11.2
0-day
该样本未表现出任何异常!
重新分析
更多

653e3fb265ced4d6a77a87f1f21b86b9d28f3b15f77ebf8661aef315bf6942b7

d67fa8ff50dbcab8b8c9076d5fa7bc4f.exe

分析耗时

96s

最近分析

文件大小

2.0MB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Queries for the computername (5 个事件)
Time & API Arguments Status Return Repeated
1620841921.80275
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620841922.44375
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620841922.83375
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620841922.97475
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1620841923.03675
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
This executable is signed
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1620841904.411875
GlobalMemoryStatusEx
success 1 0
The executable uses a known packer (1 个事件)
packer Armadillo v1.71
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Performs some HTTP requests (18 个事件)
request GET http://www.google-analytics.com/collect
request GET http://update.drp.su/nano/
request GET http://www.google-analytics.com/collect?v=1&tid=UA-58593486-1&cid=475531113.4378068597&t=event&ec=driverpack%20nano&ea=application%20opened&el=1.0.9&ul=&z=6981636727187654&cd1=475531113.4378068597&cd2=1.0.9&cd3=7%20x64&cd4=SP%201&cd5=Windows%207%20%E6%97%97%E8%88%B0%E7%89%88%20&cd6=(not%20set)
request GET http://www.google-analytics.com/collect?v=1&tid=UA-68879973-8&cid=475531113.4378068597&t=event&ec=driverpack%20nano&ea=application%20opened&el=1.0.9&ul=&z=2576460618367237&sc=start&cd1=475531113.4378068597&cd2=1.0.9&cd3=7%20x64&cd4=SP%201&cd5=Windows%207%20%E6%97%97%E8%88%B0%E7%89%88%20&cd6=(not%20set)
request GET http://repository.certum.pl/ca.cer
request GET http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
request GET http://subca.ocsp-certum.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBR5iK7tYk9tqQEoeQhZNkKcAol9bgQUjEPEy22YwaechGnr30oNYJY6w%2FsCEQCTkoVAAWVxX5R%2FKI%2FvyZso
request GET http://subca.ocsp-certum.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTYOkzrrCGQj08njZXbUQQpkoUmuQQUCHbNywf%2FJPbFze27kLzihDdGdfcCEQDkBUeDDgxkUpdvejVJwN1I
request GET http://yandex.ocsp-responder.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBStniMGfahyWUWDEeSLUFbNR9JLAgQUN1zjGeCyjqGoTtLPq9Dc4wtcNU0CEDbEISBuJVGq0KdX46enAhA%3D
request GET https://mc.yandex.ru/metrika/watch.js
request GET https://mc.yandex.ru/watch/33423178?callback=_ymjsp732145695&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2FADMINI~1.OSK%2FAppData%2FLocal%2FTemp%2F7ZipSfx.000%2Fbin%2FDriverPack.html%23%2522C%253A%255CUsers%255CADMINI~1.OSK%255CAppData%255CLocal%255CTemp%255C7ZipSfx.000%255Cbin%255CTools%255Crun.hta%2522%2520%2522--sfx%2522%2520%2522d67fa8ff50dbcab8b8c9076d5fa7bc4f.exe%2522&nohit=1&charset=utf-8&ut=noindex&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Abx1nzewshyqnl6k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Azh-CN%3Av%3A504%3Acn%3A1%3Adp%3A0%3Als%3A148874099228%3Ahid%3A345177584%3Az%3A480%3Ai%3A20210512231250%3Aet%3A1620832370%3Ac%3A1%3Arn%3A1059298212%3Au%3A1620832370262645196%3Aw%3A800x538%3As%3A800x600x32%3Aifr%3A1%3Aj%3A1%3Asti%3A1%3Arqnl%3A1%3Ati%3A3%3Ast%3A1620832372%3At%3ADriverPack%20Solution&wmode=5
request GET https://mc.yandex.ru/metrika/advert.gif
request GET https://mc.yandex.ru/watch/33423178/1?callback=_ymjsp732145695&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2FADMINI~1.OSK%2FAppData%2FLocal%2FTemp%2F7ZipSfx.000%2Fbin%2FDriverPack.html%23%2522C%253A%255CUsers%255CADMINI~1.OSK%255CAppData%255CLocal%255CTemp%255C7ZipSfx.000%255Cbin%255CTools%255Crun.hta%2522%2520%2522--sfx%2522%2520%2522d67fa8ff50dbcab8b8c9076d5fa7bc4f.exe%2522&nohit=1&charset=utf-8&ut=noindex&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Abx1nzewshyqnl6k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Azh-CN%3Av%3A504%3Acn%3A1%3Adp%3A0%3Als%3A148874099228%3Ahid%3A345177584%3Az%3A480%3Ai%3A20210512231250%3Aet%3A1620832370%3Ac%3A1%3Arn%3A1059298212%3Au%3A1620832370262645196%3Aw%3A800x538%3As%3A800x600x32%3Aifr%3A1%3Aj%3A1%3Asti%3A1%3Arqnl%3A1%3Ati%3A3%3Ast%3A1620832372%3At%3ADriverPack%20Solution&wmode=5
