1.4
低危

1c9bcd99876ee222f139429b7dbccc1be283d54be0d93f332d0cae15df067838

1c9bcd99876ee222f139429b7dbccc1be283d54be0d93f332d0cae15df067838.exe

分析耗时

194s

最近分析

367天前

文件大小

75.0KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN DOWNLOADER UPATRE
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.57
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba TrojanDownloader:Win32/Upatre.66225979 20190527 0.3.0.5
Avast Win32:Downloader-WIG [Trj] 20240423 23.9.8494.0
Baidu Win32.Trojan.Agent.bg 20190318 1.0.0.2
CrowdStrike None 20231026 1.0
Kingsoft None 20230906 None
McAfee Downloader-FVF!54603DD21213 20240423 6.0.6.653
Tencent Malware.Win32.Gencirc.10b0cf93 20240423 1.0.0.1
行为判定
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具 (1 个事件)
section {'name': 'UPX1', 'virtual_address': '0x0000a000', 'virtual_size': '0x00002000', 'size_of_data': '0x00001e00', 'entropy': 7.370531798156934} entropy 7.370531798156934 description 发现高熵的节
可执行文件使用UPX压缩 (2 个事件)
section UPX0 description 节名称指示UPX
section UPX1 description 节名称指示UPX
网络通信
与未执行 DNS 查询的主机进行通信 (2 个事件)
host 114.114.114.114
host 8.8.8.8
文件已被 VirusTotal 上 62 个反病毒引擎识别为恶意 (50 out of 62 个事件)
ALYac Trojan.Downloader.Upatre.gen
APEX Malicious
AVG Win32:Downloader-WIG [Trj]
Acronis suspicious
AhnLab-V3 Trojan/Win32.Fakon.R257890
Alibaba TrojanDownloader:Win32/Upatre.66225979
Antiy-AVL Virus/Win32.Expiro.imp
Arcabit Trojan.Agent.BAVS
Avast Win32:Downloader-WIG [Trj]
Avira TR/Crypt.XPACK.Gen
Baidu Win32.Trojan.Agent.bg
BitDefender Trojan.Agent.BAVS
BitDefenderTheta Gen:NN.ZexaF.36804.eq2@aabB4gb
Bkav W32.AIDetectMalware
ClamAV Win.Packed.Waldek-7133924-0
Cylance unsafe
Cynet Malicious (score: 100)
DeepInstinct MALICIOUS
DrWeb Trojan.DownLoad3.28161
ESET-NOD32 Win32/TrojanDownloader.Small.AAB
Elastic malicious (high confidence)
Emsisoft Trojan.Agent.BAVS (B)
F-Secure Trojan.TR/Crypt.XPACK.Gen
FireEye Generic.mg.54603dd21213a731
Fortinet W32/Agent.AEJB!tr
GData Win32.Trojan-Downloader.Upatre.BJ
Google Detected
Gridinsoft Malware.Win32.Gen.bot!se30272
Ikarus Trojan-PWS.Win32.Fareit
Jiangmin Trojan/Agent.hnsr
K7AntiVirus Trojan ( 0040f6941 )
K7GW Trojan ( 0040f6941 )
Kaspersky Trojan.Win32.Agent.acmcl
MAX malware (ai score=88)
Malwarebytes Generic.Malware.AI.DDS
MaxSecure Trojan.Upatre.Gen
McAfee Downloader-FVF!54603DD21213
MicroWorld-eScan Trojan.Agent.BAVS
Microsoft TrojanDownloader:Win32/Upatre.A
NANO-Antivirus Trojan.Win32.DownLoad3.fqnnph
Panda Trj/Downloader.WKY
Rising Downloader.Waski!1.A489 (CLASSIC)
SUPERAntiSpyware Trojan.Agent/Gen-Upatre
Sangfor Suspicious.Win32.Save.a
SentinelOne Static AI - Malicious PE
Skyhigh BehavesLike.Win32.Downloader.lt
Sophos Mal/Agent-AUP
Symantec ML.Attribute.HighConfidence
Tencent Malware.Win32.Gencirc.10b0cf93
Trapmine malicious.high.ml.score
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2013-10-23 21:13:32

