1.3
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.67
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:TrojanX-gen [Trj] | 20200405 | 18.4.3895.0 |
| Baidu | Win32.Trojan.Kryptik.ld | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200407 | 2013.8.14.323 |
| McAfee | Upatre-FACH!4D473C25CAE2 | 20200406 | 6.0.6.653 |
| Tencent | Malware.Win32.Gencirc.10b85db8 | 20200407 | 1.0.0.1 |
静态指标
动态指标
在 PE 资源中识别到外语
(10 个事件)
| name | RT_CURSOR | language | LANG_KOREAN | filetype | None | sublanguage | SUBLANG_KOREAN | offset | 0x00013b20 | size | 0x00000134 | ||||||||||||||||||
| name | RT_CURSOR | language | LANG_KOREAN | filetype | None | sublanguage | SUBLANG_KOREAN | offset | 0x00013b20 | size | 0x00000134 | ||||||||||||||||||
| name | RT_BITMAP | language | LANG_KOREAN | filetype | None | sublanguage | SUBLANG_KOREAN | offset | 0x0000f648 | size | 0x000000e0 | ||||||||||||||||||
| name | RT_BITMAP | language | LANG_KOREAN | filetype | None | sublanguage | SUBLANG_KOREAN | offset | 0x0000f648 | size | 0x000000e0 | ||||||||||||||||||
| name | RT_ICON | language | LANG_KOREAN | filetype | None | sublanguage | SUBLANG_KOREAN | offset | 0x0000f790 | size | 0x00004228 | ||||||||||||||||||
| name | RT_GROUP_CURSOR | language | LANG_KOREAN | filetype | None | sublanguage | SUBLANG_KOREAN | offset | 0x00013c58 | size | 0x00000014 | ||||||||||||||||||
| name | RT_GROUP_CURSOR | language | LANG_KOREAN | filetype | None | sublanguage | SUBLANG_KOREAN | offset | 0x00013c58 | size | 0x00000014 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_KOREAN | filetype | None | sublanguage | SUBLANG_KOREAN | offset | 0x000139b8 | size | 0x00000014 | ||||||||||||||||||
| name | RT_VERSION | language | LANG_KOREAN | filetype | None | sublanguage | SUBLANG_KOREAN | offset | 0x0000f2e0 | size | 0x00000284 | ||||||||||||||||||
| name | RT_MANIFEST | language | LANG_KOREAN | filetype | None | sublanguage | SUBLANG_KOREAN | offset | 0x00013c70 | size | 0x0000020c | ||||||||||||||||||
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(2 个事件)
| section | {'name': '.text', 'virtual_address': '0x00001000', 'virtual_size': '0x00007784', 'size_of_data': '0x00007800', 'entropy': 6.980068187899279} | entropy | 6.980068187899279 | description | 发现高熵的节 | |||||||||
| entropy | 0.4225352112676056 | description | 此PE文件的整体熵值较高 | |||||||||||
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 59 个反病毒引擎识别为恶意
(50 out of 59 个事件)
| APEX | Malicious |
| AVG | Win32:TrojanX-gen [Trj] |
| Acronis | suspicious |
| Ad-Aware | Trojan.Upatre.Gen.3 |
| AhnLab-V3 | Trojan/Win32.Upatre.R159277 |
| Antiy-AVL | Trojan/Win32.AGeneric |
| Arcabit | Trojan.Upatre.Gen.3 |
| Avast | Win32:TrojanX-gen [Trj] |
| Avira | HEUR/AGEN.1005641 |
| Baidu | Win32.Trojan.Kryptik.ld |
| BitDefender | Trojan.Upatre.Gen.3 |
| BitDefenderTheta | Gen:NN.ZexaF.34104.eu1@ayhE4dpG |
| CAT-QuickHeal | Trojan.Kadena.B4 |
| ClamAV | Win.Downloader.Upatre-5744092-0 |
| Comodo | TrojWare.Win32.TrojanDownloader.Upatre.EMD@5syzmz |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.5cae21 |
| Cylance | Unsafe |
| Cyren | W32/Upatre.CC.gen!Eldorado |
| DrWeb | Trojan.DownLoader15.25237 |
| ESET-NOD32 | a variant of Win32/Kryptik.DQWK |
| Emsisoft | Trojan.Upatre.Gen.3 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Upatre.CC.gen!Eldorado |
| F-Secure | Heuristic.HEUR/AGEN.1005641 |
| FireEye | Generic.mg.4d473c25cae21a8d |
| Fortinet | W32/Kryptik.DQAA!tr |
| GData | Win32.Trojan.Kryptik.CE |
| Ikarus | Trojan-Downloader.Win32.Waski |
| Invincea | heuristic |
| Jiangmin | Trojan/Generic.bhpht |
| K7AntiVirus | Trojan ( 004ce6cb1 ) |
| K7GW | Trojan ( 004ce6cb1 ) |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| MAX | malware (ai score=87) |
| Malwarebytes | Trojan.Upatre |
| MaxSecure | Trojan.Upatre.Gen |
| McAfee | Upatre-FACH!4D473C25CAE2 |
| McAfee-GW-Edition | BehavesLike.Win32.Upatre.lm |
| MicroWorld-eScan | Trojan.Upatre.Gen.3 |
