分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
URL | win7-sp1-x64-hpdapp03-1 | 2018-05-21 19:54:40 | 2018-05-21 19:57:03 | 143 秒 |
URL |
---|
URL专业沙箱检测 -> http://khd.nwzhi.com/khd_nwzhi_start.dll?v=201801220416 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 58.216.106.208 | 未知 | 中国 |
域名 | 安全评级 | 响应 |
---|---|---|
khd.nwzhi.com | 未知 |
CNAME temp.p23.tc.cdntip.com CNAME tiny.china.qiniu.cloud.cdntip.com CNAME iduxcfq.qiniudns.com A 180.101.217.205 A 180.101.217.192 A 180.101.217.117 A 221.228.218.203 A 58.216.106.210 A 221.228.219.107 A 58.216.106.208 A 221.228.219.71 A 221.228.218.214 CNAME tiny2.china.line.qiniudns.com A 180.101.217.196 |
Name: Nexperian Holding Limited Country: CN State: Zhejiang City: Hangzhou ZIP Code: 311121 Address: Le Jia International No.999 Liang Mu Road Yuhang District Orginization: Nexperian Holding Limited Domain Name(s): NWZHI.COM nwzhi.com Creation Date: 2012-01-05 06:53:53 Updated Date: 2017-07-07 03:41:13 Expiration Date: 2019-01-05 06:53:53 Email(s): DomainAbuse@service.aliyun.com YuMing@YinSiBaoHu.AliYun.com Registrar(s): HiChina Zhicheng Technology Ltd. Name Server(s): DNS27.HICHINA.COM DNS28.HICHINA.COM Referral URL(s): None
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 58.216.106.208 | 未知 | 中国 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 55824 | 192.168.122.1 | 53 |
192.168.122.201 | 55825 | 58.216.106.208 khd.nwzhi.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49651 | 192.168.122.1 | 53 |
192.168.122.201 | 52308 | 192.168.122.1 | 53 |
域名 | 安全评级 | 响应 |
---|---|---|
khd.nwzhi.com | 未知 |
CNAME temp.p23.tc.cdntip.com CNAME tiny.china.qiniu.cloud.cdntip.com CNAME iduxcfq.qiniudns.com A 180.101.217.205 A 180.101.217.192 A 180.101.217.117 A 221.228.218.203 A 58.216.106.210 A 221.228.219.107 A 58.216.106.208 A 221.228.219.71 A 221.228.218.214 CNAME tiny2.china.line.qiniudns.com A 180.101.217.196 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 55824 | 192.168.122.1 | 53 |
192.168.122.201 | 55825 | 58.216.106.208 khd.nwzhi.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49651 | 192.168.122.1 | 53 |
192.168.122.201 | 52308 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://khd.nwzhi.com/khd_nwzhi_start.dll?v=201801220416 | GET /khd_nwzhi_start.dll?v=201801220416 HTTP/1.1 Accept: */* Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=4&ved=0CCEQfjWVp5RlZpZkNDQ0lYVUZoT3lqaXB2&url=http%3A%2F%2Fkhd.nwzhi.com%2Fkhd_nwzhi_start.dll%3Fv%3D201801220416&ei=UkR1dGFPUUREWEFU&usg=AFQjaW9nZnFyQ05EdFZJ Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: khd.nwzhi.com Connection: Keep-Alive |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
No TLS
No Suricata HTTP
文件名 | index.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
|
文件大小 | 32768 字节 |
文件类型 | Internet Explorer cache file version Ver 5.2 |
MD5 | 0aee387ca0a52dcdd8f8a29ea76edb42 |
SHA1 | 5df81547dcadb2a7b8bc689da8e1383ba1a84cb9 |
SHA256 | c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e |
