比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2023-09-06 11:42:36 2023-09-06 11:44:51 135 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 -服务端.exe
文件大小 2831326 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 af090e363e79628671faf1b0a98587aa
SHA1 a331bdb7770bf09346444e7cb6fbd03ca69dfc9b
SHA256 3f2d6c9827e4532876c5efc69f4d6f7ffd51a6958515887daae51a94133733f3
SHA512 9b667be4c606b18c5ff2bba8c5c9730e225c08d458ed677d4944642632040071e2c94f03a66a244550e1224d61d99f283fc2994803501a40e03a8981946ea1f9
CRC32 D5E4BE74
Ssdeep 49152:gmCSDU+UUzxovO1+fDBgah1iMKZ+Ps+j2MQQWvPD15w9K9M0PCL8F4hUBAX9Q40Q:gmCAU+UUzx0OCDBbOZ+kHHhq9NLL8e08
Yara 登录查看Yara规则
找不到该样本 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
154.213.17.158 未知 未知
47.100.240.250 未知 中国
8.210.0.21 未知 美国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.tooyk.com 未知 A 8.210.0.21
yt6.tooyk.com 未知 A 154.213.17.158

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0041e1f9
声明校验值 0x00000000
实际校验值 0x002b4cd4
最低操作系统版本要求 5.1
PDB路径 D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb
编译时间 2020-03-26 18:02:47
载入哈希 fcf1390e9ce472c7270447fc5c61a0c1
图标
图标精确哈希值 bb92481785a1d000c7a31f0118946826
图标相似性哈希值 621c7e7e37ef77debdba9d67e77c002c

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00030581 0x00030600 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.70
.rdata 0x00032000 0x0000a332 0x0000a400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.24
.data 0x0003d000 0x000238b0 0x00001200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 3.84
.gfids 0x00061000 0x000000e8 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 2.12
.rsrc 0x00062000 0x000125a0 0x00012600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.94
.reloc 0x00075000 0x0000210c 0x00002200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 6.61

覆盖

偏移量 0x00050a00
大小 0x002629de

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
PNG 0x0006321c 0x000015a9 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.80 PNG image data, 186 x 604, 8-bit/color RGB, non-interlaced
PNG 0x0006321c 0x000015a9 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.80 PNG image data, 186 x 604, 8-bit/color RGB, non-interlaced
RT_ICON 0x00072a78 0x00000468 LANG_NEUTRAL SUBLANG_DEFAULT 5.40 GLS_BINARY_LSB_FIRST
RT_ICON 0x00072a78 0x00000468 LANG_NEUTRAL SUBLANG_DEFAULT 5.40 GLS_BINARY_LSB_FIRST
RT_ICON 0x00072a78 0x00000468 LANG_NEUTRAL SUBLANG_DEFAULT 5.40 GLS_BINARY_LSB_FIRST
