| Time & API | Arguments | Status | Return | Repeated |
|---|---|---|---|---|
|
1620985521.996812 GetComputerNameA |
computer_name:
OSKAR-PC
|
success | 1 | 0 |
| Time & API | Arguments | Status | Return | Repeated |
|---|---|---|---|---|
|
1620985521.996812 IsDebuggerPresent |
failed | 0 | 0 | |
|
1620985528.417812 IsDebuggerPresent |
failed | 0 | 0 |
| request | GET http://news.7654.com/mini_new3/jsb/?tm=1620996804&tck=B3AB253E6459517C16850664F659D9E7&qid=unknow |
| request | GET http://news.7654.com/mini_new3/jsb/statics/assets/css/index.css?_t=04011701 |
| request | GET http://news.7654.com/mini_new3/jsb/statics/common/css/idangerous.swiper.css |
| request | GET http://news.7654.com/mini_new3/jsb/statics/assets/images/toggle_nav.png |
| request | GET http://news.7654.com/mini_new3/jsb/statics/assets/images/point.png |
| request | GET http://news.7654.com/mini_new3/jsb/statics/assets/images/message.png |
| request | GET http://news.7654.com/mini_new3/jsb/statics/assets/images/feedback.png |
| request | GET http://news.7654.com/mini_new3/jsb/statics/common/js/jquery.min.js |
| request | GET http://news.7654.com/mini_new3/jsb/statics/common/js/jquery.cookie.js |
| request | GET http://news.7654.com/mini_new3/jsb/statics/common/js/jquery.base64.js |
| request | GET http://news.7654.com/mini_new3/jsb/statics/common/js/jquery.xDomain.js |
| request | GET http://news.7654.com/mini_new3/jsb/statics/assets/js/index.js?_t=05081648 |
| request | GET http://news.7654.com/mini_new3/jsb/statics/common/js/idangerous.swiper.min.js |
| request | GET http://news.7654.com/mini_new3/jsb/statics/assets/images/left.png |
| request | GET http://news.7654.com/mini_new3/jsb/statics/assets/images/right.png |
| request | GET http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH |
| request | GET http://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDBhyuElvTh7HbtMMiw%3D%3D |
| request | GET https://hm.baidu.com/hm.js?2e5a18396dae9d48554551ea6747940e |
| request | GET https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=32-bit&ds=800x600&vl=600&et=0&ja=1&ln=zh-cn&lo=0&rnd=685826969&si=2e5a18396dae9d48554551ea6747940e&v=1.2.80&lv=1&sn=54125&r=0&ww=900&ct=!!&u=http%3A%2F%2Fnews.7654.com%2Fmini_new3%2Fjsb%2F%3Ftm%3D1620996804%26tck%3DB3AB253E6459517C16850664F659D9E7%26qid%3Dunknow&tt=Mini%20Page |
| name | RT_ICON | language | LANG_CHINESE | offset | 0x000c7f34 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x000c7f34 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x000c7f34 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x000c7f34 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x000c7f34 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | offset | 0x000c83a0 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x0000004c | ||||||||||||||||||
| name | RT_VERSION | language | LANG_CHINESE | offset | 0x000c83f0 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000274 | ||||||||||||||||||
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JSSP0KXB\jquery.min[1].js |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DQSDCVAE\idangerous.swiper.min[1].js |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X6VHVO8H\hm[1].js |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JSSP0KXB\jquery.cookie[1].js |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DQSDCVAE\index[1].js |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X6VHVO8H\jquery.base64[1].js |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JSSP0KXB\jquery.xDomain[1].js |
| Time & API | Arguments | Status | Return | Repeated |
|---|---|---|---|---|
|
1620985522.777812 GetAdaptersAddresses |
flags:
0
family: 0 |
failed | 111 | 0 |
| entropy | 7.997935367617593 | section | {'size_of_data': '0x0003ec00', 'virtual_address': '0x00081000', 'entropy': 7.997935367617593, 'name': 'UPX1', 'virtual_size': '0x0003f000'} | description | A section with a high entropy has been found | |||||||||
| entropy | 0.8715277777777778 | description | Overall entropy of this PE file is high | |||||||||||
| Time & API | Arguments | Status | Return | Repeated |
|---|---|---|---|---|
|
1620985535.964812 InternetOpenA |
proxy_bypass:
access_type: 0 proxy_name: flags: 0 user_agent: |
success | 13369348 | 0 |
| section | UPX0 | description | Section name indicates UPX | ||||||
| section | UPX1 | description | Section name indicates UPX | ||||||
| host | 172.217.24.14 | |||
| Time & API | Arguments | Status | Return | Repeated |
|---|---|---|---|---|
|
1620985521.917812 EnumServicesStatusA |
service_handle:
0x0093f668
service_type: 59 service_status: 1 |
failed | 0 | 0 |
| registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\bb1eb478b3ef18d5a2d9508e4aeb51b4.exe |
| process | bb1eb478b3ef18d5a2d9508e4aeb51b4.exe | useragent | |||||||
| process | bb1eb478b3ef18d5a2d9508e4aeb51b4.exe | useragent | Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) | ||||||
No hosts contacted.