CRC32 | B451CA0B |
Ssdeep | 12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ |
魔盾安全分析结果 | 2.0 分析时间:2016-11-06 20:10:20 查看分析报告 |
下载 提交魔盾安全分析 |
文件名 | RecoveryStore.{BB754F03-5CED-11E8-91CC-525400E1D82E}.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BB754F03-5CED-11E8-91CC-525400E1D82E}.dat
|
文件大小 | 3584 字节 |
文件类型 | Composite Document File V2 Document, Cannot read section info |
MD5 | d5fb5ecaf9bfbb758c8460d06b6f316c |
SHA1 | 76c7ea8bde0fc17cc524ee479d98c1e818ac8965 |
SHA256 | f5ecfa82b181af938bcaf7f7e887aa4809e06a5bedb3de8714f9d7b9aa77bec9 |
CRC32 | C6430128 |
Ssdeep | 12:rl0YmGF2trEg5+IaCrI017+FPDrEgmf+IaCy8qgQNlTqof5m0PlD0Pla40Pl:rIt5/AGv/TQNlWof5 |
下载 提交魔盾安全分析 |
文件名 | down[1] |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\down[1]
|
文件大小 | 3414 字节 |
文件类型 | PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced |
MD5 | 555e83ce7f5d280d7454af334571fb25 |
SHA1 | 47f78f68d72e3d9041acc9107a6b0d665f408385 |
SHA256 | 70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880 |
CRC32 | 9EA3279D |
Ssdeep | 96:/SDZ/I09Da01l+gmkyTt6Hk8nTjTnJw1Ne:/SDS0tKg9E05TPoNe |
下载 提交魔盾安全分析 |
文件名 | MSIMGSIZ.DAT |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
|
文件大小 | 16384 字节 |
文件类型 | data |
MD5 | 133feee5310e20e4ba94e459bae8b3e4 |
SHA1 | 3683dd609fb29ed26d3f41f0f943914d29b6ffae |
SHA256 | 7cbd32f4a41694695e78f9ac3af6fe2e8afca7dc966f7904fa498269572d68b6 |
CRC32 | 4F400BC6 |
Ssdeep | 48:jGQhN7sXHWrVmqESaakad5PIy+9/8JrcVjdS6gPdY4z7el:CBXHbbSrka5PIL8mJdcPzz76 |
下载 提交魔盾安全分析 |
文件名 | info_48[1] |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\info_48[1]
|
文件大小 | 6993 字节 |
文件类型 | PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced |
MD5 | 49e0ef03e74704089a60c437085db89e |
SHA1 | c2e7ab3ce114465ea7060f2ef738afcb3341a384 |
SHA256 | caa140523ba00994536b33618654e379216261babaae726164a0f74157bb11ff |
CRC32 | 4C99540A |
Ssdeep | 192:NS0tKg9E05THXQJBCnFux5TsRfb+Y0ObhD9Uc7:LXE05UBCFAORfK9S7b7 |
下载 提交魔盾安全分析 |
文件名 | index.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
|
文件大小 | 65536 字节 |
文件类型 | Internet Explorer cache file version Ver 5.2 |
MD5 | 0ee0d92f5ad9cd4d354a120734ae8e5e |
SHA1 | a3d2338356b933a1240f053b89efe7f1b5e63353 |
SHA256 | bd15c1573c53ac40e26c307c00be243ace57eb5fd0d2879349b24832d2e7a771 |
CRC32 | 36F430F7 |
Ssdeep | 384:wEEG/+oo0M7hPfdoW7QRyUEZeluUFyvp64PBhqNLguX3/5YSHYjitk9t7sub/2Iw:wEEG/+Rg |
下载 提交魔盾安全分析 |
文件名 | background_gradient[1] |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\background_gradient[1]
|
文件大小 | 453 字节 |
文件类型 | JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3 |
MD5 | 20f0110ed5e4e0d5384a496e4880139b |
SHA1 | 51f5fc61d8bf19100df0f8aadaa57fcd9c086255 |
SHA256 | 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b |
CRC32 | C2D0CE77 |
Ssdeep | 6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi |
下载 提交魔盾安全分析 |
文件名 | ErrorPageTemplate[1] |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\ErrorPageTemplate[1]
|
文件大小 | 2226 字节 |
文件类型 | UTF-8 Unicode (with BOM) text, with CRLF line terminators |
