vbc.exe| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6401 | April 8, 2021, 5:19 p.m. | April 8, 2021, 5:21 p.m. |
| IP Address | Status | Action |
|---|---|---|
| 104.21.48.10 | Active | Moloch |
| 107.180.3.174 | Active | Moloch |
| 164.124.101.2 | Active | Moloch |
| 185.203.72.17 | Active | Moloch |
| 192.185.48.194 | Active | Moloch |
| 208.91.197.91 | Active | Moloch |
| 217.26.52.94 | Active | Moloch |
| 34.102.136.180 | Active | Moloch |
| 34.80.190.141 | Active | Moloch |
| 45.82.188.40 | Active | Moloch |
| 45.88.202.115 | Active | Moloch |
| 52.20.84.62 | Active | Moloch |
| 52.71.133.130 | Active | Moloch |
| 63.250.43.5 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
| section | .ndata |
| suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.qapjv.com/evpn/?D6h4=KePclr5tCRyrfnzjX4wAinDDCGYk72NIlWxUakbS8GN9S304duEf1xO9V55L4ZTGuXdpab2y&nPntH4=dX_L8D4HXZzp | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.countrysidehomeinvestors.com/evpn/?D6h4=+thwAni1TitA/B+LCJDRaFs4Zt3sl/gdWMq6XCi349ffKiNrG41oyJyNm4OBcFOIEZ5aj0wU&nPntH4=dX_L8D4HXZzp | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.fydia.com/evpn/?D6h4=U0Pdmtqnl5IQOHOa+Swt/ksTplWHB0r6aeZdYSmG/jGzqXqeRJl3/7yJ3GdZ6x97IK61R7LY&nPntH4=dX_L8D4HXZzp | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.productsoffholland.com/evpn/?D6h4=0M6ZQgL+VbeNDn0sro3oU0+S4lgLLFgc0WcIGv88N+1YoVES666x5cKBY948pI+OGWuvSodP&nPntH4=dX_L8D4HXZzp | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.autotrafficbot.com/evpn/?D6h4=rbKZoqFPsNJ2bvlhmf723j5e1+/Af1Vmd2u+ZeEZ0ie/WKnv1v1LUDqg1UddTDWFwcX/g20l&nPntH4=dX_L8D4HXZzp | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.votestephaniezarb.com/evpn/?D6h4=q1v52H7gJaJFF8lxZzPBWFKUEr/f1FgfMSh++CyqCv48Zo36wD6vDjvID/DVyJAAcXGpFQye&nPntH4=dX_L8D4HXZzp | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.gregismyrealestateagent.com/evpn/?D6h4=UDxzuRpp3ee2ue0AVzbwL1i6nUgviHPd/6S/0dui9ZHjZA8e1Wa/fDVmQ/DeFf99W/kFdXtb&nPntH4=dX_L8D4HXZzp | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.jamessicilia.com/evpn/?D6h4=fhrZBjxYVzL8qZQGLB9i/eTcrXrQxugx+j44/lnAE96eBvW+OyfazlyWj6JQQjfU0oX/99ZN&nPntH4=dX_L8D4HXZzp | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.alekseeva-center.info/evpn/?D6h4=De8vye+n3oqZLlmjueE5B8KI6ACnEoIa0MMC+BJdy2OAZINCeNeuivrvyd3trgislK/EVBAB&nPntH4=dX_L8D4HXZzp | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.jsmsheetmetal.com/evpn/?D6h4=nFSU6/0yY/TEijhMuJnSprhNoA6Tf4Q55kB1k5Q4IoiwW0XAi44ThgusXEfeg/e9/+qUxoLe&nPntH4=dX_L8D4HXZzp | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.oncologyacademe.com/evpn/?D6h4=QLxrSaPDVk4zu3Mjq/Y+8N2chkSqNtYb+epP9wTuYSqXXdCW+AS+9x8wkYr+oo19Ce3SjCFH&nPntH4=dX_L8D4HXZzp | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.washathome.club/evpn/?D6h4=zSE6TKEr8oHKdWzfboJeCkTD11Ty+NhZmQD50rQg1ZRiORPGFjOfmKm+g3DSne5KpKHhYShC&nPntH4=dX_L8D4HXZzp | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.bpro.swiss/evpn/?D6h4=M4+hwq9pZsNgfndd12NLRk/KnBHIoCQRaaBVLY9Y5z0L/f0jfcJXvlY/g8dK0vPbWdkoB3VR&nPntH4=dX_L8D4HXZzp | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET http://www.usinggroovefunnels.com/evpn/?D6h4=ISts4gbO8tvRSxWhSHZmognB97NvFE2BZphiEuA1ZcI94lnrKBCD1U2xemW5kDd51MYcqgnE&nPntH4=dX_L8D4HXZzp | ||||||
| request | POST http://www.qapjv.com/evpn/ |
| request | GET http://www.qapjv.com/evpn/?D6h4=KePclr5tCRyrfnzjX4wAinDDCGYk72NIlWxUakbS8GN9S304duEf1xO9V55L4ZTGuXdpab2y&nPntH4=dX_L8D4HXZzp |
| request | POST http://www.countrysidehomeinvestors.com/evpn/ |
| request | GET http://www.countrysidehomeinvestors.com/evpn/?D6h4=+thwAni1TitA/B+LCJDRaFs4Zt3sl/gdWMq6XCi349ffKiNrG41oyJyNm4OBcFOIEZ5aj0wU&nPntH4=dX_L8D4HXZzp |
