Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | July 3, 2021, 9:06 a.m. | July 3, 2021, 9:09 a.m. |
-
wscript.exe "C:\Windows\System32\wscript.exe" C:\Users\test22\AppData\Local\Temp\eh.txt.vbs
8412
Name | Response | Post-Analysis Lookup |
---|---|---|
d2js2viceajwla.cloudfront.net |
AAAA
2600:9000:2139:e00:11:6feb:6f80:93a1
AAAA
2600:9000:2139:ae00:11:6feb:6f80:93a1
AAAA
2600:9000:2139:7a00:11:6feb:6f80:93a1
AAAA
2600:9000:2139:8000:11:6feb:6f80:93a1
AAAA
2600:9000:2139:4a00:11:6feb:6f80:93a1
AAAA
2600:9000:2139:ec00:11:6feb:6f80:93a1
AAAA
2600:9000:2139:6200:11:6feb:6f80:93a1
AAAA
2600:9000:2139:4000:11:6feb:6f80:93a1
|
99.86.202.75 |
aus.thunderbird.net | 99.86.202.75 | |
prod.balrog.prod.cloudops.mozgcp.net | 35.244.181.201 | |
d2js2viceajwla.cloudfront.net | 99.86.202.75 | |
aus5.mozilla.org | 35.244.181.201 | |
prod.balrog.prod.cloudops.mozgcp.net | 35.244.181.201 |
Suricata Alerts
No Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.2 192.168.56.102:49322 99.86.202.125:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=thunderbird.net | dd:92:a0:f3:c5:f2:3a:c7:42:66:30:75:8a:b3:b3:03:6b:8c:df:9d |
TLS 1.2 192.168.56.102:49323 35.244.181.201:443 |
C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA | C=US, ST=California, L=Mountain View, O=Mozilla Corporation, CN=aus5.mozilla.org | 37:1a:8a:6e:ae:e7:b7:ae:1f:a9:c0:87:53:e5:a0:94:ef:0b:de:0c |
host | 99.86.144.100 | |||
host | 99.86.144.46 | |||
host | 99.86.144.61 | |||
host | 99.86.144.82 |