9.0
极危
55 个模型检测该样本为恶意!
重新分析
更多

5ec1ff603cb9f6989ba6b012ee9da25a6885420d48fd075d2c867cc7c0a9b0a1

f3bba9a061f294df33d98e1f4b442a64.exe

分析耗时

88s

最近分析

文件大小

1.5MB
静态报毒 动态报毒 100% A8UFLBK2O ADNEWS ADPOPUP AI SCORE=100 ALTT AMONETIZE APPLICUNWNT@#3VOUZF0FS1YMZ BSCOPE BULZ CHINAD CLASSIC CONFIDENCE EJTCVX ELDORADO GEN7 GENASA GENCIRC GENERIC PUA GH GRAYWARE HIGH CONFIDENCE KUAIBA KUAIZIP KUZITUI KZIP MALICIOUS PE R002C0OA321 R187835 SCORE SIGGEN STATIC AI UNSAFE 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Backdoor:Win32/KuaiZip.56ad5896 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:Malware-gen 20210108 21.1.5827.0
Tencent Malware.Win32.Gencirc.10beccf4 20210108 1.0.0.1
Kingsoft 20210108 2017.9.26.565
McAfee Adware-KZip 20210108 6.0.6.653
CrowdStrike win/malicious_confidence_80% (D) 20190702 1.0
静态指标
Checks if process is being debugged by a debugger (1 个事件)
Time & API Arguments Status Return Repeated
1619999704.324334
IsDebuggerPresent
failed 0 0
This executable is signed
The file contains an unknown PE resource name possibly indicative of a packer (3 个事件)
resource name MYICON
resource name XML
resource name ZIPRES
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features GET method with no useragent header suspicious_request GET http://hotnews.dftoutiao.com/hotwordsnews/getnews?qid=kuaiyamini&platform=pc&newstype=now
Performs some HTTP requests (50 out of 56 个事件)
request GET http://hotnews.dftoutiao.com/hotwordsnews/getnews?qid=kuaiyamini&platform=pc&newstype=now
request GET http://mini.eastday.com/kuaiya/index.html?1620018942
request GET http://mini.eastday.com/mini/resources/json2.js
request GET http://dup.baidustatic.com/js/ds.js?time=
request GET http://mini.eastday.com/mini/resources/jquery.js
request GET http://afpmm.alicdn.com/g/mm/afp-cdn/JS/k.js
request GET http://afpeng.alimama.com/ex?a=mm_118281833_16154146_73066256&sp=1&cb=_acM.r&u=http%3A%2F%2Fmini.eastday.com%2Fkuaiya%2Findex.html%3F1620018942&ds=800x600&_=1620018948158&fs=0&pvid=a1bf8a78640d319dcd08e70eed8413ab&cg=a80b93a87848ac04d3260f4d163c4893
request GET http://afpeng.alimama.com/ex?a=mm_118281833_16154146_73056515&sp=1&cb=_acM.r&u=http%3A%2F%2Fmini.eastday.com%2Fkuaiya%2Findex.html%3F1620018942&ds=800x600&_=1620018958205&fs=52&pvid=a1636ffd5d199eab5476f08cf4881ae8&cg=ad510b3a027cba5861aca899eb0e0aca
request GET http://afpeng.alimama.com/ex?a=mm_118281833_16154146_73066210&sp=1&cb=_acM.r&u=http%3A%2F%2Fmini.eastday.com%2Fkuaiya%2Findex.html%3F1620018942&ds=800x600&_=1620018958314&fs=0&pvid=a524f030beb04555b9e34e20b362ef11&cg=cf98dce35582d17f1e8736b2fe7798c5
request GET http://afpeng.alimama.com/ex?a=mm_118281833_16154146_73068154&sp=1&cb=_acM.r&u=http%3A%2F%2Fmini.eastday.com%2Fkuaiya%2Findex.html%3F1620018942&ds=800x600&_=1620018958424&fs=0&pvid=a434633bbe6a900f39dec1454439962c&cg=e9a058d5cb0c11e6dbc5f900db1fd59e
request GET http://afpeng.alimama.com/ex?a=mm_118281833_16154146_73058398&sp=1&cb=_acM.r&u=http%3A%2F%2Fmini.eastday.com%2Fkuaiya%2Findex.html%3F1620018942&ds=800x600&_=1620018958533&fs=0&pvid=a493ca2203bf1b4ec955a27fe64d3cd3&cg=af0b78316dcacb678e9e51b8cfa5a8c6
request GET http://mini.eastday.com/kuaiya/index-in.html
request GET http://mini.eastday.com/mini/resources/jquery.cookie.js
request GET http://dup.baidustatic.com/js/ds.js
request GET http://mini.eastday.com/mini/resources/miniglobal.js
request GET http://mini.eastday.com/mini/resources/hot_2.gif
request GET http://imgmini.eastday.com/minitesst/1115047435896157.jpg
request GET http://imgmini.eastday.com/minitesst/315047436082135.jpg
request GET http://mini.eastday.com/mini/resources/sources_v4.png
request GET http://imgmini.eastday.com/minitesst/3315047436314066.jpg
request GET http://imgmini.eastday.com/minitesst/h14727085984950.jpg
request GET http://afpeng.alimama.com/ex?a=mm_118281833_16154146_73068167&sp=1&cb=_acM.r&u=http%3A%2F%2Fmini.eastday.com%2Fkuaiya%2Findex-in.html&ds=800x600&_=1620018959299&fs=1&pvid=abd0bf5cfe207512a45d977d2cdda0be&cg=afaa26476eef6ee18f14f550a4ad821b
request GET http://imgmini.eastday.com/minitesst/3415059829584720.jpg
request GET http://imgmini.eastday.com/minitesst/3515059830737298.jpg
request GET http://p.tanx.com/ex?i=mm_108636149_8862290_41172430
request GET http://imgmini.eastday.com/minitesst/3615059831371172.jpg
request GET http://imgmini.eastday.com/minitesst/3715059832154709.jpg
request GET http://imgmini.eastday.com/minitesst/1915061365036336.jpg
request GET http://imgmini.eastday.com/minitesst/2315061369694332.jpg
request GET http://imgmini.eastday.com/minitesst/1115056179663550.jpg
request GET http://imgmini.eastday.com/minitesst/3615054490559563.jpg
request GET http://imgmini.eastday.com/minitesst/%E6%97%A7%E5%90%8E%E5%8F%B0%E5%9B%BE%E7%89%8715054492278672.jpg
request GET http://imgmini.eastday.com/minitesst/%E7%A4%BE%E4%BC%9A15053135597764.jpg
request GET http://imgmini.eastday.com/minitesst/%E7%A7%91%E6%8A%8015053135901231.jpg
request GET http://imgmini.eastday.com/minitesst/%E5%A8%B1%E4%B9%9015053135066906.jpg
request GET http://afpeng.alimama.com/ex?a=mm_118281833_16154146_73064349&sp=1&cb=_acM.r&u=http%3A%2F%2Fmini.eastday.com%2Fkuaiya%2Findex-in.html&ds=800x600&_=1620018960783&fs=1&pvid=a08a7f2843c86f667c69dae4a34cf7ab&cg=d66b9240512cd66dc96fd5691835d5fb