request GET https://mc.yandex.ru/watch/35290400?callback=_ymjsp286229830&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2FADMINI~1.OSK%2FAppData%2FLocal%2FTemp%2F7ZipSfx.000%2Fbin%2FDriverPack.html%23%2522C%253A%255CUsers%255CADMINI~1.OSK%255CAppData%255CLocal%255CTemp%255C7ZipSfx.000%255Cbin%255CTools%255Crun.hta%2522%2520%2522--sfx%2522%2520%2522d67fa8ff50dbcab8b8c9076d5fa7bc4f.exe%2522&nohit=1&charset=utf-8&ut=noindex&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Abx1nzewshyqnl6k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Azh-CN%3Av%3A504%3Acn%3A2%3Adp%3A0%3Als%3A1247899440108%3Ahid%3A345177584%3Az%3A480%3Ai%3A20210512231250%3Aet%3A1620832371%3Ac%3A1%3Arn%3A73722452%3Au%3A1620832370262645196%3Aw%3A800x538%3As%3A800x600x32%3Aifr%3A1%3Aj%3A1%3Asti%3A1%3Arqnl%3A1%3Ati%3A3%3Ast%3A1620832372%3At%3ADriverPack%20Solution&wmode=5
request GET https://mc.yandex.ru/watch/33423178?callback=_ymjsp429400524&page-url=http%3A%2F%2Fnano.drp.su%2Fdriverpack_nano%2Fapplication_opened%2F1.0.9&charset=utf-8&site-info=%7B%22clientId%22%3A%22475531113.4378068597%22%2C%22computerId%22%3A%22929579003.0567977698%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Abx1nzewshyqnl6k%3Afu%3A2%3Aen%3Autf-8%3Ala%3Azh-CN%3Av%3A504%3Acn%3A1%3Adp%3A0%3Als%3A148874099228%3Ahid%3A345177584%3Az%3A480%3Ai%3A20210512231253%3Aet%3A1620832374%3Ac%3A1%3Arn%3A618117067%3Au%3A1620832370262645196%3Aw%3A800x538%3As%3A800x600x32%3Aifr%3A1%3Aj%3A1%3Asti%3A1%3Arqnl%3A1%3Aadb%3A2%3Ati%3A3%3Ast%3A1620832374%3At%3ADriverPack%20Solution&wmode=5
request GET https://mc.yandex.ru/watch/33423178/1?callback=_ymjsp429400524&page-url=http%3A%2F%2Fnano.drp.su%2Fdriverpack_nano%2Fapplication_opened%2F1.0.9&charset=utf-8&site-info=%7B%22clientId%22%3A%22475531113.4378068597%22%2C%22computerId%22%3A%22929579003.0567977698%22%2C%22experimentNumber%22%3A%22%28not%20set%29%22%2C%22language%22%3A%22%22%7D&ut=noindex&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Abx1nzewshyqnl6k%3Afu%3A2%3Aen%3Autf-8%3Ala%3Azh-CN%3Av%3A504%3Acn%3A1%3Adp%3A0%3Als%3A148874099228%3Ahid%3A345177584%3Az%3A480%3Ai%3A20210512231253%3Aet%3A1620832374%3Ac%3A1%3Arn%3A618117067%3Au%3A1620832370262645196%3Aw%3A800x538%3As%3A800x600x32%3Aifr%3A1%3Aj%3A1%3Asti%3A1%3Arqnl%3A1%3Aadb%3A2%3Ati%3A3%3Ast%3A1620832374%3At%3ADriverPack%20Solution&wmode=5
request GET https://mc.yandex.ru/watch/35290400/1?callback=_ymjsp286229830&page-url=file%3A%2F%2F%2FC%3A%2FUsers%2FADMINI~1.OSK%2FAppData%2FLocal%2FTemp%2F7ZipSfx.000%2Fbin%2FDriverPack.html%23%2522C%253A%255CUsers%255CADMINI~1.OSK%255CAppData%255CLocal%255CTemp%255C7ZipSfx.000%255Cbin%255CTools%255Crun.hta%2522%2520%2522--sfx%2522%2520%2522d67fa8ff50dbcab8b8c9076d5fa7bc4f.exe%2522&nohit=1&charset=utf-8&ut=noindex&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Abx1nzewshyqnl6k%3Afu%3A0%3Aen%3Autf-8%3Ala%3Azh-CN%3Av%3A504%3Acn%3A2%3Adp%3A0%3Als%3A1247899440108%3Ahid%3A345177584%3Az%3A480%3Ai%3A20210512231250%3Aet%3A1620832371%3Ac%3A1%3Arn%3A73722452%3Au%3A1620832370262645196%3Aw%3A800x538%3As%3A800x600x32%3Aifr%3A1%3Aj%3A1%3Asti%3A1%3Arqnl%3A1%3Ati%3A3%3Ast%3A1620832372%3At%3ADriverPack%20Solution&wmode=5
