恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-shaapp01-1	2018-07-20 20:40:46	2018-07-20 20:43:08	142 秒

魔盾分数

4.2

可疑的

文件详细信息

文件名	飞车内部辅助TiMi科技.exe
文件大小	1648030 字节
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	d7bbb1f3265579caf53589cec17a3221
SHA1	3100e502d6aaeac4725911ed596ec40e68e90f71
SHA256	987575628c76a131ac32c2c51a243e7d1140ede292f189e9efbd8f1a4f958bc6
SHA512	054df1a892ce1a1be126ec73eefb97e507af398c6de5098c611295a7b620342a40971cce6745d3ea6ccd7045d59b9aca09d320ed542f45c38c408c598b2db186
CRC32	E67ECE9A
Ssdeep	24576:rjl/IEMtgf70BkWXpnC2mTWmAFdshIEWmQPP9HXf7ZT5FECMRS1/I8geKat7QoYx:aET0uWnP9HXf7ZT5FERG1KIIHlL
Yara	登录查看Yara规则
	样本下载提交漏报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	117.41.241.143	未知	中国
否	124.226.64.23	未知	中国
否	14.215.138.58	未知	中国
否	180.101.153.18	未知	中国
否	180.163.21.72	未知	中国
否	180.97.146.150	未知	中国
否	183.3.225.118	未知	中国
否	222.218.81.12	未知	中国
否	58.216.96.21	未知	中国

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
speedm.qq.com	未知	CNAME x2.tcdn.qq.com A 124.226.64.24 A 222.218.81.13 A 124.226.64.27 A 222.218.81.12 A 222.218.81.11 CNAME fcsy.qq.com.cloud.tc.qq.com A 124.226.64.23 A 222.218.81.14
game.gtimg.cn	未知	CNAME p21.tc.qq.com A 58.216.96.17 A 180.97.146.149 A 221.228.67.167 A 58.216.96.19 CNAME game.gtimg.cn.cloud.tc.qq.com A 58.216.96.18 A 180.101.153.19 A 180.97.146.148 A 180.101.153.18 A 222.186.49.17 A 180.101.153.21 CNAME p21.tcdn.qq.com A 180.97.146.150 A 58.216.96.22 A 222.186.49.18 A 180.101.153.22 A 58.216.6.20 A 58.216.96.21
ossweb-img.qq.com	CNAME x2.tc.qq.com CNAME ossweb-img.tcdn.qq.com CNAME ossweb-img.tc.qq.com
game.qq.com	未知	CNAME game.qq.com.cloud.tc.qq.com
apps.game.qq.com	未知	A 180.163.21.72
pingfore.qq.com	未知	A 183.3.226.30 A 183.3.225.118
ams.qq.com	未知	CNAME web.gw.qq.com.cloud.tc.qq.com
ocsp.globalsign.com	未知	A 61.191.60.33 CNAME globalsign.com.cdn.dnsv1.com A 14.215.166.205 CNAME globalsign.com.s2.cdntip.com A 27.148.185.31 A 61.140.13.246 A 27.148.185.30 CNAME global.prd.cdn.globalsign.com A 113.107.216.84 A 27.148.185.33 A 27.148.185.32 A 27.152.185.163 A 125.78.252.35 A 125.78.252.34 A 42.81.92.43 A 61.191.60.32 A 27.152.185.164 A 113.105.155.251
crl.globalsign.com	未知	A 125.76.247.210 CNAME globalsign.com.w.kunlunar.com
app.ingame.qq.com	未知	A 14.215.138.58
vm.gtimg.cn	未知	A 59.63.237.25 A 59.63.237.23 CNAME ssd.tcdn.qq.com A 117.41.241.155 A 117.41.241.159 A 117.41.241.156 A 59.63.235.21 A 59.63.237.26 A 117.41.241.157 A 59.63.235.22 A 117.41.241.147 A 59.63.235.24 CNAME ssd.tc.qq.com CNAME vm.gtimg.cn.cloud.tc.qq.com A 117.41.241.151 A 117.41.241.143 A 117.41.241.145 A 117.41.241.142 A 117.41.241.158

摘要

登录查看详细行为信息

PE 信息

初始地址	0x00400000
入口地址	0x004c1c68
声明校验值	0x00000000
实际校验值	0x001a1ba8
最低操作系统版本要求	4.0
编译时间	2015-10-29 01:16:01
载入哈希	f222d22d7e4bde7e9a01ff287ef3c569
图标
图标精确哈希值	30dd737f7c6062e1424d3ce066e629e6
图标相似性哈希值	6364d8832fea5e4264fcd100a75c74d0

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x000bfbd4	0x000bfc00	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.54
.itext	0x000c1000	0x00000cb0	0x00000e00	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	5.98
.data	0x000c2000	0x00006814	0x00006a00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	6.22
.bss	0x000c9000	0x00005eac	0x00000000	IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	0.00
.idata	0x000cf000	0x00003078	0x00003200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	5.12
.tls	0x000d3000	0x00000034	0x00000000	IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	0.00
.rdata	0x000d4000	0x00000018	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	0.21
.reloc	0x000d5000	0x0000deec	0x0000e000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	6.65
.rsrc	0x000e3000	0x0000b458	0x0000b600	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.49

覆盖

偏移量	0x000e4200
大小	0x000ae39e

资源

名称	偏移量	大小	语言	子语言	熵(Entropy)	文件类型
RT_CURSOR	0x000e45d8	0x00000134	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.92	data
RT_CURSOR	0x000e45d8	0x00000134	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.92	data
RT_CURSOR	0x000e45d8	0x00000134	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.92	data
RT_CURSOR	0x000e45d8	0x00000134	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.92	data
RT_CURSOR	0x000e45d8	0x00000134	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.92	data
RT_CURSOR	0x000e45d8	0x00000134	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.92	data
RT_CURSOR	0x000e45d8	0x00000134	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.92	data
RT_BITMAP	0x000e6160	0x000000e0	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.51	GLS_BINARY_LSB_FIRST
RT_BITMAP	0x000e6160	0x000000e0	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.51	GLS_BINARY_LSB_FIRST
RT_BITMAP	0x000e6160	0x000000e0	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.51	GLS_BINARY_LSB_FIRST
RT_BITMAP	0x000e6160	0x000000e0	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.51	GLS_BINARY_LSB_FIRST
RT_BITMAP	0x000e6160	0x000000e0	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.51	GLS_BINARY_LSB_FIRST
RT_BITMAP	0x000e6160	0x000000e0	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.51	GLS_BINARY_LSB_FIRST
RT_BITMAP	0x000e6160	0x000000e0	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.51	GLS_BINARY_LSB_FIRST
RT_BITMAP	0x000e6160	0x000000e0	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.51	GLS_BINARY_LSB_FIRST
RT_BITMAP	0x000e6160	0x000000e0	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.51	GLS_BINARY_LSB_FIRST
RT_BITMAP	0x000e6160	0x000000e0	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.51	GLS_BINARY_LSB_FIRST
RT_BITMAP	0x000e6160	0x000000e0	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.51	GLS_BINARY_LSB_FIRST
RT_BITMAP	0x000e6160	0x000000e0	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.51	GLS_BINARY_LSB_FIRST
RT_BITMAP	0x000e6160	0x000000e0	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.51	GLS_BINARY_LSB_FIRST
RT_BITMAP	0x000e6160	0x000000e0	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.51	GLS_BINARY_LSB_FIRST
RT_BITMAP	0x000e6160	0x000000e0	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.51	GLS_BINARY_LSB_FIRST
RT_BITMAP	0x000e6160	0x000000e0	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.51	GLS_BINARY_LSB_FIRST
RT_BITMAP	0x000e6160	0x000000e0	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.51	GLS_BINARY_LSB_FIRST
RT_BITMAP	0x000e6160	0x000000e0	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.51	GLS_BINARY_LSB_FIRST
RT_BITMAP	0x000e6160	0x000000e0	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.51	GLS_BINARY_LSB_FIRST
RT_BITMAP	0x000e6160	0x000000e0	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.51	GLS_BINARY_LSB_FIRST
RT_BITMAP	0x000e6160	0x000000e0	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.51	GLS_BINARY_LSB_FIRST
RT_ICON	0x000e6240	0x000025a8	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.46	dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0
RT_STRING	0x000eccb4	0x000002c0	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.29	data
RT_STRING	0x000eccb4	0x000002c0	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.29	data
RT_STRING	0x000eccb4	0x000002c0	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.29	data
RT_STRING	0x000eccb4	0x000002c0	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.29	data
RT_STRING	0x000eccb4	0x000002c0	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.29	data
RT_STRING	0x000eccb4	0x000002c0	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.29	data
RT_STRING	0x000eccb4	0x000002c0	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.29	data
RT_STRING	0x000eccb4	0x000002c0	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.29	data
RT_STRING	0x000eccb4	0x000002c0	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.29	data
RT_STRING	0x000eccb4	0x000002c0	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.29	data
RT_STRING	0x000eccb4	0x000002c0	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.29	data
RT_STRING	0x000eccb4	0x000002c0	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.29	data
RT_STRING	0x000eccb4	0x000002c0	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.29	data
RT_STRING	0x000eccb4	0x000002c0	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.29	data
RT_STRING	0x000eccb4	0x000002c0	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.29	data
RT_STRING	0x000eccb4	0x000002c0	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.29	data
RT_STRING	0x000eccb4	0x000002c0	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.29	data
RT_STRING	0x000eccb4	0x000002c0	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.29	data
RT_STRING	0x000eccb4	0x000002c0	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.29	data
RT_STRING	0x000eccb4	0x000002c0	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.29	data
RT_STRING	0x000eccb4	0x000002c0	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.29	data
RT_STRING	0x000eccb4	0x000002c0	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.29	data
RT_STRING	0x000eccb4	0x000002c0	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.29	data
RT_STRING	0x000eccb4	0x000002c0	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.29	data
RT_RCDATA	0x000ed66c	0x00000bd6	LANG_NEUTRAL	SUBLANG_NEUTRAL	5.85	Delphi compiled form 'TForm2'
RT_RCDATA	0x000ed66c	0x00000bd6	LANG_NEUTRAL	SUBLANG_NEUTRAL	5.85	Delphi compiled form 'TForm2'
RT_RCDATA	0x000ed66c	0x00000bd6	LANG_NEUTRAL	SUBLANG_NEUTRAL	5.85	Delphi compiled form 'TForm2'
RT_GROUP_CURSOR	0x000ee2bc	0x00000014	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.02	MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR	0x000ee2bc	0x00000014	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.02	MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR	0x000ee2bc	0x00000014	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.02	MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR	0x000ee2bc	0x00000014	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.02	MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR	0x000ee2bc	0x00000014	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.02	MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR	0x000ee2bc	0x00000014	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.02	MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR	0x000ee2bc	0x00000014	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.02	MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_ICON	0x000ee2d0	0x00000014	LANG_ENGLISH	SUBLANG_ENGLISH_US	1.92	MS Windows icon resource - 1 icon, 48x48
RT_MANIFEST	0x000ee2e4	0x00000172	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.89	XML 1.0 document, ASCII text, with CRLF line terminators

导入

库: oleaut32.dll:

• 0x4cf904 SysFreeString

• 0x4cf908 SysReAllocStringLen

• 0x4cf90c SysAllocStringLen

库: advapi32.dll:

• 0x4cf914 RegQueryValueExA

• 0x4cf918 RegOpenKeyExA

• 0x4cf91c RegCloseKey

库: user32.dll:

• 0x4cf924 GetKeyboardType

• 0x4cf928 DestroyWindow

• 0x4cf92c LoadStringA

• 0x4cf930 MessageBoxA

• 0x4cf934 CharNextA

库: kernel32.dll:

• 0x4cf93c GetACP

• 0x4cf940 Sleep

• 0x4cf944 VirtualFree

• 0x4cf948 VirtualAlloc

• 0x4cf94c GetCurrentThreadId

• 0x4cf950 InterlockedDecrement

• 0x4cf954 InterlockedIncrement

• 0x4cf958 VirtualQuery

• 0x4cf95c WideCharToMultiByte

• 0x4cf960 SetCurrentDirectoryA

• 0x4cf964 MultiByteToWideChar

• 0x4cf968 lstrlenA

• 0x4cf96c lstrcpynA

• 0x4cf970 LoadLibraryExA

• 0x4cf974 GetThreadLocale

• 0x4cf978 GetStartupInfoA

• 0x4cf97c GetProcAddress

• 0x4cf980 GetModuleHandleA

• 0x4cf984 GetModuleFileNameA

• 0x4cf988 GetLocaleInfoA

• 0x4cf98c GetLastError

• 0x4cf990 GetCurrentDirectoryA

• 0x4cf994 GetCommandLineA

• 0x4cf998 FreeLibrary

• 0x4cf99c FindFirstFileA

• 0x4cf9a0 FindClose

• 0x4cf9a4 CreateDirectoryA

• 0x4cf9a8 ExitProcess

• 0x4cf9ac ExitThread

• 0x4cf9b0 CreateThread

• 0x4cf9b4 CompareStringA

• 0x4cf9b8 WriteFile

• 0x4cf9bc UnhandledExceptionFilter

• 0x4cf9c0 SetFilePointer

• 0x4cf9c4 SetEndOfFile

• 0x4cf9c8 RtlUnwind

• 0x4cf9cc ReadFile

• 0x4cf9d0 RaiseException

• 0x4cf9d4 GetStdHandle

• 0x4cf9d8 GetFileSize

• 0x4cf9dc GetFileType

• 0x4cf9e0 CreateFileA

• 0x4cf9e4 CloseHandle

库: kernel32.dll:

• 0x4cf9ec TlsSetValue

• 0x4cf9f0 TlsGetValue

• 0x4cf9f4 LocalAlloc

• 0x4cf9f8 GetModuleHandleA

库: user32.dll:

• 0x4cfa00 CreateWindowExA

• 0x4cfa04 WindowFromPoint

• 0x4cfa08 WaitMessage

• 0x4cfa0c UpdateWindow

• 0x4cfa10 UnregisterClassA

• 0x4cfa14 UnhookWindowsHookEx

• 0x4cfa18 TranslateMessage

• 0x4cfa1c TranslateMDISysAccel

• 0x4cfa20 TrackPopupMenu

• 0x4cfa24 SystemParametersInfoA

• 0x4cfa28 ShowWindow

• 0x4cfa2c ShowScrollBar

• 0x4cfa30 ShowOwnedPopups

• 0x4cfa34 SetWindowsHookExA

• 0x4cfa38 SetWindowTextA

• 0x4cfa3c SetWindowPos

• 0x4cfa40 SetWindowPlacement

• 0x4cfa44 SetWindowLongW

• 0x4cfa48 SetWindowLongA

• 0x4cfa4c SetTimer

• 0x4cfa50 SetScrollRange

• 0x4cfa54 SetScrollPos

• 0x4cfa58 SetScrollInfo

• 0x4cfa5c SetRect

• 0x4cfa60 SetPropA

• 0x4cfa64 SetParent

• 0x4cfa68 SetMenuItemInfoA

• 0x4cfa6c SetMenu

• 0x4cfa70 SetForegroundWindow

• 0x4cfa74 SetFocus

• 0x4cfa78 SetCursor

• 0x4cfa7c SetClipboardData

• 0x4cfa80 SetClassLongA

• 0x4cfa84 SetCapture

• 0x4cfa88 SetActiveWindow

• 0x4cfa8c SendMessageW

• 0x4cfa90 SendMessageA

• 0x4cfa94 ScrollWindow

• 0x4cfa98 ScreenToClient

• 0x4cfa9c RemovePropA

• 0x4cfaa0 RemoveMenu

• 0x4cfaa4 ReleaseDC

• 0x4cfaa8 ReleaseCapture

• 0x4cfaac RegisterWindowMessageA

• 0x4cfab0 RegisterClipboardFormatA

• 0x4cfab4 RegisterClassA

• 0x4cfab8 RedrawWindow

• 0x4cfabc PtInRect

• 0x4cfac0 PostQuitMessage

• 0x4cfac4 PostMessageA

• 0x4cfac8 PeekMessageW

• 0x4cfacc PeekMessageA

• 0x4cfad0 OpenClipboard

• 0x4cfad4 OffsetRect

• 0x4cfad8 OemToCharA

• 0x4cfadc MsgWaitForMultipleObjects

• 0x4cfae0 MessageBoxA

• 0x4cfae4 MessageBeep

• 0x4cfae8 MapWindowPoints

• 0x4cfaec MapVirtualKeyA

• 0x4cfaf0 LoadStringA

• 0x4cfaf4 LoadKeyboardLayoutA

• 0x4cfaf8 LoadIconA

• 0x4cfafc LoadCursorA

• 0x4cfb00 LoadBitmapA

• 0x4cfb04 KillTimer

• 0x4cfb08 IsZoomed

• 0x4cfb0c IsWindowVisible

• 0x4cfb10 IsWindowUnicode

• 0x4cfb14 IsWindowEnabled

• 0x4cfb18 IsWindow

• 0x4cfb1c IsRectEmpty

• 0x4cfb20 IsIconic

• 0x4cfb24 IsDialogMessageW

• 0x4cfb28 IsDialogMessageA

• 0x4cfb2c IsChild

• 0x4cfb30 InvalidateRect

• 0x4cfb34 IntersectRect

• 0x4cfb38 InsertMenuItemA

• 0x4cfb3c InsertMenuA

• 0x4cfb40 InflateRect

• 0x4cfb44 GetWindowThreadProcessId

• 0x4cfb48 GetWindowTextA

• 0x4cfb4c GetWindowRect

• 0x4cfb50 GetWindowPlacement

• 0x4cfb54 GetWindowLongW

• 0x4cfb58 GetWindowLongA

• 0x4cfb5c GetWindowDC

• 0x4cfb60 GetTopWindow

• 0x4cfb64 GetSystemMetrics

• 0x4cfb68 GetSystemMenu

• 0x4cfb6c GetSysColorBrush

• 0x4cfb70 GetSysColor

• 0x4cfb74 GetSubMenu

• 0x4cfb78 GetScrollRange

• 0x4cfb7c GetScrollPos

• 0x4cfb80 GetScrollInfo

• 0x4cfb84 GetPropA

• 0x4cfb88 GetParent

• 0x4cfb8c GetWindow

• 0x4cfb90 GetMessageTime

• 0x4cfb94 GetMessagePos

• 0x4cfb98 GetMenuStringA

• 0x4cfb9c GetMenuState

• 0x4cfba0 GetMenuItemInfoA

• 0x4cfba4 GetMenuItemID

• 0x4cfba8 GetMenuItemCount

• 0x4cfbac GetMenu

• 0x4cfbb0 GetLastActivePopup

• 0x4cfbb4 GetKeyboardState

• 0x4cfbb8 GetKeyboardLayoutNameA

• 0x4cfbbc GetKeyboardLayoutList

• 0x4cfbc0 GetKeyboardLayout

• 0x4cfbc4 GetKeyState

• 0x4cfbc8 GetKeyNameTextA

• 0x4cfbcc GetIconInfo

• 0x4cfbd0 GetForegroundWindow

• 0x4cfbd4 GetFocus

• 0x4cfbd8 GetDlgItem

• 0x4cfbdc GetDesktopWindow

• 0x4cfbe0 GetDCEx

• 0x4cfbe4 GetDC

• 0x4cfbe8 GetCursorPos

• 0x4cfbec GetCursor

• 0x4cfbf0 GetClipboardData

• 0x4cfbf4 GetClientRect

• 0x4cfbf8 GetClassLongA

• 0x4cfbfc GetClassInfoA

• 0x4cfc00 GetCapture

• 0x4cfc04 GetActiveWindow

• 0x4cfc08 FrameRect

• 0x4cfc0c FindWindowA

• 0x4cfc10 FillRect

• 0x4cfc14 EqualRect

• 0x4cfc18 EnumWindows

• 0x4cfc1c EnumThreadWindows

• 0x4cfc20 EnumClipboardFormats

• 0x4cfc24 EnumChildWindows

• 0x4cfc28 EndPaint

• 0x4cfc2c EnableWindow

• 0x4cfc30 EnableScrollBar

• 0x4cfc34 EnableMenuItem

• 0x4cfc38 EmptyClipboard

• 0x4cfc3c DrawTextA

• 0x4cfc40 DrawMenuBar

• 0x4cfc44 DrawIconEx

• 0x4cfc48 DrawIcon

• 0x4cfc4c DrawFrameControl

• 0x4cfc50 DrawFocusRect

• 0x4cfc54 DrawEdge

• 0x4cfc58 DispatchMessageW

• 0x4cfc5c DispatchMessageA

• 0x4cfc60 DestroyWindow

• 0x4cfc64 DestroyMenu

• 0x4cfc68 DestroyIcon

• 0x4cfc6c DestroyCursor

• 0x4cfc70 DeleteMenu

• 0x4cfc74 DefWindowProcA

• 0x4cfc78 DefMDIChildProcA

• 0x4cfc7c DefFrameProcA

• 0x4cfc80 CreatePopupMenu

• 0x4cfc84 CreateMenu

• 0x4cfc88 CreateIcon

• 0x4cfc8c CloseClipboard

• 0x4cfc90 ClientToScreen

• 0x4cfc94 CheckMenuItem

• 0x4cfc98 CallWindowProcA

• 0x4cfc9c CallNextHookEx

• 0x4cfca0 BeginPaint

• 0x4cfca4 CharNextA

• 0x4cfca8 CharLowerBuffA

• 0x4cfcac CharLowerA

• 0x4cfcb0 CharUpperBuffA

• 0x4cfcb4 CharToOemA

• 0x4cfcb8 AdjustWindowRectEx

• 0x4cfcbc ActivateKeyboardLayout

库: gdi32.dll:

• 0x4cfcc4 UnrealizeObject

• 0x4cfcc8 StretchBlt

• 0x4cfccc SetWindowOrgEx

• 0x4cfcd0 SetWinMetaFileBits

• 0x4cfcd4 SetViewportOrgEx

• 0x4cfcd8 SetTextColor

• 0x4cfcdc SetStretchBltMode

• 0x4cfce0 SetROP2

• 0x4cfce4 SetPixel

• 0x4cfce8 SetMapMode

• 0x4cfcec SetEnhMetaFileBits

• 0x4cfcf0 SetDIBColorTable

• 0x4cfcf4 SetBrushOrgEx

• 0x4cfcf8 SetBkMode

• 0x4cfcfc SetBkColor

• 0x4cfd00 SelectPalette

• 0x4cfd04 SelectObject

• 0x4cfd08 SelectClipRgn

• 0x4cfd0c SaveDC

• 0x4cfd10 RestoreDC

• 0x4cfd14 Rectangle

• 0x4cfd18 RectVisible

• 0x4cfd1c RealizePalette

• 0x4cfd20 Polyline

• 0x4cfd24 PlayEnhMetaFile

• 0x4cfd28 PatBlt

• 0x4cfd2c MoveToEx

• 0x4cfd30 MaskBlt

• 0x4cfd34 LineTo

• 0x4cfd38 LPtoDP

• 0x4cfd3c IntersectClipRect

• 0x4cfd40 GetWindowOrgEx

• 0x4cfd44 GetWinMetaFileBits

• 0x4cfd48 GetTextMetricsA

• 0x4cfd4c GetTextExtentPointA

• 0x4cfd50 GetTextExtentPoint32A

• 0x4cfd54 GetSystemPaletteEntries

• 0x4cfd58 GetStockObject

• 0x4cfd5c GetRgnBox

• 0x4cfd60 GetPixel

• 0x4cfd64 GetPaletteEntries

• 0x4cfd68 GetObjectA

• 0x4cfd6c GetEnhMetaFilePaletteEntries

• 0x4cfd70 GetEnhMetaFileHeader

• 0x4cfd74 GetEnhMetaFileDescriptionA

• 0x4cfd78 GetEnhMetaFileBits

• 0x4cfd7c GetDeviceCaps

• 0x4cfd80 GetDIBits

• 0x4cfd84 GetDIBColorTable

• 0x4cfd88 GetDCOrgEx

• 0x4cfd8c GetCurrentPositionEx

• 0x4cfd90 GetClipBox

• 0x4cfd94 GetBrushOrgEx

• 0x4cfd98 GetBitmapBits

• 0x4cfd9c ExtTextOutA

• 0x4cfda0 ExcludeClipRect

• 0x4cfda4 DeleteObject

• 0x4cfda8 DeleteEnhMetaFile

• 0x4cfdac DeleteDC

• 0x4cfdb0 CreateSolidBrush

• 0x4cfdb4 CreatePenIndirect

• 0x4cfdb8 CreatePalette

• 0x4cfdbc CreateHalftonePalette

• 0x4cfdc0 CreateFontIndirectA

• 0x4cfdc4 CreateEnhMetaFileA

• 0x4cfdc8 CreateDIBitmap

• 0x4cfdcc CreateDIBSection

• 0x4cfdd0 CreateCompatibleDC

• 0x4cfdd4 CreateCompatibleBitmap

• 0x4cfdd8 CreateBrushIndirect

• 0x4cfddc CreateBitmap

• 0x4cfde0 CopyEnhMetaFileA

• 0x4cfde4 CloseEnhMetaFile

• 0x4cfde8 BitBlt

库: version.dll:

• 0x4cfdf0 VerQueryValueA

• 0x4cfdf4 GetFileVersionInfoSizeA

• 0x4cfdf8 GetFileVersionInfoA

库: mpr.dll:

• 0x4cfe00 WNetGetConnectionA

库: kernel32.dll:

• 0x4cfe08 lstrcpyA

• 0x4cfe0c WriteFile

• 0x4cfe10 WaitForSingleObject

• 0x4cfe14 VirtualQuery

• 0x4cfe18 VirtualAlloc

• 0x4cfe1c TerminateProcess

• 0x4cfe20 Sleep

• 0x4cfe24 SizeofResource

• 0x4cfe28 SetThreadLocale

• 0x4cfe2c SetFileTime

• 0x4cfe30 SetFilePointer

• 0x4cfe34 SetFileAttributesA

• 0x4cfe38 SetEvent

• 0x4cfe3c SetErrorMode

• 0x4cfe40 SetEndOfFile

• 0x4cfe44 ResumeThread

• 0x4cfe48 ResetEvent

• 0x4cfe4c ReadFile

• 0x4cfe50 RaiseException

• 0x4cfe54 QueryPerformanceFrequency

• 0x4cfe58 QueryPerformanceCounter

• 0x4cfe5c OpenProcess

• 0x4cfe60 MultiByteToWideChar

• 0x4cfe64 MulDiv

• 0x4cfe68 LockResource

• 0x4cfe6c LocalFileTimeToFileTime

• 0x4cfe70 LoadResource

• 0x4cfe74 LoadLibraryA

• 0x4cfe78 LeaveCriticalSection

• 0x4cfe7c IsValidLocale

• 0x4cfe80 InitializeCriticalSection

• 0x4cfe84 GlobalUnlock

• 0x4cfe88 GlobalSize

• 0x4cfe8c GlobalLock

• 0x4cfe90 GlobalFree

• 0x4cfe94 GlobalFindAtomA

• 0x4cfe98 GlobalDeleteAtom

• 0x4cfe9c GlobalAlloc

• 0x4cfea0 GlobalAddAtomA

• 0x4cfea4 GetVolumeInformationA

• 0x4cfea8 GetVersionExA

• 0x4cfeac GetVersion

• 0x4cfeb0 GetUserDefaultLCID

• 0x4cfeb4 GetTimeZoneInformation

• 0x4cfeb8 GetTickCount

• 0x4cfebc GetThreadLocale

• 0x4cfec0 GetTempPathA

• 0x4cfec4 GetStdHandle

• 0x4cfec8 GetProcAddress

• 0x4cfecc GetModuleHandleA

• 0x4cfed0 GetModuleFileNameA

• 0x4cfed4 GetLogicalDrives

• 0x4cfed8 GetLocaleInfoA

• 0x4cfedc GetLocalTime

• 0x4cfee0 GetLastError

• 0x4cfee4 GetFullPathNameA

• 0x4cfee8 GetFileTime

• 0x4cfeec GetFileSize

• 0x4cfef0 GetFileAttributesA

• 0x4cfef4 GetExitCodeThread

• 0x4cfef8 GetDriveTypeA

• 0x4cfefc GetDiskFreeSpaceA

• 0x4cff00 GetDateFormatA

• 0x4cff04 GetCurrentThreadId

• 0x4cff08 GetCurrentProcessId

• 0x4cff0c GetComputerNameA

• 0x4cff10 GetCPInfo

• 0x4cff14 FreeResource

• 0x4cff18 InterlockedIncrement

• 0x4cff1c InterlockedExchange

• 0x4cff20 InterlockedDecrement

• 0x4cff24 FreeLibrary

• 0x4cff28 FormatMessageA

• 0x4cff2c FlushFileBuffers

• 0x4cff30 FindResourceA

• 0x4cff34 FindNextFileA

• 0x4cff38 FindFirstFileA

• 0x4cff3c FindClose

• 0x4cff40 FileTimeToLocalFileTime

• 0x4cff44 FileTimeToDosDateTime

• 0x4cff48 EnumCalendarInfoA

• 0x4cff4c EnterCriticalSection

• 0x4cff50 DosDateTimeToFileTime

• 0x4cff54 DeleteFileA

• 0x4cff58 DeleteCriticalSection

• 0x4cff5c CreateThread

• 0x4cff60 CreateFileA

• 0x4cff64 CreateEventA

• 0x4cff68 CreateDirectoryA

• 0x4cff6c CompareStringA

• 0x4cff70 CloseHandle

库: advapi32.dll:

• 0x4cff78 RegQueryValueExA

• 0x4cff7c RegOpenKeyExA

• 0x4cff80 RegFlushKey

• 0x4cff84 RegCreateKeyExA

• 0x4cff88 RegCloseKey

库: oleaut32.dll:

• 0x4cff90 GetErrorInfo

• 0x4cff94 GetActiveObject

• 0x4cff98 SysFreeString

库: ole32.dll:

• 0x4cffa0 CreateStreamOnHGlobal

• 0x4cffa4 IsAccelerator

• 0x4cffa8 OleDraw

• 0x4cffac OleSetMenuDescriptor

• 0x4cffb0 CoTaskMemFree

• 0x4cffb4 CoTaskMemAlloc

• 0x4cffb8 ProgIDFromCLSID

• 0x4cffbc StringFromCLSID

• 0x4cffc0 CoCreateInstance

• 0x4cffc4 CoGetClassObject

• 0x4cffc8 CoUninitialize

• 0x4cffcc CoInitialize

• 0x4cffd0 IsEqualGUID

库: kernel32.dll:

• 0x4cffd8 Sleep

库: ole32.dll:

• 0x4cffe0 CLSIDFromString

库: oleaut32.dll:

• 0x4cffe8 SafeArrayPtrOfIndex

• 0x4cffec SafeArrayGetElement

• 0x4cfff0 SafeArrayGetUBound

• 0x4cfff4 SafeArrayGetLBound

• 0x4cfff8 SafeArrayCreate

• 0x4cfffc VariantChangeType

• 0x4d0000 VariantCopyInd

• 0x4d0004 VariantCopy

• 0x4d0008 VariantClear

• 0x4d000c VariantInit

库: comctl32.dll:

• 0x4d0014 _TrackMouseEvent

• 0x4d0018 ImageList_SetIconSize

• 0x4d001c ImageList_GetIconSize

• 0x4d0020 ImageList_Write

• 0x4d0024 ImageList_Read

• 0x4d0028 ImageList_DragShowNolock

• 0x4d002c ImageList_DragMove

• 0x4d0030 ImageList_DragLeave

• 0x4d0034 ImageList_DragEnter

• 0x4d0038 ImageList_EndDrag

• 0x4d003c ImageList_BeginDrag

• 0x4d0040 ImageList_Remove

• 0x4d0044 ImageList_DrawEx

• 0x4d0048 ImageList_Draw

• 0x4d004c ImageList_GetBkColor

• 0x4d0050 ImageList_SetBkColor

• 0x4d0054 ImageList_Add

• 0x4d0058 ImageList_GetImageCount

• 0x4d005c ImageList_Destroy

• 0x4d0060 ImageList_Create

库: shell32.dll:

• 0x4d0068 ShellExecuteA

库: comdlg32.dll:

• 0x4d0070 GetOpenFileNameA

.text
`.itext
`.data
.idata
.rdata
@.reloc
B.rsrc
Int64
System
IInterface
 2004, 2005 Pierre le Riche / Professional Software Development
An unexpected memory leak has occurred. 
 bytes: 
Unknown
String
The sizes of unexpected leaked medium and large blocks are: 
Unexpected Memory Leak
UhZ2@
F <6@
F$<6@
F @6@
UhqC@
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
Uh@F@
PhHL@
Ph&O@
UhyP@
tCh|m@
kernel32.dll
GetLongPathNameA
Software\Borland\Locales
Software\Borland\Delphi\Locales
UhCv@
UhTw@
Magellan MSWHEEL
MouseZ
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
tagEXCEPINFO 
False
GetFileAttributesExA
kernel32.dll
AM/PM
D$LPj
WUWSj
m/d/yy
mmmm d, yyyy
 AMPM
AMPM 
:mm:ss
m/d/yy
mmmm d, yyyy
 AMPM
AMPM 
:mm:ss
kernel32.dll
GetDiskFreeSpaceExA
oleaut32.dll
VariantChangeTypeEx
VarNeg
VarNot
VarAdd
VarSub
VarMul
VarDiv
VarIdiv
VarMod
VarAnd
VarOr
VarXor
VarCmp
VarI4FromStr
VarR4FromStr
VarR8FromStr
VarDateFromStr
VarCyFromStr
VarBoolFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromBool
Variants
EVariantUnexpectedError,!A
Uh'"A
Uh~"A
Uhn#A
Uh21A
Uh~1A
Uh46A
Uhf;A
UhdEA
UhNFA
UheKA
UhiQA
UhpRA
Uh4^A
Uhf_A
Uh(eA
UhFfA
UhalA
UhguA
UhQwA
Uh${A
Uhy}A
Empty
Smallint
Integer
Single
Double
Currency
OleStr
Dispatch
Error
Boolean
Variant
Unknown
Decimal
ShortInt
LongWord
Int64
String
Array 
ByRef 
False
TNotifyEvent
TObject
Classes
Classes
Classes
Classes
Classes
Classes
Classes
TStringStream
Classes
%s[%d]
Strings
Owner

没有防病毒引擎扫描信息!