request GET http://tongji.eastday.com/webdig.js?z=1
request GET http://tongji.eastday.com/1.gif?z=1&a=17930a79b16&b=%u65B0%u95FB%u7AD9&B=utf-8&c=http%3A//mini.eastday.com/kuaiya/index.html%3F_wdxid%3D000000000000000000000000000000000000000000%26_wdc%3Dtoutiao_PC%26_wdt%3D112%26&d=&e=0&f=6489&H=mini.eastday.com&E=1&r=38f33edb59d946e4&s=0&t=0&u=1&i=zh-cn&j=1&k=800x600&l=32&m=&n=lan&o=8
request GET http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH
request GET http://cl3.webterren.com/1.gif?z=38&a=17930a79b16&b=%u65B0%u95FB%u7AD9&B=utf-8&c=http%3A//mini.eastday.com/kuaiya/index.html%3F_wdxid%3D000000000000000000000000000000000000000000%26_wdc%3Dtoutiao_PC%26_wdt%3D112%26&d=&e=0&f=6489&H=mini.eastday.com&E=1&r=38f33edb59d946e4&s=0&t=0&u=1&i=zh-cn&j=1&k=800x600&l=32&m=&n=lan&o=8
request GET http://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDEutjL1n8KJA%2FQxJqQ%3D%3D
request GET http://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDBhyuElvTh7HbtMMiw%3D%3D
request GET http://imgmini.eastday.com/minitesst/%E4%BD%93%E8%82%B215053136146305.jpg
request GET http://imgmini.eastday.com/minitesst/%E6%B1%BD%E8%BD%A615053135316841.jpg
request GET http://mini.eastday.com/mini/resources/log.js
request GET http://mini.eastday.com/mini/resources/jquery.mousewheel.min.js
request GET http://hm.baidu.com/hm.js?0f43db62c85e6938084c9b765fcf7eb0
request GET http://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDHJYeDZun1boHUGISA%3D%3D
request GET https://pos.baidu.com/auto_dup?psi=1c28efcdd78350babedce062e922b8bd&di=0&dri=0&dis=4&dai=0&ps=0x0&enu=encoding&exps=110011&ant=0&aa=1&dcb=___baidu_union_callback&dtm=AUTO_JSONP&dvi=0.0&dci=-1&dpt=none&tsr=0&tpr=1620018947017&ti=%E6%96%B0%E9%97%BB%E7%AB%99&ari=2&ver=0427&dbv=0&drs=3&pcs=1x1&pss=1x1&cfv=0&cpl=0&chi=0&cce=true&cec=utf-8&tlm=1512122473&prot=2&rw=1&ltu=http%3A%2F%2Fmini.eastday.com%2Fkuaiya%2Findex.html%3F1620018942&ecd=0&uc=800x560&pis=-1x-1&sr=800x600&tcn=1620018947&dc=4
request GET https://atanx.alicdn.com/t/tanxssp.js?_v=12
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619999717.918334
NtAllocateVirtualMemory
process_identifier: 2852
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x091d0000
success 0 0
Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (6 个事件)
Time & API Arguments Status Return Repeated
1619999717.230334
GetDiskFreeSpaceExW
root_path: C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
free_bytes_available: 19610861568
total_number_of_free_bytes: 0
total_number_of_bytes: 0
success 1 0
1619999717.277334
GetDiskFreeSpaceExW
root_path: C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
free_bytes_available: 19610869760
total_number_of_free_bytes: 0
total_number_of_bytes: 0
success 1 0
1619999717.777334
GetDiskFreeSpaceExW
root_path: C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
free_bytes_available: 19610894336
total_number_of_free_bytes: 0
total_number_of_bytes: 0
success 1 0
1619999720.449334
GetDiskFreeSpaceW
root_path: C:\
sectors_per_cluster: 8
number_of_free_clusters: 4787817
total_number_of_clusters: 8362495
bytes_per_sector: 512
success 1 0
1619999721.449334
GetDiskFreeSpaceExW
root_path: C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
free_bytes_available: 19610861568
total_number_of_free_bytes: 0
total_number_of_bytes: 0
success 1 0
1619999721.511334
GetDiskFreeSpaceExW
root_path: C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
free_bytes_available: 19610857472
total_number_of_free_bytes: 0
total_number_of_bytes: 0
success 1 0
Foreign language identified in PE resource (11 个事件)
name MYICON language LANG_CHINESE offset 0x0015535c filetype MS Windows icon resource - 4 icons, 256x256 withPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 48x48, 32 bits/pixel sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000090a7
name XML language LANG_CHINESE offset 0x0015e558 filetype XML 1.0 document, ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000014a
name XML language LANG_CHINESE offset 0x0015e558 filetype XML 1.0 document, ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000014a
name ZIPRES language LANG_CHINESE offset 0x0015e6a4 filetype Zip archive data, at least v2.0 to extract sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000c525
name RT_ICON language LANG_CHINESE offset 0x001737c8 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x001737c8 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x001737c8 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x001737c8 filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_DIALOG language LANG_CHINESE offset 0x00173c30 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000096
name RT_GROUP_ICON language LANG_CHINESE offset 0x00173cc8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000003e
name RT_VERSION language LANG_CHINESE offset 0x00173d08 filetype MS Windows COFF Motorola 68000 object file sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000268
Creates executable files on the filesystem (15 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X6VHVO8H\ds[2].js
file C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JSSP0KXB\webdig[1].js
file C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JSSP0KXB\hm[1].js
file C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JSSP0KXB\wh[2].js
