zip.7z| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6402 | Oct. 6, 2023, 7:05 p.m. | Oct. 6, 2023, 7:07 p.m. |
| IP Address | Status | Action |
|---|---|---|
| 104.18.145.235 | Active | Moloch |
| 104.21.21.189 | Active | Moloch |
| 104.21.35.128 | Active | Moloch |
| 104.244.42.129 | Active | Moloch |
| 104.26.4.15 | Active | Moloch |
| 104.26.8.59 | Active | Moloch |
| 104.76.78.101 | Active | Moloch |
| 108.179.232.106 | Active | Moloch |
| 142.250.204.78 | Active | Moloch |
| 142.250.66.97 | Active | Moloch |
| 148.251.234.83 | Active | Moloch |
| 148.251.234.93 | Active | Moloch |
| 149.154.167.99 | Active | Moloch |
| 171.22.28.213 | Active | Moloch |
| 162.0.218.244 | Active | Moloch |
| 162.159.133.233 | Active | Moloch |
| 164.124.101.2 | Active | Moloch |
| 171.22.28.226 | Active | Moloch |
| 172.67.134.35 | Active | Moloch |
| 172.67.221.49 | Active | Moloch |
| 172.67.75.163 | Active | Moloch |
| 172.67.75.166 | Active | Moloch |
| 176.123.9.142 | Active | Moloch |
| 179.43.158.2 | Active | Moloch |
| 185.225.74.144 | Active | Moloch |
| 190.141.134.150 | Active | Moloch |
| 193.42.32.118 | Active | Moloch |
| 194.169.175.123 | Active | Moloch |
| 194.169.175.128 | Active | Moloch |
| 194.169.175.232 | Active | Moloch |
| 211.53.230.67 | Active | Moloch |
| 213.180.204.24 | Active | Moloch |
| 213.6.54.58 | Active | Moloch |
| 34.117.59.81 | Active | Moloch |
| 45.15.156.229 | Active | Moloch |
| 45.9.74.80 | Active | Moloch |
| 5.255.255.70 | Active | Moloch |
| 5.42.64.10 | Active | Moloch |
| 51.255.152.132 | Active | Moloch |
| 62.217.160.2 | Active | Moloch |
| 77.91.68.249 | Active | Moloch |
| 85.143.221.30 | Active | Moloch |
| 87.240.129.133 | Active | Moloch |
| 89.42.13.207 | Active | Moloch |
| 95.142.206.0 | Active | Moloch |
| 95.142.206.1 | Active | Moloch |
| 95.142.206.2 | Active | Moloch |
| 95.142.206.3 | Active | Moloch |
| 23.67.53.27 | Active | Moloch |
| 78.47.27.247 | Active | Moloch |
| 93.186.225.194 | Active | Moloch |
| 94.142.138.113 | Active | Moloch |
Suricata Alerts
Suricata TLS
| Flow | Issuer | Subject | Fingerprint |
|---|---|---|---|
|
TLSv1 192.168.56.102:49186 87.240.129.133:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49178 104.26.8.59:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 92:b4:ed:98:67:d9:db:8a:1e:bd:0e:fe:7f:22:45:e9:79:b5:78:65 |
|
TLSv1 192.168.56.102:49208 104.21.35.128:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=canonicate.pw | 6c:4d:08:20:99:8f:7b:b0:ef:ed:d2:38:26:a4:7f:29:88:5d:dd:14 |
|
TLSv1 192.168.56.102:49228 87.240.129.133:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49233 95.142.206.0:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com | bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24 |
|
TLSv1 192.168.56.102:49245 95.142.206.3:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com | bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24 |
|
TLSv1 192.168.56.102:49255 95.142.206.2:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com | bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24 |
|
TLSv1 192.168.56.102:49263 87.240.129.133:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49266 95.142.206.1:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com | bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24 |
|
TLSv1 192.168.56.102:49252 87.240.129.133:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49241 87.240.129.133:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49269 87.240.129.133:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49249 87.240.129.133:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49265 87.240.129.133:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49264 87.240.129.133:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49267 87.240.129.133:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49273 104.26.8.59:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 92:b4:ed:98:67:d9:db:8a:1e:bd:0e:fe:7f:22:45:e9:79:b5:78:65 |
|
TLSv1 192.168.56.102:49268 87.240.129.133:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49291 172.67.75.166:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 03:f8:79:dd:26:16:32:12:a4:33:99:34:af:f7:33:32:d5:e0:aa:e5 |
|
TLSv1 192.168.56.102:49285 5.255.255.70:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign ECC OV SSL CA 2018 | C=RU, ST=Moscow, L=Moscow, O=Yandex LLC, CN=*.xn--d1acpjx3f.xn--p1ai | e4:ba:b2:7f:bf:93:b8:22:10:26:70:37:9c:03:1a:9d:fb:23:17:24 |
|
TLSv1 192.168.56.102:49313 213.180.204.24:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 | C=RU, ST=Moscow, L=Moscow, O=Yandex LLC, CN=sso.passport.yandex.ru | 3a:82:43:a9:43:9c:c8:90:01:04:4f:74:1b:6c:cd:4b:9b:19:7d:93 |
|
TLSv1 192.168.56.102:49294 172.67.75.166:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 03:f8:79:dd:26:16:32:12:a4:33:99:34:af:f7:33:32:d5:e0:aa:e5 |
|
TLSv1 192.168.56.102:49320 142.250.66.97:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.googleusercontent.com | 55:19:28:2a:70:bf:ac:8c:55:aa:5a:6c:49:b7:ab:89:93:4b:93:74 |
|
TLSv1 192.168.56.102:49324 172.67.75.166:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 03:f8:79:dd:26:16:32:12:a4:33:99:34:af:f7:33:32:d5:e0:aa:e5 |
|
TLSv1 192.168.56.102:49308 142.250.204.78:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.google.com | 09:1e:68:9f:bd:40:4b:47:8d:ac:be:fe:ef:35:d6:52:c1:a0:ec:9f |
|
TLSv1 192.168.56.102:49321 93.186.225.194:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49344 172.67.75.163:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 92:b4:ed:98:67:d9:db:8a:1e:bd:0e:fe:7f:22:45:e9:79:b5:78:65 |
|
TLSv1 192.168.56.102:49305 62.217.160.2:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 | C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.dzen.ru | 6a:31:14:29:60:07:c9:c6:17:7b:d1:27:ad:53:57:ec:d8:c1:d8:d2 |
|
TLSv1 192.168.56.102:49325 104.26.4.15:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 03:f8:79:dd:26:16:32:12:a4:33:99:34:af:f7:33:32:d5:e0:aa:e5 |
|
TLSv1 192.168.56.102:49359 87.240.129.133:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49393 104.76.78.101:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA | unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com | b1:30:5e:4c:ee:14:70:87:a7:d7:1c:77:07:b5:3c:2c:99:13:aa:c5 |
|
TLSv1 192.168.56.102:49392 172.67.134.35:443 |
C=US, O=Let's Encrypt, CN=E1 | CN=neuralshit.net | 48:34:be:08:a6:7d:1e:ee:b7:5d:2d:12:63:b2:18:02:6a:d9:0d:74 |
|
TLSv1 192.168.56.102:49406 87.240.129.133:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49417 95.142.206.0:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com | bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24 |
|
TLSv1 192.168.56.102:49416 87.240.129.133:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
|
TLSv1 192.168.56.102:49420 95.142.206.1:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com | bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24 |
|
TLSv1 192.168.56.102:49383 104.21.21.189:443 |
C=US, O=Let's Encrypt, CN=E1 | CN=octocrabs.com | 77:33:49:da:ac:e1:32:31:64:ad:8a:16:84:a3:aa:04:d0:fc:15:d7 |
|
TLSv1 192.168.56.102:49385 172.67.221.49:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=canonicate.pw | 6c:4d:08:20:99:8f:7b:b0:ef:ed:d2:38:26:a4:7f:29:88:5d:dd:14 |
|
TLSv1 192.168.56.102:49414 87.240.129.133:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
| suspicious_features | Connection to IP address | suspicious_request | GET http://193.42.32.118/api/tracemap.php | ||||||
| suspicious_features | POST method with no referer header, Connection to IP address | suspicious_request | POST http://193.42.32.118/api/firegate.php | ||||||
| suspicious_features | Connection to IP address | suspicious_request | HEAD http://171.22.28.226/download/Services.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | HEAD http://194.169.175.232/autorun.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | HEAD http://77.91.68.249/navi/kur90.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | HEAD http://5.42.64.10/api/files/software/s2.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://171.22.28.226/download/Services.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://5.42.64.10/api/files/software/s2.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://77.91.68.249/navi/kur90.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://194.169.175.232/autorun.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://45.15.156.229/api/tracemap.php | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://5.42.64.10/ip.php | ||||||
| suspicious_features | POST method with no referer header, Connection to IP address | suspicious_request | POST http://45.15.156.229/api/firegate.php | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://5.42.64.10/api/files/client/s21 | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://5.42.64.10/api/files/client/s22 | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://5.42.64.10/api/files/client/s23 | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://5.42.64.10/api/files/client/s24 | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET http://script.google.com/macros/s/AKfycbxu6XZln0F2VKs8FMpn924RlKozFV5XZApwvto57voh-zMdTnkCnYo38kxDLRAyW0hb/exec?xfgnxfgn&stream=2&ip=175.208.134.152&slots=1000¶m=empty | ||||||
| suspicious_features | POST method with no referer header, Connection to IP address | suspicious_request | POST http://193.42.32.118/api/firecom.php | ||||||
| suspicious_features | Connection to IP address | suspicious_request | HEAD http://171.22.28.226/download/WWW14_64.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://171.22.28.226/download/WWW14_64.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | HEAD http://45.9.74.80/zinda.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | HEAD http://45.9.74.80/super.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://45.9.74.80/zinda.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://45.9.74.80/super.exe | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://94.142.138.113/api/tracemap.php | ||||||
| suspicious_features | POST method with no referer header, Connection to IP address | suspicious_request | POST http://94.142.138.113/api/firegate.php | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://78.47.27.247/b4fc4cd2d76417bf461814b9d989fcdb | ||||||
| suspicious_features | Connection to IP address | suspicious_request | GET http://78.47.27.247/archieve.zip | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET https://script.google.com/macros/s/AKfycbxu6XZln0F2VKs8FMpn924RlKozFV5XZApwvto57voh-zMdTnkCnYo38kxDLRAyW0hb/exec?xfgnxfgn&stream=2&ip=175.208.134.152&slots=1000¶m=empty | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET https://script.googleusercontent.com/macros/echo?user_content_key=L8KUs1rDf-0IxQaOsq4CEpa7DDTmpmXtfNxjubxYqEQM4p4Z4FWvLgPEWYS54LjtIqEZBEGVtnrPKA7Hm9CoK7E1dT35ZNduOJmA1Yb3SEsKFZqtv3DaNYcMrmhZHmUMWojr9NvTBuBLhyHCd5hHa_kSw3KJAyZKK3RTU5bpIFQ10ckTyHVSt1vTS5MZ6zqvS4V0cmy1dEEXVXg5zXDjcYCeAylu8DyVhn7i0fteRV_StcynBwb4deQK9NYe9nyjGugVZE-wIMyy0t00odE9g2WAxU2P290mztxgOvWCrwUlG84sMvwcnjz6TyhbZb4SC3Ow0v_3PNk&lib=MAg_X_j8YJSR0PZgL-LNb21v93CYKtC0D | ||||||
| request | GET http://193.42.32.118/api/tracemap.php |
| request | POST http://193.42.32.118/api/firegate.php |
| request | HEAD http://171.22.28.226/download/Services.exe |
| request | HEAD http://194.169.175.232/autorun.exe |
| request | HEAD http://77.91.68.249/navi/kur90.exe |
| request | HEAD http://5.42.64.10/api/files/software/s2.exe |
| request | HEAD http://isaiahbenjamin.top/calc2.exe |
| request | GET http://171.22.28.226/download/Services.exe |
| request | GET http://isaiahbenjamin.top/calc2.exe |
| request | GET http://5.42.64.10/api/files/software/s2.exe |
| request | GET http://77.91.68.249/navi/kur90.exe |
| request | GET http://194.169.175.232/autorun.exe |
| request | GET http://45.15.156.229/api/tracemap.php |
| request | GET http://5.42.64.10/ip.php |
| request | POST http://45.15.156.229/api/firegate.php |
| request | GET http://5.42.64.10/api/files/client/s21 |
| request | GET http://aidandylan.top/syncUpd.exe |
| request | GET http://5.42.64.10/api/files/client/s22 |
| request | GET http://5.42.64.10/api/files/client/s23 |
| request | GET http://5.42.64.10/api/files/client/s24 |
| request | GET http://script.google.com/macros/s/AKfycbxu6XZln0F2VKs8FMpn924RlKozFV5XZApwvto57voh-zMdTnkCnYo38kxDLRAyW0hb/exec?xfgnxfgn&stream=2&ip=175.208.134.152&slots=1000¶m=empty |
| request | POST http://193.42.32.118/api/firecom.php |
| request | GET http://www.maxmind.com/geoip/v2.1/city/me |
| request | HEAD http://171.22.28.226/download/WWW14_64.exe |
| request | GET http://171.22.28.226/download/WWW14_64.exe |
| request | HEAD http://45.9.74.80/zinda.exe |
| request | HEAD http://45.9.74.80/super.exe |
| request | GET http://45.9.74.80/zinda.exe |
| request | GET http://45.9.74.80/super.exe |
| request | HEAD http://230926170958727.kmj.xne26.cfd/f/fikim0926727.exe |
| request | GET http://230926170958727.kmj.xne26.cfd/f/fikim0926727.exe |
| request | GET http://94.142.138.113/api/tracemap.php |
| request | POST http://94.142.138.113/api/firegate.php |
| request | GET http://zexeq.com/test2/get.php?pid=CD20CF071BA7C05D5F5E6CAF42496E78&first=true |
| request | GET http://colisumy.com/dl/build2.exe |
| request | GET http://zexeq.com/files/1/build3.exe |
| request | GET http://apps.identrust.com/roots/dstrootcax3.p7c |
| request | GET http://78.47.27.247/b4fc4cd2d76417bf461814b9d989fcdb |
| request | GET http://78.47.27.247/archieve.zip |
| request | GET https://api.myip.com/ |
| request | GET https://vk.com/doc746114504_647280747?hash=cvDFKP5q0CQEjBCbeoeHvPNrWE0xbMxZEmrkIeNKcET&dl=G42DMMJRGQ2TANA:1661413520:uZNj68vRUvQaydRD8wpAK8zluN0I7otw5AHbA1ZlN9T&api=1&no_preview=1 |
| request | GET https://canonicate.pw/setup294.exe |
| request | GET https://vk.com/doc52355237_666326545?hash=syS3a4VzeA6ooPqV2bDmzdZcRY1zZZVZSwKomUizgpH&dl=9YVv5GINa4fsl9tfR95IZk8DoZOa4nbjbaLRAcxuMog&api=1&no_preview=1 |
| request | GET https://sun6-20.userapi.com/c235031/u52355237/docs/d13/0aeb7c514923/PL_Client.bmp?extra=zEYLOhDaQqXBo8LHo45R7nwioXoRej0oNRyEVJGCrqajrvSvMw0tliZUIWtDiJ7aOfgdBozitFTgy__8OMIvxe4kKI1wRLO-Ex-HxkH2YWqrhTpszc1R-VBrI5-Kmqhg_zVTt6CoGc2U5-Af |
| request | GET https://vk.com/doc52355237_666507428?hash=2uHHBsd637ELYzCc9kndmkrUdA72UYNEDayDJQpqLzT&dl=D6ajMB07kruzP2IXhjebY4apDN454ViEX7btbSffzho&api=1&no_preview=1#test22 |
| request | GET https://sun6-23.userapi.com/c237231/u52355237/docs/d20/a8c8e356a397/test21.bmp?extra=Tjw0Zjy3je3HMZXeKdEeufMcQUFV6Kmbq55-H6joKLRFzQtDRuF2VhtBI3HjFl4CSoL9kMSlXGIpQpmPdA112UYjtUJm9oEc6SZw2CzG8VK9ffvrZ5Ne4lXUeTqzct0FEcciUIElKxuvn4fK |
