1.0
低危
67 个模型检测该样本为恶意!
重新分析
更多

13f5245f2169ae98422d27e646eb867e5c239b857ed76bf13f966f199940c073

13f5245f2169ae98422d27e646eb867e5c239b857ed76bf13f966f199940c073.exe

分析耗时

193s

最近分析

376天前

文件大小

147.5KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN RANSOM BLOCKER
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.71
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Worm:Win32/Blocker.252d371c 20190527 0.3.0.5
Avast Win32:Malware-gen 20200924 18.4.3895.0
Baidu Win32.Worm.Agent.bj 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Kingsoft None 20200924 2013.8.14.323
McAfee Dropper-FPU!9602D1208F49 20200924 6.0.6.653
Tencent Trojan-ransom.Win32.Blocker.endf 20200924 1.0.0.1
静态指标
此可执行文件具有 PDB 路径 (1 个事件)
pdb_path C:\Documents and Settings\Administrator\My Documents\Visual Studio 2008\Projects\vertigodl\Release\vertigodl.pdb
行为判定
动态指标
网络通信
与未执行 DNS 查询的主机进行通信 (1 个事件)
host 114.114.114.114
文件已被 VirusTotal 上 67 个反病毒引擎识别为恶意 (50 out of 67 个事件)
ALYac Trojan.Ransom.AKI
APEX Malicious
AVG Win32:Malware-gen
Acronis suspicious
Ad-Aware Trojan.Ransom.AKI
AhnLab-V3 Trojan/Win32.Backdoor.R121743
Alibaba Worm:Win32/Blocker.252d371c
Antiy-AVL Trojan[Ransom]/Win32.Blocker
Arcabit Trojan.Ransom.AKI
Avast Win32:Malware-gen
Avira TR/Patched.Ren.Gen8
Baidu Win32.Worm.Agent.bj
BitDefender Trojan.Ransom.AKI
BitDefenderTheta Gen:NN.ZexaF.34254.juW@a8w3hBbi
Bkav W32.FakeW7Folder.Fam.Trojan
CAT-QuickHeal Trojan.Mauvaise.SL1
ClamAV Win.Trojan.Ransom-9176
Comodo TrojWare.Win32.Dapato.DFS@5hy5o0
CrowdStrike win/malicious_confidence_100% (W)
Cybereason malicious.08f49b
Cylance Unsafe
Cynet Malicious (score: 100)
Cyren W32/S-18e055ae!Eldorado
DrWeb Trojan.DownLoader11.8575
ESET-NOD32 Win32/Agent.NPN
Elastic malicious (high confidence)
Emsisoft Trojan.Ransom.AKI (B)
F-Secure Trojan.TR/Patched.Ren.Gen8
FireEye Generic.mg.9602d1208f49b814
Fortinet W32/Agent.NPN!worm
GData Trojan.Ransom.AKI
Ikarus Trojan-Ransom.CryptoWall
Invincea Mal/Generic-R + Troj/Wonton-MP
Jiangmin Trojan/Blocker.kkb
K7AntiVirus Trojan ( 000b03011 )
K7GW Trojan ( 000b03011 )
Kaspersky Trojan-Ransom.Win32.Blocker.jboe
Lionic Trojan.Win32.Dapato.m69P
MAX malware (ai score=100)
Malwarebytes Backdoor.Bot
MaxSecure Trojan.Dropper.Dapato.ohlp
McAfee Dropper-FPU!9602D1208F49
McAfee-GW-Edition BehavesLike.Win32.TrojanAitInject.cz
MicroWorld-eScan Trojan.Ransom.AKI
Microsoft Worm:Win32/Goldrv.A
NANO-Antivirus Trojan.Win32.Blocker.dgyxih
Paloalto generic.ml
Panda Trj/Genetic.gen
Qihoo-360 Malware.Radar01.Gen
Rising Worm.Goldrv!1.A3BF (CLASSIC)
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1996-02-13 22:53:03

PDB Path

C:\Documents and Settings\Administrator\My Documents\Visual Studio 2008\Projects\vertigodl\Release\vertigodl.pdb

PE Imphash

14b54e0bed000e6a44ee316dcb5c1da4

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0000377b 0x00003800 6.148187190691475
.rdata 0x00005000 0x000027c6 0x00002800 5.016846922229894
.data 0x00008000 0x000004e4 0x00000200 2.253116555336373
.rsrc 0x00009000 0x0000673c 0x00006800 4.87593216862126
.reloc 0x00010000 0x00018000 0x00018000 0.22703723607564555

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0000eff8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x0000eff8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x0000eff8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x0000eff8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x0000eff8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x0000eff8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x0000eff8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x0000eff8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x0000eff8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_GROUP_ICON 0x0000f460 0x00000084 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_MANIFEST 0x0000f4e4 0x00000256 LANG_ENGLISH SUBLANG_ENGLISH_US None

