Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Nov. 25, 2023, 5:53 p.m. | Nov. 25, 2023, 5:58 p.m. |
-
-
sservc.exe "C:\Users\test22\AppData\Local\Temp\sservc.exe"
2136
-
IP Address | Status | Action |
---|---|---|
103.224.212.212 | Active | Moloch |
103.224.212.34 | Active | Moloch |
104.16.159.43 | Active | Moloch |
104.17.9.99 | Active | Moloch |
104.21.44.179 | Active | Moloch |
104.21.6.144 | Active | Moloch |
104.21.88.58 | Active | Moloch |
104.21.92.188 | Active | Moloch |
104.22.57.191 | Active | Moloch |
104.26.7.37 | Active | Moloch |
104.47.24.36 | Active | Moloch |
104.47.25.36 | Active | Moloch |
104.47.74.10 | Active | Moloch |
107.180.1.10 | Active | Moloch |
128.201.75.205 | Active | Moloch |
13.248.169.48 | Active | Moloch |
139.162.210.252 | Active | Moloch |
142.250.115.26 | Active | Moloch |
142.250.141.26 | Active | Moloch |
142.250.141.27 | Active | Moloch |
142.250.152.26 | Active | Moloch |
15.188.65.152 | Active | Moloch |
161.35.84.83 | Active | Moloch |
162.221.189.186 | Active | Moloch |
162.241.252.227 | Active | Moloch |
164.124.101.2 | Active | Moloch |
172.67.155.39 | Active | Moloch |
172.67.173.78 | Active | Moloch |
172.67.202.98 | Active | Moloch |
172.67.9.103 | Active | Moloch |
173.203.187.2 | Active | Moloch |
176.119.200.11 | Active | Moloch |
176.119.200.136 | Active | Moloch |
18.64.8.47 | Active | Moloch |
185.205.70.136 | Active | Moloch |
192.124.249.103 | Active | Moloch |
192.166.192.19 | Active | Moloch |
194.9.94.85 | Active | Moloch |
194.9.94.86 | Active | Moloch |
198.58.118.167 | Active | Moloch |
199.59.243.225 | Active | Moloch |
20.40.209.181 | Active | Moloch |
200.16.16.57 | Active | Moloch |
202.61.249.4 | Active | Moloch |
204.141.33.44 | Active | Moloch |
204.74.99.100 | Active | Moloch |
209.61.212.154 | Active | Moloch |
211.1.224.155 | Active | Moloch |
213.186.33.5 | Active | Moloch |
216.81.136.20 | Active | Moloch |
217.76.156.252 | Active | Moloch |
223.120.1.10 | Active | Moloch |
3.0.11.115 | Active | Moloch |
3.130.204.160 | Active | Moloch |
3.130.253.23 | Active | Moloch |
3.18.7.81 | Active | Moloch |
3.94.41.167 | Active | Moloch |
34.120.156.61 | Active | Moloch |
34.70.211.130 | Active | Moloch |
35.215.101.188 | Active | Moloch |
35.236.231.204 | Active | Moloch |
45.136.244.187 | Active | Moloch |
49.13.4.90 | Active | Moloch |
5.161.98.212 | Active | Moloch |
50.21.186.234 | Active | Moloch |
50.7.8.141 | Active | Moloch |
52.101.11.2 | Active | Moloch |
52.101.40.6 | Active | Moloch |
52.101.42.10 | Active | Moloch |
52.101.42.13 | Active | Moloch |
52.101.42.6 | Active | Moloch |
52.101.8.34 | Active | Moloch |
52.55.70.181 | Active | Moloch |
52.71.57.184 | Active | Moloch |
52.86.6.113 | Active | Moloch |
54.209.32.212 | Active | Moloch |
54.232.92.235 | Active | Moloch |
64.233.171.26 | Active | Moloch |
64.233.171.27 | Active | Moloch |
66.198.240.40 | Active | Moloch |
67.225.236.47 | Active | Moloch |
67.227.237.112 | Active | Moloch |
74.125.23.26 | Active | Moloch |
74.208.236.160 | Active | Moloch |
8.219.60.166 | Active | Moloch |
81.169.145.158 | Active | Moloch |
81.169.145.97 | Active | Moloch |
82.156.150.164 | Active | Moloch |
89.46.105.48 | Active | Moloch |
91.107.214.206 | Active | Moloch |
91.121.160.6 | Active | Moloch |
91.223.145.55 | Active | Moloch |
99.83.248.67 | Active | Moloch |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.2 192.168.56.103:49167 50.7.8.141:443 |
CN=www.3t2mhx5q3xt.com | CN=www.pn3n4uizzmr6cgb.net | 59:ef:94:5c:4e:c4:72:be:0e:49:39:e1:81:35:1d:f6:03:75:62:50 |
TLS 1.2 192.168.56.103:49170 45.136.244.187:443 |
CN=www.wbf3pmovvd45z.com | CN=www.upsoui2ly.net | 60:cf:41:b3:47:4c:c0:ab:d9:f2:fc:df:6b:be:25:41:79:b8:83:94 |
TLS 1.2 192.168.56.103:49171 50.21.186.234:9003 |
CN=www.sqtrtm5u2kal26hkpe57.com | CN=www.25m63mipz4h.net | 9f:11:8d:15:0c:1c:aa:40:6a:af:d6:60:2f:f5:8a:3b:90:a9:fa:5e |
TLS 1.2 192.168.56.103:49168 139.162.210.252:443 |
CN=www.4apu4tthwhhcyp.com | CN=www.pj2zcjz3c6unlac3.net | cf:a9:32:e7:65:6b:1d:5d:f2:13:1d:91:93:f8:68:86:c4:81:d2:13 |
TLS 1.2 192.168.56.103:49175 45.136.244.187:443 |
CN=www.wbf3pmovvd45z.com | CN=www.upsoui2ly.net | 60:cf:41:b3:47:4c:c0:ab:d9:f2:fc:df:6b:be:25:41:79:b8:83:94 |
TLS 1.2 192.168.56.103:49173 50.21.186.234:9003 |
CN=www.sqtrtm5u2kal26hkpe57.com | CN=www.25m63mipz4h.net | 9f:11:8d:15:0c:1c:aa:40:6a:af:d6:60:2f:f5:8a:3b:90:a9:fa:5e |
TLS 1.2 192.168.56.103:50510 104.16.159.43:443 |
C=US, O=Let's Encrypt, CN=E1 | CN=fbsdigitalstore.pk | 30:65:af:6f:16:5b:60:fc:cc:8c:21:d4:15:5b:8f:04:af:00:fd:41 |
TLS 1.2 192.168.56.103:50428 74.208.236.160:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G2 | CN=*.awartany.com | 25:e8:70:37:d7:d2:78:57:a2:f0:72:95:a2:6c:cd:e1:b1:30:97:9c |
TLS 1.2 192.168.56.103:50446 107.180.1.10:443 |
C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2 | CN=westendsolution.com | 55:05:d6:ae:9e:89:f7:04:4d:c5:c8:00:95:32:d7:d8:62:71:af:75 |
TLS 1.2 192.168.56.103:50439 103.224.212.212:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=jhvidatabase.info | ba:c4:7e:58:b4:b0:f2:61:28:49:fe:02:5a:d9:f2:82:e3:a0:80:8b |
TLS 1.2 192.168.56.103:50496 172.67.155.39:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=aleeas.com | 4a:cd:e7:b6:c7:89:3e:72:03:82:a2:fb:8a:e2:54:66:e4:5a:50:b6 |
TLS 1.2 192.168.56.103:50544 104.21.88.58:443 |
C=US, O=Let's Encrypt, CN=E1 | CN=bamboo.cr | 40:df:3c:b4:32:c7:3f:45:c6:ab:8e:19:d9:d2:a0:f5:53:e9:a9:78 |
TLS 1.2 192.168.56.103:51308 104.26.7.37:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | ca:c3:42:89:f7:39:82:c9:63:e5:4e:fe:df:25:dd:7f:6d:83:a8:ef |
TLS 1.2 192.168.56.103:51122 200.16.16.57:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=unc.edu.ar | f0:c5:d2:6f:71:f1:06:c5:48:38:2e:1c:b7:32:7f:f2:06:60:50:9d |
TLS 1.2 192.168.56.103:51557 104.21.92.188:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 3b:cc:94:d9:0a:8a:7b:08:18:99:64:09:14:0e:35:e1:08:3e:8d:2e |
TLS 1.2 192.168.56.103:51165 176.119.200.11:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=*.8alias.com | e6:d1:35:d6:0b:7d:4f:07:f7:95:8f:84:79:5e:19:db:d8:c8:bb:94 |
TLS 1.2 192.168.56.103:51853 18.64.8.47:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=www.freecycle.com.br | 12:47:7b:ba:1a:39:32:a7:39:01:8b:3c:2a:31:65:71:10:c1:56:0f |
TLS 1.2 192.168.56.103:51948 162.221.189.186:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=egst.edu.et | 8c:44:fb:94:6d:d9:ea:15:dc:4a:81:67:df:af:8a:ef:37:e7:28:92 |
TLS 1.2 192.168.56.103:50614 128.201.75.205:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=*.jomaroil.com.br | af:0c:85:f9:6e:85:ef:93:88:91:53:7c:66:b4:a6:00:09:d7:15:01 |
TLS 1.2 192.168.56.103:52050 104.21.92.188:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 3b:cc:94:d9:0a:8a:7b:08:18:99:64:09:14:0e:35:e1:08:3e:8d:2e |
TLS 1.2 192.168.56.103:50871 172.67.155.39:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=aleeas.com | 4a:cd:e7:b6:c7:89:3e:72:03:82:a2:fb:8a:e2:54:66:e4:5a:50:b6 |
TLS 1.2 192.168.56.103:50864 67.225.236.47:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=lna.com.mx | d3:dd:d4:6c:c4:32:eb:a1:3b:6c:2f:5b:71:ba:73:e8:e6:58:f0:d5 |
TLS 1.2 192.168.56.103:51932 15.188.65.152:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=istitutocomprensivorosate.edu.it | 3e:c2:96:5e:30:cb:3f:3c:c8:a9:8c:a7:41:c0:41:c7:e8:72:0e:b2 |
TLS 1.2 192.168.56.103:52184 13.248.169.48:443 |
C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2 | CN=protl.com | 9f:e5:ee:96:9e:6f:34:50:cd:d5:4e:68:39:bc:c4:5e:1f:6b:47:82 |
TLS 1.2 192.168.56.103:51400 3.0.11.115:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=steamlogic.org | 19:a9:a5:59:c6:ec:fb:05:95:2f:89:28:0c:ff:0a:95:9a:c3:1f:91 |
TLS 1.2 192.168.56.103:52276 104.26.7.37:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | ca:c3:42:89:f7:39:82:c9:63:e5:4e:fe:df:25:dd:7f:6d:83:a8:ef |
TLS 1.2 192.168.56.103:51433 162.221.189.186:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=egst.edu.et | 8c:44:fb:94:6d:d9:ea:15:dc:4a:81:67:df:af:8a:ef:37:e7:28:92 |
TLS 1.2 192.168.56.103:51920 216.81.136.20:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=iowaroof.com | fc:1a:07:5c:2a:04:fb:13:ad:eb:2e:49:90:11:23:05:66:e2:d7:57 |
TLS 1.2 192.168.56.103:52363 66.198.240.40:443 |
C=US, ST=TX, L=Houston, O=cPanel, Inc., CN=cPanel, Inc. Certification Authority | CN=quimifen.com | b3:f0:05:75:82:5c:1a:dc:3a:c5:19:89:26:50:90:7b:ac:b1:00:56 |
TLS 1.2 192.168.56.103:52520 176.119.200.11:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=*.8alias.com | e6:d1:35:d6:0b:7d:4f:07:f7:95:8f:84:79:5e:19:db:d8:c8:bb:94 |
TLS 1.2 192.168.56.103:52745 13.248.169.48:443 |
C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2 | CN=protl.com | 9f:e5:ee:96:9e:6f:34:50:cd:d5:4e:68:39:bc:c4:5e:1f:6b:47:82 |
TLS 1.2 192.168.56.103:53055 35.215.101.188:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=*.transformadoresvictory.com.mx | 88:f0:cd:6f:87:c9:f5:88:19:e1:6a:b7:36:a9:f6:b5:14:fe:27:25 |
TLS 1.2 192.168.56.103:53088 162.241.252.227:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=autodiscover.erv.pit.mybluehost.me | cf:38:bd:02:b5:11:09:a6:8c:78:30:01:1f:94:b7:c6:6b:85:0e:cd |
TLS 1.2 192.168.56.103:50450 104.21.88.58:443 |
C=US, O=Let's Encrypt, CN=E1 | CN=bamboo.cr | 40:df:3c:b4:32:c7:3f:45:c6:ab:8e:19:d9:d2:a0:f5:53:e9:a9:78 |
TLS 1.2 192.168.56.103:50577 104.22.57.191:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=restajet.com | c2:e7:fd:57:b8:9a:ba:53:23:b6:11:1f:04:f9:4d:08:2c:25:19:d2 |
TLS 1.2 192.168.56.103:52771 104.21.44.179:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=eru.edu.eg | fb:42:07:69:21:79:96:5c:98:65:43:6d:03:47:2d:29:77:5f:b6:f1 |
TLS 1.2 192.168.56.103:50636 162.221.189.186:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=egst.edu.et | 8c:44:fb:94:6d:d9:ea:15:dc:4a:81:67:df:af:8a:ef:37:e7:28:92 |
TLS 1.2 192.168.56.103:52748 89.46.105.48:443 |
C=IT, ST=Bergamo, L=Ponte San Pietro, O=Actalis S.p.A., CN=Actalis Domain Validation Server CA G3 | CN=*.gspnet.it | bf:07:8c:95:16:fa:ef:2a:f2:88:85:3b:f2:8f:ea:03:b0:78:2b:3e |
pdb_path | C:\lozuzovenahihe\pamelareyoy_xutemenuzud muyefiyo.pdb |
request | GET http://fbsdigitalstore.pk/administrator/ |
request | GET http://bamboo.cr/administrator/ |
request | GET http://gmail.coive.com/administrator/ |
request | GET http://westendsolution.com/administrator/ |
