1.2
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.71
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Malware-gen | 20200327 | 18.4.3895.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200327 | 2013.8.14.323 |
| McAfee | Downloader-FSH!EB76DF98C5BD | 20200326 | 6.0.6.653 |
| Tencent | Malware.Win32.Gencirc.10b4ae70 | 20200327 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(1 个事件)
| section | .imports |
动态指标
可执行文件使用UPX压缩
(2 个事件)
| section | UPX0 | description | 节名称指示UPX | ||||||
| section | UPX1 | description | 节名称指示UPX | ||||||
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 56 个反病毒引擎识别为恶意
(50 out of 56 个事件)
| ALYac | Gen:Variant.Jaik.26656 |
| APEX | Malicious |
| AVG | Win32:Malware-gen |
| Acronis | suspicious |
| Ad-Aware | Gen:Variant.Jaik.26656 |
| AhnLab-V3 | Trojan/Win32.Kryptik.R326230 |
| Antiy-AVL | Trojan/Win32.AGeneric |
| Arcabit | Trojan.Jaik.D6820 |
| Avast | Win32:Malware-gen |
| Avira | TR/Spy.Zbot.repoa |
| BitDefender | Gen:Variant.Jaik.26656 |
| BitDefenderTheta | Gen:NN.ZexaF.34104.dqX@aCpTi9ii |
| Bkav | W32.AIDetectVM.malware |
| CAT-QuickHeal | Trojan.URI.S11164847 |
| ClamAV | Win.Downloader.Upatre-5744087-0 |
| Comodo | TrojWare.Win32.TrojanDownloader.Upatre.NAO@5j4p21 |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.8c5bdd |
| Cylance | Unsafe |
| Cyren | W32/S-e9202414!Eldorado |
| DrWeb | Trojan.DownLoad3.30786 |
| ESET-NOD32 | a variant of Win32/Kryptik.BPUF |
| Emsisoft | Gen:Variant.Jaik.26656 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/S-e9202414!Eldorado |
| F-Secure | Trojan.TR/Spy.Zbot.repoa |
| FireEye | Generic.mg.eb76df98c5bdda46 |
| Fortinet | W32/Krptik.AIX!tr |
| GData | Gen:Variant.Jaik.26656 |
| Ikarus | Trojan-Spy.Zbot |
| Invincea | heuristic |
| Jiangmin | Trojan/Bublik.ghi |
| K7AntiVirus | Trojan ( 00560bb51 ) |
| K7GW | Trojan ( 00560bb51 ) |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| MAX | malware (ai score=83) |
| Malwarebytes | Trojan.Upatre.Generic |
| MaxSecure | Trojan.Upatre.Gen |
| McAfee | Downloader-FSH!EB76DF98C5BD |
| McAfee-GW-Edition | BehavesLike.Win32.Downloader.qm |
| MicroWorld-eScan | Gen:Variant.Jaik.26656 |
| Microsoft | TrojanDownloader:Win32/Upatre.A |
| NANO-Antivirus | Trojan.Win32.DownLoad3.cqlouw |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | HEUR/QVM08.0.28C1.Malware.Gen |
| Rising | Malware.FakePDF@CV!1.9C28 (RDMK:cmRtazqMH5cuOVWYpWew254L2h5i) |
| SentinelOne | DFI - Malicious PE |
| Sophos | Troj/Agent-AERX |
| Tencent | Malware.Win32.Gencirc.10b4ae70 |
| Trapmine | malicious.high.ml.score |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2013-11-27 04:11:59
PE Imphash
6cdf1dd15060e16f29806defaf5d342d
