分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
URL win7-sp1-x64-shaapp01-1 2017-12-13 14:58:36 2017-12-13 15:00:55 139 秒

魔盾分数

3.35

可疑的

URL详细信息

URL
URL专业沙箱检测 -> http://mawanlis.3vfree.com/
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
104.17.176.200 美国
117.18.237.29 亚洲太平洋地区
140.205.158.4 中国
140.205.60.79 中国
140.205.94.22 中国
168.235.251.214 美国
183.136.212.50 中国
222.186.49.191 未知 中国
222.186.49.224 中国
58.215.145.188 中国
65.55.5.170 未知 美国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
mawanlis.3vfree.com 未知 A 168.235.251.214
www.3v.do 未知 A 222.186.49.191
CNAME www.3v.do.w.kunlunar.com
s9.cnzz.com A 222.186.49.224
CNAME all.cnzz.com.danuoyi.tbcache.com
CNAME c.cnzz.com
A 58.215.145.188
hzs10.cnzz.com A 140.205.60.79
CNAME z.cnzz.com
A 140.205.158.4
A 140.205.136.1
A 140.205.218.72
CNAME z12.cnzz.com
A 140.205.61.85
CNAME z.gds.cnzz.com
A 140.205.218.67
c.cnzz.com
www.microsoft.com CNAME e1863.ca2.s.tl88.net
CNAME www.microsoft.com-c-2.edgekey.net.globalredir.akadns.net
CNAME www.microsoft.com-c-2.edgekey.net
A 183.136.212.50
data.tvdownload.microsoft.com 未知 CNAME data.tvdownload.windowsmedia.com.akadns.net
A 65.55.5.170
ocsp.msocsp.com CNAME hostedocsp.globalsign.com
CNAME ocsp.globalsign.cloud
A 104.17.178.200
A 104.17.177.200
A 104.17.179.200
A 104.17.175.200
A 104.17.176.200
s4.cnzz.com 未知
ocsp.globalsign.com CNAME cdn.globalsigncdn.com
A 58.211.137.192
z11.cnzz.com
cnzz.mmstat.com A 140.205.94.22
CNAME gm.gds.mmstat.com
CNAME gm.mmstat.com
ocsp.digicert.com CNAME cs9.wac.phicdn.net
A 117.18.237.29

摘要

登录查看详细行为信息

WHOIS 信息

Name: li haigang
Country: CN
State: Beijing
City: bei jing
ZIP Code: 100100
Address: beijing shi

Orginization: li haigang
Domain Name(s):
    3VFREE.COM
    3vfree.com
Creation Date:
    2016-01-19 14:38:09
Updated Date:
    2016-12-14 12:07:35
    2016-01-19 14:38:09
Expiration Date:
    2018-01-19 14:38:09
Email(s):
    abuse@22.cn
    616909090@qq.com

Registrar(s):
    22NET, INC.
Name Server(s):
    F1G1NS1.DNSPOD.NET
    F1G1NS2.DNSPOD.NET
    f1g1ns1.dnspod.net
    f1g1ns2.dnspod.net
Referral URL(s):
    None
防病毒引擎/厂商 网站安全分析
CLEAN MX Clean Site
DNS8 Clean Site
MalwarePatrol Clean Site
ZDB Zeus Clean Site
Tencent Clean Site
Netcraft Unrated Site
desenmascara_me Clean Site
Dr_Web Clean Site
PhishLabs Unrated Site
Zerofox Clean Site
K7AntiVirus Clean Site
SecureBrain Clean Site
Virusdie External Site Scan Clean Site
SCUMWARE_org Clean Site
Quttera Clean Site
AegisLab WebGuard Clean Site
MalwareDomainList Clean Site
ZeusTracker Clean Site
zvelo Clean Site
Google Safebrowsing Malware Site
Kaspersky Unrated Site
BitDefender Clean Site
Certly Clean Site
G-Data Clean Site
C-SIRT Clean Site
OpenPhish Clean Site
Malware Domain Blocklist Clean Site
VX Vault Clean Site
Webutation Clean Site
Trustwave Clean Site
Web Security Guard Clean Site
CyRadar Clean Site
ADMINUSLabs Clean Site
Malwarebytes hpHosts Clean Site
Opera Clean Site
AlienVault Clean Site
Emsisoft Clean Site
Malc0de Database Clean Site
Phishtank Clean Site
Malwared Clean Site
Avira Malware Site
CyberCrime Clean Site
Antiy-AVL Clean Site
Forcepoint ThreatSeeker Unrated Site
FraudSense Clean Site
malwares_com URL checker Clean Site
Comodo Site Inspector Clean Site
Malekal Clean Site
ESET Clean Site
Sophos Malicious Site
Yandex Safebrowsing Clean Site
Spam404 Clean Site
Nucleon Clean Site
Sucuri SiteCheck Clean Site
Blueliv Clean Site
ZCloudsec Clean Site
AutoShun Unrated Site
ThreatHive Clean Site
FraudScore Clean Site
Rising Clean Site
URLQuery Clean Site
StopBadware Unrated Site
Fortinet Malware Site
ZeroCERT Clean Site
Baidu-International Clean Site
securolytics Clean Site

进程树

iexplore.exe, PID: 1576, 上一级进程 PID: 300
iexplore.exe, PID: 2308, 上一级进程 PID: 1576
iexplore.exe, PID: 2388, 上一级进程 PID: 1576
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
104.17.176.200 美国
117.18.237.29 亚洲太平洋地区
140.205.158.4 中国
140.205.60.79 中国
140.205.94.22 中国
168.235.251.214 美国
183.136.212.50 中国
222.186.49.191 未知 中国
222.186.49.224 中国
58.215.145.188 中国
65.55.5.170 未知 美国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49196 104.17.176.200 ocsp.msocsp.com 80
192.168.122.201 49283 104.86.110.50 80
192.168.122.201 49282 117.18.237.29 ocsp.digicert.com 80
192.168.122.201 49252 140.205.158.4 hzs10.cnzz.com 443
192.168.122.201 49254 140.205.94.22 cnzz.mmstat.com 443
192.168.122.201 49162 168.235.251.214 mawanlis.3vfree.com 80
192.168.122.201 49175 168.235.251.214 mawanlis.3vfree.com 80
192.168.122.201 49185 168.235.251.214 mawanlis.3vfree.com 80
192.168.122.201 49191 183.136.212.50 www.microsoft.com 80
192.168.122.201 49201 183.136.212.50 www.microsoft.com 80
192.168.122.201 49181 222.186.49.191 www.3v.do 80
192.168.122.201 49217 222.186.49.191 www.3v.do 80
192.168.122.201 49222 222.186.49.191 www.3v.do 80
192.168.122.201 49223 222.186.49.191 www.3v.do 80
192.168.122.201 49229 222.186.49.191 www.3v.do 80
192.168.122.201 49230 222.186.49.191 www.3v.do 80
192.168.122.201 49231 222.186.49.191 www.3v.do 80
192.168.122.201 49232 222.186.49.191 www.3v.do 80
192.168.122.201 49233 222.186.49.191 www.3v.do 80
192.168.122.201 49234 222.186.49.191 www.3v.do 80
192.168.122.201 49253 222.186.49.191 www.3v.do 80
192.168.122.201 49263 222.186.49.191 www.3v.do 80
192.168.122.201 49264 222.186.49.191 www.3v.do 80
192.168.122.201 49265 222.186.49.191 www.3v.do 80
192.168.122.201 49266 222.186.49.191 www.3v.do 80
192.168.122.201 49267 222.186.49.191 www.3v.do 80
192.168.122.201 49268 222.186.49.191 www.3v.do 80
192.168.122.201 49271 222.186.49.191 www.3v.do 80
192.168.122.201 49276 222.186.49.191 www.3v.do 80
192.168.122.201 49170 222.186.49.224 s9.cnzz.com 80
192.168.122.201 49249 58.211.137.192 ocsp.globalsign.com 80
192.168.122.201 49250 58.211.137.192 ocsp.globalsign.com 80
192.168.122.201 49261 58.211.137.192 ocsp.globalsign.com 80
192.168.122.201 49247 58.215.145.188 s9.cnzz.com 443
192.168.122.201 49251 58.215.145.188 s9.cnzz.com 443
192.168.122.201 49194 65.55.5.170 data.tvdownload.microsoft.com 443
192.168.122.201 49199 65.55.5.170 data.tvdownload.microsoft.com 443
192.168.122.201 49202 65.55.5.170 data.tvdownload.microsoft.com 443
192.168.122.201 49204 65.55.5.170 data.tvdownload.microsoft.com 443
192.168.122.201 49207 65.55.5.170 data.tvdownload.microsoft.com 443
192.168.122.201 49209 65.55.5.170 data.tvdownload.microsoft.com 443
192.168.122.201 49211 65.55.5.170 data.tvdownload.microsoft.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49782 192.168.122.1 53
192.168.122.201 51023 192.168.122.1 53
192.168.122.201 51070 192.168.122.1 53
192.168.122.201 51694 192.168.122.1 53
192.168.122.201 52576 192.168.122.1 53
192.168.122.201 52640 192.168.122.1 53
192.168.122.201 53253 192.168.122.1 53
192.168.122.201 53294 192.168.122.1 53
192.168.122.201 54275 192.168.122.1 53
192.168.122.201 55072 192.168.122.1 53
192.168.122.201 55542 192.168.122.1 53
192.168.122.201 58394 192.168.122.1 53
192.168.122.201 59418 192.168.122.1 53
192.168.122.201 59795 192.168.122.1 53
192.168.122.201 61274 192.168.122.1 53
192.168.122.201 62669 192.168.122.1 53
192.168.122.201 64810 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
mawanlis.3vfree.com 未知 A 168.235.251.214
www.3v.do 未知 A 222.186.49.191
CNAME www.3v.do.w.kunlunar.com
s9.cnzz.com A 222.186.49.224
CNAME all.cnzz.com.danuoyi.tbcache.com
CNAME c.cnzz.com
A 58.215.145.188
hzs10.cnzz.com A 140.205.60.79
CNAME z.cnzz.com
A 140.205.158.4
A 140.205.136.1
A 140.205.218.72
CNAME z12.cnzz.com
A 140.205.61.85
CNAME z.gds.cnzz.com
A 140.205.218.67
c.cnzz.com
www.microsoft.com CNAME e1863.ca2.s.tl88.net
CNAME www.microsoft.com-c-2.edgekey.net.globalredir.akadns.net
CNAME www.microsoft.com-c-2.edgekey.net
A 183.136.212.50
data.tvdownload.microsoft.com 未知 CNAME data.tvdownload.windowsmedia.com.akadns.net
A 65.55.5.170
ocsp.msocsp.com CNAME hostedocsp.globalsign.com
CNAME ocsp.globalsign.cloud
A 104.17.178.200
A 104.17.177.200
A 104.17.179.200
A 104.17.175.200
A 104.17.176.200
s4.cnzz.com 未知
ocsp.globalsign.com CNAME cdn.globalsigncdn.com
A 58.211.137.192
z11.cnzz.com
cnzz.mmstat.com A 140.205.94.22
CNAME gm.gds.mmstat.com
CNAME gm.mmstat.com
ocsp.digicert.com CNAME cs9.wac.phicdn.net
A 117.18.237.29