file C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X6VHVO8H\ds[1].js
file C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X6VHVO8H\jquery.mousewheel.min[1].js
file C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZOR341Z\jquery[1].js
file C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DQSDCVAE\json2[1].js
file C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DQSDCVAE\tanxssp[1].js
file C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZOR341Z\jquery.cookie[1].js
file C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JSSP0KXB\k[1].js
file C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZOR341Z\fb[1].js
file C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X6VHVO8H\log[1].js
file C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X6VHVO8H\miniglobal[1].js
file C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JSSP0KXB\wh[1].js
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619999734.777334
ShellExecuteExW
parameters:
filepath: \X86\KZReport.exe
filepath_r: \X86\KZReport.exe
show_type: 0
failed 0 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619999687.824334
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.736694378246427 section {'size_of_data': '0x0001f200', 'virtual_address': '0x00155000', 'entropy': 7.736694378246427, 'name': '.rsrc', 'virtual_size': '0x0001f1e0'} description A section with a high entropy has been found
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Disables proxy possibly for traffic interception (1 个事件)
Time & API Arguments Status Return Repeated
1619999687.527334
RegSetValueExA
key_handle: 0x00000468
value: 0
regkey_r: ProxyEnable
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
success 0 0
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1619999690.386334
RegSetValueExA
key_handle: 0x00000554
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619999690.386334
RegSetValueExA
key_handle: 0x00000554
value: ™H_Û?×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619999690.386334
RegSetValueExA
key_handle: 0x00000554
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619999690.386334
RegSetValueExW
key_handle: 0x00000554
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619999690.386334
RegSetValueExA
key_handle: 0x000004a4
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619999690.386334
RegSetValueExA
key_handle: 0x000004a4
value: ™H_Û?×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619999690.386334
RegSetValueExA
key_handle: 0x000004a4
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619999690.418334
RegSetValueExW
key_handle: 0x0000028c
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1619999690.605334
RegSetValueExA
key_handle: 0x00000340
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619999690.605334
RegSetValueExA
key_handle: 0x00000340
value: Ðj_Û?×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619999690.605334
RegSetValueExA
key_handle: 0x00000340
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619999690.605334
RegSetValueExW
key_handle: 0x00000340
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619999690.605334
RegSetValueExA
key_handle: 0x00000570
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619999690.605334
RegSetValueExA
key_handle: 0x00000570
value: Ðj_Û?×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619999690.605334
RegSetValueExA
key_handle: 0x00000570
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Adware.Bulz.682
FireEye Generic.mg.f3bba9a061f294df
ALYac Gen:Variant.Adware.Bulz.682
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
SUPERAntiSpyware PUP.ChinAd/Variant
K7AntiVirus Unwanted-Program ( 005323b41 )
Alibaba Backdoor:Win32/KuaiZip.56ad5896
K7GW Unwanted-Program ( 005323b41 )
Cybereason malicious.061f29
Arcabit Trojan.Adware.Bulz.682
Cyren W32/S-57185241!Eldorado
Symantec Adware.Adpopup
APEX Malicious
Avast Win32:Malware-gen
ClamAV Win.Trojan.Generic-1658
Kaspersky not-a-virus:AdWare.Win32.KuziTui.d
BitDefender Gen:Variant.Adware.Bulz.682
NANO-Antivirus Riskware.Win32.Amonetize.ejtcvx
ViRobot Adware.Kuaizip.1575320.D
Tencent Malware.Win32.Gencirc.10beccf4
Ad-Aware Gen:Variant.Adware.Bulz.682
Sophos Generic PUA GH (PUA)
Comodo ApplicUnwnt@#3vouzf0fs1ymz
F-Secure Adware.ADWARE/Amonetize.Gen7
DrWeb Adware.Siggen.32792
Zillya Adware.Amonetize.Win32.27745
TrendMicro TROJ_GEN.R002C0OA321
McAfee-GW-Edition Adware-KZip
Emsisoft Application.AdNews (A)
SentinelOne Static AI - Malicious PE
Jiangmin AdWare.Amonetize.altt
Webroot W32.Adware.Gen
Avira ADWARE/Amonetize.Gen7
eGambit Unsafe.AI_Score_100%
Antiy-AVL GrayWare[AdWare]/Win32.Amonetize
Gridinsoft Adware.Kuaiba.vl!c
Microsoft PUA:Win32/KuaiZip
AegisLab Riskware.Win32.KuaiZip.1!c
ZoneAlarm not-a-virus:AdWare.Win32.KuziTui.d
GData Gen:Variant.Adware.Bulz.682
Cynet Malicious (score: 100)
AhnLab-V3 PUP/Win32.Amonetize.R187835
McAfee Adware-KZip
MAX malware (ai score=100)
VBA32 BScope.Adware.KuziTui
Malwarebytes PUP.Optional.ChinAd
ESET-NOD32 a variant of Win32/KuaiZip.D potentially unwanted
TrendMicro-HouseCall TROJ_GEN.R002C0OA321
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 192.168.56.101:49188
dead_host 106.75.65.227:80
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2016-09-12 14:51:48

