分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2023-06-07 16:07:39 2023-06-07 16:08:26 47 秒

魔盾分数

0.475

正常的

文件详细信息

文件名 多类支持向量机的DDoS攻击检测的方法.pdf
文件大小 1162549 字节
文件类型 PDF document, version 1.3
MD5 3215093b0dc75311992042ff94f100e7
SHA1 6f798ca7b6f98b068e27ef3582e9713a3886c887
SHA256 2eb9298e7f67cb7f6f1e36ef3486a88496ddab507bc7a4c9a7a741fb31819785
SHA512 058a8915a6f824a64c6cbad2c0d8d0022c905113c1f765c8ab7a88cec1835a8033d6a926254f9df7ef01dc8d6f03ca5df2ce78129fb813c24065b628fa249fd4
CRC32 F60EA404
Ssdeep 24576:+CpGADAWcdNjDwL7osP3tTQLvTB0mTekG1l/DzI:+LtdNHwL8YhA+mf68
Yara 登录查看Yara规则
找不到该样本 提交漏报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
13.107.213.50 美国
13.107.246.50 美国
23.197.245.164 美国
23.204.146.162 美国
23.33.16.112 美国
23.33.17.164 美国
52.109.124.150 美国
61.147.219.124 中国

摘要

登录查看详细行为信息

PDF 统计数据

创建工具 ReaderEx_DIS 2.0.0 Build 3946
制作者 TTKN
作者 CNKI
熵(Entropy)总量 7.985307
进入数据流的熵 7.997470
流出数据流的熵 5.127304
"%% EOF" 数量 2
PDF头数据 %PDF-1.3
EOF 后的数据 0 bytes
文件大小 1162549 字节
文件页数 8

PDF 日期

名称
/CreationDate 2017/12/15 13:37:23 GMT-08
/CreationDate 2017/12/15 13:37:23 GMT-08
/ModDate 2017/12/19 10:15:52 GMT+08

数据流量

数据流名称 数据流数量
/ObjStm 0
/AcroForm 0
xref 2
obj 285
/JS 0
stream 179
endobj 284
/OpenAction 0
/JavaScript 0
endstream 179
/Page 8
/RichMedia 0
startxref 2
/JBIG2Decode 0
/EmbeddedFile 0
/Encrypt 0
/AA 0
/XFA 0
/Colors > 2^24 0
/Launch 0
trailer 2

wruR,
#7>gM
没有防病毒引擎扫描信息!

