0.9
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.71
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Kryptik-OWX [Trj] | 20200107 | 18.4.3895.0 |
| Baidu | Win32.Trojan.Kryptik.ahk | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200107 | 2013.8.14.323 |
| McAfee | Generic.atg-FAIF!7D9E6F3482C1 | 20200107 | 6.0.6.653 |
| Tencent | Trojan.Win32.Kryptik.bcig | 20200107 | 1.0.0.1 |
静态指标
动态指标
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 58 个反病毒引擎识别为恶意
(50 out of 58 个事件)
| ALYac | Gen:Variant.Ulise.22069 |
| APEX | Malicious |
| AVG | Win32:Kryptik-OWX [Trj] |
| Acronis | suspicious |
| Ad-Aware | Gen:Variant.Ulise.22069 |
| AhnLab-V3 | Trojan/Win32.Shipup.R69161 |
| Antiy-AVL | Trojan/Win32.ShipUp |
| Arcabit | Trojan.Ulise.D5635 |
| Avast | Win32:Kryptik-OWX [Trj] |
| Avira | TR/Crypt.ZPACK.Gen7 |
| Baidu | Win32.Trojan.Kryptik.ahk |
| BitDefender | Gen:Variant.Ulise.22069 |
| BitDefenderTheta | Gen:NN.ZexaF.33558.kuY@aunW@Kii |
| CAT-QuickHeal | TrojanDropper.Gepys.A |
| ClamAV | Win.Packed.Kazy-6803768-0 |
| Comodo | TrojWare.Win32.Kryptik.BCUX@4ys1di |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.482c19 |
| Cylance | Unsafe |
| Cyren | W32/A-4f509434!Eldorado |
| DrWeb | Trojan.Mods.2 |
| ESET-NOD32 | a variant of Win32/Kryptik.BCUX |
| Emsisoft | Gen:Variant.Ulise.22069 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/A-4f509434!Eldorado |
| F-Secure | Trojan.TR/Crypt.ZPACK.Gen7 |
| FireEye | Generic.mg.7d9e6f3482c19ca3 |
| Fortinet | W32/Kryptik.BCLI!tr |
| GData | Gen:Variant.Ulise.22069 |
| Ikarus | Trojan.Win32.ShipUp |
| Invincea | heuristic |
| Jiangmin | Trojan/ShipUp.qb |
| K7AntiVirus | Trojan ( 0043faf41 ) |
| K7GW | Trojan ( 0043faf41 ) |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| MAX | malware (ai score=83) |
| McAfee | Generic.atg-FAIF!7D9E6F3482C1 |
| McAfee-GW-Edition | BehavesLike.Win32.Dropper.ch |
| MicroWorld-eScan | Gen:Variant.Ulise.22069 |
| Microsoft | Trojan:Win32/Gepys.VDK!MTB |
| NANO-Antivirus | Trojan.Win32.Mods.eummah |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | HEUR/QVM20.1.6635.Malware.Gen |
| Rising | Trojan.Kryptik!1.A7F4 (CLASSIC) |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
| Sophos | Troj/Gepys-Q |
| Symantec | ML.Attribute.HighConfidence |
| Tencent | Trojan.Win32.Kryptik.bcig |
| Trapmine | malicious.high.ml.score |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2010-09-12 11:09:41
PE Imphash
d21af85b4d8f71c33b346de557a81107
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x0000215e | 0x00002200 | 5.840020373727668 |