Imports

Library KERNEL32.dll:
0x405018 CopyFileW
0x40501c GetModuleFileNameW
0x405020 GetLastError
0x405024 CopyFileA
0x405028 GetModuleFileNameA
0x40502c FindNextFileW
0x405034 CloseHandle
0x405038 Sleep
0x40503c CreateThread
0x405044 GetCurrentProcessId
0x405048 GetCurrentThreadId
0x40504c GetTickCount
0x405054 IsDebuggerPresent
0x405060 GetCurrentProcess
0x405064 TerminateProcess
0x405068 GetStartupInfoA
0x405070 InterlockedExchange
0x405074 GetDriveTypeA
0x405078 FindFirstFileW
0x40507c GetFileSize
0x405080 DeleteFileA
0x405084 CreateFileA
Library USER32.dll:
0x4051fc DispatchMessageW
0x405200 DefWindowProcW
0x405204 CreateWindowExW
0x405208 LoadIconW
0x40520c GetMessageW
0x405210 PostQuitMessage
0x405214 LoadCursorW
0x405218 TranslateMessage
0x40521c RegisterClassExW
Library ADVAPI32.dll:
0x405000 RegSetValueExA
0x405004 RegCloseKey
0x405008 RegOpenKeyExW
Library SHELL32.dll:
0x4051e4 ShellExecuteA
0x4051e8 SHGetFolderPathA
Library MSVCP90.dll:
Library SHLWAPI.dll:
0x4051f0 PathIsDirectoryW
0x4051f4 StrCmpW
Library urlmon.dll:
0x405230 URLDownloadToFileA
0x405234 URLDownloadToFileW
Library WININET.dll:
Library IPHLPAPI.DLL:
0x405010 GetAdaptersInfo
Library MSVCR90.dll:
0x405128 _unlock
0x40512c memset
0x405130 __CxxFrameHandler3
0x405134 _controlfp_s
0x405138 _invoke_watson
0x405140 ?terminate@@YAXXZ
0x405148 _crt_debugger_hook
0x40514c __set_app_type
0x405150 __p__fmode
0x405154 __p__commode
0x405158 _adjust_fdiv
0x40515c __setusermatherr
0x405160 _configthreadlocale
0x405164 _initterm_e
0x405168 _initterm
0x40516c _acmdln
0x405170 fscanf
0x405174 sprintf
0x40518c free
0x405190 malloc
0x405198 printf
0x40519c fopen
0x4051a0 ??3@YAXPAX@Z
0x4051a4 fclose
0x4051a8 ??2@YAPAXI@Z
0x4051ac _CxxThrowException
0x4051b0 __dllonexit
0x4051b4 _encode_pointer
0x4051b8 _lock
0x4051bc _onexit
0x4051c0 _decode_pointer
0x4051c4 _amsg_exit
0x4051c8 __getmainargs
0x4051cc _cexit
0x4051d0 _exit
0x4051d4 _XcptFilter
0x4051d8 _ismbblead
0x4051dc exit
L!This program cannot be run in DOS mode.
Rich6M
.rdata
@.reloc
PQVW @
QSUVW=Q@
PQRhR@
_^][YV
SUWD$
USPWQV[!
L$<D$,
D$,<0A|X;v
L$<D$,9|$@s
D$,<0Z
L$<9|$@|$,s
0L$<F;rT$(R
3PD$(d
D$LHPL$<
L$LIQL$<
f8/u6T$LJRj
PL$<D$4
Y0jh#A@
QV5$R@
_^YjhD@
P,SVW @
3PD$<d
|$L3t$Dt$
t$D5tP@
T$ RD$H
L$ D$D
Y_^[8jhC@
SUVW @
Y_^][$@
D$<UVW @
3PD$Pd
L$$+L$ $I
L$LD$t
L$0D$X
L$$+L$ $I
Y_^]L$<3
L$ 9D$PD$<s
D$<T$0RQj
_^jhS@@
D$4x;v
D$$<8\t
LVt$TW=
t$@D$T<@
D$@D$$PD$L
T$ T$$T$(M
D$4P(@
QPQhU@
d$,h@@
Y_^[$H
SUVW @
D$(PL$(Qh
D$d9t$xs
D$,9t$@s
Y_^][$
SUV5Q@
UQV58P@
PSUVW @
\$$3l$
L$,T$(D$$QRP
;u^UjhRD@
ESVWPEd
EMPQRW
;uM~My
EMPQ_W
Y_^[M3+
Ujh"D@
3PD$Pd
L$$D$X
PL$4D$(HV@
L$(D$\
QD$,TV@
UjhRB@
Y_^[]K:d$
1@(UMQ
<SUVl$
Ujh B@
u];vBE
Y_^[]UjhC@
ESVWPEd
Y_^[M3
YYEEPEPu
YH]%Q@
Wt%Vh?@
YjXh0Y@
+SVW @
1E3PeuEEEEd
Y__^[]Q
EE8csmt