| Microsoft | TrojanDownloader:Win32/Upatre |
| NANO-Antivirus | Trojan.Win32.Vundo.fnbwzl |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | HEUR/QVM07.1.668B.Malware.Gen |
| Rising | Downloader.Upatre!8.B5 (TFE:dGZlOgWNB69yeUSCFA) |
| SUPERAntiSpyware | Trojan.Agent/Gen-Upatre |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
| Sophos | Troj/Dyreza-HP |
| Tencent | Malware.Win32.Gencirc.10b85db8 |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2014-03-18 21:35:14
PE Imphash
ebb8c8d8f5176e7424d974dd10acbc2f
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x00007784 | 0x00007800 | 6.980068187899279 |
| .rdata | 0x00009000 | 0x00001238 | 0x00001400 | 4.8785156865574555 |
| .data | 0x0000b000 | 0x00003d9c | 0x00003200 | 1.3706448310998167 |
| .rsrc | 0x0000f000 | 0x00004e80 | 0x00005000 | 5.094506921133087 |
| .reloc | 0x00014000 | 0x00000d5c | 0x00000e00 | 3.516894690868984 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_CURSOR | 0x00013b20 | 0x00000134 | LANG_KOREAN | SUBLANG_KOREAN | None |
| RT_CURSOR | 0x00013b20 | 0x00000134 | LANG_KOREAN | SUBLANG_KOREAN | None |
| RT_BITMAP | 0x0000f648 | 0x000000e0 | LANG_KOREAN | SUBLANG_KOREAN | None |
| RT_BITMAP | 0x0000f648 | 0x000000e0 | LANG_KOREAN | SUBLANG_KOREAN | None |
| RT_ICON | 0x0000f790 | 0x00004228 | LANG_KOREAN | SUBLANG_KOREAN | None |
| RT_DIALOG | 0x0000f728 | 0x00000066 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_GROUP_CURSOR | 0x00013c58 | 0x00000014 | LANG_KOREAN | SUBLANG_KOREAN | None |
| RT_GROUP_CURSOR | 0x00013c58 | 0x00000014 | LANG_KOREAN | SUBLANG_KOREAN | None |
| RT_GROUP_ICON | 0x000139b8 | 0x00000014 | LANG_KOREAN | SUBLANG_KOREAN | None |
| RT_VERSION | 0x0000f2e0 | 0x00000284 | LANG_KOREAN | SUBLANG_KOREAN | None |
| RT_MANIFEST | 0x00013c70 | 0x0000020c | LANG_KOREAN | SUBLANG_KOREAN | None |
Imports
Library USER32.dll:
• 0x409100 LoadStringA
• 0x409104 LoadIconA
• 0x409108 LoadCursorA
• 0x40910c RegisterClassExA
• 0x409110 GetMessageA
• 0x409114 TranslateMessage
• 0x409118 DispatchMessageA
• 0x40911c PostQuitMessage
• 0x409120 SendMessageA
• 0x409124 BeginPaint
• 0x409128 GetClientRect
• 0x40912c DrawTextA
• 0x409130 EndPaint
• 0x409134 DefWindowProcA
• 0x409138 DestroyWindow
• 0x40913c PostMessageA
• 0x409140 CreateWindowExA
• 0x409144 ShowWindow
• 0x409148 UpdateWindow
Library KERNEL32.dll:
• 0x409008 InterlockedIncrement
• 0x40900c InterlockedDecrement
• 0x409010 GetStringTypeW
• 0x409014 GetStringTypeA
• 0x409018 LCMapStringW
• 0x40901c LCMapStringA
• 0x409020 MultiByteToWideChar
• 0x409024 HeapReAlloc
• 0x409028 VirtualAlloc
• 0x40902c GlobalSize
• 0x409030 SizeofResource
• 0x409034 CreateThread
• 0x409038 WaitForSingleObject
• 0x40903c GlobalAlloc
• 0x409040 FindNextFileW
• 0x409044 Sleep
• 0x409048 FindFirstFileW
• 0x40904c FindClose
• 0x409050 LoadLibraryA
• 0x409054 GetModuleHandleA
• 0x409058 GetProcAddress
• 0x40905c GetEnvironmentStringsW
• 0x409060 GetOEMCP
• 0x409064 GetACP
• 0x409068 GetCPInfo
• 0x40906c GetStartupInfoA
• 0x409070 GetCommandLineA
• 0x409074 GetVersion
• 0x409078 ExitProcess
• 0x40907c TerminateProcess
• 0x409080 GetCurrentProcess
• 0x409084 UnhandledExceptionFilter
• 0x409088 GetModuleFileNameA
• 0x40908c FreeEnvironmentStringsA
• 0x409090 FreeEnvironmentStringsW
• 0x409094 WideCharToMultiByte
• 0x409098 GetEnvironmentStrings
• 0x40909c SetHandleCount
• 0x4090a0 GetStdHandle
• 0x4090a4 GetFileType
• 0x4090a8 GetCurrentThreadId
• 0x4090ac TlsSetValue
• 0x4090b0 TlsAlloc
• 0x4090b4 SetLastError
• 0x4090b8 TlsGetValue
• 0x4090bc GetLastError
• 0x4090c0 GetEnvironmentVariableA
• 0x4090c4 GetVersionExA
• 0x4090c8 HeapDestroy
• 0x4090cc HeapCreate
• 0x4090d0 VirtualFree
• 0x4090d4 HeapFree
• 0x4090d8 RtlUnwind
• 0x4090dc WriteFile
• 0x4090e0 HeapAlloc
• 0x4090e4 InitializeCriticalSection
• 0x4090e8 EnterCriticalSection
• 0x4090ec LeaveCriticalSection
Library COMCTL32.dll:
• 0x409000 InitCommonControlsEx
L!This program cannot be run in DOS mode.
