0.9
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.63
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Heim | 20190903 | 18.4.3895.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20190904 | 2013.8.14.323 |
| McAfee | Trojan-FEOI!E6636BC26AFB | 20190903 | 6.0.6.653 |
| Tencent | None | 20190904 | 1.0.0.1 |
静态指标
动态指标
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 48 个反病毒引擎识别为恶意
(48 个事件)
| ALYac | Gen:Trojan.Ipatre.1 |
| APEX | Malicious |
| AVG | Win32:Heim |
| Acronis | suspicious |
| Ad-Aware | Gen:Trojan.Ipatre.1 |
| AhnLab-V3 | Trojan/Win32.Inject.R121051 |
| Antiy-AVL | Trojan/Win32.AGeneric |
| Arcabit | Trojan.Ipatre.1 |
| Avast | Win32:Heim |
| Avira | TR/AD.Yarwi.yogmp |
| BitDefender | Gen:Trojan.Ipatre.1 |
| Comodo | TrojWare.Win32.TrojanDownloader.Waski.FG@5t41v3 |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.26afbb |
| Cylance | Unsafe |
| Cyren | W32/Upatre.HD.gen!Eldorado |
| DrWeb | Trojan.Matsnu.150 |
| ESET-NOD32 | a variant of Win32/Kryptik.CNAC |
| Emsisoft | Gen:Trojan.Ipatre.1 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Upatre.HD.gen!Eldorado |
| F-Secure | Trojan.TR/AD.Yarwi.yogmp |
| FireEye | Generic.mg.e6636bc26afbb8cb |
| Fortinet | W32/Kryptik.CKUG!tr |
| GData | Gen:Trojan.Ipatre.1 |
| Ikarus | Trojan-Spy.Zbot |
| Invincea | heuristic |
| Jiangmin | Trojan.Generic.aiqao |
| K7AntiVirus | Trojan ( 0051918c1 ) |
| K7GW | Trojan ( 0051918c1 ) |
| MAX | malware (ai score=87) |
| Malwarebytes | Trojan.Downloader |
| McAfee | Trojan-FEOI!E6636BC26AFB |
| McAfee-GW-Edition | BehavesLike.Win32.Generic.lt |
| MicroWorld-eScan | Gen:Trojan.Ipatre.1 |
| Microsoft | TrojanDownloader:Win32/Upatre.AH |
| NANO-Antivirus | Trojan.Win32.Matsnu.feiqfl |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | HEUR/QVM20.1.A79D.Malware.Gen |
| Rising | Downloader.Upatre!8.B5 (TFE:2:DHEOoIHxX7S) |
| SentinelOne | DFI - Malicious PE |
| Sophos | Troj/Agent-AJNX |
| Symantec | Packed.Generic.493 |
| TrendMicro | TROJ_UPATRE.SM37 |
| TrendMicro-HouseCall | TROJ_UPATRE.SM37 |
| VBA32 | Trojan.FakeAV.01657 |
| Yandex | Trojan.Agent!JZEXscOT9EE |
| Zillya | Trojan.Kryptik.Win32.933451 |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2014-09-10 02:23:21
PE Imphash
9b21591001195f47e99c2e03a9dbadc9
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x00007abe | 0x00008000 | 5.357370975395869 |
| .rdata | 0x00009000 | 0x000018c1 | 0x00002000 | 1.8639837727278072 |
| .data | 0x0000b000 | 0x00000b75 | 0x00001000 | 4.389164658623499 |