8csmu*x
;r_^%Q@
B(;r3_^[]
1E3PEd
Y_^[]%hQ@
E3E3;u
^_[%HQ@
BJ3?hZ@
BJ3eZ@
BJ3$0[@
BJ3n[@
J3B,\@
J3dl]@
J3iJ3_H^@
BJ3%|^@
BJ3D_@
J3tx_@
J3^L`@
?Yh$U@
Yh4U@
bad allocation
Error allocating memory needed to call GetAdaptersinfo
%02X_%02X_%02X_%02X_%02X_%02X
not connected, waiting
connected
svchost10.exe
WirelessConfig
win-428542.exe
IN UR FACE !
http://www.nestao.com/wp-includes/Text/Diff/Engine/engine/
Temp update file:
Exe Filename:
Exe Absolute:
Waiting for connection
win-645721.test
dlversion.php?id=
dlupdate.dat
vector<T> too long
C:\Documents and Settings\Administrator\My Documents\Visual Studio 2008\Projects\vertigodl\Release\vertigodl.pdb
CreateFileA
GetFileSize
FindFirstFileW
GetDriveTypeA
CopyFileW
GetModuleFileNameW
GetLastError
CopyFileA
GetModuleFileNameA
FindNextFileW
GetCurrentDirectoryA
CloseHandle
DeleteFileA
CreateThread
KERNEL32.dll
DispatchMessageW
DefWindowProcW
CreateWindowExW
LoadIconW
RegisterClassExW
TranslateMessage
LoadCursorW
PostQuitMessage
GetMessageW
USER32.dll
RegSetValueExA
RegOpenKeyExW
RegCloseKey
ADVAPI32.dll
ShellExecuteA
SHGetFolderPathA
SHELL32.dll
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?uncaught_exception@std@@YA_NXZ
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Tidy@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEX_NI@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
MSVCP90.dll
PathIsDirectoryW
StrCmpW
SHLWAPI.dll
URLDownloadToFileA
URLDownloadToFileW
urlmon.dll
DeleteUrlCacheEntryW
DeleteUrlCacheEntryA
WININET.dll
GetAdaptersInfo
IPHLPAPI.DLL
fscanf
sprintf
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
malloc
_invalid_parameter_noinfo
printf
??3@YAXPAX@Z
fclose
??2@YAPAXI@Z
MSVCR90.dll
_unlock
__dllonexit
_encode_pointer
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
_except_handler4_common
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
__CxxFrameHandler3
memset
_CxxThrowException
.?AVtype_info@@
.?AVexception@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVbad_alloc@std@@
;33330
*7RTVVjrqmjr}
!/9?NGGaaq^^^m
+388<<a^^^^]^
#%88<Ca[]]]]]
#%''CCZ[^\\\]
#%'''<[[^^\\]
#%''<_a[^^^\^
#%''<<aa^^^^^
##''<_am^m^^m
"%%8D<aabm^^m
#-8<Iaammmmm
"#%89addammmr
$-8<Gdnmmmj
$-8GIdnnjrr
$-8GGhnsrr}
$-9Gdhnszz
$-9GGggs}s
+-9Ghgys
$1;GVvys
+/GSiiyy
+/?Tiv
jjuwxz.4DC\JJMU
'* KJJJ;t
99MJJBy
9KJJJ\
9#KMJJ\
=LMOO`
*1=R\QQc
*<=UUQ\h
*@@VU```g
2@CVVg`m
'2FCaccm
3F[Yam
%@74i%
(J@@=%
:TOJ7Q
Tccbk
Vcccl#
Vcccl),Fbb_:
Vccll7,bheb:
Vcj[S/dhhhbH
_VTTTPJJJBH
~s#MgR'Qj.(Vq
]vr Lhh(QjT/SiB3Sh'5Ti
Lit%Qla-TkM3Ti>5Sf85Qd(6Rf
Liz$Qli,UmU2VlD5Ti:5Rf55Qd1YD}h
Li|#Qmo+Un\Fsbcqy~xtvywvs^
~srrrr:oRdr}}xsqnlihglt
]{usrsrZagjlqqokhdb`__b
3zxvtsrHR]deddbcc_\ZZY]
~{ywvsGKQW\_``_`]ZYXX[
|zyv@FOVZ\^^__^\ZYXZ
~{y?EMTZ\^_`a^^\ZY[
|?FMTX\^`ab`^^\Z\
?FMTY\_accb`^^\_
?ELTY]_ccdbb`^^`
