0.9
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.69
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | TrojanDownloader:Win32/Waski.793fac9a | 20190527 | 0.3.0.5 |
| Avast | Win32:Malware-gen | 20191018 | 18.4.3895.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (W) | 20190702 | 1.0 |
| Kingsoft | None | 20191018 | 2013.8.14.323 |
| McAfee | Downloader-FABV!D9C7553534EB | 20191018 | 6.0.6.653 |
| Tencent | None | 20191018 | 1.0.0.1 |
静态指标
动态指标
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 61 个反病毒引擎识别为恶意
(50 out of 61 个事件)
| ALYac | Gen:Variant.Ulise.7830 |
| APEX | Malicious |
| AVG | Win32:Malware-gen |
| Acronis | suspicious |
| Ad-Aware | Gen:Variant.Ulise.7830 |
| AhnLab-V3 | Downloader/Win32.Ponik.R109832 |
| Alibaba | TrojanDownloader:Win32/Waski.793fac9a |
| Antiy-AVL | Trojan[Spy]/Win32.Zbot |
| Arcabit | Trojan.Ulise.D1E96 |
| Avast | Win32:Malware-gen |
| Avira | TR/Yarwi.B.264 |
| BitDefender | Gen:Variant.Ulise.7830 |
| CAT-QuickHeal | TrojanPWS.Zbot.GO4 |
| ClamAV | Win.Malware.Upatre-6738779-0 |
| Comodo | TrojWare.Win32.TrojanDownloader.Waski.VL@5eeqcy |
| CrowdStrike | win/malicious_confidence_100% (W) |
| Cybereason | malicious.534eb8 |
| Cylance | Unsafe |
| Cyren | W32/A-fbd46a8c!Eldorado |
| DrWeb | Trojan.DownLoader11.7946 |
| ESET-NOD32 | Win32/TrojanDownloader.Waski.A |
| Emsisoft | Gen:Variant.Ulise.7830 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/A-fbd46a8c!Eldorado |
| F-Secure | Trojan.TR/Yarwi.B.264 |
| FireEye | Generic.mg.d9c7553534eb8d42 |
| Fortinet | W32/Waski.A!tr.dldr |
| GData | Gen:Variant.Ulise.7830 |
| Ikarus | Trojan-Spy.Zbot |
| Invincea | heuristic |
| Jiangmin | TrojanSpy.Zbot.edwy |
| K7AntiVirus | Trojan-Downloader ( 0048f6391 ) |
| K7GW | Trojan-Downloader ( 0048f6391 ) |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| Lionic | Trojan.Win32.Zbot.m0uq |
| MAX | malware (ai score=85) |
| MaxSecure | Trojan.Upatre.Gen |
| McAfee | Downloader-FABV!D9C7553534EB |
| McAfee-GW-Edition | Downloader-FABV!D9C7553534EB |
| MicroWorld-eScan | Gen:Variant.Ulise.7830 |
| Microsoft | TrojanDownloader:Win32/Waski.A!MTB |
| NANO-Antivirus | Trojan.Win32.Zbot.cxvokv |
| Paloalto | generic.ml |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | HEUR/QVM10.2.425B.Malware.Gen |
| Rising | Trojan.Waski!1.A489 (CLASSIC) |
| SUPERAntiSpyware | Trojan.Agent/Gen-Waski |
| SentinelOne | DFI - Malicious PE |
| Sophos | Mal/Zbot-PY |
| Symantec | Trojan.Zbot |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2014-05-09 13:48:05
PE Imphash
5c49f81624c1a24a540d60a2c9de3fcd
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x000054a4 | 0x00005600 | 6.487109301314581 |
