分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-hpdapp03-1 | 2017-08-22 22:31:46 | 2017-08-22 22:34:10 | 144 秒 |
文件名 | 1.exe |
---|---|
文件大小 | 246784 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | 4e3b8920c730df878b149a30d35d7163 |
SHA1 | 040a4158da904705b38fe7c943c7fc2d674da6e7 |
SHA256 | 47cf31a80061edd87d99518298951f3a71ead96ec3153728f68199d6a0bc303f |
SHA512 | 379721672f7b0f869e9fa8fde5ebe9a1992ca1360d3779ab2309e78052aea78f185e4e18aa49c1e8ea7efedde3f5b09fe785ffe5e1b42a1c1c700c92a599999a |
CRC32 | 2701284A |
Ssdeep | 6144:tRnXlF9dSmU2D22k2222f2222H222282222w2222L2222A2222Z2222O2222fbmE:txXPGmU2D22k2222f2222H222282222t |
Yara | 登录查看Yara规则 |
样本下载 提交误报 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
是 | 195.2.252.59 | 俄罗斯 |
无域名信息.
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x00407af7 |
声明校验值 | 0x00000000 |
实际校验值 | 0x0004b71f |
最低操作系统版本要求 | 5.1 |
编译时间 | 2017-08-19 09:47:42 |
载入哈希 | 498a29e746d9b5cb412502a979c3111d |
图标 | |
图标精确哈希值 | 98e88cb282db09638e9776a65401f90c |
图标相似性哈希值 | e6139b3f8d1b730f1afd1ee873e2dc4b |
LegalCopyright | |
---|---|
FileVersion | |
ProductVersion | |
Translation |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
.text | 0x00001000 | 0x00013f0c | 0x00014000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.38 |
.data | 0x00015000 | 0x00003e60 | 0x00001400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 3.66 |
.idata | 0x00019000 | 0x000009b6 | 0x00000a00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.33 |
.rsrc | 0x0001a000 | 0x00024d4d | 0x00024e00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 7.41 |
.reloc | 0x0003f000 | 0x00001224 | 0x00001400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 6.25 |
名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
---|---|---|---|---|---|---|
GQDPIW | 0x0001a518 | 0x000071ed | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.99 | data |
RT_BITMAP | 0x0002f280 | 0x00003668 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.27 | data |
RT_BITMAP | 0x0002f280 | 0x00003668 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.27 | data |
RT_BITMAP | 0x0002f280 | 0x00003668 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.27 | data |
RT_BITMAP | 0x0002f280 | 0x00003668 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.27 | data |
RT_BITMAP | 0x0002f280 | 0x00003668 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.27 | data |
RT_ICON | 0x0003a150 | 0x00004228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.67 | data |
RT_ICON | 0x0003a150 | 0x00004228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.67 | data |
RT_ICON | 0x0003a150 | 0x00004228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.67 | data |
RT_ICON | 0x0003a150 | 0x00004228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.67 | data |
RT_ICON | 0x0003a150 | 0x00004228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.67 | data |
RT_ICON | 0x0003a150 | 0x00004228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.67 | data |
RT_ICON | 0x0003a150 | 0x00004228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.67 | data |
RT_ICON | 0x0003a150 | 0x00004228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.67 | data |
RT_ICON | 0x0003a150 | 0x00004228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.67 | data |
RT_ICON | 0x0003a150 | 0x00004228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.67 | data |
RT_MENU | 0x0003e780 | 0x00000218 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.29 | data |