request GET https://mc.yandex.ru/watch/35290400?callback=_ymjsp641165897&page-url=http%3A%2F%2Fnano.drp.su%2Fdriverpack_nano%2Fapplication_opened%2F1.0.9&charset=utf-8&site-info=%7B%22clientId%22%3A%22475531113.4378068597%22%2C%22computerId%22%3A%22929579003.0567977698%22%2C%22experimentNumber%22%3A%22(not%20set)%22%2C%22language%22%3A%22%22%7D&ut=noindex&browser-info=pv%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Abx1nzewshyqnl6k%3Afu%3A2%3Aen%3Autf-8%3Ala%3Azh-CN%3Av%3A504%3Acn%3A2%3Adp%3A0%3Als%3A1247899440108%3Ahid%3A345177584%3Az%3A480%3Ai%3A20210512231255%3Aet%3A1620832376%3Ac%3A1%3Arn%3A757750415%3Au%3A1620832370262645196%3Aw%3A800x538%3As%3A800x600x32%3Aifr%3A1%3Aj%3A1%3Asti%3A1%3Arqnl%3A1%3Aadb%3A2%3Ati%3A3%3Ast%3A1620832376%3At%3ADriverPack%20Solution&wmode=5
Resolves a suspicious Top Level Domain (TLD) (2 个事件)
domain mc.yandex.ru description Russian Federation domain TLD
domain update.drp.su description Soviet Union domain TLD
Allocates read-write-execute memory (usually to unpack itself) (28 个事件)
Time & API Arguments Status Return Repeated
1620841906.349375
NtProtectVirtualMemory
process_identifier: 2984
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x747e1000
success 0 0
1620841906.364375
NtProtectVirtualMemory
process_identifier: 2984
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75391000
success 0 0
1620841906.474375
NtProtectVirtualMemory
process_identifier: 2984
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x74f91000
success 0 0
1620841906.474375
NtProtectVirtualMemory
process_identifier: 2984
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76881000
success 0 0
1620841918.25575
NtProtectVirtualMemory
process_identifier: 1812
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x72421000
success 0 0
1620841919.98975
NtProtectVirtualMemory
process_identifier: 1812
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75091000
success 0 0
1620841920.02175
NtProtectVirtualMemory
process_identifier: 1812
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x74651000
success 0 0
1620841920.03675
NtProtectVirtualMemory
process_identifier: 1812
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x74511000
success 0 0
1620841920.09975
NtProtectVirtualMemory
process_identifier: 1812
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x74731000
success 0 0
1620841920.16175
NtProtectVirtualMemory
process_identifier: 1812
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73a61000
success 0 0
1620841920.80275
NtProtectVirtualMemory
process_identifier: 1812
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x735f1000
success 0 0
1620841920.92775
NtProtectVirtualMemory
process_identifier: 1812
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x72351000
success 0 0
1620841920.94375
NtProtectVirtualMemory
process_identifier: 1812
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x72341000
success 0 0
1620841920.97475
NtProtectVirtualMemory
process_identifier: 1812
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x72331000
success 0 0
1620841921.00575
NtProtectVirtualMemory
process_identifier: 1812
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x72311000
success 0 0
1620841921.03675
NtProtectVirtualMemory
process_identifier: 1812
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x72301000
success 0 0
1620841921.36475
NtProtectVirtualMemory
process_identifier: 1812
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x72221000
success 0 0
1620841924.36475
NtProtectVirtualMemory
process_identifier: 1812
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x71d11000
success 0 0
1620841924.67775
NtProtectVirtualMemory
process_identifier: 1812
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x71d01000
success 0 0
1620841928.31875
NtProtectVirtualMemory
process_identifier: 1812
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x71cf1000
success 0 0
1620841928.34975
NtProtectVirtualMemory
process_identifier: 1812
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x71cb1000
success 0 0
1620841928.34975
NtProtectVirtualMemory
process_identifier: 1812
