1.0
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.73
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Trojan-gen | 20200215 | 18.4.3895.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200215 | 2013.8.14.323 |
| McAfee | PWSZbot-FIT!BB097B2369BD | 20200215 | 6.0.6.653 |
| Tencent | Malware.Win32.Gencirc.10b0c6c7 | 20200215 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(3 个事件)
| section | .MPRESS1 |
| section | .MPRESS2 |
| section | .imports |
动态指标
网络通信
与未执行 DNS 查询的主机进行通信
(2 个事件)
| host | 114.114.114.114 | |||
| host | 8.8.8.8 | |||
文件已被 VirusTotal 上 57 个反病毒引擎识别为恶意
(50 out of 57 个事件)
| ALYac | Gen:Variant.Ulise.43117 |
| APEX | Malicious |
| AVG | Win32:Trojan-gen |
| Acronis | suspicious |
| Ad-Aware | Gen:Variant.Ulise.43117 |
| AhnLab-V3 | Trojan/Win32.Upatre.C3089037 |
| Antiy-AVL | Trojan[Downloader]/Win32.Agent |
| Arcabit | Trojan.Ulise.DA86D |
| Avast | Win32:Trojan-gen |
| Avira | TR/Crypt.XPACK.Gen |
| BitDefender | Gen:Variant.Ulise.43117 |
| BitDefenderTheta | Gen:NN.ZexaF.34090.dqY@aaxQBUmi |
| CAT-QuickHeal | Trojan.GenericCS.S7229614 |
| ClamAV | Win.Downloader.Upatre-5744087-0 |
| Comodo | TrojWare.Win32.TrojanDownloader.Upatre.AAL@5l06uw |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.369bd2 |
| Cylance | Unsafe |
| Cyren | W32/S-a2a6ca5b!Eldorado |
| DrWeb | Trojan.DownLoad3.28161 |
| ESET-NOD32 | Win32/TrojanDownloader.Small.AAB |
| Emsisoft | Gen:Variant.Ulise.43117 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/S-a2a6ca5b!Eldorado |
| F-Secure | Trojan.TR/Crypt.XPACK.Gen |
| FireEye | Generic.mg.bb097b2369bd2a63 |
| Fortinet | W32/Zbot.QMSC!tr |
| GData | Gen:Variant.Ulise.43117 |
| Ikarus | Trojan-PWS.Win32.Fareit |
| Invincea | heuristic |
| Jiangmin | TrojanDownloader.Agent.ekgf |
| K7AntiVirus | Trojan ( 0052964f1 ) |
| K7GW | Trojan ( 0052964f1 ) |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| MAX | malware (ai score=87) |
| Malwarebytes | Trojan.Downloader |
| MaxSecure | Trojan.Upatre.Gen |
| McAfee | PWSZbot-FIT!BB097B2369BD |
| McAfee-GW-Edition | BehavesLike.Win32.Downloader.pt |
| MicroWorld-eScan | Gen:Variant.Ulise.43117 |
| Microsoft | TrojanDownloader:Win32/Upatre.A |
| NANO-Antivirus | Trojan.Win32.Agent.cnfeqb |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | HEUR/QVM19.1.4227.Malware.Gen |
| Rising | Spyware.Zbot!8.16B (RDMK:cmRtazqMwPiC8iOpHzPmDPRf5gbX) |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
| Sophos | Troj/AutoG-AV |
| Symantec | ML.Attribute.HighConfidence |
| Tencent | Malware.Win32.Gencirc.10b0c6c7 |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2013-10-31 14:23:23
PE Imphash
2eb47895ee25649cf9e79d6e6127836a
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .MPRESS1 | 0x00001000 | 0x00009000 | 0x00006e00 | 4.558246030801454 |
| .MPRESS2 | 0x0000a000 | 0x00001000 | 0x00000400 | 5.874360208900479 |
| .rsrc | 0x0000b000 | 0x00002000 | 0x00001e00 | 5.943749196188174 |
| .imports | 0x0000d000 | 0x00001000 | 0x00000400 | 3.174378747046209 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_BITMAP | 0x00007130 | 0x00000c28 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x0000b0b0 | 0x00001ac0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_GROUP_ICON | 0x0000cbb0 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_MANIFEST | 0x0000cc04 | 0x00000149 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library user32.dll:
• 0x405040 ShowWindow
• 0x405044 PostQuitMessage
• 0x405048 GetMessageA
• 0x40504c DispatchMessageA
• 0x405050 TranslateMessage
• 0x405054 MoveWindow
• 0x405058 CreateWindowExA
• 0x40505c RegisterClassExA
• 0x405060 DefWindowProcA
• 0x405064 SendMessageA
• 0x405068 LoadIconA
• 0x40506c LoadCursorA
• 0x405070 FillRect
• 0x405074 GetDC
• 0x405078 DialogBoxParamA
• 0x40507c GetWindowRect
• 0x405080 UpdateWindow
• 0x405084 SetFocus
Library kernel32.dll:
• 0x405008 GetModuleHandleA
• 0x40500c GetCommandLineA
• 0x405010 FindFirstFileA
• 0x405014 GetCurrentDirectoryA
• 0x405018 FindClose
• 0x40501c CreateFileMappingA
• 0x405020 FindNextFileA
• 0x405024 DeleteFileA
• 0x405028 CloseHandle
• 0x40502c GetCurrentProcessId
• 0x405030 GetCurrentProcess
• 0x405034 GetCurrentThreadId
• 0x405038 GetLastError
Library gdi32.dll:
• 0x405000 CreateSolidBrush
L!Win32 .EXE.