RT_MENU | 0x0003e780 | 0x00000218 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.29 | data |
RT_MENU | 0x0003e780 | 0x00000218 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.29 | data |
RT_GROUP_ICON | 0x0003ea10 | 0x00000022 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.45 | MS Windows icon resource - 2 icons, 32x32 |
RT_GROUP_ICON | 0x0003ea10 | 0x00000022 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.45 | MS Windows icon resource - 2 icons, 32x32 |
RT_VERSION | 0x0003ea34 | 0x0000019c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.16 | data |
RT_MANIFEST | 0x0003ebd0 | 0x0000017d | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.91 | XML 1.0 document text |
防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
---|---|---|
Bkav | 未发现病毒 | 20170822 |
MicroWorld-eScan | Trojan.GenericKDZ.40157 | 20170821 |
nProtect | 未发现病毒 | 20170822 |
CMC | 未发现病毒 | 20170821 |
CAT-QuickHeal | 未发现病毒 | 20170821 |
McAfee | RDN/Generic.hbg | 20170822 |
Cylance | Unsafe | 20170822 |
Zillya | 未发现病毒 | 20170821 |
AegisLab | Troj.W32.Generic!c | 20170822 |
K7AntiVirus | Trojan ( 00514d6a1 ) | 20170821 |
K7GW | Trojan ( 00514d6a1 ) | 20170821 |
TheHacker | 未发现病毒 | 20170821 |
Arcabit | Trojan.Generic.D9CDD | 20170822 |
TrendMicro | 未发现病毒 | 20170822 |
Baidu | Win32.Trojan.WisdomEyes.16070401.9500.9996 | 20170817 |
Cyren | W32/Trojan.JIRZ-1385 | 20170822 |
Symantec | Trojan.Gen.2 | 20170822 |
ESET-NOD32 | a variant of Win32/Kryptik.FVRV | 20170822 |
TrendMicro-HouseCall | Suspicious_GEN.F47V0820 | 20170822 |
Avast | Win32:Malware-gen | 20170822 |
ClamAV | 未发现病毒 | 20170822 |
GData | Trojan.GenericKDZ.40157 | 20170822 |
Kaspersky | HEUR:Trojan.Win32.Generic | 20170822 |
BitDefender | Trojan.GenericKDZ.40157 | 20170822 |
NANO-Antivirus | 未发现病毒 | 20170822 |
ViRobot | Trojan.Win32.Z.Agent.246784.EL | 20170822 |
Tencent | Win32.Trojan.Inject.Auto | 20170822 |
Ad-Aware | Trojan.GenericKDZ.40157 | 20170822 |
Emsisoft | Trojan.GenericKDZ.40157 (B) | 20170822 |
Comodo | UnclassifiedMalware | 20170822 |
F-Secure | Trojan.GenericKDZ.40157 | 20170822 |
DrWeb | Trojan.TinyNuke.9 | 20170822 |
VIPRE | Trojan.Win32.Generic!BT | 20170822 |
Invincea | heuristic | 20170818 |
McAfee-GW-Edition | BehavesLike.Win32.Downloader.dc | 20170822 |
Sophos | Mal/Generic-S | 20170821 |
Ikarus | Trojan.Win32.Crypt | 20170821 |
F-Prot | 未发现病毒 | 20170822 |
Jiangmin | 未发现病毒 | 20170822 |
Webroot | W32.Trojan.Gen | 20170822 |
Avira | TR/Crypt.Xpack.sjvei | 20170822 |
Antiy-AVL | Trojan/Win32.TSGeneric | 20170822 |
Kingsoft | 未发现病毒 | 20170822 |
Endgame | malicious (high confidence) | 20170821 |
SUPERAntiSpyware | 未发现病毒 | 20170822 |
ZoneAlarm | HEUR:Trojan.Win32.Generic | 20170822 |
Microsoft | TrojanSpy:Win32/Tinukebot.A!bit | 20170822 |
AhnLab-V3 | Trojan/Win32.MDA.R207046 | 20170822 |
ALYac | Trojan.GenericKDZ.40157 | 20170822 |
AVware | Trojan.Win32.Generic!BT | 20170822 |
MAX | malware (ai score=84) | 20170822 |
VBA32 | 未发现病毒 | 20170821 |
Malwarebytes | Trojan.MalPack | 20170822 |
WhiteArmor | 未发现病毒 | 20170817 |
Panda | Trj/CI.A | 20170821 |
Zoner | 未发现病毒 | 20170822 |
Rising | Malware.Obscure/Heur!1.A89E (cloud:tDR9ZW8vmaK) | 20170822 |
Yandex | 未发现病毒 | 20170821 |
SentinelOne | static engine - malicious | 20170806 |
Fortinet | W32/ETap.A | 20170822 |
AVG | Win32:Malware-gen | 20170822 |
Paloalto | generic.ml | 20170822 |
CrowdStrike | malicious_confidence_60% (W) | 20170804 |
