1.4
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.54
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Crypt-QFB [Trj] | 20190915 | 18.4.3895.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20190915 | 2013.8.14.323 |
| McAfee | PWSZbot-FMO!B4ACB56FA64C | 20190915 | 6.0.6.653 |
| Tencent | None | 20190915 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(1 个事件)
| section | .imports |
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(1 个事件)
| section | {'name': 'UPX1', 'virtual_address': '0x0000a000', 'virtual_size': '0x00002000', 'size_of_data': '0x00001e00', 'entropy': 7.46640452151023} | entropy | 7.46640452151023 | description | 发现高熵的节 | |||||||||
可执行文件使用UPX压缩
(2 个事件)
| section | UPX0 | description | 节名称指示UPX | ||||||
| section | UPX1 | description | 节名称指示UPX | ||||||
网络通信
与未执行 DNS 查询的主机进行通信
(2 个事件)
| host | 114.114.114.114 | |||
| host | 8.8.8.8 | |||
文件已被 VirusTotal 上 60 个反病毒引擎识别为恶意
(50 out of 60 个事件)
| ALYac | Trojan.Downloader.JQFS |
| APEX | Malicious |
| AVG | Win32:Crypt-QFB [Trj] |
| Acronis | suspicious |
| Ad-Aware | Trojan.Downloader.JQFS |
| AhnLab-V3 | Spyware/Win32.Zbot.C3054333 |
| Antiy-AVL | Trojan[Spy]/Win32.Zbot |
| Arcabit | Trojan.Downloader.JQFS |
| Avast | Win32:Crypt-QFB [Trj] |
| Avira | TR/Spy.Zbot.rhwnyfl |
| BitDefender | Trojan.Downloader.JQFS |
| CAT-QuickHeal | Trojan.ZbotCS.S6383665 |
| CMC | Trojan-Spy.Win32.Zbot!O |
| ClamAV | Win.Downloader.Upatre-5744087-0 |
| Comodo | Packed.Win32.MUPX.Gen@24tbus |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.fa64c0 |
| Cylance | Unsafe |
| Cyren | W32/Trojan.GEPO-3375 |
| DrWeb | Trojan.DownLoad3.28161 |
| ESET-NOD32 | Win32/TrojanDownloader.Small.AAB |
| Emsisoft | Trojan.Downloader.JQFS (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Trojan3.ANRL |
| F-Secure | Trojan.TR/Spy.Zbot.rhwnyfl |
| FireEye | Generic.mg.b4acb56fa64c0c39 |
| Fortinet | W32/Agent.AEUD!tr |
| GData | Trojan.Downloader.JQFS |
| Invincea | heuristic |
| Jiangmin | TrojanSpy.Zbot.fnya |
| K7AntiVirus | Trojan-Downloader ( 0040f6bd1 ) |
| K7GW | Trojan-Downloader ( 0040f6bd1 ) |
| Kaspersky | Trojan-Spy.Win32.Zbot.qsec |
| Lionic | Trojan.Win32.Zbot.tpdt |
| MAX | malware (ai score=89) |
| Malwarebytes | Trojan.Email |
| MaxSecure | Trojan.Upatre.Gen |
| McAfee | PWSZbot-FMO!B4ACB56FA64C |
| McAfee-GW-Edition | BehavesLike.Win32.PWSZbot.qt |
| MicroWorld-eScan | Trojan.Downloader.JQFS |
| Microsoft | TrojanDownloader:Win32/Upatre.A |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | HEUR/QVM19.1.E54F.Malware.Gen |
| Rising | Trojan.Waski!1.A489 (CLASSIC) |
| SUPERAntiSpyware | Trojan.Agent/Gen-Injector |
| SentinelOne | DFI - Malicious PE |
| Sophos | Troj/Mdrop-FOC |
| Symantec | ML.Attribute.HighConfidence |
| TotalDefense | Win32/Zbot.HPB |
| Trapmine | malicious.high.ml.score |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2004-09-05 11:09:05
PE Imphash
a61ba93a22191636008350381dfd1d6d
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| UPX0 | 0x00001000 | 0x00009000 | 0x00008200 | 2.8317056699746628 |
| UPX1 | 0x0000a000 | 0x00002000 | 0x00001e00 | 7.46640452151023 |
| .rsrc | 0x0000c000 | 0x00002000 | 0x00001800 | 4.662354603978783 |
| .imports | 0x0000e000 | 0x00001000 | 0x00000400 | 3.9901466199707367 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_BITMAP | 0x00007178 | 0x00000368 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x0000c17c | 0x00000ea8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_GROUP_ICON | 0x0000d028 | 0x00000014 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_VERSION | 0x0000d040 | 0x00000328 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_MANIFEST | 0x0000d36c | 0x00000193 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
Imports
Library KERNEL32.DLL:
• 0x4060f4 GetModuleHandleA
• 0x4060f8 GetProcAddress
• 0x4060fc HeapCreate
• 0x406100 HeapAlloc
• 0x406104 GetACP
• 0x406108 ExitProcess
• 0x40610c FreeLibrary
Library ADVAPI32.dll:
• 0x40624c RegQueryValueExA
• 0x406250 RegOpenKeyA
• 0x406254 GetUserNameA
• 0x406258 CopySid
• 0x40625c GetLengthSid
Library GDI32.dll:
• 0x4062ec IntersectClipRect
• 0x4062f0 ExcludeClipRect
• 0x4062f4 UpdateColors
• 0x4062f8 DeleteObject
• 0x4062fc TextOutA
• 0x406300 SetBkColor
• 0x406304 SetTextColor
• 0x406308 Rectangle
• 0x40630c CreateSolidBrush
• 0x406310 GetStockObject
• 0x406314 CreateFontIndirectA
• 0x406318 GetTextExtentExPointA
• 0x40631c GetTextMetricsA
• 0x406320 CreateFontA
Library IMM32.dll:
• 0x40642c ImmGetCompositionStringW
• 0x406430 ImmSetCompositionFontA
• 0x406434 ImmGetContext
• 0x406438 ImmSetCompositionWindow
Library user32.dll:
• 0x40619c GetMessageA
• 0x4061a0 DefWindowProcA
• 0x4061a4 PostQuitMessage
• 0x4061a8 GetDoubleClickTime
• 0x4061ac GetQueueStatus
• 0x4061b0 LoadIconA
• 0x4061b4 RegisterClassA
L!This program cannot be run in DOS mode.
