比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2021-04-21 22:26:47 2021-04-21 22:28:56 129 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 青年多功能手V4.22.exe
文件大小 2839036 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 94e9279eb7e57a7f586ee7bbd10442e4
SHA1 2d21cfcf492f591de81f57b1d1dab8624b2159ce
SHA256 c913452c193b27605a930e6919cc70fd46e48aae9ce14a09556520fe2fd38244
SHA512 f8072734f0448b735c21886d39a6d77721d0fc3ac772834c7709a6bea096559b5ab06ff9a9c35d1ddf2cbeb5c620fba54f5f0b22baf3c92e6fdd3359e19b0983
CRC32 019C86C0
Ssdeep 49152:5RxB5v+sCT6MLlGqDKNsDtf/xtJxOFeVz8Wd9IOpUt87vFX:5d8pJlCMh3xOEy2xt
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
acroipm.adobe.com A 23.223.52.59
CNAME acroipm.adobe.com.edgesuite.net
CNAME a1983.dscd.akamai.net
A 23.223.52.66
kinh.xmcxmr.com A 149.248.52.63
www.taobao.com A 117.27.158.81
CNAME www.taobao.com.danuoyi.tbcache.com
A 117.27.158.80
ocsp.globalsign.com CNAME global.prd.cdn.globalsign.com
CNAME globalsign.com.w.kunlunar.com
A 114.80.187.79
crl.globalsign.com

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00e26e60
声明校验值 0x00000000
实际校验值 0x002bcd62
最低操作系统版本要求 4.0
编译时间 1992-06-20 06:22:17
载入哈希 e253f8ec0371c0d6a5b2b4676e8c61c6

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
UPX0 0x00001000 0x00a18000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
UPX1 0x00a19000 0x0000f000 0x0000e200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7.84
.rsrc 0x00a28000 0x00001000 0x00000a00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.81

覆盖

偏移量 0x0000f000
大小 0x002a61fc

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_STRING 0x00a2401c 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL 7.56 data
RT_STRING 0x00a2401c 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL 7.56 data
RT_STRING 0x00a2401c 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL 7.56 data
RT_STRING 0x00a2401c 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL 7.56 data
RT_STRING 0x00a2401c 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL 7.56 data
RT_STRING 0x00a2401c 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL 7.56 data
RT_STRING 0x00a2401c 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL 7.56 data
RT_RCDATA 0x00a242e8 0x00000108 LANG_NEUTRAL SUBLANG_NEUTRAL 7.07 data
RT_RCDATA 0x00a242e8 0x00000108 LANG_NEUTRAL SUBLANG_NEUTRAL 7.07 data
RT_RCDATA 0x00a242e8 0x00000108 LANG_NEUTRAL SUBLANG_NEUTRAL 7.07 data
RT_MANIFEST 0x00a282ac 0x0000053e LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.92 XML 1.0 document, ASCII text, with CRLF line terminators

导入

库: advapi32.dll:
0xe28878 RegCloseKey
库: gdi32.dll:
0xe28880 TextOutA
库: KERNEL32.DLL:
0xe28888 LoadLibraryA
0xe2888c ExitProcess
0xe28890 GetProcAddress
0xe28894 VirtualProtect
库: oleaut32.dll:
0xe2889c VariantCopy
库: shell32.dll:
0xe288a4 ShellExecuteA
库: user32.dll:
0xe288ac EndPaint
.rsrc
el32.dll
$(MWN
m8;Z~
str`/!?Cy
%s:\
wW4vC
KG/I!F'
advapi32.dll
gdi32.dll
KERNEL32.DLL
oleaut32.dll
shell32.dll
user32.dll
RegCloseKey
TextOutA
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
VariantCopy
ShellExecuteA
EndPaint
002CC7488C
csrss.exe
-~ hP7
lHX- B&
"n.6a
PACKAGEINFO
没有防病毒引擎扫描信息!

进程树

__________________V4.22.exe, PID: 2460, 上一级进程 PID: 2156
csrss.exe, PID: 2728, 上一级进程 PID: 2460
1.exe, PID: 2848, 上一级进程 PID: 2728
services.exe, PID: 432, 上一级进程 PID: 344
svchost.exe, PID: 2308, 上一级进程 PID: 432
svchost.exe, PID: 2436, 上一级进程 PID: 432
svchost.exe, PID: 2748, 上一级进程 PID: 432
WerFault.exe, PID: 2596, 上一级进程 PID: 2436
LiveUpdate36O.exe, PID: 2952, 上一级进程 PID: 2748
taskhost.exe, PID: 3436, 上一级进程 PID: 432
mscorsvw.exe, PID: 3612, 上一级进程 PID: 432
mscorsvw.exe, PID: 3708, 上一级进程 PID: 432
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49202 114.80.187.79 ocsp.globalsign.com 80
192.168.122.201 49203 114.80.187.79 ocsp.globalsign.com 80
192.168.122.201 49204 114.80.187.79 ocsp.globalsign.com 80
192.168.122.201 49205 114.80.187.79 ocsp.globalsign.com 80
192.168.122.201 49200 117.27.158.80 www.taobao.com 80
192.168.122.201 49201 117.27.158.80 www.taobao.com 443
192.168.122.201 49208 117.27.158.80 www.taobao.com 80
192.168.122.201 49209 117.27.158.80 www.taobao.com 443
192.168.122.201 49211 117.27.158.80 www.taobao.com 80
192.168.122.201 49212 117.27.158.80 www.taobao.com 443
192.168.122.201 49214 117.27.158.80 www.taobao.com 80
192.168.122.201 49215 117.27.158.80 www.taobao.com 443
192.168.122.201 49217 117.27.158.80 www.taobao.com 80
192.168.122.201 49218 117.27.158.80 www.taobao.com 443
192.168.122.201 49220 117.27.158.80 www.taobao.com 80
192.168.122.201 49221 117.27.158.80 www.taobao.com 443
192.168.122.201 49223 117.27.158.80 www.taobao.com 80
192.168.122.201 49224 117.27.158.80 www.taobao.com 443
192.168.122.201 49226 117.27.158.80 www.taobao.com 80
192.168.122.201 49227 117.27.158.80 www.taobao.com 443
192.168.122.201 49229 117.27.158.80 www.taobao.com 80
192.168.122.201 49230 117.27.158.80 www.taobao.com 443
192.168.122.201 49232 117.27.158.80 www.taobao.com 80
192.168.122.201 49233 117.27.158.80 www.taobao.com 443
192.168.122.201 49235 117.27.158.80 www.taobao.com 80
192.168.122.201 49236 117.27.158.80 www.taobao.com 443
192.168.122.201 49238 117.27.158.80 www.taobao.com 80
192.168.122.201 49239 117.27.158.80 www.taobao.com 443
192.168.122.201 49241 117.27.158.80 www.taobao.com 80
192.168.122.201 49242 117.27.158.80 www.taobao.com 443
192.168.122.201 49244 117.27.158.80 www.taobao.com 80
192.168.122.201 49245 117.27.158.80 www.taobao.com 443
192.168.122.201 49247 117.27.158.80 www.taobao.com 80
192.168.122.201 49248 117.27.158.80 www.taobao.com 443
192.168.122.201 49250 117.27.158.80 www.taobao.com 80
192.168.122.201 49251 117.27.158.80 www.taobao.com 443
192.168.122.201 49253 117.27.158.80 www.taobao.com 80
192.168.122.201 49254 117.27.158.80 www.taobao.com 443
192.168.122.201 49256 117.27.158.80 www.taobao.com 80
192.168.122.201 49257 117.27.158.80 www.taobao.com 443
192.168.122.201 49259 117.27.158.80 www.taobao.com 80
192.168.122.201 49260 117.27.158.80 www.taobao.com 443
192.168.122.201 49262 117.27.158.80 www.taobao.com 80
192.168.122.201 49263 117.27.158.80 www.taobao.com 443
192.168.122.201 49266 117.27.158.80 www.taobao.com 80
192.168.122.201 49267 117.27.158.80 www.taobao.com 443
192.168.122.201 49270 117.27.158.80 www.taobao.com 80
192.168.122.201 49271 117.27.158.80 www.taobao.com 443
192.168.122.201 49273 117.27.158.80 www.taobao.com 80
192.168.122.201 49274 117.27.158.80 www.taobao.com 443
192.168.122.201 49277 117.27.158.80 www.taobao.com 80
192.168.122.201 49278 117.27.158.80 www.taobao.com 443
192.168.122.201 49280 117.27.158.80 www.taobao.com 80
192.168.122.201 49281 117.27.158.80 www.taobao.com 443
192.168.122.201 49283 117.27.158.80 www.taobao.com 80
192.168.122.201 49284 117.27.158.80 www.taobao.com 443
192.168.122.201 49286 117.27.158.80 www.taobao.com 80
192.168.122.201 49287 117.27.158.80 www.taobao.com 443
192.168.122.201 49289 117.27.158.80 www.taobao.com 80
192.168.122.201 49290 117.27.158.80 www.taobao.com 443
192.168.122.201 49294 117.27.158.80 www.taobao.com 80
192.168.122.201 49295 117.27.158.80 www.taobao.com 443
192.168.122.201 49297 117.27.158.80 www.taobao.com 80
192.168.122.201 49298 117.27.158.80 www.taobao.com 443
192.168.122.201 49301 117.27.158.80 www.taobao.com 80
192.168.122.201 49302 117.27.158.80 www.taobao.com 443
192.168.122.201 49304 117.27.158.80 www.taobao.com 80
192.168.122.201 49305 117.27.158.80 www.taobao.com 443
192.168.122.201 49307 117.27.158.80 www.taobao.com 80
192.168.122.201 49308 117.27.158.80 www.taobao.com 443
192.168.122.201 49310 117.27.158.80 www.taobao.com 80
192.168.122.201 49311 117.27.158.80 www.taobao.com 443
192.168.122.201 49199 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49206 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49210 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49213 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49216 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49219 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49222 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49225 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49228 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49231 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49234 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49237 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49240 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49243 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49246 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49249 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49252 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49255 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49258 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49261 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49265 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49268 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49272 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49275 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49279 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49282 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49285 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49288 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49293 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49296 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49300 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49303 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49306 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49162 23.223.52.59 acroipm.adobe.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 52179 192.168.122.1 53
192.168.122.201 52207 192.168.122.1 53
192.168.122.201 53125 192.168.122.1 53
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 60465 192.168.122.1 53
192.168.122.201 65179 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
acroipm.adobe.com A 23.223.52.59
CNAME acroipm.adobe.com.edgesuite.net
CNAME a1983.dscd.akamai.net
A 23.223.52.66
kinh.xmcxmr.com A 149.248.52.63
www.taobao.com A 117.27.158.81
CNAME www.taobao.com.danuoyi.tbcache.com
A 117.27.158.80
ocsp.globalsign.com CNAME global.prd.cdn.globalsign.com
CNAME globalsign.com.w.kunlunar.com
A 114.80.187.79
crl.globalsign.com

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49202 114.80.187.79 ocsp.globalsign.com 80
192.168.122.201 49203 114.80.187.79 ocsp.globalsign.com 80
192.168.122.201 49204 114.80.187.79 ocsp.globalsign.com 80
192.168.122.201 49205 114.80.187.79 ocsp.globalsign.com 80
192.168.122.201 49200 117.27.158.80 www.taobao.com 80
192.168.122.201 49201 117.27.158.80 www.taobao.com 443
192.168.122.201 49208 117.27.158.80 www.taobao.com 80
192.168.122.201 49209 117.27.158.80 www.taobao.com 443
192.168.122.201 49211 117.27.158.80 www.taobao.com 80
192.168.122.201 49212 117.27.158.80 www.taobao.com 443
192.168.122.201 49214 117.27.158.80 www.taobao.com 80
192.168.122.201 49215 117.27.158.80 www.taobao.com 443
192.168.122.201 49217 117.27.158.80 www.taobao.com 80
192.168.122.201 49218 117.27.158.80 www.taobao.com 443
192.168.122.201 49220 117.27.158.80 www.taobao.com 80
192.168.122.201 49221 117.27.158.80 www.taobao.com 443
192.168.122.201 49223 117.27.158.80 www.taobao.com 80
192.168.122.201 49224 117.27.158.80 www.taobao.com 443
192.168.122.201 49226 117.27.158.80 www.taobao.com 80
192.168.122.201 49227 117.27.158.80 www.taobao.com 443
192.168.122.201 49229 117.27.158.80 www.taobao.com 80
192.168.122.201 49230 117.27.158.80 www.taobao.com 443
192.168.122.201 49232 117.27.158.80 www.taobao.com 80
192.168.122.201 49233 117.27.158.80 www.taobao.com 443
192.168.122.201 49235 117.27.158.80 www.taobao.com 80
192.168.122.201 49236 117.27.158.80 www.taobao.com 443
192.168.122.201 49238 117.27.158.80 www.taobao.com 80
192.168.122.201 49239 117.27.158.80 www.taobao.com 443
192.168.122.201 49241 117.27.158.80 www.taobao.com 80
192.168.122.201 49242 117.27.158.80 www.taobao.com 443
192.168.122.201 49244 117.27.158.80 www.taobao.com 80
192.168.122.201 49245 117.27.158.80 www.taobao.com 443
192.168.122.201 49247 117.27.158.80 www.taobao.com 80
192.168.122.201 49248 117.27.158.80 www.taobao.com 443
192.168.122.201 49250 117.27.158.80 www.taobao.com 80
192.168.122.201 49251 117.27.158.80 www.taobao.com 443
192.168.122.201 49253 117.27.158.80 www.taobao.com 80
192.168.122.201 49254 117.27.158.80 www.taobao.com 443
192.168.122.201 49256 117.27.158.80 www.taobao.com 80
192.168.122.201 49257 117.27.158.80 www.taobao.com 443
192.168.122.201 49259 117.27.158.80 www.taobao.com 80
192.168.122.201 49260 117.27.158.80 www.taobao.com 443
192.168.122.201 49262 117.27.158.80 www.taobao.com 80
192.168.122.201 49263 117.27.158.80 www.taobao.com 443
192.168.122.201 49266 117.27.158.80 www.taobao.com 80
192.168.122.201 49267 117.27.158.80 www.taobao.com 443
192.168.122.201 49270 117.27.158.80 www.taobao.com 80
192.168.122.201 49271 117.27.158.80 www.taobao.com 443
192.168.122.201 49273 117.27.158.80 www.taobao.com 80
192.168.122.201 49274 117.27.158.80 www.taobao.com 443
192.168.122.201 49277 117.27.158.80 www.taobao.com 80
192.168.122.201 49278 117.27.158.80 www.taobao.com 443
192.168.122.201 49280 117.27.158.80 www.taobao.com 80
192.168.122.201 49281 117.27.158.80 www.taobao.com 443
192.168.122.201 49283 117.27.158.80 www.taobao.com 80
192.168.122.201 49284 117.27.158.80 www.taobao.com 443
192.168.122.201 49286 117.27.158.80 www.taobao.com 80
192.168.122.201 49287 117.27.158.80 www.taobao.com 443
192.168.122.201 49289 117.27.158.80 www.taobao.com 80
192.168.122.201 49290 117.27.158.80 www.taobao.com 443
192.168.122.201 49294 117.27.158.80 www.taobao.com 80
192.168.122.201 49295 117.27.158.80 www.taobao.com 443
192.168.122.201 49297 117.27.158.80 www.taobao.com 80
192.168.122.201 49298 117.27.158.80 www.taobao.com 443
192.168.122.201 49301 117.27.158.80 www.taobao.com 80
192.168.122.201 49302 117.27.158.80 www.taobao.com 443
192.168.122.201 49304 117.27.158.80 www.taobao.com 80
192.168.122.201 49305 117.27.158.80 www.taobao.com 443
192.168.122.201 49307 117.27.158.80 www.taobao.com 80
192.168.122.201 49308 117.27.158.80 www.taobao.com 443
192.168.122.201 49310 117.27.158.80 www.taobao.com 80
192.168.122.201 49311 117.27.158.80 www.taobao.com 443
192.168.122.201 49199 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49206 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49210 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49213 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49216 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49219 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49222 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49225 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49228 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49231 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49234 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49237 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49240 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49243 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49246 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49249 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49252 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49255 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49258 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49261 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49265 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49268 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49272 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49275 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49279 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49282 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49285 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49288 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49293 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49296 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49300 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49303 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49306 149.248.52.63 kinh.xmcxmr.com 442
192.168.122.201 49162 23.223.52.59 acroipm.adobe.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 52179 192.168.122.1 53
192.168.122.201 52207 192.168.122.1 53
192.168.122.201 53125 192.168.122.1 53
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 60465 192.168.122.1 53
192.168.122.201 65179 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache
URL专业沙箱检测 -> http://www.taobao.com/help/getip.php 
GET /help/getip.php HTTP/1.1
Host: www.taobao.com
Cache-Control: no-cache
URL专业沙箱检测 -> http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH 
GET /rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.globalsign.com
URL专业沙箱检测 -> http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH 
GET /rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.globalsign.com
URL专业沙箱检测 -> http://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDG1VcWLvtKJkED9zuA%3D%3D 
GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDG1VcWLvtKJkED9zuA%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com
URL专业沙箱检测 -> http://crl.globalsign.net/root.crl 
GET /root.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.globalsign.net
URL专业沙箱检测 -> http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl 
GET /gs/gsorganizationvalsha2g2.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.globalsign.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

Timestamp Source IP Source Port Destination IP Destination Port Protocol SID Signature Category
2021-04-21 22:27:36.439919+0800 192.168.122.201 49213 149.248.52.63 442 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2021-04-21 22:27:40.448878+0800 192.168.122.201 49222 149.248.52.63 442 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2021-04-21 22:27:37.772305+0800 192.168.122.201 49216 149.248.52.63 442 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2021-04-21 22:27:33.710349+0800 192.168.122.201 49206 149.248.52.63 442 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2021-04-21 22:27:43.118674+0800 192.168.122.201 49228 149.248.52.63 442 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2021-04-21 22:27:41.778859+0800 192.168.122.201 49225 149.248.52.63 442 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2021-04-21 22:27:39.079547+0800 192.168.122.201 49219 149.248.52.63 442 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2021-04-21 22:27:50.198004+0800 192.168.122.201 49237 149.248.52.63 442 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2021-04-21 22:27:32.353097+0800 192.168.122.201 49199 149.248.52.63 442 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2021-04-21 22:27:47.347379+0800 192.168.122.201 49234 149.248.52.63 442 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2021-04-21 22:28:11.841690+0800 192.168.122.201 49265 149.248.52.63 442 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2021-04-21 22:27:51.535585+0800 192.168.122.201 49240 149.248.52.63 442 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2021-04-21 22:27:35.067998+0800 192.168.122.201 49210 149.248.52.63 442 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2021-04-21 22:27:59.875612+0800 192.168.122.201 49255 149.248.52.63 442 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2021-04-21 22:27:46.008714+0800 192.168.122.201 49231 149.248.52.63 442 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2021-04-21 22:27:57.196003+0800 192.168.122.201 49249 149.248.52.63 442 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2021-04-21 22:28:36.163428+0800 192.168.122.201 49279 149.248.52.63 442 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2021-04-21 22:28:40.478402+0800 192.168.122.201 49282 149.248.52.63 442 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2021-04-21 22:28:01.235630+0800 192.168.122.201 49258 149.248.52.63 442 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2021-04-21 22:28:48.231695+0800 192.168.122.201 49293 149.248.52.63 442 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2021-04-21 22:27:52.902623+0800 192.168.122.201 49243 149.248.52.63 442 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2021-04-21 22:28:51.752855+0800 192.168.122.201 49300 149.248.52.63 442 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2021-04-21 22:28:21.917802+0800 192.168.122.201 49268 149.248.52.63 442 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2021-04-21 22:28:03.850193+0800 192.168.122.201 49261 149.248.52.63 442 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2021-04-21 22:28:34.418644+0800 192.168.122.201 49275 149.248.52.63 442 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2021-04-21 22:28:49.673163+0800 192.168.122.201 49296 149.248.52.63 442 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2021-04-21 22:28:54.625657+0800 192.168.122.201 49306 149.248.52.63 442 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2021-04-21 22:28:46.370022+0800 192.168.122.201 49288 149.248.52.63 442 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2021-04-21 22:27:58.555106+0800 192.168.122.201 49252 149.248.52.63 442 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2021-04-21 22:28:43.096847+0800 192.168.122.201 49285 149.248.52.63 442 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2021-04-21 22:28:53.154556+0800 192.168.122.201 49303 149.248.52.63 442 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
2021-04-21 22:28:27.431074+0800 192.168.122.201 49272 149.248.52.63 442 TCP 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2021-04-21 22:27:33.417279+0800 192.168.122.201 49209 117.27.158.80 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tmall.com 9c:54:64:7f:72:a5:07:a6:b9:1d:46:d3:df:50:a6:7f:8a:28:25:30
2021-04-21 22:27:34.772769+0800 192.168.122.201 49212 117.27.158.80 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tmall.com 9c:54:64:7f:72:a5:07:a6:b9:1d:46:d3:df:50:a6:7f:8a:28:25:30
2021-04-21 22:27:40.150641+0800 192.168.122.201 49224 117.27.158.80 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tmall.com 9c:54:64:7f:72:a5:07:a6:b9:1d:46:d3:df:50:a6:7f:8a:28:25:30
2021-04-21 22:27:38.809496+0800 192.168.122.201 49221 117.27.158.80 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tmall.com 9c:54:64:7f:72:a5:07:a6:b9:1d:46:d3:df:50:a6:7f:8a:28:25:30
2021-04-21 22:27:36.137054+0800 192.168.122.201 49215 117.27.158.80 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tmall.com 9c:54:64:7f:72:a5:07:a6:b9:1d:46:d3:df:50:a6:7f:8a:28:25:30
2021-04-21 22:27:45.714319+0800 192.168.122.201 49233 117.27.158.80 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tmall.com 9c:54:64:7f:72:a5:07:a6:b9:1d:46:d3:df:50:a6:7f:8a:28:25:30
2021-04-21 22:27:31.667979+0800 192.168.122.201 49201 117.27.158.80 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tmall.com 9c:54:64:7f:72:a5:07:a6:b9:1d:46:d3:df:50:a6:7f:8a:28:25:30
2021-04-21 22:27:49.904870+0800 192.168.122.201 49239 117.27.158.80 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tmall.com 9c:54:64:7f:72:a5:07:a6:b9:1d:46:d3:df:50:a6:7f:8a:28:25:30
2021-04-21 22:28:14.655484+0800 192.168.122.201 49271 117.27.158.80 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tmall.com 9c:54:64:7f:72:a5:07:a6:b9:1d:46:d3:df:50:a6:7f:8a:28:25:30
2021-04-21 22:27:42.845687+0800 192.168.122.201 49230 117.27.158.80 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tmall.com 9c:54:64:7f:72:a5:07:a6:b9:1d:46:d3:df:50:a6:7f:8a:28:25:30
2021-04-21 22:28:35.872949+0800 192.168.122.201 49281 117.27.158.80 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tmall.com 9c:54:64:7f:72:a5:07:a6:b9:1d:46:d3:df:50:a6:7f:8a:28:25:30
2021-04-21 22:27:56.909852+0800 192.168.122.201 49251 117.27.158.80 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tmall.com 9c:54:64:7f:72:a5:07:a6:b9:1d:46:d3:df:50:a6:7f:8a:28:25:30
2021-04-21 22:28:00.949878+0800 192.168.122.201 49260 117.27.158.80 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tmall.com 9c:54:64:7f:72:a5:07:a6:b9:1d:46:d3:df:50:a6:7f:8a:28:25:30
2021-04-21 22:27:41.494445+0800 192.168.122.201 49227 117.27.158.80 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tmall.com 9c:54:64:7f:72:a5:07:a6:b9:1d:46:d3:df:50:a6:7f:8a:28:25:30
2021-04-21 22:27:52.585653+0800 192.168.122.201 49245 117.27.158.80 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tmall.com 9c:54:64:7f:72:a5:07:a6:b9:1d:46:d3:df:50:a6:7f:8a:28:25:30
2021-04-21 22:27:47.074581+0800 192.168.122.201 49236 117.27.158.80 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tmall.com 9c:54:64:7f:72:a5:07:a6:b9:1d:46:d3:df:50:a6:7f:8a:28:25:30
2021-04-21 22:27:51.256970+0800 192.168.122.201 49242 117.27.158.80 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tmall.com 9c:54:64:7f:72:a5:07:a6:b9:1d:46:d3:df:50:a6:7f:8a:28:25:30
2021-04-21 22:27:58.271723+0800 192.168.122.201 49254 117.27.158.80 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tmall.com 9c:54:64:7f:72:a5:07:a6:b9:1d:46:d3:df:50:a6:7f:8a:28:25:30
2021-04-21 22:28:02.289030+0800 192.168.122.201 49263 117.27.158.80 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tmall.com 9c:54:64:7f:72:a5:07:a6:b9:1d:46:d3:df:50:a6:7f:8a:28:25:30
2021-04-21 22:27:37.488495+0800 192.168.122.201 49218 117.27.158.80 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tmall.com 9c:54:64:7f:72:a5:07:a6:b9:1d:46:d3:df:50:a6:7f:8a:28:25:30
2021-04-21 22:28:34.058008+0800 192.168.122.201 49278 117.27.158.80 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tmall.com 9c:54:64:7f:72:a5:07:a6:b9:1d:46:d3:df:50:a6:7f:8a:28:25:30
2021-04-21 22:27:59.603205+0800 192.168.122.201 49257 117.27.158.80 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tmall.com 9c:54:64:7f:72:a5:07:a6:b9:1d:46:d3:df:50:a6:7f:8a:28:25:30
2021-04-21 22:27:53.937424+0800 192.168.122.201 49248 117.27.158.80 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tmall.com 9c:54:64:7f:72:a5:07:a6:b9:1d:46:d3:df:50:a6:7f:8a:28:25:30
2021-04-21 22:28:44.255848+0800 192.168.122.201 49290 117.27.158.80 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tmall.com 9c:54:64:7f:72:a5:07:a6:b9:1d:46:d3:df:50:a6:7f:8a:28:25:30
2021-04-21 22:28:25.265865+0800 192.168.122.201 49274 117.27.158.80 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tmall.com 9c:54:64:7f:72:a5:07:a6:b9:1d:46:d3:df:50:a6:7f:8a:28:25:30
2021-04-21 22:28:42.250086+0800 192.168.122.201 49287 117.27.158.80 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tmall.com 9c:54:64:7f:72:a5:07:a6:b9:1d:46:d3:df:50:a6:7f:8a:28:25:30
2021-04-21 22:28:49.374704+0800 192.168.122.201 49298 117.27.158.80 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tmall.com 9c:54:64:7f:72:a5:07:a6:b9:1d:46:d3:df:50:a6:7f:8a:28:25:30
2021-04-21 22:28:51.449738+0800 192.168.122.201 49302 117.27.158.80 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tmall.com 9c:54:64:7f:72:a5:07:a6:b9:1d:46:d3:df:50:a6:7f:8a:28:25:30
2021-04-21 22:28:52.848210+0800 192.168.122.201 49305 117.27.158.80 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tmall.com 9c:54:64:7f:72:a5:07:a6:b9:1d:46:d3:df:50:a6:7f:8a:28:25:30
2021-04-21 22:28:54.313862+0800 192.168.122.201 49308 117.27.158.80 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tmall.com 9c:54:64:7f:72:a5:07:a6:b9:1d:46:d3:df:50:a6:7f:8a:28:25:30
2021-04-21 22:28:47.669666+0800 192.168.122.201 49295 117.27.158.80 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tmall.com 9c:54:64:7f:72:a5:07:a6:b9:1d:46:d3:df:50:a6:7f:8a:28:25:30
2021-04-21 22:28:55.676039+0800 192.168.122.201 49311 117.27.158.80 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tmall.com 9c:54:64:7f:72:a5:07:a6:b9:1d:46:d3:df:50:a6:7f:8a:28:25:30
2021-04-21 22:28:08.365814+0800 192.168.122.201 49267 117.27.158.80 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tmall.com 9c:54:64:7f:72:a5:07:a6:b9:1d:46:d3:df:50:a6:7f:8a:28:25:30

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 37.136 seconds )

  • 13.058 BehaviorAnalysis
  • 10.73 Suricata
  • 7.399 NetworkAnalysis
  • 3.428 VirusTotal
  • 1.378 Static
  • 0.705 TargetInfo
  • 0.408 peid
  • 0.011 Strings
  • 0.01 AnalysisInfo
  • 0.007 config_decoder
  • 0.002 Memory

Signatures ( 23.907 seconds )

  • 17.959 network_http
  • 1.452 md_url_bl
  • 0.804 api_spamming
  • 0.619 stealth_decoy_document
  • 0.401 antiav_detectreg
  • 0.308 injection_createremotethread
  • 0.238 process_interest
  • 0.204 injection_runpe
  • 0.146 vawtrak_behavior
  • 0.14 infostealer_ftp
  • 0.101 process_needed
  • 0.09 mimics_filetime
  • 0.084 stealth_timeout
  • 0.082 reads_self
  • 0.082 antianalysis_detectreg
  • 0.079 stealth_file
  • 0.078 infostealer_im
  • 0.076 antivm_generic_disk
  • 0.072 virus
  • 0.068 bootkit
  • 0.058 antivm_generic_scsi
  • 0.058 shifu_behavior
  • 0.058 hancitor_behavior
  • 0.046 injection_explorer
  • 0.044 infostealer_mail
  • 0.026 antivm_generic_services
  • 0.024 kovter_behavior
  • 0.023 anormaly_invoke_kills
  • 0.022 antiemu_wine_func
  • 0.022 infostealer_browser_password
  • 0.021 kibex_behavior
  • 0.02 antivm_xen_keys
  • 0.02 darkcomet_regkeys
  • 0.019 antivm_parallels_keys
  • 0.018 geodo_banking_trojan
  • 0.017 md_domain_bl
  • 0.017 recon_fingerprint
  • 0.015 betabot_behavior
  • 0.013 antivm_vbox_libs
  • 0.013 dridex_behavior
  • 0.013 antiav_detectfile
  • 0.013 antivm_generic_diskreg
  • 0.011 antisandbox_productid
  • 0.01 antidbg_windows
  • 0.009 antiav_avast_libs
  • 0.009 antisandbox_sunbelt_libs
  • 0.009 infostealer_bitcoin
  • 0.008 anomaly_persistence_autorun
  • 0.007 antisandbox_sboxie_libs
  • 0.007 antiav_bitdefender_libs
  • 0.007 antivm_vbox_keys
  • 0.007 antivm_vmware_keys
  • 0.006 bypass_firewall
  • 0.006 antivm_xen_keys
  • 0.006 antivm_hyperv_keys
  • 0.006 antivm_vbox_acpi
  • 0.006 antivm_vpc_keys
  • 0.006 maldun_anomaly_invoke_vb_vba
  • 0.006 packer_armadillo_regkey
  • 0.006 recon_programs
  • 0.005 infostealer_browser
  • 0.005 maldun_anomaly_massive_file_ops
  • 0.005 stealth_network
  • 0.005 antivm_generic_bios
  • 0.005 antivm_generic_cpu
  • 0.005 antivm_generic_system
  • 0.005 antivm_vbox_files
  • 0.005 ransomware_extensions
  • 0.005 ransomware_files
  • 0.004 hawkeye_behavior
  • 0.004 antivm_vmware_libs
  • 0.003 antisandbox_sleep
  • 0.002 tinba_behavior
  • 0.002 rat_nanocore
  • 0.002 maldun_malicious_write_executeable_under_temp_to_regrun
  • 0.002 maldun_anomaly_write_exe_and_obsfucate_extension
  • 0.002 antivm_vbox_window
  • 0.002 kelihos_behavior
  • 0.002 sets_autoconfig_url
  • 0.002 kazybot_behavior
  • 0.002 ipc_namedpipe
  • 0.002 maldun_anomaly_write_exe_and_dll_under_winroot_run
  • 0.002 exec_crash
  • 0.002 cerber_behavior
  • 0.002 antidbg_devices
  • 0.002 disables_browser_warn
  • 0.002 network_torgateway
  • 0.001 banker_prinimalka
  • 0.001 network_tor
  • 0.001 antivm_generic_disk_setupapi
  • 0.001 ransomware_dmalocker
  • 0.001 network_anomaly
  • 0.001 rat_luminosity
  • 0.001 anomaly_persistence_bootexecute
  • 0.001 anomaly_reset_winsock
  • 0.001 creates_largekey
  • 0.001 dead_connect
  • 0.001 antisandbox_script_timer
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_vmware_files
  • 0.001 antiemu_wine_reg
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 codelux_behavior
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http
  • 0.001 rat_pcclient
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.676 seconds )

  • 0.559 ReportHTMLSummary
  • 0.117 Malheur
Task ID 631866
Mongo ID 608037057e769a0f704944dc
Cuckoo release 1.4-Maldun