Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | April 26, 2021, 5:57 p.m. | April 26, 2021, 5:59 p.m. |
-
iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\test22\AppData\Local\Temp\file.html
6192-
iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:6192 CREDAT:145409
4636
-
IP Address | Status | Action |
---|---|---|
104.16.202.237 | Active | Moloch |
104.16.203.237 | Active | Moloch |
104.19.215.37 | Active | Moloch |
104.75.22.243 | Active | Moloch |
104.75.34.8 | Active | Moloch |
117.18.232.200 | Active | Moloch |
142.250.204.142 | Active | Moloch |
142.250.204.72 | Active | Moloch |
142.250.66.110 | Active | Moloch |
164.124.101.2 | Active | Moloch |
172.217.25.14 | Active | Moloch |
216.58.197.110 | Active | Moloch |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.102:49811 142.250.204.72:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com | 89:50:23:ba:60:4a:63:86:5b:f0:29:b0:34:26:70:1d:84:e2:99:da |
TLSv1 192.168.56.102:49812 142.250.204.72:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com | 89:50:23:ba:60:4a:63:86:5b:f0:29:b0:34:26:70:1d:84:e2:99:da |
TLSv1 192.168.56.102:49817 104.75.22.243:443 |
C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA | C=US, ST=Georgia, L=Atlanta, O=AAX LLC, OU=IT, CN=*.aaxads.com | 2d:3d:a7:f2:8a:e0:55:43:f1:ab:55:8a:bc:6f:f9:2a:42:56:00:9a |
TLSv1 192.168.56.102:49826 104.75.34.8:443 |
None | None | None |
TLSv1 192.168.56.102:49816 104.75.22.243:443 |
C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA | C=US, ST=Georgia, L=Atlanta, O=AAX LLC, OU=IT, CN=*.aaxads.com | 2d:3d:a7:f2:8a:e0:55:43:f1:ab:55:8a:bc:6f:f9:2a:42:56:00:9a |
TLSv1 192.168.56.102:49830 104.75.22.243:443 |
C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA | C=US, ST=Georgia, L=Atlanta, O=AAX LLC, OU=IT, CN=*.aaxads.com | 2d:3d:a7:f2:8a:e0:55:43:f1:ab:55:8a:bc:6f:f9:2a:42:56:00:9a |
TLSv1 192.168.56.102:49815 142.250.66.110:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com | 89:50:23:ba:60:4a:63:86:5b:f0:29:b0:34:26:70:1d:84:e2:99:da |
TLSv1 192.168.56.102:49831 104.75.22.243:443 |
C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA | C=US, ST=Georgia, L=Atlanta, O=AAX LLC, OU=IT, CN=*.aaxads.com | 2d:3d:a7:f2:8a:e0:55:43:f1:ab:55:8a:bc:6f:f9:2a:42:56:00:9a |
TLSv1 192.168.56.102:49829 104.19.215.37:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 3d:b6:66:35:54:6d:f2:c8:cf:da:e0:0e:32:21:35:a0:0c:59:b7:db |
TLSv1 192.168.56.102:49814 142.250.66.110:443 |
C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com | 89:50:23:ba:60:4a:63:86:5b:f0:29:b0:34:26:70:1d:84:e2:99:da |
TLSv1 192.168.56.102:49825 104.75.34.8:443 |
C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA | C=US, ST=Georgia, L=Atlanta, O=AAX LLC, OU=IT, CN=*.aaxdetect.com | aa:cc:0a:85:89:aa:fa:b1:b4:20:de:cb:4a:1e:d9:58:5e:b2:9b:48 |
TLSv1 192.168.56.102:49828 104.19.215.37:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 3d:b6:66:35:54:6d:f2:c8:cf:da:e0:0e:32:21:35:a0:0c:59:b7:db |
request | GET http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml |
request | GET https://www.googletagmanager.com/gtag/js?id=UA-829541-1 |
request | GET https://www.googletagmanager.com/gtm.js?id=GTM-53LP4T |
request | GET https://c.aaxads.com/aax.js?pub=AAX3221EY&hst=&ver=1.2 |
request | GET https://www.google-analytics.com/analytics.js |
request | GET https://c.aaxads.com/pxusr.gif |
request | GET https://www.aaxdetect.com/pxext.gif |
request | GET https://cdn.otnolatrnup.com/Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0 |
request | GET https://l3.aaxads.com/log?___stu13p=aveoaamactga5dnnuee25ti2rm86bcrodqacb&lwbsh=AAX&dewh=SSP_CLIENT_control&dgeg=0&dgw=desktop&flg=AAX3221EY&fw=YONGDONG&ff=KR&xjg=4&dss=0&skw=899&slg=8PR6YK195&gq=&vhuyqdph=rtb-nv-dcos-ssp-10-6-46-228-14293&vg=-1&vyu=042211_229_042211_95_ssp&vf=&yhuvlrq=4&yk=899&yz=1365&yvlg=&ylg=00001619427471141029496787422051&vvsDeExfnhw=CONTROL&qsd=0&oz=0&gdss=green&uwbsh=&jgsu_hqi=1&fvha=0&jgivwu=&jgsu=0&fvvwu=&wfi_fps=&wfi_vwdwxv=&wfi_sus=&vxf=0&xvs_hqi=1&xvs_vwdwxv=0&xvs_ogi=&xvs_vwulqj=&xifd=-1&frssd_vwdwxv=&frssd_dssolhg=&jixqgo=1600&jwg=100&lqlg=&qjixqgo=1700&ugo=800&lg_ghwdlov=°=2&gvwduw=138&ghqg=420&sf=&uhtxuo=file%3A%2F%2F%2FC%3A%2FUsers%2Ftest22%2FAppData%2FLocal%2FTemp%2Ffile.html&nzui= |
request | GET https://www.google-analytics.com/plugins/ua/ec.js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\js[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\ec[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\analytics[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\gtm[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\infinity.js[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\aax[1].js |
description | Affect system registries | rule | win_registry | ||||||
description | Affect system token | rule | win_token | ||||||
description | Affect private profile | rule | win_files_operation | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep |
cmdline | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:6192 CREDAT:145409 |
host | 117.18.232.200 | |||
host | 172.217.25.14 |
dead_host | 142.250.204.142:445 |
dead_host | 104.16.202.237:445 |
dead_host | 104.16.202.237:139 |
dead_host | 104.16.203.237:445 |
dead_host | 216.58.197.110:139 |