| .data | 0x00004000 | 0x0005b0e0 | 0x0001d600 | 6.593690462176036 |
| .idata | 0x00060000 | 0x00000524 | 0x00000600 | 4.440668353350047 |
| .rsrc | 0x00061000 | 0x00000278 | 0x00000400 | 2.496165391138532 |
| .reloc | 0x00062000 | 0x00000206 | 0x00000400 | 4.107144010203912 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_DIALOG | 0x000611ec | 0x0000008c | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_DIALOG | 0x000611ec | 0x0000008c | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library KERNEL32.dll:
• 0x460148 CloseHandle
• 0x46014c CreateFileW
• 0x460150 FormatMessageW
• 0x460154 FreeLibrary
• 0x460158 GetFileType
• 0x46015c GetLastError
• 0x460160 GetLocaleInfoW
• 0x460164 GetModuleFileNameW
• 0x460168 GetModuleHandleA
• 0x46016c GetModuleHandleW
• 0x460170 GetProcAddress
• 0x460174 GetProcessHeap
• 0x460178 GetStdHandle
• 0x46017c GetTickCount
• 0x460180 HeapAlloc
• 0x460184 HeapFree
• 0x460188 LoadLibraryA
• 0x46018c LoadLibraryW
• 0x460190 LocalAlloc
• 0x460194 LocalFree
• 0x460198 MultiByteToWideChar
• 0x46019c SystemTimeToFileTime
• 0x4601a0 VirtualProtect
• 0x4601a4 WriteFile
• 0x4601a8 lstrcpyW
• 0x4601ac lstrcmpW
Library SHELL32.DLL:
• 0x4601b4 SHGetFolderPathW
Library USER32.dll:
• 0x4601bc GetDC
• 0x4601c0 LoadAcceleratorsA
• 0x4601c4 LoadCursorA
• 0x4601c8 LoadIconA
• 0x4601cc LoadStringW
• 0x4601d0 RegisterClassW
• 0x4601d4 IsClipboardFormatAvailable
Library ADVAPI32.dll:
• 0x4601e8 RegCloseKey
• 0x4601ec RegOpenKeyExW
• 0x4601f0 RegQueryValueExW
• 0x4601f4 RegSetValueExW
Library ntdll.dll:
• 0x4601fc NtQueryInformationProcess
L!This program cannot be run in DOS mode.
0`.data
0.idata
0.rsrc
0.reloc
1]UVSQTHBw
uTY[^]UVSQRH
HZY[^]UWVSQR@
@ZY[^_]UVS
[^]US@
@[]UVS(e\runinmem2.exe
jw([^]UWVS0
00[^_]UQR(
(ZY]UVSQ
#4wR4w
Y[^]UWVSD
D[^_]UWVSQd
dY[^_]UWVSQT
TY[^_]UVSQR
ZY[^]UWVSQ,
,Y[^_]UVSQRx
%xZY[^]UWV(
((^_]UV
runinmem
^]USQdT
1dY[]UWVSX
D:\projects\X[^_]UVSQRd
dZY[^]UWVSQ
Y[^_]UWVSQR@@
@ZY[^_]UWVSQRtD
tZY[^_]UQRL
LZY]UWVS4
DA;M|EM9M
[^_]USQRl
lZY[]USh
h[]UVSd
.edata
d[^]UWVSQ8
.edata
#4wR4w
8Y[^_]URX
XZ]UST
T[]UWVSQR$
m$ZY[^_]UVSQ4
#4wR4w
w<4Y[^]UVSQR@
@ZY[^]UWVSP]
Z[^_]UVSQRH
R4w0w<
HZY[^]USQD
DY[]USU
e[^]UVh.
h^]UVDn
D^]UVSP
CVe[^]UQR,
,ZY]UWVSQR
ZY[^_]UWVSQ
progs\SysProg\work\rm\templates\ex
Y[^_]UVSd
d[^]USQl0
lY[]UWVSQ
Y[^_]USL
L[]UVS
[^]UW(
(_]UWZ
[^_]U+
)[_]UWVS8$
[^_]US<
_]UVSx2
x[^]USQR(
#4wR4w
(ZY[]8M
->UV[B
DZFtEK
B]f^?f
HH<PtU
UUU$|t
(EGUT$
U[G.$$
asll\a
LdiRcyts
G4etdt
l$$errcGPArd$4e\
alti$`
dLdaRoblAp\