| .rdata | 0x00007000 | 0x00002ebe | 0x00003000 | 5.4280486241221135 |
| .data | 0x0000a000 | 0x00002260 | 0x00001400 | 4.205218869843116 |
| .rsrc | 0x0000d000 | 0x00001f4c | 0x00002000 | 4.952419662577148 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x0000d1d0 | 0x00001a68 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_MENU | 0x0000ec38 | 0x00000044 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_DIALOG | 0x0000ed2c | 0x000000b0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_DIALOG | 0x0000ed2c | 0x000000b0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_GROUP_ICON | 0x0000eddc | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_MANIFEST | 0x0000edf0 | 0x0000015a | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library KERNEL32.DLL:
• 0x407000 RtlUnwind
• 0x407004 CloseHandle
• 0x407008 CreateFileW
• 0x40700c DecodePointer
• 0x407010 DeleteCriticalSection
• 0x407014 EncodePointer
• 0x407018 EnterCriticalSection
• 0x40701c ExitProcess
• 0x407020 FlushFileBuffers
• 0x407024 FreeEnvironmentStringsW
• 0x407028 GetACP
• 0x40702c GetCPInfo
• 0x407030 GetCommandLineW
• 0x407034 GetConsoleCP
• 0x407038 GetConsoleMode
• 0x40703c GetCurrentProcess
• 0x407040 GetCurrentProcessId
• 0x407044 GetCurrentThreadId
• 0x407048 GetFileType
• 0x40704c GetLastError
• 0x407050 GetModuleFileNameW
• 0x407054 GetModuleHandleExW
• 0x407058 GetModuleHandleW
• 0x40705c GetOEMCP
• 0x407060 GetProcAddress
• 0x407064 GetProcessHeap
• 0x407068 GetStdHandle
• 0x40706c GetStringTypeW
• 0x407070 GetSystemTimeAsFileTime
• 0x407074 HeapAlloc
• 0x407078 HeapFree
• 0x40707c HeapReAlloc
• 0x407080 HeapSize
• 0x407084 InitializeCriticalSectionAndSpinCount
• 0x407088 IsDebuggerPresent
• 0x40708c IsProcessorFeaturePresent
• 0x407090 IsValidCodePage
• 0x407094 LCMapStringW
• 0x407098 LeaveCriticalSection
• 0x40709c LoadLibraryExW
• 0x4070a0 MultiByteToWideChar
• 0x4070a4 OutputDebugStringW
• 0x4070a8 QueryPerformanceCounter
• 0x4070ac SetFilePointerEx
• 0x4070b0 SetLastError
• 0x4070b4 SetStdHandle
• 0x4070b8 SetUnhandledExceptionFilter
• 0x4070bc Sleep
• 0x4070c0 TerminateProcess
• 0x4070c4 TlsAlloc
• 0x4070c8 TlsFree
• 0x4070cc TlsGetValue
• 0x4070d0 TlsSetValue
• 0x4070d4 UnhandledExceptionFilter
• 0x4070d8 WideCharToMultiByte
• 0x4070dc WriteConsoleW
• 0x4070e0 WriteFile
• 0x4070e4 HeapSetInformation
• 0x4070e8 GetStartupInfoW
• 0x4070ec GetEnvironmentStringsW
• 0x4070f0 SetHandleCount
• 0x4070f4 InterlockedIncrement
• 0x4070f8 InterlockedDecrement
• 0x4070fc HeapCreate
• 0x407100 GetTickCount
• 0x407104 LoadLibraryW
Library USER32.dll:
• 0x40710c GetSystemMetrics
L!This program cannot be run in DOS mode.
