3.3
中危
DACN
0.14
FACILE
1.00
IMCLNet
0.59
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | TrojanDownloader:Win32/Upatre.2dba4896 | 20190527 | 0.3.0.5 |
| Avast | Win32:Agent-ASSU [Trj] | 20240214 | 23.9.8494.0 |
| Baidu | Win32.Trojan-Downloader.Waski.a | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (W) | 20231026 | 1.0 |
| Kingsoft | malware.kb.a.1000 | 20230906 | None |
| McAfee | Downloader-FSH | 20240214 | 6.0.6.653 |
| Tencent | Trojan.Win32.Downloader.wc | 20240214 | 1.0.0.1 |
静态指标
动态指标
分配可读-可写-可执行内存(通常用于自解压)
(2 个事件)
在文件系统上创建可执行文件
(1 个事件)
| file | C:\Users\Administrator\AppData\Local\Temp\ieupdate.exe |
投放一个二进制文件并执行它
(1 个事件)
| file | C:\Users\Administrator\AppData\Local\Temp\ieupdate.exe |
将可执行文件投放到用户的 AppData 文件夹
(1 个事件)
| file | C:\Users\Administrator\AppData\Local\Temp\ieupdate.exe |
一个进程创建了一个隐藏窗口
(1 个事件)
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(2 个事件)
| section | {'name': '.text', 'virtual_address': '0x00001000', 'virtual_size': '0x00001093', 'size_of_data': '0x00001200', 'entropy': 6.830787879047037} | entropy | 6.830787879047037 | description | 发现高熵的节 | |||||||||
| entropy | 0.3103448275862069 | description | 此PE文件的整体熵值较高 | |||||||||||
网络通信
与未执行 DNS 查询的主机进行通信
(2 个事件)
| host | 114.114.114.114 | |||
| host | 8.8.8.8 | |||
生成一些 ICMP 流量
文件已被 VirusTotal 上 65 个反病毒引擎识别为恶意
(50 out of 65 个事件)
| ALYac | Trojan.GenericKD.1462270 |
| APEX | Malicious |
| AVG | Win32:Agent-ASSU [Trj] |
| Acronis | suspicious |
| AhnLab-V3 | Trojan/Win32.Dapato.R92734 |
| Alibaba | TrojanDownloader:Win32/Upatre.2dba4896 |
| Antiy-AVL | Trojan[Downloader]/Win32.Waski.a |
| Arcabit | Trojan.Generic.D164FFE |
| Avast | Win32:Agent-ASSU [Trj] |
| Avira | TR/Crypt.XPACK.37185 |
| Baidu | Win32.Trojan-Downloader.Waski.a |
| BitDefender | Trojan.GenericKD.1462270 |
| BitDefenderTheta | Gen:NN.ZexaF.36744.bqY@aCnUAwhi |
| Bkav | W32.AIDetectMalware |
| CAT-QuickHeal | TrojanDownloader.Upatre.A4 |
| ClamAV | Win.Malware.Bublik-10004834-0 |
| CrowdStrike | win/malicious_confidence_100% (W) |
| Cylance | unsafe |
| Cynet | Malicious (score: 100) |
| DeepInstinct | MALICIOUS |
| DrWeb | Trojan.DownLoader9.2612 |
| ESET-NOD32 | Win32/TrojanDownloader.Waski.A |
| Elastic | malicious (high confidence) |
| Emsisoft | Trojan.GenericKD.1462270 (B) |
| F-Secure | Trojan:W32/Agent.DUQN |
| FireEye | Generic.mg.e25c5f91498e3333 |
| Fortinet | W32/Waski.A!tr |
| GData | Win32.Trojan-Downloader.Upatre.BK |
| Detected | |
| Gridinsoft | Trojan.Win32.Agent.vb!s1 |
| Ikarus | Trojan-Downloader.Win32.Upatre |
| Jiangmin | TrojanDropper.Injector.atem |
| K7AntiVirus | Trojan-Downloader ( 0048f6391 ) |
| K7GW | Trojan-Downloader ( 0048f6391 ) |
| Kaspersky | Trojan-Spy.Win32.Zbot.rbnd |
| Kingsoft | malware.kb.a.1000 |
| Lionic | Trojan.Win32.Generic.m01v |
| MAX | malware (ai score=81) |
| Malwarebytes | Generic.Malware.AI.DDS |
| MaxSecure | Trojan.Upatre.Gen |
| McAfee | Downloader-FSH |
| MicroWorld-eScan | Trojan.GenericKD.1462270 |
| Microsoft | TrojanDownloader:Win32/Upatre.J |
| NANO-Antivirus | Trojan.Win32.Waski.crhest |
| Panda | Trj/Genetic.gen |
| Rising | Downloader.Waski!1.A489 (CLASSIC) |
| Sangfor | Suspicious.Win32.Save.a |
| SentinelOne | Static AI - Malicious PE |
| Skyhigh | BehavesLike.Win32.Downloader.nm |
| Sophos | Troj/Zbot-HEQ |
连接到不再响应请求的 IP 地址(合法服务通常会保持运行)
(2 个事件)
| dead_host | 149.154.59.7:443 |
| dead_host | 103.224.212.223:443 |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2013-12-18 17:17:39
PE Imphash
9bdeb3d243b47ce5aa03f899f7f8334d
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x00001093 | 0x00001200 | 6.830787879047037 |
| .rdata | 0x00003000 | 0x00000398 | 0x00000400 | 5.206140001184645 |
| .data | 0x00004000 | 0x000005a0 | 0x00000600 | 4.85618875841454 |
| .rsrc | 0x00005000 | 0x00001d10 | 0x00001e00 | 5.356416101558986 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x00005238 | 0x00001ac0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_GROUP_ICON | 0x00006cf8 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_MANIFEST | 0x000050f0 | 0x00000148 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library USER32.dll:
• 0x40303c UpdateWindow
• 0x403040 ShowWindow
• 0x403044 PostQuitMessage
• 0x403048 DefWindowProcW
• 0x40304c DispatchMessageW
• 0x403050 TranslateMessage
• 0x403054 GetMessageW
• 0x403058 CreateWindowExW
• 0x40305c RegisterClassExW
• 0x403060 PostMessageW
Library KERNEL32.dll:
• 0x403000 CreateFileW
• 0x403004 HeapAlloc
• 0x403008 GetCommandLineA
• 0x40300c GetStartupInfoA
• 0x403010 GetModuleHandleA
• 0x403014 ExitProcess
• 0x403018 GetModuleHandleW
• 0x40301c FindFirstFileA
• 0x403020 FindClose
• 0x403024 GetSystemTime
• 0x403028 ReadFile
• 0x40302c GetProcessHeap
• 0x403030 CloseHandle
• 0x403034 GetFileSize
L!This program cannot be run in DOS mode.
