1.0
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.59
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Agent-ASIE [Trj] | 20200113 | 18.4.3895.0 |
| Baidu | Win32.Trojan.Kryptik.mp | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200113 | 2013.8.14.323 |
| McAfee | GenericRXIO-IT!41A1909C7E7A | 20200113 | 6.0.6.653 |
| Tencent | Malware.Win32.Gencirc.10b59506 | 20200113 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(3 个事件)
| section | .MPRESS1 |
| section | .MPRESS2 |
| section | .imports |
动态指标
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 63 个反病毒引擎识别为恶意
(50 out of 63 个事件)
| ALYac | Trojan.Agent.BAVG |
| APEX | Malicious |
| AVG | Win32:Agent-ASIE [Trj] |
| Acronis | suspicious |
| Ad-Aware | Trojan.Agent.BAVG |
| AhnLab-V3 | Trojan/Win32.Zbot.R88085 |
| Antiy-AVL | Trojan/Win32.AGeneric |
| Arcabit | Trojan.Agent.BAVG |
| Avast | Win32:Agent-ASIE [Trj] |
| Avira | TR/Yarwi.AD.5 |
| Baidu | Win32.Trojan.Kryptik.mp |
| BitDefender | Trojan.Agent.BAVG |
| BitDefenderTheta | AI:Packer.57E2A1A21E |
| Bkav | W32.AIDetectVM.malware |
| CAT-QuickHeal | Trojan.GenericCS.S8414404 |
| ClamAV | Win.Downloader.Upatre-5744087-0 |
| Comodo | TrojWare.Win32.TrojanDownloader.Upatre.BP@7j96vd |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.c7e7a2 |
| Cylance | Unsafe |
| Cyren | W32/S-856e9e75!Eldorado |
| DrWeb | Trojan.DownLoad3.28161 |
| ESET-NOD32 | Win32/TrojanDownloader.Small.AAB |
| Emsisoft | Trojan.Agent.BAVG (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/S-856e9e75!Eldorado |
| F-Secure | Trojan.TR/Yarwi.AD.5 |
| FireEye | Generic.mg.41a1909c7e7a2bd6 |
| Fortinet | W32/Small.AAB!tr.dldr |
| GData | Trojan.Agent.BAVG |
| Ikarus | Packer.Win32.Krap |
| Invincea | heuristic |
| Jiangmin | Trojan/Bublik.hei |
| K7AntiVirus | Trojan ( 0052964f1 ) |
| K7GW | Trojan ( 004ebb4c1 ) |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| MAX | malware (ai score=89) |
| Malwarebytes | Trojan.Dropper |
| MaxSecure | Trojan.Upatre.Gen |
| McAfee | GenericRXIO-IT!41A1909C7E7A |
| McAfee-GW-Edition | BehavesLike.Win32.Cutwail.pt |
| MicroWorld-eScan | Trojan.Agent.BAVG |
| Microsoft | TrojanDownloader:Win32/Upatre.A |
| NANO-Antivirus | Trojan.Win32.DownLoad3.fnbrav |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | HEUR/QVM19.1.8BAB.Malware.Gen |
| Rising | Spyware.Zbot!8.16B (TFE:dGZlOgJ+SkTFSgxWpA) |
| SUPERAntiSpyware | Trojan.Agent/Gen-Dropper |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2004-09-03 14:08:25
PE Imphash
39b2903b7498188e4955572bbeb0f3fe
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .MPRESS1 | 0x00001000 | 0x00009000 | 0x00005600 | 3.9275585889048044 |
| .MPRESS2 | 0x0000a000 | 0x00001000 | 0x00000600 | 5.411271105648145 |
| .rsrc | 0x0000b000 | 0x00003000 | 0x00002400 | 3.9006571578024136 |
| .imports | 0x0000e000 | 0x00001000 | 0x00000400 | 4.246841060562492 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x0000b070 | 0x00001ca8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_GROUP_ICON | 0x0000cd58 | 0x00000014 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_VERSION | 0x0000cdac | 0x0000031c | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_MANIFEST | 0x0000d108 | 0x00000193 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
Imports
Library user32.dll:
• 0x40618c GetMessageA
• 0x406190 DefWindowProcA
• 0x406194 PostQuitMessage
• 0x406198 GetDoubleClickTime
• 0x40619c UpdateWindow
• 0x4061a0 GetQueueStatus
• 0x4061a4 LoadIconA
• 0x4061a8 RegisterClassA
Library GDI32.dll:
• 0x406300 CreateBitmap
• 0x406304 IntersectClipRect
• 0x406308 ExcludeClipRect
• 0x40630c UpdateColors
• 0x406310 GetTextExtentPoint32A
• 0x406314 CreateCompatibleDC
• 0x406318 DeleteObject
• 0x40631c TextOutA
• 0x406320 SetBkColor
• 0x406324 SetTextColor
• 0x406328 Rectangle
• 0x40632c CreateSolidBrush
• 0x406330 GetStockObject
• 0x406334 CreateFontIndirectA
• 0x406338 GetTextExtentExPointA
• 0x40633c GetTextMetricsA
• 0x406340 CreateFontA
• 0x406344 RealizePalette
Library ADVAPI32.dll:
• 0x406250 RegQueryValueExA
• 0x406254 RegOpenKeyA
• 0x406258 GetUserNameA
• 0x40625c CopySid
• 0x406260 GetLengthSid
Library IMM32.dll:
• 0x4064a0 ImmGetCompositionStringW
• 0x4064a4 ImmSetCompositionFontA
• 0x4064a8 ImmGetContext
• 0x4064ac ImmSetCompositionWindow
Library kernel32.dll:
• 0x4060f0 GetModuleHandleA
• 0x4060f4 GetProcAddress
• 0x4060f8 HeapCreate
• 0x4060fc HeapAlloc
• 0x406100 ExitProcess
• 0x406104 FreeLibrary
L!Win32 .EXE.