.MPRESS1
.MPRESS2
.imports
@@h(QZ
@@i>hZ
@@hhjX
+D-5G`j
%'\tm4Wj+2 h(
cie$xc
( XqLD|
d<Xm N-@
CC2BBBB
r_u4a@
MX+u]UuMRQ
BFYIuZu;us
GFu;uuY]+Z
@@>3H)
@@-?d,
@@8h:d
VWAAf9
uE@ME;ve
E;Es N$
@@xL;$
+hG-@ 5am
"j=n0(
D)jBn'
a]ndVG)P
(n u( D{!
L(J#v_m(
hamYoA\/}
&(:9aoM'
md|Q~+(
wmid7a)f$(
4)q\D(
(\;$/"%
xUR`u4
`%m%r9
memV`)nt(S)(
8yA}V;m
4e}=$m
(Y6_%,^
(0h$\$(
B](>yn
Q]n</]#
,z0?h(
Ve[& `0Xh'm
;At*)Qld
>Ae`^g(
pm*n-(
,_j'/!J`Y
(rD9:))
%(qmK(
"Z'T-\L'-
vtew(k)nQ"
vc?E}$(
Q(n~w].b'M
(+ef$}
kmp4< (
u4/4\Z(
6s4)OPha((
$ }+m!
&\hPe4i
$$X]aX(
t5 ,(hd
C,+$o%
(%$m(m
((R`hm'mv$
9%].t[*{p`(
p `h,F@Rw`
``4e[Q
%l{-Dme(
lh#a9na*(2
(-q(Fa8,
(=(K.(
++8'%((
*$iz\4O
*-hbaP p
tauaPf6+
z{K.e(
+as'a8$P#
}l@i$ni
(qad<$+
nLk8~(
[X7#*(d[
euh)))(
(#&5}|x/
&ml.rRr
5-Mm0%f${
(D(-`i)(
h+'[YU
e/P27X{(
(-cna`Am
+6u4>)
p6 unm
`@"*Mg(
N)5MQ9 5
((i9*k
Q(P}\^(
Ei-LT?
qc$ q"]
(~Ju.$n
(-ah8B
((/h/$((
]^$)i$m)aoE4
L[uclN
d;q'MhgLh6(
J+IIII
@@@@8Q/9a@
FGIu54a@
FFFF=a@
@;s`;s
FGIu=a@
@@>}mJ
@@>hjJ
@@kDmj
8@@@@0
EM+PEM+X+@Pj
7u1 a@
GV+=a@
QRRha@
JRV0a@
4uc(a@
GGGGBBBBIuj8j
FG3@_^]
user32.dll
ShowWindow
PostQuitMessage
GetMessageA
DispatchMessageA
TranslateMessage
MoveWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
SendMessageA
LoadIconA
LoadCursorA
FillRect
DialogBoxParamA
GetWindowRect
UpdateWindow
SetFocus
kernel32.dll
GetModuleHandleA
GetCommandLineA
FindFirstFileA
GetCurrentDirectoryA
FindClose
CreateFileMappingA
FindNextFileA
DeleteFileA
CloseHandle
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
GetLastError
gdi32.dll
CreateSolidBrush
8Muex<
KERNEL32
VirtualProtect
G(XPTPjxWXt=
popular
jhwHakh
hf`iiK%>
Diih0mh^lih
h}ahnhhh|H?