Imports

Library KERNEL32.dll:
0x4da12c CreateThread
0x4da130 GetModuleHandleA
0x4da134 Sleep
0x4da138 DeleteFileA
0x4da13c CreateFileA
0x4da140 WriteFile
0x4da144 SetFileAttributesA
0x4da148 FormatMessageW
0x4da14c LocalFree
0x4da150 FindClose
0x4da154 lstrcmpiW
0x4da158 GlobalLock
0x4da15c GlobalUnlock
0x4da160 GetCurrentThreadId
0x4da164 GetSystemInfo
0x4da168 CreateFileW
0x4da16c GetFileSize
0x4da170 ReadFile
0x4da174 GetCommandLineW
0x4da178 OpenProcess
0x4da17c GlobalAlloc
0x4da184 Process32FirstW
0x4da188 Process32NextW
0x4da18c WaitForSingleObject
0x4da190 CreateDirectoryW
0x4da194 GetModuleFileNameW
0x4da198 LoadLibraryW
0x4da19c GetProcAddress
0x4da1a0 VerSetConditionMask
0x4da1a4 VerifyVersionInfoW
0x4da1a8 GetLocalTime
0x4da1ac WideCharToMultiByte
0x4da1b0 MultiByteToWideChar
0x4da1b4 FindResourceExW
0x4da1b8 GetCommandLineA
0x4da1bc CloseHandle
0x4da1c0 CreateMutexW
0x4da1c4 GetLastError
0x4da1c8 FindResourceW
0x4da1cc LoadResource
0x4da1d0 SizeofResource
0x4da1d4 LockResource
0x4da1d8 FreeResource
0x4da1dc GetTickCount
0x4da1e0 SetEndOfFile
0x4da1e8 CompareStringW
0x4da1ec CompareStringA
0x4da1f0 GetConsoleOutputCP
0x4da1f4 WriteConsoleA
0x4da1f8 GetLocaleInfoW
0x4da1fc SetStdHandle
0x4da204 GetFullPathNameA
0x4da208 FlushFileBuffers
0x4da20c HeapDestroy
0x4da210 HeapAlloc
0x4da214 HeapFree
0x4da218 HeapReAlloc
0x4da21c HeapSize
0x4da220 GetProcessHeap
0x4da224 RaiseException
0x4da238 lstrlenW
0x4da23c GetModuleFileNameA
0x4da240 lstrcmpiA
0x4da244 TerminateProcess
0x4da24c QueryDosDeviceW
0x4da250 lstrcpyW
0x4da254 lstrcatW
0x4da258 GetModuleHandleW
0x4da25c GetCurrentProcessId
0x4da260 GetCurrentProcess
0x4da264 FreeLibrary
0x4da268 VirtualProtect
0x4da26c WriteProcessMemory
0x4da278 ExitProcess
0x4da27c GetACP
0x4da288 MulDiv
0x4da294 SetFilePointer
0x4da298 GetFileType
0x4da29c DuplicateHandle
0x4da2a8 SetFileTime
0x4da2ac SetLastError
0x4da2b0 SleepEx
0x4da2b4 VerifyVersionInfoA
0x4da2b8 FormatMessageA
0x4da2bc PeekNamedPipe
0x4da2c4 GetStdHandle
0x4da2c8 LoadLibraryA
0x4da2d0 VirtualQuery
0x4da2d4 VirtualAlloc
0x4da2d8 VirtualFree
0x4da2e0 VirtualProtectEx
0x4da2e4 RtlUnwind
0x4da2ec IsDebuggerPresent
0x4da2f4 GetStartupInfoW
0x4da300 GetDriveTypeA
0x4da304 FindFirstFileA
0x4da308 ExitThread
0x4da310 WriteConsoleW
0x4da314 TlsGetValue
0x4da318 TlsAlloc
0x4da31c TlsSetValue
0x4da320 TlsFree
0x4da324 GetCPInfo
0x4da328 GetOEMCP
0x4da32c IsValidCodePage
0x4da334 LCMapStringW
0x4da338 LCMapStringA
0x4da33c GetUserDefaultLCID
0x4da340 GetLocaleInfoA
0x4da344 EnumSystemLocalesA
0x4da348 IsValidLocale
0x4da34c GetStringTypeA
0x4da350 GetStringTypeW
0x4da354 GetConsoleCP
0x4da358 GetConsoleMode
0x4da35c HeapCreate
0x4da368 SetHandleCount
0x4da36c GetStartupInfoA
