比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-1 2016-09-06 14:55:26 2016-09-06 14:55:47 21 秒

魔盾分数

5.3

可疑的

文件详细信息

文件名 MSOHTMED.EXE
文件大小 87936 字节
文件类型 PE32+ executable (GUI) x86-64, for MS Windows
MD5 78e89dc545e6374c4e6c09c1d3ce0466
SHA1 bcbfe02e7fed041894db6404e60690d02301b763
SHA256 fabc7c12fd6523338f8adb3fefcaed7f213afe95e784ef36ecdf42da67421ab1
SHA512 6f4dbd49e79c5e540ea9b35e4acbcaf7c294781691ee4681580048aa75671d9d3f48c4d474ec834d9c193d2c597302554a6ce6c10651a4cc9d11db284b0884f8
CRC32 31F2CDD2
Ssdeep 1536:DSBIKwM83gbSz8ALsxvrs/4l35YO/8vdT4mhDAOOtBG4dqb9rHUR:oIKwsXxvZl3CVvdDhDAOOt040b9oR
Yara 登录查看Yara规则
样本下载 提交漏报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x140000000
入口地址 0x14000e504
声明校验值 0x00015db7
实际校验值 0x00015db7
最低操作系统版本要求 5.2
PDB路径 t:\misc_hev\x64\ship\0\msohtmed.pdb\x00\ship\0\msohtmed.exe\bbtopt\msohtmedO.pdb
编译时间 2010-01-11 10:45:36

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
LegalTrademarks1
LegalTrademarks2
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

微软证书验证 (Sign Tool)

SHA1 时间戳 有效性 错误
ac6eda44e5272ae63ffb5ed476b3288ca7ba1c03 Mon Jan 11 10:48:44 2010
证书链 Certificate Chain 1
发行给 Microsoft Root Authority
发行人 Microsoft Root Authority
有效期 Thu Dec 31 150000 2020
SHA1 哈希 a43489159a520f0d93d032ccaf37e7fe20a8b419
证书链 Certificate Chain 2
发行给 Microsoft Code Signing PCA
发行人 Microsoft Root Authority
有效期 Sat Aug 25 150000 2012
SHA1 哈希 3036e3b25b88a55b86fc90e6e9eaad5081445166
证书链 Certificate Chain 3
发行给 Microsoft Corporation
发行人 Microsoft Code Signing PCA
有效期 Tue Mar 08 064029 2011
SHA1 哈希 9617094a1cfb59ae7c1f7dfdb6739e4e7c40508f
证书链 Timestamp Chain 1
发行给 Microsoft Root Authority
发行人 Microsoft Root Authority
有效期 Thu Dec 31 150000 2020
SHA1 哈希 a43489159a520f0d93d032ccaf37e7fe20a8b419
证书链 Timestamp Chain 2
发行给 Microsoft Timestamping PCA
发行人 Microsoft Root Authority
有效期 Sun Sep 15 150000 2019
SHA1 哈希 3ea99a60058275e0ed83b892a909449f8c33b245
证书链 Timestamp Chain 3
发行给 Microsoft Time-Stamp Service
发行人 Microsoft Timestamping PCA
有效期 Fri Jul 26 031115 2013
SHA1 哈希 4d6f357f0e6434da97b1afc540fb6fdd0e85a89f

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0000dea6 0x0000e000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.11
.rdata 0x0000f000 0x00004438 0x00004600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.08
.data 0x00014000 0x00000e88 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 3.30
.pdata 0x00015000 0x000008b8 0x00000a00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.34
.rsrc 0x00016000 0x00000800 0x00000800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.39
.reloc 0x00017000 0x00000174 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 4.21

覆盖

偏移量 0x00014000
大小 0x00001780

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_VERSION 0x000160a0 0x000004a4 LANG_ENGLISH SUBLANG_ENGLISH_US 3.43 data
RT_MANIFEST 0x00016544 0x000002ba LANG_ENGLISH SUBLANG_ENGLISH_US 5.00 ASCII text, with very long lines, with no line terminators