`.rdata
@.data
6)i)i@BB@
GKYJ#B
@P CEi)B
)BPCjE60
ejiBPei)
B&e6v5j 6
6C3E6P
) i@)B
6@j3603
C6B@@P)i3iE3e
@ej0jE
EiCBP036C@@@
6C@636
e))C)C
3CPPeiP
ei)CBCj36i
P3C6)6
i)3Ce@je
03@3e30
iPPEjB
)@C)j0))iB@ 6j
6 B@j3P
@P5xE@
@0j6j
B)BBPEEe B
WuWWPPPPj
t(=P0@
MQ3PPPUR
iBEPj)C06e
)3E@CiP) 3PC0i0E
@PC0i )E
[uSAVWAf9
GGEGGEM;r
EC0C3@
3UV3W}
FG3@_^]
36 BC)j@@@
C6CEe0B B))
>@=oBb
>n8s'H
_.8 e@f_
JxEY*7
){^B&e+7c
sU]sih|K
R=#t3m4v5j-yih1T
.E:liC
YB 0\v'@
y1S+C?i5
c@\ Q7)@{
<C?.*W)
v5j% Ek
1T#jpiC?
#rc6v_iy
&qE")]
i!1c_suXkG
,(Ct;m6v6+Q
Bw36F-=9
E<SK&e5?
?.&oS`C)5o
SS@&eg c<
)A)iI>eB&e`paA{&
@Ne66k
72+c&bi)
sU_ ]jaw{
`Lj)M'
0Hd ?o1q
+PeB&eY
L{m&CKN
6Ei)Es$67/p,F93b@{?
3e0jje
@jP EeBi e
Iu[[_[+S
ej@3)@
3 P))EEe
jB@6) 0
0Ee)E3
e@36 P
PC E0j
0B00B
33B@e@CB
e)6j3i
<"u>"u
4J(?"8`
&B.8$FCX,ST$
=BFS7U
$1P 7E`
"E/9?- 0@
_NH.1\>.
!2OZRB!
8)Y8Z#+H&
PostMessageW
RegisterClassExW
CreateWindowExW
GetMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
PostQuitMessage
ShowWindow
UpdateWindow
USER32.dll
GetSystemTime
ReadFile
CreateFileW
CloseHandle
GetFileSize
FindClose
FindFirstFileA
GetModuleHandleW
KERNEL32.dll
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
HeapAlloc
GetProcessHeap
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo></assembly>(
xxxyyy
- - - - - - - - - F:- - SH- - - - - - - - - - - - *
. . . . . . . . F:1". F:1". . ,
1". . . . . . . ,
0!0!0!0!0!0!0!0!1"0!1"1"0!0!1"0!0!0!0!0!0!0!.
1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"0!