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49196 104.17.176.200 ocsp.msocsp.com 80
192.168.122.201 49283 104.86.110.50 80
192.168.122.201 49282 117.18.237.29 ocsp.digicert.com 80
192.168.122.201 49252 140.205.158.4 hzs10.cnzz.com 443
192.168.122.201 49254 140.205.94.22 cnzz.mmstat.com 443
192.168.122.201 49162 168.235.251.214 mawanlis.3vfree.com 80
192.168.122.201 49175 168.235.251.214 mawanlis.3vfree.com 80
192.168.122.201 49185 168.235.251.214 mawanlis.3vfree.com 80
192.168.122.201 49191 183.136.212.50 www.microsoft.com 80
192.168.122.201 49201 183.136.212.50 www.microsoft.com 80
192.168.122.201 49181 222.186.49.191 www.3v.do 80
192.168.122.201 49217 222.186.49.191 www.3v.do 80
192.168.122.201 49222 222.186.49.191 www.3v.do 80
192.168.122.201 49223 222.186.49.191 www.3v.do 80
192.168.122.201 49229 222.186.49.191 www.3v.do 80
192.168.122.201 49230 222.186.49.191 www.3v.do 80
192.168.122.201 49231 222.186.49.191 www.3v.do 80
192.168.122.201 49232 222.186.49.191 www.3v.do 80
192.168.122.201 49233 222.186.49.191 www.3v.do 80
192.168.122.201 49234 222.186.49.191 www.3v.do 80
192.168.122.201 49253 222.186.49.191 www.3v.do 80
192.168.122.201 49263 222.186.49.191 www.3v.do 80
192.168.122.201 49264 222.186.49.191 www.3v.do 80
192.168.122.201 49265 222.186.49.191 www.3v.do 80
192.168.122.201 49266 222.186.49.191 www.3v.do 80
192.168.122.201 49267 222.186.49.191 www.3v.do 80
192.168.122.201 49268 222.186.49.191 www.3v.do 80
192.168.122.201 49271 222.186.49.191 www.3v.do 80
192.168.122.201 49276 222.186.49.191 www.3v.do 80
192.168.122.201 49170 222.186.49.224 s9.cnzz.com 80
192.168.122.201 49249 58.211.137.192 ocsp.globalsign.com 80
192.168.122.201 49250 58.211.137.192 ocsp.globalsign.com 80
192.168.122.201 49261 58.211.137.192 ocsp.globalsign.com 80
192.168.122.201 49247 58.215.145.188 s9.cnzz.com 443
192.168.122.201 49251 58.215.145.188 s9.cnzz.com 443
192.168.122.201 49194 65.55.5.170 data.tvdownload.microsoft.com 443
192.168.122.201 49199 65.55.5.170 data.tvdownload.microsoft.com 443
192.168.122.201 49202 65.55.5.170 data.tvdownload.microsoft.com 443
192.168.122.201 49204 65.55.5.170 data.tvdownload.microsoft.com 443
192.168.122.201 49207 65.55.5.170 data.tvdownload.microsoft.com 443
192.168.122.201 49209 65.55.5.170 data.tvdownload.microsoft.com 443
192.168.122.201 49211 65.55.5.170 data.tvdownload.microsoft.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49782 192.168.122.1 53
192.168.122.201 51023 192.168.122.1 53
192.168.122.201 51070 192.168.122.1 53
192.168.122.201 51694 192.168.122.1 53
192.168.122.201 52576 192.168.122.1 53
192.168.122.201 52640 192.168.122.1 53
192.168.122.201 53253 192.168.122.1 53
192.168.122.201 53294 192.168.122.1 53
192.168.122.201 54275 192.168.122.1 53
192.168.122.201 55072 192.168.122.1 53
192.168.122.201 55542 192.168.122.1 53
192.168.122.201 58394 192.168.122.1 53
192.168.122.201 59418 192.168.122.1 53
192.168.122.201 59795 192.168.122.1 53
192.168.122.201 61274 192.168.122.1 53
192.168.122.201 62669 192.168.122.1 53
192.168.122.201 64810 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://mawanlis.3vfree.com/ 
GET / HTTP/1.1
Accept: */*
Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=23&ved=0CCEQfjSFRNZXhSdG96akJCbE9OTWdW&url=http%3A%2F%2Fmawanlis.3vfree.com%2F&ei=a21WemtoU1BtSFJB&usg=AFQjTVJNREVTR1R5aEtn
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: mawanlis.3vfree.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://s9.cnzz.com/stat.php?id=986628&web_id=986628 
GET /stat.php?id=986628&web_id=986628 HTTP/1.1
Accept: */*
Referer: http://mawanlis.3vfree.com/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: s9.cnzz.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://mawanlis.3vfree.com/img/index_10.png 
GET /img/index_10.png HTTP/1.1
Accept: */*
Referer: http://mawanlis.3vfree.com/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: mawanlis.3vfree.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://www.3v.do/ad/ad.js 
GET /ad/ad.js HTTP/1.1
Accept: */*
Referer: http://mawanlis.3vfree.com/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.3v.do
Connection: Keep-Alive
URL专业沙箱检测 -> http://www.3v.do/images/piao.gif 
GET /images/piao.gif HTTP/1.1
Accept: */*
Referer: http://mawanlis.3vfree.com/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.3v.do
Connection: Keep-Alive
URL专业沙箱检测 -> http://mawanlis.3vfree.com/favicon.ico 
GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: mawanlis.3vfree.com
Connection: Keep-Alive
Cookie: UM_distinctid=160501080382c1-0559f9615a0844-26596859-75300-160501080476ed; CNZZDATA986628=cnzz_eid%3D1602959337-1513146689-%26ntime%3D1513146689
URL专业沙箱检测 -> http://www.microsoft.com/ 
GET / HTTP/1.1
Host: www.microsoft.com
Connection: Close
URL专业沙箱检测 -> http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0AAO%2FxE5PyQlBerOAAAAAA7%2FE%3D 
GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0AAO%2FxE5PyQlBerOAAAAAA7%2FE%3D HTTP/1.1
Cache-Control: max-age = 10800
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 06 Dec 2017 07:11:24 GMT
If-None-Match: "a602f001a25d1ece86269d16668acccb0791bbc6"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.msocsp.com
URL专业沙箱检测 -> http://www.3v.do/ 
GET / HTTP/1.1
Accept: */*
Referer: http://mawanlis.3vfree.com/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.3v.do
Connection: Keep-Alive
URL专业沙箱检测 -> http://www.3v.do/css/header.css 
GET /css/header.css HTTP/1.1
Accept: */*
Referer: http://www.3v.do/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.3v.do
Connection: Keep-Alive
URL专业沙箱检测 -> http://www.3v.do/user/login/login.asp 
GET /user/login/login.asp HTTP/1.1
Accept: */*
Referer: http://www.3v.do/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.3v.do
Connection: Keep-Alive
URL专业沙箱检测 -> http://www.3v.do/images/snav_icon1.png 
GET /images/snav_icon1.png HTTP/1.1
Accept: */*
Referer: http://www.3v.do/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.3v.do
Connection: Keep-Alive
Cookie: ASPSESSIONIDAQADQBRQ=HNFNICGAHEPELBNGMNLDCKKO
URL专业沙箱检测 -> http://www.3v.do/js/jquery.slide-zool.js 
GET /js/jquery.slide-zool.js HTTP/1.1
Accept: */*
Referer: http://www.3v.do/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.3v.do
Connection: Keep-Alive
Cookie: ASPSESSIONIDAQADQBRQ=HNFNICGAHEPELBNGMNLDCKKO
URL专业沙箱检测 -> http://www.3v.do/images/snav_icon7.png 
GET /images/snav_icon7.png HTTP/1.1
Accept: */*
Referer: http://www.3v.do/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.3v.do
Connection: Keep-Alive
Cookie: ASPSESSIONIDAQADQBRQ=HNFNICGAHEPELBNGMNLDCKKO
URL专业沙箱检测 -> http://www.3v.do/images/snav_icon5.png 
GET /images/snav_icon5.png HTTP/1.1
Accept: */*
Referer: http://www.3v.do/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.3v.do
Connection: Keep-Alive
Cookie: ASPSESSIONIDAQADQBRQ=HNFNICGAHEPELBNGMNLDCKKO
URL专业沙箱检测 -> http://www.3v.do/images/snav_icon9.png 
GET /images/snav_icon9.png HTTP/1.1
Accept: */*
Referer: http://www.3v.do/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.3v.do
Connection: Keep-Alive
Cookie: ASPSESSIONIDAQADQBRQ=HNFNICGAHEPELBNGMNLDCKKO
URL专业沙箱检测 -> http://www.3v.do/images/snav_icon11.png 
GET /images/snav_icon11.png HTTP/1.1
Accept: */*
Referer: http://www.3v.do/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.3v.do
Connection: Keep-Alive
Cookie: ASPSESSIONIDAQADQBRQ=HNFNICGAHEPELBNGMNLDCKKO
URL专业沙箱检测 -> http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH 
GET /rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.globalsign.com
URL专业沙箱检测 -> http://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDD6XR06G9IA4Y4Qtog%3D%3D 
GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDD6XR06G9IA4Y4Qtog%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com
URL专业沙箱检测 -> http://www.3v.do/favicon.ico 
GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.3v.do
Connection: Keep-Alive
Cookie: ASPSESSIONIDAQADQBRQ=HNFNICGAHEPELBNGMNLDCKKO; CNZZDATA1260071498=485316748-1513145497-null%7C1513145497
URL专业沙箱检测 -> http://www.3v.do/news/119.html 
GET /news/119.html HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://www.3v.do/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.3v.do
Connection: Keep-Alive
Cookie: ASPSESSIONIDAQADQBRQ=HNFNICGAHEPELBNGMNLDCKKO; CNZZDATA1260071498=485316748-1513145497-null%7C1513145497
URL专业沙箱检测 -> http://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDCEZ6EcKSUj3PwWCFw%3D%3D 
GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDCEZ6EcKSUj3PwWCFw%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com
URL专业沙箱检测 -> http://www.3v.do/images/tophot.gif 
GET /images/tophot.gif HTTP/1.1
Accept: */*
Referer: http://www.3v.do/news/119.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.3v.do
Connection: Keep-Alive
Cookie: ASPSESSIONIDAQADQBRQ=HNFNICGAHEPELBNGMNLDCKKO; CNZZDATA1260071498=485316748-1513145497-null%7C1513145497
URL专业沙箱检测 -> http://www.3v.do/js/sl.js 
GET /js/sl.js HTTP/1.1
Accept: */*
Referer: http://www.3v.do/news/119.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.3v.do
Connection: Keep-Alive
Cookie: ASPSESSIONIDAQADQBRQ=HNFNICGAHEPELBNGMNLDCKKO; CNZZDATA1260071498=485316748-1513145497-null%7C1513145497
URL专业沙箱检测 -> http://www.3v.do/images/qq/qq.gif 
GET /images/qq/qq.gif HTTP/1.1
Accept: */*
Referer: http://www.3v.do/news/119.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.3v.do
Connection: Keep-Alive
Cookie: ASPSESSIONIDAQADQBRQ=HNFNICGAHEPELBNGMNLDCKKO; CNZZDATA1260071498=485316748-1513145497-null%7C1513145497
URL专业沙箱检测 -> http://www.3v.do/images/ico_tuijian.gif 
GET /images/ico_tuijian.gif HTTP/1.1
Accept: */*
Referer: http://www.3v.do/news/119.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.3v.do
Connection: Keep-Alive
Cookie: ASPSESSIONIDAQADQBRQ=HNFNICGAHEPELBNGMNLDCKKO; CNZZDATA1260071498=485316748-1513145497-null%7C1513145497
URL专业沙箱检测 -> http://www.3v.do/images/nav_bg.png 
GET /images/nav_bg.png HTTP/1.1
Accept: */*
Referer: http://www.3v.do/news/119.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.3v.do
Connection: Keep-Alive
Cookie: ASPSESSIONIDAQADQBRQ=HNFNICGAHEPELBNGMNLDCKKO; CNZZDATA1260071498=485316748-1513145497-null%7C1513145497
URL专业沙箱检测 -> http://www.3v.do/images/logo.png 
GET /images/logo.png HTTP/1.1
Accept: */*
Referer: http://www.3v.do/news/119.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.3v.do
Connection: Keep-Alive
Cookie: ASPSESSIONIDAQADQBRQ=HNFNICGAHEPELBNGMNLDCKKO; CNZZDATA1260071498=485316748-1513145497-null%7C1513145497
URL专业沙箱检测 -> http://www.3v.do/images/weixin.png 
GET /images/weixin.png HTTP/1.1
Accept: */*
Referer: http://www.3v.do/news/119.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.3v.do
Connection: Keep-Alive
Cookie: ASPSESSIONIDAQADQBRQ=HNFNICGAHEPELBNGMNLDCKKO; CNZZDATA1260071498=485316748-1513145497-null%7C1513145497
URL专业沙箱检测 -> http://www.3v.do/images/nav_hover.png 
GET /images/nav_hover.png HTTP/1.1
Accept: */*
Referer: http://www.3v.do/news/119.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.3v.do
Connection: Keep-Alive
Cookie: ASPSESSIONIDAQADQBRQ=HNFNICGAHEPELBNGMNLDCKKO; CNZZDATA1260071498=485316748-1513145497-null%7C1513145497
URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1
Cache-Control: max-age = 172800
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 06 Dec 2017 00:22:31 GMT
If-None-Match: "5a273847-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
URL专业沙箱检测 -> http://crl.microsoft.com/pki/crl/products/tspca.crl 
GET /pki/crl/products/tspca.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 24 May 2014 05:04:54 GMT
If-None-Match: "8ab194b3d77cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1
Cache-Control: max-age = 172800
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 02 Sep 2017 10:30:03 GMT
If-None-Match: "59aa882b-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

Timestamp Source IP Source Port Destination IP Destination Port Protocol SID Signature Category
2017-12-13 14:59:00.174299+0800 183.136.212.50 80 192.168.122.201 49191 TCP 2012692 ET POLICY Microsoft user-agent automated process response to automated request A Network Trojan was detected
2017-12-13 14:59:05.972266+0800 183.136.212.50 80 192.168.122.201 49201 TCP 2012692 ET POLICY Microsoft user-agent automated process response to automated request A Network Trojan was detected