RT_ICON 0x00072a78 0x00000468 LANG_NEUTRAL SUBLANG_DEFAULT 5.40 GLS_BINARY_LSB_FIRST
RT_ICON 0x00072a78 0x00000468 LANG_NEUTRAL SUBLANG_DEFAULT 5.40 GLS_BINARY_LSB_FIRST
RT_ICON 0x00072a78 0x00000468 LANG_NEUTRAL SUBLANG_DEFAULT 5.40 GLS_BINARY_LSB_FIRST
RT_ICON 0x00072a78 0x00000468 LANG_NEUTRAL SUBLANG_DEFAULT 5.40 GLS_BINARY_LSB_FIRST
RT_ICON 0x00072a78 0x00000468 LANG_NEUTRAL SUBLANG_DEFAULT 5.40 GLS_BINARY_LSB_FIRST
RT_ICON 0x00072a78 0x00000468 LANG_NEUTRAL SUBLANG_DEFAULT 5.40 GLS_BINARY_LSB_FIRST
RT_ICON 0x00072a78 0x00000468 LANG_NEUTRAL SUBLANG_DEFAULT 5.40 GLS_BINARY_LSB_FIRST
RT_DIALOG 0x0007354c 0x000001ce LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.86 data
RT_DIALOG 0x0007354c 0x000001ce LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.86 data
RT_DIALOG 0x0007354c 0x000001ce LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.86 data
RT_DIALOG 0x0007354c 0x000001ce LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.86 data
RT_DIALOG 0x0007354c 0x000001ce LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.86 data
RT_DIALOG 0x0007354c 0x000001ce LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.86 data
RT_STRING 0x00073e60 0x0000006a LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.29 data
RT_STRING 0x00073e60 0x0000006a LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.29 data
RT_STRING 0x00073e60 0x0000006a LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.29 data
RT_STRING 0x00073e60 0x0000006a LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.29 data
RT_STRING 0x00073e60 0x0000006a LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.29 data
RT_STRING 0x00073e60 0x0000006a LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.29 data
RT_STRING 0x00073e60 0x0000006a LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.29 data
RT_STRING 0x00073e60 0x0000006a LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.29 data
RT_STRING 0x00073e60 0x0000006a LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.29 data
RT_STRING 0x00073e60 0x0000006a LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.29 data
RT_GROUP_ICON 0x00073ecc 0x00000092 LANG_NEUTRAL SUBLANG_DEFAULT 2.87 MS Windows icon resource - 10 icons, 48x48, 16 colors
RT_MANIFEST 0x00073f60 0x00000640 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.23 XML 1.0 document, ASCII text, with CRLF line terminators

