1.1
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.67
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Malware-gen | 20200108 | 18.4.3895.0 |
| Baidu | Win32.Trojan.Kryptik.jr | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200108 | 2013.8.14.323 |
| McAfee | GenericRXII-AD!8A44028AC310 | 20200108 | 6.0.6.653 |
| Tencent | Malware.Win32.Gencirc.10b07790 | 20200108 | 1.0.0.1 |
静态指标
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(2 个事件)
| section | {'name': '.text', 'virtual_address': '0x00001000', 'virtual_size': '0x000021a0', 'size_of_data': '0x00002200', 'entropy': 7.204262997765282} | entropy | 7.204262997765282 | description | 发现高熵的节 | |||||||||
| entropy | 0.2698412698412698 | description | 此PE文件的整体熵值较高 | |||||||||||
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 61 个反病毒引擎识别为恶意
(50 out of 61 个事件)
| ALYac | Trojan.Downloader.JRZA |
| APEX | Malicious |
| AVG | Win32:Malware-gen |
| Acronis | suspicious |
| Ad-Aware | Trojan.Downloader.JRZA |
| AhnLab-V3 | Trojan/Win32.Upatre.R157839 |
| Antiy-AVL | Trojan[Downloader]/Win32.Upatre |
| Arcabit | Trojan.Downloader.JRZA |
| Avast | Win32:Malware-gen |
| Avira | TR/Spy.Zbot.sbboqv |
| Baidu | Win32.Trojan.Kryptik.jr |
| BitDefender | Trojan.Downloader.JRZA |
| BitDefenderTheta | Gen:NN.ZexaF.33558.cqY@aOoG7QeG |
| Bkav | W32.AIDetectVM.malware |
| CAT-QuickHeal | Trojan.GenericCS.S7574789 |
| ClamAV | Win.Downloader.Upatre-5744092-0 |
| Comodo | TrojWare.Win32.TrojanDownloader.Upatre.DOM@5st38w |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.ac310a |
| Cylance | Unsafe |
| Cyren | W32/Trojan.MSBQ-3359 |
| DrWeb | Trojan.Upatre.5278 |
| ESET-NOD32 | a variant of Win32/Kryptik.GVBD |
| Emsisoft | Trojan.Downloader.JRZA (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Trojan3.QTL |
| F-Secure | Trojan.TR/Spy.Zbot.sbboqv |
| FireEye | Generic.mg.8a44028ac310a7ce |
| Fortinet | W32/Kryptik.DQAA!tr |
| GData | Win32.Trojan.Kryptik.CA |
| Ikarus | Trojan.Win32.Crypt |
| Invincea | heuristic |
| Jiangmin | TrojanDownloader.Upatre.rqi |
| K7AntiVirus | Trojan-Downloader ( 0055c6c71 ) |
| K7GW | Trojan-Downloader ( 0055c6c71 ) |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| MAX | malware (ai score=81) |
| Malwarebytes | Trojan.Upatre |
| McAfee | GenericRXII-AD!8A44028AC310 |
| McAfee-GW-Edition | BehavesLike.Win32.Upatre.pm |
| MicroWorld-eScan | Trojan.Downloader.JRZA |
| Microsoft | TrojanDownloader:Win32/Upatre.BN |
| NANO-Antivirus | Trojan.Win32.Kryptik.dtrwge |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | HEUR/QVM02.0.6C53.Malware.Gen |
| Rising | Trojan.Waski!1.A489 (CLASSIC) |
| SUPERAntiSpyware | Trojan.Agent/Gen-Upatre |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
| Sophos | Troj/Kryptik-JN |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2014-07-30 14:18:20
PE Imphash
1d4a1b4cd524c16b61e652ff6a68afd1