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2017-12-13 14:59:02.540116+0800 192.168.122.201 49194 65.55.5.170 443 TLSv1 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5
2017-12-13 14:59:06.537995+0800 192.168.122.201 49202 65.55.5.170 443 TLSv1 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5
2017-12-13 14:59:10.335104+0800 192.168.122.201 49209 65.55.5.170 443 TLSv1 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5
2017-12-13 14:59:04.912325+0800 192.168.122.201 49199 65.55.5.170 443 TLSv1 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5
2017-12-13 14:59:07.905409+0800 192.168.122.201 49204 65.55.5.170 443 TLSv1 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5
2017-12-13 14:59:15.960265+0800 192.168.122.201 49247 58.215.145.188 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.cnzz.com e4:29:80:20:63:63:5b:40:99:3b:a2:1b:de:7d:11:20:60:af:6a:46
2017-12-13 14:59:16.813747+0800 192.168.122.201 49254 140.205.94.22 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.mmstat.com f2:25:f6:85:ba:93:b6:95:95:dc:3f:6c:c8:be:d1:c1:7f:32:df:3d
2017-12-13 14:59:16.488332+0800 192.168.122.201 49252 140.205.158.4 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.cnzz.com e4:29:80:20:63:63:5b:40:99:3b:a2:1b:de:7d:11:20:60:af:6a:46
2017-12-13 14:59:16.502603+0800 192.168.122.201 49251 58.215.145.188 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.cnzz.com e4:29:80:20:63:63:5b:40:99:3b:a2:1b:de:7d:11:20:60:af:6a:46

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
文件名 nav_hover[1].png
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\nav_hover[1].png
文件大小 2863 字节
文件类型 PNG image data, 98 x 40, 8-bit/color RGBA, non-interlaced
MD5 9a6ff41a91a75d839f46a7361ccda41f
SHA1 f31a8a7d288f973b20a9eb9311faae6883346678
SHA256 f6894521765712222026e0601c307c34eeb6aa02cb8b06182e40459b78a56e70
CRC32 EFC7EC5F
Ssdeep 48:T/6qbllck+itY5vm7I6Wzv9UAOb57C1cSMIg6lc3d+0UWHdVG/jJtFo3/d7KjI:TSMllcHitlIxv9vk7C1+I4wWHLihk/x/
下载提交魔盾安全分析
文件名 snav_icon5[1].png
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\snav_icon5[1].png
文件大小 1209 字节
文件类型 PNG image data, 10 x 12, 8-bit/color RGBA, non-interlaced
MD5 1fa43a5ebcc018f05d47982ccd41b32a
SHA1 6fd80920d4ecb0ba5c831f2e3020567e75e566b8
SHA256 2e60d8bd18fb9238178dcfd0d5860495280fa591417dc96475c6affa0dd9deb8
CRC32 2F416D25
Ssdeep 24:i3cy1he91Wwjx82lY2T3ouVID+eUcoyJ3Vuq+IGhZDMgthDn:nwqQNn2xqrJ3k06B7L
下载提交魔盾安全分析
文件名 {2087AED1-DFD3-11E7-A1F7-525400F9C664}.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2087AED1-DFD3-11E7-A1F7-525400F9C664}.dat
文件大小 6656 字节
文件类型 Composite Document File V2 Document, Cannot read section info
MD5 15357cab3f4c4799ff263abb0f99bbe6
SHA1 4dd41788e16ee782fa3a30e9f601ccc0717f558e
SHA256 edd5325298eefddacfa8552891bd555d7e3eab6c3d6704bb94988d791e151ce5
CRC32 D8E92ADC
Ssdeep 24:rsOjwZG8i82CNlZoVN1zxHtNio/LcWRl/YUl/5l/tqWLcyd05l/rl/wRQv6wA/Kr:rN6GLcoVjxNAoTXztqK6zZaQy7/Kr
下载提交魔盾安全分析
文件名 snav_icon9[1].png
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\snav_icon9[1].png
文件大小 1238 字节
文件类型 PNG image data, 11 x 11, 8-bit/color RGBA, non-interlaced
MD5 64c8336990541d828bc9587e642b5a62
SHA1 d6e9b52dadfddfff13614b533790b5ca9da16444
SHA256 b8f5e83c84e29087e376a9b2ecf6db1de7d4b018b57bb30fa5701ddcdac0ffa3
CRC32 B59431F7
Ssdeep 24:RAMDy1he91Wwjx82lY2T3ouVbFKxJ2yJ3V2K/bNG8FXQftKyP12dL9pCU2z:SmwqQNn2xstJ3Dp0KkShbE
下载提交魔盾安全分析
文件名 ad[1].js
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\ad[1].js
文件大小 5125 字节
文件类型 ASCII text, with CRLF line terminators
MD5 7cb961dc50e25a652c42afebbc9a0a78
SHA1 52047af5cd3b0a29af67e5d2ce21a26c6eed81bc
SHA256 8b1030f60f837aef0dbec78d3e6a9f838787fa3ce2cc52c4a5b9f44f9d8a03f2
CRC32 785AC5B0
Ssdeep 96:wJdQOyL7GyuLDy9tjK/O3+bhOz3nBaVw4SPs3ROr2ovJUyjNkoZd:wUOyLSWBYhc3x4sshqTRxL
Yara
  • Rule to detect the presence of an or several urls
  • Rule to detect the no presence of any attachment
  • Rule to detect the presence of an or several images
下载提交魔盾安全分析显示文本 
if (window==top){
var adnum_3v;
if (typeof(adnum_3v)=="undefined"){
var myobj=document.getElementsByTagName("script")
var str_3v="http://www.3v.do/ad/ad.js?id="
for (var i=0;i<myobj.length;i++){
if(myobj[i].src.indexOf(str_3v)>=0){
var myid=myobj[i].src.substring(29);
var zz = /^[0-9a-zA-Z]*$/g;
if(zz.test(myid)&&myid.length>=3&&myid.length<=12){
myid="?"+myid;}
else{
myid="";}
}
else{
myid="";
}
}
function c(){
document.getElementById("ad_3v").style.display="none";
}
function addEvent(obj,evtType,func,cap){ 
cap=cap||false; 
if(obj.addEventListener){ 
obj.addEventListener(evtType,func,cap); 
return true; 
}else if(obj.attachEvent){ 
if(cap){ 
obj.setCapture(); 
return true; 
}else{ 
return obj.attachEvent("on" + evtType,func); 
} 
}else{ 
return false; 
} 
}
function getPageScroll(){ 
var xScroll,yScroll; 
if (self.pageXOffset) { 
xScroll = self.pageXOffset; 
} else if (document.documentElement && document.documentElement.scrollLeft){ 
xScroll = document.documentElement.scrollLeft; 
} else if (document.body) { 
xScroll = document.body.scrollLeft; 
} 
if (self.pageYOffset) { 
yScroll = self.pageYOffset; 
} else if (document.documentElement && document.documentElement.scrollTop){ 
yScroll = document.documentElement.scrollTop; 
} else if (document.body) { 
yScroll = document.body.scrollTop; 
} 
arrayPageScroll = new Array(xScroll,yScroll); 
return arrayPageScroll; 
} 
function GetPageSize(){ 
var xScroll, yScroll; 
if (window.innerHeight && window.scrollMaxY) { 
xScroll = document.body.scrollWidth; 
yScroll = window.innerHeight + window.scrollMaxY; 
} else if (document.body.scrollHeight > document.body.offsetHeight){ 
xScroll = document.body.scrollWidth; 
yScroll = document.body.scrollHeight; 
} else { 
xScroll = document.body.offsetWidth; 
yScroll = document.body.offsetHeight; 
} 
var windowWidth, windowHeight; 
if (self.innerHeight) { 
windowWidth = self.innerWidth; 
windowHeight = self.innerHeight; 
} else if (document.documentElement && document.documentElement.clientHeight) { 
windowWidth = document.documentElement.clientWidth; 
windowHeight = document.documentElement.clientHeight; 
} else if (document.body) { 
windowWidth = document.body.clientWidth; 
windowHeight = document.body.clientHeight; 
} 
if(yScroll < windowHeight){ 
pageHeight = windowHeight; 
} else { 
pageHeight = yScroll; 
} 
if(xScroll < windowWidth){ 
pageWidth = windowWidth; 
} else { 
pageWidth = xScroll; 
} 
arrayPageSize = new Array(pageWidth,pageHeight,windowWidth,windowHeight) 
return arrayPageSize; 
} 
 