进程树

__________________TiMi______.exe id: 1808

搜索
__________________TiMi______.exe (1808)

__________________TiMi______.exe, PID: 1808, 上一级进程 PID: 1872

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	117.41.241.143	未知	中国
否	124.226.64.23	未知	中国
否	14.215.138.58	未知	中国
否	180.101.153.18	未知	中国
否	180.163.21.72	未知	中国
否	180.97.146.150	未知	中国
否	183.3.225.118	未知	中国
否	222.218.81.12	未知	中国
否	58.216.96.21	未知	中国

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	51863	117.41.241.143 vm.gtimg.cn	80
192.168.122.201	49160	124.226.64.23 speedm.qq.com	80
192.168.122.201	61642	124.226.64.23 speedm.qq.com	80
192.168.122.201	62922	124.226.64.23 speedm.qq.com	80
192.168.122.201	62923	124.226.64.23 speedm.qq.com	80
192.168.122.201	62924	124.226.64.23 speedm.qq.com	80
192.168.122.201	51862	125.76.247.210 crl.globalsign.com	80
192.168.122.201	63910	125.76.247.210 crl.globalsign.com	80
192.168.122.201	63911	125.76.247.210 crl.globalsign.com	80
192.168.122.201	63912	125.76.247.210 crl.globalsign.com	80
192.168.122.201	63913	125.76.247.210 crl.globalsign.com	80
192.168.122.201	63914	125.76.247.210 crl.globalsign.com	80
192.168.122.201	63917	125.76.247.210 crl.globalsign.com	80
192.168.122.201	63915	14.215.138.58 app.ingame.qq.com	80
192.168.122.201	61641	180.101.153.18 game.gtimg.cn	80
192.168.122.201	61643	180.163.21.72 apps.game.qq.com	80
192.168.122.201	51864	180.97.146.150 game.gtimg.cn	80
192.168.122.201	62912	180.97.146.150 game.gtimg.cn	80
192.168.122.201	62913	180.97.146.150 game.gtimg.cn	80
192.168.122.201	51865	183.3.225.118 pingfore.qq.com	443
192.168.122.201	61646	183.3.225.118 pingfore.qq.com	443
192.168.122.201	61647	183.3.225.118 pingfore.qq.com	443
192.168.122.201	49203	192.168.122.1	53
192.168.122.201	51861	192.168.122.1	53
192.168.122.201	53513	192.168.122.1	53
192.168.122.201	61640	192.168.122.1	53
192.168.122.201	62911	192.168.122.1	53
192.168.122.201	63909	192.168.122.1	53
192.168.122.201	61648	222.218.81.12 speedm.qq.com	80
192.168.122.201	61649	222.218.81.12 speedm.qq.com	80
192.168.122.201	62917	58.216.96.21 game.gtimg.cn	80
192.168.122.201	62918	58.216.96.21 game.gtimg.cn	80
192.168.122.201	62919	58.216.96.21 game.gtimg.cn	80
192.168.122.201	62920	58.216.96.21 game.gtimg.cn	80
192.168.122.201	51867	66.110.36.176	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	51722	192.168.122.1	53
192.168.122.201	52193	192.168.122.1	53
192.168.122.201	52846	192.168.122.1	53
192.168.122.201	52966	192.168.122.1	53
192.168.122.201	53222	192.168.122.1	53
192.168.122.201	53315	192.168.122.1	53
192.168.122.201	55895	192.168.122.1	53
192.168.122.201	58559	192.168.122.1	53
192.168.122.201	59602	192.168.122.1	53
192.168.122.201	60990	192.168.122.1	53
192.168.122.201	62843	192.168.122.1	53
192.168.122.201	63227	192.168.122.1	53
192.168.122.201	63650	192.168.122.1	53
192.168.122.201	63715	192.168.122.1	53
192.168.122.201	64841	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
speedm.qq.com	未知	CNAME x2.tcdn.qq.com A 124.226.64.24 A 222.218.81.13 A 124.226.64.27 A 222.218.81.12 A 222.218.81.11 CNAME fcsy.qq.com.cloud.tc.qq.com A 124.226.64.23 A 222.218.81.14
game.gtimg.cn	未知	CNAME p21.tc.qq.com A 58.216.96.17 A 180.97.146.149 A 221.228.67.167 A 58.216.96.19 CNAME game.gtimg.cn.cloud.tc.qq.com A 58.216.96.18 A 180.101.153.19 A 180.97.146.148 A 180.101.153.18 A 222.186.49.17 A 180.101.153.21 CNAME p21.tcdn.qq.com A 180.97.146.150 A 58.216.96.22 A 222.186.49.18 A 180.101.153.22 A 58.216.6.20 A 58.216.96.21
ossweb-img.qq.com	CNAME x2.tc.qq.com CNAME ossweb-img.tcdn.qq.com CNAME ossweb-img.tc.qq.com
game.qq.com	未知	CNAME game.qq.com.cloud.tc.qq.com
apps.game.qq.com	未知	A 180.163.21.72
pingfore.qq.com	未知	A 183.3.226.30 A 183.3.225.118
ams.qq.com	未知	CNAME web.gw.qq.com.cloud.tc.qq.com
ocsp.globalsign.com	未知	A 61.191.60.33 CNAME globalsign.com.cdn.dnsv1.com A 14.215.166.205 CNAME globalsign.com.s2.cdntip.com A 27.148.185.31 A 61.140.13.246 A 27.148.185.30 CNAME global.prd.cdn.globalsign.com A 113.107.216.84 A 27.148.185.33 A 27.148.185.32 A 27.152.185.163 A 125.78.252.35 A 125.78.252.34 A 42.81.92.43 A 61.191.60.32 A 27.152.185.164 A 113.105.155.251
crl.globalsign.com	未知	A 125.76.247.210 CNAME globalsign.com.w.kunlunar.com
app.ingame.qq.com	未知	A 14.215.138.58
vm.gtimg.cn	未知	A 59.63.237.25 A 59.63.237.23 CNAME ssd.tcdn.qq.com A 117.41.241.155 A 117.41.241.159 A 117.41.241.156 A 59.63.235.21 A 59.63.237.26 A 117.41.241.157 A 59.63.235.22 A 117.41.241.147 A 59.63.235.24 CNAME ssd.tc.qq.com CNAME vm.gtimg.cn.cloud.tc.qq.com A 117.41.241.151 A 117.41.241.143 A 117.41.241.145 A 117.41.241.142 A 117.41.241.158