MD5 | 9e7f4ae3f245c70af5b7dbe095647d30 |
SHA1 | cbcffb08f72c10e3e2493ca0044872a7ebdc7215 |
SHA256 | 2f9117806e0e1ae4fc3b023b348910657b6948de2ecfd4f39f2846cebbefc1df |
CRC32 | 08BB8CA5 |
Ssdeep | 48:5sFR52FH5k5pvFehWrrarrZIrHd3FIQfOS6:5s52TydFPr81yHpBGR |
魔盾安全分析结果 | 4.0 分析时间:2016-11-15 15:07:12 查看分析报告 |
下载 提交魔盾安全分析 |
文件名 | bullet[1] |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\bullet[1]
|
文件大小 | 3169 字节 |
文件类型 | PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced |
MD5 | 0c4c086dd852704e8eeb8ff83e3b73d1 |
SHA1 | 56bac3d2c88a83628134b36322e37deb6b00b1a1 |
SHA256 | 1cb3b6ea56c5b5decf5e1d487ad51dbb2f62e6a6c78f23c1c81fda1b64f8db16 |
CRC32 | 51CC83D9 |
Ssdeep | 48:VocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcOD2X+r0svw:VZ/I09Da01l+gmkyTt6Hk8nT2X+r0kw |
下载 提交魔盾安全分析 |
文件名 | {BB754F04-5CED-11E8-91CC-525400E1D82E}.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BB754F04-5CED-11E8-91CC-525400E1D82E}.dat
|
文件大小 | 4608 字节 |
文件类型 | Composite Document File V2 Document, Cannot read section info |
MD5 | 37aef41afcc08b671de317ce88057bbb |
SHA1 | f72574378c92983ef88551ba8380bcf3aa38b611 |
SHA256 | f9974b089c5802e1ec61561abd548bcb005b301913cfa2a672122cf21561eb85 |
CRC32 | 7F65124D |
Ssdeep | 12:rlfFyrEgmfR16F0WrEgmfcB1qjNlYfOo3+/NlL9oAzAY3c:rWGKGTNljowNlpo8dc |
下载 提交魔盾安全分析 |
文件名 | errorPageStrings[1] |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\errorPageStrings[1]
|
文件大小 | 1643 字节 |
文件类型 | UTF-8 Unicode (with BOM) text, with CRLF line terminators |
MD5 | 13216fa0f896b1b7c445fe9a54b5b998 |
SHA1 | d343d35b45507640bc68487d4ad3afcb927ce950 |
SHA256 | 7a656b15efaacb1179b883327369819483b5a0c2f2d8486db6c347f4f8a7ae61 |
CRC32 | 3A14753A |
Ssdeep | 48:zGY5w5zquO05l9zWJ6N51Re45RnR5RynEK+5RXdHymL5RlRdPoh5y5U5BU5Cc:z5Qzq3crIM1RtR3Rynd6RXd5RTmnW4xc |
魔盾安全分析结果 | 4.0 分析时间:2016-11-15 15:07:57 查看分析报告 |
下载 提交魔盾安全分析 |
文件名 | http_403[1] |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\http_403[1]
|
文件大小 | 4542 字节 |
文件类型 | HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators |
MD5 | 5b60734d66bc3b523f2bc12c7bc06da2 |
SHA1 | e2648a430a93302108bc072e10f3fbcd0f177377 |
SHA256 | e15547a2e90df54a2b9240411ee76118978d0487f199bca6a9410822656ac7e6 |
CRC32 | 1AC524C9 |
Ssdeep | 48:upUwQV4VOBXvLM5ZIPTC5sU1a5TIm7n3GFEUKGuc1kpTcuKmFXiTr:ugpg5ZQws7B36HgAuBoTr |
下载 提交魔盾安全分析 |
文件名 | httpErrorPagesScripts[1] |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\httpErrorPagesScripts[1]
|
文件大小 | 8601 字节 |
文件类型 | UTF-8 Unicode (with BOM) text, with CRLF, CR line terminators |
MD5 | e7ca76a3c9ee0564471671d500e3f0f3 |
SHA1 | fe815ae0f865ec4c26e421bf0bd21bb09bc6f410 |
SHA256 | 58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c |
CRC32 | A7C34EF3 |
Ssdeep | 192:HMmjTiiKfi9Ii4UFjC9jo4oXdu7mjxAb3Y:smjTiiKfi9IiPj+k3Xdu7mjxAb3Y |
魔盾安全分析结果 | 4.0 分析时间:2016-11-15 15:05:24 查看分析报告 |
下载 提交魔盾安全分析 |
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 162326 |
---|---|
Mongo ID | 5b02b43ea093ef7998134ec4 |
Cuckoo release | 1.4-Maldun |