| .rsrc | 0x0000c000 | 0x00003ade | 0x00004000 | 4.288402987941884 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x0000d536 | 0x000025a8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_GROUP_ICON | 0x0000d520 | 0x00000016 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ANICURSOR | 0x0000c720 | 0x00000e00 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ANICURSOR | 0x0000c720 | 0x00000e00 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
Imports
Library uxtheme.dll:
• 0x409000 DrawThemeBackground
• 0x409004 GetThemeTextMetrics
• 0x409008 DrawThemeEdge
• 0x40900c GetThemeFont
• 0x409010 GetThemeInt
• 0x409014 OpenThemeData
• 0x409018 GetThemeEnumValue
• 0x40901c GetThemeColor
• 0x409020 GetThemeSysSize
• 0x409024 SetWindowTheme
Library cmdial32.dll:
• 0x40902c InetDialHandler
• 0x409030 CmCustomHangUp
• 0x409034 CmCustomDialDlg
• 0x409038 AutoDialFunc
Library cryptdll.dll:
• 0x409040 MD5Update
• 0x409044 CDLocateRng
• 0x409048 MD5Init
• 0x40904c CDBuildVect
• 0x409050 MD5Final
Library user32.dll:
• 0x409058 IsDialogMessageA
• 0x40905c DrawIcon
• 0x409060 GetMessageW
• 0x409064 PostMessageW
• 0x409068 GetClassInfoA
• 0x40906c MessageBoxW
• 0x409070 CreateDesktopW
• 0x409074 wsprintfA
• 0x409078 DispatchMessageA
• 0x40907c CharToOemA
• 0x409080 LoadCursorA
• 0x409084 PeekMessageA
• 0x409088 LoadImageA
• 0x40908c GetCaretPos
• 0x409090 DialogBoxParamW
• 0x409094 IsCharLowerA
Library kernel32.dll:
• 0x40909c GetModuleHandleA
• 0x4090a0 OpenMutexW
• 0x4090a4 InterlockedDecrement
• 0x4090a8 GetCurrentDirectoryW
• 0x4090ac SleepEx
• 0x4090b0 GetDriveTypeA
• 0x4090b4 OpenMutexW
• 0x4090b8 OpenMutexW
• 0x4090bc OpenMutexW
• 0x4090c0 OpenMutexW
• 0x4090c4 OpenMutexW
• 0x4090c8 OpenMutexW
• 0x4090cc DeviceIoControl
• 0x4090d0 CreateEventW
• 0x4090d4 FoldStringW
• 0x4090d8 OpenMutexW
• 0x4090dc CreateDirectoryA
• 0x4090e0 GetACP
• 0x4090e4 OpenMutexW
• 0x4090e8 OpenMutexW
• 0x4090ec OpenMutexW
• 0x4090f0 FindFirstVolumeW
• 0x4090f4 OpenMutexW
• 0x4090f8 GetProcessHeap
• 0x4090fc GetLastError
• 0x409100 OpenMutexW
• 0x409104 CopyFileW
• 0x409108 GetTickCount
• 0x40910c FindFirstFileA
• 0x409110 GetCurrentProcess
• 0x409114 GetLocalTime
• 0x409118 CompareStringW
• 0x40911c HeapAlloc
• 0x409120 ReplaceFileW
• 0x409124 FindNextVolumeW
• 0x409128 CreateSemaphoreW
• 0x40912c GetDiskFreeSpaceW
• 0x409130 GetProcAddress
• 0x409134 DeleteFileA
• 0x409138 lstrcpynW
• 0x40913c SearchPathA
• 0x409140 GetStringTypeW
L!This program cannot be run in DOS mode.
`.rdata
@.data
By 5%@
zertur.pdb
OpenThemeData
GetThemeSysSize
GetThemeColor
GetThemeTextMetrics
GetThemeFont
GetThemeInt
GetThemeEnumValue
