Loading ...

Play interactive tourEdit tour

Analysis Report http://360safe.com

Overview

General Information

Joe Sandbox Version:25.0.0 Tiger's Eye
Analysis ID:124633
Start date:21.04.2019
Start time:13:16:23
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 4m 35s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:browseurl.jbs
Sample URL:http://360safe.com
Analysis system description:Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113
Number of analysed new started processes analysed:7
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies
  • EGA enabled
Analysis stop reason:Timeout
Detection:MAL
Classification:mal48.win@3/109@9/6
Cookbook Comments:
  • Adjust boot time
  • Enable AMSI
  • Browsing link: http://www.360securityapps.com/en-us
  • Browsing link: http://findphone.360safe.com/
  • Browsing link: http://batteryplus.360securityapps.com/
  • Browsing link: http://www.360totalsecurity.com/
  • Browsing link: http://blog.360safe.com/
  • Browsing link: https://play.google.com/store/apps/details?id=com.qihoo.security
  • Browsing link: https://www.youtube.com/watch?v=9jdiy28wzs0
  • Browsing link: https://twitter.com/360safecenter
  • Browsing link: https://www.facebook.com/360safecenter
  • Browsing link: https://plus.google.com/u/0/communities/109743774012923710723
  • Browsing link: http://www.360securityapps.com/en-us/about/privacy
Warnings:
Show All
  • Exclude process from analysis (whitelisted): dllhost.exe, ielowutil.exe, wermgr.exe, conhost.exe, CompatTelRunner.exe
  • Report size getting too big, too many NtDeviceIoControlFile calls found.

Detection

StrategyScoreRangeReportingWhitelistedDetection
Threshold480 - 100falsemalicious

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold50 - 5false
ConfidenceConfidence


Classification

Analysis Advice

Some HTTP requests failed (404). It is likely the sample will exhibit less behavior
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis



Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and Control
Valid AccountsWindows Remote ManagementWinlogon Helper DLLPort MonitorsFile System Logical OffsetsCredential DumpingSystem Service DiscoveryApplication Deployment SoftwareData from Local SystemData Encrypted1Standard Non-Application Layer Protocol5
Replication Through Removable MediaService ExecutionPort MonitorsAccessibility FeaturesBinary PaddingNetwork SniffingApplication Window DiscoveryRemote ServicesData from Removable MediaExfiltration Over Other Network MediumStandard Application Layer Protocol5

Signature Overview

Click to jump to signature section


AV Detection:

barindex
Antivirus detection for URL or domainShow sources
Source: http://p0.360img.cc/t011af354c9d460b6dd.png)Avira URL Cloud: Label: malware
Source: http://p0.360img.cc/t0144dca1b21d358dc4.png)Avira URL Cloud: Label: malware
Source: http://p2.360img.cc/t01efb501c3556d4d55.png)Avira URL Cloud: Label: malware
Source: http://p3.360img.cc/t01057bedc661802ca9.png)Avira URL Cloud: Label: malware
Source: http://p8.360img.cc/t01817e55f912a6409a.png)Avira URL Cloud: Label: malware
Source: http://p0.360img.cc/t014505057436279c97.jpg)Avira URL Cloud: Label: malware
Source: http://p0.360img.cc/t01c4042dd580c0884b.jpg)Avira URL Cloud: Label: malware
Source: http://p4.360img.cc/t012571efa980c8b7a4.png)Avira URL Cloud: Label: malware

Networking:

barindex
Downloads files from webservers via HTTPShow sources
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: 360safe.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.360securityapps.com
Source: global trafficHTTP traffic detected: GET /en-us HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.360securityapps.com
Source: global trafficHTTP traffic detected: GET /index.css?2015-03-26a HTTP/1.1Accept: text/css, */*Referer: http://www.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /img_new/t01427689f4bb34fc93.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /img_new/t0108aad8edffbd9788.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /img_new/t0151db7b5d8630a141.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /img_new/t018eaf369baff1e8b1.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /img_new/t01deb27a6b1cca1452.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /183.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /index.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /img_new/t0104d4772bcf31f764.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /img_new/t018c8b466ed76400a1.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /img_new/t01ffdef9ff89818061.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /img_new/t016f230fb3273c0959.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /img_new/t011af354c9d460b6dd.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /img_new/t01fa0f19bf93a2b87a.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /img_new/t012571efa980c8b7a4.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /img_new/t01817e55f912a6409a.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /img_new/t0144dca1b21d358dc4.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /img_new/t017528408ec2d92fac.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /img_new/t01f5d5897be27fc6fa.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /img_new/t014505057436279c97.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /img_new/t0196646b35c24a14ea.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /img_new/t01c4042dd580c0884b.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /img_new/t01057bedc661802ca9.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /img_new/t01070bdf0297e22207.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /img_new/t011914a540e4598dad.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /img_new/t01bee94840222b446c.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /img_new/t01a70bbf335ad67890.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /img_new/t01a77db48c6dba0d8d.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /img_new/t016403a71b3f1d4864.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.360securityapps.comConnection: Keep-AliveCookie: _ga=GA1.2.209679498.1555877869; _gid=GA1.2.1462701606.1555877869; _gat=1
Source: global trafficHTTP traffic detected: GET /img_new/t011223ccc9f9f754bc.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-AliveCookie: _ga=GA1.2.209679498.1555877869; _gid=GA1.2.1462701606.1555877869; _gat=1
Source: global trafficHTTP traffic detected: GET /img_new/t01c1cad0a7989b6cb5.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-AliveCookie: _ga=GA1.2.209679498.1555877869; _gid=GA1.2.1462701606.1555877869; _gat=1
Source: global trafficHTTP traffic detected: GET /img_new/t01de0d3e7ccf76ff74.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-AliveCookie: _ga=GA1.2.209679498.1555877869; _gid=GA1.2.1462701606.1555877869; _gat=1
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1User-Agent: AutoItHost: www.360securityapps.comCookie: _gat=1; _gid=GA1.2.1462701606.1555877869; _ga=GA1.2.209679498.1555877869
Source: global trafficHTTP traffic detected: GET /en-us HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-AliveCookie: _ga=GA1.2.209679498.1555877869; _gid=GA1.2.1462701606.1555877869; _gat=1
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.360securityapps.comConnection: Keep-AliveCookie: _ga=GA1.2.209679498.1555877869; _gid=GA1.2.1462701606.1555877869; _gat=1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: findphone.360safe.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /assets/css/normalize.min.css HTTP/1.1Accept: text/css, */*Referer: http://findphone.360safe.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: findphone.360safe.comConnection: Keep-AliveCookie: PHPSESSID=d2dvbhrrjnfqnmtvhfb905tnd7
Source: global trafficHTTP traffic detected: GET /assets/js/index.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://findphone.360safe.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: findphone.360safe.comConnection: Keep-AliveCookie: PHPSESSID=d2dvbhrrjnfqnmtvhfb905tnd7
Source: global trafficHTTP traffic detected: GET /assets/js/jquery-1.11.1.min.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://findphone.360safe.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: findphone.360safe.comConnection: Keep-AliveCookie: PHPSESSID=d2dvbhrrjnfqnmtvhfb905tnd7
Source: global trafficHTTP traffic detected: GET /assets/css/pc.min.css HTTP/1.1Accept: text/css, */*Referer: http://findphone.360safe.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: findphone.360safe.comConnection: Keep-AliveCookie: PHPSESSID=d2dvbhrrjnfqnmtvhfb905tnd7
Source: global trafficHTTP traffic detected: GET /assets/js/device.min.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://findphone.360safe.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: findphone.360safe.comConnection: Keep-AliveCookie: PHPSESSID=d2dvbhrrjnfqnmtvhfb905tnd7
Source: global trafficHTTP traffic detected: GET /assets/images/banner.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://findphone.360safe.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: findphone.360safe.comConnection: Keep-AliveCookie: PHPSESSID=d2dvbhrrjnfqnmtvhfb905tnd7
Source: global trafficHTTP traffic detected: GET /assets/images/login-user.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://findphone.360safe.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: findphone.360safe.comConnection: Keep-AliveCookie: PHPSESSID=d2dvbhrrjnfqnmtvhfb905tnd7
Source: global trafficHTTP traffic detected: GET /assets/images/login-logo-pc.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://findphone.360safe.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: findphone.360safe.comConnection: Keep-AliveCookie: PHPSESSID=d2dvbhrrjnfqnmtvhfb905tnd7
Source: global trafficHTTP traffic detected: GET /assets/images/arrow.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://findphone.360safe.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: findphone.360safe.comConnection: Keep-AliveCookie: PHPSESSID=d2dvbhrrjnfqnmtvhfb905tnd7; _ga=GA1.2.1081291225.1555877888; _gid=GA1.2.1515286292.1555877888; _gat=1
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: findphone.360safe.comConnection: Keep-AliveCookie: PHPSESSID=d2dvbhrrjnfqnmtvhfb905tnd7; _ga=GA1.2.1081291225.1555877888; _gid=GA1.2.1515286292.1555877888; _gat=1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: batteryplus.360securityapps.comConnection: Keep-AliveCookie: _ga=GA1.2.209679498.1555877869; _gid=GA1.2.1462701606.1555877869; _gat=1
Source: global trafficHTTP traffic detected: GET /en-us HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: batteryplus.360securityapps.comConnection: Keep-AliveCookie: _ga=GA1.2.209679498.1555877869; _gid=GA1.2.1462701606.1555877869; _gat=1
Source: global trafficHTTP traffic detected: GET /index.css?2015-03-26a HTTP/1.1Accept: text/css, */*Referer: http://batteryplus.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: batteryplus.360securityapps.comConnection: Keep-AliveCookie: _ga=GA1.2.209679498.1555877869; _gid=GA1.2.1462701606.1555877869; _gat=1
Source: global trafficHTTP traffic detected: GET /img/logo.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://batteryplus.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: batteryplus.360securityapps.comConnection: Keep-AliveCookie: _ga=GA1.2.209679498.1555877869; _gid=GA1.2.1462701606.1555877869; _gat=1
Source: global trafficHTTP traffic detected: GET /img/ic_1.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://batteryplus.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: batteryplus.360securityapps.comConnection: Keep-AliveCookie: _ga=GA1.2.209679498.1555877869; _gid=GA1.2.1462701606.1555877869; _gat=1
Source: global trafficHTTP traffic detected: GET /img/ic_2.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://batteryplus.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: batteryplus.360securityapps.comConnection: Keep-AliveCookie: _ga=GA1.2.209679498.1555877869; _gid=GA1.2.1462701606.1555877869; _gat=1
Source: global trafficHTTP traffic detected: GET /img/ic_3.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://batteryplus.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: batteryplus.360securityapps.comConnection: Keep-AliveCookie: _ga=GA1.2.209679498.1555877869; _gid=GA1.2.1462701606.1555877869; _gat=1
Source: global trafficHTTP traffic detected: GET /index.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://batteryplus.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: batteryplus.360securityapps.comConnection: Keep-AliveCookie: _ga=GA1.2.209679498.1555877869; _gid=GA1.2.1462701606.1555877869; _gat=1
Source: global trafficHTTP traffic detected: GET /lib/jquery/183.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://batteryplus.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: s0.qhimg.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /img/block_cyan.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://batteryplus.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: batteryplus.360securityapps.comConnection: Keep-AliveCookie: _ga=GA1.2.209679498.1555877869; _gid=GA1.2.1462701606.1555877869; _gat=1
Source: global trafficHTTP traffic detected: GET /img/3-1-2.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://batteryplus.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: batteryplus.360securityapps.comConnection: Keep-AliveCookie: _ga=GA1.2.209679498.1555877869; _gid=GA1.2.1462701606.1555877869; _gat=1
Source: global trafficHTTP traffic detected: GET /img/3-1-3.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://batteryplus.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: batteryplus.360securityapps.comConnection: Keep-AliveCookie: _ga=GA1.2.209679498.1555877869; _gid=GA1.2.1462701606.1555877869; _gat=1
Source: global trafficHTTP traffic detected: GET /img/3-1-1-1.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://batteryplus.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: batteryplus.360securityapps.comConnection: Keep-AliveCookie: _ga=GA1.2.209679498.1555877869; _gid=GA1.2.1462701606.1555877869; _gat=1
Source: global trafficHTTP traffic detected: GET /img/2-1-2.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://batteryplus.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: batteryplus.360securityapps.comConnection: Keep-AliveCookie: _ga=GA1.2.209679498.1555877869; _gid=GA1.2.1462701606.1555877869; _gat=1
Source: global trafficHTTP traffic detected: GET /img/block_org.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://batteryplus.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: batteryplus.360securityapps.comConnection: Keep-AliveCookie: _ga=GA1.2.209679498.1555877869; _gid=GA1.2.1462701606.1555877869; _gat=1
Source: global trafficHTTP traffic detected: GET /img/block_green.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://batteryplus.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: batteryplus.360securityapps.comConnection: Keep-AliveCookie: _ga=GA1.2.209679498.1555877869; _gid=GA1.2.1462701606.1555877869; _gat=1
Source: global trafficHTTP traffic detected: GET /img/block_blue.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://batteryplus.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: batteryplus.360securityapps.comConnection: Keep-AliveCookie: _ga=GA1.2.209679498.1555877869; _gid=GA1.2.1462701606.1555877869; _gat=1
Source: global trafficHTTP traffic detected: GET /img/2-1-1-1.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://batteryplus.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: batteryplus.360securityapps.comConnection: Keep-AliveCookie: _ga=GA1.2.209679498.1555877869; _gid=GA1.2.1462701606.1555877869; _gat=1
Source: global trafficHTTP traffic detected: GET /img/word1.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://batteryplus.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: batteryplus.360securityapps.comConnection: Keep-AliveCookie: _ga=GA1.2.209679498.1555877869; _gid=GA1.2.1462701606.1555877869; _gat=1
Source: global trafficHTTP traffic detected: GET /img/but_googleplay.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://batteryplus.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: batteryplus.360securityapps.comConnection: Keep-AliveCookie: _ga=GA1.2.209679498.1555877869; _gid=GA1.2.1462701606.1555877869; _gat=1
Source: global trafficHTTP traffic detected: GET /img/battery.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://batteryplus.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: batteryplus.360securityapps.comConnection: Keep-AliveCookie: _ga=GA1.2.209679498.1555877869; _gid=GA1.2.1462701606.1555877869; _gat=1
Source: global trafficHTTP traffic detected: GET /t016f230fb3273c0959.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://batteryplus.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: p6.360img.ccConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /img/wave1.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://batteryplus.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: batteryplus.360securityapps.comConnection: Keep-AliveCookie: _ga=GA1.2.209679498.1555877869; _gid=GA1.2.1462701606.1555877869; _gat=1
Source: global trafficHTTP traffic detected: GET /img/1-1-1-1.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://batteryplus.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: batteryplus.360securityapps.comConnection: Keep-AliveCookie: _ga=GA1.2.209679498.1555877869; _gid=GA1.2.1462701606.1555877869; _gat=1
Source: global trafficHTTP traffic detected: GET /img/block_red.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://batteryplus.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: batteryplus.360securityapps.comConnection: Keep-AliveCookie: _ga=GA1.2.209679498.1555877869; _gid=GA1.2.1462701606.1555877869; _gat=1
Source: global trafficHTTP traffic detected: GET /img/bg.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://batteryplus.360securityapps.com/en-usAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: batteryplus.360securityapps.comConnection: Keep-AliveCookie: _ga=GA1.2.209679498.1555877869; _gid=GA1.2.1462701606.1555877869; _gat=1
Source: global trafficHTTP traffic detected: GET /en-us/about/privacy HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-AliveCookie: _ga=GA1.2.209679498.1555877869; _gid=GA1.2.1462701606.1555877869; _gat=1
Source: global trafficHTTP traffic detected: GET /img/logo.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.360securityapps.com/en-us/about/privacyAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-AliveCookie: _ga=GA1.2.209679498.1555877869; _gid=GA1.2.1462701606.1555877869; _gat=1
Source: global trafficHTTP traffic detected: GET /img_new/t01fec6a8fba2edbed0.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.360securityapps.com/en-us/about/privacyAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.360securityapps.comConnection: Keep-AliveCookie: _ga=GA1.2.209679498.1555877869; _gid=GA1.2.1462701606.1555877869; _gat=1
Found strings which match to known social media urlsShow sources
Source: en-us[1].htm.2.drString found in binary or memory: <a id="footer_facebook_btn" href="https://www.facebook.com/360safecenter" title="facebook"></a> equals www.facebook.com (Facebook)
Source: en-us[1].htm.2.drString found in binary or memory: <a id="footer_twitter_btn" href="https://twitter.com/360safecenter" title="twitter"></a> equals www.twitter.com (Twitter)
Source: en-us[1].htm.2.drString found in binary or memory: <li><a id="header_film_btn" href="https://www.youtube.com/watch?v=9JDIy28WZS0">Watch The film</a></li> equals www.youtube.com (Youtube)
Source: en-us[1].htm.2.drString found in binary or memory: ga('send', 'event', 'link', 'click', 'footer facebook btn', 1); equals www.facebook.com (Facebook)
Source: en-us[1].htm.2.drString found in binary or memory: ga('send', 'event', 'link', 'click', 'footer twitter btn', 1); equals www.twitter.com (Twitter)
Source: ~DF5A1A2389A3D80C5F.TMP.1.drString found in binary or memory: "#https://twitter.com/360safecenter equals www.twitter.com (Twitter)
Source: {84AFAACA-6472-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: "https://twitter.com/36 equals www.twitter.com (Twitter)
Source: ~DF5A1A2389A3D80C5F.TMP.1.drString found in binary or memory: "https://twitter.com/360safecenterdiy28wzs0d=com.qihoo.security equals www.twitter.com (Twitter)
Source: ~DF5A1A2389A3D80C5F.TMP.1.drString found in binary or memory: '#https://www.facebook.com/360safecenter equals www.facebook.com (Facebook)
Source: {84AFAACA-6472-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: 'https://www.facebook.c equals www.facebook.com (Facebook)
Source: ~DF5A1A2389A3D80C5F.TMP.1.drString found in binary or memory: 'https://www.facebook.com/360safecenter equals www.facebook.com (Facebook)
Source: ~DF5A1A2389A3D80C5F.TMP.1.drString found in binary or memory: 'https://www.facebook.com/360safecenterzs0d=com.qihoo.security equals www.facebook.com (Facebook)
Source: ~DF5A1A2389A3D80C5F.TMP.1.drString found in binary or memory: ,#https://www.youtube.com/watch?v=9jdiy28wzs0 equals www.youtube.com (Youtube)
Source: {84AFAACA-6472-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: ,https://www.youtube.co equals www.youtube.com (Youtube)
Source: ~DF5A1A2389A3D80C5F.TMP.1.drString found in binary or memory: ,https://www.youtube.com/watch?v=9jdiy28wzs0d=com.qihoo.security equals www.youtube.com (Youtube)
Source: msapplication.xml0.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x5d9d0b61,0x01d4f87f</date><accdate>0x5d9d0b61,0x01d4f87f</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x5d9d0b61,0x01d4f87f</date><accdate>0x5d9f759e,0x01d4f87f</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x5da7d53f,0x01d4f87f</date><accdate>0x5da7d53f,0x01d4f87f</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x5da7d53f,0x01d4f87f</date><accdate>0x5da7d53f,0x01d4f87f</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x5dacd818,0x01d4f87f</date><accdate>0x5dacd818,0x01d4f87f</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x5dacd818,0x01d4f87f</date><accdate>0x5dacd818,0x01d4f87f</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: ~DF5A1A2389A3D80C5F.TMP.1.drString found in binary or memory: eres://ieframe.dll/dnserror.htm?ErrorStatus=0x800C0005&DNSError=1460#https://twitter.com/360safecenter equals www.twitter.com (Twitter)
Source: {84AFAACA-6472-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: error.htm?ErrorStatus=0x800C0003710723or=1460#https://www.youtube.com/watch?v=9jdiy28wzs0 equals www.youtube.com (Youtube)
Source: {84AFAACA-6472-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: https://twitter.c equals www.twitter.com (Twitter)
Source: ~DF5A1A2389A3D80C5F.TMP.1.drString found in binary or memory: https://twitter.com/360safecenter equals www.twitter.com (Twitter)
Source: ~DF5A1A2389A3D80C5F.TMP.1.drString found in binary or memory: https://twitter.com/360safecenter*Can equals www.twitter.com (Twitter)
Source: {84AFAACA-6472-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: https://www.facebook.com/360safRoot Entry equals www.facebook.com (Facebook)
Source: ~DF5A1A2389A3D80C5F.TMP.1.drString found in binary or memory: https://www.facebook.com/360safecenter equals www.facebook.com (Facebook)
Source: ~DF5A1A2389A3D80C5F.TMP.1.drString found in binary or memory: https://www.facebook.com/360safecenter*Can equals www.facebook.com (Facebook)
Source: ~DF5A1A2389A3D80C5F.TMP.1.drString found in binary or memory: https://www.youtube.com/watch?v=9jdiy28wzs0 equals www.youtube.com (Youtube)
Source: ~DF5A1A2389A3D80C5F.TMP.1.drString found in binary or memory: https://www.youtube.com/watch?v=9jdiy28wzs0*Can equals www.youtube.com (Youtube)
Source: ~DF5A1A2389A3D80C5F.TMP.1.drString found in binary or memory: jres://ieframe.dll/dnserror.htm?ErrorStatus=0x800C0005&DNSError=1460#https://www.facebook.com/360safecenter equals www.facebook.com (Facebook)
Source: ~DF5A1A2389A3D80C5F.TMP.1.drString found in binary or memory: ores://ieframe.dll/dnserror.htm?ErrorStatus=0x800C0005&DNSError=1460#https://www.youtube.com/watch?v=9jdiy28wzs0 equals www.youtube.com (Youtube)
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: 360safe.com
Posts data to webserverShow sources
Source: unknownHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.2.9Date: Sun, 21 Apr 2019 11:17:35 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=d2dvbhrrjnfqnmtvhfb905tnd7; path=/Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheContent-Encoding: gzipData Raw: 34 61 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 56 5b 6f db 36 14 7e 4e 80 fd 07 46 2f b6 07 5d 92 05 e8 96 da f2 90 36 e9 16 60 e8 06 74 c3 06 18 46 71 2c d1 12 53 8a 54 48 ca 8a d6 f4 bf ef 90 ba 58 4e dd 62 18 26 24 16 79 ae 1f cf 8d 5a 9c a5 32 31 4d 49 49 6e 0a be fc e6 74 31 bc 29 a4 76 5f 50 03 24 c9 41 69 6a 62 af 32 db e0 07 6f a0 e7 c6 94 01 7d a8 d8 2e f6 5e 43 92 d3 e0 b5 14 46 49 ee 91 04 17 54 a0 8a 90 41 62 59 7b 2d 01 05 8d bd 1d a3 75 29 95 19 89 d6 2c 35 79 9c d2 1d 4b 68 e0 36 3e 13 cc 30 e0 81 4e 80 d3 f8 22 3c f7 0b 78 64 45 55 8c 28 95 a6 ca 6d 61 83 32 42 7a d1 00 70 40 d1 50 ed 91 d6 31 94 25 a7 41 21 37 0c 5f 35 dd 0
Tries to download or post to a non-existing http route (HTTP/1.1 404 Not Found / 503 Service Unavailable)Show sources
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.2.9Date: Sun, 21 Apr 2019 11:17:40 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 32 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 9d 53 4d 4f dc 30 10 3d 37 bf 62 48 a5 1e 50 13 6f 16 aa b2 d9 0f 89 ee 52 15 89 52 84 42 3f 84 38 78 13 6f 62 e1 d8 c1 76 36 9b 22 fe 7b c7 49 0a 48 e5 80 9a 43 e2 8c 66 de 9b 37 f3 3c db 5b 7d 5b 26 bf 2e 4e a0 b0 a5 80 8b ab 4f 67 a7 4b ef 8d 1f 10 f2 e3 60 49 c8 2a 59 c1 cf 2f c9 d7 33 88 c2 11 24 9a 4a c3 2d 57 92 0a 42 4e ce 7d cc 2c ac ad 62 42 9a a6 09 9b 83 50 e9 9c 24 97 64 e7 d0 22 57 3d 1c 03 fb ac 34 cc 6c e6 2f bc 59 47 b9 2b 85 34 f3 17 60 a2 c9 64 d2 57 fb 80 49 b1 a0 32 9f fb 4c fa f0 78 72 18 8c 66 f8 29 99 a5 28 c1 56 01 bb ab f9 76 ee 2f 95 b4 4c da 20 69 2b e6 43 da ff cd 7d cb 76 96 38 de 29 a4 05 d5 86 d9 79 6d 37 c1 91 4f 10 c4 72 2b d8 e2 82 e6 0c ce 95 85 cf aa 96 d9 8c f4 51 6f 66 6c 2b 18 58 c4 1b 60 52 63 50 05 d9 9f ed 5d 2f 57 c7 c9 f1 f5 3e f1 d6 2a
Urls found in memory or binary dataShow sources
Source: {84AFAACA-6472-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: http://batteryplus.360
Source: en-us[1].htm.2.drString found in binary or memory: http://batteryplus.360securityapps.com/
Source: ~DF5A1A2389A3D80C5F.TMP.1.drString found in binary or memory: http://batteryplus.360securityapps.com/en-us
Source: {84AFAACA-6472-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: http://blog.360safe.co
Source: en-us[1].htm.2.drString found in binary or memory: http://blog.360safe.com
Source: ~DF5A1A2389A3D80C5F.TMP.1.dr, {84AFAACA-6472-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: http://blog.360safe.com/
Source: ~DF5A1A2389A3D80C5F.TMP.1.drString found in binary or memory: http://blog.360safe.com/y.com/.com/en-us
Source: {84AFAACA-6472-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: http://findphone.360sa
Source: {84AFAACA-6472-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: http://findphone.360saapps.com/en-usj
Source: ~DF5A1A2389A3D80C5F.TMP.1.dr, en-us[1].htm.2.drString found in binary or memory: http://findphone.360safe.com/
Source: ~DF5A1A2389A3D80C5F.TMP.1.drString found in binary or memory: http://findphone.360safe.com/.360
Source: ~DF5A1A2389A3D80C5F.TMP.1.drString found in binary or memory: http://findphone.360safe.com//en-us
Source: index[1].css0.2.drString found in binary or memory: http://p0.360img.cc/t011af354c9d460b6dd.png)
Source: index[1].css0.2.drString found in binary or memory: http://p0.360img.cc/t0144dca1b21d358dc4.png)
Source: index[1].css0.2.drString found in binary or memory: http://p0.360img.cc/t014505057436279c97.jpg)
Source: index[1].css0.2.drString found in binary or memory: http://p0.360img.cc/t01c4042dd580c0884b.jpg)
Source: index[1].css0.2.drString found in binary or memory: http://p1.360img.cc/t01b90ca1a5aabff438.png)
Source: index[1].css0.2.drString found in binary or memory: http://p1.360img.cc/t01de0d3e7ccf76ff74.png)
Source: index[1].css0.2.drString found in binary or memory: http://p1.360img.cc/t01f5d5897be27fc6fa.png);left:250px;top:260px
Source: index[1].css0.2.drString found in binary or memory: http://p1.360img.cc/t01fec6a8fba2edbed0.jpg)
Source: index[1].css0.2.drString found in binary or memory: http://p1.360img.cc/t01ffdef9ff89818061.png)
Source: index[1].css0.2.drString found in binary or memory: http://p2.360img.cc/t01efb501c3556d4d55.png)
Source: index[1].css0.2.drString found in binary or memory: http://p3.360img.cc/t01057bedc661802ca9.png)
Source: index[1].css0.2.drString found in binary or memory: http://p3.360img.cc/t011223ccc9f9f754bc.png)
Source: index[1].js.2.drString found in binary or memory: http://p3.360img.cc/t01eb57c4e1fce4bcfd.png
Source: index[1].css0.2.drString found in binary or memory: http://p4.360img.cc/t012571efa980c8b7a4.png)
Source: index[1].css0.2.drString found in binary or memory: http://p4.360img.cc/t01fa0f19bf93a2b87a.png)
Source: index[1].css0.2.drString found in binary or memory: http://p5.360img.cc/t0196646b35c24a14ea.jpg)
Source: index[1].css0.2.drString found in binary or memory: http://p6.360img.cc/t016f230fb3273c0959.png)
Source: index[1].css0.2.drString found in binary or memory: http://p6.360img.cc/t01c1cad0a7989b6cb5.png)
Source: index[1].css0.2.drString found in binary or memory: http://p7.360img.cc/t012f65d34727d5002c.png)
Source: index[1].css0.2.drString found in binary or memory: http://p7.360img.cc/t017528408ec2d92fac.png)
Source: index[1].css0.2.drString found in binary or memory: http://p8.360img.cc/t01817e55f912a6409a.png)
Source: index[1].js1.2.drString found in binary or memory: http://p9.360img.cc/t01baa0d42b44c0d546.png
Source: privacy[1].htm.2.drString found in binary or memory: http://s0.qhimg.com/lib/jquery/183.js
Source: privacy[1].htm.2.drString found in binary or memory: http://www.360safe.com/news
Source: {84AFAACA-6472-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: http://www.360securityapps.com/eRoot
Source: en-us[1].htm1.2.drString found in binary or memory: http://www.360securityapps.com/en-us
Source: ~DF5A1A2389A3D80C5F.TMP.1.dr, en-us[1].htm1.2.drString found in binary or memory: http://www.360securityapps.com/en-us/about/privacy
Source: ~DF5A1A2389A3D80C5F.TMP.1.drString found in binary or memory: http://www.360securityapps.com/en-us/about/privacy923710723
Source: ~DF5A1A2389A3D80C5F.TMP.1.drString found in binary or memory: http://www.360securityapps.com/en-us/about/privacy92371072360
Source: {84AFAACA-6472-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: http://www.360securityapps.com/en-usRoot
Source: ~DF5A1A2389A3D80C5F.TMP.1.drString found in binary or memory: http://www.360securityapps.com/en-usj
Source: en-us[1].htm.2.drString found in binary or memory: http://www.360totalsecurity.com
Source: ~DF5A1A2389A3D80C5F.TMP.1.dr, {84AFAACA-6472-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: http://www.360totalsecurity.com/
Source: ~DF5A1A2389A3D80C5F.TMP.1.drString found in binary or memory: http://www.360totalsecurity.com/.com/en-us
Source: ~DF5A1A2389A3D80C5F.TMP.1.drString found in binary or memory: http://www.360totalsecurity.com/.com/en-usz
Source: msapplication.xml.1.drString found in binary or memory: http://www.amazon.com/
Source: msapplication.xml1.1.drString found in binary or memory: http://www.google.com/
Source: msapplication.xml2.1.drString found in binary or memory: http://www.live.com/
Source: msapplication.xml3.1.drString found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.1.drString found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.drString found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.drString found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.drString found in binary or memory: http://www.youtube.com/
Source: analytics[1].js.2.drString found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: {84AFAACA-6472-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: https://play.google.co
Source: en-us[1].htm.2.dr, en-us[1].htm1.2.drString found in binary or memory: https://play.google.com/store/apps/details?id=com.qihoo.batterysaverplus
Source: en-us[1].htm.2.dr, G2OYGKBA.htm.2.drString found in binary or memory: https://play.google.com/store/apps/details?id=com.qihoo.security
Source: {84AFAACA-6472-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: https://plus.google.co
Source: ~DF5A1A2389A3D80C5F.TMP.1.dr, en-us[1].htm.2.drString found in binary or memory: https://plus.google.com/u/0/communities/109743774012923710723
Source: ~DF5A1A2389A3D80C5F.TMP.1.drString found in binary or memory: https://plus.google.com/u/0/communities/109743774012923710723n
Source: {84AFAACA-6472-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: https://plus.google.com/u/0/communities/Root
Source: analytics[1].js.2.drString found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: analytics[1].js.2.drString found in binary or memory: https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&
Source: {84AFAACA-6472-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: https://twitter.c
Source: {84AFAACA-6472-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: https://twitter.com/36
Source: ~DF5A1A2389A3D80C5F.TMP.1.dr, en-us[1].htm.2.drString found in binary or memory: https://twitter.com/360safecenter
Source: ~DF5A1A2389A3D80C5F.TMP.1.drString found in binary or memory: https://twitter.com/360safecenterdiy28wzs0d=com.qihoo.security
Source: {84AFAACA-6472-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: https://www.facebook.c
Source: analytics[1].js.2.drString found in binary or memory: https://www.google-analytics.com/analytics
Source: analytics[1].js.2.drString found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.2.drString found in binary or memory: https://www.google-analytics.com/u/d
Source: analytics[1].js.2.drString found in binary or memory: https://www.google.%/ads/ga-audiences
Source: analytics[1].js.2.drString found in binary or memory: https://www.google.com/analytics/web/inpage/pub/inpage.js?
Source: {84AFAACA-6472-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: https://www.youtube.co
Source: en-us[1].htm.2.drString found in binary or memory: https://www.youtube.com/watch?v=9JDIy28WZS0
Source: ~DF5A1A2389A3D80C5F.TMP.1.dr, {84AFAACA-6472-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: https://www.youtube.com/watch?v=9jdiy28wzs0
Source: ~DF5A1A2389A3D80C5F.TMP.1.drString found in binary or memory: https://www.youtube.com/watch?v=9jdiy28wzs0d=com.qihoo.security
Uses HTTPSShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443

System Summary:

barindex
Classification labelShow sources
Source: classification engineClassification label: mal48.win@3/109@9/6
Creates files inside the user directoryShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\HighJump to behavior
Creates temporary filesShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\~DF1B336367FF753577.TMPJump to behavior
Reads ini filesShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
Spawns processesShow sources
Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3860 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3860 CREDAT:17410 /prefetch:2Jump to behavior
Found GUI installer (many successful clicks)Show sources
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Run
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Install
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Install
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Install
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Install
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Install
Found graphical window changes (likely an installer)Show sources
Source: Window RecorderWindow detected: More than 3 window changes detected
Uses new MSVCR DllsShow sources
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_171\bin\msvcr100.dllJump to behavior

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 124633 URL: http://360safe.com Startdate: 21/04/2019 Architecture: WINDOWS Score: 48 12 www.360securityapps.com 2->12 14 elb-for-battery-1786632864.ap-southeast-1.elb.amazonaws.com 2->14 16 a767.dscg3.akamai.net 2->16 24 Antivirus detection for URL or domain 2->24 7 iexplore.exe 6 87 2->7         started        signatures3 process4 process5 9 iexplore.exe 1 143 7->9         started        dnsIp6 18 stats.l.doubleclick.net 173.194.76.155, 443, 49820, 49821 unknown United States 9->18 20 d297m60bmcx63.cloudfront.net 52.222.168.119, 49832, 49833, 80 unknown United States 9->20 22 10 other IPs or domains 9->22

Simulations

Behavior and APIs

No simulations

Antivirus and Machine Learning Detection

Initial Sample

SourceDetectionScannerLabelLink
http://360safe.com0%virustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
p6.360img.cc2%virustotalBrowse
s0.qhimg.com0%virustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://p0.360img.cc/t011af354c9d460b6dd.png)100%Avira URL Cloudmalware
http://p6.360img.cc/t016f230fb3273c0959.png0%virustotalBrowse
http://p6.360img.cc/t016f230fb3273c0959.png0%Avira URL Cloudsafe
http://p0.360img.cc/t0144dca1b21d358dc4.png)100%Avira URL Cloudmalware
http://p6.360img.cc/t01c1cad0a7989b6cb5.png)0%Avira URL Cloudsafe
http://s0.qhimg.com/lib/jquery/183.js0%virustotalBrowse
http://s0.qhimg.com/lib/jquery/183.js0%Avira URL Cloudsafe
http://findphone.360saapps.com/en-usj0%Avira URL Cloudsafe
http://findphone.360sa0%Avira URL Cloudsafe
http://p1.360img.cc/t01ffdef9ff89818061.png)0%Avira URL Cloudsafe
http://p1.360img.cc/t01b90ca1a5aabff438.png)0%Avira URL Cloudsafe
http://p2.360img.cc/t01efb501c3556d4d55.png)100%Avira URL Cloudmalware
http://p3.360img.cc/t01057bedc661802ca9.png)100%Avira URL Cloudmalware
http://p8.360img.cc/t01817e55f912a6409a.png)100%Avira URL Cloudmalware
http://p0.360img.cc/t014505057436279c97.jpg)100%Avira URL Cloudmalware
http://p0.360img.cc/t01c4042dd580c0884b.jpg)100%Avira URL Cloudmalware
https://twitter.c0%Avira URL Cloudsafe
http://p6.360img.cc/t016f230fb3273c0959.png)0%Avira URL Cloudsafe
http://blog.360safe.co0%Avira URL Cloudsafe
http://p4.360img.cc/t012571efa980c8b7a4.png)100%Avira URL Cloudmalware
http://p7.360img.cc/t017528408ec2d92fac.png)0%Avira URL Cloudsafe
http://p1.360img.cc/t01de0d3e7ccf76ff74.png)0%Avira URL Cloudsafe
http://p7.360img.cc/t012f65d34727d5002c.png)0%Avira URL Cloudsafe

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Memory Dumps

No yara matches

Unpacked PEs

No yara matches

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.