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| UPX0 | 0x00001000 | 0x00008000 | 0x00007000 | 6.4085138406792606 |
| UPX1 | 0x00009000 | 0x00005000 | 0x00004800 | 3.3111239593213573 |
| .rsrc | 0x0000e000 | 0x00002000 | 0x00001400 | 4.543812463752353 |
| .imports | 0x00010000 | 0x00001000 | 0x00000600 | 3.9771569938713087 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x0000e0f0 | 0x00000ea8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_GROUP_ICON | 0x0000ef9c | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_MANIFEST | 0x0000efb4 | 0x0000015a | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library KERNEL32.DLL:
• 0x40600c QueryPerformanceCounter
• 0x406010 GetModuleHandleA
• 0x406014 GetStartupInfoA
• 0x406018 GetCommandLineA
• 0x40601c GetVersionExA
• 0x406020 GetProcAddress
• 0x406024 TerminateProcess
• 0x406028 GetCurrentProcess
• 0x40602c WriteFile
• 0x406030 GetStdHandle
• 0x406034 GetModuleFileNameA
• 0x406038 UnhandledExceptionFilter
• 0x40603c FreeEnvironmentStringsA
• 0x406040 GetEnvironmentStrings
• 0x406044 FreeEnvironmentStringsW
• 0x406048 WideCharToMultiByte
• 0x40604c GetLastError
• 0x406050 GetEnvironmentStringsW
• 0x406054 SetHandleCount
• 0x406058 GetFileType
• 0x40605c HeapDestroy
• 0x406060 HeapCreate
• 0x406064 VirtualFree
• 0x406068 GetSystemTimeAsFileTime
• 0x40606c LoadLibraryA
• 0x406070 GetACP
• 0x406074 GetOEMCP
• 0x406078 GetCPInfo
• 0x40607c HeapAlloc
• 0x406080 VirtualAlloc
• 0x406084 HeapReAlloc
• 0x406088 RtlUnwind
• 0x40608c InterlockedExchange
• 0x406090 VirtualQuery
• 0x406094 HeapSize
• 0x406098 GetTickCount
• 0x40609c GetCurrentThreadId
• 0x4060a0 GetCurrentProcessId
• 0x4060a4 LCMapStringA
• 0x4060a8 MultiByteToWideChar
• 0x4060ac LCMapStringW
• 0x4060b0 GetStringTypeA
• 0x4060b4 GetStringTypeW
• 0x4060b8 GetLocaleInfoA
• 0x4060bc VirtualProtect
• 0x4060c0 GetSystemInfo
• 0x4060c4 GetSystemPowerStatus
• 0x4060c8 HeapFree
• 0x4060cc ExitProcess
Library USER32.dll:
• 0x4060d4 DefWindowProcW
• 0x4060d8 DispatchMessageW
• 0x4060dc DrawTextW
• 0x4060e0 EndPaint
• 0x4060e4 GetClientRect
• 0x4060e8 GetMessageW
• 0x4060ec GetWindowRect
• 0x4060f0 PostQuitMessage
• 0x4060f4 RegisterClassExW
• 0x4060f8 TranslateMessage
• 0x4060fc GetSystemMetrics
• 0x406100 CharLowerW
• 0x406104 BeginPaint
• 0x406108 CreateWindowExW
L!This program cannot be run in DOS mode.
nOnOnO6
OnOoOnO
OnO1OnOaOnOOnOOnOOnORichnO
.imports
WYmSZ]
33PPPW
hWVY8@
jMQPRL
UjUu>UP;
&SZh`@
SSQQQQh
VYeVZ]
5E[^_h8
UE3+3I
][[ptkE
VZ}3}EPq@
VZE3E3;
f8MZu H<
XPuVVP
;ru,h+@
;r3_^UV3F95
@<Yv"P
^[]VW39=
t.t$<"u
u_^S39
3Y]_^[5@
@B8\t8"u&
_[UQQSVW39=
3_^[QQ@
SUVW=P`@
SSS+S@PVSSD$4
t#SSUPt$$VSS
_^][YY
;rSVWD$
_^3[Dj
33@h,@
+SVWEePEEEEd
Y_^[QVC20XC00U
33333]^]
]_^[]UL$
VWumhx@
_^[W|$
tAt2t$
Wj@3Y@
t6SUW
VPVPV5@
@;rD3Ar
@;rM^U
@;vAAy
YYUWVu
DDDDDDDDDDDDDD
W3;u4DP
^_UQQM
MOI;|9 M
3@_^[U
WI <}}
MLD3#um
#Mj _^{
;]r;]u&
]#\D\D
_^[USVWUj
Pjh0F@
t.;t$$t(4v
EtVMf9MZ
_^[S\$
1VtYt(CH;r
PSWSvSU
PSWSUX
Yu3^_][
=N@uNVEP
E3E35@@
3;t Mu
VSVWVV|h
u8SS3FVh
?P4YE;t@E
t!SS9]
u5Y9]t
E;tSSu
me}VSW
33M;u#u
Y;t1uSW
EPWu u
u9]t#WY
u5EP3GWh
V~YEn]
3@3UWVu
r)$LS@
DDDDDDDDDDDDDD
MQP5x`@
WWWWVSWu
YYE;t2WWVPVSWu
ULSVWj
MQ@Puu
e_^[SVt$
F3w9=@
SNYu+Vj
_^[Vt$
SVWSD$
lhd!u}
PhX!3V
SPj VPuPW
d VVhS
WPuMDEP0
PE;SVE
|uuyPE39DP
SVu;Et
dleWiteF
etReprinx"
itPretQu#
Direh#
adFiHttpu
lstpQul
File,"
lsuleFptioa
eryIeryO
odulteW
ClosCrea
ocespPatUSER[
eSizHeap #
SetOileNte
ellEtfW
Creaile
GetCur"
32.dhW
SendHeap
InMMNET.
ternEEtW
nnecWINIenW
f2n2x3
30022C1k1
00g0s0
10033111110>022003
3QQWUEMM
xgWZmt&&
VYE5PA5EMME
tj&u~U
WYE5PA
E^_[SWVu
t>r-st>r
EMM5EMM+
VZE5PA
PAM[^_
SZ-SZWY
VZVYWZSZRVYV
U.VZE5PA5EMEEPEAEP
EQkUME}tEjM
|tt?tM
UWZE5PA
CorExitProcess
mscoree.dll
runtime error
TLOSS error
SING error
DOMAIN error
- This application cannot run using the active version of the Microsoft .NET Runtime
Please contact the application's support team for more information.
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
Runtime Error!
Program:
<program name unknown>
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
Program:
A buffer overrun has been detected which has corrupted the program's
internal state. The program cannot safely continue execution and must
now be terminated.
Buffer overrun detected!
A security error of unknown cause has been detected which has
corrupted the program's internal state. The program cannot safely
continue execution and must now be terminated.
Unknown security failure detected!
QueryPerformanceCounter
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
GetProcAddress
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
GetSystemTimeAsFileTime
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
HeapSize
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualProtect
GetSystemInfo
GetSystemPowerStatus
HeapFree
ExitProcess
TextOutW
Rectangle
DefWindowProcW
DispatchMessageW
DrawTextW
EndPaint
GetClientRect
GetMessageW
GetWindowRect
PostQuitMessage
RegisterClassExW
TranslateMessage
GetSystemMetrics
CharLowerW
BeginPaint
CreateWindowExW
`.rdata
@.data
-6MEEEE8 f2n2x3
30022C1k1o<00g0s0
3D311
0L0Y00
10033111110>022wv00A1_0
WZm)t?&&M'"|
o^5 A5^
}c/?uP>q
tjh&u~[U
#y6\v6D
Z{)Y-M
a7}w9j^Pv^
(a6M=#rD"vo~
nS0K n
)tf+h,H?+-
_=;|!
ttt>r-s
Up)UmP5
%m_#;L
[!V\U(
Z+t!;M,5l
yh]h[6W
bde.K;
Tf9t?&
`&EPBA
j]Y\afTee
`7lit:I
Zmr\nmsc
ee.VVui
SINGw5OMA
- This wplicaJ-
vh using thnac
M3Rsmjk
7k.?`'n
'm fm _lkk
m#.8v;WabS.o#i fmaJz
UTmo'7e
ughbpX>ze[lowi8_)76stdv5puviu!