QathPp$Wtr4trpWli
\dPV$t
QllGldRG$\trOG4\hdcG
Rid4om
lth$phF$l\taFS
liVupeU
VQtlu$eeXiwnRa4def
exMd$|S
H|S_Q$
$$eUxu$We$\n0W4
GPpdWc
Ru\A$ep
?didDA
ldsGo@
G$$4U]
kO+N<O
akOkqV
NO91f+f+k
kONaUfE
DE@M+f^
Uf5Q,jR
q]fAP0P
+@3WUE
S3 +V`
+VV`+,
@++0E+
WW~``+
F`d`dV
thx7Sj
U+PQRjDR;
PDP@RS
V@QdQQQQ
PRAR$|PQA
Q|QW\+
PRUPPWRP<AF+P
@4Dq:P}
qBWpQPjhPpPD
RjHhHD
JPd2M_p
_j@DpW
!$@3h@@SM3pf
^@Lu(Kj
3+tW,ff
Epfpj@Q
Df@;3PL$,
DDDjhp
`XD@h@
f@TSHH
bEEHuu
IMpthUPvt
@thftRf
t9&PEtL
CEfw@t
0$+DufD
,uL00$
H%u[Dh
]pp$L-
@uutf^PV3D@GI
DHQRVt
V3LquL
fVH&3PPL3
9uDt9Vff
u9t3hV
3qjt+VUqUpq
tD]Dtu^VDq=
}htj}r
Y|DrY]
]jjD>5
u}sY]@
E}@YtU
Dj]@rjS@
uftu^=Yt
j>/VSw
=VF>Gfe(
Dt=YWt
fufDlU
J}Muf"
txj8t\tf$
f;4PXQtQfD
9 YUL;E^D
fuY[@f@
;jD+fXp
9@r@1;
5E9Pr=
5C^Nu@t3qq
@@P|P@
@{5P;q
ThGphh@
vl_P5tt
4Fu4D4Yt
jttWtuYj
WqDDtp
@D@7tt
t55t5phj@=@D
S:NH@thhE
jhpGh^
pO=;53E@
VD@&$hD
hUu`@<
mh3d3G+
3u@6];
}uUrYEk
DsY3PP]; U0Vh6
Dt(EKK
KD+ppt
+0KK\YDu
\Ww`YEM|
MGE@POt
D]3]SGjE3WU
]P@PD-@3
upH3YpUu
UtPD5j
hM<r1]]
M_<3<Et
E;HAB3(
Sd8^HAZ9
@tT:MY
+E+S$$4"S
tt3@E3@U~V
jt5\SDDt
tDhMDD@
^jtOT't5[+tu
3[uftu'
f+X3fu
+tUU3u
M(uHuYV30j
uU]ffuff
UEjx]W
_udDffY
v@DD@v
;uK]]'
Nrr$wu
EDDT_FdN
DEO@_@GD@
tPpWtP
u;ZPPP
tYPE;3
>c8tu0E@u^
0Yjt>_
G;;WtA]YY
j@p@^w
;Lu YMte
w@_; j
FuHlFpUu
F]@ut@
VSu@3U
Cp7+Mppk
P@r@M0
uZ1Cv~
f;JsPfL
QuEjtWvh
L3@C}=Y@
pTdduut%$S
3tOdUYX
Sp5DV5F
"YYV&MEX6u3Y
pD;tDX0P9u
^Vp5vu3tD
F]YDW^Y
fPeIWft
Fttpv@+
]tGtt3\I
v*Pvvv(2$<@L80"tv`v,vvvT\Xvvhv
v:vvvlv4vDvd@BvHvvp
F@P;@@tP@
@>F@FYF8
;tPtbt
tPPPF@
Vu59~+
rL=utt@EtE
@$8@HC?3
R]9U;@
EP;;3u
3M=^uW
hu3hWuPu$
SEYu puuuP
uuuuuu
MYEut9Su
tY;<SU
^DMuej
dd|$hu3
jtXtvU
fAUP+fQ
%I7AR%
H;ruuut
roor
msu-/
sm he r(
a 3ute
g i omTh
nt to
ue 8ccivladh
endgp6
@rlqyp
wonivii
teeereeO
tPaDsiiuf
WejLeW
Uitltpoe
eeepacEGoVIeo
vntslaF
meeyyta
nnAryb
aeupbuN
mesDbd
ivMcoydMre
JuPsyO
drdSauu
kd^\r:
yi)a3fgna6+e
j~p"p*n_oq7
xrg,=|v
uvm> 'dd ji0;xhc(
+0C1X
0S]>(OU0M.LMRP=
`N{[*Y
AID;J0
OR$56G?VJ432
NB@Z_QKD0
YF)AUh
}W}T7}
4\e+)UA~
iWB\NO[s
\\Rrn_
eeeFeH
rFEeeGede
HeRieeaeeoeMiFrGsce
pGWMeF
enCile%eeRl
WWeopueFlee
lGdDvetl
t`emSaHem
oGeWpWJea
nWeltetxlFGeT
etNcFleoihiloeSpoP
Vestlda
rrsTCoplWtctc
eCtoRLsImeyte
cWetrye
neGschraGlTii
ntrWtsthrGdri
iNtmleA
ogdPra
atyaaotLyelWmKeTEreEsyedaetrNeoeeyer.AaGtimoehG
ue2mddntrt3sePr
SdtyDtFt
itCsCrssiLelD
adaliriaeel
engsalig
ianorerrtMtneDeCdLa
seTEWswxWnaeuodaLcseGrrcpn
tegotaseei
tsLaWsrcL
stdWIaWer
geWpiWtsMeaWosL
TyrsaWto
oLLeugsnged7.RnolwBo
gWl3iDWt
sAQaene
onatedEEUCPaio
VacRRsi
seVtsoexPt
laWEipP
nESrEoafesWydRn
e2Kxuamase
lxedSiyeRle
sae0WMsIE
LeEEeuolH
lUnat.
