{"report_id":"8263d06a-543a-4428-a64e-32d9c604669e","version":6,"status":"done","tags":[],"date":"2025-04-03T13:39:09Z","url":{"schema":"http","addr":"doc.dyfwq.cn/software/printer-driver-setup/remote-printer-assistant.exe","fqdn":"doc.dyfwq.cn","domain":"dyfwq.cn","tld":"cn"},"ip":{"addr":"180.163.146.103","port":0,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-12T13:39:09Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"doc.dyfwq.cn","ip":{"addr":"180.163.146.103","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"domain_registered":"2017-03-01","domain_rank":0,"first_seen":"2020-10-02T12:15:26Z","last_seen":"2025-04-01T18:00:52.172777Z","alert_count":1,"request_count":1,"received_data":14972053,"sent_data":539,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"26a51944d1c1f9f2c91e7fb17c428aed","sha1":"0f3cac434fa20a8b0a5ce96b8e16de1ca0d1fae5","sha256":"7bedf1fd3e2b7361681a02517bd4ce9a3b8254fd00ed45ffd877cf6477c62565","sha512":"435790e0e1398b839216a793f2a14d3a4850fea686ed0b877c36afe577491688c3805149f05b01ebf9b83636267aacb86db1ac092efd707d640b7787bdbde2e8","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections","size":14971208,"url":{"schema":"https","addr":"doc.dyfwq.cn/software/printer-driver-setup/remote-printer-assistant.exe","fqdn":"doc.dyfwq.cn","domain":"dyfwq.cn","tld":"cn"},"ip":{"addr":"180.163.146.103","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-22","alert":"Scan result 36/72","trigger":"7bedf1fd3e2b7361681a02517bd4ce9a3b8254fd00ed45ffd877cf6477c62565","verdict":"malicious","severity":"","comment":"malicious - 36/72","link":"https://www.virustotal.com/gui/file/7bedf1fd3e2b7361681a02517bd4ce9a3b8254fd00ed45ffd877cf6477c62565","meta":null}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"26a51944d1c1f9f2c91e7fb17c428aed","sha1":"0f3cac434fa20a8b0a5ce96b8e16de1ca0d1fae5","sha256":"7bedf1fd3e2b7361681a02517bd4ce9a3b8254fd00ed45ffd877cf6477c62565","sha512":"435790e0e1398b839216a793f2a14d3a4850fea686ed0b877c36afe577491688c3805149f05b01ebf9b83636267aacb86db1ac092efd707d640b7787bdbde2e8","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections","size":14971208,"url":{"schema":"https","addr":"doc.dyfwq.cn/software/printer-driver-setup/remote-printer-assistant.exe","fqdn":"doc.dyfwq.cn","domain":"dyfwq.cn","tld":"cn"},"ip":{"addr":"180.163.146.103","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-22","alert":"Scan result 36/72","trigger":"7bedf1fd3e2b7361681a02517bd4ce9a3b8254fd00ed45ffd877cf6477c62565","verdict":"malicious","severity":"","comment":"malicious - 36/72","link":"https://www.virustotal.com/gui/file/7bedf1fd3e2b7361681a02517bd4ce9a3b8254fd00ed45ffd877cf6477c62565","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"doc.dyfwq.cn/software/printer-driver-setup/remote-printer-assistant.exe","fqdn":"doc.dyfwq.cn","domain":"dyfwq.cn","tld":"cn"},"ip":{"addr":"180.163.146.103","port":443,"asn":4812,"as":"China Telecom Group","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-04-03T13:38:44.978Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dyfwq.cn","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Mon, 03 Mar 2025 00:00:00 GMT","end":"Fri, 20 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AF:D7:9D:DB:21:78:D2:3C:1B:99:23:4B:7E:0B:15:39:D2:13:71:79","sha256":"75:5C:4E:24:EA:91:80:37:A2:7F:9A:6E:8A:D9:0A:5F:4C:69:0D:53:41:C2:8B:A2:87:00:98:B0:43:5A:F0:F5"}}},"request":{"raw":"GET /software/printer-driver-setup/remote-printer-assistant.exe HTTP/1.1\r\nHost: doc.dyfwq.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: application/octet-stream\r\ncontent-length: 14971208\r\nstrict-transport-security: max-age=5184000\r\ndate: Thu, 03 Apr 2025 13:38:28 GMT\r\nx-oss-request-id: 67EE8F54D326A13430B4FC62\r\nx-oss-cdn-auth: success\r\naccept-ranges: bytes\r\nx-oss-object-type: Multipart\r\nx-oss-storage-class: Standard\r\netag: \"BFE68B9ED8F2A278551686942E037ED0-2\"\r\nlast-modified: Wed, 30 Mar 2022 08:43:53 GMT\r\nx-oss-hash-crc64ecma: 5472608595365500214\r\nx-oss-server-time: 84\r\nvia: cache34.l2cn3008[126,145,200-0,H], cache38.l2cn3008[148,0], kunlun10.cn7174[0,0,200-0,H], kunlun5.cn7174[3,0]\r\nage: 18\r\nali-swift-global-savetime: 1743687508\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Thu, 03 Apr 2025 13:38:28 GMT\r\nx-swift-cachetime: 3600\r\ntiming-allow-origin: *\r\neagleid: b4a3921917436875261848536e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":14971208,"size_decoded":0,"mime_type":"application/octet-stream","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections","md5":"26a51944d1c1f9f2c91e7fb17c428aed","sha1":"0f3cac434fa20a8b0a5ce96b8e16de1ca0d1fae5","sha256":"7bedf1fd3e2b7361681a02517bd4ce9a3b8254fd00ed45ffd877cf6477c62565","sha512":"435790e0e1398b839216a793f2a14d3a4850fea686ed0b877c36afe577491688c3805149f05b01ebf9b83636267aacb86db1ac092efd707d640b7787bdbde2e8","ssdeep":"393216:mjqIrCvRrX3tWpAy5JqqfjEP2CTjqJXbifLeRCpn:mjqqCJrHtWpAiJ9jERkXbiDeRCpn","tlshash":"7de6338e8e569d12e5bec07c6d252478decaaa176d42303e6e92f5c30473a7f40c752b","first_seen":"2023-09-06T07:20:37Z","last_seen":"2025-04-03T13:39:12.164359Z","times_seen":4,"resource_available":false,"data":null}},"time_used":16709,"timings":{"blocked":582,"dns":60,"connect":260,"send":0,"wait":785,"receive":14747,"ssl":269},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-22","alert":"Scan result 36/72","trigger":"7bedf1fd3e2b7361681a02517bd4ce9a3b8254fd00ed45ffd877cf6477c62565","verdict":"malicious","severity":"","comment":"malicious - 36/72","link":"https://www.virustotal.com/gui/file/7bedf1fd3e2b7361681a02517bd4ce9a3b8254fd00ed45ffd877cf6477c62565","meta":null}],"urlquery":null}}]}