4__*e^k/X
v19op?P
desc+8D6F$ed
&uh/loB
8n`g@way.;h)A09
|f*e-+8&>argu(sW2k&Wxf5n
Mh]lt:
sLibrVy'
g m:6{{.
dP.klwn>=7+
namGeCWd3St/|
UcrObj
tAPvm]b
FQangeBox1uH32
A buff+C[3Z
&LA. kJ
ea`qly@.u(
hO\~@k
eMiM{%3No7N
I"J@.@
yui\z'
8`y??yv/@~@o
^_o__j291
QueryP9
nceCou
.m6dLin!
Wrfg&pd
NampUnh
nTeEfGVngs
/|+Wid
1R0k]:S
TypBmE1D,oy
/hSyemTis>im((
4LcMACP
\~5Wc[
RtlMwi
kWagTb,/:6+*`
$Zeo&l"WE
kg!{>A
x`ut5nRT
NfA{8#DispW@{
E(Pai3li
i k}gd@a
/]bTnslI#5d
uL/BAn
*Kbsa_
%&'[P@
XPTPSWXaD$j
Ji]JJJ`yx
6}}}}}|f00}}}}}}}}}}|G11|}}}}}}}}}}}}}508w}}}}}}}}}}}}}}38Gj}}}}}}}}}}}}}}}38jg}}}}}}}}}}}}}}}4FfG}}}}}}}}}}}}}}}}}9:9h}}}{q{{q{{q{{{{{{bEK{{{{}{{nnnnnnnnnnnnnnnnnnnnnq{}}}}}}}}
l{}{{{{{{{
w{{l{ppppppq
q{qpnlUUUUln
pqnlTRQQQRTX
pplRQNMMMORV
pnTQML
nlRRQRTpp
!!!!!!!!%d!%iz!!
!!!!!!!
""""""""D"~=""A"""""""
lUQ{W"##############################"lUQ{k#5555555555555555555555555555555nURn5<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<5llnplllllllllllllllllnllqpn{p{}{{{{{{{{{{{{{}{{}{{qqo{{{{{{{{{{{{{{{{}{}{{{m
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>PA
KERNEL32.DLL
GDI32.dll
USER32.dll
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
TextOutW
EndPaint
KERNEL32.DLL
QueryPerformanceCounter
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
GetProcAddress
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
GetSystemTimeAsFileTime
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
HeapSize
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualProtect
GetSystemInfo
GetSystemPowerStatus
HeapFree
ExitProcess
GDI32.dll
TextOutW
Rectangle
USER32.dll
DefWindowProcW
DispatchMessageW
DrawTextW
EndPaint
GetClientRect
GetMessageW
GetWindowRect
PostQuitMessage
RegisterClassExW
TranslateMessage
GetSystemMetrics
CharLowerW
BeginPaint
CreateWindowExW
a�p�x�e�i�e�
/�i�/�*�\�%�
c�t�e�x�t�r�
� � � � � � � � �(�(�(�(�(� � � � � � � � � � � � � � � � � � �H�
� � � � � � � � �h�(�(�(�(� � � � � � � � � � � � � � � � � � �H�
� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �H�
B�z�a�n�u�c�e�
N�e�m�i�d�e�b�c�a�z�a�
c�:�\�s�a�m�p�l�e�.�e�x�e�
C�:�\�5�e�d�b�4�7�2�2�a�e�c�b�b�7�4�4�d�4�6�3�5�9�b�a�0�5�1�7�5�0�8�d�8�7�a�5�8�7�1�8�2�7�1�2�4�4�6�e�c�5�8�c�2�8�3�0�7�b�5�3�8�4�d�8�
C�:�\�6�3�0�7�7�8�2�9�1�9�0�4�d�9�5�0�1�0�1�9�6�e�4�f�8�6�a�6�b�b�d�5�d�8�e�0�f�5�8�4�f�5�9�c�d�8�e�5�b�c�d�0�f�0�6�5�8�2�0�3�c�6�e�a�
C�:�\�0�f�6�2�d�0�8�2�c�6�d�6�f�9�b�3�0�3�2�b�9�3�2�b�a�5�3�2�6�2�c�0�8�d�3�d�c�d�2�6�d�a�d�b�7�3�8�8�f�e�b�a�8�e�2�b�c�8�a�b�4�1�8�5�
C�:�\�u�X�N�1�T�n�i�B�.�e�x�e�
C�:�\�U�N�g�x�K�_�D�e�.�e�x�e�
C�:�\�b�f�g�c�M�h�T�l�.�e�x�e�
C�:�\�6�Y�p�Z�E�1�x�m�.�e�x�e�
C�:�\�e�d�9�6�9�1�3�f�9�f�a�4�c�e�8�5�2�1�9�9�8�d�5�f�6�2�a�5�e�c�4�5�c�6�0�1�e�3�f�d�f�e�4�f�f�5�6�0�d�0�8�8�0�7�e�8�7�2�9�0�f�1�a�6�
C�:�\�7�0�7�5�e�3�9�a�2�a�8�f�2�3�5�7�2�d�d�7�7�5�e�7�a�d�6�b�1�7�3�7�9�c�c�9�b�8�7�c�1�e�b�e�a�9�3�4�9�f�4�7�d�2�3�2�8�8�b�b�e�1�7�6�
C�:�\�9�8�2�b�b�9�8�d�9�6�f�5�c�7�0�2�4�b�7�0�5�1�7�5�b�9�6�6�d�0�f�f�a�2�d�e�c�4�e�f�1�7�7�0�3�6�a�a�4�5�e�c�0�d�4�2�8�7�4�0�7�3�8�f�
C�:�\�9�f�e�2�f�f�b�1�8�2�8�7�9�0�8�a�0�c�8�a�8�2�e�5�0�2�3�2�0�9�8�8�4�9�7�0�7�c�c�f�3�c�5�d�e�5�2�e�2�7�5�7�3�a�a�7�0�9�e�a�f�1�a�3�
c�:�\�a�n�a�l�y�s�e�\�1�5�4�9�5�5�2�8�1�5�.�1�6�9�9�8�4�3�_�8�e�e�5�4�0�b�9�-�5�f�9�b�-�4�1�8�a�-�8�1�7�b�-�0�e�6�0�a�7�1�1�9�a�f�7�
C�:�\�K�u�7�s�S�q�n�f�.�e�x�e�
C�:�\�f�d�f�f�a�7�f�7�e�9�1�d�f�a�1�1�a�3�8�4�b�b�b�2�4�5�5�e�9�1�7�e�4�8�9�e�a�3�6�7�6�c�4�e�f�e�e�4�7�2�6�1�4�1�6�3�e�5�c�d�d�d�e�9�
C�:�\�6�6�1�d�e�7�b�b�e�3�f�d�f�3�c�5�a�0�5�0�0�6�a�3�3�8�e�1�f�6�0�c�7�5�3�d�0�5�e�4�8�6�2�6�d�2�6�d�c�2�b�3�3�b�4�b�1�f�0�e�e�5�e�7�
C�:�\�S�R�2�D�h�V�w�c�.�e�x�e�
C�:�\�8�0�a�7�d�3�2�d�1�7�b�1�6�0�c�5�8�0�0�3�e�4�8�f�3�a�4�9�4�9�6�6�a�5�4�0�b�4�1�8�5�a�b�9�1�d�3�c�f�e�b�c�a�8�4�8�3�5�1�6�a�e�9�7�
C�:�\�7�b�4�3�0�8�0�e�4�9�b�b�a�8�f�0�3�0�7�8�8�0�0�2�8�4�7�f�d�e�0�b�7�f�a�5�7�1�9�c�5�9�4�b�c�f�1�5�8�9�9�b�b�9�6�8�7�2�7�d�1�4�9�f�
C�:�\�s�j�J�s�t�r�S�J�.�e�x�e�
C�:�\�7�3�b�d�3�8�9�9�5�9�f�0�8�0�4�2�6�7�8�4�8�3�8�7�9�b�9�2�1�6�1�9�8�6�e�8�d�b�8�5�f�7�1�f�7�2�c�5�0�4�2�9�f�8�6�1�8�0�3�3�2�0�1�d�
C�:�\�a�n�I�a�a�_�f�n�.�e�x�e�
C�:�\�2�4�9�4�0�a�1�6�9�8�4�0�5�0�3�3�0�e�0�3�1�b�5�a�3�b�5�9�6�8�1�6�a�0�8�8�6�b�1�5�a�2�4�f�2�c�d�a�3�6�1�3�a�5�f�b�9�e�9�9�a�3�4�3�
C�:�\�8�c�b�f�0�3�a�b�3�3�8�7�e�8�9�3�8�5�e�a�a�b�1�1�0�e�b�f�f�7�3�4�e�c�b�a�1�3�f�5�8�5�f�a�a�4�c�1�e�a�7�9�b�d�2�4�1�0�8�1�b�9�c�d�
C�:�\�0�0�8�3�b�c�a�6�5�d�1�d�8�4�7�f�4�8�3�0�4�f�5�a�d�8�b�f�2�4�7�2�6�2�6�f�3�e�8�8�c�a�7�3�0�8�5�b�c�7�3�b�c�b�e�7�4�8�b�2�7�4�e�1�
C�:�\�5�a�7�5�f�f�2�2�0�b�d�c�2�5�4�6�5�5�3�d�b�b�1�c�6�f�5�9�7�6�1�9�d�d�6�5�4�8�7�1�8�6�3�3�b�2�7�3�1�e�1�e�8�2�0�8�e�a�b�f�d�6�c�5�
C�:�\�2�3�7�a�8�5�4�3�c�4�4�8�f�d�5�d�8�e�8�4�c�1�2�b�8�8�c�8�c�9�6�1�a�a�2�c�1�4�c�e�a�d�2�0�3�1�a�8�9�b�5�c�d�2�1�5�5�6�8�c�c�a�c�9�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�9�4�b�6�d�0�0�1�7�f�f�9�7�2�8�c�c�b�7�1�1�e�4�d�b�2�a�5�e�f�5�f�b�5�2�1�3�9�1�b�b�3�2�9�e�5�a�e�7�1�d�6�6�4�f�1�2�a�b�9�8�e�5�b�.�e�x�e�
C�:�\�1�d�4�2�b�a�e�f�3�5�8�6�5�8�1�7�4�3�9�a�3�3�3�4�4�7�a�2�5�8�a�5�9�3�0�9�5�2�0�5�2�8�9�e�d�f�5�2�e�a�e�3�0�f�7�7�8�8�8�0�a�5�3�6�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�a�p�s�o�c�t�.�e�x�e�
C�:�\�5�6�b�b�0�a�4�9�9�a�0�f�f�3�d�3�6�c�4�7�b�5�c�c�5�8�7�9�e�7�f�4�b�e�4�4�d�b�f�0�3�c�e�3�b�a�d�1�3�2�e�8�1�0�1�2�f�8�0�3�e�a�e�3�
C�:�\�f�6�e�1�b�8�9�4�f�1�1�8�1�4�0�3�a�d�1�5�9�0�7�2�f�3�b�f�8�9�e�9�b�9�e�1�6�7�b�1�d�a�4�9�c�d�1�6�2�c�4�1�f�d�8�1�2�a�6�b�a�4�6�a�
C�:�\�5�8�5�5�b�e�5�1�6�2�f�7�8�e�0�4�6�2�1�d�4�7�f�a�8�1�8�b�3�e�0�b�c�0�2�d�3�7�4�1�5�7�7�7�3�5�a�7�7�f�b�f�2�a�e�0�f�9�b�6�f�b�0�7�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�a�p�s�o�c�t�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�d�5�8�b�6�7�7�a�5�e�3�9�1�b�5�d�6�d�b�6�b�4�a�7�3�e�b�4�9�2�6�d�7�1�a�2�6�e�d�e�4�1�3�9�b�f�2�a�b�2�b�0�0�f�d�2�1�d�5�f�e�5�2�6�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�a�p�s�o�c�t�.�p�e�3�2�
C�:�\�c�0�1�b�d�b�d�e�3�b�e�1�7�f�2�b�2�5�3�1�a�8�4�0�a�f�0�9�e�d�2�5�2�7�7�d�2�9�6�9�3�7�4�2�f�a�b�6�a�a�3�c�9�3�5�e�4�6�e�5�3�9�3�e�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.