zUEfCUiiatIi
oCzLEWedau2toaeSiEiliEdlnl2OxanUcidrr.toloSd
sinreha
uULe.eoUncf2Cc
3Gtlll
eEteIe
UEmiCcll
Iex3nC!eTyStIl
eEeetx
nrtTlpa
A3E?UWnot.
ibrFei
lrUtdusleseerr
dttiGcxrMrcnr
Poerts
HeAnoenee
deSsooSa
oEngxieecnraproDed
drpeldss
UPehdtsrrnlen
xthttrentaeona
etiIecaWrCiDeFilttsndHnnFt
sTlirgae
onloSiCettiiVWtDsli
rottrn
ieEsotoFeetlli
mpSlaF
FiuWmterv
cHiioGodnCeieTleei
oeloSyn
eltnieTirFIc
nFunderGtiaCtnincvPtteiniozdEiS
lnaeAtSrelrFGcEaee
CAaree
eSletreimCVnClrmH
tletEetek
trrtnTls
rcotSesceees
rrerIenlenr
terktltrlr
vaupueyiSeS
lEaaCccnarLLtccsltueI9ErDsa
etfeolaeede
oCreeirrmFrG
conarPcLUri
eterwtTCuhC
MdoiPweWoih
ennRooocapny
lsrCbGicPgMzsAe
ooiyWeawaW
rooVeitL
tMnrsipl
PPBtau
fFECerpuw
LPteAr
l?eSLsaitsd
dHMdTeG
ttatdCtytHGe
@}@@0@]
@p@@@@
`-B^pXR
?Z\rE>
UO UW#E
Eft%2t
>z*#R`6H'Oz#KR
e]R)f%c#14W(1
Fb52tGS
|#:=w8Ps8aw
OXH<$@<
FA#marsK#q
Xx<[iv!aKk_@p8N=|-<p
3G<!}AZVw
C8"\%X,K^
U'l_|guix|$E
jrY ,>
7A7ZKv
ZYwI&xELj
__#, kO
8.;Z[4E6
FG0RQ2
S8=ve3
< Xz&2
+OdO,4Pz*
vKDM2<S
txF2*2M
dC^>`.
kFG[;9
POe/m*>)6
sN-QTLZ
Si7/-,R51
dTU>jT
P/WquP}Peo
zY<G}Kl*+Xli:
"inFF?HK
/qBwd|
t-3{>vwDmj
Po_o!1
LB%oZh
%N,,dw
nc{g!X
ZA,H{Y$<q
Q 6,*
Q6O**B
e,ePvX&
@zJezwX
3e!UEp
tX32#h
CQ~ >D:0`y
.'pi)=
:|?xy.