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x71c91000
success 0 0
1620841928.39675
NtProtectVirtualMemory
process_identifier: 1812
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x71c51000
success 0 0
1620841928.59975
NtProtectVirtualMemory
process_identifier: 1812
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x71c11000
success 0 0
1620841928.64675
NtProtectVirtualMemory
process_identifier: 1812
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x71bb1000
success 0 0
1620841928.64675
NtProtectVirtualMemory
process_identifier: 1812
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x71b61000
success 0 0
1620841930.11475
NtProtectVirtualMemory
process_identifier: 1812
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x71b41000
success 0 0
1620841930.11475
NtProtectVirtualMemory
process_identifier: 1812
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x71b31000
success 0 0
Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (1 个事件)
Time & API Arguments Status Return Repeated
1620841902.599875
GetDiskFreeSpaceExW
root_path: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\7ZipSfx.000
free_bytes_available: 19612344320
total_number_of_free_bytes: 0
total_number_of_bytes: 0
success 1 0
Creates executable files on the filesystem (21 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JSSP0KXB\watch[1].js
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\bin\tools\modules\clientid.js
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\drivers\DP_WebCam_18112\Genius\WinAll\Look310\csnpstd.dll
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\bin\language.js
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\bin\polyfills.js
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\bin\tools\patch.reg
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\drivers\DP_WebCam_18112\Genius\WinAll\Look310\TwainUI.dll
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\drivers\DP_WebCam_18112\Genius\WinAll\Look310\vsnpstd.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\DriverPack.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\bin\main.js
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\drivers\DP_WebCam_18112\Genius\WinAll\Look310\AMCap.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\bin\tools\start.js
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\bin\tools\init.cmd
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\drivers\DP_WebCam_18112\Genius\WinAll\Look310\vsnpstd.dll
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\bin\tools\driverpack-wget.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\bin\languages\en.js
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\bin\tools\dpinst64.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\bin\tools\dpinst.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\bin\languages\ru.js
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\bin\bluebird.js
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\bin\tools\DriverPack-Notifier.exe
Creates a suspicious process (4 个事件)
cmdline "C:\Windows\System32\mshta.exe" "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\7ZipSfx.000\bin\Tools\run.hta" "--sfx" "d67fa8ff50dbcab8b8c9076d5fa7bc4f.exe"
cmdline C:\Windows\System32\mshta.exe "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\7ZipSfx.000\bin\Tools\run.hta" "--sfx" "d67fa8ff50dbcab8b8c9076d5fa7bc4f.exe"
cmdline C:\Windows\System32\cmd.exe /c Tools\init.cmd "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\7ZipSfx.000\bin\Tools\run.hta" "--sfx" "d67fa8ff50dbcab8b8c9076d5fa7bc4f.exe"
cmdline "C:\Windows\System32\cmd.exe" /c Tools\init.cmd "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\7ZipSfx.000\bin\Tools\run.hta" "--sfx" "d67fa8ff50dbcab8b8c9076d5fa7bc4f.exe"