Qihoo-360 | 未发现病毒 | 20170822 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
是 | 195.2.252.59 | 俄罗斯 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49180 | 195.2.252.59 | 80 |
192.168.122.201 | 49181 | 195.2.252.59 | 80 |
192.168.122.201 | 49192 | 195.2.252.59 | 80 |
192.168.122.201 | 49193 | 195.2.252.59 | 80 |
192.168.122.201 | 49195 | 195.2.252.59 | 80 |
192.168.122.201 | 49196 | 195.2.252.59 | 80 |
192.168.122.201 | 49197 | 195.2.252.59 | 80 |
192.168.122.201 | 49198 | 195.2.252.59 | 80 |
192.168.122.201 | 49199 | 195.2.252.59 | 80 |
192.168.122.201 | 49200 | 195.2.252.59 | 80 |
192.168.122.201 | 49201 | 195.2.252.59 | 80 |
192.168.122.201 | 49202 | 195.2.252.59 | 80 |
192.168.122.201 | 49205 | 195.2.252.59 | 80 |
192.168.122.201 | 49206 | 195.2.252.59 | 80 |
192.168.122.201 | 49207 | 195.2.252.59 | 80 |
192.168.122.201 | 49208 | 195.2.252.59 | 80 |
192.168.122.201 | 49209 | 195.2.252.59 | 80 |
192.168.122.201 | 49212 | 195.2.252.59 | 80 |
192.168.122.201 | 49215 | 195.2.252.59 | 80 |
192.168.122.201 | 49216 | 195.2.252.59 | 80 |
192.168.122.201 | 49217 | 195.2.252.59 | 80 |
192.168.122.201 | 49220 | 195.2.252.59 | 80 |
192.168.122.201 | 49221 | 195.2.252.59 | 80 |
192.168.122.201 | 49222 | 195.2.252.59 | 80 |
192.168.122.201 | 49223 | 195.2.252.59 | 80 |
192.168.122.201 | 49224 | 195.2.252.59 | 80 |
192.168.122.201 | 49225 | 195.2.252.59 | 80 |
192.168.122.201 | 49226 | 195.2.252.59 | 80 |
192.168.122.201 | 49227 | 195.2.252.59 | 80 |
192.168.122.201 | 49228 | 195.2.252.59 | 80 |
192.168.122.201 | 49229 | 195.2.252.59 | 80 |
192.168.122.201 | 49230 | 195.2.252.59 | 80 |
192.168.122.201 | 49231 | 195.2.252.59 | 80 |
192.168.122.201 | 49232 | 195.2.252.59 | 80 |
192.168.122.201 | 49233 | 195.2.252.59 | 80 |
192.168.122.201 | 49234 | 195.2.252.59 | 80 |
无UDP连接纪录.
无域名信息.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49180 | 195.2.252.59 | 80 |
192.168.122.201 | 49181 | 195.2.252.59 | 80 |
192.168.122.201 | 49192 | 195.2.252.59 | 80 |
192.168.122.201 | 49193 | 195.2.252.59 | 80 |
192.168.122.201 | 49195 | 195.2.252.59 | 80 |
192.168.122.201 | 49196 | 195.2.252.59 | 80 |
192.168.122.201 | 49197 | 195.2.252.59 | 80 |
192.168.122.201 | 49198 | 195.2.252.59 | 80 |
192.168.122.201 | 49199 | 195.2.252.59 | 80 |
192.168.122.201 | 49200 | 195.2.252.59 | 80 |
192.168.122.201 | 49201 | 195.2.252.59 | 80 |
192.168.122.201 | 49202 | 195.2.252.59 | 80 |
192.168.122.201 | 49205 | 195.2.252.59 | 80 |
192.168.122.201 | 49206 | 195.2.252.59 | 80 |
192.168.122.201 | 49207 | 195.2.252.59 | 80 |
192.168.122.201 | 49208 | 195.2.252.59 | 80 |
192.168.122.201 | 49209 | 195.2.252.59 | 80 |
192.168.122.201 | 49212 | 195.2.252.59 | 80 |
192.168.122.201 | 49215 | 195.2.252.59 | 80 |
192.168.122.201 | 49216 | 195.2.252.59 | 80 |
192.168.122.201 | 49217 | 195.2.252.59 | 80 |
192.168.122.201 | 49220 | 195.2.252.59 | 80 |
192.168.122.201 | 49221 | 195.2.252.59 | 80 |
192.168.122.201 | 49222 | 195.2.252.59 | 80 |
192.168.122.201 | 49223 | 195.2.252.59 | 80 |
192.168.122.201 | 49224 | 195.2.252.59 | 80 |
192.168.122.201 | 49225 | 195.2.252.59 | 80 |
192.168.122.201 | 49226 | 195.2.252.59 | 80 |
192.168.122.201 | 49227 | 195.2.252.59 | 80 |
192.168.122.201 | 49228 | 195.2.252.59 | 80 |
192.168.122.201 | 49229 | 195.2.252.59 | 80 |
192.168.122.201 | 49230 | 195.2.252.59 | 80 |
192.168.122.201 | 49231 | 195.2.252.59 | 80 |
192.168.122.201 | 49232 | 195.2.252.59 | 80 |
192.168.122.201 | 49233 | 195.2.252.59 | 80 |
192.168.122.201 | 49234 | 195.2.252.59 | 80 |
无UDP连接纪录.
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://195.2.252.59/PANEL/gate.php?94D355F270963256450765 | POST /PANEL/gate.php?94D355F270963256450765 HTTP/1.1 Host: 195.2.252.59 Pragma: no-cache Content-type: text/html Connection: close |
URL专业沙箱检测 -> http://195.2.252.59/PANEL/gate.php?94D355F270963256450765 | POST /PANEL/gate.php?94D355F270963256450765 HTTP/1.1 Host: 195.2.252.59 Pragma: no-cache Content-type: text/html Connection: close Content-Length: 9 |
URL专业沙箱检测 -> http://195.2.252.59/PANEL/gate.php?94D355F270963256450765 | POST /PANEL/gate.php?94D355F270963256450765 HTTP/1.1 Host: 195.2.252.59 Pragma: no-cache Content-type: text/html Connection: close Content-Length: 36 |
URL专业沙箱检测 -> http://195.2.252.59/PANEL/gate.php?94D355F270963256450765 | POST /PANEL/gate.php?94D355F270963256450765 HTTP/1.1 Host: 195.2.252.59 Pragma: no-cache Content-type: text/html Connection: close Content-Length: 4 |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
---|---|---|---|---|---|---|---|---|
2017-08-22 22:32:06.261357+0800 | 192.168.122.201 | 49180 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:32:06.261357+0800 | 192.168.122.201 | 49180 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
2017-08-22 22:32:06.261357+0800 | 192.168.122.201 | 49180 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:32:06.796607+0800 | 192.168.122.201 | 49181 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:32:06.796607+0800 | 192.168.122.201 | 49181 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:32:08.988870+0800 | 192.168.122.201 | 49193 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:32:08.988870+0800 | 192.168.122.201 | 49193 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:32:08.447192+0800 | 192.168.122.201 | 49192 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:32:08.447192+0800 | 192.168.122.201 | 49192 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
2017-08-22 22:32:08.447192+0800 | 192.168.122.201 | 49192 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:32:07.119073+0800 | 192.168.122.201 | 49181 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
2017-08-22 22:32:11.188434+0800 | 192.168.122.201 | 49197 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:32:09.280403+0800 | 192.168.122.201 | 49193 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
2017-08-22 22:32:11.188434+0800 | 192.168.122.201 | 49197 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:32:11.192806+0800 | 192.168.122.201 | 49196 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:32:10.389838+0800 | 192.168.122.201 | 49195 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:32:11.192806+0800 | 192.168.122.201 | 49196 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:32:10.389838+0800 | 192.168.122.201 | 49195 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:32:11.451857+0800 | 192.168.122.201 | 49197 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
2017-08-22 22:32:10.652904+0800 | 192.168.122.201 | 49195 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
2017-08-22 22:32:11.490740+0800 | 192.168.122.201 | 49196 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
2017-08-22 22:32:12.555153+0800 | 192.168.122.201 | 49198 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:32:12.555153+0800 | 192.168.122.201 | 49198 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:32:23.896651+0800 | 192.168.122.201 | 49200 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:32:23.896651+0800 | 192.168.122.201 | 49200 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:32:21.949313+0800 | 192.168.122.201 | 49199 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:32:21.949313+0800 | 192.168.122.201 | 49199 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:32:12.853063+0800 | 192.168.122.201 | 49198 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
2017-08-22 22:32:22.192550+0800 | 192.168.122.201 | 49199 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
2017-08-22 22:32:24.204594+0800 | 192.168.122.201 | 49200 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
2017-08-22 22:32:25.243631+0800 | 192.168.122.201 | 49201 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:32:25.243631+0800 | 192.168.122.201 | 49201 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:32:25.520832+0800 | 192.168.122.201 | 49201 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