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	51863	117.41.241.143 vm.gtimg.cn	80
192.168.122.201	49160	124.226.64.23 speedm.qq.com	80
192.168.122.201	61642	124.226.64.23 speedm.qq.com	80
192.168.122.201	62922	124.226.64.23 speedm.qq.com	80
192.168.122.201	62923	124.226.64.23 speedm.qq.com	80
192.168.122.201	62924	124.226.64.23 speedm.qq.com	80
192.168.122.201	51862	125.76.247.210 crl.globalsign.com	80
192.168.122.201	63910	125.76.247.210 crl.globalsign.com	80
192.168.122.201	63911	125.76.247.210 crl.globalsign.com	80
192.168.122.201	63912	125.76.247.210 crl.globalsign.com	80
192.168.122.201	63913	125.76.247.210 crl.globalsign.com	80
192.168.122.201	63914	125.76.247.210 crl.globalsign.com	80
192.168.122.201	63917	125.76.247.210 crl.globalsign.com	80
192.168.122.201	63915	14.215.138.58 app.ingame.qq.com	80
192.168.122.201	61641	180.101.153.18 game.gtimg.cn	80
192.168.122.201	61643	180.163.21.72 apps.game.qq.com	80
192.168.122.201	51864	180.97.146.150 game.gtimg.cn	80
192.168.122.201	62912	180.97.146.150 game.gtimg.cn	80
192.168.122.201	62913	180.97.146.150 game.gtimg.cn	80
192.168.122.201	51865	183.3.225.118 pingfore.qq.com	443
192.168.122.201	61646	183.3.225.118 pingfore.qq.com	443
192.168.122.201	61647	183.3.225.118 pingfore.qq.com	443
192.168.122.201	49203	192.168.122.1	53
192.168.122.201	51861	192.168.122.1	53
192.168.122.201	53513	192.168.122.1	53
192.168.122.201	61640	192.168.122.1	53
192.168.122.201	62911	192.168.122.1	53
192.168.122.201	63909	192.168.122.1	53
192.168.122.201	61648	222.218.81.12 speedm.qq.com	80
192.168.122.201	61649	222.218.81.12 speedm.qq.com	80
192.168.122.201	62917	58.216.96.21 game.gtimg.cn	80
192.168.122.201	62918	58.216.96.21 game.gtimg.cn	80
192.168.122.201	62919	58.216.96.21 game.gtimg.cn	80
192.168.122.201	62920	58.216.96.21 game.gtimg.cn	80
192.168.122.201	51867	66.110.36.176	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	51722	192.168.122.1	53
192.168.122.201	52193	192.168.122.1	53
192.168.122.201	52846	192.168.122.1	53
192.168.122.201	52966	192.168.122.1	53
192.168.122.201	53222	192.168.122.1	53
192.168.122.201	53315	192.168.122.1	53
192.168.122.201	55895	192.168.122.1	53
192.168.122.201	58559	192.168.122.1	53
192.168.122.201	59602	192.168.122.1	53
192.168.122.201	60990	192.168.122.1	53
192.168.122.201	62843	192.168.122.1	53
192.168.122.201	63227	192.168.122.1	53
192.168.122.201	63650	192.168.122.1	53
192.168.122.201	63715	192.168.122.1	53
192.168.122.201	64841	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://speedm.qq.com/web201712/main.shtml	GET /web201712/main.shtml HTTP/1.1 Accept: / Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: speedm.qq.com Connection: Keep-Alive
URL专业沙箱检测 -> http://game.gtimg.cn/images/speedm/web201712/css/comm.css	GET /images/speedm/web201712/css/comm.css HTTP/1.1 Accept: / Referer: http://speedm.qq.com/web201712/main.shtml Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: game.gtimg.cn Connection: Keep-Alive
URL专业沙箱检测 -> http://game.gtimg.cn/images/speedm/web201712/img/spr.png	GET /images/speedm/web201712/img/spr.png HTTP/1.1 Accept: / Referer: http://speedm.qq.com/web201712/main.shtml Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: game.gtimg.cn Connection: Keep-Alive
URL专业沙箱检测 -> http://game.gtimg.cn/images/speedm/web201712/r-spr.png	GET /images/speedm/web201712/r-spr.png HTTP/1.1 Accept: / Referer: http://speedm.qq.com/web201712/main.shtml Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: game.gtimg.cn Connection: Keep-Alive
URL专业沙箱检测 -> http://game.gtimg.cn/images/speedm/web201712/zs-qrcode.jpg	GET /images/speedm/web201712/zs-qrcode.jpg HTTP/1.1 Accept: / Referer: http://speedm.qq.com/web201712/main.shtml Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: game.gtimg.cn Connection: Keep-Alive
URL专业沙箱检测 -> http://game.gtimg.cn/images/speedm/web201712/img/bg.png	GET /images/speedm/web201712/img/bg.png HTTP/1.1 Accept: / Referer: http://speedm.qq.com/web201712/main.shtml Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: game.gtimg.cn Connection: Keep-Alive
URL专业沙箱检测 -> http://game.gtimg.cn/images/speedm/web201712/img/btn_down.jpg	GET /images/speedm/web201712/img/btn_down.jpg HTTP/1.1 Accept: / Referer: http://speedm.qq.com/web201712/main.shtml Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: game.gtimg.cn Connection: Keep-Alive
URL专业沙箱检测 -> http://ossweb-img.qq.com/images/js/milo/util/jquery-1.11.3.min.js	GET /images/js/milo/util/jquery-1.11.3.min.js HTTP/1.1 Accept: / Referer: http://speedm.qq.com/web201712/main.shtml Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: ossweb-img.qq.com Connection: Keep-Alive
URL专业沙箱检测 -> http://ossweb-img.qq.com/images/js/milo/milo.js	GET /images/js/milo/milo.js HTTP/1.1 Accept: / Referer: http://speedm.qq.com/web201712/main.shtml Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: ossweb-img.qq.com Connection: Keep-Alive
URL专业沙箱检测 -> http://ossweb-img.qq.com/images/js/PTT/ping_tcss_tgideas_https_min.js	GET /images/js/PTT/ping_tcss_tgideas_https_min.js HTTP/1.1 Accept: / Referer: http://speedm.qq.com/web201712/main.shtml Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: ossweb-img.qq.com Connection: Keep-Alive
URL专业沙箱检测 -> http://ossweb-img.qq.com/images/clientpop/js/tgadshow.min.js	GET /images/clientpop/js/tgadshow.min.js HTTP/1.1 Accept: / Referer: http://speedm.qq.com/web201712/main.shtml Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: ossweb-img.qq.com Connection: Keep-Alive
URL专业沙箱检测 -> http://game.qq.com/time/qqadv/Info_new_15862.js?v=1521748207818	GET /time/qqadv/Info_new_15862.js?v=1521748207818 HTTP/1.1 Accept: / Referer: http://speedm.qq.com/web201712/main.shtml Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: game.qq.com Connection: Keep-Alive
URL专业沙箱检测 -> http://ossweb-img.qq.com/images/js/comm/showDialog.min.js	GET /images/js/comm/showDialog.min.js HTTP/1.1 Accept: / Referer: http://speedm.qq.com/web201712/main.shtml Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: ossweb-img.qq.com Connection: Keep-Alive
URL专业沙箱检测 -> http://ossweb-img.qq.com/upload/adw/image/20180620/c1e7dd0243b322aeff036463bbf43c92.png	GET /upload/adw/image/20180620/c1e7dd0243b322aeff036463bbf43c92.png HTTP/1.1 Accept: / Referer: http://speedm.qq.com/web201712/main.shtml Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: ossweb-img.qq.com Connection: Keep-Alive
URL专业沙箱检测 -> http://apps.game.qq.com/eas/comm/eas.php?m=SendLog&show_ads=15862.20268..426754\|15862.20267..420066\|15862.20266..424918\|15862.20265..427120\|15862.20307..426633\|15862.20306..427366\|15862.20305..426635\|15862.20304..423517&click_type=1&t=1521748810265	GET /eas/comm/eas.php?m=SendLog&show_ads=15862.20268..426754\|15862.20267..420066\|15862.20266..424918\|15862.20265..427120\|15862.20307..426633\|15862.20306..427366\|15862.20305..426635\|15862.20304..423517&click_type=1&t=1521748810265 HTTP/1.1 Accept: / Referer: http://speedm.qq.com/web201712/main.shtml Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: apps.game.qq.com Connection: Keep-Alive
URL专业沙箱检测 -> http://ossweb-img.qq.com/upload/adw/image/20180718/7e550cab6df64bb0267500e7b1554cbf.png	GET /upload/adw/image/20180718/7e550cab6df64bb0267500e7b1554cbf.png HTTP/1.1 Accept: / Referer: http://speedm.qq.com/web201712/main.shtml Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: ossweb-img.qq.com Connection: Keep-Alive
URL专业沙箱检测 -> http://ams.qq.com/wmp/data/js/PAGE_WMP_BIZ_TYPE.js	GET /wmp/data/js/PAGE_WMP_BIZ_TYPE.js HTTP/1.1 Accept: / Referer: http://speedm.qq.com/web201712/main.shtml Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: ams.qq.com Connection: Keep-Alive Cookie: pgv_info=ssid=s9596002926; pgv_pvid=4429961520
URL专业沙箱检测 -> http://ams.qq.com/wmp/sys/v3.0/js/wmpCommon_v3.js	GET /wmp/sys/v3.0/js/wmpCommon_v3.js HTTP/1.1 Accept: / Referer: http://speedm.qq.com/web201712/main.shtml Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: ams.qq.com Connection: Keep-Alive Cookie: pgv_info=ssid=s9596002926; pgv_pvid=4429961520
URL专业沙箱检测 -> http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH	GET /rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.globalsign.com
URL专业沙箱检测 -> http://crl.globalsign.net/root.crl	GET /root.crl HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: crl.globalsign.net
URL专业沙箱检测 -> http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl	GET /gs/gsorganizationvalsha2g2.crl HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: crl.globalsign.com
URL专业沙箱检测 -> http://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDFwTjfXBZQkSUH%2B3ig%3D%3D	GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDFwTjfXBZQkSUH%2B3ig%3D%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp2.globalsign.com
URL专业沙箱检测 -> http://app.ingame.qq.com/php/ingame/digg/servertime.php	GET /php/ingame/digg/servertime.php HTTP/1.1 Accept: / Referer: http://speedm.qq.com/web201712/main.shtml Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: app.ingame.qq.com Connection: Keep-Alive Cookie: pgv_info=ssid=s9596002926; pgv_pvid=4429961520
URL专业沙箱检测 -> http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH	GET /rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.globalsign.com
URL专业沙箱检测 -> http://vm.gtimg.cn/tencentvideo/txvlive/2017/txvlive.js	GET /tencentvideo/txvlive/2017/txvlive.js HTTP/1.1 Accept: / Referer: http://speedm.qq.com/web201712/main.shtml Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: vm.gtimg.cn Connection: Keep-Alive
URL专业沙箱检测 -> http://game.gtimg.cn/images/speedm/web201712/js/index.js?d=0420	GET /images/speedm/web201712/js/index.js?d=0420 HTTP/1.1 Accept: / Referer: http://speedm.qq.com/web201712/main.shtml Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: game.gtimg.cn Connection: Keep-Alive
URL专业沙箱检测 -> http://crl.microsoft.com/pki/crl/products/tspca.crl	GET /pki/crl/products/tspca.crl HTTP/1.1 Cache-Control: max-age = 900 Connection: Keep-Alive Accept: / If-Modified-Since: Sat, 24 May 2014 05:04:54 GMT If-None-Match: "8ab194b3d77cf1:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: crl.microsoft.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp	Source IP	Source Port	Destination IP	Destination Port	Version	Issuer	Subject	Fingerprint
2018-07-20 20:41:05.881986+0800	192.168.122.201	61646	183.3.225.118	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=CN, ST=guangdong, L=shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=pingfore.qq.com	e6:33:72:c2:b7:40:e4:9d:33:5a:de:2b:d1:88:2a:67:1a:4a:ba:09
2018-07-20 20:41:05.888772+0800	192.168.122.201	61647	183.3.225.118	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=CN, ST=guangdong, L=shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=pingfore.qq.com	e6:33:72:c2:b7:40:e4:9d:33:5a:de:2b:d1:88:2a:67:1a:4a:ba:09

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

文件名	milo[1].js
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\milo[1].js
文件大小	60987 字节
文件类型	ISO-8859 text, with very long lines
MD5	7cbd1606a4325ab2c2086527197b32ce
SHA1	17f127f1f35baa30a0f2f40f117ddda66ebfda0e
SHA256	b44a2b48c2736aaf32dc4dc0c65befcef5451f8f80b9dee64a8e2ba93e520f79
CRC32	E52CBC41
Ssdeep	1536:jLItzTvqenJTOhftnl3U6nxBxEZYntT4K:jLItzTvqKTOhftnl3U6rPJ4K
Yara	Rule to detect the presence of an or several urls Rule to detect the no presence of any attachment Rule to detect the no presence of any image Looks for big numbers 32:sized
	下载提交魔盾安全分析

文件名	index[1].js
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\index[1].js
文件大小	24959 字节
文件类型	ISO-8859 text
MD5	1be307a5f9943588ae7a6180ee119c72
SHA1	290f2ea758a4c5a025466fe101a7101cd6dedff8
SHA256	44725805622ca02e64d16e30bf2f62c2544043f340fbfe22475137ac76ea7013
CRC32	E76E02A8
Ssdeep	384:RTr1ZrsxW6eVkvRJ3WT7DATmWLT9mcJqKTHzjjoPDMPebMgqeqGAe:RTZZrsFH1ze
Yara	Rule to detect the no presence of any url Rule to detect the no presence of any attachment Rule to detect the no presence of any image
	下载提交魔盾安全分析

文件名	servertime[1].htm
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\servertime[1].htm
文件大小	41 字节
文件类型	ASCII text, with no line terminators
MD5	429068d7a87733942594507425ee2234
SHA1	e0637e7cfa15a0d396562081c6a946491bc7400a
SHA256	e61551b00bccb3b19147b705b68fa0b705449e7e390c4210a5a40a817549c22c
CRC32	7C387ED5
Ssdeep	3:qP4I4L8Td:qP4I4LCd
Yara	Rule to detect the no presence of any url Rule to detect the no presence of any attachment Rule to detect the no presence of any image
	下载提交魔盾安全分析显示文本
var json_curdate = '2018-07-20 20:41:06';

文件名	test@speedm.qq[2].txt
相关文件	C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\test@speedm.qq[2].txt
文件大小	198 字节
文件类型	ASCII text
MD5	0deb703da52d4d8054df6473865e13b2
SHA1	6eb97a31afb6af510e8331e6deb07d19982b987a
SHA256	4019f0ea8efc33a93f2ef08bfc44d21ad6e76179d1b3af08aad0e5fdfd67a4df
CRC32	03CE0D99
Ssdeep	6:aAEts+4Vd15+4YRwyg+OSE6bI4Vdonq0Mgyn:nW+l5pYRJ3njYnlMZn
	下载提交魔盾安全分析显示文本
PTTuserFirstTime 1521749406398 speedm.qq.com/ 1088 1037476608 30728427 3310132704 30655001 * ts_last speedm.qq.com/web201712/main.shtml speedm.qq.com/ 1088 4126283520 30655005 3310292704 30655001 *