进程树


AcroRd32.exe, PID: 2540, 上一级进程 PID: 2196

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
13.107.213.50 美国
13.107.246.50 美国
23.197.245.164 美国
23.204.146.162 美国
23.33.16.112 美国
23.33.17.164 美国
52.109.124.150 美国
61.147.219.124 中国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49191 13.107.213.50 wcpstatic.microsoft.com 443
192.168.122.201 49194 13.107.213.50 wcpstatic.microsoft.com 443
192.168.122.201 49202 13.107.213.50 wcpstatic.microsoft.com 443
192.168.122.201 49179 13.107.246.50 wcpstatic.microsoft.com 443
192.168.122.201 49184 13.107.246.50 wcpstatic.microsoft.com 443
192.168.122.201 49195 13.107.246.50 wcpstatic.microsoft.com 443
192.168.122.201 49162 23.197.245.164 support.office.com 443
192.168.122.201 49164 23.197.245.164 support.office.com 443
192.168.122.201 49171 23.197.245.164 support.office.com 443
192.168.122.201 49185 23.204.146.162 img-prod-cms-rt-microsoft-com.akamaized.net 443
192.168.122.201 49186 23.204.146.162 img-prod-cms-rt-microsoft-com.akamaized.net 443
192.168.122.201 49192 23.204.146.162 img-prod-cms-rt-microsoft-com.akamaized.net 443
192.168.122.201 49193 23.204.146.162 img-prod-cms-rt-microsoft-com.akamaized.net 443
192.168.122.201 49196 23.204.146.162 img-prod-cms-rt-microsoft-com.akamaized.net 443
192.168.122.201 49197 23.204.146.162 img-prod-cms-rt-microsoft-com.akamaized.net 443
192.168.122.201 49203 23.204.146.162 img-prod-cms-rt-microsoft-com.akamaized.net 443
192.168.122.201 49204 23.204.146.162 img-prod-cms-rt-microsoft-com.akamaized.net 443
192.168.122.201 49165 23.33.16.112 support.microsoft.com 443
192.168.122.201 49166 23.33.16.112 support.microsoft.com 443
192.168.122.201 49167 23.33.16.112 support.microsoft.com 443
192.168.122.201 49172 23.33.16.112 support.microsoft.com 443
192.168.122.201 49173 23.33.16.112 support.microsoft.com 443
192.168.122.201 49174 23.33.16.112 support.microsoft.com 443
192.168.122.201 49175 23.33.16.112 support.microsoft.com 443
192.168.122.201 49187 23.33.17.164 c.s-microsoft.com 443
192.168.122.201 49163 23.45.112.74 80
192.168.122.201 49160 52.109.124.150 officeredir.microsoft.com 80
192.168.122.201 49161 52.109.124.150 officeredir.microsoft.com 80
192.168.122.201 49169 52.109.124.150 officeredir.microsoft.com 80
192.168.122.201 49170 52.109.124.150 officeredir.microsoft.com 80
192.168.122.201 49176 61.147.219.124 www.microsoft.com 443
192.168.122.201 49177 61.147.219.124 www.microsoft.com 443
192.168.122.201 49178 61.147.219.124 www.microsoft.com 443
192.168.122.201 49182 61.147.219.124 www.microsoft.com 443
192.168.122.201 49183 61.147.219.124 www.microsoft.com 443
192.168.122.201 49188 61.147.219.124 www.microsoft.com 443
192.168.122.201 49189 61.147.219.124 www.microsoft.com 443
192.168.122.201 49190 61.147.219.124 www.microsoft.com 443
192.168.122.201 49198 61.147.219.124 www.microsoft.com 443
192.168.122.201 49199 61.147.219.124 www.microsoft.com 443
192.168.122.201 49200 61.147.219.124 www.microsoft.com 443
192.168.122.201 49201 61.147.219.124 www.microsoft.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49532 192.168.122.1 53
192.168.122.201 52179 192.168.122.1 53
192.168.122.201 52207 192.168.122.1 53
192.168.122.201 53125 192.168.122.1 53
192.168.122.201 54135 192.168.122.1 53
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53
192.168.122.201 60465 192.168.122.1 53
192.168.122.201 60919 192.168.122.1 53
192.168.122.201 61329 192.168.122.1 53
192.168.122.201 65178 192.168.122.1 53
192.168.122.201 65179 192.168.122.1 53
192.168.122.201 65259 192.168.122.1 53