0x4da374 InterlockedExchange
Library USER32.dll:
0x4da3d4 EnableWindow
0x4da3d8 GetWindow
0x4da3dc GetMonitorInfoW
0x4da3e0 MonitorFromWindow
0x4da3e4 SendMessageW
0x4da3e8 LoadImageW
0x4da3ec CallWindowProcW
0x4da3f0 GetPropW
0x4da3f4 SetPropW
0x4da3f8 AdjustWindowRectEx
0x4da3fc GetMenu
0x4da400 RegisterClassW
0x4da404 GetClassInfoExW
0x4da408 IsIconic
0x4da40c OffsetRect
0x4da410 SetWindowRgn
0x4da414 MessageBoxW
0x4da418 InflateRect
0x4da41c UnionRect
0x4da420 SetCursor
0x4da424 GetKeyState
0x4da428 CreateCaret
0x4da42c InvalidateRect
0x4da430 SetCapture
0x4da434 ReleaseCapture
0x4da438 PtInRect
0x4da43c ReleaseDC
0x4da440 GetDC
0x4da444 GetCursorPos
0x4da448 CharNextW
0x4da44c GetCaretBlinkTime
0x4da450 SetCaretPos
0x4da454 IntersectRect
0x4da458 GetFocus
0x4da45c MapWindowPoints
0x4da460 GetSysColor
0x4da464 IsWindowVisible
0x4da468 IsRectEmpty
0x4da46c EndPaint
0x4da470 BeginPaint
0x4da474 GetUpdateRect
0x4da478 GetActiveWindow
0x4da47c UpdateLayeredWindow
0x4da484 SetWindowTextW
0x4da488 GetCaretPos
0x4da48c IsWindowEnabled
0x4da490 ClientToScreen
0x4da494 HideCaret
0x4da498 ShowCaret
0x4da49c FillRect
0x4da4a0 InvalidateRgn
0x4da4a4 GetGUIThreadInfo
0x4da4ac GetKeyNameTextW
0x4da4b0 MapVirtualKeyExW
0x4da4b4 GetKeyboardLayout
0x4da4b8 DrawTextW
0x4da4bc MonitorFromPoint
0x4da4c0 CharPrevW
0x4da4c4 SetRect
0x4da4c8 GetSystemMetrics
0x4da4cc MoveWindow
0x4da4d0 GetWindowRect
0x4da4d4 PostQuitMessage
0x4da4d8 DestroyWindow
0x4da4dc SetWindowPos
0x4da4e0 IsZoomed
0x4da4e4 GetClientRect
0x4da4e8 ScreenToClient
0x4da4ec PostMessageW
0x4da4f0 SetTimer
0x4da4f4 SetForegroundWindow
0x4da4f8 KillTimer
0x4da4fc ShowWindow
0x4da500 PostThreadMessageW
0x4da504 GetParent
0x4da508 GetMessageW
0x4da50c SetFocus
0x4da510 TranslateMessage
0x4da514 DispatchMessageW
0x4da518 IsWindow
0x4da51c wsprintfW
0x4da520 GetWindowRgn
0x4da524 SetWindowLongW
0x4da528 CreateWindowExW
0x4da52c RegisterClassExW
0x4da530 LoadCursorW
0x4da534 DefWindowProcW
0x4da538 GetWindowLongW
0x4da53c WindowFromPoint
0x4da540 GetWindowTextW
Library ADVAPI32.dll:
0x4da000 CryptCreateHash
0x4da004 CryptEncrypt
0x4da008 CryptReleaseContext
0x4da00c CryptImportKey
0x4da014 CryptDestroyHash
0x4da018 CryptGetHashParam
0x4da01c CryptHashData
0x4da020 RegQueryValueA
0x4da024 RegOpenKeyA
0x4da028 RegCreateKeyA
0x4da02c RegSetValueExA
0x4da030 RegQueryValueExA
0x4da034 RegCloseKey
0x4da038 RegSetValueExW
0x4da03c RegCreateKeyExW
0x4da040 RegOpenKeyExA
0x4da044 RegCreateKeyExA
0x4da048 CryptDestroyKey
Library SHELL32.dll:
0x4da3a0 ShellExecuteA
0x4da3a4 DragQueryFileW
0x4da3a8 ShellExecuteW
Library ole32.dll:
0x4da670 OleLockRunning
0x4da674 CLSIDFromString
0x4da67c ReleaseStgMedium
0x4da680 RegisterDragDrop
0x4da684 OleDuplicateData