var AdMoveConfig=new Object(); 
AdMoveConfig.IsInitialized=false; 
AdMoveConfig.ScrollX=0; 
AdMoveConfig.ScrollY=0; 
AdMoveConfig.MoveWidth=0; 
AdMoveConfig.MoveHeight=0; 
AdMoveConfig.Resize=function(){ 
var winsize=GetPageSize(); 
AdMoveConfig.MoveWidth=winsize[2]; 
AdMoveConfig.MoveHeight=winsize[3]; 
AdMoveConfig.Scroll(); 
} 
AdMoveConfig.Scroll=function(){ 
var winscroll=getPageScroll(); 
AdMoveConfig.ScrollX=winscroll[0]; 
AdMoveConfig.ScrollY=winscroll[1]; 
} 
addEvent(window,"resize",AdMoveConfig.Resize); 
addEvent(window,"scroll",AdMoveConfig.Scroll); 
function AdMove(id){ 
if(!AdMoveConfig.IsInitialized){ 
AdMoveConfig.Resize(); 
AdMoveConfig.IsInitialized=true; 
} 
var obj=document.getElementById(id); 
obj.style.position="absolute"; 
var W=AdMoveConfig.MoveWidth-obj.offsetWidth; 
var H=AdMoveConfig.MoveHeight-obj.offsetHeight; 
var x = W*Math.random(),y = H*Math.random(); 
var rad=(Math.random()+1)*Math.PI/6; 
var kx=Math.sin(rad),ky=Math.cos(rad); 
var dirx = (Math.random()<0.5?1:-1), diry = (Math.random()<0.5?1:-1); 
var step = 1; 
var interval; 
this.SetLocation=function(vx,vy){x=vx;y=vy;} 
this.SetDirection=function(vx,vy){dirx=vx;diry=vy;} 
obj.CustomMethod=function(){ 
obj.style.left = (x + AdMoveConfig.ScrollX) + "px"; 
obj.style.top = (y + AdMoveConfig.ScrollY) + "px"; 
rad=(Math.random()+1)*Math.PI/6; 
W=AdMoveConfig.MoveWidth-obj.offsetWidth; 
H=AdMoveConfig.MoveHeight-obj.offsetHeight; 
x = x + step*kx*dirx; 
if (x < 0){dirx = 1;x = 0;kx=Math.sin(rad);ky=Math.cos(rad);} 
if (x > W){dirx = -1;x = W;kx=Math.sin(rad);ky=Math.cos(rad);} 
y = y + step*ky*diry; 
if (y < 0){diry = 1;y = 0;kx=Math.sin(rad);ky=Math.cos(rad);} 
if (y > H){diry = -1;y = H;kx=Math.sin(rad);ky=Math.cos(rad);} 
} 
this.Run=function(){ 
var delay = 30; 
interval=setInterval(obj.CustomMethod,delay); 
obj.onmouseover=function(){clearInterval(interval);} 
obj.onmouseout=function(){interval=setInterval(obj.CustomMethod, delay);} 
} 
} 
document.writeln("<DIV id=\"ad_3v\" style=\"z-index: "+1e10+"\"> ");
document.writeln("<A href=\"http://www.3v.do"+myid+"\" ");
document.writeln("target=\"_blank\"><IMG src=\"http://www.3v.do/images/piao.gif\" width=\"80\" height=\"80\" border=\"0\"></A> ");
document.writeln("<br><IMG onclick=\"c()\" src=\"http://www.3v.do/images/c.jpg\" width=\"80\" height=\"16\" border=\"0\"> ");
document.writeln("</DIV> ");
var ad_3v=new AdMove("ad_3v");
ad_3v.Run();
adnum_3v=Math.random();
}
}
文件名 {092A0624-DFD3-11E7-A1F7-525400F9C664}.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{092A0624-DFD3-11E7-A1F7-525400F9C664}.dat
文件大小 4608 字节
文件类型 Composite Document File V2 Document, Cannot read section info
MD5 2687ff23394b4e236308135b9dd0a8e4
SHA1 ab94d5fdc33cf139bcd765d5e0c13cfcbb8431d1
SHA256 48c59768fb0b7b099ad7759460486b9602a7ec224b8a99243ca5f32d732208ad
CRC32 73808595
Ssdeep 12:rlfFShrEgmfR16F+HrEgmfB1qjNlYfOo3+/Nlz9op:rWGbHGUNljowNlho
下载提交魔盾安全分析
文件名 index_10[1].png
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\index_10[1].png
文件大小 5974 字节
文件类型 PNG image data, 90 x 90, 8-bit/color RGBA, non-interlaced
MD5 e8d9ad2bfa295bef1eafa1470465025a
SHA1 ddbca19d9966cf925d02d146c920f68984088384
SHA256 6f13125541353211881f80881d00122931e27647c5c3dd39a752926f65d3c828
CRC32 2C18AE7A
Ssdeep 96:ySeIHE2NUecYG5Z+adNeIoyuDz4KeimwGrYhzypgSBHcI9wRDv53WJs1tDb+Nur:BZEbYG5ZlUxz4KsDrYRyxeI9wRDvL1BX
下载提交魔盾安全分析
文件名 ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
相关文件
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
文件大小 1518 字节
文件类型 data
MD5 c9f0b88dd397a963979f4e281788f992
SHA1 8afb0ae2145b7e32805aeab62c26715b4670a43b
SHA256 87ef64149b7a7df3995b9b0e4fe4ff0289870f512aca4a29daa08a1031fa506a
CRC32 2B472E5C
Ssdeep 24:hdsTaWC0nlLD2yUmcuCyNcK7Eike4zgVQruWQyVnoJsLXb/q1:hS2Wl5zXculNZEdeufuenoCr70
下载提交魔盾安全分析
文件名 login[1].htm
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\login[1].htm
文件大小 797 字节
文件类型 HTML document, ISO-8859 text, with CRLF line terminators
MD5 e884f39b1b84f367c931de2b825443a4
SHA1 4504c1d8d492ff97377df8aca4b6859607b9a8fe
SHA256 9a7ddf832cb2ae4b2e0741f98c228c778cce638f9a4b7ac8f4440e522dd25eb6
CRC32 6CB09DF8
Ssdeep 12:3a3JiHHK8TnvtMSgvXVTZcoJDcviDE2dyWy15gU06wQhJ9pJqC1V/:Xqr/N3ERkkhvF/
Yara
  • Rule to detect the no presence of any url
  • Rule to detect the no presence of any attachment
  • Rule to detect the no presence of any image
下载提交魔盾安全分析
文件名 stat[1].htm
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\stat[1].htm
文件大小 2 字节
文件类型 ASCII text, with no line terminators
MD5 444bcb3a3fcf8389296c49467f27e1d6
SHA1 7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
SHA256 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
CRC32 79DCDD47
Ssdeep 3:V:V
Yara
  • Rule to detect the no presence of any url
  • Rule to detect the no presence of any attachment
  • Rule to detect the no presence of any image
下载提交魔盾安全分析显示文本 
ok
文件名 z_stat[1].php
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\z_stat[1].php
文件大小 10996 字节
文件类型 ASCII text, with very long lines
MD5 6c0fe681cfa34a4e35816a6c99b8b02c
SHA1 2281fc0dc1dbec82aa96b2f6569b1cc0a5a84782
SHA256 7d046413926d1b01a3c28cd7f3d53f12d1ab0eded033cd736f2318c74bf254b1
CRC32 9CF61246
Ssdeep 192:ujfjknCOu7xxgsoyHijK/Va2mdhlOepSDg9RA25ywADwDPL+Whu76BA3W:ujfjknCOu7rho6LVafOi9KeVLf86BA3W
下载提交魔盾安全分析显示文本 
(function(){function k(){this.c="1260071498";this.ca="z";this.Z="";this.W="";this.Y="";this.C="1513145497";this.aa="z11.cnzz.com";this.X="";this.G="CNZZDATA"+this.c;this.F="_CNZZDbridge_"+this.c;this.P="_cnzz_CV"+this.c;this.R="CZ_UUID"+this.c;this.L="UM_distinctid";this.H="0";this.K={};this.a={};this.Aa()}function g(a,
b){try{var c=[];c.push("siteid=1260071498");c.push("name="+f(a.name));c.push("msg="+f(a.message));c.push("r="+f(h.referrer));c.push("page="+f(e.location.href));c.push("agent="+f(e.navigator.userAgent));c.push("ex="+f(b));c.push("rnd="+Math.floor(2147483648*Math.random()));(new Image).src="http://jserr.cnzz.com/log.php?"+c.join("&")}catch(d){}}var h=document,e=window,f=encodeURIComponent,m=decodeURIComponent,r=unescape;k.prototype={Aa:function(){try{this.ja(),this.V(),this.wa(),this.T(),this.za(),
this.w(),this.ua(),this.ta(),this.xa(),this.o(),this.sa(),this.va(),this.ya(),this.qa(),this.oa(),this.ra(),this.Ea(),e[this.F]=e[this.F]||{},this.pa("_cnzz_CV")}catch(a){g(a,"i failed")}},Ca:function(){try{var a=this;e._czc={push:function(){return a.M.apply(a,arguments)}}}catch(b){g(b,"oP failed")}},oa:function(){try{var a=e._czc;if("[object Array]"==={}.toString.call(a))for(var b=0;b<a.length;b++){var c=a[b];switch(c[0]){case "_setAccount":e._cz_account="[object String]"==={}.toString.call(c[1])?
c[1]:String(c[1]);break;case "_setAutoPageview":"boolean"===typeof c[1]&&(e._cz_autoPageview=c[1])}}}catch(d){g(d,"cS failed")}},Ea:function(){try{if("undefined"===typeof e._cz_account||e._cz_account===this.c){e._cz_account=this.c;if("[object Array]"==={}.toString.call(e._czc))for(var a=e._czc,b=0,c=a.length;b<c;b++)this.M(a[b]);this.Ca()}}catch(d){g(d,"pP failed")}},M:function(a){try{if("[object Array]"==={}.toString.call(a))switch(a[0]){case "_trackPageview":if(a[1]){this.a.f="https://"+
e.location.host;"/"!==a[1].charAt(0)&&(this.a.f+="/");this.a.f+=a[1];if(""===a[2])this.a.g="";else if(a[2]){var b=a[2];"http"!==b.substr(0,4)&&(b="https://"+e.location.host,"/"!==a[2].charAt(0)&&(b+="/"),b+=a[2]);this.a.g=b}this.s();"undefined"!==typeof this.a.g&&delete this.a.g;"undefined"!==typeof this.a.f&&delete this.a.f}break;case "_trackEvent":var c=[];a[1]&&a[2]&&(c.push(f(a[1])),c.push(f(a[2])),c.push(a[3]?f(a[3]):""),a[4]=parseFloat(a[4]),c.push(isNaN(a[4])?0:a[4]),c.push(a[5]?
f(a[5]):""),this.v=c.join("|"),this.s(),delete this.v);break;case "_setCustomVar":if(3<=a.length){if(!a[1]||!a[2])return!1;var d=a[1],l=a[2],n=a[3]||0;a=0;for(var h in this.a.b)a++;if(5<=a)return!1;var p;0==n?p="p":-1==n||-2==n?p=n:p=(new Date).getTime()+1E3*n;this.a.b[d]={};this.a.b[d].da=l;this.a.b[d].h=p;this.I()}break;case "_deleteCustomVar":2<=a.length&&(d=a[1],this.a.b[d]&&(delete this.a.b[d],this.I()));break;case "_trackPageContent":a[1]&&(this.D=a[1],this.s(),delete this.D);case "_trackPageAction":c=
[];a[1]&&a[2]&&(c.push(f(a[1])),c.push(f(a[2])),this.u=c.join("|"),this.s(),delete this.u);break;case "_setUUid":var m=a[1];if(128<m.length)return!1;var k=new Date;k.setTime(k.getTime()+157248E5);this.ba(this.R,m,k)}}catch(u){g(u,"aC failed")}},ra:function(){try{var a=this.m(this.P),b,c;this.a.b={};if(a)for(var d=a.split("&"),a=0;a<d.length;a++)c=m(d[a]),b=c.split("|"),this.a.b[m(b[0])]={},this.a.b[m(b[0])].da=m(b[1]),this.a.b[m(b[0])].h=m(b[2])}catch(l){g(l,"gCV failed")}},ka:function(){try{var a=
(new Date).getTime(),b;for(b in this.a.b)"p"===this.a.b[b].h?this.a.b[b].h=0:"-1"!==this.a.b[b].h&&a>this.a.b[b].h&&delete this.a.b[b];this.I()}catch(c){g(c,"cCV failed")}},I:function(){try{var a=[],b,c,d;for(d in this.a.b){var l=[];l.push(d);l.push(this.a.b[d].da);l.push(this.a.b[d].h);b=l.join("|");a.push(b)}if(!a.length)return!0;var e=new Date;e.setTime(e.getTime()+157248E5);c=this.P+"=";this.b=f(a.join("&"));c+=this.b;c+="; expires="+e.toUTCString();h.cookie=c+"; path=/"}catch(t){g(t,"sCV failed")}},
qa:function(){try{if(""!==e.location.hash)return this.O=e.location.href}catch(a){g(a,"gCP failed")}},o:function(){try{return this.a.Fa=h.referrer||""}catch(a){g(a,"gR failed")}},sa:function(){try{return this.a.A=e.navigator.systemLanguage||e.navigator.language,this.a.A=this.a.A.toLowerCase(),this.a.A}catch(a){g(a,"gL failed")}},va:function(){try{return e.screen.width&&e.screen.height?this.a.J=e.screen.width+"x"+e.screen.height:this.a.J="0x0",this.a.J}catch(a){g(a,"gS failed")}},w:function(){try{return this.a.Ba=
this.i("ntime")||"none"}catch(a){g(a,"gLVST failed")}},U:function(){try{return this.a.ea=this.i("ltime")||(new Date).getTime()}catch(a){g(a,"gFVBT failed")}},ua:function(){try{var a=this.i("cnzz_a");if(null===a)a=0;else{var b=1E3*this.w(),c=new Date;c.setTime(b);(new Date).getDate()===c.getDate()?a++:a=0}return this.a.Ja=a}catch(d){g(d,"gRT failed")}},ta:function(){try{return this.a.B=this.i("rtime"),null===this.a.B&&(this.a.B=0),0<this.U()&&432E5<(new Date).getTime()-this.U()&&(this.a.B++,this.a.ea=
(new Date).getTime()),this.a.B}catch(a){g(a,"gRVT failed")}},xa:function(){try{return"none"===this.w()?this.a.Ia=0:this.a.Ia=parseInt(((new Date).getTime()-1E3*this.w())/1E3)}catch(a){g(a,"gST failed")}},wa:function(){try{var a=this.i("sin")||"none";if(!h.domain)return this.a.Ha="none";this.o().split("/")[2]!==h.domain&&(a=this.o());return this.a.Ha=a}catch(b){g(b,"gS failed")}},T:function(){try{return this.a.l=this.i("cnzz_eid")||"none"}catch(a){g(a,"gC failed")}},Ga:function(){try{var a="https://c.cnzz.com/core.php?",
b=[];b.push("web_id="+f(this.c));this.Z&&b.push("show="+f(this.Z));this.Y&&b.push("online="+f(this.Y));this.W&&b.push("l="+f(this.W));this.ca&&b.push("t="+this.ca);a+=b.join("&");this.na(a,"utf-8")}catch(c){g(c,"rN failed")}},ja:function(){try{return!1===e.navigator.cookieEnabled?this.a.ma=!1:this.a.ma=!0}catch(a){g(a,"cCE failed")}},ba:function(a,b,c,d,e,g){a=f(a)+"="+f(b);c instanceof Date&&(a+="; expires="+c.toGMTString());d&&(a+="; path="+d);e&&(a+="; domain="+e);g&&(a+="; secure");h.cookie=a},
m:function(a){try{a+="=";var b=h.cookie,c=b.indexOf(a),d="";if(-1<c){var e=b.indexOf(";",c);-1===e&&(e=b.length);d=m(b.substring(c+a.length,e))}return d?d:""}catch(n){g(n,"gAC failed")}},pa:function(a){try{h.cookie=a+"=; expires="+(new Date(0)).toUTCString()+"; path=/"}catch(b){g(b,"dAC failed")}},ya:function(){try{var a=h.title;40<a.length&&(a=a.substr(0,40),a+="...");this.a.Da=a}catch(b){g(b,"gT failed")}},N:function(a){try{return"http"!==a.substr(0,4)?"":/https:\/\/.*?\//i.exec(a)}catch(b){g(b,
"cH failed")}},V:function(){try{var a=this.G,b={},c=this.m(this.G);if(0<c.length)if(1E8<this.c){var d=c.split("|");b.cnzz_eid=m(d[0]);b.ntime=m(d[1])}else for(var d=c.split("&"),e=0,f=d.length;e<f;e++){var h=d[e].split("=");b[m(h[0])]=m(h[1])}this.K=b}catch(p){g(p,"iC failed:"+a+":"+c)}},$:function(){try{var a=this.G+"=",b=[],c=new Date;c.setTime(c.getTime()+157248E5);if(1E8<this.c){if("none"!==this.a.l)b.push(f(this.a.l));else{var d=Math.floor(2147483648*Math.random())+"-"+this.C+"-"+this.N(this.o());
b.push(f(d))}b.push(this.C);0<b.length?(a+=f(b.join("|")),a+="; expires="+c.toUTCString(),a+="; path=/"):a+="; expires="+(new Date(0)).toUTCString()}else"none"!==this.a.l?b.push("cnzz_eid="+f(this.a.l)):(d=Math.floor(2147483648*Math.random())+"-"+this.C+"-"+this.N(this.o()),b.push("cnzz_eid="+f(d))),b.push("ntime="+this.C),0<b.length?(a+=f(b.join("&")),a+="; expires="+c.toUTCString(),a+="; path=/"):a+="; expires="+(new Date(0)).toUTCString();h.cookie=a}catch(l){g(l,"sS failed")}},i:function(a){try{return"undefined"!==
typeof this.K[a]?this.K[a]:null}catch(b){g(b,"gCPa failed")}},na:function(a,b){try{if(b=b||"utf-8","1"===this.H){var c=h.createElement("script");c.type="text/javascript";c.async=!0;c.charset=b;c.src=a;var d=h.getElementsByTagName("script")[0];d.parentNode&&d.parentNode.insertBefore(c,d)}else h.write(r("%3Cscript src='"+a+"' charset='"+b+"' type='text/javascript'%3E%3C/script%3E"))}catch(l){g(l,"cAS failed")}},ha:function(a,b){try{var c=h.getElementById("cnzz_stat_icon_"+this.c);if(c){var d=h.createElement("script");
d.type="text/javascript";d.async=!0;d.charset=b;d.src=a;c.appendChild(d)}else"0"===this.H&&h.write(r("%3Cscript src='"+a+"' charset='"+b+"' type='text/javascript'%3E%3C/script%3E"))}catch(l){g(l,"cSI failed")}},ga:function(a){try{for(var  <truncated>
文件名 stat[1].php
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\stat[1].php
文件大小 10982 字节
文件类型 ASCII text, with very long lines
MD5 0d2066e4a98294c2f72d6f899211fc6d
SHA1 caa898870e88c801eb6d9b894ce88d57aec21b48
SHA256 f9e86866ff223fb00553648032c34a7f628417d0393c2e7aedb8cc15c243f6ed
CRC32 86A8F8CB
Ssdeep 192:Hfjk8pCOuxxxgsoyHijK/Va2mdhwOepS2g9RA25ywADwDPL+khu76BA3W:Hfjk8pCOuxrho6LVaiOf9KeVLd86BA3W
下载提交魔盾安全分析显示文本 
(function(){function k(){this.c="986628";this.ca="z";this.Z="";this.W="";this.Y="";this.C="1513146689";this.aa="hzs10.cnzz.com";this.X="";this.G="CNZZDATA"+this.c;this.F="_CNZZDbridge_"+this.c;this.P="_cnzz_CV"+this.c;this.R="CZ_UUID"+this.c;this.L="UM_distinctid";this.H="0";this.K={};this.a={};this.Aa()}function g(a,
b){try{var c=[];c.push("siteid=986628");c.push("name="+f(a.name));c.push("msg="+f(a.message));c.push("r="+f(h.referrer));c.push("page="+f(e.location.href));c.push("agent="+f(e.navigator.userAgent));c.push("ex="+f(b));c.push("rnd="+Math.floor(2147483648*Math.random()));(new Image).src="http://jserr.cnzz.com/log.php?"+c.join("&")}catch(d){}}var h=document,e=window,f=encodeURIComponent,m=decodeURIComponent,r=unescape;k.prototype={Aa:function(){try{this.ja(),this.V(),this.wa(),this.T(),this.za(),
this.w(),this.ua(),this.ta(),this.xa(),this.o(),this.sa(),this.va(),this.ya(),this.qa(),this.oa(),this.ra(),this.Ea(),e[this.F]=e[this.F]||{},this.pa("_cnzz_CV")}catch(a){g(a,"i failed")}},Ca:function(){try{var a=this;e._czc={push:function(){return a.M.apply(a,arguments)}}}catch(b){g(b,"oP failed")}},oa:function(){try{var a=e._czc;if("[object Array]"==={}.toString.call(a))for(var b=0;b<a.length;b++){var c=a[b];switch(c[0]){case "_setAccount":e._cz_account="[object String]"==={}.toString.call(c[1])?
c[1]:String(c[1]);break;case "_setAutoPageview":"boolean"===typeof c[1]&&(e._cz_autoPageview=c[1])}}}catch(d){g(d,"cS failed")}},Ea:function(){try{if("undefined"===typeof e._cz_account||e._cz_account===this.c){e._cz_account=this.c;if("[object Array]"==={}.toString.call(e._czc))for(var a=e._czc,b=0,c=a.length;b<c;b++)this.M(a[b]);this.Ca()}}catch(d){g(d,"pP failed")}},M:function(a){try{if("[object Array]"==={}.toString.call(a))switch(a[0]){case "_trackPageview":if(a[1]){this.a.f="http://"+
e.location.host;"/"!==a[1].charAt(0)&&(this.a.f+="/");this.a.f+=a[1];if(""===a[2])this.a.g="";else if(a[2]){var b=a[2];"http"!==b.substr(0,4)&&(b="http://"+e.location.host,"/"!==a[2].charAt(0)&&(b+="/"),b+=a[2]);this.a.g=b}this.s();"undefined"!==typeof this.a.g&&delete this.a.g;"undefined"!==typeof this.a.f&&delete this.a.f}break;case "_trackEvent":var c=[];a[1]&&a[2]&&(c.push(f(a[1])),c.push(f(a[2])),c.push(a[3]?f(a[3]):""),a[4]=parseFloat(a[4]),c.push(isNaN(a[4])?0:a[4]),c.push(a[5]?
f(a[5]):""),this.v=c.join("|"),this.s(),delete this.v);break;case "_setCustomVar":if(3<=a.length){if(!a[1]||!a[2])return!1;var d=a[1],l=a[2],n=a[3]||0;a=0;for(var h in this.a.b)a++;if(5<=a)return!1;var p;0==n?p="p":-1==n||-2==n?p=n:p=(new Date).getTime()+1E3*n;this.a.b[d]={};this.a.b[d].da=l;this.a.b[d].h=p;this.I()}break;case "_deleteCustomVar":2<=a.length&&(d=a[1],this.a.b[d]&&(delete this.a.b[d],this.I()));break;case "_trackPageContent":a[1]&&(this.D=a[1],this.s(),delete this.D);case "_trackPageAction":c=
[];a[1]&&a[2]&&(c.push(f(a[1])),c.push(f(a[2])),this.u=c.join("|"),this.s(),delete this.u);break;case "_setUUid":var m=a[1];if(128<m.length)return!1;var k=new Date;k.setTime(k.getTime()+157248E5);this.ba(this.R,m,k)}}catch(u){g(u,"aC failed")}},ra:function(){try{var a=this.m(this.P),b,c;this.a.b={};if(a)for(var d=a.split("&"),a=0;a<d.length;a++)c=m(d[a]),b=c.split("|"),this.a.b[m(b[0])]={},this.a.b[m(b[0])].da=m(b[1]),this.a.b[m(b[0])].h=m(b[2])}catch(l){g(l,"gCV failed")}},ka:function(){try{var a=
(new Date).getTime(),b;for(b in this.a.b)"p"===this.a.b[b].h?this.a.b[b].h=0:"-1"!==this.a.b[b].h&&a>this.a.b[b].h&&delete this.a.b[b];this.I()}catch(c){g(c,"cCV failed")}},I:function(){try{var a=[],b,c,d;for(d in this.a.b){var l=[];l.push(d);l.push(this.a.b[d].da);l.push(this.a.b[d].h);b=l.join("|");a.push(b)}if(!a.length)return!0;var e=new Date;e.setTime(e.getTime()+157248E5);c=this.P+"=";this.b=f(a.join("&"));c+=this.b;c+="; expires="+e.toUTCString();h.cookie=c+"; path=/"}catch(t){g(t,"sCV failed")}},
qa:function(){try{if(""!==e.location.hash)return this.O=e.location.href}catch(a){g(a,"gCP failed")}},o:function(){try{return this.a.Fa=h.referrer||""}catch(a){g(a,"gR failed")}},sa:function(){try{return this.a.A=e.navigator.systemLanguage||e.navigator.language,this.a.A=this.a.A.toLowerCase(),this.a.A}catch(a){g(a,"gL failed")}},va:function(){try{return e.screen.width&&e.screen.height?this.a.J=e.screen.width+"x"+e.screen.height:this.a.J="0x0",this.a.J}catch(a){g(a,"gS failed")}},w:function(){try{return this.a.Ba=
this.i("ntime")||"none"}catch(a){g(a,"gLVST failed")}},U:function(){try{return this.a.ea=this.i("ltime")||(new Date).getTime()}catch(a){g(a,"gFVBT failed")}},ua:function(){try{var a=this.i("cnzz_a");if(null===a)a=0;else{var b=1E3*this.w(),c=new Date;c.setTime(b);(new Date).getDate()===c.getDate()?a++:a=0}return this.a.Ja=a}catch(d){g(d,"gRT failed")}},ta:function(){try{return this.a.B=this.i("rtime"),null===this.a.B&&(this.a.B=0),0<this.U()&&432E5<(new Date).getTime()-this.U()&&(this.a.B++,this.a.ea=
(new Date).getTime()),this.a.B}catch(a){g(a,"gRVT failed")}},xa:function(){try{return"none"===this.w()?this.a.Ia=0:this.a.Ia=parseInt(((new Date).getTime()-1E3*this.w())/1E3)}catch(a){g(a,"gST failed")}},wa:function(){try{var a=this.i("sin")||"none";if(!h.domain)return this.a.Ha="none";this.o().split("/")[2]!==h.domain&&(a=this.o());return this.a.Ha=a}catch(b){g(b,"gS failed")}},T:function(){try{return this.a.l=this.i("cnzz_eid")||"none"}catch(a){g(a,"gC failed")}},Ga:function(){try{var a="http://c.cnzz.com/core.php?",
b=[];b.push("web_id="+f(this.c));this.Z&&b.push("show="+f(this.Z));this.Y&&b.push("online="+f(this.Y));this.W&&b.push("l="+f(this.W));this.ca&&b.push("t="+this.ca);a+=b.join("&");this.na(a,"utf-8")}catch(c){g(c,"rN failed")}},ja:function(){try{return!1===e.navigator.cookieEnabled?this.a.ma=!1:this.a.ma=!0}catch(a){g(a,"cCE failed")}},ba:function(a,b,c,d,e,g){a=f(a)+"="+f(b);c instanceof Date&&(a+="; expires="+c.toGMTString());d&&(a+="; path="+d);e&&(a+="; domain="+e);g&&(a+="; secure");h.cookie=a},
m:function(a){try{a+="=";var b=h.cookie,c=b.indexOf(a),d="";if(-1<c){var e=b.indexOf(";",c);-1===e&&(e=b.length);d=m(b.substring(c+a.length,e))}return d?d:""}catch(n){g(n,"gAC failed")}},pa:function(a){try{h.cookie=a+"=; expires="+(new Date(0)).toUTCString()+"; path=/"}catch(b){g(b,"dAC failed")}},ya:function(){try{var a=h.title;40<a.length&&(a=a.substr(0,40),a+="...");this.a.Da=a}catch(b){g(b,"gT failed")}},N:function(a){try{return"http"!==a.substr(0,4)?"":/http:\/\/.*?\//i.exec(a)}catch(b){g(b,
"cH failed")}},V:function(){try{var a=this.G,b={},c=this.m(this.G);if(0<c.length)if(1E8<this.c){var d=c.split("|");b.cnzz_eid=m(d[0]);b.ntime=m(d[1])}else for(var d=c.split("&"),e=0,f=d.length;e<f;e++){var h=d[e].split("=");b[m(h[0])]=m(h[1])}this.K=b}catch(p){g(p,"iC failed:"+a+":"+c)}},$:function(){try{var a=this.G+"=",b=[],c=new Date;c.setTime(c.getTime()+157248E5);if(1E8<this.c){if("none"!==this.a.l)b.push(f(this.a.l));else{var d=Math.floor(2147483648*Math.random())+"-"+this.C+"-"+this.N(this.o());
b.push(f(d))}b.push(this.C);0<b.length?(a+=f(b.join("|")),a+="; expires="+c.toUTCString(),a+="; path=/"):a+="; expires="+(new Date(0)).toUTCString()}else"none"!==this.a.l?b.push("cnzz_eid="+f(this.a.l)):(d=Math.floor(2147483648*Math.random())+"-"+this.C+"-"+this.N(this.o()),b.push("cnzz_eid="+f(d))),b.push("ntime="+this.C),0<b.length?(a+=f(b.join("&")),a+="; expires="+c.toUTCString(),a+="; path=/"):a+="; expires="+(new Date(0)).toUTCString();h.cookie=a}catch(l){g(l,"sS failed")}},i:function(a){try{return"undefined"!==
typeof this.K[a]?this.K[a]:null}catch(b){g(b,"gCPa failed")}},na:function(a,b){try{if(b=b||"utf-8","1"===this.H){var c=h.createElement("script");c.type="text/javascript";c.async=!0;c.charset=b;c.src=a;var d=h.getElementsByTagName("script")[0];d.parentNode&&d.parentNode.insertBefore(c,d)}else h.write(r("%3Cscript src='"+a+"' charset='"+b+"' type='text/javascript'%3E%3C/script%3E"))}catch(l){g(l,"cAS failed")}},ha:function(a,b){try{var c=h.getElementById("cnzz_stat_icon_"+this.c);if(c){var d=h.createElement("script");
d.type="text/javascript";d.async=!0;d.charset=b;d.src=a;c.appendChild(d)}else"0"===this.H&&h.write(r("%3Cscript src='"+a+"' charset='"+b+"' type='text/javascript'%3E%3C/script%3E"))}catch(l){g(l,"cSI failed")}},ga:function(a){try{for(var b=a.length <truncated>
文件名 piao[1].gif
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\piao[1].gif
文件大小 5914 字节
文件类型 GIF image data, version 89a, 100 x 100
MD5 18fa51b48fb9adcb88ec414d2e588aca
SHA1 581c628ed29ed394f1e5c5fba1aad2b276026439
SHA256 2bbb79953f7b346c056d61126bd261dd17129e1c1fd12791cf69e10cf9657b87
CRC32 65D2EF08
Ssdeep 96:G9HoKn1V8Bw6XlJLGNBCJNTXXK0AF5aDkNg0ADTPFtBeHulVlm7s5nuGu/BHOF3i:G9HP0X7LGNI7bXtAnaDnvQwM3hOFS
下载提交魔盾安全分析
文件名 A053CFB63FC8E6507871752236B5CCD5_319F934B3A4FB56D1EA4AD3AB45D0252
相关文件
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A053CFB63FC8E6507871752236B5CCD5_319F934B3A4FB56D1EA4AD3AB45D0252
文件大小 532 字节
文件类型 data
MD5 845f68281edd1c905cee64cc6bcfade7
SHA1 cbd4c94c9c1a76f170b50c04cc74782aac9f83f1
SHA256 7211be9ae598415599aa9951511bd8e777b6e40618c5666fb1c5883d2b609574
CRC32 62CFD9F9
Ssdeep 12:DWGuJWzf8ClDC3bgLzK8sFFyOJQlUsyna2aNMYl889Iva:6GuJgEme3ELmvPyOJQ6aCYl8bva
下载提交魔盾安全分析
文件名 A053CFB63FC8E6507871752236B5CCD5_319F934B3A4FB56D1EA4AD3AB45D0252
相关文件
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A053CFB63FC8E6507871752236B5CCD5_319F934B3A4FB56D1EA4AD3AB45D0252
文件大小 1570 字节
文件类型 data
MD5 aef4cfd28a0f3caa6cb15a6e5debf18b
SHA1 9c0dbbdc665de1d6bf215d233d32cb779e7ea518
SHA256 cdee603ecbb6a84d6796fa75d8a168c139a3ec36de2c159d9cfc3f140e0dbfbf
CRC32 05A72676
Ssdeep 24:CpxfFDpo+arFrHUAxgU+FXABK76KBgY6kZ9qBeeCpXsAxOsYPMrIkO2iJwkr/tPj:Sx9DpO5HrvDBCdfjSwIkRmr/tPjJ5
下载提交魔盾安全分析
文件名 snav_icon7[1].png
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\snav_icon7[1].png
文件大小 1217 字节
文件类型 PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced
MD5 147cc532a729900e5d8e0f1ad520029e
SHA1 54a06bc6f83a74d560be808802e8bed23d2d314d
SHA256 8d8989b951ba8b4ed23ea3b25273d5543125914792f22771d2ebbd216d74f132
CRC32 705F726B
Ssdeep 24:+iy1he91Wwjx82lY2T3ouV2j+DYc+DhoyJ3V2d+Dh2+Dc8GJ8H0TBuXvPDJZ:+iwqQNn2xg+j+NJ3y+8+DBuET
下载提交魔盾安全分析
文件名 sl[1].js
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\sl[1].js
文件大小 2391 字节
文件类型 UTF-8 Unicode text, with CRLF line terminators
MD5 491ba8be0bb7f0d58fdf60907ee58ae3
SHA1 616a14e8dc949ce40c1e1cd8bc72189596946641
SHA256 c4ea0b1f77bcc0064306ff4fb00f75b7af0200b3feff3c663eb09d8ab7e99ed3
CRC32 E2F3A924
Ssdeep 48:NZnSScoPGQ+C3vt/tfU7qLZG2C1PaIpzGyevoCvRT:zhXPG5kvt/tfU7YZ4iIHyoCvR
Yara
  • Rule to detect the no presence of any url
  • Rule to detect the no presence of any attachment
  • Rule to detect the no presence of any image
下载提交魔盾安全分析显示文本 
$(function() {
	jQuery.focus = function(slid) {
		var sWidth = $(slid).width(); //\xe8\x8e\xb7\xe5\x8f\x96\xe7\x84\xa6\xe7\x82\xb9\xe5\x9b\xbe\xe7\x9a\x84\xe5\xae\xbd\xe5\xba\xa6\xef\xbc\x88\xe6\x98\xbe\xe7\xa4\xba\xe9\x9d\xa2\xe7\xa7\xaf\xef\xbc\x89
		var len = $(slid).find("ul li").length; //\xe8\x8e\xb7\xe5\x8f\x96\xe7\x84\xa6\xe7\x82\xb9\xe5\x9b\xbe\xe4\xb8\xaa\xe6\x95\xb0
		var index = 0;
		var picTimer;
		
		//\xe4\xbb\xa5\xe4\xb8\x8b\xe4\xbb\xa3\xe7\xa0\x81\xe6\xb7\xbb\xe5\x8a\xa0\xe6\x95\xb0\xe5\xad\x97\xe6\x8c\x89\xe9\x92\xae\xe5\x92\x8c\xe6\x8c\x89\xe9\x92\xae\xe5\x90\x8e\xe7\x9a\x84\xe5\x8d\x8a\xe9\x80\x8f\xe6\x98\x8e\xe6\x9d\xa1\xef\xbc\x8c\xe8\xbf\x98\xe6\x9c\x89\xe4\xb8\x8a\xe4\xb8\x80\xe9\xa1\xb5\xe3\x80\x81\xe4\xb8\x8b\xe4\xb8\x80\xe9\xa1\xb5\xe4\xb8\xa4\xe4\xb8\xaa\xe6\x8c\x89\xe9\x92\xae
		var btn = "<div class='btnBg'></div><div class='btn'>";
		for(var i=0; i < len; i++) {
			var ii = i+1;
			btn += "<span>"+ii+"</span>";
		}
		btn += "</div><div class='preNext pre'></div><div class='preNext next'></div>";
		$(slid).append(btn);
		$(slid).find("div.btnBg").css("opacity",0.5);
	
		
	
		//\xe4\xb8\x8a\xe4\xb8\x80\xe9\xa1\xb5\xe3\x80\x81\xe4\xb8\x8b\xe4\xb8\x80\xe9\xa1\xb5\xe6\x8c\x89\xe9\x92\xae\xe9\x80\x8f\xe6\x98\x8e\xe5\xba\xa6\xe5\xa4\x84\xe7\x90\x86
		$(slid+" .preNext").css("opacity",0.2).hover(function() {
			$(this).stop(true,false).animate({"opacity":"0.5"},300);
		},function() {
			$(this).stop(true,false).animate({"opacity":"0.2"},300);
		});
	
		//\xe4\xb8\x8a\xe4\xb8\x80\xe9\xa1\xb5\xe6\x8c\x89\xe9\x92\xae
		$(slid+" .pre").click(function() {
			index -= 1;
			if(index == -1) {index = len - 1;}
			showPics(index);
		});
	
		//\xe4\xb8\x8b\xe4\xb8\x80\xe9\xa1\xb5\xe6\x8c\x89\xe9\x92\xae
		$(slid+" .next").click(function() {
			index += 1;
			if(index == len) {index = 0;}
			showPics(index);
		});
	
		//\xe6\x9c\xac\xe4\xbe\x8b\xe4\xb8\xba\xe5\xb7\xa6\xe5\x8f\xb3\xe6\xbb\x9a\xe5\x8a\xa8\xef\xbc\x8c\xe5\x8d\xb3\xe6\x89\x80\xe6\x9c\x89li\xe5\x85\x83\xe7\xb4\xa0\xe9\x83\xbd\xe6\x98\xaf\xe5\x9c\xa8\xe5\x90\x8c\xe4\xb8\x80\xe6\x8e\x92\xe5\x90\x91\xe5\xb7\xa6\xe6\xb5\xae\xe5\x8a\xa8\xef\xbc\x8c\xe6\x89\x80\xe4\xbb\xa5\xe8\xbf\x99\xe9\x87\x8c\xe9\x9c\x80\xe8\xa6\x81\xe8\xae\xa1\xe7\xae\x97\xe5\x87\xba\xe5\xa4\x96\xe5\x9b\xb4ul\xe5\x85\x83\xe7\xb4\xa0\xe7\x9a\x84\xe5\xae\xbd\xe5\xba\xa6
		$(slid+" ul").css("width",sWidth * (len));
		
		//\xe9\xbc\xa0\xe6\xa0\x87\xe6\xbb\x91\xe4\xb8\x8a\xe7\x84\xa6\xe7\x82\xb9\xe5\x9b\xbe\xe6\x97\xb6\xe5\x81\x9c\xe6\xad\xa2\xe8\x87\xaa\xe5\x8a\xa8\xe6\x92\xad\xe6\x94\xbe\xef\xbc\x8c\xe6\xbb\x91\xe5\x87\xba\xe6\x97\xb6\xe5\xbc\x80\xe5\xa7\x8b\xe8\x87\xaa\xe5\x8a\xa8\xe6\x92\xad\xe6\x94\xbe
		$(slid).hover(function() {
			clearInterval(picTimer);
		},function() {
			picTimer = setInterval(function() {
				showPics(index);
				index++;
				if(index == len) {index = 0;}
			},4000); //\xe6\xad\xa44000\xe4\xbb\xa3\xe8\xa1\xa8\xe8\x87\xaa\xe5\x8a\xa8\xe6\x92\xad\xe6\x94\xbe\xe7\x9a\x84\xe9\x97\xb4\xe9\x9a\x94\xef\xbc\x8c\xe5\x8d\x95\xe4\xbd\x8d\xef\xbc\x9a\xe6\xaf\xab\xe7\xa7\x92
		}).trigger("mouseleave");
		
		//\xe6\x98\xbe\xe7\xa4\xba\xe5\x9b\xbe\xe7\x89\x87\xe5\x87\xbd\xe6\x95\xb0\xef\xbc\x8c\xe6\xa0\xb9\xe6\x8d\xae\xe6\x8e\xa5\xe6\x94\xb6\xe7\x9a\x84index\xe5\x80\xbc\xe6\x98\xbe\xe7\xa4\xba\xe7\x9b\xb8\xe5\xba\x94\xe7\x9a\x84\xe5\x86\x85\xe5\xae\xb9
		function showPics(index) { //\xe6\x99\xae\xe9\x80\x9a\xe5\x88\x87\xe6\x8d\xa2
			var nowLeft = -index*sWidth; //\xe6\xa0\xb9\xe6\x8d\xaeindex\xe5\x80\xbc\xe8\xae\xa1\xe7\xae\x97ul\xe5\x85\x83\xe7\xb4\xa0\xe7\x9a\x84left\xe5\x80\xbc
			$(slid+" ul").stop(true,false).animate({"left":nowLeft},300); //\xe9\x80\x9a\xe8\xbf\x87animate()\xe8\xb0\x83\xe6\x95\xb4ul\xe5\x85\x83\xe7\xb4\xa0\xe6\xbb\x9a\xe5\x8a\xa8\xe5\x88\xb0\xe8\xae\xa1\xe7\xae\x97\xe5\x87\xba\xe7\x9a\x84position
			$(slid+" .btn span").removeClass("on").eq(index).addClass("on"); //\xe4\xb8\xba\xe5\xbd\x93\xe5\x89\x8d\xe7\x9a\x84\xe6\x8c\x89\xe9\x92\xae\xe5\x88\x87\xe6\x8d\xa2\xe5\x88\xb0\xe9\x80\x89\xe4\xb8\xad\xe7\x9a\x84\xe6\x95\x88\xe6\x9e\x9c
			$(slid+" .btn span").stop(true,false).animate({"opacity":"0.4"},300).eq(index).stop(true,false).animate({"opacity":"1"},300); //\xe4\xb8\xba\xe5\xbd\x93\xe5\x89\x8d\xe7\x9a\x84\xe6\x8c\x89\xe9\x92\xae\xe5\x88\x87\xe6\x8d\xa2\xe5\x88\xb0\xe9\x80\x89\xe4\xb8\xad\xe7\x9a\x84\xe6\x95\x88\xe6\x9e\x9c
		}
		$('.btn').hide();
	
	};
	
});
文件名 ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
相关文件
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
文件大小 492 字节
文件类型 data
MD5 2f5e0cfa5e11c139fd2e078ceec74022
SHA1 edf683be2bb12f1da5f1287ab43787f505857cfc
SHA256 91262849e8d37c5eb35af195a595ffd2934ce0c52c490e02f36c376c74946a01
CRC32 D8BA4D50
Ssdeep 12:W2XDWzF0Y1oOkksFyR7uE9SsAUOlJClFa1pUlhwQlJ:WeDgF0WoLnYRd8JUKYlFa1KlRL
下载提交魔盾安全分析
文件名 header[1].css
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\header[1].css
文件大小 12120 字节
文件类型 ISO-8859 text, with CRLF line terminators
MD5 cac52e2eb428d23070bb182182530ced
SHA1 018ea810bb1d146bdb16863f5215c3c64888a60d
SHA256 50393550273617d4224ae01878e0a02f487fb5c0783960a6f9ea9690e6df26db
CRC32 4F0647AB
Ssdeep 192:tyfLDB0GtC8wC53zuj88Qi4jilOB658kjwJt80w+8AwlcwOuwHe6Xah9mhWU5:tyDDB0OC8wH88Qi4jil358kjwX80w+8y
下载提交魔盾安全分析
文件名 RecoveryStore.{092A0623-DFD3-11E7-A1F7-525400F9C664}.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{092A0623-DFD3-11E7-A1F7-525400F9C664}.dat
文件大小 5120 字节
文件类型 Composite Document File V2 Document, Cannot read section info
MD5 738d1f9c35e5cc2c5b3970312b322398
SHA1 a30bd38bd1dab5cb40723e14b36e502f6c2aa85a
SHA256 ed3704d8d60080c957f858ecc50c5b1c4de02ce633dc727e0cd0e6f7cc0819f0
CRC32 C403DDC7
Ssdeep 24:rJUG8O/K8yur5/JQNlWoxlgHNlWoxlg7MP5:r+GZS8r5Bdoho7P
下载提交魔盾安全分析
文件名 favicon[1].htm
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\favicon[1].htm
文件大小 953 字节
文件类型 HTML document, ISO-8859 text, with CRLF line terminators
MD5 2cc4500c4252e58dce48c858d87c1505
SHA1 d2e9628b2ec26333c6da16f597d1ffff4b83c58e
SHA256 6a1e692abf980af58dd93050fbeb041d7a5537b1e9a0faa0ef6ff1641501fff1
CRC32 CE07390A
Ssdeep 24:5FsBHQQ5HF7qajJsiF7V88bIRqLj8eufQTcHQr5bZ:w+2Htd3z8LRSk6cHQr5Z
Yara
  • Rule to detect the presence of an or several urls
  • Rule to detect the no presence of any attachment
  • Rule to detect the no presence of any image
下载提交魔盾安全分析
文件名 ico_tuijian[1].gif
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\ico_tuijian[1].gif
文件大小 557 字节
文件类型 GIF image data, version 89a, 28 x 20
MD5 0bfb2a9f1b36a1a4703e7fd71986a978
SHA1 a7a73e3af74b845552eadad5e3a4359a84407d1f
SHA256 4cce9efb802cd48bdb66e1f0a58e57fef703701d50f02b6efa5ee90f417aee98
CRC32 343ECACD
Ssdeep 12:+XOEJHyQaz7UFwxaxvlzKWRW6rBXFKJk4M8eKkO99xoVL0Kwvee:+eENnm6vlzKWrX4JFeKJ9fol8vee
下载提交魔盾安全分析
文件名 core[1].php
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\core[1].php
文件大小 765 字节
文件类型 HTML document, ASCII text, with very long lines, with no line terminators
MD5 09612ac17613febab038dce586e3d1b4
SHA1 e57195e0e41c6813e3179faab474ea1dc3074751
SHA256 e2d32d279cb71cc703b8586f2c434726a76f5d962a5ac7c5c5cfae7821757501
CRC32 F93842C5
Ssdeep 12:cRqoPYAaTv2hgWcnQOJRGmyeLa5+yIx7Gu2LB2o1wNJ/lgzVjuXiVcELnPXerTWJ:cRqjAYv/WOqH3lCp2LBZ18pyBVNjPcTW
下载提交魔盾安全分析显示文本 
!function(){var p,q,r,a=encodeURIComponent,b="1260071498",c="",d="",e="online_v3.php",f="z11.cnzz.com",g="1",h="text",i="z",j="&#31449;&#38271;&#32479;&#35745;",k=window["_CNZZDbridge_"+b]["bobject"],l="https:",m="0",n=l+"//online.cnzz.com/online/"+e,o=[];o.push("id="+b),o.push("h="+f),o.push("on="+a(d)),o.push("s="+a(c)),n+="?"+o.join("&"),"0"===m&&k["callRequest"]([l+"//cnzz.mmstat.com/9.gif?abc=1"]),g&&(""!==d?k["createScriptIcon"](n,"utf-8"):(q="z"==i?"http://www.cnzz.com/stat/website.php?web_id="+b:"http://quanjing.cnzz.com","pic"===h?(r=l+"//icon.cnzz.com/img/"+c+".gif",p="<a href='"+q+"' target=_blank title='"+j+"'><img border=0 hspace=0 vspace=0 src='"+r+"'></a>"):p="<a href='"+q+"' target=_blank title='"+j+"'>"+j+"</a>",k["createIcon"]([p])))}();
文件名 test@mmstat[1].txt
相关文件
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\test@mmstat[1].txt
文件大小 92 字节
文件类型 ASCII text
MD5 299ae2a88defa5cdfeb3486e64efea69
SHA1 a7c6cc0addec5e9fd47fd71df5a17803b1d91c32
SHA256 7b698e0aa41adfd6728e6c60270306ec85d1ed86238238f6047a0aa50cdac013
CRC32 1B79E027
Ssdeep 3:HXQiLvbvWGdIKPv7YfTogzUFXvgWQD/:nLvbhKKKMJSz/
下载提交魔盾安全分析显示文本 
cna
xb23EjMGzRUCAbStJFNfgbm2
mmstat.com/
2147484672
2619297920
31369230
83263872
30635068
*
文件名 A053CFB63FC8E6507871752236B5CCD5_C70BBB593667AF59E4019395EE2CCBC0
相关文件
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A053CFB63FC8E6507871752236B5CCD5_C70BBB593667AF59E4019395EE2CCBC0
文件大小 1570 字节
文件类型 data
MD5 3ff809554204cdd22a123d1694fb1621
SHA1 4805c91eee3cdebb4ba995da1793e688290d1387
SHA256 609fd359aef656b7bc3a910f6c9e5eb38af5e009ffa731064abfae03c019400f
CRC32 F5347B4A
Ssdeep 24:Cvl2jkXgRGi8JDOjUAxgU+FXABK76KBgY6kZ9qBeeCpXsAxOsYPMrIkO2iJwkr/B:6l2KGGvDKrvDBCdfjSwIkRmr/tPjJ5
下载提交魔盾安全分析
文件名 jquery.slide-zool[1].js
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\jquery.slide-zool[1].js
文件大小 3401 字节
文件类型 UTF-8 Unicode text, with CRLF line terminators
MD5 62a465f8f1bda2ddbbe7c598c7dd16ef
SHA1 77bbd9d3511ae5d7059e7a2355064f177af0925d
SHA256 920cc87d4a2d74b10d6ed91eb887ca1824757b96ee8d32a268fe1107d87a6582
CRC32 03515EB7
Ssdeep 48:nN5FN6iiUQnIMeulbQzYm49Jx1k7k3UQDgm6QlqvJu4CgZwUNA47NN1UsNtEnzik:1H9QIMprxGY3UTALn+RaWRa0y5
Yara
  • Rule to detect the no presence of any url
  • Rule to detect the no presence of any attachment
  • Rule to detect the no presence of any image
下载提交魔盾安全分析显示文本 
(function($){    
	$.fn.slideJ = function(options){        
		var defaults = {//\xe9\xbb\x98\xe8\xae\xa4\xe5\xb1\x9e\xe6\x80\xa7
			width:$(this).width(),
			height:$(this).height(),
			nav:".slideNav",
			leftBtn:".slideLeft",
			rightBtn:".slideRight",
			speed:200,
			time:6000,
			type:"opacity"
		}
		var options = $.extend(defaults,options);//\xe5\x8f\x82\xe6\x95\xb0\xe5\x90\x88\xe5\xb9\xb6
		
		var sildeElem = $(this),//\xe6\xbb\x91\xe5\x8a\xa8\xe6\xa8\xa1\xe5\x9d\x97
			slideCl = sildeElem.find("li"),
			slideNavCl = $(options.nav).find("a"),
			total = slideCl.size(),//\xe5\x9b\xbe\xe7\x89\x87\xe6\x95\xb0\xe9\x87\x8f
			nowNum = 1,
			active = false;
		if(total<=1){return;}//\xe6\x95\xb0\xe9\x87\x8f\xe5\xb0\x8f\xe4\xba\x8e\xe7\xad\x89\xe4\xba\x8e1\xe4\xb8\x8d\xe5\x81\x9a\xe6\x93\x8d\xe4\xbd\x9c
		
		//\xe6\x95\xb4\xe4\xbd\x93CSS\xe8\xae\xbe\xe7\xbd\xae
		$(this).css({
			"position":"relative",
			"height":options.height,
			"width":options.width
		});
		
		
		//\xe5\x8f\x96\xe6\xb6\x88A\xe6\xa0\x87\xe7\xad\xbe\xe8\x99\x9a\xe7\xba\xbf\xe6\xa1\x86
		var aHideFocus = options.nav+" a"+","+options.leftBtn+" a,"+options.rightBtn+" a,"+options.leftBtn+","+options.rightBtn;
		$(aHideFocus).attr("hideFocus","hideFocus");
		
		
		this.each(function(){//\xe5\x88\x86\xe5\x8f\x91\xe8\xbd\xae\xe6\x8d\xa2\xe6\x95\x88\xe6\x9e\x9c
			switch(options.type){
				case "opacity":
					opacityAnimateJ(options);
				break;
				case "slide":
					slideAnimateJ(options);
				break;
				default:
				break;
			};
		});
		
		//------------\xe6\xb7\xa1\xe5\x85\xa5\xe6\xb7\xa1\xe5\x87\xba----------------------
		function opacityAnimateJ(){
			$(sildeElem).find("ul").css({
				position:"relative",
				height:options.height,
				width:options.width,
				overflow:"hidden"
			});
			slideCl.css({
				position:"absolute"
			});
			
			slideNavCl.eq(0).addClass("selected");
			slideCl.css({opacity:0,"z-index":"0"});
			slideCl.eq(0).css({opacity:1,"z-index":"1"});
			var interval = setInterval(checkNum,options.time);
			slideNavCl.each(function(index){
				$(this).click(function(){
					if(active==true){
						return;
					}
					nowNum = index;
					checkNum();
					clearInterval(interval);
					interval = setInterval(checkNum,options.time);
				});					
			});
			$(options.rightBtn).click(function(){
				if(active==true){
					return;
				}
				clearInterval(interval);
				checkNum();
				interval = setInterval(checkNum,options.time);
			});
			$(options.leftBtn).click(function(){
				if(active==true){
					return;
				}
				clearInterval(interval);
				
				var nx = nowNum-2;
				var cx=0;
				if(nx==-1){
					nx = total-1;
					cx = 0;
				}else if(nx==-2){
					nx = total-2;
					cx = total-1;
				}else{
					cx=nx+1;
				}
				toggle_scroll(nx);
				nowNum = cx;
				
				interval = setInterval(checkNum,options.time);
			});
			
			function checkNum(){
				if(nowNum<total-1){
					toggle_scroll();
					nowNum++;
				}else{
					toggle_scroll();
					nowNum=0;
				}
			}
			function toggle_scroll(n){
				active = true;
				if(n!=null){
					nowNum = n;
				}
				slideCl.css({"z-index":"0"});
				
				sildeElem.find("li.selected").css({"z-index":1});
				
				slideCl.eq(nowNum).css({"z-index":"2",opacity:0});
				//slideCl.animate({opacity:0},options.speed);
				slideCl.eq(nowNum).animate({opacity:1},options.speed,function(){active = false});
				
				slideNavCl.removeClass("selected");
				slideNavCl.eq(nowNum).addClass("selected");
				
				slideCl.removeClass("selected");
				slideCl.eq(nowNum).addClass("selected");
				
				
			}
		}
		//------------\xe5\xb7\xa6\xe5\x8f\xb3\xe6\xbb\x91\xe5\x8a\xa8--------------------
		function slideAnimateJ(){
			