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x000021a0 | 0x00002200 | 7.204262997765282 |
| .data | 0x00004000 | 0x00000c5e | 0x00000e00 | 3.8878547801960606 |
| .rsrc | 0x00005000 | 0x00004a10 | 0x00004c00 | 5.161696971054217 |
| .reloc | 0x0000a000 | 0x000001f8 | 0x00000200 | 0.0 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_CURSOR | 0x00005470 | 0x00000134 | LANG_POLISH | SUBLANG_DEFAULT | None |
| RT_BITMAP | 0x00005320 | 0x000000e8 | LANG_POLISH | SUBLANG_DEFAULT | None |
| RT_BITMAP | 0x00005320 | 0x000000e8 | LANG_POLISH | SUBLANG_DEFAULT | None |
| RT_ICON | 0x000055c0 | 0x00004228 | LANG_POLISH | SUBLANG_DEFAULT | None |
| RT_DIALOG | 0x00005408 | 0x00000062 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_GROUP_CURSOR | 0x000055a8 | 0x00000014 | LANG_POLISH | SUBLANG_DEFAULT | None |
| RT_GROUP_ICON | 0x000097e8 | 0x00000014 | LANG_POLISH | SUBLANG_DEFAULT | None |
| RT_MANIFEST | 0x00009800 | 0x0000020f | LANG_POLISH | SUBLANG_DEFAULT | None |
Imports
Library KERNEL32.DLL:
• 0x404010 FindFirstFileW
• 0x404014 GetLastError
• 0x404018 lstrcpynA
• 0x40401c lstrlenA
• 0x404020 GetModuleHandleA
• 0x404024 LoadLibraryA
• 0x404028 FindClose
• 0x40402c GetStartupInfoA
• 0x404030 CreateDirectoryW
• 0x404034 Sleep
• 0x404038 FindNextFileW
• 0x40403c GlobalAlloc
• 0x404040 WaitForSingleObject
• 0x404044 CreateThread
• 0x404048 TerminateThread
• 0x40404c CreateMutexW
• 0x404050 ReleaseMutex
• 0x404054 GlobalSize
Library COMCTL32.dll:
• 0x404000 None
Library GDI32.dll:
• 0x404008 TextOutA
Library MSVCRT.dll:
• 0x40405c _controlfp
• 0x404060 _except_handler3
• 0x404064 __set_app_type
• 0x404068 __p__fmode
• 0x40406c __p__commode
• 0x404070 _adjust_fdiv
• 0x404074 __setusermatherr
• 0x404078 _initterm
• 0x40407c __getmainargs
• 0x404080 __p__acmdln
• 0x404084 exit
• 0x404088 _XcptFilter
• 0x40408c _exit
• 0x404090 ??2@YAPAXI@Z
• 0x404094 ??3@YAXPAX@Z
Library USER32.dll:
• 0x40409c GetMessageA
• 0x4040a0 TranslateMessage
• 0x4040a4 RegisterClassExA
• 0x4040a8 LoadAcceleratorsA
• 0x4040ac LoadCursorA
• 0x4040b0 LoadIconA
• 0x4040b4 LoadStringA
• 0x4040b8 CreateWindowExA
• 0x4040bc PostQuitMessage
• 0x4040c0 EndPaint
• 0x4040c4 BeginPaint
• 0x4040c8 DefWindowProcA
• 0x4040cc DialogBoxParamA
• 0x4040d0 DestroyWindow
• 0x4040d4 PostMessageA
• 0x4040d8 SendMessageA
• 0x4040dc SetWindowTextA
• 0x4040e0 EndDialog
• 0x4040e4 TranslateAcceleratorA
• 0x4040e8 DispatchMessageA
L!This program cannot be run in DOS mode.
7"aich
`.data
@.reloc
qi57vvG=
si57uuh.
vGuv57iu~
vGtih.
uqu57vvG=
vGtih.
vGqih.
rv57vqh.
qi57iuw
GG0vd8^,O|<
HH6e@6md
X?0BDgHC,w
)JRk7oZmHk
6{G{N.Z,C[K
sbW0ED}s0tei
7teD/.K
.20,_G([
3DZ GpG0
q./n 1PFr Z
e25{.CC
G8^Kn :0d1[Sd(1d1w.k6!
wViSiI^
DuakHDdm
S._ZWe
F{,cD< Dee
!@C18bM:[W
FM@{0
!F>Z2zG
JVH!De2N
mF{2H2e
25{GJCe2m<S
DWEZse
D[F{{GeZ{zJZteJz#0,'#
DSF{c.>Z3C
0.>Z2v
0@{G2Z!
DO<B2Hse
gZJZEw0
z{E.C.{
[[7tfh
HZld02
0CG.ERa
0d#.8bBDG2!
*gZHv#Z
GhZG>0h
rDL{-D
Ij.30H:
?De-<U
Hu3!Eu
JFFRXu
UU3H_@
_^]PuVF8%
L3]AUM
Mu^FF#
NMIIII
GHuGHHGH
Au^H9Et:YEP6e
VWW_^]
Ujh(F@
QUREPMQ
<"u>"u
fFu%@@
UWQ%_C@
jdh`F@
t,EPMQUR
TTEhlE@
Rj jdh
Pj jdh
EjdhE@
hRdPMQ
MX9OOQ
GVT1G%V6
Kilimanmen
Horapplist
Bisanoled Maxek
button
richedit
3+3:')
RICHED32.DLL
Hokeuj
think probably it was quite an attractive
ardly thought of it since then - that he had a charm
ardly thought of it since then - that he had a charm
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
RegisterClassExA
LoadAcceleratorsA
LoadCursorA
LoadIconA
LoadStringA
CreateWindowExA
PostQuitMessage
EndPaint
BeginPaint
DefWindowProcA
DialogBoxParamA
DestroyWindow
PostMessageA
SendMessageA
SetWindowTextA
EndDialog
USER32.dll
ReleaseMutex
GlobalSize
CreateMutexW
TerminateThread
CreateThread
WaitForSingleObject
GlobalAlloc
FindNextFileW
CreateDirectoryW
FindFirstFileW
FindClose
LoadLibraryA
GetModuleHandleA
lstrlenA
lstrcpynA
GetLastError
KERNEL32.DLL
TextOutA
GDI32.dll
COMCTL32.dll
??3@YAXPAX@Z
??2@YAPAXI@Z
_XcptFilter
__p__acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
MSVCRT.dll
_controlfp
GetStartupInfoA
ffffff
aGGDDV
tttDP`
twGD``awwGtu
PawwwGE
PffffffWP
GtwwwP
33333333
7Ajx+*
5CNT14
chyfmyju{jp}knhijkjlkp}jtxiuwju|io~jmhjknkp~lq~kp}mq~lr
lqmrlq
lqltmrnklk
[Z~z/.
}{{xvvwvvvttvtt~z{
zwvpnnkiikikjhhiggyxy
qoofceeccwuu
{{wv//
#!) ' ) ' '
$ 215'.
mu * ("-!. ( ' ' ( ' ' ' '
# * *!* * )
!) +!, * * + * * + *
# '!+ * , *"* )
"-!* * *!, *!+ + * )!*
"!!'$-!*!*"*!*
!,!*!*"*!*"*!*!*$. )
%"#*%.!)")!)!)!&$.
!Ze]g[[ZT+*
&!(GM]g]_]_22 & , '
]g_gah`edeBG
#!)!)#)!)!)")!)!)#,!+
'%%*&/#*#)")")$+'1") ' %'1#*&0"-'1%-(0#+#)!+ &",$1(2#+(3"+"+#.%.&0%.$*")#*")")"*")")#,!)
'#&+&0#*")"("(%/%.$) %,9-:%0(2%-!&!)'1.;,:*6)5%- !!(%,'0.=(0)2'2$,'-$*$*%*$*$*&+$*%+%,$,
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.2.8"
processorArchitecture="X86"
name="AMDInstaller"
type="win32"/>
<description>AMDInstaller</description>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="asInvoker"
uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Z�i�m�b�a�n�d�a�
M�S� �S�a�n�s� �S�e�r�i�f�
C�:�\�U�s�e�r�s�\�h�e�l�e�n�b�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�R�a�r�$�D�I�a�0�.�8�1�0�\�i�n�v�o�i�c�e�-�I�T�K�7�0�9�4�0�8�.�s�c�r�
c�:�\�c�0�c�5�3�3�d�5�9�2�7�5�c�8�7�3�a�9�3�c�a�7�3�f�8�c�2�3�f�9�d�d�.�e�x�e�
C�:�\�6�a�1�8�d�5�9�a�7�8�8�8�c�5�0�a�e�f�f�f�b�f�a�f�3�1�b�6�7�1�8�6�4�d�e�d�0�5�2�c�f�a�9�d�a�2�8�b�0�6�c�6�6�0�b�f�a�8�d�9�8�b�b�e�
C�:�\�a�8�1�4�b�a�0�2�6�a�c�4�1�4�3�2�d�1�2�b�e�7�7�9�3�5�c�0�3�6�c�9�1�8�f�1�4�f�7�0�2�8�c�f�8�8�3�2�0�b�0�a�f�a�3�5�9�b�f�2�5�f�c�d�
C�:�\�a�6�4�2�1�8�a�a�d�6�b�1�4�e�7�d�b�f�4�5�0�7�8�8�1�4�7�f�4�9�9�9�3�5�5�a�2�7�8�d�e�3�1�e�b�8�8�7�c�e�b�9�4�5�5�e�c�d�5�a�1�b�7�3�
C�:�\�f�6�f�d�8�2�d�7�b�a�6�a�5�1�b�c�f�f�d�8�8�d�7�c�8�2�0�4�a�6�1�a�3�c�9�e�7�c�2�a�b�a�5�2�7�f�f�0�2�9�c�8�6�0�3�5�a�4�d�f�f�a�3�a�
C�:�\�6�1�Q�R�F�6�w�r�.�e�x�e�
C�:�\�R�C�a�M�C�N�f�a�.�e�x�e�
C�:�\�w�x�4�5�x�x�u�X�.�e�x�e�
C�:�\�K�j�n�F�H�d�f�S�.�e�x�e�
C�:�\�b�Z�A�3�w�g�f�R�.�e�x�e�
C�:�\�v�3�_�1�t�F�w�o�.�e�x�e�
C�:�\�G�f�s�M�w�5�d�6�.�e�x�e�
C�:�\�t�n�z�i�d�k�b�5�.�e�x�e�
C�:�\�7�J�l�_�4�W�P�y�.�e�x�e�
C�:�\�F�E�w�Y�s�G�b�B�.�e�x�e�
C�:�\�5�C�u�x�P�L�h�u�.�e�x�e�
C�:�\�d�1�Y�w�o�O�g�O�.�e�x�e�
C�:�\�T�G�X�W�O�H�s�l�.�e�x�e�
C�:�\�F�d�N�S�g�K�L�8�.�e�x�e�
C�:�\�q�V�y�_�j�f�F�w�.�e�x�e�
C�:�\�w�C�U�q�g�T�j�p�.�e�x�e�
C�:�\�5�F�S�B�E�2�C�G�.�e�x�e�
C�:�\�9�d�2�9�3�c�a�1�f�3�d�d�6�4�4�6�6�8�b�a�e�2�e�8�4�7�1�2�f�0�c�d�0�7�a�4�4�e�7�b�b�7�b�c�d�e�d�9�3�c�b�e�f�0�8�a�2�2�f�b�b�3�4�0�
C�:�\�u�F�k�V�O�8�N�E�.�e�x�e�
C�:�\�6�z�c�C�h�w�R�3�.�e�x�e�
C�:�\�S�m�4�q�v�A�m�t�.�e�x�e�
C�:�\�2�S�K�4�Y�Z�m�d�.�e�x�e�
C�:�\�i�7�S�3�C�i�K�k�.�e�x�e�
C�:�\�k�Y�k�u�q�O�L�L�.�e�x�e�
C�:�\�s�L�j�t�T�5�_�C�.�e�x�e�
C�:�\�2�e�b�3�0�8�d�7�e�6�a�1�4�c�0�a�b�4�1�c�6�8�f�7�f�4�c�7�1�2�5�2�8�f�3�1�c�f�b�6�b�5�c�d�9�1�3�1�5�d�f�e�0�0�a�7�b�a�a�5�4�e�0�b�
C�:�\�8�2�4�6�5�6�8�1�b�9�b�d�6�9�9�8�5�a�9�b�3�9�b�8�2�a�c�2�f�1�0�2�a�1�e�9�9�c�b�5�7�4�4�0�3�e�8�7�b�0�f�e�f�d�9�9�0�a�b�5�a�b�8�1�
C�:�\�b�7�6�4�1�d�d�a�4�9�6�d�d�9�d�5�2�2�2�2�7�b�f�a�d�3�8�9�a�d�0�e�7�3�8�c�f�c�c�c�3�7�1�8�8�1�9�9�e�e�6�0�d�5�c�1�f�7�b�1�e�a�c�f�
C�:�\�R�a�i�d�e�n�\�G�o�a�t�\�F�T�P�\�S�a�m�p�l�e�\�5�7�F�9�C�F�C�F�D�2�7�E�6�6�D�5�4�8�E�A�C�0�7�C�4�D�8�2�7�3�4�0�.�b�i�n�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�s�a�m�p�l�e�.�e�x�e�
C�:�\�2�6�4�9�2�c�3�1�d�0�9�0�a�8�2�a�7�0�b�5�e�3�e�c�3�a�5�0�9�a�6�9�5�3�e�2�8�7�3�5�d�5�2�6�6�c�8�9�9�3�b�f�2�1�8�a�2�8�b�f�0�2�8�1�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�I�1�f�P�b�M�J�S�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�m�p�o�r�t�a�n�t�_�d�o�c�u�m�e�n�t�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�f�a�c�t�u�r�a�.�e�x�e�
C�:�\�5�8�1�1�9�0�7�f�6�3�6�6�e�8�1�f�4�8�7�2�1�7�6�1�a�8�1�9�a�e�9�1�0�a�6�1�c�5�a�1�4�a�7�4�5�2�d�6�2�c�b�2�1�1�d�7�7�7�6�7�d�1�f�e�
c�:�\�V�I�D�6�8�5�1�1�6�6�3�6�.�e�x�e�
C�:�\�0�5�3�7�4�f�b�9�b�4�a�6�e�b�5�0�b�e�2�d�8�7�b�9�b�5�2�4�f�1�5�d�4�4�c�d�3�1�d�f�3�8�8�0�4�c�1�9�9�3�2�1�5�5�b�4�a�c�0�0�b�5�b�6�
C�:�\�a�8�6�2�d�8�8�c�a�8�0�d�d�c�f�a�d�2�6�b�c�8�b�f�2�a�0�3�c�4�1�0�1�e�6�d�c�a�1�f�3�1�6�e�2�4�2�5�4�9�2�9�0�d�e�3�2�1�1�4�1�8�1�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�E�a�d�R�M�U�H�n�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�f�a�c�t�u�r�a�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�f�a�c�t�u�r�a�.�e�x�e�
C�:�\�c�f�3�d�c�b�c�d�8�9�c�7�3�3�9�8�a�4�9�e�4�5�6�3�f�0�2�f�c�2�7�0�d�6�9�9�6�c�1�f�4�9�1�a�1�f�3�c�c�b�6�e�6�b�9�a�8�5�e�d�4�b�4�f�
C�:�\�7�c�f�8�3�1�5�e�d�1�5�8�6�e�d�d�7�4�b�0�6�9�5�e�4�3�9�4�d�9�1�0�a�6�f�2�c�1�5�a�5�a�9�c�c�0�f�a�9�a�6�8�5�4�6�b�5�1�6�7�d�9�8�7�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�l�c�R�m�w�5�l�C�.�e�x�e�
C�:�\�b�7�f�d�6�2�8�6�6�a�0�5�b�6�8�6�2�9�d�3�0�4�b�3�a�8�9�c�5�0�4�0�d�b�8�0�4�5�2�3�b�3�5�6�8�5�9�7�d�5�7�6�e�7�6�c�5�9�8�4�f�9�3�1�
C�:�\�1�2�7�4�4�3�8�1�4�b�1�d�e�7�3�5�a�e�e�8�5�1�5�8�4�f�e�a�a�8�c�0�a�9�1�7�5�0�f�7�7�e�3�5�1�e�8�6�7�4�3�6�1�6�2�e�4�4�b�0�4�9�d�0�
C�:�\�2�a�a�c�2�d�3�e�6�4�d�3�4�9�6�1�7�4�4�c�4�c�7�5�a�7�a�1�e�d�7�8�3�3�f�2�7�9�8�3�f�d�2�1�1�1�1�6�a�b�b�b�f�5�5�9�3�5�b�c�b�1�6�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�f�a�c�t�u�r�a�.�e�x�e�
C�:�\�2�c�7�3�4�2�f�0�6�8�c�9�a�1�d�3�b�4�8�3�e�8�1�4�8�b�7�a�9�8�6�9�1�e�b�7�4�c�f�0�7�5�e�8�c�8�a�5�8�e�6�e�c�3�9�2�0�6�7�1�3�6�1�d�
C�:�\�2�c�9�b�e�e�f�6�3�0�e�9�4�8�5�1�1�4�e�6�a�0�4�8�2�6�7�8�f�8�0�b�a�2�4�1�0�6�3�7�6�6�a�3�e�2�f�b�b�d�5�e�6�0�7�0�d�e�8�b�f�3�4�c�
C�:�\�U�s�e�r�s�\�J�o�e� �C�a�g�e�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�2�6�0�8�7�8�6�9�4�2�1�e�6�5�6�d�e�8�6�e�a�2�d�4�b�d�c�d�3�3�7�0�7�7�3�4�9�b�6�2�6�6�8�b�1�b�c�7�4�1�5�9�8�0�9�9�f�d�e�4�f�5�0�e�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�T�q�I�W�h�o�T�y�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�.�p�e�3�2�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�c�e�6�b�5�6�2�9�a�5�6�e�d�7�d�c�_�z�o�n�i�c�e�x�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�z�o�n�i�c�e�x�.�p�e�3�2�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�l�u�s�e�r�\�D�e�s�k�t�o�p�\�T�q�E�A�7�L�v�t�.�e�x�e�
C�:�\�2�4�1�0�9�0�d�d�8�d�e�b�b�2�4�5�e�4�f�2�1�e�2�8�3�3�9�c�2�b�b�c�d�5�1�e�0�f�4�9�5�a�0�e�5�e�3�f�a�5�9�9�0�4�a�b�9�8�f�d�5�9�2�e�
C�:�\�2�4�1�4�1�5�e�5�c�a�9�1�a�c�b�2�a�c�d�1�0�5�3�5�6�4�4�6�e�9�e�d�a�3�1�e�b�5�6�b�6�d�7�7�9�c�c�d�1�d�d�7�1�6�e�7�0�4�6�9�9�5�e�1�
C�:�\�d�d�a�6�0�a�9�6�1�a�6�8�b�7�f�f�c�8�1�6�a�e�3�c�5�4�d�6�a�5�a�a�b�a�8�c�2�4�b�9�8�a�0�2�d�1�d�5�0�4�6�7�2�2�b�6�1�c�f�9�f�3�4�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�l�u�s�e�r�\�D�e�s�k�t�o�p�\�Q�w�2�E�1�7�s�p�.�e�x�e�
C�:�\�0�4�2�5�c�d�7�9�9�b�f�b�3�c�d�a�a�6�1�3�9�c�1�c�c�d�d�7�f�f�0�f�8�f�c�c�4�2�b�4�4�b�8�d�1�f�f�4�6�8�b�2�1�8�f�6�c�a�4�5�9�4�5�3�
C�:�\�3�3�b�0�a�3�2�9�6�e�5�7�e�c�8�6�0�d�c�f�4�f�2�1�8�4�1�5�1�a�1�3�c�5�1�f�9�e�3�6�e�4�2�8�1�a�c�1�c�3�e�f�9�d�a�a�f�a�e�5�2�4�e�0�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�u�v�O�h�m�Q�m�B�.�e�x�e�
C�:�\�3�0�e�1�c�1�f�3�6�b�b�4�0�9�7�1�c�8�5�9�7�c�d�7�9�0�9�a�f�3�8�e�5�b�6�a�3�a�3�3�f�f�1�a�b�a�e�b�7�1�1�d�9�0�0�3�4�9�6�6�f�4�5�8�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�j�6�K�r�V�v�T�Q�.�e�x�e�
C�:�\�8�3�7�2�8�1�9�f�b�1�6�7�8�5�1�1�e�6�3�3�0�8�7�b�0�b�9�5�0�4�3�c�d�2�3�3�8�2�5�8�e�e�f�0�f�5�c�e�d�7�0�0�a�0�5�1�4�a�b�b�2�6�4�6�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�z�o�n�i�c�e�x�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�3�m�9�6�p�x�i�o�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�a�8�f�1�b�1�7�3�3�f�a�d�5�3�5�c�d�7�2�e�c�b�0�c�e�0�2�0�e�d�a�e�8�d�c�2�b�8�6�f�a�8�0�3�b�5�b�a�c�c�e�1�1�5�0�2�c�d�8�d�3�e�d�4�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�7�w�b�Z�T�H�l�W�.�e�x�e�
C�:�\�1�f�f�3�e�7�a�1�e�1�6�0�f�e�f�a�9�c�b�d�a�7�2�a�e�a�6�9�b�a�4�f�8�6�4�a�c�6�1�9�6�0�6�6�8�9�1�e�0�e�b�8�c�1�0�6�b�9�4�6�8�d�a�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�z�o�n�i�c�e�x�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�2�P�T�H�o�G�b�h�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�9�4�3�0�7�f�7�b�a�9�f�f�0�9�4�c�a�9�7�e�c�3�7�2�5�4�b�7�3�6�d�b�d�7�f�a�e�6�7�6�4�f�d�b�8�5�c�7�c�b�9�5�9�5�1�f�0�3�d�3�4�2�6�c�.�e�x�e�
C�:�\�4�9�a�8�2�1�d�9�f�3�9�4�5�d�9�4�f�3�0�3�c�7�5�c�e�2�e�2�4�9�d�9�3�1�f�e�0�4�2�a�b�2�1�6�d�0�d�7�a�9�8�8�9�f�4�1�1�9�c�0�5�5�0�8�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�z�o�n�i�c�e�x�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�z�o�n�i�c�e�x�.�p�e�3�2�
C�:�\�6�8�f�e�a�3�7�7�c�5�d�7�e�1�f�0�e�3�1�2�b�1�b�c�b�f�2�6�0�5�c�1�7�e�4�f�e�5�6�e�b�0�2�e�e�f�6�c�2�1�5�9�1�c�3�4�8�5�9�0�1�2�9�c�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�z�o�n�i�c�e�x�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�l�u�s�e�r�\�D�e�s�k�t�o�p�\�x�S�Y�l�T�t�M�C�.�e�x�e�
C�:�\�9�4�b�7�b�7�6�d�e�6�6�1�c�0�a�4�4�a�2�6�5�a�4�2�c�4�a�7�9�9�5�a�a�b�d�a�3�5�7�f�b�e�6�3�3�5�0�6�2�e�2�5�9�7�7�2�2�c�8�4�b�d�5�4�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�z�o�n�i�c�e�x�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�z�o�n�i�c�e�x�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�9�2�7�c�d�5�9�4�e�f�1�1�2�c�1�3�_�z�o�n�i�c�e�x�.�e�x�e�
C�:�\�8�7�5�3�d�8�4�9�1�e�4�2�e�a�3�a�a�9�d�a�c�7�3�f�e�a�3�1�3�1�a�2�5�e�a�3�2�f�e�4�1�1�9�a�a�b�0�2�5�d�9�b�2�4�5�5�e�4�b�5�b�0�f�0�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�T�R�u�b�J�D�N�K�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�.�p�e�3�2�.�e�x�e�
C�:�\�9�c�9�1�9�8�9�1�4�3�c�4�9�7�e�3�9�1�d�0�3�2�5�f�3�5�5�9�2�5�4�0�d�f�d�c�3�a�7�8�2�a�8�7�2�b�6�a�d�c�a�f�d�3�3�d�d�2�a�8�8�1�7�3�
C�:�\�3�2�9�6�e�2�1�b�1�0�6�5�1�b�0�c�d�6�6�d�7�a�c�2�7�9�1�1�3�3�c�e�3�2�9�7�4�5�4�e�4�8�1�2�3�d�a�8�6�d�5�1�3�b�3�a�e�c�6�6�9�e�d�1�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�H�t�d�V�Y�g�S�N�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�.�p�e�3�2�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�a�3�d�e�4�8�f�a�5�4�8�5�a�7�f�d�_�z�o�n�i�c�e�x�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�l�u�s�e�r�\�D�e�s�k�t�o�p�\�v�8�n�m�T�u�Q�Q�.�e�x�e�
C�:�\�d�0�9�7�7�8�4�6�9�3�1�b�1�9�8�b�5�8�7�a�c�b�d�0�a�1�6�e�4�7�c�e�2�4�2�a�f�6�5�b�2�5�8�9�c�5�1�c�c�8�a�4�d�d�2�a�f�e�6�3�1�5�9�0�
C�:�\�1�3�7�2�7�9�e�5�c�0�9�c�b�c�c�c�0�0�8�1�f�7�5�d�e�f�0�c�2�2�1�5�a�f�6�c�4�8�b�2�d�a�2�e�a�8�1�3�6�9�7�e�4�0�b�0�5�3�3�1�0�5�8�1�
C�:�\�4�2�5�c�b�a�2�0�c�8�2�6�6�8�6�a�4�8�d�c�a�6�5�1�6�8�4�6�e�9�9�1�d�5�7�e�5�1�d�e�4�c�1�6�9�5�e�f�b�0�d�8�3�e�1�9�a�2�2�6�4�d�2�b�
C�:�\�d�b�f�5�c�a�1�f�a�9�6�c�f�d�0�b�1�6�d�b�9�1�0�5�f�e�2�9�3�f�6�9�8�a�b�3�c�d�1�8�2�2�6�4�d�6�2�8�0�b�7�d�f�7�e�3�a�b�c�1�4�c�e�5�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�z�o�n�i�c�e�x�.�p�e�3�2�
C�:�\�3�3�0�a�3�e�1�e�a�9�d�7�c�f�8�8�b�5�3�f�1�f�9�3�a�f�a�d�1�2�7�7�3�d�5�e�a�a�0�5�6�f�8�a�9�9�a�c�b�f�5�0�8�c�5�7�9�c�8�7�0�4�d�9�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�z�o�n�i�c�e�x�.�e�x�e�
C�:�\�5�2�f�f�4�2�1�8�6�a�e�6�0�c�9�e�5�8�c�e�9�0�3�9�b�b�a�5�8�6�9�0�9�a�1�b�0�9�4�3�3�d�3�3�1�0�3�2�a�4�c�7�1�8�8�8�b�a�1�3�e�9�2�d�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�z�o�n�i�c�e�x�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�f�0�9�c�6�a�0�7�8�3�3�e�b�2�d�6�_�z�o�n�i�c�e�x�.�e�x�e�
C�:�\�0�e�8�e�c�9�5�8�9�a�e�f�a�5�2�6�4�6�f�f�a�2�d�e�0�0�8�6�c�6�8�4�f�3�a�6�a�1�d�5�e�0�3�c�b�c�2�6�4�6�6�e�8�2�a�a�9�c�f�9�6�9�2�7�
C�:�\�d�3�f�3�8�8�0�2�d�2�a�0�9�c�9�e�1�1�e�6�3�7�d�e�c�d�6�2�c�5�e�0�e�1�0�1�8�5�1�e�3�7�2�e�c�e�d�6�7�2�5�1�7�d�6�8�1�8�3�f�2�e�f�a�
C�:�\�f�c�7�a�3�1�d�4�3�a�0�8�b�9�b�a�4�e�0�3�d�5�1�7�6�6�6�8�9�9�0�1�a�e�b�1�e�f�5�f�0�f�2�e�2�e�6�a�f�4�2�d�9�e�c�e�6�e�5�d�a�7�0�1�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�z�o�n�i�c�e�x�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�z�o�n�i�c�e�x�.�p�e�3�2�
C�:�\�e�4�f�8�b�c�7�4�b�6�a�d�1�7�a�a�b�c�1�8�5�6�4�e�a�e�7�a�2�6�1�f�b�b�8�9�8�a�5�9�1�5�c�c�0�d�3�e�e�8�4�e�d�4�6�2�a�3�5�c�c�4�6�8�
C�:�\�3�b�6�5�0�7�0�4�6�0�7�6�7�5�9�6�3�5�1�f�7�8�e�4�f�f�a�5�c�0�9�7�0�5�5�5�a�9�3�6�e�4�8�1�2�6�a�2�b�b�7�c�2�9�9�f�1�2�f�3�7�3�9�7�
C�:�\�a�9�5�e�3�c�6�c�c�b�3�a�0�e�4�6�a�b�d�c�7�1�7�4�3�b�1�0�2�4�0�a�b�1�e�f�4�8�4�1�b�0�6�1�9�a�4�8�9�b�0�3�3�5�7�c�0�2�9�d�0�1�2�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�z�o�n�i�c�e�x�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�z�o�n�i�c�e�x�.�p�e�3�2�
C�:�\�b�8�c�d�3�b�6�2�a�c�0�9�0�8�2�9�a�9�8�5�4�6�7�a�d�5�4�f�0�c�3�9�f�b�2�1�f�d�8�d�4�5�4�2�0�5�7�b�5�b�0�3�6�2�0�2�0�f�8�0�2�5�4�4�
C�:�\�0�9�7�c�f�d�3�1�d�5�c�4�9�b�d�f�0�9�b�2�f�b�a�3�1�7�e�0�8�d�3�5�7�3�7�2�2�2�a�3�6�b�7�0�e�5�e�b�e�1�d�3�3�b�b�2�f�6�9�5�0�2�2�e�
C�:�\�a�f�5�b�2�e�5�f�d�8�3�6�6�1�a�a�f�1�b�b�4�0�7�e�2�3�b�4�1�4�d�e�0�f�e�2�5�3�1�e�0�2�c�9�1�6�c�9�d�4�4�4�f�b�a�1�f�d�d�3�6�7�3�6�
C�:�\�d�b�0�b�3�6�a�a�4�2�3�a�7�1�3�e�a�4�7�8�6�5�4�5�7�2�e�2�f�2�c�4�e�c�0�4�2�8�a�6�a�7�5�b�b�d�1�e�e�f�5�7�8�4�3�e�4�1�8�1�2�c�7�8�
C�:�\�e�b�0�f�1�4�a�a�3�0�3�9�a�6�3�b�e�3�6�e�7�1�6�3�e�1�4�1�5�2�f�f�5�4�a�f�e�2�d�1�c�2�b�2�9�5�2�3�7�c�f�9�0�4�a�4�9�b�1�e�f�8�a�c�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�z�o�n�i�c�e�x�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�z�o�n�i�c�e�x�.�p�e�3�2�
C�:�\�b�1�d�b�8�0�9�3�3�7�5�2�2�4�f�c�1�1�1�7�2�0�6�2�1�f�9�6�4�f�3�b�8�9�6�6�5�7�3�f�1�7�3�d�8�4�5�1�a�6�3�f�4�e�c�a�4�0�2�f�e�3�9�9�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�z�o�n�i�c�e�x�.�e�x�e�
C�:�\�d�5�7�b�e�a�7�0�4�c�3�c�0�7�f�4�e�8�6�1�3�9�e�1�6�e�d�5�f�d�0�e�1�3�1�6�1�0�0�d�c�d�3�a�1�4�5�5�c�9�5�6�7�f�c�f�f�7�5�1�d�7�b�9�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�z�o�n�i�c�e�x�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�z�o�n�i�c�e�x�.�p�e�3�2�
C�:�\�3�1�9�9�5�8�b�7�b�2�5�6�d�3�a�e�7�d�1�0�4�c�b�6�6�0�5�b�d�9�1�4�5�a�5�c�4�c�f�8�8�a�9�4�a�4�6�9�e�6�6�4�4�9�1�e�5�3�2�0�3�f�6�1�
C�:�\�3�8�0�7�4�a�6�7�8�1�e�c�6�0�5�8�0�5�b�b�f�7�f�1�5�c�e�a�8�7�a�6�e�1�9�0�9�b�0�e�3�0�1�9�6�b�4�2�4�e�a�1�f�0�0�b�a�4�7�6�2�3�0�7�
C�:�\�4�4�0�4�b�0�9�6�c�7�f�5�d�7�7�d�a�4�e�a�b�c�4�2�a�f�e�0�6�8�6�3�a�6�0�a�4�6�d�f�5�0�1�4�b�d�9�e�5�e�2�6�a�1�f�d�a�3�0�b�b�8�8�d�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�z�o�n�i�c�e�x�.�e�x�e�
C�:�\�7�a�c�7�0�b�b�4�1�6�2�f�5�4�c�9�8�a�c�6�e�8�b�2�e�2�7�b�b�3�8�d�d�4�f�b�6�d�1�1�0�2�8�5�9�4�5�1�7�8�3�5�6�4�4�9�f�0�1�9�4�1�f�4�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.