0x4da688 DoDragDrop
0x4da68c CoCreateInstance
0x4da690 CLSIDFromProgID
0x4da694 CoInitialize
0x4da698 CoUninitialize
Library OLEAUT32.dll:
0x4da380 SysFreeString
0x4da384 SysAllocStringLen
0x4da388 VariantClear
0x4da38c VariantInit
0x4da390 SysAllocString
Library SHLWAPI.dll:
0x4da3b4 StrStrW
0x4da3b8 StrCpyW
0x4da3bc PathFindFileNameW
0x4da3c0 PathFileExistsW
0x4da3c4 PathFileExistsA
0x4da3c8 StrStrIA
0x4da3cc StrStrIW
Library WS2_32.dll:
0x4da550 connect
0x4da554 ioctlsocket
0x4da558 socket
0x4da55c send
0x4da560 recv
0x4da564 gethostbyname
0x4da568 gethostname
0x4da56c WSAStartup
0x4da570 WSACleanup
0x4da574 WSASetLastError
0x4da578 __WSAFDIsSet
0x4da57c WSAGetLastError
0x4da580 freeaddrinfo
0x4da584 getaddrinfo
0x4da588 closesocket
0x4da58c getpeername
0x4da590 getsockopt
0x4da594 htons
0x4da598 bind
0x4da59c ntohs
0x4da5a0 getsockname
0x4da5a4 sendto
0x4da5a8 recvfrom
0x4da5ac accept
0x4da5b0 listen
0x4da5b4 select
0x4da5b8 setsockopt
0x4da5bc WSAIoctl
Library PSAPI.DLL:
Library WINMM.dll:
0x4da548 waveOutSetVolume
Library GDI32.dll:
0x4da060 MoveToEx
0x4da064 CreatePenIndirect
0x4da068 RoundRect
0x4da06c TextOutW
0x4da070 ExtSelectClipRgn
0x4da074 SelectClipRgn
0x4da07c SetBitmapBits
0x4da080 SetStretchBltMode
0x4da084 StretchBlt
0x4da088 GetBitmapBits
0x4da08c SetBkMode
0x4da090 SetTextColor
0x4da094 CreateSolidBrush
0x4da098 LineTo
0x4da09c BitBlt
0x4da0a0 RestoreDC
0x4da0a4 CreateEnhMetaFileW
0x4da0a8 CloseEnhMetaFile
0x4da0ac SetWindowOrgEx
0x4da0b0 GetCharABCWidthsW
0x4da0b4 GdiFlush
0x4da0b8 GetObjectA
0x4da0bc CreatePen
0x4da0c0 CreateDIBitmap
0x4da0c8 GetDeviceCaps
0x4da0d0 PlayEnhMetaFile
0x4da0d4 SetBkColor
0x4da0d8 CombineRgn
0x4da0dc GetClipBox
0x4da0e0 SaveDC
0x4da0e4 GetStockObject
0x4da0e8 CreateFontIndirectW
0x4da0ec GetTextMetricsW
0x4da0f0 GetObjectW
0x4da0f4 CreateDIBSection
0x4da0f8 CreateRoundRectRgn
0x4da0fc PtInRegion
0x4da100 CreateRectRgn
0x4da104 DeleteDC
0x4da108 DeleteObject
0x4da10c SelectObject
0x4da110 CreateCompatibleDC
Library gdiplus.dll:
0x4da5cc GdipDisposeImage
0x4da5d0 GdipGetImageWidth
0x4da5d4 GdipGetImageHeight
0x4da5d8 GdipFree
0x4da5ec GdipGetPropertyItem
0x4da5f0 GdipCreateFromHDC
0x4da5f4 GdiplusShutdown
0x4da5f8 GdipCloneImage
0x4da5fc GdipDeleteBrush
0x4da600 GdipCreatePen1
0x4da604 GdipDeletePen
0x4da610 GdipDeleteGraphics
0x4da614 GdipDeleteFont
0x4da618 GdipCreateSolidFill
0x4da61c GdipSetPenMode
0x4da63c GdipDrawRectangleI
0x4da640 GdipFillRectangleI
0x4da644 GdipDrawString
0x4da648 GdipMeasureString
0x4da654 GdipCloneBrush
0x4da658 GdiplusStartup
0x4da660 GdipAlloc
0x4da668 GdipDrawImageRectI
Library IMM32.dll:
0x4da120 ImmGetContext
0x4da124 ImmReleaseContext
Library COMCTL32.dll:
0x4da050 _TrackMouseEvent
0x4da058

