Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | June 24, 2021, 6:51 p.m. | June 24, 2021, 6:58 p.m. |
-
downfile.asp "C:\Users\test22\AppData\Local\Temp\downfile.asp"
2212 -
explorer.exe C:\Windows\Explorer.EXE
1848
Name | Response | Post-Analysis Lookup |
---|---|---|
www.ysbaojia.com | 120.77.146.229 | |
ip.ws.126.net |
CNAME
ipservice.163.com
|
59.111.181.52 |
img.ysbaojia.com | 120.77.146.229 | |
yin51.oss-cn-shenzhen.aliyuncs.com | 120.77.166.9 |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.101:49222 120.77.166.9:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com | ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45 |
TLSv1 192.168.56.101:49224 120.77.166.9:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com | ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45 |
TLSv1 192.168.56.101:49220 120.77.166.9:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com | ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45 |
TLSv1 192.168.56.101:49225 120.77.166.9:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com | ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45 |
TLSv1 192.168.56.101:49231 120.77.166.9:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com | ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45 |
TLSv1 192.168.56.101:49221 120.77.166.9:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com | ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45 |
TLSv1 192.168.56.101:49238 120.77.166.9:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com | ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45 |
TLSv1 192.168.56.101:49226 120.77.166.9:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com | ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45 |
TLSv1 192.168.56.101:49229 120.77.166.9:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com | ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45 |
TLSv1 192.168.56.101:49233 120.77.166.9:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com | ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45 |
TLSv1 192.168.56.101:49234 120.77.166.9:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com | ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45 |
TLSv1 192.168.56.101:49237 120.77.166.9:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com | ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45 |
TLSv1 192.168.56.101:49240 120.77.166.9:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com | ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45 |
TLSv1 192.168.56.101:49241 120.77.166.9:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com | ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45 |
TLSv1 192.168.56.101:49243 120.77.166.9:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com | ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45 |
TLSv1 192.168.56.101:49242 120.77.166.9:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com | ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45 |
TLSv1 192.168.56.101:49245 120.77.166.9:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com | ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45 |
TLSv1 192.168.56.101:49247 120.77.166.9:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com | ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45 |
TLSv1 192.168.56.101:49255 120.77.166.9:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com | ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45 |
TLSv1 192.168.56.101:49248 120.77.166.9:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com | ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45 |
TLSv1 192.168.56.101:49246 120.77.166.9:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com | ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45 |
TLSv1 192.168.56.101:49230 120.77.166.9:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com | ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45 |
TLSv1 192.168.56.101:49251 120.77.166.9:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com | ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45 |
TLSv1 192.168.56.101:49252 120.77.166.9:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com | ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45 |
TLSv1 192.168.56.101:49254 120.77.166.9:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com | ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45 |
TLSv1 192.168.56.101:49227 120.77.166.9:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com | ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45 |
TLSv1 192.168.56.101:49250 120.77.166.9:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com | ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45 |