| request | GET https://vk.com/doc52355237_666586594?hash=KW7IbIZ7tmBJH0wG2dYyLQaNt8WD8FYrf1vp2ZdUsZg&dl=pOjzjpwFnDOIJueQO9TQfsaai7iwjVToI4s7cZ7eqks&api=1&no_preview=1#1 |
| request | GET https://vk.com/doc52355237_666599954?hash=Ke0Vjy4wKSLLxQozgUIZIwbp7FUtx2g2p6dpZCPIz4w&dl=bAWjUoWQU7Q3yZO1dsgL8W1vYS7neHPYrNA6TsTwqPk&api=1&no_preview=1#fr |
| request | GET https://sun6-23.userapi.com/c237031/u52355237/docs/d40/13239ef116f6/crypted.bmp?extra=jf3Id-iBwCJuvxr_KRXy5iVBKvlBt9haNJnwFGhMhOGggvJmKTwuqVbRSPa3SInEVwMOySNlTCqJhf3WldOoR-8sHm1LapRTJDK_pGi_CPACwLEQXtJNeXxIsyq6aPqaHF78MEMsh43llNUi |
| request | GET https://sun6-22.userapi.com/c237031/u52355237/docs/d49/4c3217c05748/66.bmp?extra=Md8eQEgzLGuOlPoQc55hANOV4S0t3MVk5Mq7j2oL9oMgKsIqX8p_L-eYo8Z0ACwN52xGrArbvIMXatBttmTHoFb8gQidHkcg5mbrFvML_A_l6nshcASkR0cVT8nCToj3Cb-0JteqFOHTxI1H |
| request | POST http://193.42.32.118/api/firegate.php |
| request | POST http://45.15.156.229/api/firegate.php |
| request | POST http://193.42.32.118/api/firecom.php |
| request | POST http://94.142.138.113/api/firegate.php |
| request | POST https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self |
| domain | canonicate.pw | description | Palau domain TLD | ||||||
| domain | isaiahbenjamin.top | description | Generic top level domain TLD | ||||||
| domain | aidandylan.top | description | Generic top level domain TLD | ||||||
| domain | ipinfo.io |
| file | C:\Users\test22\AppData\Local\Temp\7zE8984F30F\Setup.exe |
| file | C:\Users\test22\AppData\Local\Temp\7zE8984F30F\CrystalDecisions.Shared.dll |
| description | Escalate priviledges | rule | Escalate_priviledges | ||||||
| description | PWS Memory | rule | Generic_PWS_Memory_Zero | ||||||
| description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
| description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
| description | (no description) | rule | DebuggerHiding__Thread | ||||||
| description | (no description) | rule | DebuggerHiding__Active | ||||||
| description | (no description) | rule | ThreadControl__Context | ||||||
| description | (no description) | rule | SEH__vectored | ||||||
| description | Checks if being debugged | rule | anti_dbg | ||||||
| description | Bypass DEP | rule | disable_dep | ||||||
| description | Run a KeyLogger | rule | KeyLogger | ||||||
| host | 171.22.28.213 | |||
| host | 171.22.28.226 | |||
| host | 176.123.9.142 | |||
| host | 185.225.74.144 | |||
| host | 193.42.32.118 | |||
| host | 194.169.175.123 | |||
| host | 194.169.175.128 | |||
| host | 194.169.175.232 | |||
| host | 45.15.156.229 | |||
| host | 45.9.74.80 | |||
| host | 5.42.64.10 | |||
| host | 51.255.152.132 | |||
| host | 77.91.68.249 | |||
| host | 78.47.27.247 | |||
| host | 94.142.138.113 | |||
| dead_host | 192.168.56.102:49337 |
| dead_host | 192.168.56.102:49352 |
| dead_host | 192.168.56.102:49365 |
| dead_host | 192.168.56.102:49318 |
| dead_host | 192.168.56.102:49331 |
| dead_host | 192.168.56.102:49340 |
| dead_host | 192.168.56.102:49396 |
| dead_host | 192.168.56.102:49423 |
| dead_host | 176.123.9.142:37637 |
| dead_host | 192.168.56.102:49364 |
| dead_host | 192.168.56.102:49412 |
| dead_host | 192.168.56.102:49329 |
| dead_host | 192.168.56.102:49357 |
| dead_host | 192.168.56.102:49422 |
| dead_host | 192.168.56.102:49360 |
| dead_host | 192.168.56.102:49326 |
| dead_host | 192.168.56.102:49339 |
| dead_host | 192.168.56.102:49421 |
| dead_host | 192.168.56.102:49415 |
| dead_host | 192.168.56.102:49404 |
| dead_host | 192.168.56.102:49300 |
| dead_host | 192.168.56.102:49418 |
| dead_host | 192.168.56.102:49369 |
| dead_host | 192.168.56.102:49335 |
| dead_host | 192.168.56.102:49338 |
| dead_host | 192.168.56.102:49349 |
| dead_host | 192.168.56.102:49309 |