Drops a binary and executes it (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\DriverPack.exe
Drops an executable to the user AppData folder (12 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\drivers\DP_WebCam_18112\Genius\WinAll\Look310\snpstd.sys
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\bin\tools\DriverPack-Notifier.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\drivers\DP_WebCam_18112\Genius\WinAll\Look310\TwainUI.dll
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\bin\tools\driverpack-wget.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\drivers\DP_WebCam_18112\Genius\WinAll\Look310\vsnpstd.dll
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\drivers\DP_WebCam_18112\Genius\WinAll\Look310\AMCap.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\DriverPack.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\drivers\DP_WebCam_18112\Genius\WinAll\Look310\csnpstd.dll
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\drivers\DP_WebCam_18112\Genius\WinAll\Look310\vsnpstd.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\bin\tools\dpinst.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\drivers\DP_WebCam_18112\Genius\WinAll\Look310\snpstd.ds
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\drivers\DP_WebCam_18112\Genius\WinAll\Look310\dsnpstd.ax
Executes one or more WMI queries (5 个事件)
wmi SELECT * FROM Win32_SystemEnclosure
wmi SELECT * FROM Win32_ComputerSystemProduct
wmi SELECT * FROM Win32_OperatingSystem
wmi SELECT * FROM Win32_ComputerSystem
wmi SELECT * FROM Win32_BaseBoard
A process created a hidden window (2 个事件)
Time & API Arguments Status Return Repeated
1620841905.958502
ShellExecuteExW
parameters: --sfx d67fa8ff50dbcab8b8c9076d5fa7bc4f.exe
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\DriverPack.exe
filepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\7ZipSfx.000\DriverPack.exe
show_type: 0
success 1 0
1620841906.802375
ShellExecuteExW
parameters: /c Tools\init.cmd "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\7ZipSfx.000\bin\Tools\run.hta" "--sfx" "d67fa8ff50dbcab8b8c9076d5fa7bc4f.exe"
filepath: C:\Windows\System32\cmd.exe
filepath_r: C:\Windows\System32\cmd.exe
show_type: 0
success 1 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620841921.38075
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Uses Windows utilities for basic Windows functionality (2 个事件)
cmdline reg import C:\Users\ADMINI~1.OSK\AppData\Local\Temp\7ZipSfx.000\bin\tools\\patch.reg
cmdline C:\Windows\sysnative\reg.exe import C:\Users\ADMINI~1.OSK\AppData\Local\Temp\7ZipSfx.000\bin\tools\\patch.reg
Executes one or more WMI queries which can be used to identify virtual machines (2 个事件)
wmi SELECT * FROM Win32_ComputerSystemProduct
wmi SELECT * FROM Win32_ComputerSystem
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 172.217.24.14
host 95.140.233.140
Creates an Alternate Data Stream (ADS) (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\bin\call:reg
Attempts to modify browser security settings (11 个事件)
registry HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1406
registry HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\drp.su\update-test2\http
registry HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\drp.su\update\http
registry HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\drp.su\update\https
registry HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\drp.su\update-test2\https
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SSLUX\mshta.exe
registry HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_GPU_RENDERING\mshta.exe
registry HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SSLUX\mshta.exe
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_NINPUT_LEGACYMODE\mshta.exe
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_GPU_RENDERING\mshta.exe