.imports
N.2N.6
;ZHIQPPZ
_]`a"O
aFpDZO
CreateWindowExA
set waveaudio door open
LoadLibraryExA
user32.dll
LoadCursorA
TranslateMessage
mciSendStringA
Winmm.dll
00000i0H0
000000f000000000V0000+0_00a0K00a0
000000_00'0a0#00a0
00a0+000000/0a00
00a03000000000_0
00_0300_00Y000000000+0_00a0K00a0S00a0#00
00`00^00_000000000<0Y000K00Y000Y000
0 0K000000+0_00Y000600
000000@0000060
00[00J00_0
0070a0
0000700000000+0_00Y0000
0000000
0000000
0000000
000000Y000000!00
000;00
000H00
000D00
000;00
000B00
000:00
000B00
000B00
0000_00@00@00&0000:0
00Y000Y000000,00
000?00
000H00
000J00
000K00
000700
000B00
000&00
000H00
000E00
000J00
000;00
000900
000J00
0000c000&00K0000060
00Y000y00:0
00Y000000,00
000?00
000H00
000J00
000K00
000700
000B00
000B00
000B00
000E00
000900
0000c000&00K0000060
00Y000y00:0
0000+0_00Y0000
0000000
0000000
0000000
000000Y000000D00
000J00
000:00
000B00
000B00
000:00
000B00
000B00
0000_00@00@00&0000:0
00Y000000(00
000J00
000B00
000;00
000900
000E00
000C00
000F00
000H00
000;00
000I00
000I00
000K00
000<00
000<00
000;00
000H00
0000c000&00K0000060
00c0300)00K000K000K000K000K000+000K0000070
000000+0_00Y000a0200
0000000
0000000
0000000
0000000
0000000
0000000
0000000
0000000
0000000
000000f0_03000000000000000e0
00000000e0
00000000e0
00000000e0
00000000e0
00000000e0
0000@00>000000K00@00000:0
00[00K0000000_0
000K00a0
000000&0e0
00c000
0000+000K000K00(00o0000a0
00c000P0000+000K000K00(00Q0000a0
00c000
0000+000K000K00(0030000a0
00c000K0000+000K000K00(00
0000e0
000K000K000K000K000K000K0000000@00>000000K00@00000:0
000K000K000K000K000c000000000[00J00&00K000K0000000J00_00a0
000Y000Y000a0
00000000+0_00W00000060a0300)00.0000[00_0
00J050@0
0>000000K00@00000:0
00[00K0000a0300)00K00&0070000[00_0
0&00(00000
000F00e0
000K000K000K000H00000K0000000[00J0070a0
00000070000000000+0_00W00000060a0+00a0
000Y000Y000c0
060Y000a0000_0
00c0K000000000^00
0 0K00a0300c0K00_00000000|0J00)00K0000000[00J00Y000007000000000070000000000+0_00W00000060a0
00_00@00@00)0000:0
00[000Z0U0000_0
00a0+00a000
0000a0
0000a00[00J0'0_000000V0K000300c0100_00'0)00K0000060
00/0[00J0
0a030000_00Y00000W00000V0_00'0)00K0000060
00/0[00J00a030000_00Y0000z07000000000070000000000+0_00W00000060a0+00<0a00a0
000Y00000<0a0
00_0[00000Y000_0k00000a0k00000c00060a0
020000000000_0
0000000a0k00000000
00a030000_0
00a0S00a0K00a0#000z0a0c00000a03000K000K00)000000[00J00Y000 0K0070a0
00000070000000000+0_0060a0+00a0P000S00a0K000H00a0 000z0a0+00a0
007000000000070000000+0_00Y00060a0+00<0a00<0
0#000K00a0
000a00
000K00_0+0070a0
00000070000000+0_00Y00060a0+00<0a00<0
0#000K00a0
000a00