导入

库: KERNEL32.dll:
0x432000 GetLastError
0x432004 SetLastError
0x432008 FormatMessageW
0x43200c GetCurrentProcess
0x432010 DeviceIoControl
0x432014 SetFileTime
0x432018 CloseHandle
0x43201c CreateDirectoryW
0x432020 RemoveDirectoryW
0x432024 CreateFileW
0x432028 DeleteFileW
0x43202c CreateHardLinkW
0x432030 GetShortPathNameW
0x432034 GetLongPathNameW
0x432038 MoveFileW
0x43203c GetFileType
0x432040 GetStdHandle
0x432044 WriteFile
0x432048 ReadFile
0x43204c FlushFileBuffers
0x432050 SetEndOfFile
0x432054 SetFilePointer
0x432058 SetFileAttributesW
0x43205c GetFileAttributesW
0x432060 FindClose
0x432064 FindFirstFileW
0x432068 FindNextFileW
0x43206c GetVersionExW
0x432074 GetFullPathNameW
0x432078 FoldStringW
0x43207c GetModuleFileNameW
0x432080 GetModuleHandleW
0x432084 FindResourceW
0x432088 FreeLibrary
0x43208c GetProcAddress
0x432090 GetCurrentProcessId
0x432094 ExitProcess
0x43209c Sleep
0x4320a0 LoadLibraryW
0x4320a4 GetSystemDirectoryW
0x4320a8 CompareStringW
0x4320ac AllocConsole
0x4320b0 FreeConsole
0x4320b4 AttachConsole
0x4320b8 WriteConsoleW
0x4320c0 CreateThread
0x4320c4 SetThreadPriority
0x4320d8 SetEvent
0x4320dc ResetEvent
0x4320e0 ReleaseSemaphore
0x4320e4 WaitForSingleObject
0x4320e8 CreateEventW
0x4320ec CreateSemaphoreW
0x4320f0 GetSystemTime
0x43210c GetCPInfo
0x432110 IsDBCSLeadByte
0x432114 MultiByteToWideChar
0x432118 WideCharToMultiByte
0x43211c GlobalAlloc
0x432120 LockResource
0x432124 GlobalLock
0x432128 GlobalUnlock
0x43212c GlobalFree
0x432130 LoadResource
0x432134 SizeofResource
0x43213c GetExitCodeProcess
0x432140 GetLocalTime
0x432144 GetTickCount
0x432148 MapViewOfFile
0x43214c UnmapViewOfFile
0x432150 CreateFileMappingW
0x432154 OpenFileMappingW
0x432158 GetCommandLineW
0x432164 GetTempPathW
0x432168 MoveFileExW
0x43216c GetLocaleInfoW
0x432170 GetTimeFormatW
0x432174 GetDateFormatW
0x432178 GetNumberFormatW
0x43217c SetFilePointerEx
0x432180 GetConsoleMode
0x432184 GetConsoleCP
0x432188 HeapSize
0x43218c SetStdHandle
0x432190 GetProcessHeap
0x432194 RaiseException
0x432198 GetSystemInfo
0x43219c VirtualProtect
0x4321a0 VirtualQuery
0x4321a4 LoadLibraryExA
0x4321ac IsDebuggerPresent
0x4321b8 GetStartupInfoW
0x4321c0 GetCurrentThreadId
0x4321c8 InitializeSListHead
0x4321cc TerminateProcess
0x4321d0 RtlUnwind
0x4321d4 EncodePointer
0x4321dc TlsAlloc
0x4321e0 TlsGetValue
0x4321e4 TlsSetValue
0x4321e8 TlsFree
0x4321ec LoadLibraryExW
0x4321f4 GetModuleHandleExW
0x4321f8 GetModuleFileNameA
0x4321fc GetACP
0x432200 HeapFree
0x432204 HeapAlloc
0x432208 HeapReAlloc
0x43220c GetStringTypeW
0x432210 LCMapStringW
0x432214 FindFirstFileExA
0x432218 FindNextFileA
0x43221c IsValidCodePage
0x432220 GetOEMCP
0x432224 GetCommandLineA
0x432230 DecodePointer
库: gdiplus.dll:
0x432238 GdiplusShutdown
0x43223c GdiplusStartup
0x43224c GdipDisposeImage
0x432250 GdipCloneImage
0x432254 GdipFree
0x432258 GdipAlloc
.text
`.rdata
@.data
.gfids
@.rsrc
@.reloc
t1h!0
~(h`#C
t(Php#C
Phx#C
Sh]>@
SUVWj
WhL%C
E4(&C
E88&C
E<H&C
E@T&C
jdh$&C
t$DVSj
u,hD'C
D$$ )C
D$(8)C
D$,P)C
D$0h)C
D$P *C
D$T4*C
D$XL*C
D$\d*C
D$`t*C
D$|$+C
rfhh)C
u'hX/C
6h00C
6h00C
Ph<0C
t&VhL0C
D$ h0C
D$ h0C
t-Wh<AC
VWh<AC
Uh,AC
ShLAC
Ph|@C
ShlAC
Rh\AC
@PVh|AC
$SUVWj
SUVWh
~hL0C
Ph8>C
UUh@<C
D$4Pj
D$$Pj
Pht<C
Pht<C
Ph0?C
ShH?C
D$|Ph\=C
D$0hp=C
没有防病毒引擎扫描信息!