registry HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_NINPUT_LEGACYMODE\mshta.exe
Attempts to create or modify system certificates (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118\Blob
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1620841923.94375
RegSetValueExA
key_handle: 0x00000210
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620841923.94375
RegSetValueExA
key_handle: 0x00000210
value: pÇU*AG×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620841923.94375
RegSetValueExA
key_handle: 0x00000210
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620841923.94375
RegSetValueExW
key_handle: 0x00000210
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620841923.94375
RegSetValueExA
key_handle: 0x000004c4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620841923.94375
RegSetValueExA
key_handle: 0x000004c4
value: pÇU*AG×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620841923.94375
RegSetValueExA
key_handle: 0x000004c4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620841924.00575
RegSetValueExW
key_handle: 0x000004b4
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1620841924.72475
RegSetValueExA
key_handle: 0x0000069c
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620841924.72475
RegSetValueExA
key_handle: 0x0000069c
value: @óÌ*AG×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620841924.72475
RegSetValueExA
key_handle: 0x0000069c
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620841924.72475
RegSetValueExW
key_handle: 0x0000069c
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620841924.72475
RegSetValueExA
key_handle: 0x000006a0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620841924.72475
RegSetValueExA
key_handle: 0x000006a0
value: @óÌ*AG×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620841924.72475
RegSetValueExA
key_handle: 0x000006a0
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
One or more non-safelisted processes were created (2 个事件)
parent_process wscript.exe martian_process "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\7ZipSfx.000\DriverPack.exe" --sfx d67fa8ff50dbcab8b8c9076d5fa7bc4f.exe
parent_process wscript.exe martian_process C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\DriverPack.exe --sfx d67fa8ff50dbcab8b8c9076d5fa7bc4f.exe
The process wscript.exe wrote an executable file to disk which it then attempted to execute (2 个事件)
file C:\Windows\SysWOW64\wscript.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\7ZipSfx.000\DriverPack.exe
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2016-04-03 06:14:34

Imports

Library COMCTL32.dll:
0x41d010
Library SHELL32.dll:
0x41d274 ShellExecuteExW
0x41d278 ShellExecuteW
0x41d27c SHGetMalloc
0x41d284 SHBrowseForFolderW
0x41d288 SHGetFileInfoW
Library GDI32.dll:
0x41d018 CreateCompatibleDC
0x41d01c CreateFontIndirectW
0x41d020 DeleteObject
0x41d024 DeleteDC
0x41d028 GetCurrentObject
0x41d02c StretchBlt
0x41d030 GetDeviceCaps
0x41d038 SelectObject
0x41d03c SetStretchBltMode
0x41d040 GetObjectW
Library ADVAPI32.dll:
0x41d000 FreeSid
Library USER32.dll:
0x41d294 GetParent
0x41d298 ScreenToClient
0x41d29c CreateWindowExW
0x41d2a0 GetDesktopWindow
0x41d2a8 SetWindowPos
0x41d2ac SetTimer
0x41d2b0 GetMessageW
0x41d2b4 CopyImage
0x41d2b8 KillTimer
0x41d2bc CharUpperW
0x41d2c0 SendMessageW
0x41d2c4 ShowWindow
0x41d2c8 BringWindowToTop
0x41d2cc wsprintfW
0x41d2d0 MessageBoxW
0x41d2d4 EndDialog
0x41d2d8 ReleaseDC
0x41d2dc GetWindowDC
0x41d2e0 GetMenu
0x41d2e4 GetWindowLongW
0x41d2e8 GetClassNameA
0x41d2ec wsprintfA
0x41d2f0 DispatchMessageW
0x41d2f4 SetWindowTextW
0x41d2f8 GetSysColor
0x41d2fc DestroyWindow
0x41d300 MessageBoxA
0x41d304 GetKeyState
0x41d308 IsWindow
0x41d30c GetDlgItem
0x41d310 GetClientRect
0x41d314 GetSystemMetrics