Exports

Ordinal Address Name
1 0x41be06 ??0CActiveXUI@DuiLib@@QAE@ABV01@@Z
2 0x448129 ??0CActiveXUI@DuiLib@@QAE@XZ
3 0x41b48c ??0CAnimationData@DuiLib@@QAE@HHHH@Z
4 0x41dd0a ??0CAnimationTabLayoutUI@DuiLib@@QAE@ABV01@@Z
5 0x4571b3 ??0CAnimationTabLayoutUI@DuiLib@@QAE@XZ
6 0x41b1af ??0CButtonUI@DuiLib@@QAE@ABV01@@Z
7 0x43fc29 ??0CButtonUI@DuiLib@@QAE@XZ
8 0x41b764 ??0CCheckBoxUI@DuiLib@@QAE@ABV01@@Z
9 0x4419a4 ??0CCheckBoxUI@DuiLib@@QAE@XZ
10 0x41d1cd ??0CChildLayoutUI@DuiLib@@QAE@ABV01@@Z

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49212 103.235.46.191 80
192.168.56.101 49218 103.235.46.191 443
192.168.56.101 49200 104.18.20.226 ocsp.globalsign.com 80
192.168.56.101 49202 104.18.20.226 ocsp.globalsign.com 80
192.168.56.101 49203 104.18.21.226 ocsp.globalsign.com 80
192.168.56.101 49204 104.18.21.226 ocsp.globalsign.com 80
192.168.56.101 49192 106.11.23.108 p.tanx.com 80
192.168.56.101 49180 106.11.93.16 afpeng.alimama.com 80
192.168.56.101 49181 106.11.93.16 afpeng.alimama.com 80
192.168.56.101 49182 106.11.93.16 afpeng.alimama.com 80
192.168.56.101 49183 106.11.93.16 afpeng.alimama.com 80
192.168.56.101 49184 106.11.93.16 afpeng.alimama.com 80
192.168.56.101 49191 106.11.93.16 afpeng.alimama.com 80
192.168.56.101 49195 106.11.93.16 afpeng.alimama.com 80
192.168.56.101 49176 106.75.18.180 hotnews.dftoutiao.com 80
192.168.56.101 49219 110.242.68.137 eclick.baidu.com 443
192.168.56.101 49179 119.147.39.244 afpmm.alicdn.com 80
192.168.56.101 49177 120.39.212.79 mini.eastday.com 80
192.168.56.101 49185 120.39.212.79 mini.eastday.com 80
192.168.56.101 49186 120.39.212.79 mini.eastday.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 50568 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 53380 114.114.114.114 53
192.168.56.101 54178 114.114.114.114 53
192.168.56.101 54260 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 57236 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 58970 114.114.114.114 53
192.168.56.101 60088 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60221 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53