7"aich
`.rdata
@.data
@.reloc
UHSVWh
Vj jdh
Vj jd@
zpR\"4*
o 6A(
7/DS2V|8N%,P4\! 9A 9Q
4:G99Pan
K30dR P7
J6\t'=N&9A
\e=1R
>9"&9dR
.G;.G %u&.NR N
K30c1\q"\a&9r7/Q
*5V19Q%5L&rF
2V7(q"(KR
"7.L=2L
V72F'9Q
2V7(a7
C7\k 2G
R3R&9ZR=R1=V}v"R
rtu=+Q
,R7>igo
R9N=0W7$G|m
?>M|9Z:9A|8[!rM}\
bd"|&Ker
cm"|&Kfr
jl"|&Keo
eo"|&Kcj
eh"|&Ker
gn"|&Ked
an"|&Kkh
el"|&Kjr
dh"|&K`r
cj"|&Kfr
R\+R\+R\+R\+R\+R\+R\+R\+R\+R\+R\+R\+R\+R\+R\+R\+R\+R\+R\+R\+R\+R\+R\+R\+R\+R\+R\+
R\+R\+
R\+R\+R\+R\+R\+R\+R\+R\+R\+
i^P\uT s
'fMy#):
TT"'}tg!
&4&UD3Y)sh}
d(vaD5.?"!}T/
sEw"P'
R5T=Q/
.pVlD3
:Em}:E
a:]#\.8
V'tz6%
*dR\"zZ
Wp"'"'q"
(XY]"V aV
<]R\"8^J
WlZ\"g
gaPzZ(
&XD3n(
Mh".mc:(
Xu}Vo(4
&fnn\W+4
.m}".V'.Y)
qlWw"'
bUez\"
'WJpRw
YeQTPo
W<R\"X)
IRgzJ) R\
oR$8ZM"
PWPzBo
o8F=;Y
r)).(T/?o.as
P]"zH\"
ZQ]"TP:"
\JHRwl)
TrzH\"
J_$<R\" R\u3
Ie_"r<
['ytTgzRw%
ZJFRFXu
tt0B=@
j@Y3`@
@;vAA9
Y_^[3j
_^]PuVF8%
MVWQ_3
GHuGHHGH
Au^H9E
v_^[]Ujh@
3;u>EPj
EPVh\@
E;tc]<
euWSVM
e33M;t)uVu
EPEPVLG
^]UQQS39
EPEPSSWV)
YEPEPE
YtF>"u
< v^Ujhh@
SVWe39=@
"WWSh\@
M]9}tfSuu
tMWWSuu
Mu;tVSuuu
8 t9UWl/
YE?=t"Ur;Y
8 u]5@
Mu^FF#
NMIIII
Virt^_
R9\(L(u
SV/un8H
k,u3!Eu
</uy8A
^[Ujh@
YYt&V5D@
UTVWEPE
jiVjdh@
YYt)V5D@
YY\WP\M%
@Y<v)\P:%
VW333;u3
SS@SSPVSSD$4
t#SSUPt$$VSS
;t<8 t
u+@UY;u
3_^][YYUT3@_H
UWQ_t@
UQSVsvPu
^[]U$S]
3UUUUME}9;
URVMEj
BU;|(E
!E;tv;u2U
_ADAHE
[]UhSVF
W3U]}}
E;t&ESP
EHE0_O
Es_^3[]
t G};}
QPPEWS
RWSPQU
_^3[]j
3[]Vs W}
ujSQvEC
uRS9vEH
QRWVSF
_^3[]SC
E_^[]WSc3
3V}{rX
VqPVEz
_#E[^]
@"t)t%
F8"uF@C
@C8"u,
YY;t>j,P
Y;Yt0@8
[USVWUj
~]_^[]
Pjh4^@
t.;t$$t(4v
VC20XC00U
]_^[]UL$
^Yu3Ujh@
Wj@Y3`@
EVP5D@
t7SWU
BBBu_[j
VPVPV5d@
@AA;rI3
@;r^W|$
tAt2t$
r)$(f@
DDDDDDDDDDDDDD
uA};=@@
9]t^uH3
9]u>Vj
E9]u'9
u,9uv'E
B8t6t8t't
8t3^[_G^[_
^[_UWVSM
r;]uy;
;uY;]s
pD#U#ue
j #M_|
]#\D\D
VW3;u0DP
3_^][Vt$
^UQSV5@
YUQQSV5@
3_^[UQM
CF;sN;Eu
3_^[S39
VWuBhP@
;tg5X@
GIt%t)
Gt/KuD$
GKu[^D$
T [V$@
_^[UQ=@
DDDDDDDDDDDDDD
UV3PPPPPPPPU
$s ^UV3PPPPPPPPU
$sF ^UWVSu
F'G8t,A<
F G8tPS,
[^_UWVSM
uNAZ I
t FGQPS;
[^_SVD$
;^}%95X@
XXaB!"O&VHB<Q$Q)o
LoseUndoAbilityWarning
SaveCurrentModifWarning
ColumnModeTip
J6bHHc/&e/.^i;S(AQ
T]f[GZ/7$.ijc*>37E
;-_H1<cl
thought of it since then - that he had a charm
__GLOBAL_HEAP_SELECTED
__MSVCRT_HEAP_SELECT
runtime error
TLOSS error
SING error
DOMAIN error
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
abnormal program termination
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
Runtime Error!