文件名	test@speedm.qq[1].txt
相关文件	C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\test@speedm.qq[1].txt
文件大小	93 字节
文件类型	ASCII text
MD5	122c3943ed6ab886cd209beb14b0508c
SHA1	a66abe3b5afe26e67ec7f159069f9a6e350f22a4
SHA256	47cba55592eff597512a5030e796b697e2ee3edb988d91bef73f8063c942f4a9
CRC32	43645819
Ssdeep	3:1QHgGBts+giUVdtXVT3O4DXSvRwDVyn:aAEts+4Vd15+4YRwyn
	下载提交魔盾安全分析显示文本
PTTuserFirstTime 1521749406398 speedm.qq.com/ 1088 1037476608 30728427 3310132704 30655001 *

文件名	tgadshow.min[1].js
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\tgadshow.min[1].js
文件大小	30853 字节
文件类型	UTF-8 Unicode text, with very long lines, with no line terminators
MD5	51edfaac61281b700ffdef3ff5f2c4c1
SHA1	ad5e9991e800522e758177b18785046abbd5e508
SHA256	c7d1962e82a0505670f49ca2e5bb59eea4e0a22fc94c483a6b58af63885f2e06
CRC32	2CCBBD55
Ssdeep	768:klnRgQyVo552lF8fWxpkqnMOItEMyAFyuX0dVVTOQOoMN4r0f3/KCt9Xr53ZPDrB:klnRgdVo552lF8fWxpkqnMOItEMyAFyq
Yara	Rule to detect the no presence of any url Rule to detect the no presence of any attachment Rule to detect the no presence of any image
	下载提交魔盾安全分析显示文本
var NewADsShowSwitch=function(){var e=["yl","codo","dnf","x52","cf","bns","nz","speed","x5","smoba","mpt2.tgideas","speedm","castleclash"],t=location.protocol,n=[t+"//codol.qq.com/main.shtml",t+"//yl.qq.com/main.shtml",t+"//dnf.qq.com/main.shtml",t+"//dnf.qq.com/maintest.shtml",t+"//cf.qq.com/maintest_idata.shtml",t+"//cf.qq.com/main.shtml",t+"//cf.qq.com/act/a20160520ntcls/index.htm",t+"//codol.qq.com/main_m.shtml",t+"//nz.qq.com/main.shtml",t+"//bns.qq.com/m/",t+"//bns.qq.com/index.shtml",t+"//bns.qq.com/main.shtml",t+"//bns.qq.com/cp/a20160511bnsyx/index.htm",t+"//bns.qq.com/act/a20161104community/index_bk.html",t+"//bns.qq.com/act/a20161104community/index.html",t+"//speed.qq.com/home/client_gg_2015.html",t+"//speed.qq.com/home/client_2012.shtml",t+"//speed.qq.com/home/client_newsbox.htm",t+"//x5.qq.com/main.shtml",t+"//nz.qq.com/m/index.shtml",t+"//nz.qq.com/m/",t+"//nz.qq.com/client/ntcls/index.shtml",t+"//nz.qq.com/act/a20170518idataroll/index.shtml",t+"//nz.qq.com/client/ntcls/community.shtml",t+"//5s.qq.com/main.shtml",t+"//5s.qq.com/cp/a20161226gift/index.htm",t+"//5s.qq.com/m/",t+"//5s.qq.com/m/index.shtml",t+"//pvp.qq.com/ingame/cultural/index.shtml",t+"//pvp.qq.com/ingame/cultural/index_2.shtml",t+"//game.open.qq.com/"],a=function(){var e=location.hostname.replace(".qq.com","");return"sm"==e&&(e="smite"),"5s"==e&&(e="x52"),"eafifa"==e&&(e="fifa"),"codol"==e&&(e="codo"),"mho"==e&&(e="mh"),"pvp"==e&&(e="smoba"),"game.open"==e&&(e="castleclash"),e};return{isGrayServiceFunc:function(){var t=a();for(var n in e)if(!isNaN(n)&&e[n]==t)return!0;return!1},isGrayUrlFunc:function(){var e=a();if("mpt2.tgideas".indexOf(e)>=0)return turn;if(-1!=(i=location.href.indexOf("?")))var t=location.href.slice(0,i);else t=location.href;t=t.replace(/(#$)/g,"");for(var i in n)if(!isNaN(i)&&n[i]==t)return!0;return!1}}}();if(NewADsShowSwitch.isGrayServiceFunc()&&NewADsShowSwitch.isGrayUrlFunc()){var start=new Date,AdsShowEngine=function(){var e=document,t=1new Date,n="",a=0,i=navigator.userAgent.toLowerCase(),r=-1!=i.indexOf("m <truncated>

文件名	C8E7EC0C85688F4738F3BE49B104BA67
相关文件	C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E7EC0C85688F4738F3BE49B104BA67
文件大小	186 字节
文件类型	data
MD5	18366ecda35dbd5656c377ced30ac8e5
SHA1	2ad7026027e923cfc3ac7064b3fad6585dfa9e30
SHA256	d5cead2f3eb1c4d3f9fda3f8cce7428109308e2aa71390d74c9b2ecfaca03235
CRC32	D5BC8ADA
Ssdeep	3:kkFklboGt/fllXlE/lPsWkxmllhlR8rHelJlWlLltDBQkRlGl1j:kKrCCP79lb1pWhlQeGl1j
	下载提交魔盾安全分析

文件名	comm[1].css
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\comm[1].css C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\comm[2].css
文件大小	44034 字节
文件类型	ISO-8859 text
MD5	d2e31a32b3da31a5584ed82ff9d9688d
SHA1	b114a45d5294face32dd838d141276b6dbee23ca
SHA256	b5260a3d7cb0777d5fa2ae716f41825486a37626f64bc78d6f41c8fa0e12a680
CRC32	80545E6D
Ssdeep	384:AAMRjl5G+zC+UHrpb0jwsMhIAwW6OzAuJtmp9EiiLRo6fWn1NA7zo8vs:dMRjl58+Io7RZp9+Lu6fEqzo8U
	下载提交魔盾安全分析

文件名	C8E7EC0C85688F4738F3BE49B104BA67
相关文件	C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E7EC0C85688F4738F3BE49B104BA67
文件大小	782 字节
文件类型	data
MD5	68edb8020358fdf6cd6e9326ae0a56ea
SHA1	c670d3b42032d6fc84d2fb3a62bcb4758ac8e8ab
SHA256	e8c4c782792dfd4f9f38910de1ae0d62c077594e1051f2d8cd715e2a8c1af228
CRC32	20EF5177
Ssdeep	12:9gKD81n9E1PcyI2bMAHGA3qRIDIMRwNmRJPFRzEQ4h5+:5cuPc32bMAHGA6yveNijp++
	下载提交魔盾安全分析

文件名	eas[1].php
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\eas[1].php
文件大小	65 字节
文件类型	ASCII text, with CRLF line terminators
MD5	f86496a245e1c4e13f141b2f2d45411c
SHA1	00557fb5fdfdbefec925bb35e325d61f5bb49523
SHA256	f884482eda12deb90a537da97802aea56a334753ca51f4548a98bca657305838
CRC32	81746FEA
Ssdeep	3:BKi2iFDzcHfbsJByY:BKiafoJBL
	下载提交魔盾安全分析显示文本
window['SendLog_RES'] = {"ret_code":"0","msg":"OK","data":null}

文件名	A053CFB63FC8E6507871752236B5CCD5_32F048AD2E4451714E7C5ECBA57AE4F6
相关文件	C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A053CFB63FC8E6507871752236B5CCD5_32F048AD2E4451714E7C5ECBA57AE4F6
文件大小	536 字节
文件类型	data
MD5	043b20fa210b241f4aaf04dd70128040
SHA1	731fdbaca6378417ae0c0ca8ec23773a91128fd0
SHA256	3257f3aada9de4610e2fd2b9a86ebce7263a363be6bf29f799b6b42db2a5e6dd
CRC32	E418FF9B
Ssdeep	12:rDIwmBJWzf8ClDC3bgLzK8sFFyOJQlUsyqEvMS3P3dCli/:HILJgEme3ELmvPyOJQ610Slz
	下载提交魔盾安全分析

文件名	showDialog.min[1].js
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\showDialog.min[1].js
文件大小	7728 字节
文件类型	ASCII text, with very long lines
MD5	b0027c0185e89d966882de8820f416c9
SHA1	4ccf5bc6ca9a1197dd17ded0a97ff7a27326e522
SHA256	f5e3504a8bed73af11488386406f5023412b0bf6bb3bb5e216f851641ec0f644
CRC32	90C4CD85
Ssdeep	192:AxoA4pDmHfrR7WZT5zvj71RCRK5W66IIHVUYd1rPV/vOZVdq2aZLH51:ASzlTFv/aRK5W66IIHVUYvrV/SVdZapH
Yara	Rule to detect the presence of an or several urls Rule to detect the no presence of any attachment Rule to detect the no presence of any image Looks for big numbers 32:sized
	下载提交魔盾安全分析显示文本
/ @author:xylonhuang http://www.m.com/d/?p=313 @update:2013.9.10 @version:v1.2.6 / showDialog=(function(){var j=[],objIfrBg,eMsgClose,fixOverlay,fixIECenter,objOverLay,hasOverlay,longPop=false,NU=navigator.userAgent,NA=navigator.appVersion,isIE=((NU.indexOf('MSIE')==-1)?false:true),isIE6=(/MSIE 6.0/ig.test(NA)),isIE9=(/MSIE 9.0/ig.test(NA)),isCHROME=(NU.indexOf('chrome')==-1),objWin=window,objDoc=document,objBody=objDoc.body,objDel=objDoc.documentElement,sIframeId='_PopupIframe_',sPopupMsgId='_PopupMsg_',sOverLayId='_overlay_';function gEl(e){return(typeof(e)==='object')?e:objDoc.getElementById(e)}function setOpacity(e,a){e.style.opacity=a/100;e.style.filter='alpha(opacity='+a+')';if(isIE)e.style.zoom=1}function setStyle(e,a){var i;for(i in a){e.style[i]=a[i]}}function getStyle(e,a){var b=(typeof objDoc.defaultView=='function')?objDoc.defaultView():objDoc.defaultView,s;if(b&&b.getComputedStyle){s=b.getComputedStyle(e,null);return s&&s.getPropertyValue(a)}return(e.currentStyle&&(e.currentStyle[a]\|\|null)\|\|null)}function getPageHeight(){var h=(objWin.innerHeight&&objWin.scrollMaxY)?(objWin.innerHeight+objWin.scrollMaxY):(objBody.scrollHeight>objBody.offsetHeight?objBody.scrollHeight:objBody.offsetHeight);return Math.max(h,objDel.scrollHeight)}function getPageWidth(){return(objWin.innerWidth&&objWin.scrollMaxX)?(objWin.innerWidth+objWin.scrollMaxX):(Math.max(objBody.scrollWidth,objBody.offsetWidth))}function getWinHeight(){return(objWin.innerHeight)?objWin.innerHeight:(objDel&&objDel.clientHeight)?objDel.clientHeight:objBody.offsetHeight}function getWinWidth(){return(objWin.innerWidth)?objWin.innerWidth:(objDel&&objDel.clientWidth)?objDel.clientWidth:objBody.offsetWidth}function getMaxH(){var a=getPageHeight(),wh=getWinHeight();return Math.max(a,wh)}function getMaxW(){var a=getPageWidth(),ww=getWinWidth();return Math.max(a,ww)}function addEvent(a,b,c,d){a.addEventListener?a.addEventListener(b,c,d):a.attachEvent("on"+b,c)}function removeEvent(a,b,c,d){a.removeEventListener?a.removeEventListener(b,c,d):a.detachEven <truncated>