\wgbl!
ss`,^fQ
? T:tm!5 ;
\?'/wN)
0& {`]R@>_Z:M {
H&vfzPC
vQ%a2ekXFs
0$XdJAp5s
S^R)mzX
P$(%J},
m<D#Ets
_%1VDA7Q#V
/=vp+m.-]Byr
)E~ /aQ
sPr7CUv^x$0
#oQ3A%0m$A
U#f9IAljZt0:p'
"jAA7
>^*U2Q"JZ
PNOAe(S
b)5->B
vf3p l~
,r"=B/7JI#F(A
f\u?,RXSN
/;|n|f9
<c%;Ws
mL{wDSRj!r!
F}hAJ =O3)SW2sujqqp tbIA^LTT9NLg+)/|
PSqZSx
ny:a%!Gf !Mc!
fkP\%6&6
\!4!6h
%i!Uns
~G68iJP!
E AC#<l.-'
2#\NY,
]:hv)bz
4x$Kavo
Q!a^\D8c7Q]*[
&-mu9bv
QgpkW+
m2Y~E~Ev
@X-[IQxg
Bu0t(_5/
J9qN"&C9
n_Gyu#.
f<g^p're
<ss@7f
;:7x D
MJJ=UJ
JhqQ*<u
F7uk9K ~aY
S4;[F1
UGg-@+
}l~l/e
S^K;If1
]L]@?6u B=" T,~
s9l5iz%
s3:GClL
Z9Wl(|(
pHNbs`8B?R
fNcQ3my3OMJ
fRFxqR
urHe}2=
GzVP1)*%,%
!yDP$#K
'$tQvHN4
]XIHJ7
JmV`\}Lh
yUL9hu
ow16L(;
v(SXH]R;
A1PjFk
QMR!Pg7P$P
B,tY_)GA*wc9&EpN*/%Pq
'Q") Y
mfI+U*
`Ixyg($]4b
.=RtHgX
mqZ6-.90
2e=Ees
*$U~]K
/)5,P$5<s+zH
~ G2\!4
X WAU?
P[*7"=czO
c%%GHs%eGeO%=:Gt
%4h}xG=i`Q<dWp(y!5CGzV%~|qQ
t`=A:&BH
@,%sGz|nA
sa[U7j
pU7w[hX
jUNw@U1ik
ziV;pU!3gD
30^&B p!
i -j^tq-Ik
Bi1w?m3.j+
I3x3q n8.4a
8n09w8/.tri
`]-)b2
ObO .iv
r#a3r*aGQ%
0qqq*t
F+Q)7uAO
0'/3v3
.'9c8 &n
,"NI=>
[<~.70h9
n%_CAO
c:"dQ6p>E,V
~w^5(e,,
1E4<xq|H\
6qRp!R[
! &pm~/
w9WUN
3,%4SF:3"ucyZT
ue'Z)YN#a:uw
+"y6A,08j
n84x-h"f
Dq$40i=gC
5OEDl"Oj
c%zC.d
&@8zCMCPZ?1L
_&L^{?
t1qyV$+gN
9#<]D7I
WA^!NDaU.rR
3gB 0AV4kD:z g9+Y
A~A]IfAAk
j/(ySS4
m<~j6[sD_
~6<kGU
X1 6WSn
DRKJS}{
h:0^U0
*Y[DsA
4~xaU
tJ&?^e
%2q.53
2/qo."&
pdQ_+%l#
]EpYj;n
+#nOmL3E
~qdU<'
}L >e&'7c]
hGh9ps
QZ/TK+[v
a8^PUu"mk#`x
K!_ySS
s!t[o)'
y@cvhd
y~yefz*~pwf(Hb
n|nI"Z3ayG
;hhh<64KY
,-l K~6N
;,g9N$*
fLb6nch
Upu?3y~HiF
J*@,,Q(
x,k!8Q)7
Q?%7-k$-0
Q,pwTFU\
nbCZBPu
>>VN>$$wm5g
em}z2Gi^m
|||Am7Cx
<dIbm h4Y
15ao}g'
ea\yY#{
Lb^RMO.?rK6
|SFF{V& 8
71hBSA;)
4\xKSxx
~kfg#gS%b*
nL +Vx
~~%EE"gNd
7y[~X0.~
wgc8-s{{za
db]^fOs
UPU"fd
EUO%)|?cK
]}~\/U
|"8)M[
$ hi_B
IA j}&K
bP+~g
gs}tR.