Program:
<program name unknown>
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
H:mm:ss
dddd, MMMM dd, yyyy
M/d/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
UpdateWindow
ShowWindow
CreateWindowExA
PostMessageA
DestroyWindow
DefWindowProcA
EndPaint
DrawTextA
GetClientRect
BeginPaint
SendMessageA
PostQuitMessage
DispatchMessageA
TranslateMessage
GetMessageA
RegisterClassExA
LoadCursorA
LoadIconA
LoadStringA
USER32.dll
GlobalSize
SizeofResource
CreateThread
WaitForSingleObject
GlobalAlloc
FindNextFileW
FindFirstFileW
FindClose
LoadLibraryA
GetModuleHandleA
KERNEL32.dll
InitCommonControlsEx
COMCTL32.dll
GradientFill
AlphaBlend
MSIMG32.dll
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
HeapAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement
bK_lsBhMRUVQhsK
CannotMoveDoc
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-+.,:?&@=/%#()
VEOfAdLJfIcre_rjAOlBHkMjqrFGp
PH[KQip[WMihh_SU^
Magnetick
Charge Window App
button
static
richedit
ABCDEFG
riched32.dll
ffffff
aGGDDV
tttDP`
twGD``awwGtu
PawwwGE
PffffffWP
GtwwwP
www30www
xwwwwwxwwwwrwwwwww
<6WQ</*
nsonmtzmsonontlonqnmtzmtznvzononsnonmsmr
onnrononns
onnuzrlonx{
e[{A2$
}qotwutxw|
}uxvtwugjihjhgjhhki|
+ %!+ + ' + + &
+ + + -
twugligjhtxv
+ + + $ 5'-
H=$ + + $ + + + ,!$ , / /
% + ,"+ / +
/ + 0 + %
$ + ,!/ +!,"+!0 -
/ $ / / + -!+ +!-"+ /
6 / +!1 / 0 +!/
*$ % 5
z+!/ / +!7
4,/ /"/ / 5 / '
2+5'2%+!+"2++!+"/
/ 2++!3++!+!,!/ -"2++!.$/ 0
,#/ 1!/ 4&/ / 3&/ .
y+!0"(
+ 0",#/ ,#/ '
/ / ,$5
,#>-2%2%3&2%2%0
2&/ /"2%2%2,2%3%2%,#5
,#=-2%2%3&2%8&1#2+0
]^uhp^r_C(7
4 3&\So\ocuhOB7
fap]nbuhvi\S1#5"5"4&5"2%6#5"3&0",#5!
5"4&0"0"1#0"0#2%2%0#4 4 >,2%3%1"2+2&2%8&0$4 5 0"0">,2%2+9'0"1#3%2%2&8&0"9'8&5#1"8&9'8&6
0"5$5"8&6
2%5"6"4 523+0"2&8&6
5"2+3,2%2&4 6
5!4 8&3,2%>-8&4 5#8&5"8'5"5"8&8&:&0"6
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.2.31"
processorArchitecture="X86"
name="TransOcean"
type="win32"/>
<description>TransOcean</description>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="asInvoker"
uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
=0C0e0y00000
1$191]1111111111
3.353S3]3{3333333333333
4"4'414R4_4l4s4~444444
5H5W5\5v555555
78888888
9*999Z9`999999999999+:2:A:d:j:w:::::::<<>>>>>>
?'?:?R?r???
0,00000%1@1Q1_1l1q1w1111
2U2Z2y222222222
30333394^4u444444(545>5b5666g7:::::
;@;E;O;k;;;;;;;
<)<E<<<<<<<<
=!=(=1=;=Z=_=g=m=|========*>2>L>R>c>>>>>>>>6?J?h?t?????????
0I00001111x2
:$:+:5:N:V:[:g:l::::*;o;R<k<<<
= =Y== >a>>>>
040B0000
1(1C1O1Y1d1n1x1~11111111h2n22222222
3/3;3M3[3
50575?5D5H5L5u55555555555"6(6,6064666666666
7M7T7X7\7`7d7h7l7p777777
8 8m8{88
999@:W:o::8=>=E=R=Y=a=g=m=x==???
0*050G0Z0e0k0p0v0000000000
113333333
4+444N4_4e4x4455555555
666666666
7$7\7i777d8j88:9G9V99
:]:;;;;;;;;;;;
<#<=====->_>s>>>
????????
0+0E0L0P0T0X0\0`0d0h000000*151P1W1\1`1d11111111111
2J2P2T2X2\23
4*4y44
5v56666$7
P1T1X1\1`1d1h1l1p1t1x1"5*52565:5F5J5R5Z5^555888
9l9p9x9|999
056d7l7t7|7777777777777777
8$8489999
999>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
? ?$?(?,?0?@?D?H?L?P?T?X?\?`?d?p?
@�I�@�@�@�@�@�
o�n�l�i�n�e�-�d�o�c�u�m�e�n�t�.�h�t�m�l�
L�o�s�e� �U�n�d�o� �A�b�i�l�i�t�y� �W�a�n�i�n�g�
Y�o�u� �s�h�o�u�l�d� �s�a�v�e� �t�
h�e� �c�u�r�r�e�n�t� �m�o�d�i�f�i�c�a�t�i�o�n�.�
A�l�l� �t�h�e� �s�a�v�e�d� �m�o�d�i�f�i�c�a�t�i�o�n�s� �c�a�n� �n�o�t� �b�e� �u�n�d�o�n�e�.�
C�o�n�t�i�n�u�e�?�
S�a�v�e� �C�u�r�r�e�n�t� �M�o�d�i�f�i�c�a�t�i�o�n�
S�u�m�m�a�r�y�
�r�a�n�g�e�s�
�b�y�t�e�s�)� �i�n� �
�s�e�l�e�c�t�e�d� �c�h�a�r�a�c�t�e�r�s� �(�
C�u�r�r�e�n�t� �d�o�c�u�m�e�n�t� �l�e�n�g�t�h�:� �
L�i�n�e�s�:� �
W�o�r�d�s�:� �
C�h�a�r�a�c�t�e�r�s� �(�w�i�t�h�o�u�t� �b�l�a�n�k�s�)�:� �
F�i�l�e� �l�e�n�g�t�h� �(�i�n� �b�y�t�e�)�:� �
M�o�d�i�f�i�e�d�:� �
C�r�e�a�t�e�d�:� �
F�u�l�l� �f�i�l�e� �p�a�t�h�:� �
P�l�e�a�s�e� �u�s�e� �"�A�L�T�+�M�o�u�s�e� �S�e�
K� �I�n�s�t�a�n�c�e�
M�o�v�e� �t�o� �N�e�w� �I�n�s�t�a�n�c�e�
C�l�o�n�e� �t�o� �O�t�h�e�r� �V�i�e�w�
M�o�v�e� �t�o� �O�t�h�e�r� �V�i�e�w�
C�u�r�r�e�n�t� �D�i�r�.� �P�a�t�h� �t�o� �C�l�i�p�b�o�a�r�d�
F�i�l�e�n�a�m�e� �t�o� �C�l�i�p�b�o�a�r�d�
F�u�l�l� �F�i�l�e� �P�a�t�h� �t�o� �C�l�i�p�b�o�a�r�d�
C�l�e�a�r� �R�e�a�d�-�O�n�l�y� �F�l�a�g�
R�e�a�d�-�O�n�l�y�
M�o�v�e� �t�o� �R�e�c�y�c�l�e� �B�i�n�
R�e�n�a�m�e�
S�a�v�e� �A�s�.�.�.�
C�l�o�s�e� �A�l�l� �t�o� �t�h�e� �R�i�
C�l�o�s�e� �A�l�l� �t�o� �t�h�e� �L�e�f�t�
C�l�o�s�e� �A�l�l� �B�U�T� �T�h�i�s�
D�o�c�u�m�e�n�t� �i�s� �m�o�d�i�f�i�e�d�,� �s�a�v�e� �i�t� �t�h�e�n� �t�r�y� �a�g�a�i�n�.�
M�o�v�e� �t�o� �n�e�w� �N�o�t�e�p�a�d�+�+� �I�n�s�t�a�n�c�e�
C�l�o�n�e� �t�o� �o�t�h�e�r� �V�i�e�w�
M�o�v�e� �t�o� �o�t�h�e�r� �v�i�e�w�
s�i�n�h�a�l�a�.�x�m�l�
b�e�n�g�a�l�i�.�x�m�l�
a�r�a�g�o�n�e�s�e�.�x�m�l�
a�r�a�g�o�n�
t�e�l�u�g�u�.�x�m�l�
u�y�g�h�u�r�.�x�m�l�
s�a�r�d�i�n�i�a�n�.�x�m�l�
h�i�n�d�i�.�x�m�l�
l�i�g�u�r�i�a�n�.�x�m�l�
Z�e�n�e�i�z�e�
e�s�p�e�r�a�n�t�o�.�x�m�l�
E�s�p�e�r�a�n�t�o�
b�o�s�n�i�a�n�.�x�m�l�
B�o�s�a�n�s�k�i�
a�z�e�r�b�a�i�j�a�n�i�.�x�m�l�
r�b�a�y�c�a�n� �d�i�l�i�
t�a�m�i�l�.�x�m�l�
� � � � � � � � �(�(�(�(�(� � � � � � � � � � � � � � � � � � �H�
@�@�@�@�@�@�@�@�@�
@�@�@�@�@�@�@�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�4�9�B�C�8�E�0�
C�o�m�p�a�n�y�N�a�m�e�
T�r�a�n�s�O�c�e�a�n�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
T�r�a�n�s�O�c�e�a�n�
F�i�l�e�V�e�r�s�i�o�n�
1�.�1�.�4�.�3�7�
I�n�t�e�r�n�a�l�N�a�m�e�
L�e�g�a�l�C�o�p�y�r�i�g�h�t�
L�e�g�a�l�T�r�a�d�e�m�a�r�k�s�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
P�r�o�d�u�c�t�N�a�m�e�
T�r�a�n�s�O�c�e�a�n�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
T�r�a�n�s�O�c�e�a�n�
M�S� �S�a�n�s� �S�e�r�i�f�
C�:�\�4�3�3�4�0�c�e�c�8�2�4�3�9�a�9�1�d�d�4�c�5�c�8�0�f�9�b�8�9�0�8�8�4�a�5�3�9�0�f�7�3�4�d�0�1�a�a�1�a�1�9�4�2�f�c�1�7�4�a�f�1�7�5�d�
c�:�\�f�7�8�c�d�1�f�3�a�d�a�b�d�5�4�a�6�e�5�c�4�3�0�e�9�f�7�c�8�a�c�d�3�9�6�9�b�f�0�2�
C�:�\�9�f�e�7�5�8�a�f�e�4�4�4�1�d�a�7�6�8�b�b�9�6�4�c�1�1�3�d�e�5�c�f�6�4�b�e�a�2�1�3�7�b�7�9�0�e�4�1�a�4�2�0�4�d�8�3�a�2�c�4�0�d�b�b�
C�:�\�b�1�9�7�3�4�c�2�5�9�3�2�2�a�3�e�c�a�e�6�9�c�d�9�0�9�b�b�1�b�7�3�a�7�a�f�0�c�e�3�3�9�9�b�b�f�5�8�b�c�b�7�6�b�7�c�f�c�c�d�9�b�b�5�
C�:�\�4�9�4�8�d�d�9�9�6�3�8�0�f�b�2�6�5�3�1�6�0�2�5�e�3�f�a�7�c�b�0�b�d�4�9�b�d�9�b�4�6�3�f�a�1�c�a�a�9�2�b�6�8�4�8�6�c�7�2�c�3�6�d�3�
C�:�\�d�8�8�d�7�7�a�6�4�7�a�f�b�c�f�b�4�0�1�2�6�3�c�1�f�8�e�2�b�3�8�e�b�c�7�3�6�c�d�5�b�0�4�e�9�c�0�d�2�e�8�f�1�2�b�e�9�6�8�9�4�6�4�f�
C�:�\�4�5�L�v�D�L�2�K�.�e�x�e�
C�:�\�9�E�L�Y�R�h�_�f�.�e�x�e�
C�:�\�Z�J�J�P�Q�m�u�g�.�e�x�e�
C�:�\�3�3�e�1�a�2�e�4�2�0�c�d�d�5�4�2�5�5�a�6�c�6�2�d�3�b�5�b�9�b�2�5�a�a�2�f�2�3�4�b�8�1�e�d�9�4�f�3�1�3�4�1�f�b�9�6�a�e�7�7�d�2�5�0�
C�:�\�Q�l�C�K�w�9�9�_�.�e�x�e�
C�:�\�z�J�V�i�9�_�F�s�.�e�x�e�
C�:�\�Z�h�D�P�B�u�Z�E�.�e�x�e�
C�:�\�c�d�8�4�4�2�d�c�9�b�d�d�6�e�4�7�7�e�f�2�7�e�4�b�c�b�f�8�e�3�4�6�2�e�c�1�5�d�d�4�5�c�8�4�f�6�5�6�a�8�3�c�3�4�e�b�d�d�6�e�7�3�f�4�
C�:�\�a�c�X�Y�S�f�l�x�.�e�x�e�
C�:�\�J�V�8�f�L�m�y�p�.�e�x�e�
C�:�\�O�q�I�i�y�h�k�B�.�e�x�e�
C�:�\�5�P�R�y�b�z�m�E�.�e�x�e�
C�:�\�t�U�m�9�5�i�l�7�.�e�x�e�
C�:�\�d�a�e�9�1�2�a�5�b�1�5�5�8�d�6�1�0�c�8�1�a�c�d�f�b�e�d�d�1�2�e�2�4�9�1�4�8�c�0�6�6�7�c�4�1�3�c�7�e�2�e�c�f�1�2�2�e�e�8�4�3�9�0�c�
C�:�\�k�7�l�F�J�F�J�q�.�e�x�e�
C�:�\�l�C�Z�B�P�G�c�Y�.�e�x�e�
C�:�\�g�b�9�K�4�m�R�S�.�e�x�e�
C�:�\�p�j�1�Z�T�Q�I�X�.�e�x�e�
C�:�\�g�Q�B�x�8�6�r�1�.�e�x�e�
C�:�\�5�j�O�f�Q�z�x�I�.�e�x�e�
C�:�\�9�x�W�g�B�T�Y�A�.�e�x�e�
C�:�\�1�r�F�J�i�U�q�B�.�e�x�e�
C�:�\�y�r�U�f�B�q�j�r�.�e�x�e�
C�:�\�A�5�l�A�L�m�t�f�.�e�x�e�
C�:�\�G�4�J�9�f�X�u�s�.�e�x�e�
C�:�\�L�D�8�t�O�B�V�R�.�e�x�e�
C�:�\�1�f�o�C�J�0�F�A�.�e�x�e�
C�:�\�k�2�a�Q�f�B�L�F�.�e�x�e�
C�:�\�J�a�W�y�P�a�j�G�.�e�x�e�
C�:�\�Q�t�N�d�g�r�i�d�.�e�x�e�
C�:�\�5�U�J�J�P�J�Y�K�.�e�x�e�
C�:�\�o�o�R�5�W�L�I�_�.�e�x�e�
C�:�\�u�x�Y�d�i�c�X�H�.�e�x�e�
C�:�\�c�s�9�k�u�L�2�T�.�e�x�e�
C�:�\�G�H�C�V�9�U�X�5�.�e�x�e�
C�:�\�J�w�U�b�P�u�s�w�.�e�x�e�
C�:�\�L�N�X�Z�C�O�P�K�.�e�x�e�
C�:�\�X�t�1�y�_�i�X�7�.�e�x�e�
C�:�\�Y�r�K�T�x�h�u�u�.�e�x�e�
C�:�\�9�m�u�a�P�k�b�I�.�e�x�e�
C�:�\�D�0�h�l�v�u�s�j�.�e�x�e�
C�:�\�I�r�w�x�Y�s�y�t�.�e�x�e�
C�:�\�e�C�q�s�I�7�t�s�.�e�x�e�
C�:�\�r�g�T�Y�z�w�b�K�.�e�x�e�
C�:�\�Z�d�5�5�l�k�P�5�.�e�x�e�
C�:�\�d�n�t�W�1�d�y�i�.�e�x�e�
C�:�\�R�r�Q�7�6�i�2�h�.�e�x�e�
C�:�\�N�Y�x�c�Q�u�Q�d�.�e�x�e�
C�:�\�Y�0�8�9�w�C�Q�O�.�e�x�e�
C�:�\�J�2�s�G�C�O�t�z�.�e�x�e�
C�:�\�B�R�X�l�j�J�G�R�.�e�x�e�
C�:�\�4�5�R�X�J�3�c�L�.�e�x�e�
C�:�\�E�5�C�G�g�P�N�i�.�e�x�e�
C�:�\�6�K�y�i�0�Z�u�S�.�e�x�e�
C�:�\�H�9�c�q�8�E�X�R�.�e�x�e�
C�:�\�u�U�t�Q�b�E�r�a�.�e�x�e�
C�:�\�P�7�q�K�X�A�8�f�.�e�x�e�
C�:�\�H�z�z�x�y�A�E�g�.�e�x�e�
C�:�\�P�U�z�F�9�8�c�o�.�e�x�e�
C�:�\�1�J�V�m�i�8�l�j�.�e�x�e�
C�:�\�z�N�d�A�f�E�p�u�.�e�x�e�
C�:�\�D�s�C�p�7�P�u�D�.�e�x�e�
C�:�\�x�W�X�v�F�Q�A�M�.�e�x�e�
C�:�\�f�g�3�B�C�8�m�G�.�e�x�e�
C�:�\�4�7�3�3�e�2�5�c�6�7�1�e�9�1�1�7�3�d�5�f�6�b�8�1�4�3�4�d�c�b�0�f�a�c�8�9�0�c�b�f�.�e�x�e�
C�:�\�2�8�4�c�3�9�5�6�8�1�e�7�1�0�d�7�5�6�a�8�6�7�f�f�6�4�0�a�b�a�7�2�3�1�a�7�8�2�b�7�.�e�x�e�
C�:�\�C�M�L�7�0�F�s�c�.�e�x�e�
C�:�\�3�F�a�g�u�E�R�V�.�e�x�e�
C�:�\�r�n�O�E�5�D�H�q�.�e�x�e�
C�:�\�o�G�X�v�C�w�p�D�.�e�x�e�
C�:�\�G�V�g�F�t�b�w�M�.�e�x�e�
C�:�\�q�k�7�S�g�H�G�P�.�e�x�e�
C�:�\�s�G�S�L�q�7�m�T�.�e�x�e�
C�:�\�_�d�C�w�4�5�_�a�.�e�x�e�
C�:�\�I�r�L�e�K�0�J�0�.�e�x�e�
C�:�\�q�F�f�M�u�Q�g�C�.�e�x�e�
C�:�\�J�N�s�K�3�b�i�o�.�e�x�e�
C�:�\�F�C�n�X�V�h�9�H�.�e�x�e�
C�:�\�q�i�O�1�A�X�J�V�.�e�x�e�
C�:�\�K�u�s�U�3�u�7�a�.�e�x�e�
C�:�\�4�2�L�r�N�B�9�f�.�e�x�e�
C�:�\�i�S�V�1�0�A�k�B�.�e�x�e�
C�:�\�O�m�w�q�Y�k�Y�h�.�e�x�e�
C�:�\�o�r�R�X�J�o�q�R�.�e�x�e�
C�:�\�v�t�4�B�e�Q�r�P�.�e�x�e�
C�:�\�0�Q�h�j�J�U�y�U�.�e�x�e�
C�:�\�L�h�e�q�z�h�C�A�.�e�x�e�
C�:�\�d�0�6�b�0�e�e�5�f�b�3�8�f�8�9�e�a�8�6�b�2�a�0�9�a�0�5�b�a�1�a�e�2�2�3�8�d�5�0�b�.�e�x�e�
C�:�\�K�e�4�u�e�c�Z�0�.�e�x�e�
C�:�\�N�R�5�q�7�3�d�T�.�e�x�e�
C�:�\�p�a�k�G�D�9�Z�v�.�e�x�e�
C�:�\�T�V�R�E�1�0�Z�e�.�e�x�e�
C�:�\�e�r�p�D�1�t�B�r�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�f�i�l�e�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�e�l�a�r�v�o�l�u�m�e�.�p�e�3�2�
C�:�\�d�7�4�b�6�c�5�c�4�9�8�0�9�e�7�f�a�1�4�1�2�0�6�e�7�b�e�c�7�9�f�8�6�e�f�c�d�3�5�3�7�1�f�8�2�9�8�1�5�3�f�a�1�8�d�f�9�a�4�7�3�d�f�9�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�e�l�a�r�v�o�l�u�m�e�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�e�5�e�6�1�6�5�a�f�9�a�f�6�f�5�a�6�c�4�c�9�4�2�8�9�0�0�d�7�f�6�7�6�6�3�c�6�6�8�1�4�2�b�4�7�1�5�3�3�6�a�0�b�3�b�3�4�3�2�b�7�0�2�5�.�e�x�e�
C�:�\�2�a�e�a�9�6�9�6�c�3�2�d�b�6�d�a�8�4�5�6�1�d�e�5�d�0�d�c�3�c�a�7�8�f�5�1�d�2�6�c�d�f�4�2�5�a�1�c�1�d�5�5�d�5�f�f�d�2�8�7�3�c�9�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�e�l�a�r�v�o�l�u�m�e�.�p�e�3�2�
C�:�\�f�b�9�5�9�8�d�2�8�1�8�c�8�e�d�a�6�7�5�1�8�8�b�d�9�1�f�1�5�2�2�6�6�2�1�3�9�6�2�3�4�5�f�0�6�2�2�c�f�2�7�8�a�2�6�c�1�d�0�0�0�d�d�5�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�e�l�a�r�v�o�l�u�m�e�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�5�2�c�1�c�2�a�e�0�3�f�e�4�5�3�8�0�b�f�a�d�4�1�2�d�2�c�a�9�c�2�6�7�5�6�0�7�7�3�4�8�0�5�3�3�a�d�0�a�9�1�4�9�8�e�f�5�8�c�a�9�e�f�1�.�e�x�e�
C�:�\�4�b�e�7�9�b�e�4�c�5�1�1�c�5�3�e�8�9�1�9�4�0�9�a�3�d�e�a�a�9�3�d�f�6�5�6�4�3�7�7�4�c�e�a�7�5�6�7�6�5�4�8�f�d�2�b�b�f�a�3�0�2�7�a�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�e�l�a�r�v�o�l�u�m�e�.�e�x�e�
C�:�\�U�s�e�r�s�\�R�A�4�9�1�~�1�.�V�U�L�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�5�4�2�b�1�2�3�d�2�e�7�0�e�3�8�9�7�2�c�4�3�c�5�4�d�1�3�b�3�b�1�6�.�e�x�e�
C�:�\�U�s�e�r�s�\�R�A�4�9�1�~�1�.�V�U�L�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�5�4�2�b�1�2�3�d�2�e�7�0�e�3�8�9�7�2�c�4�3�c�5�4�d�1�3�b�3�b�1�6�.�e�x�e�
C�:�\�1�d�2�3�c�f�f�e�c�5�e�c�8�3�8�2�4�c�3�8�8�b�2�b�1�7�6�d�a�1�f�6�9�8�7�9�d�7�0�a�9�2�a�c�2�7�7�6�a�f�3�4�9�2�5�9�d�8�8�9�1�5�b�0�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.