000K00W00v0000_0+0070a0
00000070000000+0_00Y0000
000000a0+00a0
000a0.0
0_0300:0w0
0000_0&00:0w00000a0
00Y000a00_0&00a0300
0300_0300a03000300a0!00a0!00'0Y00000'0)00K000K0000000c0*0!00]00/00#00K000000+0_00Y00060a0#00a0+00a0300a00a0K00_0
00Y000
0<0.0<0
0K00Y00000<00000
00000Y00000700000
GetModuleHandleA
GetProcAddress
HeapCreate
HeapAlloc
GetACP
ExitProcess
FreeLibrary
RegQueryValueExA
RegOpenKeyA
GetUserNameA
CopySid
GetLengthSid
IntersectClipRect
ExcludeClipRect
UpdateColors
DeleteObject
TextOutA
SetBkColor
SetTextColor
Rectangle
CreateSolidBrush
GetStockObject
CreateFontIndirectA
GetTextExtentExPointA
GetTextMetricsA
CreateFontA
ImmGetCompositionStringW
ImmSetCompositionFontA
ImmGetContext
ImmSetCompositionWindow
acmMetrics
acmStreamOpen
GetMessageA
DefWindowProcA
PostQuitMessage
GetDoubleClickTime
GetQueueStatus
LoadIconA
RegisterClassA
`.data
.data3
.idata
000A 0'
s#w!#0
500000/
_Yuw'Y0Ws1LSk`00^0!K7<I
=wg60%G@
_%$t7I
?JKL2$7B&2$HEJ`L;9
X7cKsto
$LBBE(K29P`g$L2DJ:L2BB
9L2dCECF2$H;I2
5t_ 3)
2++C07t]
Q7<0OK
0K`_5o2x
aY&i5ugcG0
?#5_;0PD2Q0
!7Lq0Y
0JEi\SW
0qbd3?WA6P)U.3un
=0OnW&70l
)K|'-o-
XwwZ0U
A+pH6?_)
'qSV,<p
<!5d?[w
,;3Mck
YmK&9W# $t_
OK9z;c
kH_PzfAH S
au8Yt]7y
eLUJZ7_~)x
Sm#v7_~F
E6XoFy
oS47~_
woYQ06#IS
={CWphY6
=BhwxD
6a/C62
By$G#E7{d
[]Ew?{pS
$FO0\lHP}
"@' oG)
HPwo"w
w<}"!{wozg
0_RZwac<
-;.>Hzw6:
uw7w7L
O*tSi6
YpqI30HM?
.y6G}o
moiXr?
D8GY5pp!)L
^ia},)"H
&Xa"`W
a(:M4HT^la
(cM4<N^nz4M4
E@d\vV
M[~kwV
R7x6{wa
RL.iAZ%8:Dg{Vsn
#%JTeSr)
8ia|ksw"f
7{ ]")
>Qg">7
{H2Li}
8'E'BW
7ori1!
DwpJo/j=
DYya<Jn
\f7&+`
sX)Z7 y8
}uU{H.v}
,NwokLZ
8<wwc"pVS
0n{&Z=D
{?E-,[
1o7_{;&j"
B&\Z4z
f.0|+pH%L4C.(
v>q|n]0i
m5[]$ p2)o
O.FG~TeA
GetModuleHandleAPr}+AocAddr
HeapbA.
Exi/+F
fLRRegQue
O]KeypUs
Nam~CopySid
>Inr.ctClipR
UpdIrDe
TextOutiS
EazloS
StkP!Fo7sodir
csA<A,Tomm)mpos]i
Ss-,:1
bb~acm
QQAEpsfD
i!-Doublk
^r[ui*Icm3<
is-a@s
'yS`.a'0B
RvA;p"'
XPTPSWXaD$j
###;KK>
26;2+#####
#######
#####+bEXL
+######+
#####3
######3#
PD[>J22Ib|tLx63
333#3##3#>>
vDDP>2
333333333+ug
DW[[FvV####
333333333#J~~3#5gJIk#
3333333333+g +zT
##++++######
3333333333#J%Tz+3333333######
33333333333+
#33333333######
33333333333@II#33333333######
33333333333@+3333333333#####
333333333@?a
+23333333333####
33@j+233333333333###
j@3333333333333##
+jj23333333333333#
+I@3333333333333
2+$333333333333
al$2$33333333
$$$$233333
$$$$$$$$$$&&&
&&&&$$$$
7:::::::****************ss****@$$$$$
788888881;111n;;;11p;11111111;
))))))
o,,,,,,,L6,6Lr66rq6,,,,,,,E
)f/HHHH/
8(((((,Lx|>>Eq6,(,((,EM&/-999N/
K((((((XmV#R?DlV((((((EMC/N9<<<<<
,444444X|JJVT
DRmXF4444F4VMC-9<UUU
(444444X3?