HTTP & HTTPS Requests

URI Data
http://imgmini.eastday.com/minitesst/%E7%A4%BE%E4%BC%9A15053135597764.jpg 
GET /minitesst/%E7%A4%BE%E4%BC%9A15053135597764.jpg HTTP/1.1
Accept: */*
Referer: http://mini.eastday.com/kuaiya/index-in.html
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: imgmini.eastday.com
Connection: Keep-Alive
http://afpeng.alimama.com/ex?a=mm_118281833_16154146_73068167&sp=1&cb=_acM.r&u=http%3A%2F%2Fmini.eastday.com%2Fkuaiya%2Findex-in.html&ds=800x600&_=1620018959299&fs=1&pvid=abd0bf5cfe207512a45d977d2cdda0be&cg=afaa26476eef6ee18f14f550a4ad821b 
GET /ex?a=mm_118281833_16154146_73068167&sp=1&cb=_acM.r&u=http%3A%2F%2Fmini.eastday.com%2Fkuaiya%2Findex-in.html&ds=800x600&_=1620018959299&fs=1&pvid=abd0bf5cfe207512a45d977d2cdda0be&cg=afaa26476eef6ee18f14f550a4ad821b HTTP/1.1
Accept: */*
Referer: http://mini.eastday.com/kuaiya/index-in.html
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: afpeng.alimama.com
Connection: Keep-Alive
http://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDHJYeDZun1boHUGISA%3D%3D 
GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDHJYeDZun1boHUGISA%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com
http://afpeng.alimama.com/ex?a=mm_118281833_16154146_73066210&sp=1&cb=_acM.r&u=http%3A%2F%2Fmini.eastday.com%2Fkuaiya%2Findex.html%3F1620018942&ds=800x600&_=1620018958314&fs=0&pvid=a524f030beb04555b9e34e20b362ef11&cg=cf98dce35582d17f1e8736b2fe7798c5 
GET /ex?a=mm_118281833_16154146_73066210&sp=1&cb=_acM.r&u=http%3A%2F%2Fmini.eastday.com%2Fkuaiya%2Findex.html%3F1620018942&ds=800x600&_=1620018958314&fs=0&pvid=a524f030beb04555b9e34e20b362ef11&cg=cf98dce35582d17f1e8736b2fe7798c5 HTTP/1.1
Accept: */*
Referer: http://mini.eastday.com/kuaiya/index.html?1620018942
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: afpeng.alimama.com
Connection: Keep-Alive
http://imgmini.eastday.com/minitesst/%E4%BD%93%E8%82%B215053136146305.jpg 
GET /minitesst/%E4%BD%93%E8%82%B215053136146305.jpg HTTP/1.1
Accept: */*
Referer: http://mini.eastday.com/kuaiya/index-in.html
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: imgmini.eastday.com
Connection: Keep-Alive
Cookie: wdcid=38f33edb59d946e4
http://imgmini.eastday.com/minitesst/2315061369694332.jpg 
GET /minitesst/2315061369694332.jpg HTTP/1.1
Accept: */*
Referer: http://mini.eastday.com/kuaiya/index-in.html
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: imgmini.eastday.com
Connection: Keep-Alive
http://hotnews.dftoutiao.com/hotwordsnews/getnews?qid=kuaiyamini&platform=pc&newstype=now 
GET /hotwordsnews/getnews?qid=kuaiyamini&platform=pc&newstype=now HTTP/1.1
Host: hotnews.dftoutiao.com
Accept: */*
http://imgmini.eastday.com/minitesst/3415059829584720.jpg 
GET /minitesst/3415059829584720.jpg HTTP/1.1
Accept: */*
Referer: http://mini.eastday.com/kuaiya/index-in.html
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: imgmini.eastday.com
Connection: Keep-Alive
http://tongji.eastday.com/1.gif?z=1&a=17930a79b16&b=%u65B0%u95FB%u7AD9&B=utf-8&c=http%3A//mini.eastday.com/kuaiya/index.html%3F_wdxid%3D000000000000000000000000000000000000000000%26_wdc%3Dtoutiao_PC%26_wdt%3D112%26&d=&e=0&f=6489&H=mini.eastday.com&E=1&r=38f33edb59d946e4&s=0&t=0&u=1&i=zh-cn&j=1&k=800x600&l=32&m=&n=lan&o=8 
GET /1.gif?z=1&a=17930a79b16&b=%u65B0%u95FB%u7AD9&B=utf-8&c=http%3A//mini.eastday.com/kuaiya/index.html%3F_wdxid%3D000000000000000000000000000000000000000000%26_wdc%3Dtoutiao_PC%26_wdt%3D112%26&d=&e=0&f=6489&H=mini.eastday.com&E=1&r=38f33edb59d946e4&s=0&t=0&u=1&i=zh-cn&j=1&k=800x600&l=32&m=&n=lan&o=8 HTTP/1.1
Accept: */*
Referer: http://mini.eastday.com/kuaiya/index.html?1620018942
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: tongji.eastday.com
Connection: Keep-Alive
Cookie: wdcid=38f33edb59d946e4
http://afpeng.alimama.com/ex?a=mm_118281833_16154146_73064349&sp=1&cb=_acM.r&u=http%3A%2F%2Fmini.eastday.com%2Fkuaiya%2Findex-in.html&ds=800x600&_=1620018960783&fs=1&pvid=a08a7f2843c86f667c69dae4a34cf7ab&cg=d66b9240512cd66dc96fd5691835d5fb 
GET /ex?a=mm_118281833_16154146_73064349&sp=1&cb=_acM.r&u=http%3A%2F%2Fmini.eastday.com%2Fkuaiya%2Findex-in.html&ds=800x600&_=1620018960783&fs=1&pvid=a08a7f2843c86f667c69dae4a34cf7ab&cg=d66b9240512cd66dc96fd5691835d5fb HTTP/1.1
Accept: */*
Referer: http://mini.eastday.com/kuaiya/index-in.html
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: afpeng.alimama.com
Connection: Keep-Alive

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.