文件名	PAGE_WMP_BIZ_TYPE[1].js
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\PAGE_WMP_BIZ_TYPE[1].js
文件大小	1067 字节
文件类型	ASCII text, with very long lines, with no line terminators
MD5	60ca395c4d81ea7f0dc7087224b68ede
SHA1	5b1084b2af1c4180244641f8571d4ef20341eefa
SHA256	a3507a9037dac8cf60e81df1491ff24641fe4d5d5336985d688e7472c0f74abe
CRC32	9D1D19EB
Ssdeep	24:jN7SEAXvFcWvFI+pAZGo+ZHNSmUtFndCBVH30x85mUkCUo:jp69BvF3EiHN9yFdkH3nlkCJ
Yara	Rule to detect the no presence of any url Rule to detect the no presence of any attachment Rule to detect the no presence of any image
	下载提交魔盾安全分析显示文本
var BizTypeInfo={"status":"0","msg":{"1":"cf","2":"sm","3":"lol","4":"age","5":"bns","6":"codol","7":"dnf","8":"speed","9":"nba2k","10":"wt","11":"stg","13":"mhzx","14":"nz","15":"jf","16":"moba","18":"pvp","19":"yl","20":"feiji","21":"mho","22":"wuxia","24":"mx","25":"hyrz","26":"xlx","27":"tgl","28":"nfsol","29":"huoying","30":"ds","31":"poe","32":"x5","34":"cfm","35":"eafifa","36":"sg","37":"pao","38":"3vs3","39":"she","40":"hbp","41":"dn","42":"qhyx","44":"qqxy","45":"tfol","47":"hdl","48":"mxd2","49":"ep","51":"zhetianji","65":"slg","66":"mv2","67":"rf","68":"bsw","69":"nextjp","70":"speedm","71":"cfw","72":"tps","73":"ffom","74":"cjm","75":"yxtt","76":"clqs","77":"pubgm","78":"pubg","79":"fn","80":"pdspeedm","81":"yrzx","82":"djclol","83":"kofmy","84":"x5m","85":"3new","86":"pdjxqy","87":"gwgo","88":"jxqy","89":"rl","90":"h1z1","92":"sgxq","93":"ffm","94":"ysyy","95":"qjnn","96":"moli","97":"pdysyy","98":"666","99":"hlddz","100":"mt4","101":"ym","102":"hyrzol","103":"football","104":"cfhd","105":"djwk","106":"kok","107":"raz","108":"hongjing"}};

文件名	26FAECAB15AD715CB7849E2211F9473B
相关文件	C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\26FAECAB15AD715CB7849E2211F9473B
文件大小	134005 字节
文件类型	data
MD5	6db551e5eaee1cacaf4bc97822a6d895
SHA1	53ce0a06f19cab55230fd76b368092ac023bf0c6
SHA256	a0d58c3cac9f40f518a2633ccb44fec8933e4930f917ae8cef3a6d4e2708373e
CRC32	E8E5247C
Ssdeep	1536:pCyZYpapfAkVAbpY9oFWkKAnypmhkENRu34GI7hQvuS9IcVf:HWkye2Ykp7hkEO3F/xf
	下载提交魔盾安全分析

文件名	A053CFB63FC8E6507871752236B5CCD5_32F048AD2E4451714E7C5ECBA57AE4F6
相关文件	C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A053CFB63FC8E6507871752236B5CCD5_32F048AD2E4451714E7C5ECBA57AE4F6
文件大小	1570 字节
文件类型	data
MD5	8a5f547d45b40b52ece58b703539a9b7
SHA1	c208f84d261496b323b5ee5edf4e889f815c7681
SHA256	a8f8715eb6d52b2687405b1b5d8115cfdf249dc1eb0dfcdb8069835e34b7ce61
CRC32	212927D4
Ssdeep	24:CEqq/vKJvxA0ezM3UAxBtZXABK76KBgY6kZ9qBeeCpXsAxOsYPMrIRjIPkRUcG++:xq+KNxFezM3r4BCdfjSwIRzVU4C
	下载提交魔盾安全分析

文件名	txvlive[1].js
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\txvlive[1].js
文件大小	119033 字节
文件类型	UTF-8 Unicode text, with very long lines
MD5	747140f809a589cfa814aa2338526fc7
SHA1	de8521220b41cb3e7a813b517addf5698e3dcdcf
SHA256	e81416d973e0ed3518b8ea3699dffd99cb23fef439fdca9f074b48e768c9c949
CRC32	7CE10839
Ssdeep	1536:Ea+oP3ZMD5NadAzB6NVrhPuPl4aBQmExiyT8Cc4t4:lP34Na+wTMwxiyi
Yara	Rule to detect the presence of an or several urls Rule to detect the no presence of any attachment Rule to detect the presence of an or several images Look for Base64 table
	下载提交魔盾安全分析显示文本
/! tencent video live player Copyright (c) 2018 Powered by Tencent-Video Web Front End Team Update: Mon Jun 25 2018 19:51:13 GMT+0800 (\xe4\xb8\xad\xe5\x9b\xbd\xe6\xa0\x87\xe5\x87\x86\xe6\x97\xb6\xe9\x97\xb4) / !function(t){function e(n){if(i[n])return i[n].exports;var o=i[n]={i:n,l:!1,exports:{}};return t[n].call(o.exports,o,o.exports,e),o.l=!0,o.exports}var n=window.txvlive_webpackjsonp;window.txvlive_webpackjsonp=function(i,r,a){for(var s,c,l,u=0,p=[];u<i.length;u++)c=i[u],o[c]&&p.push(o[c][0]),o[c]=0;for(s in r)Object.prototype.hasOwnProperty.call(r,s)&&(t[s]=r[s]);for(n&&n(i,r,a);p.length;)p.shift()();if(a)for(u=0;u<a.length;u++)l=e(e.s=a[u]);return l};var i={},o={42:0};e.m=t,e.c=i,e.d=function(t,n,i){e.o(t,n)\|\|Object.defineProperty(t,n,{configurable:!1,enumerable:!0,get:i})},e.n=function(t){var n=t&&t.__esModule?function(){return t["default"]}:function(){return t};return e.d(n,"a",n),n},e.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},e.p="",e.oe=function(t){throw console.error(t),t},e(e.s=137)}([function(t,e,n){"use strict";t.exports=function(t){return-1==document.location.toString().indexOf("debug=1")?function(){}:(t=t?"["+t+"]":"",function(){if("undefined"!=typeof window.console&&console.log&&console.log.apply){var e=["[Txvlive]"+t];console.log.apply(console,e.concat([].slice.call(arguments,0)))}})}},function(t,e,n){"use strict";t.exports={jsBasePath:"//vm.gtimg.cn/tencentvideo/txvlive/2017/",jsBasePath_comb:"//vm.gtimg.cn/c/=/tencentvideo/txvlive/2017/",h5PlayerStyleUrl:{html5:"//vm.gtimg.cn/tencentvideo/txp/style/txp_desktop_live.css",m_html5:"//vm.gtimg.cn/tencentvideo/txp/style/txp_mobile_live.css",barrage:"//vm.gtimg.cn/tencentvideo/txp/style/txp_barrage.css"},mainLoopInterval:200,MAX_RETRY_GETINFO:3,PLAYER_TYPE:{XUEYUAN:4,CHRISTMAS:5,VERIFY:50,SPORTS:100},LIVE_STATUS:{READY:1,PLAYING:2,OVER:3},GETINFO_TYPE:{DEFN:"changedefn",STREAM_ERR:"retryWhenStreamError",BUFFER_ERR:"retryWhenBuffer",PLAY_BACK:"playback"},AD:{QIAN_TIE:"QT"},FLOWLINE_STATUS:{END:"end",WAIT:"wait",PLAY:"play",INIT:"init"},PLAYER_STATUS:{START:"start",START_LOAD_A <truncated>

文件名	index.dat
相关文件	C:\Users\test\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
文件大小	262144 字节
文件类型	Internet Explorer cache file version Ver 5.2
MD5	fbe6ba880d1f6cadfd771536120f2c73
SHA1	34b1a30160c6c7675a5c69b62d98661ab7a494bb
SHA256	a2cdabb3fc43f2e94ca47fac764eea7819768bdf094690a6369be41fc4a5fd01
CRC32	E94B92FD
Ssdeep	768:pFFwZHojCtOlWNw3nsiMsieuugxdKOri:rFwZIjCtkWm3siMbeuugxdKoi
	下载提交魔盾安全分析

文件名	ping_tcss_tgideas_https_min[1].js
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\ping_tcss_tgideas_https_min[1].js
文件大小	30478 字节
文件类型	C source, ASCII text, with very long lines, with CRLF line terminators
MD5	96ee3b5ec9db48a43fa52efb94db7f24
SHA1	bc0b4a49a2696384b3b5c5e226358e1a4da214f8
SHA256	206d42785c47c442dd48be10d56b854b59a7ff1d41f948c4875f125eab322e70
CRC32	7805B60A
Ssdeep	768:qYarzK37ww/xTnWeZPknaGa12bLfkz/ISl7u7TIdm5:qYAK9RbsxbLfkzNl7u7TI+
Yara	Rule to detect the presence of an or several urls Rule to detect the no presence of any attachment Rule to detect the no presence of any image
	下载提交魔盾安全分析显示文本
(function(){function h(b){this.url=[];this.init(b)}var l,m,r,f,x,y,n,E,p,v,u,B,C=0,D=0;_ver="tcss.3.2.1";window.Tcss={};var w="function"==typeof tracert&&"function"==typeof pgvGetColumn&&"function"==typeof pgvGetTopic&&"function"==typeof pgvGetDomainInfo&&"function"==typeof pgvGetRefInfo;if("undefined"==typeof q)var q=1;h.prototype={init:function(b){b?f=b:f={};l=document;if(!f.statIframe&&window!=top)try{l=top.document}catch(a){}"undefined"==typeof l&&(l=document);m=l.location;r=l.body;w&&(Tcss.d= l,Tcss.l=m);v=[];u=[];B=[]},PTTInfo:function(){window.PTTRun=new PTT;PTTRun.virtualURL=this.getDomainInfo().replace(/dm=\|&url=/g,"");var b=[];b.push("pttplat="+PTTRun.plat);b.push("pttsitetype="+(PTTRun.project?PTTRun.project:"")+PTTRun.siteType);b.push("pttpagetype="+PTTRun.pageType);b.push("pttpagename="+encodeURIComponent(PTTRun.pageName));var a=b.join("&").trimAll();console.log(decodeURI(b.join(";\n")));return a},run:function(){var b=(new Date).getTime();var a=escape(this.PTTInfo());k.init(); this.url.push(this.getDomainInfo());this.coverCookie();k.setCookie("ssid");k.save();this.url.unshift("https://pingfore."+this.getCookieSetDomain(x)+"/pingd?");this.url.push(this.getRefInfo(f));try{navigator.cookieEnabled?this.url.push("&pvid="+k.setCookie("pgv_pvid",!0)):this.url.push("&pvid=NoCookie")}catch(d){this.url.push("&pvid=NoCookie")}this.url.push(this.getMainEnvInfo());this.url.push(this.getExtendEnvInfo());Tcss.pgUserType="";if(f.pgUserType\|\|f.reserved2){var c=f.pgUserType\|\|f.reserved2; c=escape(c.substring(0,256));Tcss.pgUserType=c;B.push("pu="+Tcss.pgUserType)}w&&(pgvGetColumn(),pgvGetTopic(),this.url.push("&column="+Tcss.column+"&subject="+Tcss.subject),tracert());this.url.push("&vs="+_ver);k.setCookie("ts_uid",!0);c=(new Date).getTime();v.push("tm="+(c-b));C&&v.push("ch="+C);this.url.push("&ext="+a);this.url.push("&hurlcn="+escape(u.join(";")));this.url.push("&rand="+Math.round(1E5*Math.random()));"undefined"==typeof _speedMark?this.url.push("&reserved1=-1"):this.url.push("&reserved1="+ (new D <truncated>