DrawThemeEdge
DrawThemeBackground
SetWindowTheme
uxtheme.dll
AutoDialFunc
CmCustomHangUp
InetDialHandler
CmCustomDialDlg
cmdial32.dll
MD5Update
CDLocateRng
MD5Final
CDBuildVect
MD5Init
cryptdll.dll
PeekMessageA
DialogBoxParamW
IsCharLowerA
wsprintfA
IsDialogMessageA
GetClassInfoA
CharToOemA
CreateDesktopW
LoadImageA
LoadCursorA
PostMessageW
MessageBoxW
DrawIcon
GetMessageW
DispatchMessageA
GetCaretPos
user32.dll
CreateSemaphoreW
CompareStringW
GetModuleHandleA
SleepEx
SearchPathA
lstrcpynW
CreateEventW
GetLocalTime
InterlockedDecrement
GetProcAddress
FindFirstVolumeW
FoldStringW
GetDriveTypeA
DeleteFileA
CreateDirectoryA
GetTickCount
GetProcessHeap
FindNextVolumeW
GetStringTypeW
FindFirstFileA
GetCurrentProcess
HeapAlloc
GetDiskFreeSpaceW
DeviceIoControl
ReplaceFileW
GetLastError
GetACP
GetCurrentDirectoryW
CopyFileW
OpenMutexW
OpenMutexW
OpenMutexW
OpenMutexW
OpenMutexW
OpenMutexW
OpenMutexW
OpenMutexW
OpenMutexW
OpenMutexW
OpenMutexW
OpenMutexW
OpenMutexW
kernel32.dll
DCIDestroy
DCIEnum
DCIBeginAccess
dciman32.DLL
6V!&}m
1H@`:t
#_#WVn
y+5xRuu
I(%nX8%
/AIwr|
[d^t{}
3))4a&t
P ?:vv>x
Ms>]Con
_N<ub+r
) 4Oc<
t3JtTAluNjeh$~]PE
([>GzA
VCk~8W~`
&]TVCdie#4C
{|b4qXv
T;(o4_uu"-
Kk?0xb`8
LoadLibraryExW
kernel32.DLL
HeapCreate
WriteProcessMemory
vifjkyei
lifnbkajcuvjzys
egpnyseewiu
txaqnmpuzyojzw
mouvminniondwldz
drfghpjjo
qpltxwbt
esvrosvhg
fyozlynhir
vayqgvqckyfk
znayrpodynbdmpec
cbxohnwvqooogu
zmhgbqto
PsC!)b\:
bL*?tc*Az+
FQHjR9
wo}[%y)
zE#0k|F
WJnJj=KsQ
s|ZNuc
Qw|Z-ScA
wlJSyS1/U
\:yC!V{-G
D=-XIw
<B`e./
B%g[t!
QZ9a0P
"PrpRV
I4c"j@S=K; SH2w
nc,Zt=*ctwV!)bQ
VCa|S\
e44o=x
A|Y]DX7
NvS\aRbVS>2x|JY
}MGNylv*
)J;;Q"mxV2,/st
^(L_oU
~6T\R)^-y+
b->1L-
v'ijAl
L;A2RmC
0_J]\n
B] HvKY
S'DkvJAX
;cz]1Y
.d`>+/s
CNgg$NO&
"Q3TH0
YxtIGACH
y}&\JS&b
5C66}W8WM)o
82z]w4i~M(
E41`"?W$.
!p&#P.'
~\:HLJ@
L*ozsq0
'u+)^,<
yu`>+{
L*526z0
|ZF$9=;D">N,R0
nLT2BDD
R0bh~JKL*
T2PIsxV)j
pNTfSx
r5ps)0
+J(V4Z
5P.3^<
Y{1zN,0
N,n|bjd
_Ym=/|<LdV
3GFsH
} a.U3
;[*EG>9q3
L^<?. A#5Q5RZ2
!+&i35
e1o%h&
M&d%9.4$
mZADit~C
.#,t0n
}?xN=E{
<[>\:\
fs0Afu
BThvBT
!#!#!#!#!#!#!#!#!#!#!#!#!#!#!#!#!#!#!#!#!#!#!#!#!#!#!#!#!#!#
!!!!!!!!!!!!!!!!! #!!!!!!!! # # #!$!!!! #!!!!!!!!!!!!!!!!!!!!
""%"%"%"%"%"%"%"%"%"%"%"%nq"%"%"%"%"%"%"%"%"%"%"%"% "
"#&#&#&#&#&#&#&#&"%"%###&ss#&#&#&#&#&#&#&#&#&#&#&#& "
"*-*-*-*-*-*-*-*-*-*-tt*-*-####'**-*-*-*-*-*-*-!!
#&////////////////QL////.1//////////////////#&
*-585858585858585858fi5858{x585858585858585858585858*-
14:<:<:<:<:<:<:<:<gl:<gl:<:<1414:<:<:<:<:<:<:<:<14
:<??????????????????~??????????????????:<
??FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF??
HJJJFFFFFFJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJFFFFFFFFFFFFJJJJJJHJ
HJHJvovovovovovovovovovovovovovovovovovovovovovovovovovovovoHJOQ
q�2�P�F� �V�
F�o�y�~�p�D�=�'�Z�!�
J�8�~�2�r�J�k�A�
"�T�X�3�b�G�0�Z�
!�+�:�:�$�S�l�`�8�E�J�j�p�Z�
8�K�N�A�b�B�M�Z�
6�"�$�>�9�_�Z�
!�X�l�7�1�e�P�-�,�
M�1�Y�W�,�-�_�
e�[�u�b�\�X�
N�2�1�"�8�'�q�A�{�=�V�b�f�U�G�!�2�
x�0�]�H�a�y�6�a�o�
z�l�s�~�j�+�M�c�
j�}�,�T�n�_�
p�}�M�(�"�A�0�-�F�|�G�M�{�c�F�y�<�
y�A�?�p�K�$�P�X�
Z�u�u�n�E�j�+�F�
U�E�x�H�N�O�@�
"�R�K�w� �R�#�!�C�:�,�
,�:�.�p�~�D�O�
u�'�0�&�D�X�
!�s�|�O�;�;�!�*�
t�i�O�A�)�$�M�r�P�C�x�!�{�^�
Q�-�>�R�2�l� �
4�N� �z�l�F�
$�[�?�(�#�=�=�
b�e�B�h�n�d�
j�$�G�X�j�R�r�x�g�
<�\�C�j�Q�6�,�
X�T�6�B�w�|�o�F�#�
,�r�f�$�G�9�
-�?�R�s�w�e�
=�D�(�F�|�^�
/�D�v�x�Z�o�3�L�
4�M�r� �r�Z�6�W�
*�~�&�1�7�#�
8�M�c�Q�f�;�o�j�#�*�r�3�
B�@�@�G�N�N�D�w�K�q�K�N�?�h�+�
f�\�W�:�G�s�'�N�?�,�V�w�g�
o�M�O�(�p�S�f�-�G�[�e�$�A�
.�}� �5�g�.�7�1�r�W� �
;�z�H�+�M�}�Y�p�X�
T�'�>�7�A�0�o�~�
-�{�U�(�w�_�
+�"�<�"�?�&�(�0�`�+�$�\�=�2�|�Q�(�Q�:�
,�I�9�~� �Z�y�#�A�
]�'�)�q�_�7�w�P�'�n�b�
B�q�!�M�B�f� �p�9� �[�P�'�n�h�y�v�a�-�
R�G�Q�g�:�o�p�}�W�3�
&�3�1�7�W�Q�
%�i�e�M�q� �2�U�J�|�%� �?�b�c�M�;� �Y�)�-�y�~�^�e�
X�g�A�O�B�G�
#�-�>�1�S�*�b�2�J�
j�r�>�_�_�j�
u�9�1�1�h�K�{�
J�\�`�W�^�5�Y�&�
]�8�P�A�0�K�5�z�
^�B�B�0�J�;�X�'�v�A�k�8�%�U�
f�Q�?�T�%�p�
V� �9�~�"�N�3�9�6�
I�{�T�)�z�G�
@�n�~�s�Y�G�N�8�+�+�N�m�+�
5�@�^�6�J�)�k�t�
M�t�8�r�#�&�J�
d�L�j�~�%�{�O�@�U�J�
a�I�\�/�@�^�D�A�n�h�*�@�
#�l�g�&�L�`�}�E�
z�i�(�z�E�N�g�/�
J�i�9�o�I�}�
C�>�2�X�Q�U�o�b�4�r�
^�M�k�}�r�F�%�&�:�f�
l�z�"�a�l�&�X�W�
F�/�|�-�?�F�h�
4�R�H�)�+�f�b�
s�)�5�u�:�Q�
C�m�~�O�F�O�W�
y�@�)�a�O�r�2�)�
=�A�n�&�o�2�@�
p�X�;�0�(�'�'�!�q�4�
5�h�y�w�X�W�g�>�
j�4�p�"�L�<�
W�9�_�;�/�j�b�5�}�
<�,�u�=�-�w�}�,�
+�N�4�G�.�G�
A�s�<�7�q�3�J�Z�\�2�M�
[�@�J�p�a�P�k�X�
�5�e�j�K�I�#�
2� �*�>�W�=�m�h�G�e�G�
l�{�-�f�}�h�F�>�J�:�d�h�
$�L�P�<�9�r�k�
L�2�P�4�:�C�G�
7�_�_�)�Z�N�G�
/�,�W�!�X�%�X�!�
"�!�T�Y�b�)�
)�F�?�Z�+�@�
t�9�2�^�C�G�T�M�4�x�u�
]� �]�D�*�Y�
9�7�.�_�:�O�R�w�+�
i�n�n�3�G�Q�
Y�O�^�Q�B�}�T�,�=�0�
8� �7�7�N�o�L�&�1�w�a�
Q�+�.� �N�e�*�n�\�
`�[�'�=�y�|�=�K�
(�>�z�=�E�$�M�s�P�=�
f� �r�0�I�4�=�u�I�
h�z�p�~�2�m�c�}�p�G�`�%�U�9�d�U�[�,�<�l�m�+�c�T�c�}�
\�f�G�Z�m�}�c�
*�p�_�=�U�k�?�n�
)�]�7�;�,�R�$�R�
p�q�T�(�%�p�9�
M�u�s�G�Q�S�\�C�|�8�9�F�_�
<�|�"�/�~�[�W�X�i�,�r�'�c�M� �
Y�"�J�=�N�O�e�D�p�
7�A�e� �,�;�(�
f�H�"�C�D�F� �
(� �j�+�p�3�#�]�~�^�h�{�"�9�?�|�D�!�_�S�_�0�M�|�N�k�E�T�G�=�[�-�%�%�b�"�j�+�
$�C�-�K�O�Z�a�
P�u�x�J�7�r�*�t�1�\�)�
^�=�9�o�~�+�G�y�
g�G�;�Q�+�{�_�g�)�
}�6�.�Q�v�M�!�
U�-�Y�j�n�j�L�S�%�)�!�]�/�^�M�9�@�z�M�z�r�=�2�
\�1�F�y�v�n�(�E�
K�f�Q�H�i�i�s�$�Z�K�n�
j�O�B�y�T�3�u�
=�S�P�L�r�`�g�
\�;�e�E�}�{�~�,�q�f�*�'�A�s�N�
L�{�d�7�H�h�;�
R�y�.�@�j�u�)�?�Y�-�9�'�
3�x�5�M�M�f�}�
>�'�S�G�v�v�?�5�O�?�&�y�Y�b�8�
3�L�W�d�#�d�
;�:�H�l�E�_�T�
y�p�d�h�.�D�L�L�
C�:�\�Q�w�a�T�7�P�J�k�.�e�x�e�
C�:�\�n�_�w�f�U�I�L�y�.�e�x�e�
C�:�\�3�T�d�Y�u�w�E�Z�.�e�x�e�
C�:�\�I�2�D�h�h�d�q�1�.�e�x�e�
C�:�\�9�5�e�c�3�5�b�6�a�3�a�6�e�7�6�2�6�a�c�9�a�1�8�8�6�5�a�6�e�c�0�b�8�7�0�4�d�4�c�0�5�5�9�4�5�5�3�7�b�c�b�7�1�0�b�0�8�4�a�1�8�a�2�9�
C�:�\�U�s�e�r�s�\�l�u�s�e�r�\�D�e�s�k�t�o�p�\�P�0�F�6�d�3�P�r�.�e�x�e�
C�:�\�7�1�e�f�a�2�0�f�0�9�f�c�6�c�f�f�1�5�6�7�f�e�d�0�6�4�5�7�6�a�e�a�8�8�9�a�1�7�1�6�e�a�3�5�3�8�d�5�f�9�4�a�a�8�d�0�6�6�d�4�1�4�8�9�
C�:�\�3�2�6�a�2�2�3�4�5�a�7�a�f�0�3�5�5�b�7�1�3�2�3�2�7�3�3�e�5�5�d�d�e�c�2�7�3�5�0�1�f�4�c�b�6�e�0�a�9�f�6�7�d�1�4�5�f�3�a�c�4�1�0�9�
C�:�\�6�8�b�9�7�1�f�3�5�f�2�a�4�1�d�8�d�2�b�1�4�1�5�f�8�7�a�9�4�6�a�7�5�7�0�7�3�5�d�b�1�3�1�5�6�2�1�7�2�c�2�d�6�d�9�8�8�9�2�5�9�3�2�e�
C�:�\�C�Q�x�v�O�c�p�B�.�e�x�e�
C�:�\�y�p�k�7�l�G�5�_�.�e�x�e�
C�:�\�5�e�1�c�b�a�3�8�b�f�f�d�6�e�2�1�a�3�8�e�0�4�9�0�2�d�b�5�e�b�e�c�7�b�e�0�9�4�f�8�1�a�a�3�7�c�f�6�2�5�8�5�9�9�9�2�c�8�5�1�f�a�1�0�
C�:�\�c�f�d�2�1�2�a�e�e�9�e�2�4�b�d�d�f�6�c�b�a�7�9�d�5�d�f�c�c�3�f�8�8�1�e�e�1�c�a�8�e�6�a�c�a�8�7�0�b�4�c�9�f�3�6�9�f�6�a�8�6�2�9�c�
C�:�\�J�d�G�P�Q�F�U�z�.�e�x�e�
C�:�\�U�s�e�r�s�\�J�o�h�n�n�y� �C�a�g�e�\�D�e�s�k�t�o�p�\�q�r�8�D�V�Z�9�g�s�n�.�e�x�e�
C�:�\�2�9�d�m�w�l�d�q�.�e�x�e�
C�:�\�A�O�0�J�c�Z�v�M�.�e�x�e�
C�:�\�2�5�1�7�6�1�b�5�f�4�3�0�9�8�0�7�5�a�8�2�d�b�1�3�e�6�9�1�0�2�e�0�6�2�e�a�b�c�6�d�3�6�a�e�8�9�c�1�8�c�3�b�9�6�e�8�2�c�e�f�e�b�9�2�
C�:�\�0�a�c�5�f�b�0�7�0�e�0�2�6�e�4�e�9�2�e�3�1�5�d�b�5�1�a�8�7�b�3�d�6�0�6�4�0�9�7�0�8�0�a�1�e�1�6�2�0�7�1�3�0�c�7�9�f�4�a�1�b�7�5�1�
C�:�\�3�b�c�9�7�d�e�0�c�f�e�8�a�f�b�2�9�5�7�4�a�2�3�0�7�4�3�5�1�e�2�0�f�f�0�b�7�9�8�b�5�4�5�c�0�7�5�c�1�5�4�a�2�1�c�3�3�4�8�7�6�b�7�b�
C�:�\�2�c�b�2�a�5�3�4�c�f�2�c�0�e�9�4�2�7�2�0�f�8�8�c�8�0�a�f�7�d�1�d�d�6�f�0�d�5�f�9�f�4�6�e�1�0�a�7�c�5�f�2�9�b�2�7�7�3�e�8�9�8�6�9�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�H�v�Y�S�X�Q�U�N�.�e�x�e�
C�:�\�0�0�f�6�7�4�3�c�5�7�7�2�8�f�f�9�f�c�8�1�3�a�6�b�0�3�b�9�7�9�5�9�b�9�b�8�a�1�1�9�7�a�f�5�2�5�b�6�2�5�d�2�1�4�a�6�b�2�4�4�a�4�6�3�
C�:�\�6�d�6�f�d�8�b�d�6�4�6�9�e�c�0�e�5�f�2�2�5�a�5�1�4�8�3�7�5�f�4�e�7�7�5�a�c�2�3�e�3�2�6�7�c�5�f�6�9�5�9�6�a�2�6�0�6�e�1�c�b�b�9�4�
C�:�\�b�e�a�b�9�f�5�1�d�e�e�0�7�6�b�4�1�4�f�b�9�b�6�9�c�1�b�d�e�a�2�3�3�9�4�b�1�c�5�e�b�3�c�4�c�0�4�8�4�e�d�b�f�9�7�c�5�2�3�4�0�8�2�2�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�h�0�h�D�8�D�W�e�.�e�x�e�
C�:�\�a�8�f�6�f�e�9�9�0�e�3�1�4�4�f�f�c�4�9�e�d�e�d�8�6�a�7�3�7�6�5�e�6�1�b�e�9�6�1�6�7�1�8�e�3�a�3�2�4�3�4�c�d�5�1�c�a�7�b�e�e�7�c�9�
C�:�\�7�b�7�6�a�4�c�c�5�1�9�2�9�c�1�f�6�d�2�5�e�0�9�b�b�d�4�3�4�7�a�c�8�d�0�f�2�2�c�d�4�3�b�7�6�b�8�6�3�f�3�a�8�9�1�8�6�4�8�d�e�c�a�6�
C�:�\�E�c�7�5�S�Z�d�2�.�e�x�e�
C�:�\�d�5�9�e�f�1�4�c�c�c�0�e�c�c�9�6�e�0�c�b�4�e�6�f�a�c�0�2�f�1�7�5�1�e�2�6�4�7�4�f�7�f�4�b�e�3�0�1�e�d�5�b�d�b�2�b�0�6�5�e�6�9�a�d�
C�:�\�6�b�1�e�c�2�d�f�5�e�b�6�a�d�6�f�2�8�7�5�5�2�3�d�0�7�6�4�c�2�a�d�5�d�e�4�2�1�2�a�3�f�3�4�9�4�6�f�e�3�e�b�b�3�4�1�8�c�4�1�4�e�a�7�
C�:�\�G�7�p�N�l�S�1�i�.�e�x�e�
C�:�\�f�3�9�4�9�a�7�1�0�f�5�6�b�c�c�2�a�6�b�a�c�8�8�e�7�d�4�e�6�3�5�7�b�b�0�d�7�b�d�f�7�0�3�f�9�0�f�8�5�a�7�6�9�5�f�c�6�2�3�a�b�3�3�d�
C�:�\�Y�W�i�Y�W�m�T�_�.�e�x�e�
C�:�\�U�G�3�q�e�R�n�t�.�e�x�e�
C�:�\�f�9�7�9�f�3�8�e�0�1�6�9�9�9�2�4�d�e�2�7�6�6�8�6�1�1�1�0�5�b�f�8�d�6�4�1�6�2�7�c�6�3�1�1�d�4�d�b�9�5�4�e�2�f�6�c�b�8�2�7�1�d�f�3�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�l�u�s�e�r�\�D�e�s�k�t�o�p�\�m�E�V�y�Q�R�k�J�.�e�x�e�
C�:�\�h�D�0�G�9�O�v�E�.�e�x�e�
C�:�\�y�w�8�b�q�v�n�p�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�p�1�Q�W�l�e�k�G�.�e�x�e�
C�:�\�P�u�J�7�5�E�D�T�.�e�x�e�
C�:�\�e�9�7�f�6�b�b�c�c�5�6�6�c�9�9�b�0�9�a�e�6�d�5�6�0�9�3�4�f�0�e�d�b�9�3�c�5�0�7�4�2�d�5�9�0�3�5�d�4�d�9�6�0�f�3�b�1�0�7�a�0�a�e�0�
C�:�\�d�f�a�d�0�a�f�a�b�c�0�1�7�e�c�3�4�3�e�9�7�5�0�7�6�0�2�e�6�0�6�4�6�f�3�9�4�3�3�c�1�2�2�d�4�a�8�3�5�e�c�6�6�2�d�8�4�1�9�a�2�b�1�b�
C�:�\�4�4�4�7�6�5�a�a�1�3�e�0�1�4�2�1�6�e�e�9�b�9�3�a�9�3�5�7�2�9�f�5�c�0�e�c�8�9�d�d�e�4�e�1�e�d�5�f�5�2�3�3�d�b�b�c�c�1�c�8�8�0�6�5�
C�:�\�U�s�e�r�s�\�j�o�h�n�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�9�2�8�2�B�6�8�C�8�4�2�8�F�E�1�3�E�1�D�0�7�B�9�C�A�7�1�6�1�C�F�9�.�e�x�e�
C�:�\�a�z�6�L�x�M�N�4�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�7�Q�h�t�D�t�Z�C�.�e�x�e�
C�:�\�7�l�R�S�Z�5�p�h�.�e�x�e�
C�:�\�c�4�4�8�7�1�4�c�5�5�3�a�5�f�4�4�c�e�1�f�3�9�9�c�0�a�0�e�1�5�e�8�2�1�e�4�9�7�c�e�f�9�5�5�8�d�0�3�e�c�8�4�b�e�3�3�9�a�1�2�b�d�a�f�
C�:�\�V�H�m�a�2�Q�0�U�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�f�a�c�t�u�r�a�.�e�x�e�
C�:�\�D�b�P�y�N�X�Y�L�.�e�x�e�
C�:�\�a�6�3�9�d�3�d�d�7�5�1�8�e�7�4�0�0�b�5�c�a�6�0�c�c�a�2�e�8�3�6�2�b�b�8�8�c�d�2�1�0�2�c�f�2�8�3�c�d�a�e�d�9�1�9�9�5�c�d�e�5�9�1�0�
C�:�\�2�3�d�a�4�4�c�3�f�0�4�2�2�2�c�c�d�4�8�b�7�c�7�e�b�b�a�0�8�0�2�e�c�f�b�4�c�a�6�4�f�1�e�7�5�0�0�d�0�7�2�9�1�2�2�2�4�9�6�1�3�5�e�4�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�m�p�o�r�t�a�n�t�_�d�o�c�u�m�e�n�t�.�e�x�e�
C�:�\�a�6�9�1�2�9�3�f�4�c�d�b�1�a�4�b�6�3�7�e�f�3�f�9�5�3�c�c�0�9�9�c�a�c�0�6�9�3�e�9�7�5�6�a�2�7�b�3�9�e�e�2�b�e�8�0�4�2�5�7�1�0�3�d�
C�:�\�d�5�4�4�2�f�2�1�2�1�e�6�9�e�0�7�9�f�4�3�6�4�7�6�8�b�8�9�c�7�f�2�5�a�5�6�1�3�a�3�5�8�3�f�e�6�5�c�1�1�3�3�1�2�7�d�5�c�f�d�0�9�a�d�
C�:�\�e�a�d�2�4�f�4�d�6�3�f�d�6�6�b�e�a�9�d�e�7�6�c�4�6�7�3�c�9�9�5�d�5�7�0�c�1�a�f�f�0�2�0�b�f�4�f�8�a�4�3�1�2�5�7�8�5�7�f�8�3�b�4�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�m�p�o�r�t�a�n�t�_�d�o�c�u�m�e�n�t�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�t�g�i�z�c�.�p�e�3�2�
C�:�\�1�8�b�1�1�6�c�1�0�2�a�4�1�4�f�1�a�f�1�c�8�6�c�9�1�7�3�1�f�b�2�5�e�c�c�a�9�c�b�1�d�8�b�6�3�5�7�c�9�6�5�2�b�c�a�6�6�8�1�9�4�4�9�9�
C�:�\�c�9�e�b�9�f�5�2�3�8�d�2�a�2�9�5�1�1�6�1�7�5�a�1�4�2�4�2�e�8�b�c�7�4�0�b�2�3�8�8�9�e�8�8�5�8�3�9�a�e�d�b�a�c�4�c�1�5�8�f�a�8�a�0�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�s�a�m�p�l�e�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�n�v�o�i�c�e�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�f�a�c�t�u�r�a�.�e�x�e�
C�:�\�5�a�8�a�8�8�6�b�b�1�3�1�8�6�f�b�0�6�9�e�5�c�9�1�9�f�f�5�e�e�3�d�2�f�e�3�8�5�3�e�c�f�f�3�d�3�1�7�3�7�9�8�d�c�6�b�f�2�8�8�5�5�0�b�
C�:�\�3�2�4�9�2�2�8�0�f�a�a�1�9�c�c�6�8�f�b�1�1�f�f�a�c�1�2�7�a�4�6�5�9�d�8�0�7�5�2�c�9�b�5�b�0�3�1�c�5�6�2�2�0�6�8�c�e�1�e�1�9�5�d�9�
C�:�\�3�f�f�6�9�e�c�1�a�5�7�e�d�2�1�5�9�a�b�4�f�f�d�f�8�a�7�c�4�3�0�4�0�d�5�5�a�7�f�5�3�e�8�a�4�4�7�e�2�2�f�5�1�d�2�4�5�0�a�7�2�d�0�7�
C�:�\�4�4�2�b�c�8�3�2�c�c�0�8�7�d�b�1�c�e�c�0�f�d�e�8�b�9�6�a�f�a�c�1�0�1�e�a�c�d�c�5�f�9�a�f�4�5�2�f�2�d�2�c�1�6�b�9�2�0�7�8�2�1�0�6�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�t�g�i�z�c�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�m�p�o�r�t�a�n�t�_�d�o�c�u�m�e�n�t�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�m�p�o�r�t�a�n�t�_�d�o�c�u�m�e�n�t�.�e�x�e�
C�:�\�x�2�S�1�4�E�l�V�.�e�x�e�
C�:�\�c�a�8�2�d�d�4�2�2�d�3�d�3�2�0�e�b�1�2�5�6�9�9�f�b�4�7�4�5�4�8�7�5�7�3�f�e�b�3�6�1�5�e�9�8�6�7�5�d�c�9�f�0�0�b�a�c�c�4�2�5�8�d�0�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.