`.rdata
@.data
u:j?/O
PyE[_^
G%EoLU
+#O;uP
xr_ |r_
9#+ VWSu
{HIII;
M}MVZPq@
QcWYY+
$$SY$Q+
YY]jXh@
8csmu*x
YYuTVWh.@
3]j h@
3PPPPP
@Y<v*V
^SSSSSyj
;tFtA3
S^`N`H
j$Y~\d9
QY^`[_^]
3Y[_^5@
3PPPPPf
UQV3W}
ft;uf t
Bf8\tf8"u8
ft$9Uu
UQQSVWh
V33Sf0@
[]YY?sJM
_[^SVW
j@j ^V
H3H/5@@
;rSWf9M
YYt:V5@
YF\=p@
43_V5`p@
YYt0V5@
1E3PeuEEEEd
Y__^[]Q
E_^[]E
9csmu)=0@
E3E3;u
F$|3@_^
h3G}39
Y+t"+t
+tY+uC}
Uw\]Yp
u>OdMGd
u wdSUY
ffffffE
3PPPPP
B(;r3_^[]
1E3PEd
tAt2t$
3M_^3[
ft'Ou"+
jPfDJXdf
^06_^]
YYu,9E
u_^]UWVu
DDDDDDDDDDDDDD
USV5p@
3W;to=H@
bYY~PE
P=Y9_t
t4V0;t(W8jYt
Fpt"~l
lVYYYEE
WPWPWv
whu;58@
8]tEMap<u
TM_^3[j
Y^hS=p@
3SVWT$
URPQQhR@
t;T$4t
;v.4v\
UVWS33333[_^]
33333USVWj
_^[]Ul$
woVW=D@
-0&0_^
-Y3MW0u
FGIuX^_]
R6Kv Cv$;v(3v,+v0#v4
@v@vDvHvLvPvTvXv\v`vdvhvlvpvtvxv|@
PYv4;5|@
PIYF ;
P7YF$;
P%YF8;
PYvL;5@
S3VW;~ E
@;u+H;}
39](SSu
]9]tWuu
};~Bj3X
3;t?uWuuu
t"SS9] u
EWYuEYe_^[M3
M7u(Eu$u u
ES3VW]9]
39] SSu
ESgEYe_^[M3
MapUSVWUj
P(RP$R
t:|$,t
;t$,v-4v
UQPXY]Y[
KuZUQL$
mQeher
@Lod d
P2seYs
l32.L
Sizl2t
^_1k2Q
3AWe4P42
3 3$2!2
ls44r4
)594
riftDe
`{"SSp` 4
rpwZ|t__^
ZKU3f+
s_l0EwI1M
`TKfE^
rhl0EnI'M
SZ$RQHVY
shk0EwI6M
`UJfE_
r$U?qC
`n[ EMG
VYU8QlaUC
T$t#"lOBU?E
WYr}f=^S
3PPSMu
M^[_VVS]+o
E5%w3uWvAEh
E-UKf;u!
>[s5>[j
CorExitProcess
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
KERNEL32.DLL
ole32.dll
USER32.dll
RtlUnwind
CloseHandle
CreateFileW
DecodePointer
DeleteCriticalSection
EncodePointer
EnterCriticalSection
ExitProcess
FlushFileBuffers
FreeEnvironmentStringsW
GetACP
GetCPInfo
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileType
GetLastError
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
MultiByteToWideChar
OutputDebugStringW
QueryPerformanceCounter
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WideCharToMultiByte
WriteConsoleW
WriteFile
HeapSetInformation
GetStartupInfoW
GetEnvironmentStringsW
SetHandleCount
InterlockedIncrement
InterlockedDecrement
HeapCreate
GetTickCount
LoadLibraryW
CoInitializeEx
CoCreateInstance
GetSystemMetrics
eFi`NZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
'''''''''''''''''''''''''''(
]\44]]
DE--IG
_a66:=?AOP(&
;:}|_`a
ZZjiLIECC?bba
urjkst"
om=;&'
[Y}~}~
:7ca__rr
@APP`_kl
!
tsjjhi
#""!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!"!