进程树

-_________.exe, PID: 2584, 上一级进程 PID: 2252
server.exe, PID: 2788, 上一级进程 PID: 2584
cmd.exe, PID: 2816, 上一级进程 PID: 2788
cmd.exe, PID: 2924, 上一级进程 PID: 2788
schtasks.exe, PID: 2868, 上一级进程 PID: 2816
chcp.com, PID: 1332, 上一级进程 PID: 2924
schtasks.exe, PID: 2308, 上一级进程 PID: 2924
cmd.exe, PID: 2412, 上一级进程 PID: 2788
schtasks.exe, PID: 2764, 上一级进程 PID: 2412
cmd.exe, PID: 2364, 上一级进程 PID: 2788
netsh.exe, PID: 2352, 上一级进程 PID: 2364
cmd.exe, PID: 808, 上一级进程 PID: 2788
netsh.exe, PID: 2820, 上一级进程 PID: 808
cmd.exe, PID: 3052, 上一级进程 PID: 2788
netsh.exe, PID: 2648, 上一级进程 PID: 3052
cmd.exe, PID: 2304, 上一级进程 PID: 2788
netsh.exe, PID: 2700, 上一级进程 PID: 2304
cmd.exe, PID: 3056, 上一级进程 PID: 2788
netsh.exe, PID: 2564, 上一级进程 PID: 3056
cmd.exe, PID: 2920, 上一级进程 PID: 2788
netsh.exe, PID: 2568, 上一级进程 PID: 2920
cmd.exe, PID: 2392, 上一级进程 PID: 2788
netsh.exe, PID: 2860, 上一级进程 PID: 2392
cmd.exe, PID: 1108, 上一级进程 PID: 2788
netsh.exe, PID: 304, 上一级进程 PID: 1108
cmd.exe, PID: 2516, 上一级进程 PID: 2788
netsh.exe, PID: 2508, 上一级进程 PID: 2516
cmd.exe, PID: 248, 上一级进程 PID: 2788
netsh.exe, PID: 720, 上一级进程 PID: 248
cmd.exe, PID: 2368, 上一级进程 PID: 2788
netsh.exe, PID: 2144, 上一级进程 PID: 2368
cmd.exe, PID: 1064, 上一级进程 PID: 2788
netsh.exe, PID: 2280, 上一级进程 PID: 1064
Service.exe, PID: 1628, 上一级进程 PID: 2788
services.exe, PID: 432, 上一级进程 PID: 344
raserver.exe, PID: 2956, 上一级进程 PID: 432
taskhost.exe, PID: 956, 上一级进程 PID: 432
mscorsvw.exe, PID: 2168, 上一级进程 PID: 432
mscorsvw.exe, PID: 1212, 上一级进程 PID: 432
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
154.213.17.158 未知 未知
47.100.240.250 未知 中国
8.210.0.21 未知 美国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49189 154.213.17.158 yt6.tooyk.com 4900
192.168.122.201 49212 154.213.17.158 yt6.tooyk.com 4900
192.168.122.201 49160 42.99.140.168 80
192.168.122.201 49163 8.210.0.21 www.tooyk.com 80
192.168.122.201 49174 8.210.0.21 www.tooyk.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 52207 192.168.122.1 53
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.tooyk.com 未知 A 8.210.0.21
yt6.tooyk.com 未知 A 154.213.17.158

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49189 154.213.17.158 yt6.tooyk.com 4900
192.168.122.201 49212 154.213.17.158 yt6.tooyk.com 4900
192.168.122.201 49160 42.99.140.168 80
192.168.122.201 49163 8.210.0.21 www.tooyk.com 80
192.168.122.201 49174 8.210.0.21 www.tooyk.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 52207 192.168.122.1 53
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache
URL专业沙箱检测 -> http://www.tooyk.com/onekey.dat 
GET /onekey.dat HTTP/1.1
User-Agent: AutoIt
Host: www.tooyk.com
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

Timestamp Source IP Source Port Destination IP Destination Port Protocol SID Signature Category
2023-09-06 11:43:17.789105+0800 192.168.122.201 49174 8.210.0.21 80 TCP 2008350 ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile Potential Corporate Privacy Violation
2023-09-06 11:43:09.827181+0800 192.168.122.201 49163 8.210.0.21 80 TCP 2008350 ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile Potential Corporate Privacy Violation

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 30.87 seconds )

  • 13.528 Suricata
  • 12.454 BehaviorAnalysis
  • 1.797 NetworkAnalysis
  • 1.774 Static
  • 0.933 TargetInfo
  • 0.34 peid
  • 0.024 AnalysisInfo
  • 0.013 Strings
  • 0.005 config_decoder
  • 0.002 Memory

Signatures ( 5.892 seconds )