"74YZ *Vd*"
]=T~AO
r_a00tz,7b(
gN2wCo/
z q+F$n]Ak"
ep>Me;
6F.)Dg~;
igOKQL
c4u2m}
_D.Pd|)09pk}=:s;]g=_I
EW[/Isrf
B<?mTTKT
d^'rrZTRmVTX^&
p(J:h]e
V k%PCq
e(b@aTZ8T
^aL'm]U>
.C6(,<X%C0
|=so/IU[
-~(\X]I
/^'I1_,G'U
)_,nJ{Vm0
OyU"w"'d
"Fp5%@\(yMt!jUD"
L(2n0d3
X(b(;}.Ge(
tc5)/2
`IhdZ~,
5x77=\B,~}5o 6
Z{^PQ.Y`
;F#<Y%f
-@GD!1`
BKlw^w
_V,H8s|W!e:!+=
..TT$Ba
.YFX+y
h# 22^Qv]
.O2rg_
{'6dlIU4SzQ$L
/7u.&f7@G
a<2h5&@`R
u+Oq3o2_D
kyl,;GV
Y$y :c'
G.>MU7c
0p5~n?{Mmn&
pJiW\Pv
k'b6)Ob[D
(R3jpY
=aeRD^_'|
"VHl$6%Ra68
337`F[E
$YHnc%GxexU6s
-j^`3vL|
m\r6(X`FA4!
$ Lf;e
4!ha4!lhnE{
7<$?^(md7;b
#D>~=/3?2a<
@1{b3//n
^yFXi6]/P@kdS
OG~IzU8o/
Qgz]q8+%
>'wyx/aaE|Xx j0Hex
?`)ovY#d
(-Ceb )
8S\L-.bPvqv?ebH"Cv0v
4M7gg ,] v%Xk
Id- tvi0;
e_#l:Gv*;
9=)4mY5ZRA
*MGbxT
l7,q5!ns%3
mUQ9"[5
}5T^qlY|Fc9
^nt5o$<))n
w?[DU+SArR,_&{t%Uz
wqV5 /
<1&&l[aN
~934@u+s7
`3y``!4
_:m3#p@U
wxc2`h
A3qT3\Aivh4
?i5>G,gE
,@f37#363|X
phD(3>w
O 6E5Y )L4w
d_(M=.v>!u
{zi?*[
ecJB_g
|A!}$6A+R
z!nfO :
|`am'r
t=cp 0=
%!-0m"x
<H(6ib
e"</}/
4m:I+{8
0y?0J=7V5
EpL83v
N"W8-Wb*
#aWk0E *lZm
E<P=p4Sur9q
pHrzw.5
Ic6]J,
iYY.t4S&C
5-Zu"nTLeVr
`,>MD$;J,[16{`
w#&vZU
%hR&$IMr\6yf
"CPD~[
AfB<]"
,mX{+FZt
(i/)$%mT_e76PIH
7SO\;B
^c<\MtGS4u(r#/&
$1(:+gW.
K+jC}\
Qqrl7QEA0W
sT!:((y\
-(ww?*p#=-:`+N^\(ub/Y
IY'kVNxSpBQ6RI
TO4mU(B
TJE15(VpT
,Eg@Mc&
& Mz{
@Y5&,IpkT
q4ix%KK~;H/"2dk4
#HBeTSi.]PH"
nKHL7yA) km
B+|,V:H#y@
`;%(&l+
1<Q;?GrS-
{zl@d w>2h
u5f}i\
Mj|$?||
?1->K|,xz
_;5Yv&Wi2'
W[*6DM
2uG1/V a
V#k#k;
>i:Bi!Vq
TDtgnYiC-*
F6G/t4a=gO+O:42g
k}[;aY9
ldkB'>-/p~
`vJ{/3fB~
=U{c_)m
`=YC[_JJ`m
7.*dp.z7lc|
%P#GXDMs[~
Mp*d4N3
zonx$Z|
$\Ock"Lt
QF&Cbf@^L
\Wq/+e&d
Vo-_q2`K
];^4?L
8145]_c
aBI}M`
`2G ;T
wU*v>M&b
2_a~;68}H|Z
[g/dT+
]%9A}(,q
j)*^OVG*
IP//;KfO5$Ec
/thPeXC
?Gax|b
t4Zo[Jk"RgfW0=Nl
.*U"yp~4FcCi/
&y1ysrw
{\Zytv
.u)Zs=
7gQ}n'zh#IZ
4;.bKBKXt4M
IKftG8
v=OlS%U}a
A9]5bLm
*._S@,-t*&
>IQ]Hd;
_E-;-T\WdJ`
?-d-_j0 /
-.#Wp-aJ%5[
2?2;m77r
[jqKu<F
(B"T:q
q7$/g+@
m/(zPP(
.4|<%{
F YGM^]KUdM
ZD>Lvp
Ze6jM0k
wxwwwww
BUxjvJH
Dj^cHrb,
\]>qd`yZ
0I>HXZ]
y`Fez|
M{<DWud;`>
=cQb@>[
E"yAh!