2017-08-22 22:32:32.725230+0800 | 192.168.122.201 | 49202 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:32:32.725230+0800 | 192.168.122.201 | 49202 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:32:36.564702+0800 | 192.168.122.201 | 49205 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:32:36.564702+0800 | 192.168.122.201 | 49205 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:32:32.985205+0800 | 192.168.122.201 | 49202 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
2017-08-22 22:32:36.853943+0800 | 192.168.122.201 | 49205 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
2017-08-22 22:32:37.901242+0800 | 192.168.122.201 | 49206 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:32:37.901242+0800 | 192.168.122.201 | 49206 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:32:38.185220+0800 | 192.168.122.201 | 49206 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
2017-08-22 22:32:49.233982+0800 | 192.168.122.201 | 49208 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:32:43.533894+0800 | 192.168.122.201 | 49207 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:32:49.233982+0800 | 192.168.122.201 | 49208 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:32:43.533894+0800 | 192.168.122.201 | 49207 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:32:43.797447+0800 | 192.168.122.201 | 49207 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
2017-08-22 22:32:49.524898+0800 | 192.168.122.201 | 49208 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
2017-08-22 22:32:50.590443+0800 | 192.168.122.201 | 49209 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:32:50.590443+0800 | 192.168.122.201 | 49209 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:32:50.899266+0800 | 192.168.122.201 | 49209 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
2017-08-22 22:32:54.357152+0800 | 192.168.122.201 | 49212 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:32:54.357152+0800 | 192.168.122.201 | 49212 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:33:01.976907+0800 | 192.168.122.201 | 49215 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:33:01.976907+0800 | 192.168.122.201 | 49215 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:32:54.626545+0800 | 192.168.122.201 | 49212 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
2017-08-22 22:33:02.276465+0800 | 192.168.122.201 | 49215 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
2017-08-22 22:33:05.172372+0800 | 192.168.122.201 | 49217 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:33:05.172372+0800 | 192.168.122.201 | 49217 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:33:03.608498+0800 | 192.168.122.201 | 49216 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:33:14.932809+0800 | 192.168.122.201 | 49220 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:33:03.608498+0800 | 192.168.122.201 | 49216 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:33:14.932809+0800 | 192.168.122.201 | 49220 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:33:05.436549+0800 | 192.168.122.201 | 49217 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
2017-08-22 22:33:03.893411+0800 | 192.168.122.201 | 49216 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
2017-08-22 22:33:15.216921+0800 | 192.168.122.201 | 49220 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
2017-08-22 22:33:15.982005+0800 | 192.168.122.201 | 49221 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:33:15.982005+0800 | 192.168.122.201 | 49221 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:33:27.638250+0800 | 192.168.122.201 | 49224 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:33:27.638250+0800 | 192.168.122.201 | 49224 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:33:26.738216+0800 | 192.168.122.201 | 49223 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:33:16.246538+0800 | 192.168.122.201 | 49221 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
2017-08-22 22:33:26.738216+0800 | 192.168.122.201 | 49223 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:33:27.947539+0800 | 192.168.122.201 | 49224 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
2017-08-22 22:33:26.983318+0800 | 192.168.122.201 | 49223 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
2017-08-22 22:33:16.262192+0800 | 192.168.122.201 | 49222 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:33:16.262192+0800 | 192.168.122.201 | 49222 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:33:40.398325+0800 | 192.168.122.201 | 49227 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:33:40.398325+0800 | 192.168.122.201 | 49227 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:33:16.552733+0800 | 192.168.122.201 | 49222 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