导入

库: USER32.dll:
0x14000f000 DdeCreateStringHandleW
0x14000f008 DdeClientTransaction
0x14000f010 DdeQueryConvInfo
0x14000f018 GetParent
0x14000f020 DdeInitializeW
0x14000f028 ShowWindow
0x14000f030 SetForegroundWindow
0x14000f038 SendNotifyMessageW
0x14000f040 DdeUninitialize
0x14000f048 DdeConnectList
0x14000f050 DdeQueryNextServer
0x14000f058 DdeAccessData
0x14000f060 DdeUnaccessData
0x14000f068 DdeFreeDataHandle
0x14000f070 DdeDisconnect
0x14000f078 DdeDisconnectList
0x14000f080 DdeFreeStringHandle
0x14000f088 AllowSetForegroundWindow
0x14000f090 GetDesktopWindow
0x14000f098 IsIconic
库: KERNEL32.dll:
0x14000f0a8 GetStartupInfoA
0x14000f0b0 Sleep
0x14000f0b8 HeapAlloc
0x14000f0c0 HeapFree
0x14000f0c8 GetModuleHandleW
0x14000f0d0 GetProcessHeap
0x14000f0d8 GetSystemTimeAsFileTime
0x14000f0e0 GetCurrentProcessId
0x14000f0e8 ReadFile
0x14000f0f0 SetFilePointer
0x14000f0f8 CloseHandle
0x14000f100 MultiByteToWideChar
0x14000f108 GetACP
0x14000f118 GlobalAlloc
0x14000f120 GlobalFree
0x14000f128 DebugBreak
0x14000f130 RaiseException
0x14000f138 TerminateProcess
0x14000f140 CreateFileMappingW
0x14000f148 GetFileAttributesW
0x14000f150 GetUserDefaultLangID
0x14000f158 ExitProcess
0x14000f160 ReleaseMutex
0x14000f168 GetCommandLineW
0x14000f170 CreateFileW
0x14000f178 CreateMutexW
0x14000f180 CreateProcessW
0x14000f188 GetModuleFileNameW
0x14000f190 LoadLibraryW
0x14000f198 CreateActCtxW
0x14000f1a0 ActivateActCtx
0x14000f1a8 DeactivateActCtx
0x14000f1b0 FindActCtxSectionStringW
0x14000f1b8 QueryActCtxW
0x14000f1c0 GetProcAddress
0x14000f1c8 SetLastError
0x14000f1d0 GetModuleHandleExW
0x14000f1d8 OutputDebugStringA
0x14000f1e0 LoadLibraryA
0x14000f1e8 GetCurrentProcess
0x14000f1f0 UnhandledExceptionFilter
0x14000f200 IsDebuggerPresent
0x14000f208 RtlVirtualUnwind
0x14000f210 RtlLookupFunctionEntry
0x14000f218 RtlCaptureContext
0x14000f220 GetLastError
0x14000f228 QueryPerformanceCounter
0x14000f230 GetCurrentThreadId
0x14000f238 GetTickCount
0x14000f240 VirtualProtect
库: ADVAPI32.dll:
0x14000f250 RegisterEventSourceW
0x14000f258 ReportEventW
0x14000f260 DeregisterEventSource
0x14000f268 RegQueryValueExW
0x14000f270 RegCreateKeyExW
0x14000f278 RegOpenKeyExW
0x14000f280 RegEnumValueW
0x14000f288 RegEnumKeyExW
0x14000f290 RegDeleteValueW
0x14000f298 RegDeleteKeyW
0x14000f2a0 RegCloseKey
0x14000f2a8 RegSetValueExW
库: ole32.dll:
0x14000f2b8 CoCreateInstance
0x14000f2c0 CoUninitialize
0x14000f2c8 StgOpenStorage
0x14000f2d0 CoInitialize
0x14000f2d8 CoFileTimeNow
库: SHELL32.dll:
0x14000f2e8 ShellExecuteExW
0x14000f2f0 SHGetSpecialFolderPathW
库: MSVCR90.dll:
0x14000f300 _CxxThrowException
0x14000f310 _decode_pointer
0x14000f318 _onexit
0x14000f320 _lock
0x14000f328 memset
0x14000f330 __C_specific_handler
0x14000f338 vswprintf_s
0x14000f340 _amsg_exit
0x14000f348 __getmainargs
0x14000f350 _XcptFilter
0x14000f358 _exit
0x14000f360 _ismbblead
0x14000f368 _cexit
0x14000f370 exit
0x14000f378 _acmdln
0x14000f380 _initterm
0x14000f388 _initterm_e
0x14000f390 _configthreadlocale
0x14000f398 __setusermatherr
0x14000f3a0 _commode
0x14000f3a8 _fmode
0x14000f3b0 _encode_pointer
0x14000f3b8 __set_app_type
0x14000f3c0 __crt_debugger_hook
0x14000f3c8 ?terminate@@YAXXZ
0x14000f3d0 _unlock
0x14000f3d8 __dllonexit
.text
`.rdata
@.data
.pdata
@.rsrc
@.reloc
D$(P@
t:\misc_hev\x64\ship\0\msohtmed.pdb
\ship\0\msohtmed.exe\bbtopt\msohtmedO.pdb
GetUrlCacheEntryInfoW
wininet.dll
CreateUrlCacheEntryW
FindCloseUrlCache
FindFirstUrlCacheEntryW
FindNextUrlCacheEntryW
PathCreateFromUrlW
shlwapi.dll
URLDownloadToFileW
urlmon.dll
GetFileVersionInfoSizeW
version.dll
GetFileVersionInfoW
VerQueryValueW
HlinkCreateExtensionServices
hlink.dll
+HeapSetInformation
MSVCR90.dll
SHELL32.dll
ole32.dll
ADVAPI32.dll
KERNEL32.dll
USER32.dll
DdeCreateStringHandleW
DdeClientTransaction
DdeQueryConvInfo
GetParent
DdeInitializeW
ShowWindow
SetForegroundWindow
SendNotifyMessageW
DdeUninitialize
DdeConnectList
DdeQueryNextServer
DdeAccessData
DdeUnaccessData
DdeFreeDataHandle
DdeDisconnect
DdeDisconnectList
DdeFreeStringHandle
AllowSetForegroundWindow
GetDesktopWindow
IsIconic
GetStartupInfoA
Sleep
HeapAlloc
HeapFree
GetModuleHandleW
GetProcessHeap
GetSystemTimeAsFileTime
GetCurrentProcessId
ReadFile
SetFilePointer
CloseHandle
MultiByteToWideChar
GetACP
ExpandEnvironmentStringsW
GlobalAlloc
GlobalFree
DebugBreak
RaiseException
TerminateProcess
CreateFileMappingW
GetFileAttributesW
GetUserDefaultLangID
ExitProcess
ReleaseMutex
GetCommandLineW
CreateFileW
CreateMutexW
CreateProcessW
GetModuleFileNameW
LoadLibraryW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
GetProcAddress
SetLastError
GetModuleHandleExW
OutputDebugStringA
LoadLibraryA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetLastError
QueryPerformanceCounter
GetCurrentThreadId
GetTickCount
VirtualProtect
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCloseKey
RegSetValueExW
CoCreateInstance
CoUninitialize
StgOpenStorage
CoInitialize
CoFileTimeNow
ShellExecuteExW
SHGetSpecialFolderPathW
_CxxThrowException
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
_decode_pointer
_onexit
_lock
memset
__C_specific_handler
vswprintf_s
_amsg_exit
__getmainargs
_XcptFilter
_exit
_ismbblead
_cexit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
_encode_pointer
__set_app_type
__crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
.?AVSTM@@
.?AUIStream@@
.?AUISequentialStream@@
.?AUIUnknown@@
.?AVCBSCLite@@
.?AUIBindStatusCallback@@
.?AVtype_info@@
.?AV_com_error@@
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><noInherit></noInherit><assemblyIdentity processorArchitecture="*" type="win32" name="msohev" version="1.0.0.0"></assemblyIdentity><description>Microsoft Office</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.VC90.CRT" version="9.0.30729.1" processorArchitecture="amd64" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo></assembly>PA
zw9gj
.mhtml
\CurVer
print
OneNote.Package
OneNote.Notebook
Access.ACCDTFile.12
Visio.Drawing.11
PowerPoint.Show.12
OneNote.Folder
PowerPoint.OpenDocumentPresentation
Excel.OpenDocumentSpreadsheet
Word.OpenDocumentText
Access.ACCDRFile.12
Access.ACCDCFile.12
Access.ACCDEFile.12
OneNote.TableOfContents
SharePointDesigner.xml
SharePointDesigner.stm
SharePointDesigner.shtml
SharePointDesigner.shtm
SharePointDesigner.master
SharePointDesigner.htx
SharePointDesigner.htt
SharePointDesigner.htc
SharePointDesigner.css
SharePointDesigner.aspx
SharePointDesigner.asmx
SharePointDesigner.ascx
SharePointDesigner.asp
FrontPage.Editor.Document
PowerPoint.ShowMacroEnabled
PowerPoint.PresentationMacroEnabled
PowerPoint.Presentation
Excel.TemplateMacroEnabled
Excel.SheetBinaryMacroEnabled
Excel.SheetMacroEnabled
Excel.Template
Word.TemplateMacroEnabled
Word.DocumentMacroEnabled
Visio.PublishedDrawing
Visio.Template
Visio.Stencil
MSProject.Template
Word.Template
Word.RTF
PowerPoint.Show
Microsoft OneNote
OneNote.Section
OneNote
Microsoft Visio
Visio.Drawing
Visio
Microsoft Project
MSProject.Project
Winproj
Microsoft Publisher
Publisher.Document
MSPub
Microsoft SharePoint Designer
SharePointDesigner.Editor.Document
spdesign
Microsoft Access
Access.Application
MSAccess
Microsoft Internet Assistant for PowerPoint
PowerPoint.Slide
PowerPnt
ExcelC
Microsoft Excel
Excel.Sheet
Excel
WinWordC
Microsoft Office:MSODRM_REFCOUNT_FILE_WORD