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49191 13.107.213.50 wcpstatic.microsoft.com 443
192.168.122.201 49194 13.107.213.50 wcpstatic.microsoft.com 443
192.168.122.201 49202 13.107.213.50 wcpstatic.microsoft.com 443
192.168.122.201 49179 13.107.246.50 wcpstatic.microsoft.com 443
192.168.122.201 49184 13.107.246.50 wcpstatic.microsoft.com 443
192.168.122.201 49195 13.107.246.50 wcpstatic.microsoft.com 443
192.168.122.201 49162 23.197.245.164 support.office.com 443
192.168.122.201 49164 23.197.245.164 support.office.com 443
192.168.122.201 49171 23.197.245.164 support.office.com 443
192.168.122.201 49185 23.204.146.162 img-prod-cms-rt-microsoft-com.akamaized.net 443
192.168.122.201 49186 23.204.146.162 img-prod-cms-rt-microsoft-com.akamaized.net 443
192.168.122.201 49192 23.204.146.162 img-prod-cms-rt-microsoft-com.akamaized.net 443
192.168.122.201 49193 23.204.146.162 img-prod-cms-rt-microsoft-com.akamaized.net 443
192.168.122.201 49196 23.204.146.162 img-prod-cms-rt-microsoft-com.akamaized.net 443
192.168.122.201 49197 23.204.146.162 img-prod-cms-rt-microsoft-com.akamaized.net 443
192.168.122.201 49203 23.204.146.162 img-prod-cms-rt-microsoft-com.akamaized.net 443
192.168.122.201 49204 23.204.146.162 img-prod-cms-rt-microsoft-com.akamaized.net 443
192.168.122.201 49165 23.33.16.112 support.microsoft.com 443
192.168.122.201 49166 23.33.16.112 support.microsoft.com 443
192.168.122.201 49167 23.33.16.112 support.microsoft.com 443
192.168.122.201 49172 23.33.16.112 support.microsoft.com 443
192.168.122.201 49173 23.33.16.112 support.microsoft.com 443
192.168.122.201 49174 23.33.16.112 support.microsoft.com 443
192.168.122.201 49175 23.33.16.112 support.microsoft.com 443
192.168.122.201 49187 23.33.17.164 c.s-microsoft.com 443
192.168.122.201 49163 23.45.112.74 80
192.168.122.201 49160 52.109.124.150 officeredir.microsoft.com 80
192.168.122.201 49161 52.109.124.150 officeredir.microsoft.com 80
192.168.122.201 49169 52.109.124.150 officeredir.microsoft.com 80
192.168.122.201 49170 52.109.124.150 officeredir.microsoft.com 80
192.168.122.201 49176 61.147.219.124 www.microsoft.com 443
192.168.122.201 49177 61.147.219.124 www.microsoft.com 443
192.168.122.201 49178 61.147.219.124 www.microsoft.com 443
192.168.122.201 49182 61.147.219.124 www.microsoft.com 443
192.168.122.201 49183 61.147.219.124 www.microsoft.com 443
192.168.122.201 49188 61.147.219.124 www.microsoft.com 443
192.168.122.201 49189 61.147.219.124 www.microsoft.com 443
192.168.122.201 49190 61.147.219.124 www.microsoft.com 443
192.168.122.201 49198 61.147.219.124 www.microsoft.com 443
192.168.122.201 49199 61.147.219.124 www.microsoft.com 443
192.168.122.201 49200 61.147.219.124 www.microsoft.com 443
192.168.122.201 49201 61.147.219.124 www.microsoft.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49532 192.168.122.1 53
192.168.122.201 52179 192.168.122.1 53
192.168.122.201 52207 192.168.122.1 53
192.168.122.201 53125 192.168.122.1 53
192.168.122.201 54135 192.168.122.1 53
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53
192.168.122.201 60465 192.168.122.1 53
192.168.122.201 60919 192.168.122.1 53
192.168.122.201 61329 192.168.122.1 53
192.168.122.201 65178 192.168.122.1 53
192.168.122.201 65179 192.168.122.1 53
192.168.122.201 65259 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://officeredir.microsoft.com/r/rlidUNLGenuine?LCID=2052&MSG=1&PID=02260-018-0000106-48620
GET /r/rlidUNLGenuine?LCID=2052&MSG=1&PID=02260-018-0000106-48620 HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office)
Accept-Encoding: gzip, deflate
Host: officeredir.microsoft.com
Connection: Keep-Alive
Cookie: WT_FPC=id=2ea84d10a1187b93d1f1504351520961:lv=1504351536858:ss=1504351520961

URL专业沙箱检测 -> http://o15.officeredir.microsoft.com/r/rlidUNLGenuineRedir?p1=1&clid=2052&LCID=2052&MSG=1&PID=02260-018-0000106-48620
GET /r/rlidUNLGenuineRedir?p1=1&clid=2052&LCID=2052&MSG=1&PID=02260-018-0000106-48620 HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office)
Accept-Encoding: gzip, deflate
Host: o15.officeredir.microsoft.com
Connection: Keep-Alive
Cookie: WT_FPC=id=2ea84d10a1187b93d1f1504351520961:lv=1504351536858:ss=1504351520961

URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

URL专业沙箱检测 -> http://officeredir.microsoft.com/r/rlidUNLGenuine?LCID=2052&MSG=2&PID=02260-018-0000106-48620
GET /r/rlidUNLGenuine?LCID=2052&MSG=2&PID=02260-018-0000106-48620 HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office)
Accept-Encoding: gzip, deflate
Host: officeredir.microsoft.com
Connection: Keep-Alive
Cookie: WT_FPC=id=2ea84d10a1187b93d1f1504351520961:lv=1504351536858:ss=1504351520961

URL专业沙箱检测 -> http://o15.officeredir.microsoft.com/r/rlidUNLGenuineRedir?p1=2&clid=2052&LCID=2052&MSG=2&PID=02260-018-0000106-48620
GET /r/rlidUNLGenuineRedir?p1=2&clid=2052&LCID=2052&MSG=2&PID=02260-018-0000106-48620 HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office)
Accept-Encoding: gzip, deflate
Host: o15.officeredir.microsoft.com
Connection: Keep-Alive
Cookie: WT_FPC=id=2ea84d10a1187b93d1f1504351520961:lv=1504351536858:ss=1504351520961