0x41d318 SetWindowLongW
0x41d31c UnhookWindowsHookEx
0x41d320 SetFocus
0x41d328 DrawTextW
0x41d32c GetDC
0x41d330 ClientToScreen
0x41d334 GetWindow
0x41d33c DrawIconEx
0x41d340 CallWindowProcW
0x41d344 DefWindowProcW
0x41d348 CallNextHookEx
0x41d34c PtInRect
0x41d350 SetWindowsHookExW
0x41d354 LoadImageW
0x41d358 LoadIconW
0x41d35c MessageBeep
0x41d360 EnableWindow
0x41d364 EnableMenuItem
0x41d368 GetSystemMenu
0x41d36c CreateWindowExA
0x41d370 wvsprintfW
0x41d374 GetWindowTextW
0x41d378 GetWindowRect
Library ole32.dll:
0x41d384 CoCreateInstance
0x41d388 CoInitialize
Library OLEAUT32.dll:
0x41d25c SysAllocStringLen
0x41d260 VariantClear
0x41d264 SysFreeString
0x41d268 OleLoadPicture
0x41d26c SysAllocString
Library KERNEL32.dll:
0x41d048 SetFileTime
0x41d04c SetEndOfFile
0x41d054 VirtualFree
0x41d058 GetModuleHandleA
0x41d060 VirtualAlloc
0x41d064 ReadFile
0x41d068 SetFilePointer
0x41d06c GetFileSize
0x41d07c FormatMessageW
0x41d080 lstrcpyW
0x41d084 LocalFree
0x41d088 IsBadReadPtr
0x41d08c GetSystemDirectoryW
0x41d090 GetCurrentThreadId
0x41d094 SuspendThread
0x41d098 TerminateThread
0x41d0a0 ResetEvent
0x41d0a4 SetEvent
0x41d0a8 CreateEventW
0x41d0ac GetVersionExW
0x41d0b0 GetModuleFileNameW
0x41d0b4 GetCurrentProcess
0x41d0c0 GetDriveTypeW
0x41d0c4 CreateFileW
0x41d0c8 LoadLibraryA
0x41d0cc SetThreadLocale
0x41d0d8 CompareFileTime
0x41d0dc WideCharToMultiByte
0x41d0e0 GetTempPathW
0x41d0ec lstrcmpiW
0x41d0f0 GetLocaleInfoW
0x41d0f4 MultiByteToWideChar
0x41d104 lstrcmpiA
0x41d108 GlobalAlloc
0x41d10c GlobalFree
0x41d110 MulDiv
0x41d114 FindResourceExA
0x41d118 SizeofResource
0x41d11c LoadResource
0x41d120 LockResource
0x41d124 GetModuleHandleW
0x41d128 FindFirstFileW
0x41d12c lstrcmpW
0x41d130 DeleteFileW
0x41d134 FindNextFileW
0x41d138 FindClose
0x41d13c RemoveDirectoryW
0x41d140 GetStdHandle
0x41d144 WriteFile
0x41d148 lstrlenA
0x41d14c CreateDirectoryW
0x41d150 GetFileAttributesW
0x41d158 GetLocalTime
0x41d160 CreateThread
0x41d164 GetExitCodeThread
0x41d168 Sleep
0x41d16c SetFileAttributesW
0x41d170 GetDiskFreeSpaceExW
0x41d174 SetLastError
0x41d178 GetTickCount
0x41d17c lstrlenW
0x41d180 ExitProcess
0x41d184 lstrcatW
0x41d188 GetProcAddress
0x41d18c CloseHandle
0x41d190 WaitForSingleObject
0x41d194 GetExitCodeProcess
0x41d19c ResumeThread
0x41d1ac CreateJobObjectW
0x41d1b0 GetLastError
0x41d1b4 CreateProcessW
0x41d1b8 GetStartupInfoW
0x41d1bc GetCommandLineW
0x41d1c0 GetStartupInfoA
Library MSVCRT.dll:
0x41d1c8 _purecall
0x41d1cc ??2@YAPAXI@Z
0x41d1d0 _wtol
0x41d1d4 memset
0x41d1d8 memmove
0x41d1dc memcpy
0x41d1e0 _wcsnicmp
0x41d1e4 _controlfp
0x41d1e8 _except_handler3
0x41d1ec __set_app_type
0x41d1f0 __p__fmode
0x41d1f4 __p__commode
0x41d1f8 _adjust_fdiv
0x41d1fc __setusermatherr
0x41d200 _initterm
0x41d204 __getmainargs
0x41d208 _acmdln
0x41d20c exit
0x41d210 _XcptFilter
0x41d214 _exit
0x41d21c _onexit
0x41d220 __dllonexit
0x41d224 malloc
0x41d228 realloc
0x41d22c free
0x41d230 wcsstr
0x41d234 _CxxThrowException
0x41d238 _beginthreadex
0x41d23c _EH_prolog
0x41d244 strncmp
0x41d248 wcsncmp
0x41d24c wcsncpy
0x41d250 strncpy
0x41d254 ??3@YAXPAX@Z

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49193 104.98.117.50 repository.certum.pl 80
192.168.56.101 49196 124.225.105.97 www.download.windowsupdate.com 80
192.168.56.101 49199 184.25.122.73 subca.ocsp-certum.com 80
192.168.56.101 49188 203.208.41.65 www.google-analytics.com 80
192.168.56.101 49189 203.208.41.65 www.google-analytics.com 80
192.168.56.101 49191 203.208.41.65 www.google-analytics.com 80
192.168.56.101 49190 37.9.8.75 update.drp.su 80
192.168.56.101 49200 5.45.205.245 yandex.ocsp-responder.com 80
192.168.56.101 49187 77.88.21.119 mc.yandex.ru 443
192.168.56.101 49206 77.88.21.119 mc.yandex.ru 443
95.140.233.140 80 192.168.56.101 49184