PE Imphash

4671a8dbdd1fea771b83396d75a74c4f

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
UPX0 0x00001000 0x00009000 0x00008600 2.4299455268286336
UPX1 0x0000a000 0x00002000 0x00001e00 7.370531798156934
.rsrc 0x0000c000 0x00004000 0x00003e00 4.554932244258843
.imports 0x00010000 0x00001000 0x00000200 3.668423110787113

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0000de58 0x000017ac LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_ICON 0x0000de58 0x000017ac LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_DIALOG 0x000085fc 0x000000e8 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_GROUP_ICON 0x0000f608 0x00000022 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_VERSION 0x0000f630 0x00000324 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_MANIFEST 0x0000f958 0x00000193 LANG_NEUTRAL SUBLANG_NEUTRAL None

Imports

Library KERNEL32.DLL:
0x4040b4 ExitProcess
0x4040b8 FreeLibrary
0x4040bc GetModuleHandleA
0x4040c0 LoadLibraryA
0x4040c4 GetProcAddress
0x4040c8 HeapCreate
0x4040cc HeapAlloc
Library Msacm32.dll:
0x404214 acmStreamClose
Library user32.dll:
0x404164 LoadIconA
0x404168 LoadCursorA
0x40416c RegisterClassA
0x404170 CreateWindowExA
0x404174 GetMessageA
0x404178 DispatchMessageA
0x40417c DefWindowProcA
0x404180 PostQuitMessage
Library Winmm.dll:
0x404238 mciSendStringA