  • 1.753 md_url_bl
  • 0.549 api_spamming
  • 0.45 stealth_timeout
  • 0.437 stealth_decoy_document
  • 0.24 network_http
  • 0.206 mimics_filetime
  • 0.194 reads_self
  • 0.162 stealth_file
  • 0.13 virus
  • 0.129 bootkit
  • 0.128 antivm_generic_disk
  • 0.112 antiav_detectreg
  • 0.107 antivm_generic_scsi
  • 0.09 hancitor_behavior
  • 0.08 antivm_generic_services
  • 0.077 anormaly_invoke_kills
  • 0.069 infostealer_browser_password
  • 0.058 kovter_behavior
  • 0.052 antiemu_wine_func
  • 0.052 infostealer_browser
  • 0.051 infostealer_ftp
  • 0.049 antivm_vbox_libs
  • 0.049 injection_createremotethread
  • 0.037 injection_runpe
  • 0.036 shifu_behavior
  • 0.032 maldun_anomaly_massive_file_ops
  • 0.031 exec_crash
  • 0.027 infostealer_im
  • 0.023 antiav_detectfile
  • 0.023 antianalysis_detectreg
  • 0.022 antiav_avast_libs
  • 0.022 antisandbox_sunbelt_libs
  • 0.021 process_interest
  • 0.02 ipc_namedpipe
  • 0.017 antisandbox_sboxie_libs
  • 0.017 antiav_bitdefender_libs
  • 0.016 antivm_vmware_libs
  • 0.016 anomaly_persistence_autorun
  • 0.016 infostealer_mail
  • 0.014 infostealer_bitcoin
  • 0.013 maldun_anomaly_write_exe_and_obsfucate_extension
  • 0.013 vawtrak_behavior
  • 0.012 maldun_malicious_write_executeable_under_temp_to_regrun
  • 0.011 md_domain_bl
  • 0.01 maldun_anomaly_write_exe_and_dll_under_winroot_run
  • 0.009 process_needed
  • 0.009 antivm_vbox_files
  • 0.008 geodo_banking_trojan
  • 0.007 maldun_anomaly_terminated_process
  • 0.007 rat_luminosity
  • 0.007 betabot_behavior
  • 0.007 creates_largekey
  • 0.007 kibex_behavior
  • 0.007 creates_nullvalue
  • 0.007 antidbg_windows
  • 0.007 ransomware_extensions
  • 0.006 anomaly_persistence_bootexecute
  • 0.006 anomaly_reset_winsock
  • 0.006 antivm_xen_keys
  • 0.006 ransomware_files
  • 0.005 nymaim_behavior
  • 0.005 antivm_parallels_keys
  • 0.005 darkcomet_regkeys
  • 0.004 antivm_generic_diskreg
  • 0.003 hawkeye_behavior
  • 0.003 network_tor
  • 0.003 injection_explorer
  • 0.003 antidbg_devices
  • 0.003 bot_drive
  • 0.003 disables_browser_warn
  • 0.003 network_cnc_http
  • 0.003 recon_fingerprint
  • 0.002 tinba_behavior
  • 0.002 rat_nanocore
  • 0.002 antiav_servicestop
  • 0.002 sets_autoconfig_url
  • 0.002 stealth_network
  • 0.002 cerber_behavior
  • 0.002 h1n1_behavior
  • 0.002 bypass_firewall
  • 0.002 antisandbox_productid
  • 0.002 antivm_xen_keys
  • 0.002 antivm_hyperv_keys
  • 0.002 antivm_vbox_acpi
  • 0.002 antivm_vbox_keys
  • 0.002 antivm_vmware_keys
  • 0.002 antivm_vpc_keys
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 network_torgateway
  • 0.002 packer_armadillo_regkey
  • 0.002 rat_pcclient
  • 0.001 upatre_behavior
  • 0.001 dridex_behavior
  • 0.001 ransomware_message
  • 0.001 antisandbox_sleep
  • 0.001 antivm_vbox_window
  • 0.001 ursnif_behavior
  • 0.001 kazybot_behavior
  • 0.001 ransomeware_modifies_desktop_wallpaper
  • 0.001 antisandbox_script_timer
  • 0.001 securityxploded_modules
  • 0.001 sniffer_winpcap
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_generic_bios
  • 0.001 antivm_generic_cpu
  • 0.001 antivm_generic_system
  • 0.001 antivm_vmware_files
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 dropper
  • 0.001 codelux_behavior
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 malicous_targeted_flame
  • 0.001 maldun_anomaly_invoke_vb_vba
  • 0.001 md_bad_drop
  • 0.001 network_tor_service
  • 0.001 rat_spynet
  • 0.001 recon_programs
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.751 seconds )

  • 0.681 ReportHTMLSummary
  • 0.07 Malheur
Task ID 726855
Mongo ID 64f7f6177e769a37b71ab864
Cuckoo release 1.4-Maldun