tei
1K_X_Zk~
Z#@'/ ve
.2~_XN_G([+e2Ip6?1 Gpm0
1R'0j>Z3
qD/n'PFr Z
pk5jIi"*v
GKY:0d[Sd(1d
k6;p;;
k"oaDuakH;
wwkcD DeJ>
!@C18bM
2|VZCbWw|
1Vq.[c"pDm2nlIr
mv[[O{
;n{JS1c.
hx+5T.gvUG}
0@{GK2GL
z{E.C.{
\[ [7tfh
hwd#BDm
Iw:Fn!
.;|,GM
Ij.3H:
DI[yfJ
?Hn,ui!u
A[uHIE
JFFRTX'E
6{AP^
Gj~jhjC
398@{[:
&P "F8%
8]tdM&N
;ug} %o4
7-86fN
hVk+q+G
N.Omc4
^H9t:Y@6Me
&W^v1q
!h|&E@
;3{P>
FnYj .+d[Pd%x
5GdXG
hx6-tX
fp/%1'[>WV
5lBUWQ;_
Vd8QEGh
`\lAh
j'[CdhF
/86l|QM|lE
<KC'e,
oej h,Mj<
hlf&$p
{!1x@Sm
z0P|C;
2eX8eX1
<.Kb\_
7Gh8d}t(
M}O+$[
v4M4fTD&6t]S/
BP\j|ii
MX9OOQ
GVT1G%V6
o(@'Z/
?KilimanmenHorapp
oled Maxek
utto#rich
P@0TDD4ML(8
,.!ma+
3+3:')
RICHED32.DIkeu
think probably q
was qu
ctive7ard"}o1ough'of-s>ce
adPvkl9 40m
Findrst
Error{ml
rcpynA
"ZModu
Load;gLibraryARClose*St
tupInfo
CreateDpect`gnypSAep4Nexm-?balAl
0m-S"g
Obj;I`[Th
sm&\Nz
ct_hPur3
_fm%na
rgsG=acmrn
s??2@YAPAXI@Z
essagTrsl-
.AgisTC
owHPoXQuku&E
Def4Psc6/41ogBox m
'.}vM4t !
0 `.d3a
Vc.3TJP
2eML4'@eFp
GPGWHU
XPTPSWXaD$j
ffffff
aGGDDV
tttDP`
twGD``awwGtu
PawwwGE
PffffffWP
GtwwwP
33333333
7Ajx+*
5CNT14
chyfmyju{jp}knhijkjlkp}jtxiuwju|io~jmhjknkp~lq~kp}mq~lr
lqmrlq
lqltmrnklk
[Z~z/.
}{{xvvwvvvttvtt~z{
zwvpnnkiikikjhhiggyxy
qoofceeccwuu
{{wv//
#!) ' ) ' '
$ 215'.
mu * ("-!. ( ' ' ( ' ' ' '
# * *!* * )
!) +!, * * + * * + *
# '!+ * , *"* )
"-!* * *!, *!+ + * )!*
"!!'$-!*!*"*!*
!,!*!*"*!*"*!*!*$. )
%"#*%.!)")!)!)!&$.
!Ze]g[[ZT+*
&!(GM]g]_]_22 & , '
]g_gah`edeBG
#!)!)#)!)!)")!)!)#,!+
'%%*&/#*#)")")$+'1") ' %'1#*&0"-'1%-(0#+#)!+ &",$1(2#+(3"+"+#.%.&0%.$*")#*")")"*")")#,!)
'#&+&0#*")"("(%/%.$) %,9-:%0(2%-!&!)'1.;,:*6)5%- !!(%,'0.=(0)2'2$,'-$*$*%*$*$*&+$*%+%,$,
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.2.8"
processorArchitecture="X86"
name="AMDInstaller"
type="win32"/>
<description>AMDInstaller</description>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="asInvoker"
uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
COMCTL32.dll
GDI32.dll
KERNEL32.DLL
MSVCRT.dll
USER32.dll
TextOutA
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
EndPaint
KERNEL32.DLL
FindFirstFileW
GetLastError
lstrcpynA
lstrlenA
GetModuleHandleA
LoadLibraryA
FindClose
GetStartupInfoA
CreateDirectoryW
FindNextFileW
GlobalAlloc
WaitForSingleObject
CreateThread
TerminateThread
CreateMutexW
ReleaseMutex
GlobalSize
COMCTL32.dll
GDI32.dll
TextOutA
MSVCRT.dll
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p__acmdln
_XcptFilter
??2@YAPAXI@Z
??3@YAXPAX@Z
USER32.dll
GetMessageA
TranslateMessage
RegisterClassExA
LoadAcceleratorsA
LoadCursorA
LoadIconA
LoadStringA
CreateWindowExA
PostQuitMessage
EndPaint
BeginPaint
DefWindowProcA
DialogBoxParamA
DestroyWindow
PostMessageA
SendMessageA
SetWindowTextA
EndDialog
TranslateAcceleratorA
DispatchMessageA
Z�i�m�b�a�n�d�a�
M�S� �S�a�n�s� �S�e�r�i�f�
C�:�\�U�s�e�r�s�\�h�e�l�e�n�b�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�R�a�r�$�D�I�a�0�.�8�1�0�\�i�n�v�o�i�c�e�-�I�T�K�7�0�9�4�0�8�.�s�c�r�
c�:�\�c�0�c�5�3�3�d�5�9�2�7�5�c�8�7�3�a�9�3�c�a�7�3�f�8�c�2�3�f�9�d�d�.�e�x�e�
C�:�\�6�a�1�8�d�5�9�a�7�8�8�8�c�5�0�a�e�f�f�f�b�f�a�f�3�1�b�6�7�1�8�6�4�d�e�d�0�5�2�c�f�a�9�d�a�2�8�b�0�6�c�6�6�0�b�f�a�8�d�9�8�b�b�e�
C�:�\�a�8�1�4�b�a�0�2�6�a�c�4�1�4�3�2�d�1�2�b�e�7�7�9�3�5�c�0�3�6�c�9�1�8�f�1�4�f�7�0�2�8�c�f�8�8�3�2�0�b�0�a�f�a�3�5�9�b�f�2�5�f�c�d�
C�:�\�a�6�4�2�1�8�a�a�d�6�b�1�4�e�7�d�b�f�4�5�0�7�8�8�1�4�7�f�4�9�9�9�3�5�5�a�2�7�8�d�e�3�1�e�b�8�8�7�c�e�b�9�4�5�5�e�c�d�5�a�1�b�7�3�
C�:�\�f�6�f�d�8�2�d�7�b�a�6�a�5�1�b�c�f�f�d�8�8�d�7�c�8�2�0�4�a�6�1�a�3�c�9�e�7�c�2�a�b�a�5�2�7�f�f�0�2�9�c�8�6�0�3�5�a�4�d�f�f�a�3�a�
C�:�\�6�1�Q�R�F�6�w�r�.�e�x�e�
C�:�\�R�C�a�M�C�N�f�a�.�e�x�e�
C�:�\�w�x�4�5�x�x�u�X�.�e�x�e�
C�:�\�K�j�n�F�H�d�f�S�.�e�x�e�
C�:�\�b�Z�A�3�w�g�f�R�.�e�x�e�
C�:�\�v�3�_�1�t�F�w�o�.�e�x�e�
C�:�\�G�f�s�M�w�5�d�6�.�e�x�e�
C�:�\�t�n�z�i�d�k�b�5�.�e�x�e�
C�:�\�7�J�l�_�4�W�P�y�.�e�x�e�
C�:�\�F�E�w�Y�s�G�b�B�.�e�x�e�
C�:�\�5�C�u�x�P�L�h�u�.�e�x�e�
C�:�\�d�1�Y�w�o�O�g�O�.�e�x�e�
C�:�\�T�G�X�W�O�H�s�l�.�e�x�e�
C�:�\�F�d�N�S�g�K�L�8�.�e�x�e�
C�:�\�q�V�y�_�j�f�F�w�.�e�x�e�
C�:�\�w�C�U�q�g�T�j�p�.�e�x�e�
C�:�\�5�F�S�B�E�2�C�G�.�e�x�e�
C�:�\�9�d�2�9�3�c�a�1�f�3�d�d�6�4�4�6�6�8�b�a�e�2�e�8�4�7�1�2�f�0�c�d�0�7�a�4�4�e�7�b�b�7�b�c�d�e�d�9�3�c�b�e�f�0�8�a�2�2�f�b�b�3�4�0�
C�:�\�u�F�k�V�O�8�N�E�.�e�x�e�
C�:�\�6�z�c�C�h�w�R�3�.�e�x�e�
C�:�\�S�m�4�q�v�A�m�t�.�e�x�e�
C�:�\�2�S�K�4�Y�Z�m�d�.�e�x�e�
C�:�\�i�7�S�3�C�i�K�k�.�e�x�e�
C�:�\�k�Y�k�u�q�O�L�L�.�e�x�e�
C�:�\�s�L�j�t�T�5�_�C�.�e�x�e�
C�:�\�2�e�b�3�0�8�d�7�e�6�a�1�4�c�0�a�b�4�1�c�6�8�f�7�f�4�c�7�1�2�5�2�8�f�3�1�c�f�b�6�b�5�c�d�9�1�3�1�5�d�f�e�0�0�a�7�b�a�a�5�4�e�0�b�
C�:�\�8�2�4�6�5�6�8�1�b�9�b�d�6�9�9�8�5�a�9�b�3�9�b�8�2�a�c�2�f�1�0�2�a�1�e�9�9�c�b�5�7�4�4�0�3�e�8�7�b�0�f�e�f�d�9�9�0�a�b�5�a�b�8�1�
C�:�\�U�s�e�r�s�\�V�i�r�t�u�a�l�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�9�d�1�e�c�a�1�b�d�9�2�4�f�4�8�1�4�5�b�8�9�8�d�5�5�f�4�e�c�2�e�c�a�f�8�b�b�f�6�2�e�f�8�5�a�c�f�d�0�c�5�8�1�b�4�5�f�0�8�b�d�4�e�e�.�e�x�e�
C�:�\�T�Z�f�s�o�y�W�j�.�e�x�e�
C�:�\�f�d�7�8�4�b�2�9�5�4�9�8�b�3�f�d�0�b�e�6�9�e�5�f�c�7�7�e�1�5�2�4�3�4�5�6�c�7�4�0�7�f�5�5�3�4�f�8�9�8�c�1�b�2�f�8�9�e�e�b�c�2�7�d�
C�:�\�e�2�1�5�d�a�5�2�0�e�c�d�6�1�4�8�3�e�3�e�3�7�1�8�2�b�a�4�c�0�7�f�3�e�9�4�2�5�5�1�1�1�5�1�b�a�a�0�5�1�5�9�7�e�9�6�8�b�f�b�2�1�4�d�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�s�a�m�p�l�e�.�e�x�e�
C�:�\�f�c�1�d�e�3�4�3�4�c�4�2�c�d�a�a�d�b�1�5�4�0�b�a�8�c�7�e�f�3�4�4�6�f�2�6�b�9�a�a�0�0�c�0�9�c�a�f�6�8�b�0�e�1�e�8�a�d�b�e�d�5�b�2�
C�:�\�5�b�1�7�2�1�d�8�6�5�0�9�6�2�3�0�e�a�8�f�7�2�e�7�9�6�4�c�d�7�2�3�9�3�1�0�4�e�a�f�f�7�7�a�6�8�4�0�7�4�b�3�6�a�d�c�e�8�7�8�b�1�9�b�
C�:�\�b�2�6�2�1�a�6�0�b�2�e�d�a�3�d�c�b�2�6�3�9�f�d�c�0�b�4�9�6�1�9�5�3�3�d�e�7�0�0�8�5�9�e�e�a�4�3�7�3�d�8�4�b�8�d�7�9�5�8�e�6�f�6�5�
C�:�\�b�4�e�9�2�5�8�f�2�d�6�d�7�e�6�b�7�7�6�d�a�7�f�9�2�e�d�e�1�4�5�0�b�2�1�c�9�6�8�d�3�6�5�6�a�f�5�d�5�a�e�f�b�f�e�b�9�d�2�b�5�e�1�7�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�z�o�n�i�c�e�x�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�R�i�8�d�7�g�d�m�.�e�x�e�
C�:�\�0�4�e�a�a�2�c�f�f�b�3�0�7�5�c�2�1�7�9�4�0�a�d�d�b�8�4�0�5�1�2�1�6�7�6�d�6�0�4�5�a�2�a�f�4�e�7�e�7�e�2�4�b�4�6�0�e�2�a�0�8�8�c�b�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�s�a�m�p�l�e�.�e�x�e�
C�:�\�8�7�d�7�0�1�6�7�6�2�a�a�a�8�b�9�e�a�0�b�f�2�f�7�a�5�d�8�4�a�6�4�0�0�f�0�2�b�1�f�5�3�2�8�1�e�e�f�7�a�6�6�9�4�d�6�2�0�c�9�d�6�c�7�
C�:�\�5�e�f�6�d�a�4�e�d�f�1�b�7�1�3�7�8�c�4�2�6�1�1�f�c�9�4�2�1�4�9�7�b�c�3�9�1�f�8�1�d�0�3�7�0�d�1�f�e�0�9�a�b�3�8�f�d�8�b�9�a�1�6�7�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�m�p�o�r�t�a�n�t�_�d�o�c�u�m�e�n�t�.�e�x�e�
C�:�\�1�4�0�4�9�5�2�a�6�b�6�a�3�0�9�8�5�5�a�3�4�8�a�d�9�c�f�4�6�5�a�d�f�f�b�4�8�c�8�d�9�b�8�6�9�6�9�2�3�9�8�e�6�9�2�7�1�0�b�7�7�9�c�e�
C�:�\�c�0�2�3�c�1�5�1�8�6�7�a�b�f�3�1�5�7�0�1�a�e�f�7�8�8�0�5�d�3�e�7�5�8�9�f�b�4�6�3�3�5�9�d�7�2�9�c�b�2�b�3�f�1�2�4�9�f�5�8�7�9�a�f�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�T�t�i�l�h�y�U�4�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�.�p�e�3�2�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�f�a�c�t�u�r�a�.�e�x�e�
C�:�\�6�f�d�d�f�9�c�2�9�c�8�7�c�b�f�a�2�9�b�5�f�5�9�8�4�0�3�8�2�3�f�0�3�7�6�3�3�d�c�2�9�1�a�a�e�e�8�6�1�c�1�7�1�2�9�5�8�7�7�1�a�4�3�d�
C�:�\�1�0�1�9�d�8�4�8�c�e�9�4�b�1�e�e�e�6�c�a�3�0�d�0�3�c�a�4�0�a�4�b�6�b�3�c�0�e�e�8�f�7�6�1�6�2�0�b�0�2�3�4�0�3�c�a�a�f�2�1�c�0�6�f�
C�:�\�b�7�e�b�1�5�5�7�6�4�b�d�a�4�c�d�5�6�e�2�2�5�f�e�d�b�f�3�5�6�c�d�d�f�7�d�8�8�b�8�f�1�c�5�f�5�8�a�e�f�1�7�5�e�b�4�a�3�d�b�9�6�5�0�
C�:�\�2�5�d�0�9�1�1�a�5�5�1�3�4�5�e�4�3�4�7�e�6�b�1�5�3�8�2�4�0�7�e�8�9�9�9�f�6�6�2�b�a�0�1�a�f�8�7�c�1�0�4�4�9�9�a�8�0�1�a�1�5�9�e�c�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�z�o�n�i�c�e�x�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�s�a�m�p�l�e�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�l�u�s�e�r�\�D�e�s�k�t�o�p�\�F�R�T�T�6�R�2�y�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�m�p�o�r�t�a�n�t�_�d�o�c�u�m�e�n�t�.�e�x�e�
C�:�\�d�0�a�e�e�6�6�d�8�a�4�5�2�5�e�b�d�2�9�f�4�1�4�9�8�4�2�3�2�0�1�c�8�5�1�3�5�c�1�d�5�8�d�e�d�a�6�7�2�b�a�8�b�b�9�c�4�2�8�3�8�4�3�a�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�s�A�Z�Y�8�h�s�C�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�s�a�m�p�l�e�.�e�x�e�
C�:�\�4�6�b�1�9�7�6�1�2�b�1�7�1�f�a�6�2�3�5�3�4�e�9�5�4�0�9�d�d�0�7�5�5�f�e�a�f�e�3�8�5�d�3�c�d�0�b�c�0�1�5�b�5�9�a�2�4�9�3�1�b�0�4�0�
C�:�\�9�c�b�9�1�e�b�0�f�9�4�2�7�6�c�5�3�a�1�1�2�4�b�5�f�8�7�4�3�7�3�2�3�3�3�1�d�7�f�9�b�1�0�0�5�8�8�4�1�1�b�c�1�9�e�7�6�7�3�5�d�0�3�4�
C�:�\�c�d�9�4�0�5�0�5�3�0�b�9�e�3�1�b�4�f�3�f�4�1�2�b�4�6�6�f�a�6�d�e�c�1�2�6�e�b�6�f�a�3�2�1�8�e�a�7�7�3�9�7�a�8�b�4�e�e�d�e�d�1�5�f�
C�:�\�b�d�1�5�f�a�6�3�2�7�9�c�a�a�b�a�4�1�a�f�2�8�6�e�5�b�0�9�8�4�8�7�0�3�b�d�d�1�9�8�4�3�5�c�7�3�7�0�0�8�2�6�1�8�a�0�8�b�e�5�d�b�0�1�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�x�C�z�8�i�u�f�c�.�e�x�e�
C�:�\�f�c�0�a�e�2�9�9�7�6�6�5�b�6�a�3�2�d�8�7�0�4�b�4�4�b�6�a�f�0�a�b�1�2�4�a�e�f�3�f�5�b�f�b�7�9�6�d�a�7�c�9�1�1�9�c�0�e�a�8�f�2�c�e�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�2�F�7�8�7�q�g�p�.�e�x�e�
C�:�\�1�0�f�1�0�c�6�d�4�1�d�7�b�a�6�b�3�c�7�2�9�1�7�0�7�6�1�7�c�8�4�6�c�4�0�2�1�a�c�0�4�f�1�6�b�c�2�d�2�8�b�b�4�7�3�1�7�c�d�6�9�2�c�4�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�f�a�c�t�u�r�a�.�e�x�e�
C�:�\�d�a�d�b�c�f�f�e�1�8�a�3�f�f�4�5�e�5�1�d�d�8�2�a�1�a�1�a�1�b�4�3�0�0�4�6�d�8�6�9�e�f�3�b�2�c�2�b�2�c�d�f�6�e�9�3�f�7�b�1�3�c�0�3�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�f�a�c�t�u�r�a�.�e�x�e�
C�:�\�U�s�e�r�s�\�J�o�e� �C�a�g�e�\�D�e�s�k�t�o�p�\�F�h�t�k�e�O�H�R�0�v�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�f�a�c�t�u�r�a�.�e�x�e�
C�:�\�4�7�6�d�a�9�0�c�9�e�a�2�f�5�2�8�5�c�6�6�7�b�b�3�d�5�6�9�1�f�2�4�c�c�7�c�e�8�1�5�c�d�9�c�e�5�a�b�9�c�b�2�0�9�7�1�f�a�9�1�0�0�a�b�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�z�o�n�i�c�e�x�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�I�v�R�m�b�r�E�Y�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�e�e�1�2�6�a�1�c�b�0�1�d�d�0�3�0�0�7�8�1�f�2�9�8�a�7�d�d�9�0�4�b�8�4�f�8�c�7�2�5�e�9�8�e�9�c�9�e�6�3�6�2�f�9�3�8�f�3�a�2�a�c�4�4�.�e�x�e�
C�:�\�1�d�9�b�e�e�7�7�b�6�5�d�b�6�e�c�3�0�6�f�7�0�f�a�d�5�3�f�2�e�2�4�8�0�4�4�e�c�2�b�2�4�2�f�a�d�2�2�7�c�a�1�1�3�4�b�b�4�b�6�2�f�8�9�
C�:�\�c�4�2�3�2�d�6�f�a�1�e�2�f�4�5�f�8�3�3�1�f�1�d�f�1�4�3�4�6�9�3�2�1�9�1�4�e�3�b�3�5�f�f�6�e�9�1�6�3�2�b�0�1�4�8�9�9�a�f�e�3�5�3�1�
C�:�\�U�s�e�r�s�\�V�i�r�t�u�a�l�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�2�9�b�c�7�3�a�f�f�7�b�2�3�f�a�a�8�3�2�3�a�f�1�b�6�9�4�8�9�1�f�2�1�a�9�8�d�a�b�0�e�7�d�f�0�0�4�0�2�a�7�5�2�8�6�4�0�7�b�9�c�2�2�4�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�z�o�n�i�c�e�x�.�e�x�e�
C�:�\�b�e�0�5�2�1�e�e�f�1�c�9�8�7�5�2�3�1�9�8�f�b�1�6�5�7�e�9�a�6�7�d�a�2�f�4�4�7�8�c�e�f�7�8�7�e�2�c�7�5�c�1�5�c�1�3�3�6�3�3�0�c�f�2�
C�:�\�4�e�4�0�c�2�9�c�8�b�c�d�7�a�f�c�1�c�6�3�1�0�2�a�2�3�9�f�5�4�c�9�f�9�b�2�3�c�6�e�0�8�2�c�6�8�9�4�7�f�a�0�b�c�7�5�e�4�a�b�3�1�b�6�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�z�o�n�i�c�e�x�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�C�7�a�s�Q�8�z�r�.�e�x�e�
C�:�\�1�5�0�e�7�5�b�8�3�a�b�9�1�b�5�1�f�c�a�c�a�9�7�4�4�a�7�f�0�c�b�e�0�e�f�9�a�1�f�2�2�2�0�e�a�4�7�b�d�e�b�d�c�2�3�a�8�7�8�b�c�2�7�c�
C�:�\�6�4�0�8�a�4�c�e�6�5�5�0�b�3�8�0�1�2�9�7�7�1�d�c�d�0�4�c�8�c�e�f�b�a�2�4�f�9�c�5�b�3�6�a�b�4�b�d�b�d�b�5�4�8�f�6�6�0�a�b�0�b�3�0�
C�:�\�d�c�8�1�4�1�7�d�2�4�3�a�8�8�4�a�3�4�f�3�7�3�3�5�3�8�7�e�d�9�d�4�3�9�5�0�2�5�5�4�5�b�2�6�e�6�8�6�8�6�a�a�d�6�b�6�b�5�0�b�e�8�0�8�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.