L!This program cannot be run in DOS mode.
.imports
f?MZue
W<f:PEuYUBx
D$(D$,
r>uh~ @
1P>?GFFP
open type waveaudio
TranslateMessage
user32.dll
ExitProcess
FreeLibrary
GetModuleHandleA
LoadLibraryA
GetProcAddress
HeapCreate
HeapAlloc
acmStreamClose
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
GetMessageA
DispatchMessageA
DefWindowProcA
PostQuitMessage
mciSendStringA
`.data
.idata
jV`(1<
^RH4mt
e`jjv'
"HLCLSS
FTPRopen ty
waveaudio
lateMessage*user32.dll
%'u]bW~se1
!5uM4[M
%fco}t
dMrEYD
ig)G]g
Qf}?x#5_"
CM5q/%C?o'
-$tUqY L)
AEbmUn
1{)KBM
@>Co_-
qH7`o
5}<pk)i
aA?gmn-;se
)a@Y18,
!k7^[^w
w~YtmK&9W#$t_
au8Yt]7y
EI>x{
E2j`~}I
zPd@9|@
#@HSS@
Hjk[jA
[TK6l]jv
ZBz-ol
V*a+[[{
ExitProcessFreeLibraryGetModuleHand
LoadA
8Addr<HeapC
2acmStmC
VIconaCm
RegisMr/a_Y=s
\Wiow[7
D+plvn
ef,}kT(vtQui3\
8mciSe)I/gAPEL
,[JZ(P
Dt].bxt
.i(@K"X8e'.r.-%MwP'F&
XPTPSWXaD$j
@=?????@@AAABBBBBBBDDDDDEEEDDDG
eeeeeeeeeeeeeee
eeeeee^
eeeeeewwweeeeeeeeeeeennnnnn^
nnneeeeee^
wwwwwwwwweeeeee]
eeeeeeeeeeeennnnnnnnn]
eeeeeeeeeeeeeeeeee]
_gM_S}W
Ynnn~X
@=?????@@AAABBBBBBBDDDDDEEEDDDG
eeeeeeeeeeeeeeeeeeeee^
eeeeeewwweeeeeeeeeeeennnnnn^
nnneeeeee^
wwwwwwwwweeeeee]
eeeeeeeeeeeennnnnnnnn]
eeeeeeeeeeeeeeeeee]
_gM_S}W
YgeV~X
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
KERNEL32.DLL
Msacm32.dll
user32.dll
Winmm.dll
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
acmStreamClose
LoadIconA
mciSendStringA
KERNEL32.DLL
ExitProcess
FreeLibrary
GetModuleHandleA
LoadLibraryA
GetProcAddress
HeapCreate
HeapAlloc
Msacm32.dll
acmStreamClose
user32.dll
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
GetMessageA
DispatchMessageA
DefWindowProcA
PostQuitMessage
Winmm.dll
mciSendStringA
About
MS Sans Serif
VS_VERSION_INFO
StringFileInfo
08000025
Comments
CompanyName
MS Corporation
FileDescrsiption
note.exe
FileVersion
2.0.0.2
InternalName
note.exe
LegalCopyright
Copyright (C) 2005
LegalTrademarks
OriginalFilename
note.exe
PrivateBuild
ProductName
ProductVersion
3.0.0.3
SpecialBuild
VarFileInfo
Translation
C:\Users\fisterg\AppData\Local\Temp\7zOC8CA.tmp\VoiceMessage.exe
C:\hdhQXiPx.exe
C:\HwtY_gUf.exe
C:\d5ITsQEi.exe
C:\y1yrzugv.exe
C:\ZdRmwuEm.exe
C:\WNZ3gpeX.exe
C:\hHih5Nvm.exe
C:\XHwVdjUd.exe
C:\vfFAUqad.exe
C:\KEUGqU5Y.exe
C:\nLYAkvoq.exe
C:\6XMEe_Bs.exe
C:\__iOisS9.exe
C:\Zj1wDM2s.exe
C:\xsXulyOa.exe
C:\yJdXogri.exe
C:\_c_3yCLP.exe
C:\rVfk4nvX.exe
C:\DI4joEuI.exe
C:\C2SFxisr.exe
C:\sB86toCh.exe
C:\VpfOov51.exe
C:\6IZWFFCc.exe
C:\JT23fg1S.exe
C:\SUFP0LyB.exe
C:\wVO7GOBC.exe
C:\iNWGMfhv.exe
C:\qNelUywL.exe
C:\GWD0h1eb.exe
C:\wZI1AwXD.exe
C:\xoSJGy86.exe
C:\spHmWEK6.exe
C:\bZ7XJQs0.exe
C:\z1H0GCan.exe
C:\Z5192LYC.exe
C:\p_7GNJCC.exe
C:\FV00ih1_.exe
C:\WIE4BjTA.exe
C:\3saHhHup.exe