| request | POST http://www.fydia.com/evpn/ |
| request | GET http://www.fydia.com/evpn/?D6h4=U0Pdmtqnl5IQOHOa+Swt/ksTplWHB0r6aeZdYSmG/jGzqXqeRJl3/7yJ3GdZ6x97IK61R7LY&nPntH4=dX_L8D4HXZzp |
| request | POST http://www.productsoffholland.com/evpn/ |
| request | GET http://www.productsoffholland.com/evpn/?D6h4=0M6ZQgL+VbeNDn0sro3oU0+S4lgLLFgc0WcIGv88N+1YoVES666x5cKBY948pI+OGWuvSodP&nPntH4=dX_L8D4HXZzp |
| request | POST http://www.autotrafficbot.com/evpn/ |
| request | GET http://www.autotrafficbot.com/evpn/?D6h4=rbKZoqFPsNJ2bvlhmf723j5e1+/Af1Vmd2u+ZeEZ0ie/WKnv1v1LUDqg1UddTDWFwcX/g20l&nPntH4=dX_L8D4HXZzp |
| request | POST http://www.votestephaniezarb.com/evpn/ |
| request | GET http://www.votestephaniezarb.com/evpn/?D6h4=q1v52H7gJaJFF8lxZzPBWFKUEr/f1FgfMSh++CyqCv48Zo36wD6vDjvID/DVyJAAcXGpFQye&nPntH4=dX_L8D4HXZzp |
| request | POST http://www.gregismyrealestateagent.com/evpn/ |
| request | GET http://www.gregismyrealestateagent.com/evpn/?D6h4=UDxzuRpp3ee2ue0AVzbwL1i6nUgviHPd/6S/0dui9ZHjZA8e1Wa/fDVmQ/DeFf99W/kFdXtb&nPntH4=dX_L8D4HXZzp |
| request | POST http://www.jamessicilia.com/evpn/ |
| request | GET http://www.jamessicilia.com/evpn/?D6h4=fhrZBjxYVzL8qZQGLB9i/eTcrXrQxugx+j44/lnAE96eBvW+OyfazlyWj6JQQjfU0oX/99ZN&nPntH4=dX_L8D4HXZzp |
| request | POST http://www.alekseeva-center.info/evpn/ |
| request | GET http://www.alekseeva-center.info/evpn/?D6h4=De8vye+n3oqZLlmjueE5B8KI6ACnEoIa0MMC+BJdy2OAZINCeNeuivrvyd3trgislK/EVBAB&nPntH4=dX_L8D4HXZzp |
| request | POST http://www.jsmsheetmetal.com/evpn/ |
| request | GET http://www.jsmsheetmetal.com/evpn/?D6h4=nFSU6/0yY/TEijhMuJnSprhNoA6Tf4Q55kB1k5Q4IoiwW0XAi44ThgusXEfeg/e9/+qUxoLe&nPntH4=dX_L8D4HXZzp |
| request | POST http://www.oncologyacademe.com/evpn/ |
| request | GET http://www.oncologyacademe.com/evpn/?D6h4=QLxrSaPDVk4zu3Mjq/Y+8N2chkSqNtYb+epP9wTuYSqXXdCW+AS+9x8wkYr+oo19Ce3SjCFH&nPntH4=dX_L8D4HXZzp |
| request | POST http://www.washathome.club/evpn/ |
| request | GET http://www.washathome.club/evpn/?D6h4=zSE6TKEr8oHKdWzfboJeCkTD11Ty+NhZmQD50rQg1ZRiORPGFjOfmKm+g3DSne5KpKHhYShC&nPntH4=dX_L8D4HXZzp |
| request | POST http://www.bpro.swiss/evpn/ |
| request | GET http://www.bpro.swiss/evpn/?D6h4=M4+hwq9pZsNgfndd12NLRk/KnBHIoCQRaaBVLY9Y5z0L/f0jfcJXvlY/g8dK0vPbWdkoB3VR&nPntH4=dX_L8D4HXZzp |
| request | POST http://www.usinggroovefunnels.com/evpn/ |
| request | GET http://www.usinggroovefunnels.com/evpn/?D6h4=ISts4gbO8tvRSxWhSHZmognB97NvFE2BZphiEuA1ZcI94lnrKBCD1U2xemW5kDd51MYcqgnE&nPntH4=dX_L8D4HXZzp |
| request | POST http://www.qapjv.com/evpn/ |
| request | POST http://www.countrysidehomeinvestors.com/evpn/ |
| request | POST http://www.fydia.com/evpn/ |
| request | POST http://www.productsoffholland.com/evpn/ |
| request | POST http://www.autotrafficbot.com/evpn/ |
| request | POST http://www.votestephaniezarb.com/evpn/ |
| request | POST http://www.gregismyrealestateagent.com/evpn/ |
| request | POST http://www.jamessicilia.com/evpn/ |
| request | POST http://www.alekseeva-center.info/evpn/ |
| request | POST http://www.jsmsheetmetal.com/evpn/ |
| request | POST http://www.oncologyacademe.com/evpn/ |
| request | POST http://www.washathome.club/evpn/ |
| request | POST http://www.bpro.swiss/evpn/ |
| request | POST http://www.usinggroovefunnels.com/evpn/ |
| file | C:\Users\test22\AppData\Local\Temp\nsm63A5.tmp\gji30p4jta6239q.dll |
| file | C:\Users\test22\AppData\Local\Temp\nsm63A5.tmp\gji30p4jta6239q.dll |
| FireEye | Generic.mg.fe05aad3216165a2 |
| Sangfor | Trojan.Win32.Save.a |
| APEX | Malicious |
| Paloalto | generic.ml |
| Sophos | Generic ML PUA (PUA) |
| Microsoft | Program:Win32/Wacapew.C!ml |