TLSv1 192.168.56.101:49256 120.77.166.9:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.oss-cn-shenzhen.aliyuncs.com | ee:33:22:78:02:ba:86:25:e7:7c:a7:d0:04:c5:5d:19:76:83:5f:45 |
request | GET http://ip.ws.126.net/ipquery |
request | GET http://img.ysbaojia.com/UpLoadFile/ysbaojia/2021052741999825.gif |
request | GET http://img.ysbaojia.com/uploadfile/ysbaojia/2021060454206521.png |
request | GET http://img.ysbaojia.com/uploadfile/ysbaojia/2021060454196765.png |
request | GET http://img.ysbaojia.com/uploadfile/ysbaojia/2021060454181909.png |
request | GET https://yin51.oss-cn-shenzhen.aliyuncs.com/832d6e3ca1e34a2cad9ae1910d24ed76.jpg |
request | GET https://yin51.oss-cn-shenzhen.aliyuncs.com/ca778b9e1cfe4927bd9d9de55897f620.jpg |
request | GET https://yin51.oss-cn-shenzhen.aliyuncs.com/a0678d2a589e4685bb89be9a1ce975c4.jpg |
request | GET https://yin51.oss-cn-shenzhen.aliyuncs.com/ed7f3a4231fb4f4888396036205cf14e.jpg |
request | GET https://yin51.oss-cn-shenzhen.aliyuncs.com/5d83174b67144967a237e92ee3910810.jpg |
request | GET https://yin51.oss-cn-shenzhen.aliyuncs.com/689d2feb54fa47f6a061125f41aab12e.jpg |
request | GET https://yin51.oss-cn-shenzhen.aliyuncs.com/a45d95c5f4e44745ba4d7ffb2152b88c.jpg |
request | GET https://yin51.oss-cn-shenzhen.aliyuncs.com/240324371b76426e8986ec808464a8a4.jpg |
request | GET https://yin51.oss-cn-shenzhen.aliyuncs.com/6b1724da4e8647228aa218953b3e6222.jpg |
request | GET https://yin51.oss-cn-shenzhen.aliyuncs.com/35ce0701de5a4e5685581ec75d38f6fb.jpg |
request | GET https://yin51.oss-cn-shenzhen.aliyuncs.com/d8de106ce42b4905b5075ce01574539d.jpg |
request | GET https://yin51.oss-cn-shenzhen.aliyuncs.com/e7a83bd62d9e4454ba6c53c9fa3ecce3.jpg |
request | GET https://yin51.oss-cn-shenzhen.aliyuncs.com/ebd192f67de14245ae7b6c4578fb49ec.jpg |
request | GET https://yin51.oss-cn-shenzhen.aliyuncs.com/d7d79f93101a40a5a639630be244b2af.jpg |
request | GET https://yin51.oss-cn-shenzhen.aliyuncs.com/951cc2ff23854497a4a3f3133beae08a.jpg |
request | GET https://yin51.oss-cn-shenzhen.aliyuncs.com/41125b5de744479b998760ab19e248e4.jpg |
request | GET https://yin51.oss-cn-shenzhen.aliyuncs.com/33d81a234a0e4f968b76d040a3fd2a91.jpg |
request | GET https://yin51.oss-cn-shenzhen.aliyuncs.com/e07fe52ed1264289b9279bcc71097cad.jpg |
request | GET https://yin51.oss-cn-shenzhen.aliyuncs.com/728fe764b03246cfba234e71f9f6ae01.png |
request | GET https://yin51.oss-cn-shenzhen.aliyuncs.com/ef0e8e181ae341a695ebbae0e9b1c67e.jpg |
request | GET https://yin51.oss-cn-shenzhen.aliyuncs.com/8f6308a882c54d6aad154f13f1360c21.jpg |
request | GET https://yin51.oss-cn-shenzhen.aliyuncs.com/af8598f2344a400db7746d86f16d0ff3.jpg |
request | GET https://yin51.oss-cn-shenzhen.aliyuncs.com/3e378a3499f94e9dbcd96b23c2dd285a.jpg |
request | GET https://yin51.oss-cn-shenzhen.aliyuncs.com/e7ac3b1c390c47b09fac27e5a0b1ccb3.jpg |
request | GET https://yin51.oss-cn-shenzhen.aliyuncs.com/ec5510fca80a466c8ec927654950fcdb.jpg |
request | GET https://yin51.oss-cn-shenzhen.aliyuncs.com/43693738c5a2491095900a6bf3366c17.jpg |
request | GET https://yin51.oss-cn-shenzhen.aliyuncs.com/546b634539cf4b0da7c07f42b61e355c.jpg |
request | GET https://yin51.oss-cn-shenzhen.aliyuncs.com/8c25e9478c8d4ea29873a51cb4d73f42.jpg |
name | RT_VERSION | language | LANG_CHINESE | filetype | MS Windows COFF PowerPC object file | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00007180 | size | 0x000001f0 |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\langSub[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\checklogin[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\myJSFrame[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\ad_right1[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\ad_right[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\main[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\public[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\leftitems[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\zDialog[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\Left1Index[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\initcity.v2[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\Toolbar[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\mainIndex[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\lang[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\index[1].js |
Bkav | W32.AIDetect.malware2 |
APEX | Malicious |
NANO-Antivirus | Trojan.Win32.Dwn.hnzbqr |
DrWeb | Trojan.DownLoader28.2405 |
McAfee-GW-Edition | BehavesLike.Win32.BadFile.pt |
MaxSecure | Trojan.Malware.8328286.susgen |
Webroot | W32.Trojan.Gen |
Avira | TR/Redcap.mzmhg |
AegisLab | Trojan.Win32.Generic.4!c |
Cynet | Malicious (score: 99) |
VBA32 | TScope.Trojan.VB |
Malwarebytes | Malware.AI.2058613972 |
Yandex | Trojan.Redcap!spc//HP+Nts |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob |