查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
---|---|---|---|
Baidu | 20190318 | 1.0.0.2 | |
Avast | 20210504 | 21.1.5827.0 | |
Alibaba | 20190527 | 0.3.0.5 | |
Tencent | 20210504 | 1.0.0.1 | |
Kingsoft | 20210504 | 2017.9.26.565 | |
McAfee | 20210504 | 6.0.6.653 | |
CrowdStrike | 20210203 | 1.0 |
file | C:\Program Files\Google\Chrome\Application\chrome.exe |
section | .ndata |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ZxcvbnData\Cache |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\MEIPreload\Cache |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\pnacl\Cache |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Cache |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ShaderCache\Cache |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel\Cache |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\SafetyTips\Cache |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\SwReporter\Cache |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Floc\Cache |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\OriginTrials\Cache |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\Cache |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\Cache |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Subresource Filter\Cache |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\TLSDeprecationConfig\Cache |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Safe Browsing\Cache |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Cache |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\hyphen-data\Cache |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Cache\ |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crowd Deny\Cache |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\FontLookupTableCache\Cache |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\FileTypePolicies\Cache |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad\Cache |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\CertificateRevocation\Cache |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\AutofillStates\Cache |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\WidevineCdm\Cache |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\RecoveryImproved\Cache |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\GrShaderCache\Cache |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsa6D8C.tmp\System.dll |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsa6D8C.tmp\Math.dll |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsd130487529343\libeay32.dll |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsd130487529343\ssleay32.dll |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsa6D8C.tmp\Math.dll |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsa6D8C.tmp\nsq6E87.tmp |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsd130487529343\ssleay32.dll |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsa6D8C.tmp\System.dll |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nsd130487529343\libeay32.dll |
Time & API | Arguments | Status | Return | Repeated |
---|---|---|---|---|
1620981122.045874 GetAdaptersAddresses |
flags:
0
family: 0 |
failed | 111 | 0 |
process | 41110b6c19cf79bdfd6774d490ce6ce0.exe |
host | 172.217.24.14 |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\41110b6c19cf79bdfd6774d490ce6ce0.exe:Zone.Identifier:$DATA |
process | 41110b6c19cf79bdfd6774d490ce6ce0.exe | useragent | |||||||
process | 41110b6c19cf79bdfd6774d490ce6ce0.exe | useragent | Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) |
MicroWorld-eScan | Gen:Variant.Jacard.173560 |
FireEye | Gen:Variant.Jacard.173560 |
CAT-QuickHeal | Trojan.Wacatac |
ALYac | Gen:Variant.Jacard.173560 |
Cylance | Unsafe |
VIPRE | Trojan.Win32.Generic!BT |
K7AntiVirus | Adware ( 00567ca61 ) |
BitDefender | Gen:Variant.Jacard.173560 |
K7GW | Adware ( 00567ca61 ) |
Cybereason | malicious.c19cf7 |
Cyren | W32/Application.WIHV-7319 |
ESET-NOD32 | a variant of Win32/FusionCore.BC potentially unwanted |
NANO-Antivirus | Trojan.Win32.InstallCore.hkdsba |
Emsisoft | Gen:Variant.Jacard.173560 (B) |
Comodo | ApplicUnwnt@#3447toiyowehr |
DrWeb | Trojan.InstallCore.3952 |
Sophos | Generic PUA HD (PUA) |
GData | Gen:Variant.Jacard.173560 |
Webroot | W32.Adware.Gen |
Arcabit | Trojan.Jacard.D2A5F8 |
MAX | malware (ai score=89) |
VBA32 | Trojan.InstallCore |
Malwarebytes | Generic.Malware/Suspicious |
Panda | PUP/InstallCore |
Rising | Trojan.Generic@ML.100 (RDML:dd1/hVT58h7qVvmbPrbIyQ) |
Yandex | Trojan.Agent!E1x2a4pa9vE |
Fortinet | Riskware/FusionCore |
No hosts contacted.
Name | Response | Post-Analysis Lookup |
---|---|---|
time.windows.com |
A 20.189.79.72
CNAME time.microsoft.akadns.net |
|
dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
rp.powopibobu3.com | ||
os2.powopibobu3.com | ||
os.powopibobu3.com | ||
dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
teredo.ipv6.microsoft.com |
No TCP connections recorded.
Source | Source Port | Destination | Destination Port |
---|---|---|---|
192.168.56.101 | 49710 | 114.114.114.114 | 53 |
192.168.56.101 | 50002 | 114.114.114.114 | 53 |
192.168.56.101 | 50047 | 114.114.114.114 | 53 |
192.168.56.101 | 50320 | 114.114.114.114 | 53 |
192.168.56.101 | 50433 | 114.114.114.114 | 53 |
192.168.56.101 | 50568 | 114.114.114.114 | 53 |
192.168.56.101 | 50849 | 114.114.114.114 | 53 |
192.168.56.101 | 51378 | 114.114.114.114 | 53 |
192.168.56.101 | 53210 | 114.114.114.114 | 53 |
192.168.56.101 | 53380 | 114.114.114.114 | 53 |
192.168.56.101 | 53500 | 114.114.114.114 | 53 |
192.168.56.101 | 53661 | 114.114.114.114 | 53 |
192.168.56.101 | 54178 | 114.114.114.114 | 53 |
192.168.56.101 | 54260 | 114.114.114.114 | 53 |
192.168.56.101 | 54991 | 114.114.114.114 | 53 |
192.168.56.101 | 55169 | 114.114.114.114 | 53 |
192.168.56.101 | 56743 | 114.114.114.114 | 53 |
192.168.56.101 | 57089 | 114.114.114.114 | 53 |
192.168.56.101 | 57236 | 114.114.114.114 | 53 |
192.168.56.101 | 57367 | 114.114.114.114 | 53 |
No HTTP requests performed.
No ICMP traffic performed.
No IRC requests performed.
No Suricata Alerts
No Suricata TLS
No Snort Alerts