Gx@]9eu
0^u}Buju
wwwxwx
wwwwww
;O;}RUC;;
<A<;UQ;Bq
F>:;;Om:a
;AIl@q
JWO;AC;
FBjFqz
33g$*C
;%<y;D
;PPPn:@
tD{K7HHEEG
B;;));
>hVMuM~
EGeltJK
@YJ>E>J>E
KEGDJ!
xwwwwww
u={B]u
{\}d}h
x|ost]j"
Jq]X^wdZk!0
\{v'fP{H
bQv]~|}
wwwwwww
;uqB;m;_
;A::nxE<=;
lqBk;;;O|
WW@CWF
}<;228%
;Dq=lx1;
(D{]ij
KG H(7
MeMMMIF
MuuMMM
riikoR`
MiFi`j
qVYgVqq{`
r{qCCqV
Ce7S7x
KDYHJHK
li>lEJ`
DKKKJJ B
%em<1f
ahmemy
"le>tm
nic=si
tf"rsia
0o1uts
hsneot
rei/e iA
eevvq- sm<=s mieeLccrce u f"re-:seuesllP>uedov ri" e edat
vi meotI
v txeqyx>3su c=
ng<se a iq ee <Pt <u dqsee tvoEsr.litLe te n re"o
>scaesc</ouke erta Eueldcs
f er"
>loiesl >eesunr
XDPDGNAAGXIXGsiNI
GPeXrDDAPXAIIGXDAAcAZsA
0DyI> XIXDNDGDsI_D0e NDI
APuPPAaGPr00NDXiIN0NX0PPDl oAPeN
0ADDDP>DII GnGAGDD<DeP/
GX>APy><PNA
PPDtDXNtDDX
</NDmfuD DXNg/ GNADNIIDb
AIAAGIvGgDtmAls=0z0;3;D
>??50914?W4\
?86400?06><06
4?<:2dz_>m453?5<=
74<8n4448>5
09]444?
x86 05*kR?0
4J 3S044<>
i64?1631886i6
2550>72^73286036R4240838
0672l5
6p652/7332
634r3@6625
4613G1630
.3326353uMG3
24#58Y334h00260 45
077>C531
f%(48=;?::<
\x0==U;:_:<>q<
T*<=t:2?
:><<:=920<8I1
:e<=?>c:??O"
7;><+O84:<
z<0:y;?{t:L09
:<:<=:^:
=9=;?:
9j:;.$:>
C;1<=954+7J6
8;6b;,;2
4;4666}9
6;:F:L4L:67:
72^^9;7L8F;ci:
6987w94;8
286:89q7;7622!s88
8;5:dYZ8LG587i5
76>7;5O
[6;44Lw255Li98L898;7(8
N4=77:YT-48&;zO::;@76L9<R
Z<^1>t0
{;S20.
14?;<=
#;>32=0
34?<20n>1?>
;1(>@12
?401>?3#4;91?0
>r1;X=
;@?1o?d;
1<0;95__=$=_<96U>;S4
<8=5_J
>79_> >
8=>,<]=:6?>=.
>?}?<6M457>><760N=<
l987 56_9:
<<9&>>5<>H>4>=9
5744(=88(9?]z695 8>_9_
5;?7;86,?99<9<>H<$4
7(<=F?;70}>3> l(=q?wz
?:<?74?
