| 7441 |
2021-04-21 10:09
|
chungx.exe 10a4a298243992f740dcdc8431daea3b
PWS .NET framework browser info stealer Google Chrome User Data Generic Malware AsyncRAT backdoor Malicious Packer VirusTotal Malware Buffer PE Code Injection Check memory Checks debugger buffers extracted unpack itself Windows utilities Disables Windows Security WriteConsoleW Windows DNS DDNS keylogger |
|
2
arttronova124.duckdns.org(79.134.225.44)
79.134.225.44 - mailcious
|
1
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
|
|
11.8 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7442 |
2021-04-21 10:09
|
firewall.exe d76c5a676e641b431ac0a9dded9c505d
Malicious Packer PWS .NET framework Buffer PE suspicious privilege Code Injection Check memory Checks debugger buffers extracted RWX flags setting unpack itself Disables Windows Security Windows DNS crashed |
|
|
|
|
10.2 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7443 |
2021-04-21 10:11
|
 vbc.exe 603427541956128137111ebe540b11e5
Glupteba VirusTotal Malware PDB unpack itself Windows crashed |
|
|
|
|
3.0 |
|
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7444 |
2021-04-21 10:12
|
prosperx.exe 7f3fc7d086447a7e15e0d32bdd885cbcFormBook Malware download VirusTotal Malware suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files unpack itself AppData folder DNS |
3
http://www.sophieberiault.com/xcl/?Tj=a/FLMe0ya/9YtTuUYok1B7vp/5Gr9at0LM/5wBD76A+xTQCdjVAZGPVTPrI0zw+67MuX3Fmg&SX=dn98bVV0hxJ4
http://www.milehighcitygames.com/xcl/?Tj=fTgN0Et6e/d09dZDxyMRrypPZrJHAeTvzEoww+MZoNOHJJv+5czzLYqto9iAljufQKJX/SVl&SX=dn98bVV0hxJ4
http://www.topgradetutors.net/xcl/?Tj=Iac5W1wUqDosYJk6LxlBM2b783u0YGGNexhKQMJrvkzTaDAxSdLOMJq38mi9FvZlS0tSXUVd&SX=dn98bVV0hxJ4
|
8
www.sophieberiault.com(166.62.108.196)
www.topgradetutors.net(151.101.194.159)
www.20190606.com(103.101.188.119)
www.milehighcitygames.com(34.102.136.180)
34.102.136.180 - mailcious
103.101.188.123
166.62.108.196 - malware
151.101.194.159 - mailcious
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
6.0 |
M |
22 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7445 |
2021-04-21 10:13
|
ellawealthx.exe 0389d0b86a7342d646fc52945033e0c3
AsyncRAT backdoor Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces suspicious process WriteConsoleW Windows Browser Email ComputerName DNS Cryptographic key Software crashed keylogger |
2
http://mmwrlridbhmibnr.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-71B94F88F59738B2F377DD3AF49C9E4A.html - rule_id: 1070
http://mmwrlridbhmibnr.ml/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-BAD1D062871DD0CB1CFE768455005D62.html - rule_id: 1070
|
2
mmwrlridbhmibnr.ml(172.67.220.147) - mailcious
172.67.220.147 - mailcious
|
1
ET INFO DNS Query for Suspicious .ml Domain
|
2
http://mmwrlridbhmibnr.ml/liverpool-fc-news/
http://mmwrlridbhmibnr.ml/liverpool-fc-news/
|
14.0 |
M |
17 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7446 |
2021-04-21 10:14
|
 vbc.exe 074f128ce5b65e4a4476f2a94e8385a7
PWS .NET framework VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS Cryptographic key crashed |
|
|
|
|
9.6 |
M |
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7447 |
2021-04-21 10:16
|
zeddd.exe b6e19d6eff5e92815130648f931b9425
Malicious Packer PWS .NET framework Buffer PE Code Injection Check memory Checks debugger buffers extracted RWX flags setting unpack itself Disables Windows Security Windows DNS crashed |
|
1
|
|
|
8.8 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7448 |
2021-04-21 10:17
|
........dot 4f9a3ec99cb88fe8b6ad1b3f67b3ae25FormBook Malware download VirusTotal Malware Malicious Traffic ICMP traffic exploit crash unpack itself Windows Exploit DNS crashed Downloader |
17
http://www.mindflexlab.com/goei/?1bxhSLH=N2r7+UrckDnUyjkZyWHX2lZQb2RxcukuaQc3q8nNWCze7rXHlSKIYwWvOF7MqIO/j0ODJ50C&NBZl=Ab8H0buhs2BH_6I
http://www.mediaworkhouse.com/goei/?1bxhSLH=nhXZrS/2KDMn556PLjKN7Lel34ALkdBp3M4QYUU65+qCVoqTi+WLH2d0L3oVVyOSx0Y/0/xV&NBZl=Ab8H0buhs2BH_6I
http://www.ltsbinge.com/goei/?1bxhSLH=TDETw8h3RhQO5RFluDB2BZF5NPqjJRv10duQx4QGD4yhlXrw0oG2PKng4wRblTFflTxn5I3r&NBZl=Ab8H0buhs2BH_6I
http://www.leverhump.store/goei/
http://www.karyapertama.com/goei/
http://www.mariebiernacki.com/goei/
http://www.seaworldminecraft.com/goei/?1bxhSLH=kPkgh8l+hPnvmifCJArNexbyY3BOfcOVCiioTtDrhhjoyw0wDyQ/FMdLXN1J4OAQZw4pt+En&NBZl=Ab8H0buhs2BH_6I
http://www.zanzan8.com/goei/
http://www.zanzan8.com/goei/?1bxhSLH=vBfyxx2CrZPY0GME41GPcZfiJZh0cyxGj+u0nICGqZCzgJCB+W8+XWhWFrjgwctPwFgFh7+/&NBZl=Ab8H0buhs2BH_6I
http://www.mariebiernacki.com/goei/?1bxhSLH=BhTGLx7E+U8hASZr7e7wQToC7a2EySD5v6Biyotapc9/Sgel4aN8EMwA+r61FKB8DVnE2p/w&NBZl=Ab8H0buhs2BH_6I
http://www.seaworldminecraft.com/goei/
http://www.ltsbinge.com/goei/
http://www.mindflexlab.com/goei/
http://www.karyapertama.com/goei/?1bxhSLH=hgYzSSbFvvFeHvKqgN+QgfEyfBGuBI9YXIiFCLJkrTAjrBBlCbMLhivD1upuKCg1izon7ypM&NBZl=Ab8H0buhs2BH_6I
http://www.mediaworkhouse.com/goei/
http://www.leverhump.store/goei/?1bxhSLH=d7ntE22K4FK7ZI9ajeIQ80hqWS6OstwwBiDh/qUzfd8+f7l9FfK8/84u7HfYoXgFnTE5sCrB&NBZl=Ab8H0buhs2BH_6I
http://23.95.122.25/sycsore/vbc.exe
|
23
www.her2mymeme.com()
www.mindflexlab.com(34.80.190.141)
www.libreo.club()
www.creativem2.com()
www.seaworldminecraft.com(185.107.56.59)
www.ourmunera.net()
www.leverhump.store(47.251.34.149)
www.batiktintaemas.com()
www.ltsbinge.com(34.80.190.141)
www.vbkulkarni.com()
www.gulf-landlord.info()
www.karyapertama.com(195.201.179.80)
www.zanzan8.com(103.214.170.191)
www.mariebiernacki.com(198.49.23.144)
www.mediaworkhouse.com(62.233.121.47)
23.95.122.25 - mailcious
47.251.34.149
195.201.179.80 - mailcious
62.233.121.47
198.49.23.145 - mailcious
103.214.170.191
64.32.8.70 - mailcious
34.80.190.141 - mailcious
|
7
ET MALWARE FormBook CnC Checkin (GET)
ET INFO Executable Download from dotted-quad Host
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
|
|
5.2 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7449 |
2021-04-21 10:18
|
 winlog.exe e31802832554364edd0212a9dc61d0f5
PWS .NET framework AsyncRAT backdoor VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger unpack itself Windows DNS Cryptographic key |
|
|
|
|
5.6 |
|
13 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7450 |
2021-04-21 10:21
|
 jpfz.jpg c96265792aa13d624cc4cda1d3c0c257VirusTotal Malware Check memory DNS crashed |
|
|
|
|
3.6 |
|
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7451 |
2021-04-21 10:23
|
taskmgrs.exe d9667de328dbeef055555f0303914558
Malicious Packer PWS .NET framework suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName DNS crashed |
|
|
|
|
11.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7452 |
2021-04-21 10:25
|
msdtc.exe b4e7a9cdbd72320f2721c36fb21324f9VirusTotal Cryptocurrency Miner Malware Cryptocurrency suspicious process WriteConsoleW DNS |
|
|
|
|
3.0 |
|
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7453 |
2021-04-21 10:31
|
 e8jxc.exe 513e8c0b4eb8fe2e8c2f9887527334cdVirusTotal Malware PDB Check memory unpack itself |
|
|
|
|
2.0 |
M |
23 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7454 |
2021-04-21 10:36
|
 CamLiveSetup1.0.0.exe 82ab12bcd6402e68ae9b1e3cff33699c
Emotet Gen1 VirusTotal Malware Code Injection Check memory Checks debugger buffers extracted Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder Tofsee Windows Exploit DNS crashed |
56
http://www.microsoft.com/china/windows/IE/upgrade/index.aspx
https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.19.1/scripts/mwf-main.var.js
https://c.s-microsoft.com/zh-cn/CMSScripts/script.jsx?k=a99b0db8-bfbf-545e-1fb8-9506657ef0a2_548ab34c-2019-5a40-159d-497aca0a31aa_681f815f-66fa-dd0d-337c-f122e5fbc441_03f654df-21f3-ee95-3e73-fff757267bc7_8b6e2c63-6927-7db5-8e32-7f3333da659e_336509cc-abc8-912e-9a27-74fc22d5e823_d05d04f0-2693-ec0c-01de-808f5ad22891_693cb7af-5841-0401-bf99-98f0d9ba4140_a42d7277-10a1-6935-b06a-ebeeb8815ba6_30431ce6-63a7-f889-dfb0-0df5e1561da0_a96731a9-c05d-ced4-6287-89c900b1ed4f_55f6f45b-01ff-8a72-87f2-aef7adb3c4ae_2d3684a3-f1a0-d1c4-8c01-8f5b22b0884d_bec3e8b8-6afd-a4da-0cb7-e3f0e65d6704_25785618-c6df-5018-c882-7493400f3937_3d6f4407-99a7-efc0-9273-2886b50fa823_544bfecd-07c5-9fff-20c9-9125b66a3749_cc850638-66c6-0dc0-e5df-a231bf28e478_551d8557-d7a9-ff79-b33c-444fc691a935_88257d23-e3fb-0deb-d967-418273373312_79c01e4e-6436-0168-278f-66f180dd4fdd_360dd1e2-0971-6b97-6b15-bebe0e7ed91e_548c8edb-b925-5700-12de-1fbe1e801b5e_e102ee4d-7772-ae41-a83e-3b7ad65995ca_d707f600-5853-342b-4975-ecd516bff797
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel11_HighlightFeature_Apps.jpg?version=20838ec0-a03c-6daf-0748-1ae153da306c
https://www.microsoft.com/en-us/silentauth
https://c.s-microsoft.com/zh-cn/CMSImages/weibo-color.png?version=9724af91-3d78-e2ca-0dda-291ae59eee58
https://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/shell/_scrf/js/themes=default/54-af9f9f/c0-247156/de-099401/e1-a50eee/e7-954872/d8-97d509/f0-251fe2/46-be1318/77-04a268/11-240c7b/63-077520/a4-34de62/bb-d7480b/db-bc0148/dc-7e9864/6d-c07ea1/9d-b58f60/f6-aa5278/cd-23d3b0/6d-1e7ed0/b7-cadaa7/c4-898cf2/ca-40b7b0/4e-ee3a55/3e-f5c39b/c3-6454d7/f9-7592d3/92-10345d/79-499886/7e-cda2d3/69-13871c/b7-0ad59f/e0-3c9860/91-97a04f/1f-100dea/33-abe4df/17-f90ef1?ver=2.0&_cf=20210415&iife=1
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel15_Mosaic_Item6_Blue.jpg?version=838eebb7-ef23-731b-ee07-deea2ae49dc8
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel08_MultiFeature_Neurodiversity.jpg?version=dd9094cf-5aed-e3ec-4c49-2f0ffb0131d1
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel2_LinkNav_Support_Win10.svg?version=cd9f4a5f-0b3d-9251-c658-431441ccd316
https://c.s-microsoft.com/zh-cn/CMSImages/Prefooter_Icon-18_Support.svg?version=4a9a4c35-089f-e35e-f8db-f08df9dd53b2
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel10_4Up_Time.jpg?version=5b146a03-52cf-74f5-064d-eee060433c0b
https://c.s-microsoft.com/zh-cn/CMSImages/Prefooter_Icon-20_BlogWin.svg?version=3b1d197c-2139-50c4-563f-360f55c40234
https://c.s-microsoft.com/zh-cn/CMSImages/Windows-Consumer-QR-code-for-Wechat.jpg?version=5fa8e6f7-bd8d-d33c-9dbe-9d80f9fd1f1a
https://c.s-microsoft.com/zh-cn/CMSImages/wechat-color.png?version=a0708e8c-0e68-a7c8-9ece-ad71f007821d
https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&checkda=1&ct=1618968526&rver=7.3.6963.0&wp=MBI_SSL&wreply=https%3a%2f%2fwww.microsoft.com%2fen-us%2fsilentauth%3fsilentauth%3dmsa&lc=1033&id=74335&aadredir=1
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel06_FeatureGroup_Gaming.jpg?version=67774c04-06d2-d24c-422f-d267d8c2963a
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel01_XMosaic_DoubleR_Alfred.jpg?version=03a6c714-4847-7450-38fb-8324ca30eb0a
https://mwf-service.akamaized.net/mwf/css/bundle/1.58.0/chinese-simplified/default/mwf-main.min.css
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel01_XMosaic_DoubleR_Jen.jpg?version=c3b7507b-c995-8007-0f0d-42e9479462c2
https://www.microsoft.com/videoplayer/js/oneplayeriframe.js
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel01_XMosaic_SingleL_Lina.jpg?version=62faa73f-e14b-9432-b764-2a7cb102f396
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel15_Mosaic_Item5_Stand.jpg?version=4cb1c4e3-e67f-5175-b325-d17b1ebffb42
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel08_MultiFeature_Learning.jpg?version=dd0f5222-972f-3d6a-c4b1-8d1f3cf273c0
https://www.microsoft.com/favicon.ico?v2
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel15_Mosaic_Item1_Gray.jpg?version=df68d82a-b81b-b310-e0da-f49a63a83107
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel04_FeatureGroup_Need.jpg?version=0403d7c9-4711-8f9a-cb4d-38274bf57476
https://statics-marketingsites-wcus-ms-com.akamaized.net/statics/override.css?c=7
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel10_4Up_Protect.jpg?version=74ddf6ec-e0f2-b1c0-68de-ae8073b23695
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel2_LinkNav_Learn_Win10.svg?version=a74055d5-8ea6-b1a6-7ee2-be3e17e60335
https://c.s-microsoft.com/zh-cn/CMSImages/Prefooter_Icon-21_InsiderProgram.svg?version=8768bb27-2df7-f685-7e06-2732b420aa68
https://www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel2_LinkNav_Apps_ROW.svg?version=fd5609cc-a2f9-94c5-1a66-94a80cd4daa5
https://login.microsoftonline.com/common/oauth2/authorize?client_id=28b567f6-162c-4f54-99a0-6887f387bbcc&response_mode=form_post&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DAAEAAFyCdhnxw3rY8gmsuYE6uYBdYn4tuSjr7dS9bKdxM2NOK0bfQI-ckwqIOpSioIu90T8ipXvDU1SkFvY15YCZ3kN0v78FBeWlOy3b7NEfURpF-rllTQbsXfR6iMEk4QehfBErCksNrgKUEHLDeh9YpaLj_eND1SNgTB9ezoRF2lwi04vBwTL2ZY6rYvuCQt24wYHtd5lZtKB4aC253H9kLfWHuQPKtBww0F5YMjm53gfqake5HaXXBfrJQ8aHQEkMGK72U1f0ygMOecCI1vCMdo6l1kwgEUKLZ18qCJRQ4D673me_Xr5JZQi8vyaVWWiyXr4mRBKT2USZO40DAwncAsUN21bQv-Ag8qF_hJgEFp6BiBjnRp5X-rhOJfJM4K4r7gABAACDsBuQvvtuVdUw_Ne05kwk3Trnrq3taxEQCZSCnA8EF2dJ251SOM4aRbiBgpvmWQeEEGvCmFH4igIG0KaE6bDkOls8YEv0BrX9V2Orm9auCISRWT7Hy_0RcADPJGeaKrm6u2_xxsM2SMKfqpqMQN-SWoYFI24RXANs2GUXfzP3UZlrYWNJzXxYkjeV50-Jl0ZLfAEj74uqzjUOhihKki8oIpq9X-DFnsTUz94zPuGfM63RpkCdKefsmoD1jtpS0B_uC7cs04MhRMLK0VYx_v8Tt0MRZxJ1V8gMwG7GO9l2nyuxm-LFsLk--gH5DDkYxsG7EsZBbV_uGPKgGHPYmeWwUAAAAPnH8Wjz-SSXiBeseXjYXk8eSUCViMbrAmDk_s84CTGqlJwC7pBSHu8-axVAEuqo2xuOGfD8aPe9txtSXKsdrDtBWyV6z95rofgmeVCcP_CZ&nonce=637545653276523839.OTE0Y2YzMGItMWE5Zi00ZGU0LTk1MWEtZDA4OTNmNzg5Njk3NTk0ODQyZGItZTkxYi00NWNkLWJkNDMtZjk3ZDllNTliMmQ5&msafed=0&post_logout_redirect_uri=https%3A%2F%2Fwww.microsoft.com%2Fzh-cn%2Fwindows&redirect_uri=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fsilentauth%3Fsilentauth%3Daad&prompt=none&x-client-SKU=ID_NET451&x-client-ver=5.2.1.0
https://www.microsoft.com/zh-cn/windows
https://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/chinese-simplified/shell/_scrf/css/themes=default.device=uplevel_web_pc/ce-7fab8a/4d-a16e89/31-37543f/c8-dc213b/72-bc6e2e/1f-ae6216/7f-eaeb0a/45-279540?ver=2.0&_cf=20210415
https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel13_2Up_Home.jpg?version=eac57ec1-493d-31c9-6134-0f496332edfd
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel15_Mosaic_Item4_Key.jpg?version=e4d63016-4779-72f1-e2d8-7bed327aec74
https://c.s-microsoft.com/zh-cn/CMSScripts/script.jsx?k=6bf79a08-9288-6cc8-1e9a-4bf9dbcb4f0b
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel15_Mosaic_Item3_Pen.jpg?version=d227593e-08df-4975-4733-7d1adef53088
https://mem.gfx.ms/meversion?partner=windows&market=zh-cn&uhf=1
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel2_LinkNav_Devices_Win10.svg?version=9edf105d-64f1-63ed-5722-088fa81cae60
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel15_Mosaic_Item2_Nocamera.jpg?version=71a410d4-1d20-bc8f-dc2e-36cc8a4a6c8a
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel10_4Up_Together.jpg?version=f129679d-4e30-ff68-4e6f-246b4b6387be
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel05_FeatureGroup_Included.jpg?version=976539f8-3873-bee1-7def-175fd679d5e1
https://mwf-service.akamaized.net/mwf/js/bundle/1.58.0/mwf-auto-init-main.var.min.js
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel08_MultiFeature_Mobility.jpg?version=d6cee281-0b4a-7da7-45c1-9290b6842199
https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWbRcX
https://www.microsoft.com/en-us/silentauth?silentauth=msa
https://c.s-microsoft.com/zh-cn/CMSImages/Prefooter_Icon-19_Community.svg?version=4a149663-0cd4-3657-a2e5-828f12093a87
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel08_MultiFeature_Hearing.jpg?version=48d71b3d-1873-8a94-48cf-51b5004493b1
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel13_2Up_Pro.jpg?version=6254e865-59d9-772e-b366-18c5a317c764
https://c.s-microsoft.com/zh-cn/CMSStyles/style.csx?k=22361378-32d9-7605-f407-faf3915cc578_5db8aa42-94fc-25e1-b3cb-4c10fc9b3365_19eb7aac-f19d-5b0a-2597-917ab6f56948_6907ca6c-47d0-7fb2-f172-c697ac3fa1d4_c2f71a82-22a3-f26a-5030-ff5ef0258ba5_a681ceee-a34b-e130-8d81-b18ed7ae311c_9364d263-04e2-fa93-295f-ac95deef1b9e_f2c0a7de-c8b4-9ffd-3da8-507c03656f45_1355fc4b-ebb6-3206-623c-1d0bfa198078_4e47a659-c850-3b0e-9619-bf3f3883383f_38c4f8a1-9126-1ac0-fe7c-a6ce511e4d5d_a59217af-ef9a-e7a9-5d2d-3e7c29ec8c74_cadda335-6bb7-dd27-b21c-207becff7f0e_6c374194-c20d-b1fb-c660-cb265575e9f8_8537e4c1-e0c2-217e-35c8-368ff8695452_3a5d0f03-92af-f68f-4d54-9345fd0c450b_101e2959-bef8-bef3-9753-ec50a2e21e47_22f531fa-1ca1-1450-f51f-0ced3605391f_83f79b5f-072c-caff-6be3-fc1c19e6fc7d_38913389-fea5-7880-c2c9-8456eb4bc8b3_96e658dc-47b6-244e-2597-042a5f8f810c_9ec9714d-916b-3af1-3b2b-1319816e27f2_077fbb87-618f-dfeb-9d82-070977d8501e_fe5653f3-5634-2b70-6e35-7877f94f84bb_443818fe-bc64-cfef-48f0-a8818b7f445d_1601b05d-e715-cd85-403f-0320bd5ec7d8_a5c2a06f-7ed2-5a74-5ba9-483951164242_d21bd579-3ea5-f74c-45ef-69c9d1f07c47
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel08_MultiFeature_Vision.jpg?version=2e286003-dc42-a343-06c7-a89bf41afc60
https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel10_4Up_Ideas.jpg?version=4aa4ad31-1581-9d76-ef2f-e9ebe3f8e42c
|
22
img-prod-cms-rt-microsoft-com.akamaized.net(23.67.53.153)
query.prod.cms.rt.microsoft.com(104.74.209.158)
statics-marketingsites-wcus-ms-com.akamaized.net(23.67.53.138)
c.s-microsoft.com(23.40.45.184) - mailcious
assets.onestore.ms(104.74.154.117)
login.live.com(40.126.37.6)
az725175.vo.msecnd.net(117.18.232.200)
mwf-service.akamaized.net(23.67.53.146)
assets.adobedtm.com(23.40.44.242)
login.microsoftonline.com(20.190.165.7)
mem.gfx.ms(184.25.17.153)
www.microsoft.com(23.201.37.168)
184.25.25.207
121.254.136.48
23.212.13.232
104.75.0.209
182.162.106.48
20.190.163.18
182.162.106.8
184.25.17.153
23.201.37.168
23.61.77.47
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
|
|
6.2 |
|
14 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7455 |
2021-04-21 13:25
|
mdQtJBe7.exe af08820a00cb5403b64415002825075d
PWS .NET framework AsyncRAT backdoor VirusTotal Malware DNS DDNS |
|
3
adobe.myactivedirectory.com(160.152.102.175)
loading8992.bounceme.net(160.152.102.175)
160.152.102.175
|
2
ET POLICY DNS Query to DynDNS Domain *.bounceme .net
ET POLICY DNS Query to DynDNS Domain *.myactivedirectory .com
|
|
3.2 |
|
43 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|