.MPRESS1
.MPRESS2
.imports
M-1M-5
:YGHPOOY
^\_`!N
oHVc~n
`EoCYN~b^K
]57df s
K('.8V
89]f Y
user32.dll
GetMessageA
DefWindowProcA
PostQuitMessage
GetDoubleClickTime
UpdateWindow
GetQueueStatus
LoadIconA
RegisterClassA
GDI32.dll
CreateBitmap
IntersectClipRect
ExcludeClipRect
UpdateColors
GetTextExtentPoint32A
CreateCompatibleDC
DeleteObject
TextOutA
SetBkColor
SetTextColor
Rectangle
CreateSolidBrush
GetStockObject
CreateFontIndirectA
GetTextExtentExPointA
GetTextMetricsA
CreateFontA
RealizePalette
Msacm32.dll
acmDriverID
acmStreamOpen
(ADVAPI32.dll
RegQueryValueExA
RegOpenKeyA
GetUserNameA
CopySid
GetLengthSid
IMM32.dll
ImmGetCompositionStringW
ImmSetCompositionFontA
ImmGetContext
ImmSetCompositionWindow
@kernel32.dll
GetModuleHandleA
GetProcAddress
HeapCreate
HeapAlloc
ExitProcess
FreeLibrary
8Muex<
KERNEL32
VirtualProtect
G(XPTPjxWXt=
CreateWindowExA
play e:\\rrrtwr\agef.wav alias PRFT
LoadLibraryExA
user32.dll
LoadCursorA
Winmm.dll
TranslateMessage
mciSendStringA
02000000008000
0000:000000000D00000090000000
000800u0<0a0
0040'0#00000}0H00u0@000L0Y0
0,000F0a0000D0Y0
0Y0000A00u0@000D00F00040
000H00000
0008000<00}0@0a0
00N00O000080000000'0#000*00003000300010w0y00
000<00000
04000u0,010000000000/0E0 00p000000900u0,000u0,00000000000000000
0@00u0 0000000000u0$0201000000u0(0100000000u0,0100000000
0<0040T0{00t0T01000t0T02000t0T03000t0T04000t0T05000t0T060c00t0T070b00t0T080^00t0T09000t0T0:000t0T0;000t0T0<0000
00000000/0E000p0000u0 000<00
0>0040T000t0T01000t0T02000t0T03000t0T04000t0T05000t0T06000t0T07000t0T08000t0T09000t0T0:000t0T0;000t0T0<000t0T0=000t0T0>000040T00/00 0/0E0$00p00000>00~00p0000
0<0040T000t0T01000t0T02000t0T03000t0T04000t0T05000t0T06000t0T070q00t0T08000t0T09000t0T0:000t0T0;000t0T0<000040T00/00 0/0E0$00p00000<0000p0000000
0@00u0 0000000000u0$0201000000u0(0100000000u0,0100000000
0:0040T000t0T01000t0T02000t0T03000t0T04000t0T050^00t0T06000t0T07000t0T08000t0T090000
00000000/0E000p0000u0 00
0C0040T000t0T01000t0T02000t0T030t00t0T04000t0T05000t0T06000t0T07000t0T08000t0T09000t0T0:000t0T0;000t0T0<000t0T0=0r00t0T0>000t0T0?000t0T0@000t0T0A000t0T0B000t0T0C000040T00/00 0/0E0$00p0000u0(000,00/00D0/00@0/00<0/0080/00$0/00(0/00 0/0E0400p00000@00000
0X000T0\00u0
0400000000u0
0400000000u0
050F000000u0
0000000000u0
0000000000u0
0000000000u0 0000000000u0$0000000000u0(0000000000u0,000000000000
0000000000/000,0/0/00u0
0/000,0/0/00u0 0/000,0/0/00u0$0/000,0/0/00u0(0/00
0,0/0/00u0,0/00
0,0/0/00u0
0h0-0/0/0040000@00000/00
0000/0E000p00000050
0 00000000u0
0040'0#000u0
00E00500000300
00,0/0/00u0
00E00Q00000300
00,0/0/00u0
00E00200000300
00,0/0/00u0
00E00N00000300
0o0,0/0/00u0
0/00 0/00(0/00
0/00$0/00
0+0/0/0040000@00000/00,0000/0E000p0000u0
0/00,0/00
00-0/0/0
0Y0,0/0/0000R00/00,0/00
0H00000000D0000r0l010
0004000D00p0@010
0H0100000000800
00200000000u0 0000p0000@00000/00@0000/0E000p00000020
0000@00/00800
00100000000u0$00c00
00200000/0`00u0(0/00400u0,0/00,0/00(0/00$0
00200000/00$0
0F00000000008000u0$000<000000000000000<00000
0H0100000000800r0l010
0004000D00p00008000010
00D0000000000060v0y00*000
00D0000000#000B00/0080
0M0000000000?000D0
00010000000004000000000000000400000
0<010000000u0<00p0<030u080000000000/0E000p00000?0000000000u0,000<002030u0800u0$00r0@030u0800u0(0Y000u0$0100000000000U000000000T03008000200
000/00,0/0E0$00p0000000j000(01000300040
000#000000000
000/00,0/0E0$00p0000000F000(01000300040
000010000000008000000000000000800000
0H0100000000<000200r0l01000040Y0000r02000
0.0/0/000D000 0.0/0/000 0.0/0/00000r00080000000'0
00u0(00X000000000
0.0/0/0'0
030u0(000<0Y0
00u0,0008000<00}0,0#0000
0.0/0/000(0/00<0/00800
0L0000000000>000X0y00
000u08000<000000000000000<00000
00008000<0300<000@0300D00z0@0#0000800r0<030u0<0001000000000<0000Y0000<00000
0400008000200m0}000I00r0l0100020m00u000000;000,000u0,00040000Y0000400000
0400008000200m0}000O00r0l0100020m00u000000A000000000000,000u0,00040000Y0000400000
0@00u0 00000000000800r0l010
000d000(000`0000000008000H00000000p0`00p0<000<000000H00080[00(000,00080300<00{0400{04000
000/00,0/0080
0@000000000{0800
00Y0}0@00
000<00000
04000}0D000<000@003000800u0,00080a000/0c0000000`00500020
0:00U0/0?030u0,010D0600020
0000@000
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
user32.dll
LoadIconA
GDI32.dll
TextOutA
Msacm32.dll
acmDriverID
ADVAPI32.dll
CopySid
IMM32.dll
ImmGetContext
t7Kt'Kt
H8( xp
H@0 P@
80PHxp
@8( h`
H@`Xh`
0(0((
0 @800
hXPXPXPXPXPXPXPXPXPXPXPXPXPXPXPXP`X`XXPXPXPXPHH
H@xp0
( ( ( ( ( (
( ( ( ( (
xxxxxxxxx
( ( ( ( ( (
0 ( ( ( 0
( 0 0 0 0 0 0
P@XH0 0 0 0 0 ( 0
( ( ( ( ( ( (
( ( ( ( ( ( 0(
0 0 0 0 0 0 0 (
H@`X`XH@
8(0 0 0 0 0 0(
0 0 0 0 0 0 0 0 8(H@PHH80 8(H@PH800 0 8(P@XHH80 0 0 0 0 0 8(
0 0 0 0 0 0 0 0 0 (
0 0 0 (
0 8(8(0 (
0 8(8(8(8(8(0 8(
8(H8H8H8H8H8H8H8@0@0@0@0@0@0@0@0@0@0@0@0@0@0@0@0@0@0@0@0@0H8
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
user32.dll
GetMessageA
DefWindowProcA
PostQuitMessage
GetDoubleClickTime
UpdateWindow
GetQueueStatus
LoadIconA
RegisterClassA
GDI32.dll
CreateBitmap
IntersectClipRect
ExcludeClipRect
UpdateColors
GetTextExtentPoint32A
CreateCompatibleDC
DeleteObject
TextOutA
SetBkColor
SetTextColor
Rectangle
CreateSolidBrush
GetStockObject
CreateFontIndirectA
GetTextExtentExPointA
GetTextMetricsA
CreateFontA
RealizePalette
Msacm32.dll
acmDriverID
acmStreamOpen
ADVAPI32.dll
RegQueryValueExA
RegOpenKeyA
GetUserNameA
CopySid
GetLengthSid
IMM32.dll
ImmGetCompositionStringW
ImmSetCompositionFontA
ImmGetContext
ImmSetCompositionWindow
kernel32.dll
GetModuleHandleA
GetProcAddress
HeapCreate
HeapAlloc
ExitProcess
FreeLibrary
C�:�\�b�r�O�w�B�F�_�u�.�e�x�e�
C�:�\�I�l�D�u�L�U�Q�J�.�e�x�e�
C�:�\�7�F�m�P�x�Z�Q�y�.�e�x�e�
C�:�\�1�j�Y�j�7�n�l�P�.�e�x�e�
C�:�\�F�r�w�M�f�D�L�c�.�e�x�e�
C�:�\�3�a�A�A�g�X�s�u�.�e�x�e�
C�:�\�1�g�a�L�6�t�v�P�.�e�x�e�
C�:�\�D�Z�Q�7�S�e�l�v�.�e�x�e�
C�:�\�4�4�u�R�s�q�W�M�.�e�x�e�
C�:�\�S�B�5�J�d�7�8�2�.�e�x�e�
C�:�\�B�u�C�5�F�t�J�G�.�e�x�e�
C�:�\�y�E�K�5�Q�w�J�O�.�e�x�e�
C�:�\�K�v�v�E�o�n�h�6�.�e�x�e�
C�:�\�s�I�X�u�w�W�o�U�.�e�x�e�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�8�0�0�0�0�2�5�
C�o�m�m�e�n�t�s�
C�o�m�p�a�n�y�N�a�m�e�
F�i�l�e�D�e�s�c�r�s�i�p�t�i�o�n�
F�i�l�e�V�e�r�s�i�o�n�
5�.�2�.�1�.�2�
I�n�t�e�r�n�a�l�N�a�m�e�
g�o�.�e�x�e�
L�e�g�a�l�C�o�p�y�r�i�g�h�t�
C�o�p�y�r�i�g�h�t� �(�C�)� �2�0�1�0�
L�e�g�a�l�T�r�a�d�e�m�a�r�k�s�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
g�o�g�.�e�x�e�
P�r�i�v�a�t�e�B�u�i�l�d�
P�r�o�d�u�c�t�N�a�m�e�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
5�.�2�.�1�.�3�
S�p�e�c�i�a�l�B�u�i�l�d�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
C�:�\�7�e�6�f�5�1�3�0�7�5�d�2�0�5�9�7�f�c�0�c�5�d�2�2�6�f�0�e�8�c�1�6�d�6�a�9�0�e�8�e�e�c�c�1�1�a�5�8�d�0�3�1�c�9�b�7�2�4�0�0�2�f�9�5�
C�:�\�R�a�i�d�e�n�\�G�o�a�t�\�F�T�P�\�S�a�m�p�l�e�\�E�E�7�1�D�1�9�8�1�2�F�4�B�4�F�2�3�C�9�2�D�1�6�1�F�8�F�2�4�7�A�9�.�b�i�n�.�e�x�e�
C�:�\�3�9�d�e�b�9�4�c�2�3�5�a�b�d�6�6�b�d�d�9�0�8�5�8�6�6�c�3�7�d�a�f�7�e�1�5�2�f�4�1�8�3�d�f�b�7�9�d�9�8�2�7�8�0�1�d�3�f�2�1�6�9�8�9�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�m�p�o�r�t�a�n�t�_�d�o�c�u�m�e�n�t�.�e�x�e�
C�:�\�e�9�1�b�6�b�b�e�8�4�e�f�4�c�6�4�6�0�a�4�6�5�e�c�8�9�3�f�7�f�8�7�a�9�5�7�c�a�c�7�7�b�6�a�9�e�7�6�4�b�9�6�5�5�d�a�7�2�3�4�5�2�1�9�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�F�Z�q�I�F�3�P�K�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�f�a�c�t�u�r�a�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�s�a�m�p�l�e�.�e�x�e�
C�:�\�D�j�e�B�S�H�B�Q�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�s�a�m�p�l�e�.�e�x�e�
C�:�\�X�j�x�F�v�z�M�U�.�e�x�e�
C�:�\�f�9�3�a�c�e�f�a�1�2�1�c�4�6�1�7�4�f�b�c�0�c�5�8�2�a�e�8�3�3�9�2�4�1�3�3�8�a�2�1�4�7�f�0�b�7�e�3�3�a�d�9�5�f�9�b�0�4�8�3�7�4�e�0�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�f�a�c�t�u�r�a�.�e�x�e�
C�:�\�d�e�3�8�2�0�a�7�d�e�8�0�d�2�1�1�c�a�a�7�0�8�c�f�3�1�3�c�9�9�3�c�c�5�3�4�7�b�e�5�4�b�c�1�8�e�4�f�7�0�2�9�b�a�1�d�8�2�3�0�f�e�c�9�
C�:�\�A�R�h�p�i�_�A�M�.�e�x�e�
C�:�\�8�9�7�6�e�7�5�1�9�f�e�1�3�c�0�c�6�c�d�c�2�1�c�9�2�2�7�1�d�2�1�d�8�9�d�0�9�2�3�1�3�b�4�1�d�8�1�d�7�6�7�a�b�0�1�4�7�2�e�8�0�e�d�b�
C�:�\�3�0�1�f�8�2�c�1�8�b�1�6�f�e�5�0�d�3�c�2�7�6�c�2�9�9�f�5�2�4�e�f�d�a�b�8�2�d�2�9�4�8�a�0�0�3�9�c�d�4�5�2�2�7�1�c�f�d�0�8�9�4�7�c�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�b�u�d�h�a�.�e�x�e�
C�:�\�0�1�2�a�d�6�c�d�5�7�4�7�0�4�b�7�1�4�8�6�1�d�7�c�f�9�5�e�f�e�1�b�6�f�2�4�5�c�f�f�0�4�d�d�d�3�2�e�8�6�f�5�2�4�c�f�1�c�1�c�7�5�9�3�
C�:�\�3�e�2�1�0�2�4�9�0�5�1�d�7�8�c�8�a�d�4�1�4�6�9�1�9�a�2�4�a�6�4�0�f�c�2�6�f�0�1�a�2�2�a�d�e�6�0�d�5�7�8�3�2�f�d�4�d�7�9�3�7�6�3�f�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�b�u�d�h�a�.�e�x�e�
C�:�\�c�0�c�b�a�5�b�b�1�c�4�c�8�5�1�8�c�f�9�4�6�d�6�b�5�b�3�6�2�3�b�2�c�7�2�2�b�a�3�5�1�1�7�1�b�d�e�1�c�2�d�7�c�5�8�b�4�d�e�e�2�3�3�0�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�b�u�d�h�a�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�9�d�e�2�6�a�d�d�1�0�0�2�0�d�7�0�_�b�u�d�h�a�.�e�x�e�
C�:�\�1�f�c�a�b�5�8�4�6�d�e�8�5�8�9�3�8�8�a�9�1�2�3�b�f�3�6�b�5�0�4�d�e�d�a�2�6�3�a�c�b�2�a�4�5�5�d�1�3�3�7�f�8�1�7�9�1�7�e�c�3�2�a�4�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�b�u�d�h�a�.�p�e�3�2�
C�:�\�f�6�f�5�c�c�7�7�5�f�8�e�8�8�6�9�9�0�2�d�0�4�f�e�1�2�b�f�0�c�e�4�1�2�c�4�f�1�8�8�3�3�e�2�2�8�1�5�4�9�4�7�9�4�0�b�c�9�e�b�2�1�9�a�
C�:�\�2�7�6�1�1�b�c�a�c�2�c�0�5�3�6�e�6�3�d�5�b�f�0�1�0�2�2�5�5�7�8�b�0�b�8�5�0�3�3�1�1�5�1�f�d�0�5�2�a�2�3�6�1�0�5�0�2�7�1�a�4�7�b�d�
C�:�\�a�9�3�4�8�8�7�2�4�4�8�a�c�3�f�a�6�6�5�a�a�e�5�6�8�d�1�c�2�a�9�b�8�d�8�1�7�7�e�5�4�c�f�c�3�9�e�d�b�9�e�e�6�c�2�8�d�e�6�d�1�1�f�6�
C�:�\�1�5�c�d�0�7�1�0�c�c�7�7�e�4�6�5�1�5�5�f�8�d�e�2�5�3�0�c�e�f�b�3�8�f�1�9�6�0�1�e�d�c�2�9�0�4�a�8�1�c�a�9�0�4�5�a�3�3�b�0�3�f�9�a�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�b�u�d�h�a�.�p�e�3�2�
C�:�\�c�8�8�1�d�d�2�3�2�8�d�4�9�d�9�b�5�0�1�4�0�c�e�d�f�8�9�c�f�a�8�f�b�3�5�5�e�6�1�0�9�d�4�c�7�1�6�7�3�f�0�a�8�d�5�c�5�4�f�c�2�8�e�0�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�v�e�g�2�B�o�C�C�.�e�x�e�
C�:�\�5�3�2�d�e�4�9�6�2�c�2�1�b�7�a�7�9�6�a�f�8�e�3�0�9�7�1�1�c�4�9�2�6�6�b�7�d�5�0�3�c�6�7�f�b�3�1�2�3�4�d�4�1�e�d�b�c�5�f�d�c�c�1�7�
C�:�\�e�b�6�9�9�3�e�a�a�8�b�a�6�0�d�9�6�5�3�6�6�8�1�8�f�4�1�5�5�e�b�5�3�b�6�d�6�3�5�c�4�0�d�c�9�0�4�d�3�c�b�4�6�e�0�8�3�3�1�7�f�b�4�7�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�b�u�d�h�a�.�p�e�3�2�
C�:�\�2�8�f�b�7�0�5�4�6�6�2�a�3�a�f�7�7�d�0�d�7�e�d�1�1�5�0�4�0�c�6�e�8�1�8�e�e�7�d�4�c�4�4�6�9�9�2�a�a�8�8�3�1�3�2�5�f�1�c�9�d�3�d�0�
C�:�\�5�7�b�b�f�e�e�c�1�8�f�2�8�8�7�1�5�a�0�b�4�4�b�5�5�e�e�6�8�d�1�0�b�b�1�a�1�b�2�6�0�9�5�c�6�6�6�6�4�f�1�0�5�7�2�2�4�c�f�f�3�3�d�d�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�s�f�O�T�X�K�F�f�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�.�p�e�3�2�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�a�V�F�e�7�T�U�e�.�e�x�e�
C�:�\�7�6�9�0�8�4�d�3�8�0�3�5�2�5�7�b�e�e�e�8�b�1�8�e�a�a�4�6�0�9�b�3�5�8�3�4�f�8�a�4�9�6�e�8�5�d�0�7�f�9�d�9�7�8�8�c�5�6�7�d�2�8�2�6�
C�:�\�1�b�d�9�c�b�7�f�8�4�b�c�b�a�d�d�8�f�6�d�e�8�7�7�a�8�0�5�d�5�d�1�d�0�5�7�0�2�8�d�a�7�5�e�e�9�4�c�6�1�5�f�6�9�a�4�4�a�2�d�9�4�c�8�
C�:�\�3�b�c�f�8�d�d�7�a�a�0�1�3�1�9�f�6�0�3�b�e�e�d�2�d�e�a�e�8�6�6�b�3�c�1�4�2�f�7�f�c�4�3�9�2�f�e�2�2�9�8�f�e�2�b�d�b�1�0�7�2�e�0�a�
C�:�\�7�4�6�3�c�1�3�e�b�a�e�1�d�3�7�e�a�6�d�a�8�4�8�9�9�a�8�6�4�0�f�0�3�4�3�2�b�5�8�9�2�6�3�3�8�e�6�8�e�6�f�7�a�0�0�9�c�5�b�1�7�d�0�9�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�C�m�i�y�h�b�X�w�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�9�3�3�5�5�4�c�3�a�5�4�4�b�6�b�2�a�c�b�4�9�3�7�3�f�4�7�d�2�f�9�d�4�2�c�a�1�e�9�5�7�3�c�c�b�f�f�a�e�d�6�5�d�c�9�f�7�c�5�f�6�1�3�e�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�a�H�K�P�E�E�3�W�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�.�p�e�3�2�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�7�7�e�0�f�b�0�a�3�1�b�d�f�9�5�6�_�b�u�d�h�a�.�e�x�e�
C�:�\�2�1�2�e�8�8�1�8�2�4�4�2�b�a�a�b�0�6�0�c�1�e�8�1�5�5�d�1�b�1�a�1�0�4�9�f�a�8�b�7�4�c�f�d�b�c�7�4�4�6�b�c�a�4�5�a�6�2�8�a�e�8�2�b�
C�:�\�d�e�0�3�0�a�c�7�3�a�1�9�4�7�1�9�0�7�e�a�7�3�b�1�6�7�3�0�e�3�2�7�8�2�c�9�5�8�d�2�8�4�9�3�f�3�6�a�f�8�3�d�3�8�f�5�9�a�6�3�c�e�2�6�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�b�u�d�h�a�.�p�e�3�2�
C�:�\�0�d�2�8�b�3�0�7�7�4�3�9�7�9�5�e�7�c�b�a�4�2�9�d�b�b�9�8�5�e�9�e�b�2�f�c�4�0�4�5�5�2�b�3�d�a�c�f�d�2�f�7�8�0�9�4�c�e�4�e�6�7�7�a�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�b�u�d�h�a�.�e�x�e�
C�:�\�U�s�e�r�s�\�V�i�r�t�u�a�l�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�5�d�f�0�b�e�2�7�b�c�0�0�f�a�8�3�3�e�0�e�9�4�7�c�9�1�9�6�8�4�8�6�3�a�6�9�c�1�9�7�d�f�4�b�5�5�1�a�c�9�3�b�0�4�f�7�7�3�c�2�3�7�0�6�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�b�u�d�h�a�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�b�u�d�h�a�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�5�6�d�9�9�6�6�c�8�8�7�d�e�0�e�e�_�b�u�d�h�a�.�e�x�e�
C�:�\�U�s�e�r�s�\�V�i�r�t�u�a�l�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�e�8�6�4�7�a�b�9�a�0�3�c�1�b�7�b�e�8�d�c�f�c�1�a�8�2�a�e�d�9�0�f�8�d�b�b�c�8�3�d�f�b�9�a�c�e�2�e�b�3�2�e�b�1�d�a�a�8�0�8�e�6�7�3�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�n�F�8�F�C�k�i�L�.�e�x�e�
C�:�\�b�1�2�b�4�a�7�0�9�0�f�0�4�d�2�8�1�c�1�e�a�a�3�1�a�a�7�2�f�a�f�8�3�a�7�d�5�2�2�b�2�a�2�d�d�9�b�4�c�e�b�2�a�9�c�a�e�d�8�4�1�7�3�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�b�u�d�h�a�.�e�x�e�
C�:�\�0�c�5�2�c�9�d�2�4�0�b�f�2�1�d�1�8�a�a�7�c�1�6�b�f�b�4�f�3�9�7�4�2�5�f�7�a�9�0�e�7�e�3�e�7�5�9�e�0�3�1�7�a�1�f�f�0�3�2�f�7�d�0�3�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�b�u�d�h�a�.�e�x�e�
C�:�\�e�f�d�c�f�7�c�2�1�d�8�1�2�c�8�f�f�f�e�c�1�2�e�9�d�9�5�5�4�e�2�d�0�5�f�d�1�e�b�c�8�7�e�e�6�c�c�d�2�e�8�4�4�5�0�0�c�9�2�d�0�a�f�7�
C�:�\�4�6�6�b�c�1�5�d�b�0�e�3�f�6�4�0�c�6�6�7�9�1�f�f�9�2�d�d�1�6�4�c�5�8�9�0�8�7�f�e�c�0�e�1�7�9�1�8�9�a�8�e�6�1�1�f�c�a�7�3�2�f�d�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�b�u�d�h�a�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�b�u�d�h�a�.�p�e�3�2�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�N�B�m�v�Q�A�F�e�.�e�x�e�
C�:�\�7�0�e�f�b�1�a�1�a�7�5�2�1�7�2�5�c�5�3�8�7�e�d�8�b�f�7�9�1�e�e�d�b�a�4�4�0�6�a�5�f�3�7�2�6�5�8�f�2�a�e�3�d�1�f�d�7�0�1�6�f�a�6�f�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�b�u�d�h�a�.�e�x�e�
C�:�\�8�b�6�b�e�0�b�a�b�4�d�3�a�1�1�f�c�8�9�c�2�0�0�a�c�3�c�e�8�8�b�e�3�1�5�b�6�5�b�4�d�3�f�2�6�d�4�9�7�0�f�f�3�d�d�5�d�7�7�4�2�e�6�c�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�b�u�d�h�a�.�p�e�3�2�
C�:�\�e�d�9�a�9�6�5�4�4�2�c�f�5�2�5�4�f�d�8�7�5�8�f�7�4�c�6�e�0�b�e�d�3�d�a�7�b�d�c�1�7�0�5�2�3�e�4�f�4�4�4�7�5�8�f�9�e�8�2�a�1�a�c�6�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�8�3�v�Y�y�r�j�X�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�d�f�4�e�a�a�2�2�d�1�1�6�f�9�2�8�a�4�7�9�a�2�3�e�c�e�1�b�e�c�6�7�3�c�d�6�2�e�f�5�d�e�a�5�3�9�f�4�9�2�0�6�4�7�6�c�3�c�d�8�f�e�4�d�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�l�u�s�e�r�\�D�e�s�k�t�o�p�\�A�r�a�L�I�Y�F�F�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�9�6�2�e�c�f�8�9�5�9�c�0�a�7�c�3�f�f�1�4�a�c�f�f�0�5�b�6�9�b�d�0�9�a�0�a�b�2�2�4�d�b�a�9�1�e�6�d�e�a�2�9�1�a�9�b�0�1�a�9�3�8�b�e�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�l�u�s�e�r�\�D�e�s�k�t�o�p�\�i�u�0�p�X�v�B�H�.�e�x�e�
C�:�\�e�9�e�e�c�0�2�4�4�b�a�f�c�4�2�e�5�0�7�9�2�4�c�3�8�6�3�8�b�0�8�a�f�9�5�8�c�3�a�8�c�e�2�5�8�e�8�5�7�a�c�5�1�0�1�a�7�e�2�8�1�1�f�8�
C�:�\�b�4�6�d�f�a�c�a�b�6�3�8�a�e�f�c�0�9�3�e�e�c�1�e�1�b�8�0�7�2�e�8�c�a�7�4�d�b�a�a�3�9�a�d�5�2�c�e�1�9�6�2�c�e�7�9�d�9�5�1�c�a�6�8�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�C�w�W�S�G�w�T�0�.�e�x�e�
C�:�\�a�b�b�a�e�f�1�a�a�1�d�0�0�4�2�2�c�b�9�f�3�1�6�7�9�b�5�a�e�0�6�9�a�1�1�0�e�1�b�8�6�2�7�4�9�a�9�d�0�d�f�8�c�2�1�f�7�7�1�6�6�b�7�a�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�b�u�d�h�a�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�p�j�a�U�b�Q�I�e�.�e�x�e�
C�:�\�b�d�2�4�5�f�2�e�c�7�5�c�f�f�8�8�5�a�f�e�a�0�f�f�2�c�4�5�d�9�b�a�e�f�c�1�f�b�2�a�5�f�a�1�b�6�3�b�d�9�1�8�8�1�3�c�d�7�9�4�1�3�2�7�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�R�l�o�Y�e�n�Y�w�.�e�x�e�
C�:�\�1�e�c�c�e�0�d�e�e�d�5�a�a�5�c�f�a�7�e�1�f�5�d�d�3�d�3�e�d�b�1�1�f�c�0�3�3�1�5�2�9�3�0�e�2�3�4�7�3�a�2�5�6�4�a�b�9�4�4�3�f�c�a�6�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�z�4�W�H�F�T�h�B�.�e�x�e�
C�:�\�b�e�f�6�8�e�c�0�5�8�5�e�2�4�8�b�c�4�8�a�9�c�7�9�e�b�3�1�7�c�e�1�b�2�f�1�d�5�9�7�2�5�d�4�a�5�e�0�d�d�f�6�6�4�7�6�a�8�8�a�c�a�b�5�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�b�u�d�h�a�.�e�x�e�
C�:�\�7�1�5�5�6�7�f�a�8�5�a�9�a�7�d�8�9�d�e�3�6�7�f�3�1�6�f�1�6�8�3�9�0�9�a�4�e�2�c�c�2�9�0�0�d�a�0�4�c�c�c�5�a�4�5�3�d�1�1�c�2�a�f�a�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�b�u�d�h�a�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�2�h�5�P�h�i�X�E�.�e�x�e�
C�:�\�U�s�e�r�s�\�R�A�4�9�1�~�1�.�V�U�L�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�1�b�7�6�f�9�4�2�9�9�c�d�d�1�3�0�2�6�c�3�b�5�c�0�c�8�7�a�0�4�f�9�.�v�i�r�u�s�
C�:�\�b�8�e�2�2�6�d�1�6�a�0�c�6�4�0�2�a�e�4�6�1�3�3�0�6�3�8�c�e�1�8�7�9�3�b�5�5�f�a�1�6�5�4�e�6�c�2�9�a�4�8�0�4�b�2�b�1�e�e�5�c�2�7�6�
C�:�\�3�4�7�f�b�e�6�c�9�4�e�b�8�9�a�5�a�0�2�a�5�9�f�1�6�8�7�6�c�f�0�7�d�e�8�4�6�e�1�7�e�9�f�1�a�a�1�3�7�2�1�e�4�e�e�d�4�0�b�2�a�9�c�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�b�u�d�h�a�.�e�x�e�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.