%%('('('('('('('$$##$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#! ][
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>PA
m�s�c�o�r�e�e�.�d�l�l�
r�u�n�t�i�m�e� �e�r�r�o�r� �
T�L�O�S�S� �e�r�r�o�r�
S�I�N�G� �e�r�r�o�r�
D�O�M�A�I�N� �e�r�r�o�r�
-� �A�t�t�e�m�p�t� �t�o� �u�s�e� �M�S�I�L� �c�o�d�e� �f�r�o�m� �t�h�i�s� �a�s�s�e�m�b�l�y� �d�u�r�i�n�g� �n�a�t�i�v�e� �c�o�d�e� �i�n�i�t�i�a�l�i�z�a�t�i�o�n�
T�h�i�s� �i�n�d�i�c�a�t�e�s� �a� �b�u�g� �i�n� �y�o�u�r� �a�p�p�l�i�c�a�t�i�o�n�.� �I�t� �i�s� �m�o�s�t� �l�i�k�e�l�y� �t�h�e� �r�e�s�u�l�t� �o�f� �c�a�l�l�i�n�g� �a�n� �M�S�I�L�-�c�o�m�p�i�l�e�d� �(�/�c�l�r�)� �f�u�n�c�t�i�o�n� �f�r�o�m� �a� �n�a�t�i�v�e� �c�o�n�s�t�r�u�c�t�o�r� �o�r� �f�r�o�m� �D�l�l�M�a�i�n�.�
-� �n�o�t� �e�n�o�u�g�h� �s�p�a�c�e� �f�o�r� �l�o�c�a�l�e� �i�n�f�o�r�m�a�t�i�o�n�
-� �A�t�t�e�m�p�t� �t�o� �i�n�i�t�i�a�l�i�z�e� �t�h�e� �C�R�T� �m�o�r�e� �t�h�a�n� �o�n�c�e�.�
T�h�i�s� �i�n�d�i�c�a�t�e�s� �a� �b�u�g� �i�n� �y�o�u�r� �a�p�p�l�i�c�a�t�i�o�n�.�
-� �C�R�T� �n�o�t� �i�n�i�t�i�a�l�i�z�e�d�
-� �u�n�a�b�l�e� �t�o� �i�n�i�t�i�a�l�i�z�e� �h�e�a�p�
-� �n�o�t� �e�n�o�u�g�h� �s�p�a�c�e� �f�o�r� �l�o�w�i�o� �i�n�i�t�i�a�l�i�z�a�t�i�o�n�
-� �n�o�t� �e�n�o�u�g�h� �s�p�a�c�e� �f�o�r� �s�t�d�i�o� �i�n�i�t�i�a�l�i�z�a�t�i�o�n�
-� �p�u�r�e� �v�i�r�t�u�a�l� �f�u�n�c�t�i�o�n� �c�a�l�l�
-� �n�o�t� �e�n�o�u�g�h� �s�p�a�c�e� �f�o�r� �_�o�n�e�x�i�t�/�a�t�e�x�i�t� �t�a�b�l�e�
-� �u�n�a�b�l�e� �t�o� �o�p�e�n� �c�o�n�s�o�l�e� �d�e�v�i�c�e�
-� �u�n�e�x�p�e�c�t�e�d� �h�e�a�p� �e�r�r�o�r�
-� �u�n�e�x�p�e�c�t�e�d� �m�u�l�t�i�t�h�r�e�a�d� �l�o�c�k� �e�r�r�o�r�
-� �n�o�t� �e�n�o�u�g�h� �s�p�a�c�e� �f�o�r� �t�h�r�e�a�d� �d�a�t�a�
-� �a�b�o�r�t�(�)� �h�a�s� �b�e�e�n� �c�a�l�l�e�d�
-� �n�o�t� �e�n�o�u�g�h� �s�p�a�c�e� �f�o�r� �e�n�v�i�r�o�n�m�e�n�t�
-� �n�o�t� �e�n�o�u�g�h� �s�p�a�c�e� �f�o�r� �a�r�g�u�m�e�n�t�s�
-� �f�l�o�a�t�i�n�g� �p�o�i�n�t� �s�u�p�p�o�r�t� �n�o�t� �l�o�a�d�e�d�
@�M�i�c�r�o�s�o�f�t� �V�i�s�u�a�l� �C�+�+� �R�u�n�t�i�m�e� �L�i�b�r�a�r�y�
<�p�r�o�g�r�a�m� �n�a�m�e� �u�n�k�n�o�w�n�>�
R�u�n�t�i�m�e� �E�r�r�o�r�!�
P�r�o�g�r�a�m�:� �
K�E�R�N�E�L�3�2�.�D�L�L�
W�U�S�E�R�3�2�.�D�L�L�
H�H�:�m�m�:�s�s�
d�d�d�d�,� �M�M�M�M� �d�d�,� �y�y�y�y�
M�M�/�d�d�/�y�y�
D�e�c�e�m�b�e�r�
N�o�v�e�m�b�e�r�
O�c�t�o�b�e�r�
S�e�p�t�e�m�b�e�r�
A�u�g�u�s�t�
F�e�b�r�u�a�r�y�
J�a�n�u�a�r�y�
S�a�t�u�r�d�a�y�
F�r�i�d�a�y�
T�h�u�r�s�d�a�y�
W�e�d�n�e�s�d�a�y�
T�u�e�s�d�a�y�
M�o�n�d�a�y�
S�u�n�d�a�y�
� � � � � � � � �(�(�(�(�(� � � � � � � � � � � � � � � � � � �H�
� � � � � � � � �h�(�(�(�(� � � � � � � � � � � � � � � � � � �H�
� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �H�
@�@�@�@�@�@�@�@�@�@�@�@�@�@�
I�D�D�_�D�L�G�1�
I�D�D�_�D�L�G�2�
&�A�b�o�u�t�
L�i�c�e�n�s�e� �I�n�f�o�
M�i�c�r�o�s�o�f�t� �S�a�n�s� �S�e�r�i�f�
L�i�c�e�n�s�e� �I�n�f�o�
M�i�c�r�o�s�o�f�t� �S�a�n�s� �S�e�r�i�f�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�l�l� �U�s�e�r�s�\�S�t�a�r�t� �M�e�n�u�\�P�r�o�g�r�a�m�s�\�S�t�a�r�t�u�p�\�6�Q�k�g�2�w�i�n�Q�.�e�x�e�
C�:�\�9�1�a�c�0�2�0�c�1�d�2�2�9�9�b�4�9�7�5�3�e�d�c�9�1�8�3�1�f�8�b�1�f�2�8�2�c�3�8�e�8�9�b�9�d�4�f�2�3�0�8�9�b�7�4�4�1�5�f�7�a�7�a�c�
C�:�\�2�f�d�8�b�1�d�4�9�1�d�4�9�1�1�0�d�5�e�d�3�e�f�4�d�6�7�7�f�d�9�d�8�b�a�f�7�c�e�6�c�1�7�9�1�1�6�1�8�d�f�1�4�7�3�1�7�8�6�d�d�9�6�6�
C�:�\�c�c�b�c�c�d�7�a�6�4�8�8�5�0�2�f�1�d�9�a�f�c�2�e�e�b�1�6�a�6�6�0�2�4�1�8�c�e�f�e�c�e�3�5�1�4�9�a�7�5�5�2�2�f�5�5�0�b�1�c�7�6�2�2�
C�:�\�v�X�p�5�I�p�D�k�.�e�x�e�
C�:�\�g�S�a�F�M�x�v�h�.�e�x�e�
C�:�\�4�e�M�1�M�u�v�p�.�e�x�e�
C�:�\�q�Z�8�K�z�E�E�5�.�e�x�e�
C�:�\�g�z�A�o�4�T�S�O�.�e�x�e�
C�:�\�9�J�O�v�I�x�U�v�.�e�x�e�
C�:�\�v�C�r�L�N�q�h�P�.�e�x�e�
C�:�\�F�l�Z�H�I�7�s�J�.�e�x�e�
C�:�\�q�6�k�_�Z�o�2�_�.�e�x�e�
C�:�\�b�U�C�t�M�S�l�o�.�e�x�e�
C�:�\�O�D�l�R�0�l�g�m�.�e�x�e�
C�:�\�n�x�a�v�3�r�S�E�.�e�x�e�
C�:�\�I�w�8�2�B�g�9�b�.�e�x�e�
C�:�\�7�z�t�Q�C�c�u�v�.�e�x�e�
C�:�\�A�5�N�p�v�3�S�B�.�e�x�e�
C�:�\�X�8�J�M�m�k�S�u�.�e�x�e�
C�:�\�9�e�B�O�A�y�M�2�.�e�x�e�
C�:�\�9�P�r�b�Y�S�J�O�.�e�x�e�
C�:�\�w�3�v�D�Q�x�o�w�.�e�x�e�
C�:�\�C�S�G�o�w�V�I�1�.�e�x�e�
C�:�\�M�4�h�n�L�z�k�6�.�e�x�e�
C�:�\�I�I�l�y�2�p�x�N�.�e�x�e�
C�:�\�N�t�D�7�1�E�c�V�.�e�x�e�
C�:�\�o�4�o�x�H�y�h�O�.�e�x�e�
C�:�\�8�K�9�N�0�p�w�V�.�e�x�e�
C�:�\�p�w�Y�I�N�m�M�3�.�e�x�e�
C�:�\�c�_�s�b�b�G�9�X�.�e�x�e�
C�:�\�j�T�o�7�h�K�C�W�.�e�x�e�
C�:�\�t�o�v�Y�B�o�O�6�.�e�x�e�
C�:�\�i�w�U�9�H�p�d�_�.�e�x�e�
C�:�\�c�m�v�c�C�q�G�z�.�e�x�e�
C�:�\�W�x�s�H�w�s�C�6�.�e�x�e�
C�:�\�t�5�t�K�4�m�m�j�.�e�x�e�
C�:�\�G�b�q�b�A�9�H�B�.�e�x�e�
C�:�\�B�N�W�A�F�9�x�p�.�e�x�e�
C�:�\�D�y�1�l�v�j�0�6�.�e�x�e�
C�:�\�a�X�T�Q�w�o�O�3�.�e�x�e�
C�:�\�V�3�9�k�v�u�9�e�.�e�x�e�
C�:�\�V�d�d�N�o�Y�d�i�.�e�x�e�
C�:�\�Q�I�O�X�J�V�D�Y�.�e�x�e�
C�:�\�2�V�3�H�Y�m�l�y�.�e�x�e�
C�:�\�r�m�0�D�u�S�O�3�.�e�x�e�
C�:�\�_�5�k�r�w�n�r�9�.�e�x�e�
C�:�\�2�z�v�2�L�z�y�8�.�e�x�e�
C�:�\�o�t�2�g�8�K�l�h�.�e�x�e�
C�:�\�m�h�i�E�l�j�z�O�.�e�x�e�
C�:�\�D�X�I�2�8�V�V�f�.�e�x�e�
C�:�\�_�l�i�W�9�d�c�c�.�e�x�e�
C�:�\�b�a�M�f�M�o�6�M�.�e�x�e�
C�:�\�_�s�T�_�W�n�4�i�.�e�x�e�
C�:�\�r�K�K�2�C�3�d�z�.�e�x�e�
C�:�\�Q�V�g�b�l�Z�B�2�.�e�x�e�
C�:�\�w�T�g�W�D�A�p�f�.�e�x�e�
C�:�\�D�c�7�0�v�z�Z�T�.�e�x�e�
C�:�\�A�y�E�l�I�I�x�Y�.�e�x�e�
C�:�\�w�L�1�u�z�D�e�G�.�e�x�e�
C�:�\�8�Y�I�4�H�b�O�z�.�e�x�e�
C�:�\�T�A�K�y�a�t�t�u�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�m�p�o�r�t�a�n�t�_�d�o�c�u�m�e�n�t�.�e�x�e�
C�:�\�b�N�u�U�q�2�s�_�.�e�x�e�
C�:�\�8�8�4�7�3�6�3�4�0�7�5�8�2�b�c�1�a�9�d�f�4�7�7�7�c�4�0�a�3�d�9�2�1�1�8�8�8�4�7�a�1�6�e�e�5�d�0�2�e�7�b�6�b�c�9�f�0�b�9�a�d�c�0�0�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�m�p�o�r�t�a�n�t�_�d�o�c�u�m�e�n�t�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�f�a�c�t�u�r�a�.�e�x�e�
C�:�\�7�2�0�7�9�a�1�f�e�3�e�3�5�8�c�6�a�b�8�e�c�b�e�c�8�6�4�3�4�3�e�6�3�1�6�6�f�f�7�5�f�a�4�3�6�a�4�8�8�d�f�f�0�7�a�3�8�d�c�2�f�5�2�f�
C�:�\�Z�2�b�b�F�f�M�s�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�f�a�c�t�u�r�a�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�u�p�d�p�d�f�.�p�e�3�2�
C�:�\�f�e�t�s�Z�K�o�b�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�s�a�m�p�l�e�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�u�p�d�p�d�f�.�p�e�3�2�
C�:�\�0�d�4�8�c�2�1�4�2�f�5�f�6�e�a�5�9�e�d�3�9�7�6�d�b�8�7�7�3�7�1�f�e�9�e�d�d�e�b�9�4�4�0�c�f�3�9�3�8�4�5�8�b�1�8�3�4�f�f�6�7�b�4�2�
C�:�\�l�j�C�N�j�8�H�a�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�n�v�o�i�c�e�.�e�x�e�
C�:�\�A�r�m�d�3�V�Y�u�.�e�x�e�
C�:�\�0�4�4�b�1�5�c�d�b�2�a�d�0�0�d�0�7�8�7�6�5�1�f�b�1�d�0�0�5�2�d�d�4�6�3�0�c�6�b�2�7�3�0�b�5�d�9�b�3�3�b�9�1�6�0�0�d�2�7�e�9�b�7�5�
C�:�\�c�5�1�b�a�3�c�d�2�f�e�6�9�f�1�1�4�a�9�7�7�b�3�2�7�e�4�b�d�0�5�e�0�c�c�0�4�c�3�1�f�a�6�8�8�8�f�c�4�9�e�c�b�4�8�7�9�4�9�b�1�d�c�8�
C�:�\�8�2�b�c�9�e�a�8�0�2�a�2�7�3�2�4�3�a�1�f�3�8�d�9�9�0�2�1�4�8�7�b�2�f�9�2�4�9�3�c�9�a�5�5�3�2�5�c�a�4�b�f�c�4�7�9�3�4�1�4�9�a�f�0�
C�:�\�E�j�1�B�W�J�W�I�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�c�c�a�6�d�9�9�c�d�4�c�a�1�0�0�1�9�4�a�c�7�c�7�2�b�a�a�d�7�e�b�2�.�v�i�r�u�s�.�e�x�e�
C�:�\�e�8�e�c�9�5�8�b�f�a�2�c�6�b�2�b�d�9�a�f�b�6�b�1�6�f�b�1�d�4�c�d�6�b�5�5�d�3�6�f�4�8�8�a�f�d�0�6�4�0�5�c�5�8�8�0�e�5�7�d�6�a�a�e�
C�:�\�a�d�9�1�5�3�d�c�5�2�6�9�a�9�b�7�8�5�6�e�7�0�8�9�6�1�7�0�3�3�d�f�5�2�6�9�d�3�d�4�4�c�e�8�1�6�f�3�e�6�d�7�d�5�2�b�0�d�9�a�f�b�b�7�
C�:�\�0�2�6�b�4�6�c�f�4�f�e�3�f�5�0�0�3�7�b�8�f�8�1�5�4�8�a�4�9�8�4�7�9�8�d�3�5�2�e�6�2�2�2�7�0�9�d�d�7�6�d�e�e�b�8�e�d�d�7�6�b�e�2�3�
C�:�\�f�0�e�e�0�5�1�0�0�3�a�9�8�c�3�3�c�c�c�b�6�1�8�3�0�6�6�c�a�0�3�2�6�0�4�d�6�3�3�3�c�0�4�0�6�3�2�3�7�9�b�9�7�b�5�4�6�c�b�6�5�7�9�0�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�u�p�d�p�d�f�.�e�x�e�
C�:�\�2�d�e�b�f�c�1�3�e�f�4�6�e�c�f�d�5�c�f�c�b�e�d�8�3�5�9�3�3�e�a�b�3�a�a�b�5�1�6�5�4�c�d�9�d�6�0�a�0�d�c�5�6�5�0�2�2�a�7�b�0�4�f�4�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.