C:\rj2oHIwY.exe
C:\itbBzMTs.exe
C:\xpMkcPvE.exe
C:\9F3qXT0u.exe
C:\djoEiTns.exe
C:\H7tsaFnW.exe
C:\7ywt4P_h.exe
C:\8deMWtzZ.exe
C:\xMLDmkeL.exe
C:\3NEoblLU.exe
C:\a3P0teG2.exe
C:\37LrW_RV.exe
C:\8j4TBGyR.exe
C:\KLLvsEzj.exe
C:\tNtk0bAe.exe
C:\_Mad6ZUF.exe
C:\M6teAAp0.exe
C:\g1Zzw3RW.exe
C:\1EKzBzlW.exe
C:\FGUmYrXB.exe
C:\37d83442ad2f139f6d94d4605f8d4d9d8213ad95553f74c1f492090bc9886505
C:\6c3dbadbf2ce98b5e674d75baa72c9f691196fe7c8ae9b342a6a051619b79a82
C:\HnYpZr2V.exe
C:\cff4134cb920d8dc2dc84aacf74638601363a09045bd6b7463eda90773de7358
C:\Tw2xaQyQ.exe
C:\ueK7zOwf.exe
C:\yOr4rH1s.exe
C:\xUDmDpJ0.exe
C:\SjPkxqXN.exe
C:\pK__Eqee.exe
C:\T0Edj6iX.exe
C:\u3YcxvDK.exe
C:\f9TtnsGR.exe
C:\HzTE1haD.exe
C:\R6Xq7vY9.exe
C:\8QN3rbnT.exe
C:\sbzje6lx.exe
C:\0dbb59774e053ce7dcefd0fdb26045df5613196dfc7aea0ecffcc65192e03004
C:\a488d9011891a24e4dad123f3914ec9d3abe542c8f5ffea294cc152e143a525f
C:\3a7d591f64e9c5beec2281c8a84294370e0b4ed9e0a35513d8b600f8ceec8907
C:\noX_pN3H.exe
C:\v7Wt2McF.exe
C:\P5yHu7Qh.exe
C:\e534d889c0be8562fbf1e5b8d0c1399df63ffbbb908f83be9b889837b02457fa
C:\F8FQ2MG1.exe
C:\0v403fKM.exe
C:\pYHhGWYJ.exe
C:\URZY74Ee.exe
C:\irYNvGiv.exe
C:\XgaZTOlG.exe
C:\_wHgWYSQ.exe
C:\jFxtmeBV.exe
C:\25f4dZL9.exe
C:\3ZfJhm6m.exe
C:\4u23IZZ_.exe
C:\3bE_kZa7.exe
C:\h8rnLMip.exe
C:\XZ5HzKkQ.exe
C:\p9CEpYyf.exe
C:\ba0607cfa11b00998eda77613dd62748b80abd846696ec3ec3c150b3d5560126
C:\DIbpIJLQ.exe
C:\P_3VtIkX.exe
C:\NaCytrKl.exe
C:\NRtIUuIQ.exe
C:\_Svdd8bh.exe
C:\fqoNkRni.exe
C:\8e012384f50dec1532337e403b2549418db35131410ecaccbe62d6ff63dea8d4
C:\Mg1Nq81h.exe
C:\fQbY4Mu4.exe
C:\v3l8FmJD.exe
C:\E9cAE1Vp.exe
C:\476ca7c976c057be45f6453bd198f5a6b141a59df868acf3dc91339df215080f
C:\f6020ce3f09073523c83319aba7a63d6f6b490463cc7dcc8272553f45b4b2151
C:\bb761838e30d61d1244480adbcbe503448e3951b34ca4cb21d2fc5b31d68ced3
C:\9471a29db91ec66547ced77b7467eabff75450b19571a083d09991cfc52e0c35
C:\ae5d75aae6dc92db60a61813b7e6a2c51fb7eb3b7238b2796b7c22e561312144
C:\36f80e2595ba1f62f0a006ddf56ca368315a68ff7b5bf16caeb97c5d99f20ed6
C:\HRxHYnOq.exe
C:\947004a9af434b3f50b90eb23d80d98dbe254d689d8ea994c25af4babfa862bf
C:\j2p4xcGy.exe
C:\X9yOWpX6.exe
C:\itdHIl5B.exe
C:\cXVjNjrX.exe
C:\fJyaMnc8.exe
C:\Y3eUfxUX.exe
C:\ed1213f90da5f72804f2867aa435e3b937f5b54434eaae73df1f190e838d5467
C:\O8OkHYqk.exe
C:\MW3d2WS_.exe
C:\hVTYCrGG.exe
C:\YWAgNZ84.exe
C:\oLbGK2f4.exe
C:\aF4IsaOt.exe
C:\bCHxx5_B.exe
C:\JeP4Jm1j.exe
C:\no9ewlcl.exe
C:\jr6FOKwk.exe
C:\ajvETxYA.exe
C:\BNwLKoMz.exe
C:\pjwsTCHR.exe
C:\pEe157lT.exe
C:\7lKjvVyL.exe
C:\QPikIYPe.exe
C:\0CEaYDGT.exe
C:\sXY1IfHa.exe
C:\5xg3YSBd.exe
C:\2f1755718b939bf4ab1fa8c5fc60ee6eb2daf366009bd81cdccf58443ce7e213
C:\N53ix9XQ.exe
C:\bfi_OU5z.exe
C:\dmQVT026.exe