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 49183 | 104.18.21.226 ocsp2.globalsign.com | 80 |
| 192.168.56.101 | 49184 | 104.18.21.226 ocsp2.globalsign.com | 80 |
| 192.168.56.101 | 49182 | 124.237.176.160 hm.baidu.com | 443 |
| 192.168.56.101 | 49177 | 150.138.232.125 news.7654.com | 80 |
| 192.168.56.101 | 49180 | 150.138.232.125 news.7654.com | 80 |
| 192.168.56.101 | 49181 | 150.138.232.125 news.7654.com | 80 |
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 50002 | 114.114.114.114 | 53 |
| 192.168.56.101 | 51808 | 114.114.114.114 | 53 |
| 192.168.56.101 | 53237 | 114.114.114.114 | 53 |
| 192.168.56.101 | 53657 | 114.114.114.114 | 53 |
| 192.168.56.101 | 57756 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58367 | 114.114.114.114 | 53 |
| 192.168.56.101 | 62318 | 114.114.114.114 | 53 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 49235 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 50534 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 51963 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 56804 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 57874 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 62191 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 63429 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 1900 | 239.255.255.250 | 1900 |
| 192.168.56.101 | 51964 | 239.255.255.250 | 3702 |
| 192.168.56.101 | 53658 | 239.255.255.250 | 3702 |
| 192.168.56.101 | 57875 | 239.255.255.250 | 3702 |
| URI | Data |
|---|---|
| http://news.7654.com/mini_new3/jsb/statics/common/js/jquery.base64.js | GET /mini_new3/jsb/statics/common/js/jquery.base64.js HTTP/1.1 Accept: */* Referer: http://news.7654.com/mini_new3/jsb/?tm=1620996804&tck=B3AB253E6459517C16850664F659D9E7&qid=unknow Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: news.7654.com Connection: Keep-Alive |
| http://news.7654.com/mini_new3/jsb/statics/common/js/jquery.cookie.js | GET /mini_new3/jsb/statics/common/js/jquery.cookie.js HTTP/1.1 Accept: */* Referer: http://news.7654.com/mini_new3/jsb/?tm=1620996804&tck=B3AB253E6459517C16850664F659D9E7&qid=unknow Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: news.7654.com Connection: Keep-Alive |
| http://news.7654.com/mini_new3/jsb/statics/assets/js/index.js?_t=05081648 | GET /mini_new3/jsb/statics/assets/js/index.js?_t=05081648 HTTP/1.1 Accept: */* Referer: http://news.7654.com/mini_new3/jsb/?tm=1620996804&tck=B3AB253E6459517C16850664F659D9E7&qid=unknow Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: news.7654.com Connection: Keep-Alive |
| http://news.7654.com/mini_new3/jsb/statics/common/css/idangerous.swiper.css | GET /mini_new3/jsb/statics/common/css/idangerous.swiper.css HTTP/1.1 Accept: */* Referer: http://news.7654.com/mini_new3/jsb/?tm=1620996804&tck=B3AB253E6459517C16850664F659D9E7&qid=unknow Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: news.7654.com Connection: Keep-Alive |
| http://news.7654.com/mini_new3/jsb/statics/assets/images/feedback.png | GET /mini_new3/jsb/statics/assets/images/feedback.png HTTP/1.1 Accept: */* Referer: http://news.7654.com/mini_new3/jsb/?tm=1620996804&tck=B3AB253E6459517C16850664F659D9E7&qid=unknow Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: news.7654.com Connection: Keep-Alive |
| http://news.7654.com/mini_new3/jsb/statics/assets/css/index.css?_t=04011701 | GET /mini_new3/jsb/statics/assets/css/index.css?_t=04011701 HTTP/1.1 Accept: */* Referer: http://news.7654.com/mini_new3/jsb/?tm=1620996804&tck=B3AB253E6459517C16850664F659D9E7&qid=unknow Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: news.7654.com Connection: Keep-Alive |
| http://news.7654.com/mini_new3/jsb/?tm=1620996804&tck=B3AB253E6459517C16850664F659D9E7&qid=unknow | GET /mini_new3/jsb/?tm=1620996804&tck=B3AB253E6459517C16850664F659D9E7&qid=unknow HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: news.7654.com Connection: Keep-Alive |
| http://news.7654.com/mini_new3/jsb/statics/common/js/jquery.min.js | GET /mini_new3/jsb/statics/common/js/jquery.min.js HTTP/1.1 Accept: */* Referer: http://news.7654.com/mini_new3/jsb/?tm=1620996804&tck=B3AB253E6459517C16850664F659D9E7&qid=unknow Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: news.7654.com Connection: Keep-Alive |
| http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH | GET /rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.globalsign.com |
| http://news.7654.com/mini_new3/jsb/statics/common/js/idangerous.swiper.min.js | GET /mini_new3/jsb/statics/common/js/idangerous.swiper.min.js HTTP/1.1 Accept: */* Referer: http://news.7654.com/mini_new3/jsb/?tm=1620996804&tck=B3AB253E6459517C16850664F659D9E7&qid=unknow Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: news.7654.com Connection: Keep-Alive |
No ICMP traffic performed.
No IRC requests performed.
No Suricata Alerts
No Suricata TLS
No Snort Alerts