tELSX^acefdab``c
ELRX^acfhfcdccf
ELRY_cehiiffffp
FLTZ`dgiljiiij
FMTZ`ehkmljklo\
HNT[bfjlonmmpsf
HNU\chkoqqoprv
IPV]dinqstssuz
KQX_fkoruwuvx}
KRYaimqvxxxy|
MS[cioux{}|}
NT\elqw{~
OU]fmuy}
PW_gpv|
PX`iqx
QYalsz
QZemu}
%Jc_(Nf/)Sl
]tHc}(Nfg1QfL4Qd%5Th
u@{sV~:
Gc%Mgr.RhY4RfE5Qd:fQ
{uh*>FE
Gc7fVkv}woaONOf*>EP
usrrOZcebYXUOLKYn
<~vssBDOX\^]XQLKa
zwu?GS[][WTOMLct
|yCEMWYZZWSPOeu
~=EOX\^^[XUUkx
?GPY_bb`^[[q|
nHQZbfgeabbv
JS]djkjghilq|
KT_inpnmop[
MWckqttrvxs
OYdouzxy|
R[hsy}}}
D:9hN!
_]^`DKV^]\[[r
lwogDCNNNNP\
pwoDENNNN
uwEIRRNN
yGNV[VR`
}JT\f`[b
N[csmfc
Raizsme
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
<dependency>
<dependentAssembly>
<assemblyIdentity type="win32" name="Microsoft.VC90.CRT" version="9.0.21022.8" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
</dependentAssembly>
</dependency>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
0h0n0v000000000'1B1P1z1111
2.2W2z22222
3%3V333#424c4y4444444
50565>5N5T5d5s5555555555
6H6u66666
7 7B7X7k77777
8<8F8U8Z8q888
9(9I9f9999
:!:6:N::::::-;;;;;;;<<K<Y<k<<<<<
=)=B=J=======
>/>;>M>d>>>>>
?9?>?F?L?\?h?o????
30]0b0p0z000000
1%1,151C1X1f1p1v1|11111111
2#242I2N2z22222222222
363P3k3q3x33333333333
4 4<4D4Q4Y44444444
5(5.5c5i5q5555555
6g6y666666647G7N7`7m777777
88]8o88888888
9 9&9-949Z9s9999
::B;V;;;;;
<&<J<<<<<<
=&=5=>z???
0I0X0j0t000000
1#1C1_1v11#2J2w22222
33p3333333
4n4444,5J5v55555
6$6H6N6T6Z6j6p6w66666666627F77777777777777
8-878J8T8Y8^8t8y888888888
9$9=9h9n9x9~999999
:":):.:4:::B:H:O:V:f:n:t::::::::::::::::
;%;*;0;:;C;N;Z;_;o;t;z;;;;;;;;;#<(<9<<:=@=J=R=W=x=}==8>=>O>m>>>>>1?T?a?m?u?}?????????????
050N0e000000
151E1N1g1~111111
222d22222222
3)353W3z333333
444E4N4n44444"5P5\5h5t55555555
66B6K6P6V6\6b666666666666666
7!71777A7G7Q7W7a7g7q7w7
@2D2H2L2P2T2X2d2h2222286<6@6D6H6L6P6T6X666@7D7T7X7`7x777777777777777
8$8(888<8@8H8`8p8t8|88(9D9H9P9T9l9p999999999
:$:,:@:H:L:T:\:d:p::::::::
;$;,;8;X;`;h;t;;;;;;;
<(<4<<<l<<<<<<<<<<
= =@=H=P=X=`=h=t============
>0>D>P>X>p>x>>>>>>
? ?(?@?L?l?t???????????
0(0H0T0
080P0l000
http://en.wikipedia.org
cpp-logo285728.test
\new folder .exe
Software\Microsoft\Windows\CurrentVersion\Run
@className
IDI_APP(
?@FHIMZEMLLPQRQUXasyMYSY\Y]^o`gST[[\]^dreiclimilelrq}blinaququ~x_dcinoilhourvyz|ty~rvq}_^YZ]abeadkcvrvynaefiniilq}szpt}suvruy}yy{~
>BCSEINZTZQNSPUS\acbf]Y_WX[]Y\]YY^Wcjnehnbdqszv{bks}{|TZ]XYfbgjnkaov{sr{KMW[QUX^[`eafjnmut{bbeimzrq{y}pvvtrvy|y~
]CKEINDTEGLJ[NNRVV]RV\dahn`tNZ]Q^_agceidkox
r~yV[`finmppvr}mpusz}y}

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com A 131.107.255.255 131.107.255.255
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1 131.107.255.255

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 56933 114.114.114.114 53
192.168.56.101 138 192.168.56.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.