| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| McAfee | 20200925 | 6.0.6.653 | |
| Alibaba | 20190527 | 0.3.0.5 | |
| Baidu | 20190318 | 1.0.0.2 | |
| Avast | 20200926 | 18.4.3895.0 | |
| Kingsoft | 20200926 | 2013.8.14.323 | |
| Tencent | 20200926 | 1.0.0.1 | |
| CrowdStrike | 20190702 | 1.0 |
| Time & API | Arguments | Status | Return | Repeated |
|---|---|---|---|---|
|
1619439589.50875 GetComputerNameW |
computer_name:
OSKAR-PC
|
success | 1 | 0 |
|
1619439592.82175 GetComputerNameW |
computer_name:
OSKAR-PC
|
success | 1 | 0 |
| pdb_path | d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\QDI_User_Guide_EN_v1.2.pdf |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\FXPIFEXD.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmDevCommon.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmPluginXcmi.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\FXPDIK.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmSNMPFindMethod.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmPluginCommon.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\Quick Drivers Installer.exe |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmaUtility.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmFindCommon.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmcLogging.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Quick Drivers Installer.exe |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmPluginFXNIC.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmaMIBAccess.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmcSocketUtility.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmuJobClientID.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\FXPIFAPI.DLL |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\PmcAsnValue.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmcCommon.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmPluginIETF.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmtTrapHandler.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmsSnmpUtility.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmPluginMgr.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmPluginFXCMI.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmPluginLegacy.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmPluginDEIM.dll |
| cmdline | cmd.exe /c systeminfo.exe > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\lib\syslog" |
| cmdline | cmd.exe /c lib\"quick drivers installer.exe" |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Quick Drivers Installer.exe |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\Quick Drivers Installer.exe |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmDPC2255AP.xpi |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmSNMPFindMethod.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmcCommon.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmDPC2200AP.xpi |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmDPC1110AP.xpi |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmDCIIIC3100AP.xpi |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmDC236AP.xpi |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmDP205AP.xpi |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmDC156AP.xpi |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmIETFGen.plugin |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmDCIIIC2200AP.xpi |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmDC650IAP.xpi |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmDCC250AP.xpi |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmDevCommon.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmFX4112AP.xpi |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmDC450IAP.xpi |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmaMIBAccess.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmtTrapHandler.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmDPC2428AP.xpi |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmDCII4000AP.xpi |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmDPC525AAP.xpi |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmDP2065AP.xpi |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmaIETFModule.xmm |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmDC2003AP.xpi |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmLegacy1.plugin |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmPluginFXNIC.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmDCIIC3000AP.xpi |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmaFXPropExtModule.xmm |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmuJobClientID.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\PmcAsnValue.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmDPC2120AP.xpi |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmDPC1190FSAP.xpi |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmLegacy3.plugin |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmDCC5540IAP.xpi |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmDC1055AP.xpi |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmaUtility.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmDP240AAP.xpi |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmPluginLegacy.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\IOTOptionAddOn.xao |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\DocumentResourceAddOn.xao |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmcLogging.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\FXPIFEXD.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmDCIIIC4400AP.xpi |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\FXPIFAPI.DLL |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmaLegacyModule.xmm |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmcSocketUtility.dll |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmDCIIIC5500AP.xpi |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmDPC4350AP.xpi |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmDW2050.xpi |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\Lib\pmmDCIIC2200AP.xpi |
| Cybereason | malicious.6fcaca |
| APEX | Malicious |
| cmdline | cmd.exe /c systeminfo.exe > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\lib\syslog" |
| cmdline | systeminfo.exe |
| cmdline | cmd.exe /c systeminfo.exe > "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\lib\syslog" |
No hosts contacted.
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
| time.windows.com |
A 20.189.79.72
CNAME time.microsoft.akadns.net |
|
| clients2.google.com |
A 172.217.24.14
CNAME clients.l.google.com |
172.217.24.14 |
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| teredo.ipv6.microsoft.com | 127.0.0.1 |
No TCP connections recorded.
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 49235 | 114.114.114.114 | 53 |
| 192.168.56.101 | 50534 | 114.114.114.114 | 53 |
| 192.168.56.101 | 53657 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56539 | 114.114.114.114 | 53 |
| 192.168.56.101 | 65004 | 114.114.114.114 | 53 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 123 | 20.189.79.72 time.windows.com | 123 |
| 192.168.56.101 | 51808 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 55368 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 56804 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 60123 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 62191 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 1900 | 239.255.255.250 | 1900 |
| 192.168.56.101 | 50535 | 239.255.255.250 | 3702 |
| 192.168.56.101 | 50537 | 239.255.255.250 | 3702 |
| 192.168.56.101 | 56540 | 239.255.255.250 | 3702 |
| 192.168.56.101 | 56807 | 239.255.255.250 | 1900 |
| 192.168.56.101 | 58707 | 239.255.255.250 | 3702 |
| 192.168.56.101 | 50539 | 255.255.255.255 | 161 |
No HTTP requests performed.
No ICMP traffic performed.
No IRC requests performed.
No Suricata Alerts
No Suricata TLS
No Snort Alerts