Microsoft Word
Word.Document
WinWord
SOFTWARE\Microsoft\Shared\HTML
SOFTWARE\Microsoft\Shared\MHTML
Default Editor
Default HTML Editor
Default MHTML Editor
Old Default Editor
Software\Microsoft\Windows\CurrentVersion\App Paths\
msohtmed.exe
msohev.dll
msohevi.dll
CLSID
{42042206-2D85-11D3-8CFF-005004838597}
Old Icon
DefaultIcon
ShellEx
IconHandler
shell
command
ddeexec
&Edit
&Print
Microsoft
Version
OpenAsReadOnly
ViewProtected
Print
DRMContent
0xffffffff
WWW_GetWindowInfo
IExplore
file:
\FileDescription
\StringFileInfo\
https:
http:
.html
ftp://
https://
http://
Shared
Microsoft
Software
\LocalServer32
CLSID\
\CLSID
ddeexec\Application
shell\
SOFTWARE\Microsoft\Internet Explorer
UseUrl
\command
\shell\
CurVer
SOFTWARE\Microsoft\Shared\HTML\Default Editor\shell\edit\command
SOFTWARE\Microsoft\Shared\MHTML\Default Editor\shell\edit\command
MHTML
SOFTWARE\Microsoft
ThreadingModel
Apartment
\shell
Word.Document\CurVer
KnownIDs
Description
shell
Internet Explorer
SOFTWARE
OpenWithList
command
ProgID
shell\new
shell\open
SharePointDesigner.Application.14.0
[Activate("%1")]
shell\edit\command
shell\print\command
shell\new\command
\shell\open
winword.exe
fpxpress.exe
shell\edit
notepad "
Print
Excel.WebQuery
MSOHTMED_REG
/unregserver
/regserverfp
/regserver
msohtmed
base64
quoted-printable
ProgID
Generator
Microsoft Publisher 97
Microsoft Publisher 98
Microsoft Publisher 2000
Content-Transfer-Encoding:
MIME-Version
content
0123456789ABCDEF
Comctl32.dll
mso.dll
software\microsoft\office\14.0\common\filespaths
kernel32.dll
InsecureQI
CLSID
Software\Microsoft\Security
Software\Policies\Microsoft\Security
CLSIDInterfaceTest
%s %s %s
%d.%d.%d.%d
version.dll
InprocServer32
{%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}
VS_VERSION_INFO
StringFileInfo
000004E4
CompanyName
Microsoft Corporation
FileDescription
Microsoft Office 2010 component
FileVersion
14.0.4730.1010
InternalName
LegalCopyright
2010 Microsoft Corporation. All rights reserved.
LegalTrademarks1
is a registered trademark of Microsoft Corporation.
LegalTrademarks2
is a registered trademark of Microsoft Corporation.
OriginalFilename
MsoHtmEd.Exe
ProductName
Microsoft Office 2010
ProductVersion
14.0.4730.1010
VarFileInfo
Translation
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav 未发现病毒 20160830
MicroWorld-eScan 未发现病毒 20160831
nProtect 未发现病毒 20160831
CMC 未发现病毒 20160830
CAT-QuickHeal 未发现病毒 20160831
ALYac 未发现病毒 20160831
Malwarebytes 未发现病毒 20160831
Zillya 未发现病毒 20160830
AegisLab 未发现病毒 20160831
TheHacker 未发现病毒 20160829
BitDefender 未发现病毒 20160831
K7GW 未发现病毒 20160831
K7AntiVirus 未发现病毒 20160831
TrendMicro 未发现病毒 20160831
Baidu 未发现病毒 20160831
F-Prot 未发现病毒 20160831
Symantec 未发现病毒 20160831
ESET-NOD32 未发现病毒 20160831
TrendMicro-HouseCall 未发现病毒 20160831
Avast 未发现病毒 20160831
ClamAV 未发现病毒 20160831
Kaspersky 未发现病毒 20160831
Alibaba 未发现病毒 20160831
NANO-Antivirus 未发现病毒 20160831
SUPERAntiSpyware 未发现病毒 20160831
Ad-Aware 未发现病毒 20160831
Emsisoft 未发现病毒 20160831
Comodo 未发现病毒 20160831
F-Secure 未发现病毒 20160831
DrWeb 未发现病毒 20160831
VIPRE 未发现病毒 20160831
Invincea 未发现病毒 20160830
McAfee-GW-Edition 未发现病毒 20160831
Sophos 未发现病毒 20160831
Cyren 未发现病毒 20160831
Jiangmin 未发现病毒 20160831
Avira 未发现病毒 20160831
Fortinet 未发现病毒 20160831
Antiy-AVL 未发现病毒 20160831
Kingsoft 未发现病毒 20160831
Arcabit 未发现病毒 20160831
ViRobot 未发现病毒 20160831
Microsoft 未发现病毒 20160831
AhnLab-V3 未发现病毒 20160831
McAfee 未发现病毒 20160831
AVware 未发现病毒 20160831
VBA32 未发现病毒 20160830
Zoner 未发现病毒 20160831
Rising 未发现病毒 20160831
Yandex 未发现病毒 20160830
Ikarus 未发现病毒 20160831
GData 未发现病毒 20160831
AVG 未发现病毒 20160831
Panda 未发现病毒 20160830
CrowdStrike 未发现病毒 20160725
Qihoo-360 未发现病毒 20160831

进程树

MSOHTMED.EXE, PID: 548, 上一级进程 PID: 2152
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

无TCP连接纪录.

UDP

源地址 源端口 目标地址 目标端口
192.168.122.70 55256 192.168.122.1 53
192.168.122.70 60614 192.168.122.1 53
192.168.122.70 62263 192.168.122.1 53
192.168.122.70 63780 192.168.122.1 53
192.168.122.70 64732 192.168.122.1 53
192.168.122.70 51435 224.0.0.252 5355
192.168.122.70 57195 239.255.255.250 1900
192.168.122.70 123 52.169.179.91 123

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

无TCP连接纪录.

UDP

源地址 源端口 目标地址 目标端口
192.168.122.70 55256 192.168.122.1 53
192.168.122.70 60614 192.168.122.1 53
192.168.122.70 62263 192.168.122.1 53
192.168.122.70 63780 192.168.122.1 53
192.168.122.70 64732 192.168.122.1 53
192.168.122.70 51435 224.0.0.252 5355
192.168.122.70 57195 239.255.255.250 1900
192.168.122.70 123 52.169.179.91 123

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 5.467 seconds )

  • 2.963 NetworkAnalysis
  • 1.128 VirusTotal
  • 0.603 Static
  • 0.453 peid
  • 0.22 TargetInfo
  • 0.036 BehaviorAnalysis
  • 0.026 AnalysisInfo
  • 0.014 Strings
  • 0.009 Debug
  • 0.009 config_decoder
  • 0.003 Dropped
  • 0.002 Memory
  • 0.001 ProcessMemory

Signatures ( 0.065 seconds )

  • 0.015 antiav_detectreg
  • 0.006 persistence_autorun
  • 0.006 antiav_detectfile
  • 0.006 infostealer_ftp
  • 0.004 infostealer_im
  • 0.003 antianalysis_detectreg
  • 0.003 disables_browser_warn
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_mail
  • 0.002 tinba_behavior
  • 0.002 antivm_vbox_files
  • 0.002 geodo_banking_trojan
  • 0.002 ransomware_files
  • 0.001 betabot_behavior
  • 0.001 kibex_behavior
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 modify_proxy
  • 0.001 browser_security
  • 0.001 disables_system_restore

Reporting ( 1.27 seconds )

  • 0.7 ReportPDF
  • 0.558 ReportHTMLSummary
  • 0.012 Malheur
Task ID 16174
Mongo ID 57ce687a4d3bd048e49828d6
Cuckoo release 1.4-Maldun