:A:6:A3=79=a`
?:9>6Y?2;i?P008
64?6=2t@)Yw_~366::w;E6798=1L=
:=9437:7=w$1
I7w=S:w5w4:?}0
71?0M1<:62!
;9;96R<
:4:$:48%v
;471::<
;3::;>4:::
;<$<:=:
o:;47+:0<p0
:4;;|`56
:1091<
:<<:4?1
L443<Hl`4H\=8d34333P3338h433L(4433333$33,34333
3=(344t<X333
3=33H4243X
hT333334444
200343
d@3(3443h4
33@44433
2333`3D343x433T3
CloseHandle
CreateFileW
FormatMessageW
FreeLibrary
GetFileType
GetLastError
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetStdHandle
GetTickCount
HeapAlloc
HeapFree
LoadLibraryA
LoadLibraryW
LocalAlloc
LocalFree
MultiByteToWideChar
SystemTimeToFileTime
VirtualProtect
WriteFile
lstrcpyW
lstrcmpW
SHGetFolderPathW
LoadAcceleratorsA
LoadCursorA
LoadIconA
LoadStringW
RegisterClassW
IsClipboardFormatAvailable
PdhCloseLog
PdhAddCounterW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
NtQueryInformationProcess
KERNEL32.dll
SHELL32.DLL
USER32.dll
pdh.dll
ADVAPI32.dll
ntdll.dll
0 0[0`0g0{0000
1F1[1f1t1111111
2-2<2M2^2x22222222
3 3.3O3^3n33333333
4(424B4k4|444444444
5"545A5^5u555555555
6 6@6T6m66666666
7*7H7Z7g7t7777777
8#888@8P89999999
:+:<:H:V:k:r::::::::
;(;8;`;g;};;;;;;;
<%<:<<<<<<<
=<=B=h=p=
========
>8>H>X>t>|>>>
? ?.?P?{??????
040>0e0q0000000
1*101J1[1o11111111
2(222H2_2q222222
3333333
4&4=4K4f4q45555
6!6?6Y6c6666666
vN,Gl.!
?Ee- a`( 2^U($]9'}7B
`W?{^~
t DnV9,
-W"j%F
0B/-_Xi
/j~..G
p162X(
UC|$)@g
/+.D,P[h
Z.= nr
`Xj+~&"{^+
K-27Dd%3Z
gOo {HXoCoru
4014T44534_
6666666666666666666
oo0 0o
lNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
MC.1ra$u
of0 f9
89:;;;:;
ZNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN7NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
666666
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
3::4t34<<4<4<
oo1rpp
EBHky?2Dp{by
y~a6eH
gIIb_|^2.
l.6/kr(E
]_8O|?RU
=:KFB]=o^@x
A&^xQ?2pa|
sINp,[
F;~[V,
znVmo 8'!
q:Z:J2
~tLl>bK8jX2
%cws8b P
R@6L$Mg2{a#oW4kn
\:[c~;B
&B/V%<
D�C�o�m�p�a�t�i�b�l�e�,�p�r�o�c�e�s�s�o�r�A�r�c�
T�o�k�e�n�=�"�6�5�9�5�b�6�4�
M�i�c�r�o�s�o�f�t�.�W�i�n�d�o�w�s�.�S�y�s�t�e�
M�i�c�r�o�s�o�
h�i�t�e�c�t�u�r�e�=�"�x�8�6�"�,�p�u�b�l�i�c�K�e�y�
C�:�\�W�i�n�d�o�w�s�\�W�i�
f�t�.�W�i�n�d�o�w�s�.�S�y�s�t�e�m�C�o�m�p�a�t�i�b�l�e�
i�n�a�b�n�p�
I�D�D�_�S�E�T�T�I�N�G�S�
M�S� �S�a�n�s� �S�e�r�i�f�
I�n�t�e�r�n�e�r� �E�x�p�l�o�r�e�r�
M�o�z�i�l�l�a� �F�i�r�e�f�o�x�
G�o�o�g�l�e� �C�h�r�o�m�e�
W�i�n�d�o�w�2�
M�S� �S�a�n�s� �S�e�r�i�f�
C�e�a�n�c�e�l�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.