		}
	} 
})(jQuery);
文件名 MSIMGSIZ.DAT
相关文件
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
文件大小 16384 字节
文件类型 data
MD5 9be5d391d86975cbbf786866668e06cd
SHA1 15070b543c7a808ea8270129f9b86d93c4381468
SHA256 f9b4ae5af1f91cf2d681aee7aeb59d87ad0555fc7bb9c9d08af8c8a0f5e0cec1
CRC32 69B965CB
Ssdeep 48:jGQhN7sXHWrVmfESaakad5PIy+99+8Jrc9IdS6gPdYbz7el:CBXHbcSrka5PI5+8midcP0z76
下载提交魔盾安全分析
文件名 index.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017121420171215\index.dat
文件大小 32768 字节
文件类型 Internet Explorer cache file version Ver 5.2
MD5 97cc2981c3f2b3c422942785163a34a0
SHA1 779c8581eeb1ddcffe17ebfa5b11c6fbbc5ed718
SHA256 2e99d6f3a0b1d92ca2716c65dc03f96ae584e6faef08be1d2308bd23ee786070
CRC32 6297E289
Ssdeep 6:qjyxXK20F33ullhFzKublj4UL8KL3WPxOKBT330JFzKublJL8I:qjR/F3OTGklvbaxOET3kLGklJL
下载提交魔盾安全分析
文件名 weixin[1].png
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\weixin[1].png
文件大小 17367 字节
文件类型 PNG image data, 150 x 150, 8-bit/color RGB, non-interlaced
MD5 8b989ef3f22f972580908defd4b5a09c
SHA1 0fdc958b25cda86c40bbb596fdcc833991b7d7e5
SHA256 feb3217a64d94568b1c87223ec323e10ec67e22ad85910f05eb0ac421546ef77
CRC32 F3C287EB
Ssdeep 384:2jh0YcLdtHD+GWOc6TaztoeBeFPxwxiKtLVYa:2iYcTezxqxe9B5
下载提交魔盾安全分析
文件名 qq[1].gif
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\qq[1].gif
文件大小 3534 字节
文件类型 JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 79x25, frames 3
MD5 1a1784ad5fd6afc1b5f52ea56063190a
SHA1 4b99509ade25d7eabf27024fbf4f14e8f5a8f4f2
SHA256 ae9d6dd007fb1d078da953170c7052d2822b85f719b2f71230791f7ae8db5e5d
CRC32 510DAD79
Ssdeep 48:KOT5TuERA44kEgkkTIj8qNA5N8nxQksA4+sgNxaDuG4aamK5vxuaYipGBPJqIC+5:r9KEuUIj8qhxQQ44daazjuJJ3qdDgx
下载提交魔盾安全分析
文件名 index.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
文件大小 32768 字节
文件类型 Internet Explorer cache file version Ver 5.2
MD5 0aee387ca0a52dcdd8f8a29ea76edb42
SHA1 5df81547dcadb2a7b8bc689da8e1383ba1a84cb9
SHA256 c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e
CRC32 B451CA0B
Ssdeep 12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ
魔盾安全分析结果 2.0分析时间:2016-11-06 20:10:20查看分析报告
下载提交魔盾安全分析
文件名 tophot[1].gif
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\tophot[1].gif
文件大小 2433 字节
文件类型 GIF image data, version 89a, 31 x 13
MD5 3ec466be74125fef88255bf558ffe365
SHA1 a52f166602b7e5c76fe76260b574bf04a3f4f87e
SHA256 bb47aa8d627a9f0cb72d6dfe8a30eccd58728319050ba46ca6dec11efdbcd7d8
CRC32 5F242335
Ssdeep 48:UFjFqiLbz6T22DcWe2IaTlpgHxoJ4vCtJ3HDrBT1hsbAS36jjb0HBL+XR+kSa:AbIp4t2IaTlcouvaJ3Dr7mbAS0/0J+hB
下载提交魔盾安全分析
文件名 nav_bg[1].png
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\nav_bg[1].png
文件大小 2869 字节
文件类型 PNG image data, 1 x 40, 8-bit/color RGBA, non-interlaced
MD5 3b3bd433a9a2ee297e1774887e756464
SHA1 9f09b63f9e78bfbd97476e08558341927c36f759
SHA256 59a73a53e34ae08fb8a212e2fad979b0256f3a06fca20c77f0f3ebdf5452b1d3
CRC32 A35E226F
Ssdeep 48:hXbllck+itY5vm7I6Wzv9UAOb57C1cSMIg6lc3d+0UWHdVG/jJtFo3/d7seML:FllcHitlIxv9vk7C1+I4wWHLihk/xse4
下载提交魔盾安全分析
文件名 snav_icon11[1].png
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\snav_icon11[1].png
文件大小 1079 字节
文件类型 PNG image data, 11 x 10, 8-bit/color RGBA, non-interlaced
MD5 9ac447e35fb57722971155b2ad122515
SHA1 362fc03fcacdbb18b42210032b77e1e805dd1a1a
SHA256 cf9182f85abf9308a969479dea8c457ee3df7e7255fe4af6ec9b6a5ee5926760
CRC32 0B193BE5
Ssdeep 24:RHy1he91Wwjx82lY2T3ouVsq63/iMiyJ3Vs0P3zGDi8zQb9Q:lwqQNn2xj6/J3lrn8zQbe
下载提交魔盾安全分析
文件名 index.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017121320171214\index.dat
文件大小 32768 字节
文件类型 Internet Explorer cache file version Ver 5.2
MD5 2f2daaf31a3c9554a7d7278e0f10d5a0
SHA1 d5b7c344f27664121ddbc9b57444653f11a3d57f
SHA256 3bb2a06197fd68cfa3de696dad5677f820eef472ead2a9ee0d0cd93a2580ce34
CRC32 6FEAE6C3
Ssdeep 12:qj/XPR30E+WI4jkr930E+xI4jOr93WzP1d4jv+3WzRd4jJL:qj/f0Bc2Zg
下载提交魔盾安全分析
文件名 index.dat
相关文件
C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
文件大小 65536 字节
文件类型 Internet Explorer cache file version Ver 5.2
MD5 191d3d20f356bf520a7d1ed07b1bc08b
SHA1 bdba37ad96d8801e8d2c9e30e68afaf3822b0e4a
SHA256 d2eae7eeb07f08972ec78e59eaf73b6cfa48e92121748f61a394a28e33e36788
CRC32 BFF870C9
Ssdeep 384:wEEG/+oBMgfh3+EIOTcxi8kB+JuE1uPFykblh2F/0mjv3Bw2LI/u1sVdvM2zLOY4:wEEG/+xo
下载提交魔盾安全分析
文件名 logo[1].png
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\logo[1].png
文件大小 6879 字节
文件类型 PNG image data, 193 x 53, 8-bit/color RGBA, non-interlaced
MD5 a1824cb191b77549a02e65c3ad69ced0
SHA1 60626f49fff8fdf55fc007487942395607726bf6
SHA256 299a36640a63648a1b2f0b030d353019641ee7f26b5adba6f8508722901b069a
CRC32 2077A834
Ssdeep 96:hFLyEzYOxxW2DfkZGEKXk9PJKc/qivziLuvowN+KZxDeuRuGdqEjOk25yJnwTyJW:TL5pu2DQKktUc/PvoQRN3zV2oweJ5w
下载提交魔盾安全分析
文件名 snav_icon1[1].png
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\snav_icon1[1].png
文件大小 1277 字节
文件类型 PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced
MD5 029a1166d8aa485bd6e62a9c545894e5
SHA1 a5786964e40baad59b3c72ab94ddb9844936ed53
SHA256 19689da5f13da15d34590e6eae6469bb6a2c9368c73b326d5bda10f459666695
CRC32 EBC93385
Ssdeep 24:Ky1he91Wwjx82lY2T3ouVkccWjcoyJ3V9cbgqcpGud+naw17RqRpD0Mc/:KwqQNn2xycl4J3nMWKacle1Rw
下载提交魔盾安全分析
文件名 A053CFB63FC8E6507871752236B5CCD5_C70BBB593667AF59E4019395EE2CCBC0
相关文件
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A053CFB63FC8E6507871752236B5CCD5_C70BBB593667AF59E4019395EE2CCBC0
文件大小 532 字节
文件类型 data
MD5 5f2aaae909f70d9b2bb0d8b5b6835626
SHA1 e9d9c89193e3cc4588cfe9d6afb622202fb44125
SHA256 345663eab30c9ea89fff3db0c5db7bd773cc307b8542a59de3135aafbb7c775a
CRC32 4072A719
Ssdeep 12:dIyJWzf8ClDC3bgLzK8sFFyOJQlUsy6AsMlKlJlAT:VJgEme3ELmvPyOJQ6RlKlJlq
下载提交魔盾安全分析
文件名 index.dat
相关文件
C:\Users\test\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
文件大小 262144 字节
文件类型 Internet Explorer cache file version Ver 5.2
MD5 fbe6ba880d1f6cadfd771536120f2c73
SHA1 34b1a30160c6c7675a5c69b62d98661ab7a494bb
SHA256 a2cdabb3fc43f2e94ca47fac764eea7819768bdf094690a6369be41fc4a5fd01
CRC32 E94B92FD
Ssdeep 768:pFFwZHojCtOlWNw3nsiMsieuugxdKOri:rFwZIjCtkWm3siMbeuugxdKoi
下载提交魔盾安全分析
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 39.519 seconds )

  • 22.708 NetworkAnalysis
  • 7.483 Suricata
  • 3.218 Dropped
  • 3.139 BehaviorAnalysis
  • 1.628 VirusTotal
  • 1.332 Static
  • 0.009 AnalysisInfo
  • 0.001 Debug
  • 0.001 Memory

Signatures ( 3.756 seconds )

  • 2.269 md_url_bl
  • 0.217 antiav_detectreg
  • 0.158 stealth_timeout
  • 0.133 api_spamming
  • 0.08 infostealer_ftp
  • 0.069 antivm_generic_scsi
  • 0.051 md_domain_bl
  • 0.047 infostealer_im
  • 0.045 antianalysis_detectreg
  • 0.038 antivm_generic_services
  • 0.034 stealth_file
  • 0.033 mimics_filetime
  • 0.033 md_bad_drop
  • 0.029 antivm_generic_disk
  • 0.026 infostealer_mail
  • 0.021 bootkit
  • 0.021 antiav_detectfile
  • 0.02 virus
  • 0.016 stealth_network
  • 0.016 vawtrak_behavior
  • 0.014 dridex_behavior
  • 0.014 betabot_behavior
  • 0.014 infostealer_bitcoin
  • 0.013 geodo_banking_trojan
  • 0.012 kibex_behavior
  • 0.011 antiemu_wine_func
  • 0.011 hancitor_behavior
  • 0.011 antivm_xen_keys
  • 0.011 darkcomet_regkeys
  • 0.01 kovter_behavior
  • 0.01 antivm_parallels_keys
  • 0.009 clickfraud_cookies
  • 0.009 infostealer_browser_password
  • 0.009 antidbg_windows
  • 0.009 persistence_autorun
  • 0.008 andromeda_behavior
  • 0.008 antivm_vbox_files
  • 0.008 ransomware_extensions
  • 0.007 injection_createremotethread
  • 0.007 shifu_behavior
  • 0.007 antivm_generic_diskreg
  • 0.007 ransomware_files
  • 0.006 ransomware_message
  • 0.006 antivm_vbox_libs
  • 0.006 recon_fingerprint
  • 0.005 hawkeye_behavior
  • 0.005 injection_runpe
  • 0.004 antiav_avast_libs
  • 0.004 stack_pivot
  • 0.004 Locky_behavior
  • 0.004 heapspray_js
  • 0.004 dead_connect
  • 0.004 antivm_vmware_events
  • 0.004 cryptowall_behavior
  • 0.004 antisandbox_productid
  • 0.004 antivm_vbox_keys
  • 0.004 antivm_vmware_keys
  • 0.004 disables_browser_warn
  • 0.003 tinba_behavior
  • 0.003 rat_nanocore
  • 0.003 network_anomaly
  • 0.003 antisandbox_sunbelt_libs
  • 0.003 kazybot_behavior
  • 0.003 exec_crash
  • 0.003 cerber_behavior
  • 0.003 antidbg_devices
  • 0.003 antivm_xen_keys
  • 0.003 antivm_hyperv_keys
  • 0.003 antivm_vbox_acpi
  • 0.003 antivm_vpc_keys
  • 0.003 bypass_firewall
  • 0.003 network_torgateway
  • 0.003 packer_armadillo_regkey
  • 0.002 internet_dropper
  • 0.002 network_tor
  • 0.002 rat_luminosity
  • 0.002 virtualcheck_js
  • 0.002 injection_explorer
  • 0.002 kelihos_behavior
  • 0.002 antisandbox_sboxie_libs
  • 0.002 ipc_namedpipe
  • 0.002 antiav_bitdefender_libs
  • 0.002 dyre_behavior
  • 0.002 ispy_behavior
  • 0.002 antivm_generic_bios
  • 0.002 antivm_generic_cpu
  • 0.002 antivm_generic_system
  • 0.002 browser_security
  • 0.002 rat_pcclient
  • 0.002 recon_programs
  • 0.001 persistence_bootexecute
  • 0.001 upatre_behavior
  • 0.001 antivm_vmware_libs
  • 0.001 antivm_vbox_window
  • 0.001 sets_autoconfig_url
  • 0.001 modifies_desktop_wallpaper
  • 0.001 chimera_behavior
  • 0.001 java_js
  • 0.001 network_bind
  • 0.001 ursnif_behavior
  • 0.001 h1n1_behavior
  • 0.001 antisandbox_script_timer
  • 0.001 silverlight_js
  • 0.001 securityxploded_modules
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_vmware_files
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 codelux_behavior
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 ie_martian_children
  • 0.001 modify_uac_prompt
  • 0.001 rat_spynet
  • 0.001 sniffer_winpcap
  • 0.001 stealth_hide_notifications
  • 0.001 targeted_flame
  • 0.001 whois_create

Reporting ( 1.314 seconds )

  • 1.314 ReportHTMLSummary
Task ID 122397
Mongo ID 5a30d05abb7d5720df124e7e
Cuckoo release 1.4-Maldun