文件名	ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
相关文件	C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
文件大小	492 字节
文件类型	data
MD5	dfbd80bf965731f58ff96a97142ce6b3
SHA1	995e21d7b345312410bfc6101845155ebeb8a75b
SHA256	cbb3f326d44acc2e8c99249154fd8568b64c366e97ddda3bf9d322cef2882e39
CRC32	6714F3B5
Ssdeep	12:JH7DWzF0Y1oOkksFyR7uE9SsAUOlJC+A4y6b:Z7DgF0WoLnYRd8JUKY+Vyu
	下载提交魔盾安全分析

文件名	26FAECAB15AD715CB7849E2211F9473B
相关文件	C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\26FAECAB15AD715CB7849E2211F9473B
文件大小	230 字节
文件类型	data
MD5	4536bf9ec0e17c49664627cf2d16cd18
SHA1	1711c4852204d43f3e47484df229b4e71c919f15
SHA256	a68e26fd466e976b6133b3103a84fa6c4d41a2b400e941755fe67c0635e830b4
CRC32	591C4345
Ssdeep	3:kkFklrrlvtbmVXeusl/1ll5JuEsl/kElWZhD8rHelJlWlLltUKlrlC4Cg9lDxElV:kKQ2eVgxIh1pWhliKxlCPiRxElDC3g1j
	下载提交魔盾安全分析

文件名	Info_new_15862[1].js
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\Info_new_15862[1].js
文件大小	4532 字节
文件类型	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	8e6d95312c40a6c7f544eae0bd11cc34
SHA1	8773adf7797238096ea30926ade4e239a176307e
SHA256	845deb9751f73191551818dc13e5829e59aaee0a16416df720351e745acd9212
CRC32	EDF3654E
Ssdeep	96:JFQaLUgae3HasQtYz8qX7C/3XBpoNF+YV3Exwn:JFdUtezpz8K63bIYYBEq
Yara	Rule to detect the presence of an or several urls Rule to detect the no presence of any attachment Rule to detect the presence of an or several images Looks for big numbers 32:sized
	下载提交魔盾安全分析

文件名	jquery-1.11.3.min[1].js
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\jquery-1.11.3.min[1].js
文件大小	96003 字节
文件类型	ASCII text, with very long lines
MD5	e5b4ae00e32abefc7be2d4e6966622c7
SHA1	5987ceeb36e7928fe3e885a9daa795b0803c2500
SHA256	f9f04f71102b0daa6265c05e2a8b1f3e03e49c1a6496c26c34f9cec0b0dc70e4
CRC32	E14CABEA
Ssdeep	1536:OP10iSi65U/dXXeyhzeBuG+HYE0WEeLDFoNqLTW8+S5VRZIVI6xSb8xh2ZbQnRmY:R+41ZqLTW8xRrqSb8qGH77da98HrP
Yara	Rule to detect the no presence of any url Rule to detect the no presence of any attachment Rule to detect the no presence of any image Looks for big numbers 32:sized
	下载提交魔盾安全分析显示文本
/! jQuery v1.11.3 \| (c) 2005, 2015 jQuery Foundation, Inc. \| jquery.org/license / !function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l="1.11.3",m=function(a,b){return new m.fn.init(a,b)},n=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,o=/^-ms-/,p=/-([\da-z])/gi,q=function(a,b){return b.toUpperCase()};m.fn=m.prototype={jquery:l,constructor:m,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=m.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return m.each(this,a,b)},map:function(a){return this.pushStack(m.map(this,function(b,c){return a.call(b,c,b)}))},slice:function(){return this.pushStack(d.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(a){var b=this.length,c=+a+(0>a?b:0);return this.pushStack(c>=0&&b>c?[this[c]]:[])},end:function(){return this.prevObject\|\|this.constructor(null)},push:f,sort:c.sort,splice:c.splice},m.extend=m.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]\|\|{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments[h]\|\|{},h++),"object"==typeof g\|\|m.isFunction(g)\|\|(g={}),h===i&&(g=this,h--);i>h;h++)if(null!=(e=arguments[h]))for(d in e)a=g[d],c=e[d],g!==c&&(j&&c&&(m.isPlainObject(c)\|\|(b=m.isArray(c)))?(b?(b=!1,f=a&&m.isArray(a)?a:[]):f=a&&m.isPlainObject(a)?a:{},g[d]=m.extend(j,f,c)):void 0!==c&&(g[d]=c));return g},m.extend({expando:"jQuery"+(l+Math.random()).replace(/\D/g,""),isReady:!0,error:function(a){throw new Error(a)},noop:function(){},isFunction:function(a){return"function"===m.type(a)},isArray:Array.isArray\|\|function(a){return"array"===m.type(a)},isWindow: <truncated>

文件名	MSIMGSIZ.DAT
相关文件	C:\Users\test\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
文件大小	16384 字节
文件类型	data
MD5	133feee5310e20e4ba94e459bae8b3e4
SHA1	3683dd609fb29ed26d3f41f0f943914d29b6ffae
SHA256	7cbd32f4a41694695e78f9ac3af6fe2e8afca7dc966f7904fa498269572d68b6
CRC32	4F400BC6
Ssdeep	48:jGQhN7sXHWrVmqESaakad5PIy+9/8JrcVjdS6gPdY4z7el:CBXHbbSrka5PIL8mJdcPzz76
	下载提交魔盾安全分析

文件名	wmpCommon_v3[1].js
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\wmpCommon_v3[1].js
文件大小	57447 字节
文件类型	ISO-8859 text
MD5	6630d62ab74a089d7a4f2050a0b03f8b
SHA1	b5fb85a08dfa06653e187c12e1a9c5b5aea0e337
SHA256	bcee9c45367ed1f660704485cb38bdb3aba5daeb379fb094734bc76ea98df7f9
CRC32	1494FBD0
Ssdeep	768:9FAw+PtnaaaChqSgSL5IgENSFLUW/lIJw8BWBeuDXtnqgD+/uihZzUcmSlR0w:shqUlqga2iD9lRN
Yara	Rule to detect the no presence of any url Rule to detect the no presence of any attachment Rule to detect the no presence of any image Looks for big numbers 32:sized
	下载提交魔盾安全分析

文件名	ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
相关文件	C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
文件大小	1517 字节
文件类型	data
MD5	298f7e34f4439111d26e529cdd889b49
SHA1	cee17e2ffbd228f21631b0806d4867bf54f8494b
SHA256	083cc4e015161e2bce0b57923c2ea23a5ba6fb67af627d6e2e6709e8d46497c6
CRC32	5E90BCD2
Ssdeep	24:caPBLNYrqd6GSSSPcub/NcK78SgeqruWVyV9chA8QIcs:ZPB5uq4GSSSPcu7NZ81uv9fIL
	下载提交魔盾安全分析

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 53.548 seconds )

21.351 NetworkAnalysis
11.317 VirusTotal
7.365 Suricata
6.298 Dropped
2.525 Static
2.163 TargetInfo
1.988 BehaviorAnalysis
0.324 peid
0.197 AnalysisInfo
0.012 Strings
0.004 config_decoder
0.002 Debug
0.002 Memory

Signatures ( 3.135 seconds )

2.079 md_url_bl
0.118 antiav_detectreg
0.094 stealth_timeout
0.086 api_spamming
0.064 decoy_document
0.059 md_domain_bl
0.053 md_bad_drop
0.046 infostealer_ftp
0.028 antivm_generic_scsi
0.027 heapspray_js
0.027 infostealer_im
0.025 antianalysis_detectreg
0.02 stealth_file
0.018 virtualcheck_js
0.017 mimics_filetime
0.017 antivm_generic_disk
0.017 antiav_detectfile
0.016 virus
0.015 bootkit
0.015 infostealer_mail
0.014 dridex_behavior
0.014 antivm_generic_services
0.013 stealth_network
0.012 infostealer_bitcoin
0.011 reads_self
0.008 antiemu_wine_func
0.008 geodo_banking_trojan
0.007 ransomware_message
0.007 kibex_behavior
0.007 antivm_vbox_files
0.006 sets_autoconfig_url
0.006 betabot_behavior
0.006 dead_connect
0.006 infostealer_browser_password
0.006 kovter_behavior
0.006 antivm_xen_keys
0.006 darkcomet_regkeys
0.006 ransomware_extensions
0.005 hancitor_behavior
0.005 clickfraud_cookies
0.005 persistence_autorun
0.005 securityxploded_modules
0.005 antivm_parallels_keys
0.005 ransomware_files
0.004 ipc_namedpipe
0.004 shifu_behavior
0.004 java_js
0.004 silverlight_js
0.004 antivm_generic_diskreg
0.004 recon_fingerprint
0.003 hawkeye_behavior
0.003 disables_spdy
0.003 kazybot_behavior
0.003 antivm_vbox_libs
0.003 js_phish
0.003 antidbg_windows
0.003 disables_wfp
0.003 antidbg_devices
0.003 network_http
0.002 office_dl_write_exe
0.002 network_tor
0.002 rat_nanocore
0.002 antiav_avast_libs
0.002 tinba_behavior
0.002 infostealer_browser
0.002 network_anomaly
0.002 antisandbox_productid
0.002 antivm_xen_keys
0.002 antivm_hyperv_keys
0.002 antivm_vbox_acpi
0.002 antivm_vbox_keys
0.002 antivm_vmware_keys
0.002 antivm_vpc_keys
0.002 disables_browser_warn
0.002 network_torgateway
0.002 packer_armadillo_regkey
0.002 rat_pcclient
0.001 sundown_js
0.001 internet_dropper
0.001 office_write_exe
0.001 rat_luminosity
0.001 injection_createremotethread
0.001 kelihos_behavior
0.001 antisandbox_sunbelt_libs
0.001 antisandbox_sboxie_libs
0.001 antiav_bitdefender_libs
0.001 exec_crash
0.001 ispy_behavior
0.001 vawtrak_behavior
0.001 cerber_behavior
0.001 browser_scanbox
0.001 js_suspicious_redirect
0.001 antianalysis_detectfile
0.001 antivm_generic_cpu
0.001 antivm_generic_system
0.001 antivm_vmware_files
0.001 bot_drive
0.001 bot_drive2
0.001 modify_proxy
0.001 browser_security
0.001 bypass_firewall
0.001 codelux_behavior
0.001 network_cnc_http
0.001 recon_programs
0.001 sniffer_winpcap

Reporting ( 0.546 seconds )

0.511 ReportHTMLSummary
0.035 Malheur


Task ID	171268
Mongo ID	5b51d91bbb7d57487a05df5e
Cuckoo release	1.4-Maldun