h;;g(!olh
iHlKhwh
hq8k.h
hl--uh
he8 h7
hV;thF<
hkh2%gKiHl
iHlKhKi
performs complex
button
Window
listbox
ground
HL@(i<i
oK(l@$
hhhj(8
hijhlh
pI$* ?j,{;""d2G~A
s"Destroy
operators
easily
=RB/ )
72V-</
U<U<%2-#[
V]A8R@
outside
X8hjRj
@iPFZh
X8hjRj
@iPFZh
X8hjRj
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
user32.dll
gdi32.dll
CreateSolidBrush
t7Kt'Kt
Znjjikpsomruuvvyzz{}
m-h(g$j(k+p1r4n0r4z@w<v:w=x@
IKJKSPT``n|lpw
d#{Ct8r4x?zAx?x>{BI
HNONSVRSVXRUR`ns
i1h+h-i-m2p4r6w={B{@~EKNNNP[\]_^]bnqotw
f4c/f1h3j5l3n5q9t<y?{A}ELOX][ZZ]dcciiqy~
f7`2c4e7h9g7i;l=n>s@uByE}I}IS[XWY\aafnhn
^5Y-\1]3^4^5b8c:c;d<g@jBnBnDpFrHqGwL~TWWZ]emolv
YQ0UN(VP+UO*VN,WN+XQ,[S.\S.aW0a[1e_4le7jd6hb7pi<rl=qn=vtBxwDxwExwEopDnlCpqBx}J|Q{M
OY\adeknj
BJ->E%AI'>H'?I'?I'AJ)CM*FQ+O]/^k7`p:^o9[n7Ym8au=fz@f{Ag}BkEe
C]{=Pm7Nj6Z|@cG\C^FcL]FcJjNmOjQu]ts
FL-CJ'FP*HR,GR+HS-IV/HU-KX/Sf5Yp;Wr<XvAeJ_~D[}B`KdLaG^I\J[IZHeQb^xYs[sWVdn
M^7Qe6Sh8Nc5FY1EX1G\2H_4Qn<VyBUyFe
OrVrVgLfLgO`M]LdRdnlu
Tp?Qo<He8?Y2A]3B`3Ee6Ou?]NoV_b]}Vr
8W%bvJOh;Ea8@[6Ed9Jo=R}HgW|`_^^j
\g9}}WsvNnwNkwOi{QmX|ehcgo
hh<~~XW\
]~afjp
poB`\[}_ez_t
kp>}W}X|XpzQsZo
Vlgisrklfbghhiormkmr
I`YZYYY[[[Z[]^afc`_bq
>WPSRSSRRRPQSUY^[WUWd
5PIKJKKKJKJKLMRTOLKP_
5.0/0000000//11///03;AHbw
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo></assembly>
user32.dll
ShowWindow
PostQuitMessage
GetMessageA
DispatchMessageA
TranslateMessage
MoveWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
SendMessageA
LoadIconA
LoadCursorA
FillRect
DialogBoxParamA
GetWindowRect
UpdateWindow
SetFocus
kernel32.dll
GetModuleHandleA
GetCommandLineA
FindFirstFileA
GetCurrentDirectoryA
FindClose
CreateFileMappingA
FindNextFileA
DeleteFileA
CloseHandle
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
GetLastError
gdi32.dll
CreateSolidBrush
e�b�0�5�f�2�b�f�a�a�6�0�9�7�9�8�c�d�9�e�5�f�3�f�7�c�f�6�d�f�3�d�e�f�f�b�d�3�0�5�
C�:�\�6�6�7�9�9�e�9�2�d�9�2�e�6�6�1�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�0�V�u�T�Y�z�Z�e�.�e�x�e�
C�:�\�b�5�0�b�3�f�8�2�a�6�3�c�b�2�2�e�0�d�a�a�8�3�a�0�b�e�4�0�d�7�8�2�7�3�0�1�d�5�0�2�6�5�2�c�9�4�b�1�9�8�f�4�d�5�e�a�3�f�7�a�7�c�4�9�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�f�N�p�a�s�l�U�Q�.�e�x�e�
C�:�\�9�9�7�8�7�2�b�c�0�a�5�6�6�9�f�3�e�c�3�9�5�6�1�b�3�0�5�d�8�c�4�c�3�e�b�1�7�2�3�a�9�a�b�a�4�7�e�b�0�4�9�e�4�9�6�8�d�3�3�8�b�4�e�b�
C�:�\�F�N�1�D�q�X�o�h�.�e�x�e�
C�:�\�5�6�b�0�2�1�6�2�1�d�3�d�1�1�c�0�2�4�e�0�4�4�6�4�3�7�2�b�9�f�6�9�8�1�0�0�f�2�f�9�6�1�1�8�8�6�a�3�e�9�0�9�0�7�a�f�4�0�8�1�7�7�5�6�
C�:�\�9�e�b�5�e�e�6�0�6�e�4�3�6�5�b�a�8�2�d�c�2�d�c�5�0�8�4�8�b�8�1�5�d�1�7�6�e�a�e�8�e�8�0�9�d�9�d�8�7�3�0�7�a�0�2�2�6�1�a�7�a�0�1�b�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�d�j�l�7�e�n�P�s�.�e�x�e�
C�:�\�5�f�a�f�3�1�f�4�7�6�1�3�8�8�0�6�1�2�b�6�a�7�d�3�7�f�c�8�6�e�2�7�6�6�2�3�7�0�2�7�f�2�3�6�5�4�3�b�1�8�0�1�b�5�2�f�d�5�d�5�b�3�c�3�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�Y�7�O�C�m�8�A�C�.�e�x�e�
C�:�\�j�P�0�K�Q�x�_�D�.�e�x�e�
C�:�\�d�4�0�f�9�a�6�d�c�6�b�0�5�f�4�3�e�d�b�b�3�f�1�8�0�8�f�d�c�b�0�a�2�f�2�5�0�6�1�4�1�4�1�6�c�1�4�1�d�f�5�5�c�e�c�5�6�8�2�5�e�5�5�c�
C�:�\�f�5�d�6�f�d�5�a�f�d�c�4�4�c�6�d�5�5�3�e�a�7�2�1�b�c�3�c�e�d�0�c�5�b�a�e�d�b�3�6�3�8�1�6�1�8�b�6�3�d�d�1�5�7�3�1�e�a�a�6�9�3�3�d�
C�:�\�3�a�0�6�b�e�4�9�a�1�9�e�1�e�4�d�2�8�7�0�3�7�6�8�c�4�2�f�a�d�c�e�6�1�6�e�e�c�9�f�0�d�0�9�3�7�3�7�b�d�d�e�d�6�1�a�6�6�f�e�4�a�b�6�
C�:�\�f�1�0�0�4�a�b�8�d�f�2�7�4�4�8�1�c�f�5�8�e�4�6�8�7�e�3�b�b�d�7�b�2�7�6�4�9�b�5�9�9�2�0�7�5�6�b�4�6�0�9�4�2�d�1�2�7�d�2�3�2�3�6�c�
C�:�\�g�u�M�P�q�4�b�R�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�J�J�t�B�i�V�W�b�.�e�x�e�
C�:�\�9�d�5�c�d�4�5�2�6�8�7�9�1�7�c�3�4�c�8�a�b�7�e�2�8�d�2�3�6�8�4�6�4�7�a�9�d�e�4�f�8�8�b�1�b�5�1�8�4�3�1�3�8�7�9�f�b�1�6�1�9�e�2�d�
C�:�\�b�3�3�b�4�e�4�9�d�7�6�d�c�b�0�9�0�3�a�5�f�c�8�4�0�3�3�f�b�a�5�d�2�3�9�8�0�7�d�f�5�b�f�5�6�7�2�3�1�1�c�2�4�f�9�5�b�7�8�5�1�3�6�4�
C�:�\�Z�y�I�c�Y�4�b�Y�.�e�x�e�
C�:�\�7�9�e�2�f�f�b�3�d�b�d�e�0�e�4�b�1�e�2�9�1�5�0�3�c�a�d�b�3�8�e�f�3�d�4�2�1�7�4�d�d�c�f�2�1�a�4�f�2�c�d�b�c�8�8�0�a�0�f�d�8�8�3�0�
C�:�\�j�2�N�x�J�i�F�s�.�e�x�e�
C�:�\�d�b�0�c�e�1�1�a�f�3�a�c�9�4�8�b�c�9�8�2�a�6�4�8�d�b�e�5�7�a�c�9�f�b�3�a�b�1�b�6�0�d�a�4�5�2�e�3�8�d�d�1�3�7�9�d�2�0�3�8�3�f�b�b�
C�:�\�D�w�j�W�1�V�a�O�.�e�x�e�
C�:�\�a�7�f�8�7�5�3�0�9�4�3�a�b�3�b�8�8�5�1�6�1�9�d�9�e�7�e�f�4�1�c�e�7�b�c�d�b�2�5�3�9�1�b�2�4�e�8�9�6�c�4�8�3�2�8�d�7�8�3�f�0�4�9�b�
C�:�\�d�3�0�e�5�6�b�4�e�4�5�b�b�c�7�8�3�3�5�5�c�f�9�3�7�1�d�7�5�0�c�9�d�9�1�a�9�a�8�4�5�2�3�6�d�b�3�9�4�a�7�e�e�7�8�a�b�3�f�0�d�8�a�c�
C�:�\�H�r�2�b�2�r�z�E�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�l�u�s�e�r�\�D�e�s�k�t�o�p�\�H�Q�n�F�p�u�S�Y�.�e�x�e�
C�:�\�4�4�5�d�c�f�5�6�6�7�8�d�4�8�8�6�d�9�e�c�e�6�6�2�2�0�b�1�7�5�3�3�7�1�6�c�5�d�8�a�6�0�4�2�f�b�0�a�e�f�3�6�3�3�d�1�4�7�7�7�b�a�6�f�
C�:�\�d�9�3�5�b�c�6�2�3�4�a�9�0�c�1�5�6�b�1�5�0�0�2�6�5�f�b�9�7�c�8�f�c�0�7�6�c�4�4�4�0�1�8�a�f�3�5�6�a�1�2�7�e�0�e�a�c�1�d�d�b�9�c�f�
C�:�\�D�t�T�g�W�A�4�I�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�n�v�o�i�c�e�.�e�x�e�
C�:�\�7�8�a�5�5�a�8�f�8�b�a�2�0�7�0�d�0�f�8�3�a�b�e�5�1�6�6�a�f�5�7�b�b�e�5�6�5�9�4�d�5�a�8�a�8�f�d�4�d�2�e�a�3�7�7�d�8�d�7�7�d�2�d�8�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�Q�g�F�E�k�W�L�j�.�e�x�e�
C�:�\�N�M�T�E�i�D�i�n�.�e�x�e�
C�:�\�a�d�f�5�1�a�c�c�5�9�8�a�c�c�a�2�e�b�5�8�1�8�5�6�9�a�2�a�e�0�4�f�b�e�3�f�f�4�c�9�6�e�b�3�b�2�6�0�8�4�4�9�8�a�d�9�5�0�f�e�2�0�f�0�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�i�8�O�2�0�a�8�0�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�f�a�c�t�u�r�a�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�E�F�W�3�M�L�X�f�.�e�x�e�
C�:�\�y�r�D�0�w�N�N�7�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�n�v�o�i�c�e�.�e�x�e�
C�:�\�m�J�1�n�s�Z�J�X�.�e�x�e�
C�:�\�1�a�9�7�3�7�6�1�4�c�c�3�b�5�6�4�a�b�6�c�9�6�7�1�2�8�0�b�3�0�0�0�b�c�5�8�0�f�2�9�8�6�5�c�f�8�9�2�1�b�d�d�6�5�1�2�a�d�9�8�7�1�b�1�
C�:�\�5�b�9�9�c�7�d�d�b�b�7�f�b�d�c�8�c�c�1�4�c�9�1�b�0�2�8�6�2�d�f�b�d�d�d�e�c�d�b�4�3�b�e�5�9�9�9�5�b�6�3�c�4�2�9�1�0�3�b�8�2�5�8�d�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�l�u�s�e�r�\�D�e�s�k�t�o�p�\�v�C�6�Q�y�M�Z�b�.�e�x�e�
C�:�\�R�g�i�7�6�F�0�w�.�e�x�e�
C�:�\�0�7�a�8�1�6�9�d�9�0�d�6�8�f�3�5�e�1�0�7�0�7�0�7�5�b�3�5�2�6�8�1�1�c�f�4�1�b�9�2�c�4�a�9�4�5�2�f�6�4�a�b�6�4�a�d�7�c�7�9�a�3�b�a�
C�:�\�p�X�h�o�e�B�o�7�.�e�x�e�
C�:�\�3�1�b�f�5�4�8�5�a�0�3�f�9�2�3�4�5�e�2�a�b�f�6�4�9�8�2�3�b�1�0�7�9�4�4�0�2�a�5�3�2�b�2�4�a�1�a�4�7�7�d�2�1�f�5�5�4�e�e�5�7�a�c�5�
C�:�\�4�f�8�f�c�2�4�e�f�b�d�7�d�0�a�6�8�c�8�7�5�0�5�a�6�5�8�3�a�c�7�a�5�f�4�e�4�7�1�5�e�d�1�e�0�a�7�6�8�e�6�b�d�b�6�f�3�1�5�1�2�c�1�b�
C�:�\�5�7�f�c�9�f�9�1�7�7�8�d�3�2�f�f�0�4�e�3�0�0�b�3�f�5�2�e�c�7�6�f�6�2�0�3�5�9�9�0�c�a�a�6�e�a�a�2�4�c�0�8�7�d�e�4�f�0�3�c�4�d�8�1�
C�:�\�5�e�1�2�d�8�7�0�0�5�6�a�c�9�3�5�6�2�7�e�b�a�7�f�9�7�5�5�c�e�c�1�4�1�4�0�8�7�5�0�6�5�0�e�4�d�a�8�d�0�7�6�0�1�8�6�3�a�3�b�1�9�0�c�
C�:�\�2�d�2�8�d�a�2�4�8�6�6�9�9�a�9�3�6�5�5�8�b�a�7�b�7�f�b�a�c�3�3�b�3�6�6�9�c�2�5�8�7�2�d�d�b�6�9�e�7�8�d�e�4�a�9�0�3�0�c�8�d�b�1�e�
C�:�\�8�7�e�1�3�b�d�7�4�3�3�5�7�8�1�9�7�8�5�e�9�2�d�8�f�3�f�f�e�4�1�f�d�d�d�e�4�0�5�1�e�b�8�e�0�b�f�7�9�0�8�4�e�3�1�b�2�f�6�a�e�5�b�e�
C�:�\�e�3�6�a�1�f�f�a�a�4�c�8�f�2�e�0�0�a�1�c�8�d�0�a�2�7�d�1�7�8�3�2�2�c�a�5�2�0�8�a�a�b�2�6�f�b�9�0�b�8�4�f�4�5�b�d�f�6�9�a�3�d�3�a�
C�:�\�f�8�3�9�a�d�f�d�6�a�4�d�d�1�9�0�b�9�9�a�9�7�3�0�3�f�c�3�9�1�4�f�2�0�4�8�b�0�9�9�7�f�2�d�4�9�d�a�a�7�b�a�e�d�6�1�d�f�b�5�4�2�6�d�
C�:�\�a�d�d�5�c�6�2�2�d�7�f�0�4�3�c�c�c�f�c�7�a�b�d�3�b�8�7�6�9�e�9�c�1�2�5�0�f�0�e�8�2�c�5�3�4�3�9�5�b�7�3�c�c�c�6�f�3�2�4�8�6�c�f�9�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�r�e�t�r�o�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�d�0�1�9�a�5�c�8�e�2�4�0�1�9�0�b�_�r�e�t�r�o�.�e�x�e�
C�:�\�y�J�_�6�Z�2�E�M�.�e�x�e�
C�:�\�2�d�7�5�9�3�2�b�4�1�9�f�f�c�0�c�2�f�1�a�d�9�7�e�e�6�0�5�8�2�a�7�0�1�3�8�2�7�4�7�4�7�3�f�0�8�c�2�5�a�b�8�0�7�4�2�4�4�e�3�b�e�6�8�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�r�e�t�r�o�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�r�e�t�r�o�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�e�c�b�f�1�3�0�1�8�1�f�b�3�b�0�9�_�r�e�t�r�o�.�e�x�e�
C�:�\�e�a�5�a�d�a�b�6�3�6�6�2�3�8�0�5�a�e�1�3�a�6�a�8�5�1�b�5�1�6�b�5�b�2�8�0�9�2�9�a�e�2�0�d�a�6�d�e�8�5�2�0�f�4�9�0�3�5�c�8�f�3�d�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�r�e�t�r�o�.�p�e�3�2�
C�:�\�d�2�6�7�f�b�b�c�8�e�c�b�0�4�0�a�d�2�4�a�e�2�e�3�1�b�8�8�2�a�0�4�7�9�c�4�5�a�6�7�e�0�8�5�5�4�0�7�0�c�2�9�e�5�1�5�c�2�e�f�9�6�a�7�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�r�e�t�r�o�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�6�9�b�a�4�5�7�d�a�0�1�e�b�8�c�d�_�r�e�t�r�o�.�e�x�e�
C�:�\�5�4�4�f�9�f�e�3�c�1�5�c�a�f�e�b�b�9�0�c�e�f�f�7�2�a�7�c�d�9�f�f�3�c�4�d�2�2�0�5�9�4�c�3�d�4�9�d�f�2�5�f�8�f�1�b�b�1�7�8�3�3�6�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�r�e�t�r�o�.�e�x�e�
C�:�\�8�8�4�5�e�e�6�e�d�e�9�b�3�c�9�7�b�0�4�0�2�7�2�4�4�a�4�1�0�3�e�7�e�0�b�5�0�e�6�8�e�0�1�6�a�d�a�f�e�e�a�b�6�3�c�3�2�b�4�9�5�7�d�5�
C�:�\�5�d�c�4�8�0�c�b�8�4�a�3�1�f�d�9�9�a�c�7�e�3�8�0�4�b�0�2�f�1�e�0�6�e�9�9�1�e�a�f�f�a�5�e�f�6�e�b�3�b�b�b�6�f�6�5�a�4�4�9�6�1�4�2�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�r�e�t�r�o�.�p�e�3�2�
C�:�\�a�2�f�d�f�f�2�b�4�0�c�b�a�9�3�8�3�d�f�7�a�6�4�3�4�f�7�3�4�2�d�a�2�f�c�8�3�4�b�b�7�7�4�9�3�2�3�d�a�e�a�6�8�c�3�9�7�e�4�1�a�0�f�9�
C�:�\�4�6�7�7�5�b�9�2�c�c�7�f�6�b�e�a�b�e�f�f�f�f�3�e�7�9�a�2�7�a�e�b�d�3�1�9�9�3�b�a�e�3�5�9�7�3�b�1�b�2�d�b�f�5�8�1�2�2�e�a�5�2�e�b�
C�:�\�4�e�3�f�e�6�a�e�3�6�7�8�b�6�9�a�6�f�2�e�a�a�e�4�e�d�8�f�4�d�5�b�7�c�d�5�f�0�c�9�9�0�3�3�6�a�0�c�0�0�3�b�5�a�d�2�9�a�9�8�c�c�0�0�
C�:�\�c�a�e�d�1�8�8�6�9�f�f�8�9�4�5�8�6�4�1�8�e�a�0�7�7�2�3�b�8�7�0�e�9�3�b�b�6�2�d�d�c�b�e�3�f�c�0�c�a�a�3�3�9�3�7�6�0�d�0�8�a�9�b�b�
C�:�\�3�7�0�b�b�4�9�e�f�b�8�e�4�b�e�d�c�2�f�3�6�f�5�b�3�d�9�3�0�a�b�c�2�a�1�7�2�0�0�8�0�b�f�9�b�4�4�3�e�7�d�e�9�f�8�2�f�6�2�4�e�7�1�e�
C�:�\�f�0�4�6�c�a�3�9�e�3�3�b�2�e�9�b�8�4�4�5�0�b�6�7�2�b�6�f�c�f�2�2�7�c�a�9�a�4�2�6�1�8�0�2�6�a�7�d�f�8�9�c�0�8�4�2�f�0�e�7�f�8�c�f�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�r�e�t�r�o�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�D�T�0�2�i�W�C�M�.�e�x�e�
C�:�\�6�4�c�c�f�3�4�5�3�c�2�a�0�b�5�1�d�3�e�c�5�8�f�4�0�4�0�8�6�f�2�f�d�5�f�a�d�9�5�a�6�3�a�7�7�3�9�8�1�d�1�7�2�8�a�d�1�9�1�5�9�6�3�9�
C�:�\�c�a�5�f�7�9�6�c�a�0�a�7�7�e�3�d�3�5�5�8�3�9�b�9�1�c�1�7�3�d�4�c�4�2�1�8�f�f�7�e�a�5�8�5�1�8�3�d�f�a�6�5�c�b�1�5�0�3�6�9�e�0�e�c�
C�:�\�5�6�c�b�7�5�5�1�6�e�b�a�6�e�8�7�1�7�3�c�f�0�0�9�c�4�5�7�d�4�c�3�f�2�a�e�4�f�4�f�7�c�5�a�6�e�f�9�2�f�8�e�6�e�2�4�3�0�3�b�5�8�0�2�
C�:�\�f�f�8�d�c�a�3�9�2�c�5�9�e�2�5�1�5�0�6�c�e�7�2�5�9�4�9�0�4�5�2�7�a�4�5�3�4�2�f�1�8�a�1�e�f�9�7�f�e�f�c�f�c�f�8�2�c�2�a�0�8�c�9�b�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�l�u�s�e�r�\�D�e�s�k�t�o�p�\�p�e�M�L�U�C�Y�l�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�a�6�b�d�6�e�9�0�a�3�a�2�6�3�c�c�4�1�d�a�e�8�1�9�1�1�7�3�f�8�2�6�6�7�e�6�e�0�4�6�7�e�4�4�b�2�a�4�f�9�a�4�d�4�7�5�4�3�3�d�6�c�6�b�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�s�N�8�K�H�1�b�o�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�4�2�8�7�1�3�9�3�b�3�0�6�6�8�8�7�7�c�4�9�a�6�a�c�c�c�7�9�7�5�b�e�7�f�a�4�d�0�b�b�3�0�e�1�9�a�b�e�c�1�c�e�e�d�2�e�4�5�8�5�c�b�e�1�.�e�x�e�
C�:�\�3�9�6�3�5�f�d�d�7�0�b�b�2�4�b�6�2�4�7�9�e�4�a�2�7�d�b�c�7�9�a�2�c�0�d�7�2�f�b�8�0�9�4�d�1�d�3�6�f�0�d�e�6�a�a�8�b�5�5�c�b�c�5�f�
C�:�\�3�6�6�a�a�e�7�5�6�b�e�9�e�8�5�d�f�a�e�c�a�7�5�1�8�6�2�8�d�1�2�7�0�6�1�0�4�5�b�a�e�b�1�b�d�4�5�1�1�f�e�9�3�7�8�0�4�1�a�1�3�3�7�c�
C�:�\�2�0�0�2�b�5�9�0�6�7�5�f�d�0�d�2�1�e�f�0�2�d�2�d�f�c�b�7�1�5�e�c�5�d�c�6�d�d�e�c�c�7�e�e�a�e�b�7�8�4�3�7�8�7�f�9�a�6�c�c�6�6�b�8�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�r�e�t�r�o�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�D�f�o�G�c�U�i�E�.�e�x�e�
C�:�\�U�s�e�r�s�\�R�A�4�9�1�~�1�.�V�U�L�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�7�b�d�5�f�3�c�a�b�4�7�3�3�9�4�5�3�e�7�5�f�e�5�d�5�a�1�e�e�3�0�1�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�r�e�t�r�o�.�e�x�e�
C�:�\�9�8�c�6�0�c�3�9�3�f�4�a�b�d�6�4�8�7�e�f�a�b�a�4�7�3�5�e�1�7�2�e�2�4�f�1�1�f�f�f�6�0�1�8�0�4�5�b�d�3�0�b�1�0�a�e�c�c�6�5�7�5�e�f�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�l�u�s�e�r�\�D�e�s�k�t�o�p�\�5�Z�3�9�7�A�C�u�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�f�i�l�e�.�p�e�3�2�
C�:�\�d�4�e�e�2�f�a�1�0�8�4�b�9�1�e�6�c�1�1�5�8�0�5�f�0�f�2�7�2�6�5�4�e�b�c�b�d�d�7�e�0�4�4�a�2�6�0�d�5�4�f�b�5�6�1�d�d�d�a�1�6�b�5�5�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�r�e�t�r�o�.�e�x�e�
C�:�\�6�b�f�2�a�b�c�d�f�2�6�c�6�8�d�1�b�8�8�6�f�0�4�a�f�6�a�9�0�c�b�9�a�6�a�a�9�6�3�8�c�a�4�d�c�5�b�e�4�e�7�d�4�a�3�9�d�a�5�2�e�6�f�4�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�l�u�s�e�r�\�D�e�s�k�t�o�p�\�2�M�X�j�k�X�s�S�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�d�4�8�7�4�6�e�d�4�c�9�0�7�c�6�8�5�8�8�e�9�2�7�7�2�a�2�d�9�3�a�4�e�0�2�c�1�4�2�4�2�6�9�b�6�5�3�9�5�4�3�5�0�9�c�5�6�7�7�b�1�8�c�1�.�e�x�e�
Hosts
| IP |
|---|
| 114.114.114.114 |
| 8.8.8.8 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com |
A 131.107.255.255
A 131.107.255.255 |
131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 61714 | 8.8.8.8 | 53 |
| 192.168.56.101 | 56933 | 8.8.8.8 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 58485 | 114.114.114.114 | 53 |
| 192.168.56.101 | 57665 | 114.114.114.114 | 53 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.