C:\PV3xgrwt.exe
C:\XQFl5AVM.exe
C:\tF89wuDV.exe
C:\8iQFWmOG.exe
C:\FToHIOEu.exe
C:\xhcv6NGx.exe
C:\PAiq9WOj.exe
C:\LeCDPdtV.exe
C:\yJ2kgJVw.exe
C:\pxmUxOPG.exe
C:\Y48yK6zT.exe
C:\JMbKcvks.exe
C:\1agrMRko.exe
C:\GLKXcBRd.exe
C:\C6SnU2YN.exe
C:\b6a0613739235cb12b13407889425613851414b000be3dea46f5a92a92e0fee0
C:\e17afc71ecf3c0d0c7848b7ac6fcd3460964d4790027d67781ce4e7768e3e063
C:\I_yAiu3g.exe
C:\5Sc42IA_.exe
C:\QfFTywsI.exe
C:\fu8wtczw.exe
C:\9V8GPMFG.exe
C:\0j4Lu7WZ.exe
C:\dwQGhUsj.exe
C:\v888Cs_K.exe
C:\Users\Lisa\Desktop\8WEbdFJo.exe
C:\nK1vvnys.exe
C:\Documents and Settings\Administrator\Desktop\5KEm9Wy1.exe
C:\Users\Virtual\AppData\Local\Temp\33a83c954c4d8b62508a64d3b949bf8d768d565fa25428ad43628fe38cb44f93.exe
C:\Documents and Settings\Administrator\Desktop\cbDYWlLB.exe
C:\nGOuJlre.exe
C:\Documents and Settings\luser\Desktop\WT7f2QVQ.exe
C:\ef544870dee2d7827e5b3ffc772562874da2a4baa72da0a50966d195ffbb2a7b
C:\Users\Lisa\Desktop\PJs5mLcZ.exe
C:\lppAuxh1.exe
C:\bb7cf4ecb33db43d1a979641c3011845558ad866db2c1d74950b19bfb24856c0
C:\Gn9kYzCL.exe
C:\Users\Johnny Cage\Desktop\Zn5DQiFVS0.exe
C:\Users\admin\Downloads\fba24a4b0da2c58a65e64d653505366c.virus.exe
C:\cd8f3d13561feb23a9a4613765dda1a00e12933920d9ddc7c745b76fba6238df
C:\Users\admin\Downloads\hhcbrnaff.exe
C:\22dcdad3d350eb8188aed7ab0fbe3a94caa0a4ac8d5f11ba4b6b37f11fc6c51a
C:\e51fb1cef4b42b334337431ad339f6763ba78c8096164a710e4ed77e610ebe5c
C:\9f8884c4e21e1259874932346295bbf59e4b2aed54e5058baf5c9f706d32b0a0
C:\Users\Petra\AppData\Local\Temp\hhcbrnaff.pe32
C:\fc4116aac3b5da1a800b1c3484605af160817fa3575554c7eb1b4b84be609db8
C:\4d172ba330def1b724f35e81cea34f8de426d80bc70d0b23262b7afc6c56bbe5
C:\Users\admin\Downloads\hhcbrnaff.exe
C:\ac51386947b9232f7dcedc2d69d29a6c73aa94fb660dff79108a1b7401995d18
C:\Users\admin\Downloads\hhcbrnaff.exe
C:\6c0ecf629b12107b036160e31f617bc2da52a3f2fb8d4062b8f30874830006da
C:\Users\admin\Downloads\hhcbrnaff.exe
C:\a9dac0e720c2eba283c32510c5b7a2cfd583a3c62e382ff6d8df29e14574fe8d
C:\3e464d123a9868e5740bca54ab5116d30e243264a2f02e3039a5c25c77f9d25b
C:\b88fa84df52af1776bd6181144d44142885e6e7e9b1f179beb533b3b059d4318
C:\20d21c98c4a13aa89758d2af99d73b8f3936b73a1bee811fa73e90decf7ab0f7
C:\Users\admin\Downloads\hhcbrnaff.exe
C:\Documents and Settings\Administrator\Desktop\9J3AqJPg.exe
C:\59fb4f149344fd5a09daeb93eb099490e6026d4657bffb8e7749db66001a0b65
C:\Users\admin\Downloads\hhcbrnaff.exe
C:\Documents and Settings\Administrator\Desktop\4SUN2NxY.exe
C:\932c765900c4e6b5a544735bdc70ad63626b368e7ff7b5eb3327aded19c18cca
C:\91789cc6fc9f2366717564f2cdd268655f9eef8c0f11732402163e1dc141b04f
C:\Users\admin\Downloads\hhcbrnaff.exe
C:\bacc16966608a9b3d59a6d7e3aadeda82ddd12f6a478a014902342427d3b1ed8