request | GET http://cook.de/administrator/ |
request | GET http://nojesevent.se/administrator/ |
request | GET http://egst.edu.et/administrator/ |
request | GET http://aleeas.com/administrator/ |
request | GET http://freecycle.com.br/administrator/ |
request | GET http://bseb.com/administrator/ |
request | GET http://cook.de/administrator/index.php |
request | GET http://bseb.com/administrator/index.php |
request | GET http://nojesevent.se/administrator/index.php |
request | GET http://jomaroil.com.br/administrator/ |
request | GET http://nvhrw.com/administrator/ |
request | GET http://steamlogic.org/administrator/ |
request | GET http://ohsjd.fr/administrator/ |
request | GET http://awartany.com/administrator/ |
request | GET http://ww25.nvhrw.com/phpmyadmin/?subid1=20231125-1957-27f5-b954-dc376cf569f6 |
request | GET http://steamlogic.org/administrator/index.php |
request | GET http://blueil.com/administrator/ |
request | GET http://ohsjd.fr/phpmyadmin/ |
request | GET http://jomaroil.com.br/administrator/index.php |
request | GET http://cook.de/wp-login.php |
request | GET http://nvrinc.coml.com/administrator/ |
request | GET http://nojesevent.se/wp-login.php |
request | GET http://egst.edu.et/phpmyadmin/ |
request | GET http://gmail.coive.com/administrator/index.php |
request | GET http://paslo.de/administrator/ |
request | GET http://lna.com.mx/administrator/ |
request | GET http://nvrinc.coml.com/administrator/index.php |
request | GET http://cook.de/wp-admin/ |
request | GET http://jomaroil.com.br/phpmyadmin/ |
request | GET http://bseb.com/wp-login.php |
request | GET http://steamlogic.org/wp-login.php |
request | GET http://awartany.com/administrator/index.php |
request | GET http://paslo.de/administrator/index.php |
request | GET http://steamlogic.org/wp-admin/ |
request | GET http://bakerisroofing.com/administrator/ |
request | GET http://www.saintjeandedieu.com/administrator |
request | GET http://nojesevent.se/wp-admin/ |
request | GET http://www.restajet.com/phpmyadmin/ |
request | GET http://paslo.de/phpmyadmin/ |
request | GET http://bseb.com/wp-admin/ |
request | GET http://gmail.coive.com/wp-login.php |
request | GET http://freecycle.com.br/administrator/index.php |
request | GET http://ww25.nvhrw.com/administrator/?subid1=20231125-1957-2885-9232-b36a0c77a1c5 |
request | GET http://bseb.com/phpmyadmin/ |
request | GET http://egst.edu.et/administrator/index.php |
request | GET http://transformadoresvictory.com.mx/administrator/ |
domain | fastmail.cmail.ru | description | Russian Federation domain TLD | ||||||
domain | 1away.top | description | Generic top level domain TLD | ||||||
domain | mail.1away.top | description | Generic top level domain TLD |
file | C:\ProgramData\Drivers\csrss.exe |
section | {u'size_of_data': u'0x001d2600', u'virtual_address': u'0x00001000', u'entropy': 7.9579465829035385, u'name': u'.text', u'virtual_size': u'0x001d24b2'} | entropy | 7.9579465829 | description | A section with a high entropy has been found | |||||||||
entropy | 0.968336361277 | description | Overall entropy of this PE file is high |
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep |
buffer | Buffer with sha1: 0c50ede4a76153165b5be1dbec9fc9d2f4a97416 |
host | 139.162.210.252 | |||
host | 45.136.244.187 | |||
host | 50.21.186.234 | |||
host | 50.7.8.141 | |||
host | 91.121.160.6 |
reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CSRSS | reg_value | "C:\ProgramData\Drivers\csrss.exe" |