DPIDP#F04440tM
4000000y2WIWRIuRI
0000050
5y{kkJ0? D~`f9f
0%%%%%%_
3^%%%%%y`f\f#
%%%%%%%%^_a%G_a%%G=%%%%%%^`f\f#
%%%%%%%%%BB%%%BB%GG%BB%GGGGG%G`f
G.......'''''''''''''''''''''.
-----------------d-)/
$$$$$$$$$$$$$$$$$$$$$h
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
ADVAPI32.dll
GDI32.dll
IMM32.dll
KERNEL32.DLL
Msacm32.dll
user32.dll
CopySid
TextOutA
ImmGetContext
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
acmMetrics
LoadIconA
KERNEL32.DLL
GetModuleHandleA
GetProcAddress
HeapCreate
HeapAlloc
GetACP
ExitProcess
FreeLibrary
ADVAPI32.dll
RegQueryValueExA
RegOpenKeyA
GetUserNameA
CopySid
GetLengthSid
GDI32.dll
IntersectClipRect
ExcludeClipRect
UpdateColors
DeleteObject
TextOutA
SetBkColor
SetTextColor
Rectangle
CreateSolidBrush
GetStockObject
CreateFontIndirectA
GetTextExtentExPointA
GetTextMetricsA
CreateFontA
IMM32.dll
ImmGetCompositionStringW
ImmSetCompositionFontA
ImmGetContext
ImmSetCompositionWindow
Msacm32.dll
acmMetrics
acmStreamOpen
user32.dll
GetMessageA
DefWindowProcA
PostQuitMessage
GetDoubleClickTime
GetQueueStatus
LoadIconA
RegisterClassA
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�8�0�0�0�0�2�5�
C�o�m�m�e�n�t�s�
C�o�m�p�a�n�y�N�a�m�e�
H�P� �C�o�r�p�
F�i�l�e�D�e�s�c�r�s�i�p�t�i�o�n�
c�a�l�c�.�e�x�e�
F�i�l�e�V�e�r�s�i�o�n�
6�.�3�.�3�.�1�
I�n�t�e�r�n�a�l�N�a�m�e�
c�a�l�c�.�e�x�e�
L�e�g�a�l�C�o�p�y�r�i�g�h�t�
C�o�p�y�r�i�g�h�t� �(�C�)� �2�0�1�1�
L�e�g�a�l�T�r�a�d�e�m�a�r�k�s�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
c�a�l�c�.�e�x�e�
P�r�i�v�a�t�e�B�u�i�l�d�
P�r�o�d�u�c�t�N�a�m�e�
c�a�l�c�.�e�x�e�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
6�.�3�.�3�.�1�
S�p�e�c�i�a�l�B�u�i�l�d�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
C�:�\�D�O�C�U�M�E�~�1�\�D�e�b�b�i�e�g�\�L�O�C�A�L�S�~�1�\�T�e�m�p�\�j�Z�i�p�\�j�Z�i�p�2�3�2�D�E�\�j�Z�i�p�C�3�D�8�\�X�e�r�o�x�_�S�c�a�n�_�0�0�2�_�2�0�1�1�2�0�1�3�.�e�x�e�
C�:�\�0�f�4�d�3�c�8�0�1�3�7�1�6�4�8�8�a�8�7�f�6�e�d�9�7�0�4�1�a�4�a�1�6�2�f�b�a�4�6�6�a�6�a�9�9�e�8�7�6�a�b�5�a�c�8�c�4�d�b�8�2�0�5�e�
C�:�\�G�7�y�D�W�g�4�m�.�e�x�e�
C�:�\�6�e�a�5�f�3�2�a�d�2�c�7�0�9�8�0�0�8�a�3�a�2�1�c�f�a�a�7�5�3�6�f�7�e�b�d�5�2�8�f�3�4�6�3�7�b�4�e�f�9�6�3�4�3�1�b�f�6�2�3�9�f�9�4�
C�:�\�4�d�b�b�1�6�a�9�f�2�e�a�1�f�0�f�1�8�1�2�f�2�d�3�9�f�3�a�4�3�a�6�0�1�3�7�e�4�8�5�f�a�2�b�6�c�0�8�0�2�6�6�7�6�e�5�9�2�3�9�e�d�c�6�
C�:�\�8�3�2�6�a�9�3�f�a�6�1�6�0�1�1�a�b�f�a�9�3�c�e�3�e�f�c�c�0�4�d�6�4�3�7�8�b�5�c�d�3�4�8�6�6�1�0�0�4�1�a�8�e�4�7�0�4�1�1�a�a�e�0�5�
C�:�\�a�E�O�4�l�Q�9�K�.�e�x�e�
C�:�\�N�7�_�i�e�1�x�5�.�e�x�e�
C�:�\�3�R�i�k�C�P�4�1�.�e�x�e�
C�:�\�9�P�4�7�S�e�y�Q�.�e�x�e�
C�:�\�h�R�T�i�3�V�N�E�.�e�x�e�
C�:�\�T�n�H�N�H�n�Z�x�.�e�x�e�
C�:�\�8�8�7�5�6�9�8�2�8�e�4�f�b�7�2�8�2�3�4�2�7�d�b�f�7�3�9�0�c�8�e�c�d�8�3�7�3�d�7�4�8�f�2�9�d�8�c�0�5�9�1�7�9�a�a�9�b�9�c�0�4�6�f�e�
C�:�\�8�b�9�b�6�a�d�8�4�9�b�7�d�2�d�e�f�0�3�7�4�b�e�0�a�3�3�8�b�e�7�5�6�e�4�3�e�e�e�f�a�1�d�4�f�c�3�b�7�f�4�1�e�a�5�1�5�1�d�0�b�5�1�d�
C�:�\�D�B�e�c�O�M�U�S�.�e�x�e�
C�:�\�j�8�8�w�T�m�m�w�.�e�x�e�
C�:�\�W�a�F�O�b�E�k�9�.�e�x�e�
C�:�\�Y�1�S�v�x�6�c�I�.�e�x�e�
C�:�\�z�G�g�G�W�B�S�I�.�e�x�e�
C�:�\�z�I�2�m�B�R�w�M�.�e�x�e�
C�:�\�2�O�H�7�0�N�e�y�.�e�x�e�
C�:�\�z�L�R�4�m�r�I�W�.�e�x�e�
C�:�\�v�O�Q�u�p�t�p�z�.�e�x�e�
C�:�\�H�S�O�Y�B�f�8�u�.�e�x�e�
C�:�\�q�1�i�p�v�G�E�L�.�e�x�e�
C�:�\�0�5�6�f�3�c�0�0�5�3�c�7�7�2�4�4�d�2�4�f�6�6�8�2�2�3�7�d�a�d�f�3�e�c�8�9�d�4�5�6�c�0�2�d�2�2�0�7�b�9�a�6�6�9�1�6�b�3�e�4�f�9�a�3�
C�:�\�3�9�c�2�3�9�6�1�e�5�7�2�2�1�6�1�e�c�e�3�b�6�d�1�3�a�4�3�c�c�6�1�d�8�e�f�1�5�d�e�4�1�3�d�0�9�c�5�d�b�1�1�6�9�e�2�f�c�1�b�4�2�2�7�
C�:�\�7�e�3�7�3�a�1�a�c�7�9�7�b�c�1�5�d�c�1�2�7�f�0�b�f�7�4�e�f�a�3�8�8�2�8�8�5�b�b�2�8�5�9�d�3�7�9�5�4�d�d�a�1�0�3�9�f�8�8�4�f�9�3�e�
C�:�\�3�f�7�5�4�4�b�c�f�d�5�b�8�6�0�7�d�d�8�b�d�d�a�5�b�3�5�5�9�9�8�b�3�d�6�0�f�b�0�0�f�d�f�e�5�a�4�3�e�9�4�2�3�0�d�6�2�7�e�6�8�0�3�9�
C�:�\�b�f�9�9�0�a�7�f�c�c�c�6�0�0�f�b�2�6�7�a�2�c�8�8�1�0�f�f�2�2�d�a�0�a�5�9�9�c�e�8�6�9�3�7�8�8�f�3�a�f�e�d�8�d�b�5�1�9�b�a�8�d�b�5�
C�:�\�u�N�4�U�S�h�D�C�.�e�x�e�
C�:�\�h�1�9�F�f�t�7�8�.�e�x�e�
C�:�\�2�E�s�W�w�U�5�x�.�e�x�e�
C�:�\�h�5�T�L�f�S�k�y�.�e�x�e�
C�:�\�W�Q�O�v�J�q�w�4�.�e�x�e�
C�:�\�m�9�L�c�H�B�I�S�.�e�x�e�
C�:�\�K�R�R�h�H�a�m�y�.�e�x�e�
C�:�\�4�D�8�6�F�N�G�j�.�e�x�e�
C�:�\�T�S�X�4�b�e�a�M�.�e�x�e�
C�:�\�y�q�K�G�s�g�q�X�.�e�x�e�
C�:�\�v�F�_�i�R�P�S�z�.�e�x�e�
C�:�\�_�y�H�w�T�q�u�R�.�e�x�e�
C�:�\�2�2�B�Z�h�8�U�_�.�e�x�e�
C�:�\�9�L�D�q�4�b�n�n�.�e�x�e�
C�:�\�N�F�Q�K�F�n�T�n�.�e�x�e�
C�:�\�2�U�D�Q�H�x�p�b�.�e�x�e�
C�:�\�L�W�2�k�N�y�A�I�.�e�x�e�
C�:�\�A�6�D�1�X�t�L�q�.�e�x�e�
C�:�\�K�L�z�y�Y�N�c�C�.�e�x�e�
C�:�\�T�s�d�H�i�I�g�n�.�e�x�e�
C�:�\�B�P�R�i�z�k�r�3�.�e�x�e�
C�:�\�M�m�k�M�g�r�0�X�.�e�x�e�
C�:�\�A�y�v�G�Z�6�H�u�.�e�x�e�
C�:�\�3�9�e�N�s�g�U�g�.�e�x�e�
C�:�\�j�M�d�T�d�M�r�O�.�e�x�e�
C�:�\�G�T�j�Z�P�_�J�v�.�e�x�e�
C�:�\�D�3�Y�e�q�d�N�G�.�e�x�e�
C�:�\�9�N�t�4�m�1�f�r�.�e�x�e�
C�:�\�2�5�b�W�n�R�Z�I�.�e�x�e�
C�:�\�t�G�B�5�5�S�d�N�.�e�x�e�
C�:�\�8�K�W�o�c�t�Q�g�.�e�x�e�
C�:�\�Z�x�U�y�G�j�9�t�.�e�x�e�
C�:�\�B�4�M�U�a�p�0�O�.�e�x�e�
C�:�\�h�N�8�s�R�E�J�F�.�e�x�e�
C�:�\�t�Z�E�D�x�u�X�h�.�e�x�e�
C�:�\�B�3�j�k�z�u�S�f�.�e�x�e�
C�:�\�c�z�e�N�3�4�h�s�.�e�x�e�
C�:�\�m�j�Z�Q�6�c�i�i�.�e�x�e�
C�:�\�T�Q�Z�a�H�Y�C�5�.�e�x�e�
C�:�\�r�Y�I�a�K�H�3�G�.�e�x�e�
C�:�\�s�J�5�W�C�X�Y�G�.�e�x�e�
C�:�\�I�1�_�v�a�I�D�1�.�e�x�e�
C�:�\�H�3�o�U�w�f�U�j�.�e�x�e�
C�:�\�0�g�j�4�8�H�S�8�.�e�x�e�
C�:�\�5�m�f�4�3�e�G�j�.�e�x�e�
C�:�\�p�w�u�9�C�8�8�n�.�e�x�e�
C�:�\�S�a�s�5�X�O�k�J�.�e�x�e�
C�:�\�h�5�K�x�1�N�K�R�.�e�x�e�
C�:�\�M�H�L�Q�n�W�w�b�.�e�x�e�
C�:�\�N�n�v�5�B�e�s�p�.�e�x�e�
C�:�\�W�g�J�C�p�E�o�R�.�e�x�e�
C�:�\�f�K�b�6�R�X�w�e�.�e�x�e�
C�:�\�a�s�W�C�r�i�F�J�.�e�x�e�
C�:�\�G�O�3�B�D�v�f�r�.�e�x�e�
C�:�\�r�v�x�D�Q�e�V�f�.�e�x�e�
C�:�\�3�d�9�1�8�7�1�7�0�e�0�e�d�b�1�d�6�3�9�0�3�e�a�c�c�6�5�9�a�c�5�5�7�9�1�4�e�9�d�c�3�6�e�6�5�b�b�8�9�3�3�f�d�8�9�2�9�8�9�1�a�f�2�0�
C�:�\�a�7�f�1�a�8�1�0�f�3�2�f�f�4�3�f�6�b�6�b�d�d�3�5�d�e�8�d�8�d�f�8�5�3�8�5�5�8�e�2�7�7�1�7�a�0�a�b�b�8�4�1�4�1�7�7�3�7�c�8�5�2�a�0�
C�:�\�3�0�4�9�5�e�2�c�3�9�f�1�6�8�6�6�7�d�4�f�4�6�7�a�f�9�3�0�8�7�6�d�7�1�d�8�c�2�e�4�3�0�8�1�4�8�4�4�a�f�3�4�0�c�5�7�e�4�c�7�b�b�5�a�
C�:�\�Q�S�W�n�s�Y�O�D�.�e�x�e�
C�:�\�t�4�k�c�v�x�\�k�v�4�f�u�i�.�e�x�e�
C�:�\�z�k�g�9�s�v�\�2�p�6�x�y�4�.�e�x�e�
C�:�\�f�3�v�y�r�Q�7�4�.�e�x�e�
C�:�\�0�d�b�0�9�8�e�c�5�b�5�2�c�f�0�8�6�c�d�2�5�2�a�8�a�e�7�1�0�0�8�9�2�f�7�d�1�8�c�2�b�3�e�0�2�3�f�1�4�4�5�4�f�4�0�3�2�a�f�7�a�c�1�a�
C�:�\�1�8�d�7�5�9�3�b�6�2�d�a�8�1�a�2�c�6�8�2�4�b�8�d�8�2�4�9�e�e�7�9�3�2�c�9�2�4�0�f�0�8�5�d�a�e�e�3�6�0�6�4�a�b�b�1�e�3�4�c�f�7�4�6�
C�:�\�2�4�4�b�4�0�d�3�7�9�f�9�8�4�3�b�1�7�f�c�8�c�9�8�0�9�5�2�5�b�c�5�5�9�6�3�8�9�a�a�8�1�b�f�4�f�6�7�3�8�8�f�0�f�e�9�1�3�d�9�4�2�8�f�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�M�5�f�O�Q�r�K�u�.�e�x�e�
C�:�\�j�v�q�U�M�B�O�1�.�e�x�e�
C�:�\�6�e�0�2�e�c�d�c�9�5�c�9�4�2�f�3�2�d�a�e�0�5�9�6�b�c�4�b�3�2�2�a�d�8�3�a�7�b�0�d�c�0�d�e�8�4�d�8�1�8�8�0�e�7�4�c�6�9�3�7�6�6�6�c�
C�:�\�4�9�4�7�7�2�9�9�f�e�e�e�6�3�6�1�d�2�7�a�6�4�2�3�0�9�1�c�c�1�4�e�2�2�6�1�8�1�4�0�e�3�8�9�2�e�a�1�7�d�e�4�1�3�8�d�9�0�b�8�3�1�c�0�
C�:�\�D�o�w�n�l�o�a�d�s�\�1�4�c�b�d�c�6�a�d�9�4�c�6�d�9�c�7�2�f�a�7�1�f�b�8�a�e�8�e�3�c�3�.�e�x�e�
C�:�\�Y�q�I�x�s�h�u�o�.�e�x�e�
C�:�\�d�c�0�d�3�4�1�8�6�6�8�2�9�e�5�8�2�f�3�5�e�1�b�4�0�2�f�6�5�5�4�b�5�a�e�2�f�4�4�f�4�8�f�d�d�2�9�d�5�e�8�2�6�a�b�7�8�4�a�c�b�8�5�3�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�l�u�s�e�r�\�D�e�s�k�t�o�p�\�i�k�e�8�0�h�m�p�.�e�x�e�
C�:�\�b�7�4�d�c�5�3�a�6�d�d�0�8�9�2�3�9�0�3�8�2�b�a�3�c�6�9�4�0�c�9�a�9�e�f�2�3�d�7�0�3�b�9�e�f�c�f�f�9�9�3�c�4�f�e�5�e�e�c�9�4�e�d�4�
C�:�\�O�B�O�u�r�F�_�Y�.�e�x�e�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�C�u�A�a�9�6�t�j�.�e�x�e�
C�:�\�e�7�N�L�F�H�z�D�.�e�x�e�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�n�n�d�u�X�C�U�Y�.�e�x�e�
C�:�\�K�e�6�d�q�O�Q�o�.�e�x�e�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�s�1�7�L�w�9�z�f�.�e�x�e�
C�:�\�p�_�8�s�R�W�7�i�.�e�x�e�
C�:�\�d�2�a�c�4�2�b�5�1�6�0�c�9�0�8�8�f�9�f�e�3�e�f�d�0�8�1�8�3�8�5�6�8�0�4�7�c�4�0�e�7�5�1�d�8�b�3�5�f�7�6�2�f�a�3�b�8�1�8�9�8�9�2�4�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�u�s�X�D�x�k�j�u�.�e�x�e�
C�:�\�4�b�c�c�3�1�f�c�5�c�7�a�4�4�9�9�3�1�2�7�0�e�d�e�e�a�d�8�1�4�d�2�6�5�4�9�d�8�9�7�5�9�f�d�7�d�d�4�6�b�2�9�1�c�c�3�c�e�a�a�3�c�4�1�
C�:�\�B�d�J�2�U�F�7�d�.�e�x�e�
C�:�\�8�7�5�4�e�9�1�2�a�f�1�e�8�d�2�c�a�a�6�c�6�c�b�6�7�6�4�c�6�7�5�0�c�a�0�5�7�8�c�f�f�a�3�2�3�d�f�3�7�a�4�5�0�5�c�2�a�b�9�f�6�f�a�2�
C�:�\�3�0�d�6�c�9�0�a�0�0�c�0�9�8�1�1�6�2�c�c�5�2�a�a�9�e�3�8�2�d�9�1�d�f�2�e�4�4�f�e�f�0�e�5�3�3�4�e�0�0�7�f�c�5�7�6�1�9�1�c�5�7�1�a�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�5�Y�t�K�5�N�Y�y�.�e�x�e�
C�:�\�q�K�S�W�L�Q�a�h�.�e�x�e�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�A�v�v�v�g�d�P�Y�.�e�x�e�
C�:�\�S�e�G�V�W�z�A�e�.�e�x�e�
C�:�\�b�b�a�d�f�7�4�7�4�f�e�4�8�f�f�6�a�1�2�a�0�9�4�b�9�7�0�d�7�7�2�c�b�f�d�c�9�0�e�9�d�f�7�0�4�2�f�3�e�3�b�a�1�4�1�6�b�5�3�8�d�d�8�6�
c�:�\�t�a�s�k�\�A�9�A�0�1�0�A�2�C�D�7�5�1�C�8�7�A�A�F�6�2�E�2�3�9�8�7�F�2�0�0�8�.�e�x�e�
C�:�\�r�x�X�5�c�7�k�0�.�e�x�e�
C�:�\�6�e�8�6�d�6�e�6�2�9�2�a�7�6�a�5�a�4�9�5�f�e�c�1�9�a�5�5�3�9�2�b�9�1�c�f�b�e�a�c�d�8�8�8�0�7�2�c�8�b�8�e�d�2�0�2�4�3�5�7�a�6�2�2�
C�:�\�2�5�3�1�c�4�5�e�7�8�7�0�e�3�f�1�3�d�8�9�6�9�2�0�4�d�b�0�f�e�2�f�b�7�0�6�6�e�9�4�d�7�1�7�e�6�8�2�8�c�2�4�c�1�7�c�3�6�b�9�8�7�d�2�
C�:�\�v�b�C�1�y�j�P�i�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�s�a�m�p�l�e�.�e�x�e�
C�:�\�K�l�K�u�F�e�_�s�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�s�a�m�p�l�e�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�f�a�c�t�u�r�a�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�s�a�m�p�l�e�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�s�a�m�p�l�e�.�e�x�e�
C�:�\�7�5�e�b�f�6�8�4�b�c�6�9�9�9�6�b�2�8�1�9�b�9�b�f�f�f�6�2�6�0�2�d�6�e�4�9�b�a�2�2�5�9�d�0�0�f�7�f�b�4�2�0�d�8�4�b�a�1�a�a�3�1�0�0�
C�:�\�u�8�0�v�6�U�G�1�.�e�x�e�
c�:�\�V�I�D�6�9�0�5�5�1�4�8�6�.�e�x�e�
C�:�\�4�5�3�8�8�2�b�7�5�c�4�8�f�0�1�9�3�7�b�0�d�a�7�3�a�c�4�9�0�5�6�9�a�a�d�d�9�7�3�a�7�3�f�a�6�a�d�8�8�0�6�d�e�f�d�2�3�d�a�f�3�0�1�1�
C�:�\�g�P�V�k�c�2�O�G�.�e�x�e�
C�:�\�c�d�3�8�6�a�8�2�d�0�6�a�b�b�1�e�4�7�2�2�9�9�2�c�f�9�f�d�c�b�0�e�0�6�3�9�c�8�8�3�0�3�8�b�b�1�d�c�b�c�2�0�2�8�d�2�a�e�9�1�5�2�1�2�
C�:�\�a�6�3�c�4�2�e�f�1�b�a�d�2�3�6�5�7�7�c�6�5�6�8�e�6�a�6�5�5�4�4�c�5�9�d�6�5�f�a�2�6�2�e�4�8�d�d�6�8�e�0�a�6�9�8�e�2�b�e�b�e�3�0�8�
C�:�\�5�e�9�4�f�b�8�b�f�0�f�5�e�7�4�d�5�f�b�9�0�8�e�0�f�1�2�8�7�f�3�2�9�b�5�3�c�6�1�0�c�d�0�b�f�d�f�1�9�c�8�b�2�6�f�c�d�b�c�0�f�c�1�3�
C�:�\�8�5�b�a�a�d�5�2�4�8�8�3�a�2�c�b�e�9�3�6�c�8�7�4�4�b�b�a�a�0�0�d�5�1�1�2�5�b�1�1�7�e�4�0�2�f�9�a�7�1�4�a�8�4�8�b�9�0�d�1�b�c�1�2�
C�:�\�b�e�c�e�1�a�d�1�6�4�d�e�f�8�b�0�2�6�f�1�0�e�1�b�7�f�8�a�0�d�f�5�7�3�a�6�5�5�e�1�f�8�b�b�7�8�1�d�0�6�8�6�f�8�4�8�1�b�a�c�3�f�f�f�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�n�v�o�i�c�e�.�e�x�e�
C�:�\�0�6�6�2�9�d�a�a�5�5�0�7�2�e�1�f�1�2�a�6�7�f�8�6�f�e�3�b�b�b�0�2�a�2�5�d�3�6�7�a�d�e�9�0�6�4�0�6�7�d�8�1�0�b�0�d�1�9�5�7�7�d�c�9�
C�:�\�_�J�d�V�X�M�a�z�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�f�a�c�t�u�r�a�.�e�x�e�
C�:�\�8�6�5�b�0�4�a�d�0�f�0�4�5�1�2�a�c�e�7�d�c�0�7�8�8�5�c�7�6�1�8�e�d�9�3�3�5�c�a�0�4�2�7�2�7�2�1�5�4�a�8�a�e�8�3�e�9�9�e�7�b�9�4�0�
C�:�\�c�0�c�9�5�e�b�6�8�2�b�c�7�6�7�f�8�b�1�8�c�8�8�1�9�9�7�5�e�d�4�9�0�e�b�6�a�3�e�3�9�2�f�a�6�4�1�4�3�8�8�3�f�a�c�3�f�4�3�0�e�4�1�c�
Hosts
| IP |
|---|
| 114.114.114.114 |
| 8.8.8.8 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | |
| dns.msftncsi.com |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 61714 | 8.8.8.8 | 53 |
| 192.168.56.101 | 56933 | 8.8.8.8 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 58485 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58485 | 8.8.8.8 | 53 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.