3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#2#
I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;4$
H�e�e�p�i�l�
W�h�a�t� �d�o� �:�
1�8�0�0�0�0�
s�t�a�t�i�c�
b�u�t�t�o�n�
C�:�\�U�s�e�r�s�\�e�l�o�d�i�e�r�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�R�a�r�$�E�X�0�0�.�3�7�3�\�A�v�i�s�_�d�e�_�P�a�i�e�m�e�n�t�.�e�x�e�
C�:�\�6�6�0�f�e�9�8�5�b�1�b�6�3�4�2�a�f�9�f�a�a�f�d�6�2�f�5�e�6�1�5�f�6�1�b�7�b�1�1�f�c�2�9�b�8�b�a�7�c�6�3�5�d�1�1�c�6�4�8�8�2�8�7�a�
C�:�\�m�s�Z�k�h�M�T�_�.�e�x�e�
C�:�\�e�f�I�Y�P�s�c�s�.�e�x�e�
C�:�\�A�7�a�t�E�P�m�_�.�e�x�e�
C�:�\�_�V�t�8�I�r�H�n�.�e�x�e�
C�:�\�j�q�Q�8�e�c�y�I�.�e�x�e�
C�:�\�_�9�m�I�m�p�h�K�.�e�x�e�
C�:�\�P�6�t�y�K�8�c�V�.�e�x�e�
C�:�\�U�h�5�t�u�O�V�3�.�e�x�e�
C�:�\�B�z�6�w�a�2�5�P�.�e�x�e�
C�:�\�H�C�A�Z�Z�i�A�G�.�e�x�e�
C�:�\�o�j�o�3�7�q�i�k�.�e�x�e�
C�:�\�0�I�J�o�6�B�V�h�.�e�x�e�
C�:�\�R�N�8�Y�u�D�K�2�.�e�x�e�
C�:�\�z�N�B�w�N�C�_�2�.�e�x�e�
C�:�\�b�N�Z�h�k�7�A�C�.�e�x�e�
C�:�\�3�x�3�i�z�7�8�F�.�e�x�e�
C�:�\�r�y�9�l�E�x�B�i�.�e�x�e�
C�:�\�i�Z�2�S�S�W�T�q�.�e�x�e�
C�:�\�f�v�7�p�A�z�d�k�.�e�x�e�
C�:�\�9�U�e�q�L�U�9�8�.�e�x�e�
C�:�\�_�Z�Q�C�5�H�C�O�.�e�x�e�
C�:�\�V�P�4�D�t�7�N�1�.�e�x�e�
C�:�\�A�D�5�S�h�d�c�j�.�e�x�e�
C�:�\�N�J�Y�A�v�Q�s�g�.�e�x�e�
C�:�\�T�Z�y�x�A�p�D�m�.�e�x�e�
C�:�\�2�D�8�k�Q�H�a�o�.�e�x�e�
C�:�\�U�M�D�t�J�w�C�v�.�e�x�e�
C�:�\�8�L�1�r�S�5�v�N�.�e�x�e�
C�:�\�V�F�N�e�x�o�R�a�.�e�x�e�
C�:�\�U�m�_�b�r�v�z�2�.�e�x�e�
C�:�\�V�q�P�u�c�5�1�R�.�e�x�e�
C�:�\�Z�m�u�4�g�3�1�N�.�e�x�e�
C�:�\�A�t�9�A�_�y�T�M�.�e�x�e�
C�:�\�K�k�p�B�C�x�9�Z�.�e�x�e�
C�:�\�6�c�f�d�5�1�5�f�9�9�b�d�1�3�2�5�7�9�5�8�5�a�9�0�6�2�7�d�1�a�f�a�e�f�a�6�b�0�1�3�8�8�4�c�9�5�a�7�4�a�d�3�5�6�9�5�7�2�6�8�5�a�0�5�
C�:�\�O�u�2�V�Z�9�A�c�.�e�x�e�
C�:�\�u�7�C�T�n�X�K�f�.�e�x�e�
C�:�\�Q�O�3�8�k�z�h�t�.�e�x�e�
C�:�\�C�4�N�P�0�E�F�Y�.�e�x�e�
C�:�\�b�1�d�d�e�2�1�3�8�3�6�2�e�3�2�b�e�0�2�b�1�6�7�8�8�b�5�8�f�4�9�c�0�a�e�c�b�4�0�b�9�0�6�7�c�9�d�e�3�3�3�d�4�6�4�a�2�c�3�8�6�3�0�e�
C�:�\�e�8�d�f�2�9�f�6�e�5�6�d�8�4�d�6�3�e�5�1�7�1�a�0�d�5�4�d�6�4�b�3�f�d�0�e�b�7�a�3�5�2�8�0�7�e�1�3�a�a�9�e�1�e�c�b�e�6�d�3�c�4�4�a�
C�:�\�w�I�Q�q�E�p�5�O�.�e�x�e�
C�:�\�H�H�V�y�g�3�6�n�.�e�x�e�
C�:�\�U�b�Q�1�w�y�2�y�.�e�x�e�
C�:�\�g�g�y�i�Z�L�3�V�.�e�x�e�
C�:�\�f�f�s�c�h�T�m�r�.�e�x�e�
C�:�\�_�L�5�G�k�R�f�i�.�e�x�e�
C�:�\�i�M�x�f�L�o�3�9�.�e�x�e�
C�:�\�g�t�h�I�G�y�W�x�.�e�x�e�
C�:�\�T�c�H�_�W�f�M�2�.�e�x�e�
C�:�\�I�_�w�m�v�3�a�p�.�e�x�e�
C�:�\�p�s�a�L�J�x�0�5�.�e�x�e�
C�:�\�f�e�f�G�J�W�F�Z�.�e�x�e�
C�:�\�3�k�3�O�h�g�f�s�.�e�x�e�
C�:�\�b�l�i�C�W�p�9�L�.�e�x�e�
C�:�\�X�c�n�a�V�W�n�M�.�e�x�e�
C�:�\�q�U�d�J�j�K�K�Y�.�e�x�e�
C�:�\�w�s�5�Q�_�R�l�q�.�e�x�e�
C�:�\�S�3�T�s�e�A�u�N�.�e�x�e�
C�:�\�o�I�A�F�7�e�L�S�.�e�x�e�
C�:�\�v�3�2�Q�N�d�5�Y�.�e�x�e�
C�:�\�h�P�i�k�n�m�l�R�.�e�x�e�
C�:�\�R�x�I�a�J�a�2�_�.�e�x�e�
C�:�\�N�L�1�S�a�L�V�I�.�e�x�e�
C�:�\�6�P�u�G�0�m�J�u�.�e�x�e�
C�:�\�k�3�j�l�U�H�j�7�.�e�x�e�
C�:�\�j�9�X�B�q�k�y�e�.�e�x�e�
C�:�\�9�r�s�3�D�Q�5�M�.�e�x�e�
C�:�\�n�3�A�I�m�C�5�l�.�e�x�e�
C�:�\�4�w�a�I�w�7�z�7�.�e�x�e�
C�:�\�H�f�Y�C�i�Y�v�_�.�e�x�e�
C�:�\�f�n�l�t�o�J�m�a�.�e�x�e�
C�:�\�S�B�j�j�v�e�f�G�.�e�x�e�
C�:�\�o�i�K�_�k�O�B�E�.�e�x�e�
C�:�\�b�e�6�O�c�X�L�u�.�e�x�e�
C�:�\�b�0�F�A�K�H�U�A�.�e�x�e�
C�:�\�Z�Y�B�J�k�q�s�0�.�e�x�e�
C�:�\�Y�I�d�I�r�t�l�k�.�e�x�e�
C�:�\�x�o�C�w�S�t�V�_�.�e�x�e�
C�:�\�e�Z�W�c�8�K�Z�v�.�e�x�e�
C�:�\�E�2�W�p�_�I�U�s�.�e�x�e�
C�:�\�f�b�T�x�P�Y�y�g�.�e�x�e�
C�:�\�Z�T�x�x�1�v�N�8�.�e�x�e�
C�:�\�_�F�w�C�i�f�O�F�.�e�x�e�
C�:�\�0�h�y�t�4�P�U�M�.�e�x�e�
C�:�\�S�3�J�i�p�k�K�w�.�e�x�e�
C�:�\�1�k�s�R�a�O�I�k�.�e�x�e�
C�:�\�J�O�2�8�3�q�n�l�.�e�x�e�
C�:�\�u�K�Z�Y�o�w�a�s�.�e�x�e�
C�:�\�3�f�1�2�b�5�a�a�0�6�e�1�b�1�9�f�5�5�8�0�7�9�e�5�0�b�7�6�3�b�9�e�7�2�5�e�6�c�c�8�6�0�0�1�2�b�4�4�a�0�4�a�b�a�7�9�8�3�8�e�3�e�5�d�
C�:�\�r�m�t�_�Q�U�Z�0�.�e�x�e�
C�:�\�W�c�n�_�M�e�u�6�.�e�x�e�
C�:�\�8�j�F�Y�F�K�J�m�.�e�x�e�
C�:�\�T�X�W�G�z�J�m�A�.�e�x�e�
C�:�\�s�6�b�E�5�W�z�F�.�e�x�e�
C�:�\�x�f�L�b�w�d�6�W�.�e�x�e�
C�:�\�7�8�0�5�1�5�a�3�c�9�5�c�3�d�3�7�1�e�f�0�5�9�4�2�0�b�a�2�2�7�0�f�0�0�7�7�4�a�5�d�f�f�a�a�1�9�9�0�2�d�4�5�f�a�7�d�a�1�b�f�4�6�a�3�
C�:�\�c�a�9�0�f�5�1�0�e�f�3�d�6�a�f�0�8�6�a�a�d�2�e�a�4�3�b�4�b�8�d�d�7�c�2�2�a�9�0�2�b�b�c�1�6�c�b�5�c�4�c�1�c�2�0�6�7�d�0�9�0�e�6�6�
C�:�\�c�a�9�6�a�0�5�1�6�6�e�3�a�c�3�d�7�4�3�5�7�8�2�5�2�8�5�d�8�1�2�0�e�7�2�3�7�2�4�7�c�e�0�8�5�7�7�0�b�c�3�c�4�8�9�c�b�1�6�e�4�e�9�e�
C�:�\�c�p�O�P�z�7�d�U�.�e�x�e�
C�:�\�J�t�4�x�p�x�i�B�.�e�x�e�
C�:�\�B�U�3�D�N�B�n�3�.�e�x�e�
C�:�\�o�6�K�d�H�G�5�v�.�e�x�e�
C�:�\�I�F�c�w�A�5�h�_�.�e�x�e�
C�:�\�n�d�l�E�h�X�E�0�.�e�x�e�
C�:�\�0�I�r�p�3�j�F�Y�.�e�x�e�
C�:�\�2�B�3�T�x�o�2�b�.�e�x�e�
C�:�\�t�k�_�6�n�n�r�p�.�e�x�e�
C�:�\�2�z�6�t�p�Y�w�u�.�e�x�e�
C�:�\�1�5�B�F�d�c�O�4�.�e�x�e�
C�:�\�x�S�w�X�m�h�E�J�.�e�x�e�
C�:�\�Y�M�H�K�Z�5�B�K�.�e�x�e�
C�:�\�4�F�0�f�B�G�q�o�.�e�x�e�
C�:�\�L�Q�p�P�B�b�W�H�.�e�x�e�
C�:�\�Q�x�c�2�a�o�G�s�.�e�x�e�
C�:�\�8�2�G�S�C�u�R�z�.�e�x�e�
C�:�\�v�4�r�E�U�V�K�K�.�e�x�e�
C�:�\�e�a�8�e�0�c�r�M�.�e�x�e�
C�:�\�M�T�q�6�1�d�s�l�.�e�x�e�
C�:�\�i�u�r�b�6�o�J�0�.�e�x�e�
C�:�\�9�d�4�1�5�e�6�5�0�9�2�2�3�f�b�a�2�8�7�d�2�c�b�3�b�3�4�f�d�2�0�c�1�7�8�6�5�5�c�9�d�4�f�7�9�3�8�d�9�d�9�8�0�6�3�7�5�5�c�0�9�c�b�3�
C�:�\�0�b�b�a�2�1�c�3�2�e�f�c�3�a�1�c�6�c�0�f�0�d�d�7�6�0�6�e�7�7�1�b�0�a�0�f�e�4�e�e�7�d�5�7�9�7�0�0�1�f�7�9�1�b�1�c�d�6�c�8�c�2�4�2�
C�:�\�0�1�e�2�d�9�b�c�6�2�9�c�8�c�c�0�4�c�c�c�8�3�f�2�f�f�6�8�5�b�7�a�a�c�5�4�3�6�0�5�4�c�1�e�5�3�d�5�9�a�9�d�2�c�d�b�7�b�d�2�7�6�5�7�
C�:�\�k�k�R�F�e�l�K�E�.�e�x�e�
C�:�\�O�a�3�P�r�4�S�z�.�e�x�e�
C�:�\�5�9�j�5�4�j�W�8�.�e�x�e�
C�:�\�n�n�_�O�l�f�z�x�.�e�x�e�
C�:�\�L�3�o�R�A�v�d�y�.�e�x�e�
C�:�\�C�4�s�3�Z�g�U�L�.�e�x�e�
C�:�\�W�c�n�i�q�M�m�H�.�e�x�e�
C�:�\�0�1�u�_�0�v�D�t�.�e�x�e�
C�:�\�M�c�1�1�O�6�z�C�.�e�x�e�
C�:�\�g�c�g�9�W�P�H�7�.�e�x�e�
C�:�\�W�Q�X�t�k�A�a�G�.�e�x�e�
C�:�\�F�I�y�X�0�_�n�i�.�e�x�e�
C�:�\�D�U�N�q�C�H�f�m�.�e�x�e�
C�:�\�U�s�e�r�s�\�J�o�h�n�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�c�n�o�l�V�o�c�w�Q�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�7�2�a�f�d�7�b�e�6�f�5�6�e�5�8�e�c�c�0�8�0�9�6�0�e�2�8�3�d�d�d�f�.�v�i�r�u�s�.�e�x�e�
C�:�\�6�f�8�5�6�e�c�0�9�f�6�5�0�8�9�e�3�5�a�e�9�8�e�9�6�2�d�5�e�0�b�2�a�2�8�b�5�b�a�b�3�c�0�2�d�8�1�e�b�2�0�f�9�2�5�1�d�d�a�3�d�0�2�d�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�e�u�p�d�a�t�e�.�e�x�e�
C�:�\�1�9�2�8�d�3�3�7�7�c�8�e�9�0�3�f�0�b�3�d�1�e�4�7�e�b�a�1�d�7�a�4�0�d�3�c�4�2�a�e�9�4�5�a�0�0�3�5�4�7�0�1�4�1�d�2�f�3�0�d�a�3�0�f�
C�:�\�d�3�c�2�6�2�e�3�b�f�8�8�7�1�5�b�a�e�7�6�7�7�c�d�f�0�e�5�c�e�5�1�2�8�4�9�8�f�1�1�9�1�2�d�5�b�6�5�c�3�0�c�2�e�c�a�7�a�9�f�1�8�b�0�
C�:�\�b�0�4�a�4�0�a�e�3�d�b�1�2�7�f�8�5�2�9�8�c�1�0�7�4�5�1�6�4�c�7�f�c�4�6�d�9�9�3�3�3�9�4�5�d�5�a�9�2�4�7�1�5�b�6�2�4�c�2�3�f�c�5�6�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�e�u�p�d�a�t�e�.�e�x�e�
C�:�\�f�9�e�e�5�8�c�3�4�f�6�d�e�f�1�1�4�8�5�c�0�e�a�7�0�3�4�f�f�2�5�d�3�4�b�3�d�4�3�8�8�9�5�c�8�e�9�b�7�7�8�0�c�d�7�a�2�f�3�c�f�5�8�0�
C�:�\�2�f�4�4�0�1�f�0�6�e�6�4�8�d�e�0�7�2�0�7�8�8�2�f�7�5�2�6�0�7�a�5�1�2�d�8�8�1�1�f�7�0�2�7�7�a�c�7�c�2�b�f�5�6�7�b�3�4�e�1�9�9�a�2�
C�:�\�U�s�e�r�s�\�V�i�r�t�u�a�l�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�7�b�8�e�4�8�0�6�a�9�1�a�3�4�b�1�a�c�d�c�a�3�8�9�e�8�5�9�b�4�4�a�0�b�7�b�0�2�6�d�4�2�a�2�d�b�1�5�1�5�8�b�0�7�2�f�5�b�b�0�b�1�8�0�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�i�e�u�p�d�a�t�e�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�i�e�u�p�d�a�t�e�.�p�e�3�2�
C�:�\�5�6�9�f�f�6�1�7�b�5�c�4�5�4�e�5�e�5�e�f�0�8�6�3�7�5�d�0�9�f�0�c�3�c�2�d�9�c�8�a�3�d�0�0�3�b�1�5�4�5�b�d�d�2�6�d�4�6�9�1�3�3�d�3�
C�:�\�0�8�8�e�6�2�e�1�e�4�b�6�4�8�b�9�7�a�0�5�2�6�3�3�f�5�7�3�1�3�0�4�5�a�f�d�5�a�9�1�7�2�4�4�2�f�4�7�3�8�e�b�e�c�0�9�c�a�f�a�b�f�f�b�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�i�e�u�p�d�a�t�e�.�p�e�3�2�
C�:�\�c�3�c�0�1�0�6�d�6�7�d�0�6�8�6�e�b�1�6�7�e�1�f�1�6�3�3�3�5�1�1�3�b�5�5�0�5�4�f�c�c�9�2�0�2�0�2�b�b�e�c�b�a�8�f�9�1�4�d�a�8�8�b�d�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�e�u�p�d�a�t�e�.�e�x�e�
C�:�\�e�b�a�1�1�c�2�5�a�4�4�2�e�9�e�1�f�6�a�8�7�b�b�c�f�e�1�4�c�0�0�3�d�1�3�8�b�3�4�0�9�e�8�c�8�5�6�7�8�7�1�3�c�a�7�3�8�b�3�f�0�0�c�1�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�e�u�p�d�a�t�e�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�i�e�u�p�d�a�t�e�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�2�e�4�2�b�8�5�9�6�7�8�1�c�2�0�d�_�i�e�u�p�d�a�t�e�.�e�x�e�
C�:�\�c�e�d�8�9�e�0�3�e�1�f�e�7�e�0�b�9�3�6�b�1�3�3�8�4�2�f�6�1�3�c�9�2�b�7�3�7�0�e�2�e�b�8�2�9�c�4�4�b�d�9�3�2�e�4�1�0�9�8�d�8�7�7�0�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�e�u�p�d�a�t�e�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�i�e�u�p�d�a�t�e�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�i�e�u�p�d�a�t�e�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�c�4�7�3�5�7�8�1�a�6�5�6�a�2�5�4�_�i�e�u�p�d�a�t�e�.�e�x�e�
C�:�\�f�5�8�5�7�1�e�9�0�6�3�e�d�6�7�0�f�b�6�6�5�4�e�d�5�2�5�a�a�c�f�0�f�6�8�f�1�d�b�1�0�8�6�3�8�1�e�9�c�0�6�b�7�c�2�4�c�9�a�8�f�1�2�b�
C�:�\�8�a�8�8�1�4�3�9�e�7�7�8�c�e�c�e�7�b�5�5�3�8�0�6�7�6�0�c�f�0�d�9�c�5�2�8�7�8�d�d�9�3�4�c�9�f�0�2�2�1�4�a�8�7�9�d�f�f�d�4�1�5�b�8�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�i�e�u�p�d�a�t�e�.�p�e�3�2�
C�:�\�d�1�b�b�7�b�e�5�5�4�c�0�d�5�e�e�1�4�e�8�6�8�6�7�8�f�b�5�2�6�e�5�e�c�5�2�9�3�f�7�7�8�c�0�0�3�c�f�a�2�2�c�3�7�7�e�d�b�b�e�a�7�2�9�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�e�u�p�d�a�t�e�.�e�x�e�
C�:�\�e�e�9�c�1�8�1�9�b�4�8�8�d�1�5�4�6�b�a�f�b�3�6�6�8�9�a�a�8�d�6�5�f�6�1�a�a�e�0�b�2�2�9�2�8�1�6�a�d�7�9�3�b�d�c�2�e�6�c�6�e�9�b�4�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�i�e�u�p�d�a�t�e�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�i�e�u�p�d�a�t�e�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�i�e�u�p�d�a�t�e�.�p�e�3�2�
C�:�\�7�2�e�7�3�2�e�0�5�6�3�a�3�a�2�0�3�2�9�7�f�8�d�d�b�3�4�9�9�0�2�5�a�8�0�3�0�3�5�6�1�b�6�2�6�0�0�7�2�a�3�7�c�7�b�0�b�3�a�f�b�c�b�c�
C�:�\�a�3�5�6�8�1�5�2�7�8�4�b�7�9�6�6�b�c�4�8�c�1�d�f�2�9�2�9�6�a�9�c�b�d�f�b�d�2�5�1�d�0�d�a�c�c�f�d�e�1�c�a�2�2�7�5�5�a�3�2�c�a�2�4�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�e�u�p�d�a�t�e�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�i�e�u�p�d�a�t�e�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�i�e�u�p�d�a�t�e�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�i�e�u�p�d�a�t�e�.�p�e�3�2�
C�:�\�8�a�5�5�e�0�d�0�f�7�e�3�3�4�3�3�4�2�a�6�7�9�2�7�8�6�4�4�6�a�c�1�6�f�0�6�9�5�2�a�8�2�7�1�0�b�5�1�2�a�0�5�1�5�2�3�0�c�9�f�c�c�7�7�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�e�u�p�d�a�t�e�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�i�e�u�p�d�a�t�e�.�p�e�3�2�
C�:�\�e�8�2�a�8�7�1�9�7�f�a�5�c�0�e�9�e�4�6�1�d�7�7�2�c�6�e�f�8�b�d�b�7�a�5�1�2�e�3�e�7�a�8�6�7�c�e�d�3�f�b�b�6�c�c�8�2�1�9�7�8�c�2�b�
C�:�\�4�8�4�b�a�a�8�8�0�5�4�b�6�a�6�a�6�2�5�0�4�e�1�9�2�e�c�5�4�c�a�8�a�6�0�2�f�9�0�0�0�6�b�f�a�c�f�2�1�6�3�1�0�2�4�a�a�f�9�d�1�8�3�7�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�i�e�u�p�d�a�t�e�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�i�e�u�p�d�a�t�e�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�c�0�b�9�b�b�d�9�9�0�d�2�2�f�9�5�_�i�e�u�p�d�a�t�e�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�i�e�u�p�d�a�t�e�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�f�8�6�a�2�2�7�2�8�7�c�a�6�8�7�3�_�i�e�u�p�d�a�t�e�.�e�x�e�
C�:�\�9�9�2�6�4�f�c�e�6�1�e�b�0�0�5�b�e�d�2�f�9�1�c�6�3�c�2�d�7�6�9�4�a�3�4�5�0�9�e�e�8�e�2�7�8�8�b�0�1�0�0�e�a�6�6�7�e�5�5�9�e�3�b�b�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�e�u�p�d�a�t�e�.�e�x�e�
C�:�\�4�d�a�d�7�6�2�0�0�6�f�2�e�a�6�3�a�1�2�1�d�2�5�b�b�7�2�1�a�a�1�1�e�2�5�e�5�2�f�a�1�d�5�e�c�5�8�a�3�6�9�a�5�d�8�7�8�f�2�7�9�8�5�9�
C�:�\�3�d�d�0�9�5�e�4�7�a�9�1�b�d�c�e�8�8�4�a�4�b�d�a�f�e�7�b�8�3�8�f�d�1�3�7�b�4�d�5�b�a�3�6�6�c�3�c�2�5�b�a�4�c�b�b�f�f�0�c�c�7�f�1�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�e�u�p�d�a�t�e�.�e�x�e�
C�:�\�7�7�c�5�4�d�8�0�6�e�1�5�1�8�e�a�f�3�e�6�4�a�8�c�2�0�3�b�1�6�2�c�b�2�d�6�2�0�d�9�9�1�8�8�1�9�3�f�8�8�8�d�f�e�9�f�3�7�0�0�8�3�9�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�e�u�p�d�a�t�e�.�e�x�e�
C�:�\�0�6�4�1�3�1�7�5�3�8�7�9�9�b�8�f�b�b�6�4�a�6�b�6�9�c�4�f�2�6�f�0�4�2�c�b�1�b�b�7�2�1�b�2�c�2�f�2�6�5�b�9�4�8�4�3�a�9�d�2�3�6�4�4�
C�:�\�d�1�e�8�e�a�1�b�3�d�0�e�b�3�e�a�3�a�c�b�f�0�1�2�a�9�b�3�f�d�3�e�a�a�4�5�b�f�3�b�1�b�e�c�5�0�1�3�0�f�7�a�1�1�5�4�7�1�9�c�8�4�6�1�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�e�u�p�d�a�t�e�.�e�x�e�
C�:�\�8�7�e�9�2�5�4�f�d�2�5�8�8�e�5�3�f�9�9�1�5�e�3�3�c�0�6�b�8�0�0�4�4�1�3�f�5�3�c�9�f�4�7�a�e�7�8�8�3�c�2�4�d�4�8�e�f�9�2�d�4�3�e�8�
C�:�\�5�2�b�3�b�2�7�1�f�2�f�a�2�2�8�d�2�1�4�a�f�3�7�0�4�4�9�9�4�8�c�0�c�9�b�b�3�9�7�6�e�d�9�8�7�d�6�2�d�b�e�4�6�4�1�1�4�0�b�3�f�7�0�7�
C�:�\�9�d�5�2�1�1�a�d�a�6�b�2�5�a�f�e�9�1�d�d�0�3�e�a�6�3�d�0�e�9�b�9�9�a�1�4�4�f�0�f�f�4�5�5�7�c�d�b�6�f�e�2�0�3�a�3�9�2�6�8�3�d�c�5�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�e�u�p�d�a�t�e�.�e�x�e�
C�:�\�d�e�f�c�a�3�6�3�c�2�a�a�c�3�d�2�6�e�7�6�9�4�f�d�3�1�1�a�2�c�a�0�f�d�e�9�4�5�8�a�2�9�8�a�0�4�5�2�2�8�f�6�d�4�6�2�9�5�3�c�6�d�f�d�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�e�u�p�d�a�t�e�.�e�x�e�
C�:�\�5�4�d�f�1�c�8�a�b�c�3�6�8�1�3�a�2�a�d�5�7�f�b�2�9�9�4�4�5�f�c�1�0�3�2�1�4�e�8�f�1�6�f�1�8�5�1�3�d�1�b�e�a�d�c�8�f�3�6�f�4�b�1�3�
C�:�\�a�2�f�c�9�0�0�c�d�8�6�8�3�4�1�1�d�1�4�e�1�d�d�a�7�e�3�b�c�5�4�a�a�6�2�2�e�1�9�8�d�f�8�8�6�0�e�5�a�d�a�b�9�4�f�f�7�9�6�a�d�9�1�b�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�e�u�p�d�a�t�e�.�e�x�e�
C�:�\�0�3�9�2�6�7�e�6�9�0�f�e�9�c�a�2�d�5�1�9�0�c�c�5�6�6�4�4�e�9�e�5�5�4�4�9�f�d�f�d�4�0�1�b�5�3�5�d�f�b�f�4�b�8�0�c�0�f�1�0�9�8�3�8�
C�:�\�o�y�Z�x�n�R�l�G�.�e�x�e�
C�:�\�9�2�c�e�b�0�9�5�8�5�f�d�c�7�6�8�6�e�7�f�8�5�0�5�9�3�c�3�3�1�8�2�8�a�6�2�a�f�4�d�d�0�a�a�f�1�2�f�8�9�5�4�6�1�7�6�0�2�9�d�8�4�0�9�
C�:�\�2�b�b�5�5�a�3�6�6�e�6�8�6�4�d�a�b�1�4�7�9�2�7�7�d�7�8�9�8�6�9�5�2�e�2�0�c�8�c�d�b�3�5�5�0�3�e�e�8�7�8�2�9�f�9�9�a�7�9�0�c�b�e�c�
C�:�\�f�5�7�a�2�9�0�1�7�c�f�7�e�e�8�9�a�d�c�3�1�d�5�8�3�8�c�0�e�e�2�6�f�2�a�4�7�f�7�b�3�5�a�f�3�0�8�2�f�8�b�f�3�3�6�d�c�1�9�d�b�3�a�b�
C�:�\�1�4�6�f�5�0�0�4�2�7�0�b�4�5�4�1�5�5�f�0�a�1�d�e�e�6�e�3�b�9�5�4�a�8�e�5�b�0�4�2�f�c�9�0�c�3�d�9�d�0�a�8�1�2�1�1�6�e�0�b�e�9�8�6�
C�:�\�2�c�5�1�f�9�a�d�a�8�b�1�7�d�f�d�8�7�8�1�d�5�5�0�4�d�e�6�2�f�f�b�c�4�7�1�b�6�b�3�5�c�8�0�8�5�7�6�2�0�d�7�c�c�3�c�8�7�5�2�a�1�f�f�
C�:�\�3�4�2�e�1�d�9�e�d�c�d�c�5�4�9�1�a�e�0�6�6�7�a�c�a�3�1�8�f�8�a�e�d�4�e�6�a�5�a�a�f�8�e�5�3�f�2�4�4�9�5�3�a�6�b�2�5�9�f�9�8�e�2�1�
C�:�\�2�8�d�5�8�a�3�2�3�1�8�9�4�5�9�0�8�a�2�3�4�4�5�f�a�f�d�8�9�9�6�e�e�2�1�0�5�9�8�c�6�d�c�0�c�4�f�2�f�f�8�1�2�a�7�e�d�2�c�4�6�b�7�3�
C�:�\�d�e�5�0�d�b�5�6�5�6�e�e�f�1�a�1�4�f�e�a�6�f�0�f�f�1�e�b�5�9�3�0�b�f�5�7�d�9�6�2�4�8�0�d�5�d�9�d�b�7�4�4�6�4�a�b�1�5�4�c�7�7�4�8�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�e�u�p�d�a�t�e�.�e�x�e�
Process Tree
-
0a10309fcf649bcbfac3635685a48a79b214d755d6399195ab651eb5cd346915.exe (2108)
"C:\Users\Administrator\AppData\Local\Temp\0a10309fcf649bcbfac3635685a48a79b214d755d6399195ab651eb5cd346915.exe"
- ieupdate.exe (1640) "C:\Users\ADMINI~1\AppData\Local\Temp\ieupdate.exe"
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com |
A 131.107.255.255
A 131.107.255.255 |
131.107.255.255 |
| dns.msftncsi.com |
AAAA fd3e:4f5a:5b81::1 AAAA fd3e:4f5a:5b81::1 AAAA fd3e:4f5a:5b81::1 |
131.107.255.255 |
| migsparkle.com | A 149.154.59.7 | 149.154.59.7 |
| foodpicsgo.com | A 103.224.212.223 | 103.224.212.223 |
TCP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 49165 | 103.224.212.223 foodpicsgo.com | 443 |
| 192.168.56.101 | 49166 | 103.224.212.223 foodpicsgo.com | 443 |
| 192.168.56.101 | 49167 | 103.224.212.223 foodpicsgo.com | 443 |
| 192.168.56.101 | 49169 | 103.224.212.223 foodpicsgo.com | 443 |
| 192.168.56.101 | 49170 | 103.224.212.223 foodpicsgo.com | 443 |
| 192.168.56.101 | 49171 | 103.224.212.223 foodpicsgo.com | 443 |
| 192.168.56.101 | 49175 | 103.224.212.223 foodpicsgo.com | 443 |
| 192.168.56.101 | 49176 | 103.224.212.223 foodpicsgo.com | 443 |
| 192.168.56.101 | 49177 | 103.224.212.223 foodpicsgo.com | 443 |
| 192.168.56.101 | 49179 | 103.224.212.223 foodpicsgo.com | 443 |
| 192.168.56.101 | 49180 | 103.224.212.223 foodpicsgo.com | 443 |
| 192.168.56.101 | 49181 | 103.224.212.223 foodpicsgo.com | 443 |
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 58485 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58485 | 8.8.8.8 | 53 |
| 192.168.56.101 | 57665 | 8.8.8.8 | 53 |
| 192.168.56.101 | 51758 | 8.8.8.8 | 53 |
| 192.168.56.101 | 52215 | 8.8.8.8 | 53 |
| 192.168.56.101 | 62361 | 8.8.8.8 | 53 |
| 192.168.56.101 | 62361 | 114.114.114.114 | 53 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
| Source | Destination | ICMP Type | Data |
|---|---|---|---|
| 192.168.56.101 | 8.8.8.8 | 3 |
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
| Name | 3109d93cbd0e1a22_ieupdate.exe |
|---|---|
| Filepath | C:\Users\Administrator\AppData\Local\Temp\ieupdate.exe |
| Size | 30.4KB |
| Processes | 2108 (0a10309fcf649bcbfac3635685a48a79b214d755d6399195ab651eb5cd346915.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 35ea9be90f539155b1fcee9e02a90c8c |
| SHA1 | 2703e7e10c394d35f51c138b68fb08626498b538 |
| SHA256 | 3109d93cbd0e1a22d039b32ccc5f327c8bdf7f51e7c05f006736bebf0bdad56f |
| CRC32 | 426A0F24 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
Sorry! No dropped buffers.