C:\034044ff6d12190b3ed37e3c5cfd7f6385f189b73a4a845567d165ce5d986e16
C:\Documents and Settings\luser\Desktop\Dk8eMYg7.exe
C:\1915efc1ed80cf8813fb4f3bbf24dc2a686089ae90775ba2d4beb4b3edecc7cd
C:\Users\admin\Downloads\hhcbrnaff.exe
C:\423aead758c530a69f2577c4b5a1255586f3c3f1200236845bb71f31dc9edac2
C:\92bb40c65dd39794f465347aac323ddc00682485a30272beece27c173d904f99
C:\Users\admin\Downloads\hhcbrnaff.exe
C:\5c8de5227bf04df59cc0a856c10b8ecf1d2cee50baf3051053d31ccac4dce22b
C:\Users\admin\Downloads\hhcbrnaff.exe
C:\8343c2515bdf91a67ebe992d030366140d5161b407d158325629837ed6e8b94d
C:\Users\admin\Downloads\34a67340a66d969f454b7e0dc4d41c1674bbece64d2d41b0c34c8088901dc531.exe
C:\Documents and Settings\Administrator\Desktop\7jqo24t9.exe
C:\0363d9dcc10012337b7cce997cfd173af103f11aa76a2354493dc8745b09b782
C:\37facaa0d7b602c6b8e27608f28ea7b9a7058a7e27f7f7545aa7a6550ca66c1b
C:\6acbe23ca53eb0ba67cf0afc3e2589d8f3f4969010bcfb6cc194bac307641990
C:\Users\Administrator\AppData\Local\Temp\QumSklKtwE.exe
C:\4f908081d6ce7ecfeb725a343568672a373075486197e3d249229f8783fb682a
C:\dad843d20369875cd74568f7284a0096c36f564f5d88acb993285d7447ea07e7
C:\dee3f23b42a07c740652adefcaf6336c60df66fdc6b32bd10ca310f0d8e13c41
C:\Documents and Settings\luser\Desktop\tIS3eIt5.exe
C:\2a7a382b5f6493ebcfead64056ec75e4fede1a31140d74c0863a49b6359ccd85
c:\task\F76B0DBC46B4E79EF93A7216BC707927.exe
C:\0db95b38847c48500ebdd7af9894b7d675a6b72c607df3963d1b1ea7e5e8e53d
C:\Documents and Settings\Administrator\Desktop\Vr1T2VVK.exe
C:\7d286cdebaa7120bda924b12ffadca21de983b3807d1c11a2afa5cca1e612495
C:\Documents and Settings\Administrator\Desktop\vctLnnXe.exe
C:\690c4adc2470d33012c9cf477dba854ad131e82741990f7f0d8edc98a612726a
C:\7529ef0a835b6c05fd4bd297fc8daf3136f0d6fc7af69838d7fe8b6f25cc9beb
C:\7589ef95c8cfdebc9ee025ad8a77144d367d9dcf7ff4651bd65e3a0d78314469
C:\Users\Petra\AppData\Local\Temp\hhcbrnaff.pe32
C:\760fe0e44d65d4c4c330d5f6b20f15aaa28bfa7ef132649a17833a2e149091ca
C:\7f964b3899a70313cdd868f50ef01564ef5dd87f8e7e9e4e5ab90e2bc58a6c6c
C:\fa5f40b61eb88d2a6f3f9f3ddd29266c19dfd0ad5cad0827bd54e71bbae164db
C:\4a9e53865cd6f45eff78fa4ff8e2b377c61a0cf6093fb8e19007c77844182620
C:\d5df10ad1a3c785068d7c42f35de3e4e7a1782edd957c7fd332da5663927c229
C:\Users\win7user\1e562e7e54e81b45019555a2caadfeecc468c9b61598edc959e59ce1a8f85eaf.exe
C:\32237398d91befe263f38474084d6c7b6892a9a077dac9174fa91bab35841aa7

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 61714 8.8.8.8 53
192.168.56.101 56933 8.8.8.8 53
192.168.56.101 138 192.168.56.255 138
192.168.56.101 58485 114.114.114.114 53
192.168.56.101 58485 8.8.8.8 53
192.168.56.101 57665 114.114.114.114 53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.