URL专业沙箱检测 -> http://officeredir.microsoft.com/r/rlidUNLGenuine?LCID=2052&MSG=2&PID=02260-018-0000106-48620
GET /r/rlidUNLGenuine?LCID=2052&MSG=2&PID=02260-018-0000106-48620 HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office)
Accept-Encoding: gzip, deflate
Host: officeredir.microsoft.com
Connection: Keep-Alive
Cookie: WT_FPC=id=2ea84d10a1187b93d1f1504351520961:lv=1504351536858:ss=1504351520961; ak_bmsc=E2D58E780D9A71A73242CDF7A6155BAC~000000000000000000000000000000~YAAQj+Bb2sF9cmyIAQAAeD7mlBTzjZ3kZRnorszub77o/dn/n2weock57vZegYBHdMPG2+Cq707evWlAJms+p0g5Y3V4Qff97BLXBWXOAkMY+AiNZy1Qgljbi5Vqd2BEjmuk/uYZExkheXnGUey9gK8ChMAn59j1Lc6DrlVvFWwsJKZwS0Vis4IQlgU7uZ+Zp2x41nZM/jlZZ/oBaTwKjS/MNSg5byc4bmlSp+aKIqeTfvvDn9Xt5IV1Ixe4d3kumkkMQm58mDeKKqtewerBJtZbcXLLQ3VJ9MiYm1prCYntRcPnPUtxj8HXJttCNNkSfFMWwBOdssbCRNsT+ygPPvNSud8oEzSaK86UN8UgHQG0Uq3VVBSuRq1YRv7H0iY=

URL专业沙箱检测 -> http://o15.officeredir.microsoft.com/r/rlidUNLGenuineRedir?p1=2&clid=2052&LCID=2052&MSG=2&PID=02260-018-0000106-48620
GET /r/rlidUNLGenuineRedir?p1=2&clid=2052&LCID=2052&MSG=2&PID=02260-018-0000106-48620 HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office)
Accept-Encoding: gzip, deflate
Host: o15.officeredir.microsoft.com
Connection: Keep-Alive
Cookie: WT_FPC=id=2ea84d10a1187b93d1f1504351520961:lv=1504351536858:ss=1504351520961; ak_bmsc=E2D58E780D9A71A73242CDF7A6155BAC~000000000000000000000000000000~YAAQj+Bb2sF9cmyIAQAAeD7mlBTzjZ3kZRnorszub77o/dn/n2weock57vZegYBHdMPG2+Cq707evWlAJms+p0g5Y3V4Qff97BLXBWXOAkMY+AiNZy1Qgljbi5Vqd2BEjmuk/uYZExkheXnGUey9gK8ChMAn59j1Lc6DrlVvFWwsJKZwS0Vis4IQlgU7uZ+Zp2x41nZM/jlZZ/oBaTwKjS/MNSg5byc4bmlSp+aKIqeTfvvDn9Xt5IV1Ixe4d3kumkkMQm58mDeKKqtewerBJtZbcXLLQ3VJ9MiYm1prCYntRcPnPUtxj8HXJttCNNkSfFMWwBOdssbCRNsT+ygPPvNSud8oEzSaK86UN8UgHQG0Uq3VVBSuRq1YRv7H0iY=