2017-08-22 22:33:29.049915+0800 | 192.168.122.201 | 49225 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:33:29.049915+0800 | 192.168.122.201 | 49225 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:33:37.522635+0800 | 192.168.122.201 | 49226 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:33:37.522635+0800 | 192.168.122.201 | 49226 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:33:40.683577+0800 | 192.168.122.201 | 49227 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
2017-08-22 22:33:37.776779+0800 | 192.168.122.201 | 49226 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
2017-08-22 22:33:29.345610+0800 | 192.168.122.201 | 49225 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
2017-08-22 22:33:41.724724+0800 | 192.168.122.201 | 49228 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:33:41.724724+0800 | 192.168.122.201 | 49228 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:33:54.435744+0800 | 192.168.122.201 | 49231 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:33:54.435744+0800 | 192.168.122.201 | 49231 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:33:42.011655+0800 | 192.168.122.201 | 49228 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
2017-08-22 22:33:48.324400+0800 | 192.168.122.201 | 49229 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:33:48.324400+0800 | 192.168.122.201 | 49229 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:33:54.717754+0800 | 192.168.122.201 | 49231 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
2017-08-22 22:33:48.589424+0800 | 192.168.122.201 | 49229 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
2017-08-22 22:33:53.081142+0800 | 192.168.122.201 | 49230 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:33:53.081142+0800 | 192.168.122.201 | 49230 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:33:53.374744+0800 | 192.168.122.201 | 49230 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
2017-08-22 22:34:05.778163+0800 | 192.168.122.201 | 49233 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:34:05.778163+0800 | 192.168.122.201 | 49233 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:33:59.138487+0800 | 192.168.122.201 | 49232 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:33:59.138487+0800 | 192.168.122.201 | 49232 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:34:06.080210+0800 | 192.168.122.201 | 49233 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
2017-08-22 22:33:59.405210+0800 | 192.168.122.201 | 49232 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
2017-08-22 22:34:07.150199+0800 | 192.168.122.201 | 49234 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
2017-08-22 22:34:07.150199+0800 | 192.168.122.201 | 49234 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
2017-08-22 22:34:07.444795+0800 | 192.168.122.201 | 49234 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
No TLS
No Suricata HTTP
文件名 | 94D355F270963256450765 |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Temp\94D355F270963256450765
|
文件大小 | 38 字节 |
文件类型 | ASCII text, with no line terminators |
MD5 | 65049f4c4c1aa9b8aeb988d0619ded8a |
SHA1 | 0da4845b935838efc0afcfe75b10e5724eaa60c3 |
SHA256 | 10f748895d50d4f3174f5b77ae42a932606592694ccafcc3edf0c8e877ba4c52 |
CRC32 | 173D9D27 |
Ssdeep | 3:oNmWfkiE2J5xAImACn:oNm+kn23fyn |
下载 提交魔盾安全分析 显示文本 | |
C:\Users\test\AppData\Local\Temp\1.exe |
文件名 | 94D355F270963256450765.exe |
---|---|
相关文件 |
C:\Users\test\AppData\Roaming\94D355F270963256450765\94D355F270963256450765.exe
|
文件大小 | 246784 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | 4e3b8920c730df878b149a30d35d7163 |
SHA1 | 040a4158da904705b38fe7c943c7fc2d674da6e7 |
SHA256 | 47cf31a80061edd87d99518298951f3a71ead96ec3153728f68199d6a0bc303f |
CRC32 | 2701284A |
Ssdeep | 6144:tRnXlF9dSmU2D22k2222f2222H222282222w2222L2222A2222Z2222O2222fbmE:txXPGmU2D22k2222f2222H222282222t |
Yara |
|
下载 提交魔盾安全分析 |
文件名 | 94D355F27096325645076532 |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Temp\94D355F27096325645076532
|
文件大小 | 62464 字节 |
文件类型 | data |
MD5 | 731bab3d3508aa0869f0342a9aa11467 |
SHA1 | 282d224b57ab4a35d687e33068b940179b9462ba |
SHA256 | fe82efee93de3a80e9854454877c8f4daa2b95c1286b075bc7981a32ae334c12 |