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 53380 114.114.114.114 53
192.168.56.101 57236 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60088 114.114.114.114 53
192.168.56.101 60221 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://www.google-analytics.com/collect 
GET /collect HTTP/1.1
Accept: */*
Accept-Language: zh-cn
Connection: Close
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.google-analytics.com
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab 
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Cache-Control: max-age = 3600
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 03 Mar 2021 06:32:16 GMT
If-None-Match: "0d8f4f3f6fd71:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.download.windowsupdate.com
http://www.google-analytics.com/collect 
GET /collect HTTP/1.1
Accept: */*
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.google-analytics.com
Connection: Keep-Alive
http://update.drp.su/nano/ 
GET /nano/ HTTP/1.1
Accept: */*
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: update.drp.su
Connection: Keep-Alive
http://subca.ocsp-certum.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBR5iK7tYk9tqQEoeQhZNkKcAol9bgQUjEPEy22YwaechGnr30oNYJY6w%2FsCEQCTkoVAAWVxX5R%2FKI%2FvyZso 
GET /MFIwUDBOMEwwSjAJBgUrDgMCGgUABBR5iK7tYk9tqQEoeQhZNkKcAol9bgQUjEPEy22YwaechGnr30oNYJY6w%2FsCEQCTkoVAAWVxX5R%2FKI%2FvyZso HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: subca.ocsp-certum.com
http://repository.certum.pl/ca.cer 
GET /ca.cer HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: repository.certum.pl
http://subca.ocsp-certum.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTYOkzrrCGQj08njZXbUQQpkoUmuQQUCHbNywf%2FJPbFze27kLzihDdGdfcCEQDkBUeDDgxkUpdvejVJwN1I 
GET /MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTYOkzrrCGQj08njZXbUQQpkoUmuQQUCHbNywf%2FJPbFze27kLzihDdGdfcCEQDkBUeDDgxkUpdvejVJwN1I HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: subca.ocsp-certum.com
http://www.google-analytics.com/collect?v=1&tid=UA-58593486-1&cid=475531113.4378068597&t=event&ec=driverpack%20nano&ea=application%20opened&el=1.0.9&ul=&z=6981636727187654&cd1=475531113.4378068597&cd2=1.0.9&cd3=7%20x64&cd4=SP%201&cd5=Windows%207%20%E6%97%97%E8%88%B0%E7%89%88%20&cd6=(not%20set) 
GET /collect?v=1&tid=UA-58593486-1&cid=475531113.4378068597&t=event&ec=driverpack%20nano&ea=application%20opened&el=1.0.9&ul=&z=6981636727187654&cd1=475531113.4378068597&cd2=1.0.9&cd3=7%20x64&cd4=SP%201&cd5=Windows%207%20%E6%97%97%E8%88%B0%E7%89%88%20&cd6=(not%20set) HTTP/1.1
Accept: */*
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.google-analytics.com
Connection: Keep-Alive
http://yandex.ocsp-responder.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBStniMGfahyWUWDEeSLUFbNR9JLAgQUN1zjGeCyjqGoTtLPq9Dc4wtcNU0CEDbEISBuJVGq0KdX46enAhA%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBStniMGfahyWUWDEeSLUFbNR9JLAgQUN1zjGeCyjqGoTtLPq9Dc4wtcNU0CEDbEISBuJVGq0KdX46enAhA%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: yandex.ocsp-responder.com
http://www.google-analytics.com/collect?v=1&tid=UA-68879973-8&cid=475531113.4378068597&t=event&ec=driverpack%20nano&ea=application%20opened&el=1.0.9&ul=&z=2576460618367237&sc=start&cd1=475531113.4378068597&cd2=1.0.9&cd3=7%20x64&cd4=SP%201&cd5=Windows%207%20%E6%97%97%E8%88%B0%E7%89%88%20&cd6=(not%20set) 
GET /collect?v=1&tid=UA-68879973-8&cid=475531113.4378068597&t=event&ec=driverpack%20nano&ea=application%20opened&el=1.0.9&ul=&z=2576460618367237&sc=start&cd1=475531113.4378068597&cd2=1.0.9&cd3=7%20x64&cd4=SP%201&cd5=Windows%207%20%E6%97%97%E8%88%B0%E7%89%88%20&cd6=(not%20set) HTTP/1.1
Accept: */*
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.google-analytics.com
Connection: Keep-Alive

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.