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2023-06-07 16:08:03.460134+0800 192.168.122.201 49162 23.197.245.164 443 TLS 1.2 C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 02 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=support.office.com f8:2b:56:b9:35:29:e8:68:3a:d2:55:70:fe:52:67:76:4a:2c:0c:ec
2023-06-07 16:08:13.962571+0800 192.168.122.201 49177 61.147.219.124 443 TLS 1.2 C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 06 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=www.microsoft.com 2d:6e:2a:e5:b3:6f:22:07:6a:19:7d:50:00:9d:ee:66:39:6a:a9:9c
2023-06-07 16:08:14.867841+0800 192.168.122.201 49179 13.107.246.50 443 TLS 1.2 C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=wcpstatic.microsoft.com ad:03:4f:51:d2:e7:02:3e:a7:f8:2e:2c:9c:0e:4c:62:62:7c:10:a1
2023-06-07 16:08:13.351216+0800 192.168.122.201 49176 61.147.219.124 443 TLS 1.2 C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 06 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=www.microsoft.com 2d:6e:2a:e5:b3:6f:22:07:6a:19:7d:50:00:9d:ee:66:39:6a:a9:9c
2023-06-07 16:08:15.923208+0800 192.168.122.201 49184 13.107.246.50 443 TLS 1.2 C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 06 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=identitycdn.msauth.net 39:26:0c:c1:15:7c:cd:fb:a0:02:79:61:ae:03:2c:85:65:25:bc:7e
2023-06-07 16:08:16.363413+0800 192.168.122.201 49185 23.204.146.162 443 TLS 1.2 C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1 C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net a3:c7:b4:95:4e:16:bd:c5:8a:ee:85:53:5d:c1:c2:cd:43:e9:ec:b9
2023-06-07 16:08:16.360162+0800 192.168.122.201 49186 23.204.146.162 443 TLS 1.2 C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1 C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net a3:c7:b4:95:4e:16:bd:c5:8a:ee:85:53:5d:c1:c2:cd:43:e9:ec:b9
2023-06-07 16:08:17.229299+0800 192.168.122.201 49188 61.147.219.124 443 TLS 1.2 C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 06 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=www.microsoft.com 2d:6e:2a:e5:b3:6f:22:07:6a:19:7d:50:00:9d:ee:66:39:6a:a9:9c
2023-06-07 16:08:17.254760+0800 192.168.122.201 49187 23.33.17.164 443 TLS 1.2 C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 06 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=www.microsoft.com 2d:6e:2a:e5:b3:6f:22:07:6a:19:7d:50:00:9d:ee:66:39:6a:a9:9c
2023-06-07 16:08:19.879302+0800 192.168.122.201 49194 13.107.213.50 443 TLS 1.2 C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 06 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=identitycdn.msauth.net 39:26:0c:c1:15:7c:cd:fb:a0:02:79:61:ae:03:2c:85:65:25:bc:7e
2023-06-07 16:08:18.683851+0800 192.168.122.201 49191 13.107.213.50 443 TLS 1.2 C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=wcpstatic.microsoft.com ad:03:4f:51:d2:e7:02:3e:a7:f8:2e:2c:9c:0e:4c:62:62:7c:10:a1
2023-06-07 16:08:20.026737+0800 192.168.122.201 49193 23.204.146.162 443 TLS 1.2 C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1 C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net a3:c7:b4:95:4e:16:bd:c5:8a:ee:85:53:5d:c1:c2:cd:43:e9:ec:b9
2023-06-07 16:08:19.759052+0800 192.168.122.201 49195 13.107.246.50 443 TLS 1.2 C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 06 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=identitycdn.msauth.net 39:26:0c:c1:15:7c:cd:fb:a0:02:79:61:ae:03:2c:85:65:25:bc:7e
2023-06-07 16:08:20.141524+0800 192.168.122.201 49192 23.204.146.162 443 TLS 1.2 C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1 C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net a3:c7:b4:95:4e:16:bd:c5:8a:ee:85:53:5d:c1:c2:cd:43:e9:ec:b9
2023-06-07 16:08:23.348038+0800 192.168.122.201 49202 13.107.213.50 443 TLS 1.2 C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 06 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=identitycdn.msauth.net 39:26:0c:c1:15:7c:cd:fb:a0:02:79:61:ae:03:2c:85:65:25:bc:7e

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 39.56 seconds )

  • 15.211 NetworkAnalysis
  • 12.732 Static
  • 11.122 Suricata
  • 0.462 TargetInfo
  • 0.018 Strings
  • 0.01 AnalysisInfo
  • 0.003 BehaviorAnalysis
  • 0.002 Memory

Signatures ( 1.643 seconds )

  • 1.534 md_url_bl
  • 0.029 md_domain_bl
  • 0.011 antiav_detectreg
  • 0.005 anomaly_persistence_autorun
  • 0.005 antiav_detectfile
  • 0.005 geodo_banking_trojan
  • 0.005 infostealer_ftp
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_im
  • 0.003 maldun_pdf_file_phishing
  • 0.003 network_http
  • 0.003 network_torgateway
  • 0.002 tinba_behavior
  • 0.002 cerber_behavior
  • 0.002 antianalysis_detectreg
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 infostealer_mail
  • 0.001 rat_nanocore
  • 0.001 betabot_behavior
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt
  • 0.001 stealth_modify_security_center_warnings

Reporting ( 0.975 seconds )

  • 0.931 ReportHTMLSummary
  • 0.044 Malheur
Task ID 721962
Mongo ID 64803b547e769a4ec29e39e1
Cuckoo release 1.4-Maldun