CRC32 | EDC97B7B |
Ssdeep | 1536:02kWr0SOTOKvxfWtn9Hc01Ry6snFLGy5z695uCQDP:02k/SYOIxfKH1DsnFLGwzc5u3 |
下载 提交魔盾安全分析 |
文件名 | 94D355F27096325645076564 |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Temp\94D355F27096325645076564
|
文件大小 | 47616 字节 |
文件类型 | data |
MD5 | 41791bdffdc74441046c87471d4e0091 |
SHA1 | 3cb7569e4683882f6f500eaf6d27f485b27f2ac3 |
SHA256 | e9888ee3f8bae9be5872ed965446ae2f52ce1eca2dd3db9deec1a28a6e286983 |
CRC32 | 1133678C |
Ssdeep | 768:Yx4Wh2GZ+FX+qXpiEGiyJcl1bfNRjcOOVyE2yy5rUmz06LmZ61034AWeAJrGZrop:Yx4WIGZ+Yq3GAXNsyExCrRn1npegrGZq |
下载 提交魔盾安全分析 |
文件名 | prefs.js |
---|---|
相关文件 |
C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\i072kp8z.default-1494515848972\prefs.js
|
文件大小 | 19089 字节 |
文件类型 | ASCII text, with very long lines, with CRLF line terminators |
MD5 | d4161f93e43e4f9423c9bf8e0e684b0b |
SHA1 | b8ba7dd66d06b0f3e79fd311282776642394b8b5 |
SHA256 | d2a3dffffcf6fe4196b3c1a75d0b3d62932f971ec81c8b3e20def295d5f978cf |
CRC32 | F90281F3 |
Ssdeep | 192:VHzTgv5+adaIMC6EMJu6w1tF1xKRVD5+jzYfY76D1hWZz87l8z9BgHfivGIPD:NXs1tFjKH4jkQicZzOle9BofwGSD |
Yara |
|
下载 提交魔盾安全分析 显示文本 | |
# Mozilla User Preferences /* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see http://www.mozilla.org/unix/customizing.html#prefs */ user_pref("app.update.auto", false); user_pref("app.update.enabled", false); user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1494516579); user_pref("app.update.lastUpdateTime.background-update-timer", 1496022491); user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1494516701); user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1495632979); user_pref("app.update.lastUpdateTime.experiments-update-timer", 1494516459); user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1495633099); user_pref("app.update.lastUpdateTime.xpi-signature-verification", 1494516821); user_pref("app.update.service.enabled", false); user_pref("browser.cache.disk.capacity", 358400); user_pref("browser.cache.disk.filesystem_reported", 1); user_pref("browser.cache.disk.smart_size.first_run", false); user_pref("browser.cache.disk.smart_size.use_old_max", false); user_pref("browser.cache.disk.smart_size_cached_value", 614400); user_pref("browser.cache.frecency_experiment", 2); user_pref("browser.download.importedFromSqlite", true); user_pref("browser.link.open_newwindow", 2); user_pref("browser.migrated-sync-button", true); user_pref("browser.migration.version", 37); user_pref("browser.newtabpage.enhanced", true); user_pref("browser.newtabpage.storageVersion", 1); user_pref("browser.offline-apps.notify", false); user_pref("browser.pagethumbnails.storage_version", 3); user_pref("browser.places.smartBookmarksVersion", 7); user_pref("browser.preferences.advanced.selectedTabIndex", 3); user_pref("browser.rights.3.shown", true); user_pref("browser.safebrowsing.enabled", false); user_pref("browser.safebrowsing.malware.enabled", false); user_pref("browser.safebrowsing.provider.baidu.lastupdatetime", "1494517226569"); user_pref("browser.safebrowsing.provider.baidu.nextupdatetime", "1494518397569"); user_pref("browser.search.countryCode", "CN"); user_pref("browser.search.region", "CN"); user_pref("browser.search.suggest.enabled", false); user_pref("browser.search.update", false); user_pref("browser.sessionstore.upgradeBackup.latestBuildID", "20161031133903"); user_pref("browser.shell.checkDefaultBrowser", false); user_pref("browser.shell.defaultBrowserCheckCount", 1); user_pref("browser.slowStartup.averageTime", 8217); user_pref("browser.slowStartup.samples", 1); user_pref("browser.startup.homepage", "about:blank"); user_pref("browser.startup.homepage_override.buildID", "20121011153109"); user_pref("browser.startup.homepage_override.mstone", "rv:10.0.9"); user_pref("browser.tabs.loadInBackground", false); user_pref("browser.tabs.warnOnClose", false); user_pref("browser.tabs.warnOnOpen", false); user_pref("browser.taskbar.lastgroupid", "E7CF176E110C211B"); user_pref("browser.toolbarbuttons.introduced.pocket-button", true); user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-button\",\"history-panelmenu\",\"fullscreen-button\",\"find-button\",\"preferences-button\",\"add-ons-button\",\"developer-button\",\"commonfix\",\"sync-button\"],\"addon-bar\":[\"addonbar-closebutton\",\"status-bar\"],\"PersonalToolbar\":[\"personal-bookmarks\",\"mozcn-mobile-bookmarks-button\"],\"nav-bar\":[\"urlbar-container\",\"search-container\",\"bookmarks-menu-button\",\"downloads-button\",\"home-button\",\"ce-undo-close-toolbar-button\",\"ce_easyscreenshot\"],\"TabsToolbar\":[\"tabbrowser-tabs\",\"new-tab-button\",\"alltabs-button\"],\"toolbar-menubar\":[\"menubar-items\"]},\"seen\":[\"commonfix\",\"pocket-button\",\"loop-button\",\"mozcn-mobile-bookmarks-button\",\"ce-undo-close-toolbar-button\",\"ce_easyscreenshot\"],\"dirtyAreaCache\":[\"PersonalToolbar\",\"nav-bar\",\"TabsToolbar\",\"toolbar-menubar\",\"PanelUI-contents\",\"addon-bar\"],\"currentVersion\":6,\"newElementCount\":0}"); user_pref("cpmanager@mozillaonline.com.switch_fxa_pref.checked", true); user_pref("datareporting.healthreport.nextDataSubmissionTime", "1494602265106"); user_pref("datareporting.healthreport.service.firstRun", true); user_pref("datareporting.healthreport.uploadEnabled", false); user_pref("datareporting.policy.dataSubmissionPolicyAcceptedVersion", 2); user_pref("datareporting.policy.dataSubmissionPolicyNotifiedTime", "1494515906292"); user_pref("datareporting.policy.firstRunTime", "1494515865105"); user_pref("datareporting.sessions.current.activeTicks", 62); user_pref("datareporting.sessions.current.clean", true); user_pref("datareporting.sessions.current.firstPaint", 7845); user_pref("datareporting.sessions.current.main", 1124); user_pref("datareporting.sessions.current.sessionRestored", 8665); user_pref("datareporting.sessions.current.startTime", "1495632854199"); user_pref("datareporting.sessions.current.totalTime", 341); user_pref("datareporting.sessions.currentIndex", 5); user_pref("datareporting.sessions.previous.0", "{\"s\":1494515848885,\"a\":4,\"t\":39,\"c\":true,\"m\":67,\"fp\":843,\"sr\":22445}"); user_pref("datareporting.sessions.previous.1", "{\"s\":1494515894233,\"a\":14,\"t\":70,\"c\":true,\"m\":93,\"fp\":1808,\"sr\":2060}"); user_pref("datareporting.sessions.previous.2", "{\"s\":1494515969084,\"a\":41,\"t\":1134,\"c\":true,\"m\":93,\"fp\":1431,\"sr\":1769}"); user_pref("datareporting.sessions.previous.3", "{\"s\":1494517107439,\"a\":7,\"t\":100,\"c\":true,\"m\":391,\"fp\":13377,\"sr\":13647}"); user_pref("datareporting.sessions.previous.4", "{\"s\":1494517214010,\"a\":32,\"t\":162,\"c\":true,\"m\":156,\"fp\":3331,\"sr\":3548}"); user_pref("distribution.MozillaOnline.bookmarksProcessed", true); user_pref("dom.apps.reset-permissions", true); user_pref("dom.disable_open_during_load", false); user_pref("dom.mozApps.used", true); user_pref("e10s.rollout.cohort", "unsupportedChannel"); user_pref("experiments.activeExperiment", false); user_pref("extensions.addoninstaller.installation.completedtime", "30496226305439104"); user_pref("extensions.addoninstaller.null", false); user_pref("extensions.addoninstaller.personas@mozillaonline.com", false); user_pref("extensions.addoninstaller.quicklaunch@mozillaonline.com", false); user_pref("extensions.addoninstaller.share_all_cn@mozillaonline.com", false); user_pref("extensions.addoninstaller.xthunder@lshai.com", false); user_pref("extensions.addoninstaller.youdao-translate@mozillaonline.com", false); user_pref("extensions.addonnotification.default_rules_version", "0.7"); user_pref("extensions.blocklist.pingCountTotal", 2); user_pref("extensions.blocklist.pingCountVersion", -1); user_pref("extensions.bootstrappedAddons", "{}"); user_pref("extensions.cmimprove.features.sanitize.show", true); user_pref("extensions.coba.official.filterlist", "*.icbc.com.cn* *.abchina.com* *.95599.cn* *.ecitic.com* *.cebbank.com* *.bankcomm.com* *.95559.com.cn* *.hxb.com.cn* *.psbc.com* *.bankofbeijing.com.cn* *.srcb.com* *.bankofshanghai.com* *.hzbank.com.cn* *.bjrcb.com* *.fudian-bank.com* *.wzcb.com.cn* *.cbhb.com.cn* *.njcb.com.cn* *.ccfccb.cn* *.nbcb.com.cn* *.chinastock.com.cn* *member.chinaacc.com//selectcourse/confirmSelect.shtm?* *toefl.etest.net.cn/*/SelectFeeType* *vpn.chinasafety.gov.cn/* *duiyi.sina.com.cn/giboview/giboview.asp?* *bjrbj.gov.cn/*"); user_pref("extensions.commonfix@mozillaonline.com.sdk.baseURI", "resource://commonfix-at-mozillaonline-dot-com/"); user_pref("extensions.commonfix@mozillaonline.com.sdk.domain", "commonfix-at-mozillaonline-dot-com"); user_pref("extensions.commonfix@mozillaonline.com.sdk.load.reason", "startup"); user_pref("extensions.commonfix@mozillaonline.com.sdk.rootURI", "jar:file:///C:/Users/test/AppData/Roaming/Mozilla/Firefox/Profiles/i072kp8z.default-1494515848972/extensions/commonf <truncated> |
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 111357 |
---|---|
Mongo ID | 599c4106a093ef39d7c526d5 |
Cuckoo release | 1.4-Maldun |