Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | Nov. 29, 2023, 3:51 p.m. | Nov. 29, 2023, 3:53 p.m. |
IP Address | Status | Action |
---|---|---|
104.21.31.74 | Active | Moloch |
104.26.4.15 | Active | Moloch |
104.26.8.59 | Active | Moloch |
109.107.182.45 | Active | Moloch |
158.160.82.150 | Active | Moloch |
162.0.215.51 | Active | Moloch |
164.124.101.2 | Active | Moloch |
172.67.132.113 | Active | Moloch |
172.67.139.220 | Active | Moloch |
172.67.147.32 | Active | Moloch |
176.113.115.84 | Active | Moloch |
190.187.52.42 | Active | Moloch |
194.169.175.128 | Active | Moloch |
194.33.191.60 | Active | Moloch |
194.49.94.152 | Active | Moloch |
194.49.94.80 | Active | Moloch |
194.49.94.97 | Active | Moloch |
23.67.53.17 | Active | Moloch |
34.117.59.81 | Active | Moloch |
5.42.64.35 | Active | Moloch |
5.42.64.41 | Active | Moloch |
77.232.39.164 | Active | Moloch |
87.240.137.164 | Active | Moloch |
91.215.85.209 | Active | Moloch |
91.92.243.151 | Active | Moloch |
95.142.206.0 | Active | Moloch |
95.142.206.1 | Active | Moloch |
95.142.206.2 | Active | Moloch |
95.142.206.3 | Active | Moloch |
95.214.26.17 | Active | Moloch |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.102:49203 104.21.31.74:443 |
C=US, O=Let's Encrypt, CN=E1 | CN=thezccasdsadasdafdsdfdgfdfdfhdfhagdfahfsgh.sbs | 08:4e:ff:78:a5:79:72:d0:52:5f:3b:db:9d:72:02:82:d3:30:7a:0e |
TLSv1 192.168.56.102:49175 104.26.8.59:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 92:b4:ed:98:67:d9:db:8a:1e:bd:0e:fe:7f:22:45:e9:79:b5:78:65 |
TLSv1 192.168.56.102:49183 87.240.137.164:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
TLSv1 192.168.56.102:49216 87.240.137.164:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
TLSv1 192.168.56.102:49230 87.240.137.164:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
TLSv1 192.168.56.102:49232 87.240.137.164:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
TLSv1 192.168.56.102:49223 95.142.206.3:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com | bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24 |
TLSv1 192.168.56.102:49249 87.240.137.164:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
TLSv1 192.168.56.102:49253 95.142.206.2:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com | bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24 |
TLSv1 192.168.56.102:49250 87.240.137.164:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
TLSv1 192.168.56.102:49234 95.142.206.1:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com | bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24 |
TLSv1 192.168.56.102:49265 87.240.137.164:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
TLSv1 192.168.56.102:49266 87.240.137.164:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
TLSv1 192.168.56.102:49261 87.240.137.164:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
TLSv1 192.168.56.102:49267 87.240.137.164:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
TLSv1 192.168.56.102:49271 95.142.206.1:443 |
None | None | None |
TLSv1 192.168.56.102:49268 95.142.206.0:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.userapi.com | bc:a9:84:5f:86:90:b1:02:ba:2d:66:e8:e5:46:c1:57:e9:c0:cc:24 |
TLSv1 192.168.56.102:49269 87.240.137.164:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
TLSv1 192.168.56.102:49292 104.26.4.15:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 03:f8:79:dd:26:16:32:12:a4:33:99:34:af:f7:33:32:d5:e0:aa:e5 |
TLSv1 192.168.56.102:49274 87.240.137.164:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
TLSv1 192.168.56.102:49283 172.67.132.113:443 |
C=US, O=Let's Encrypt, CN=E1 | CN=iplogger.org | 1e:76:b5:78:be:35:ec:fb:3f:26:d0:5f:1c:2a:2d:33:0e:51:6f:7e |
TLSv1 192.168.56.102:49296 172.67.139.220:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=2ip.ua | df:8e:38:7b:a5:b7:63:5f:01:77:75:f0:d6:4a:08:30:fa:63:46:8f |
TLSv1 192.168.56.102:49277 87.240.137.164:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 6b:39:d3:5a:fa:5a:ee:80:1a:d7:f6:77:30:52:cf:2b:52:a1:82:09 |
TLSv1 192.168.56.102:49282 172.67.147.32:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=iplis.ru | 04:2b:ef:ab:43:60:60:33:69:03:f3:51:37:11:c8:29:26:89:a4:93 |
TLSv1 192.168.56.102:49297 172.67.139.220:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=2ip.ua | df:8e:38:7b:a5:b7:63:5f:01:77:75:f0:d6:4a:08:30:fa:63:46:8f |
TLSv1 192.168.56.102:49300 104.26.4.15:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 03:f8:79:dd:26:16:32:12:a4:33:99:34:af:f7:33:32:d5:e0:aa:e5 |
suspicious_features | Connection to IP address | suspicious_request | GET http://91.92.243.151/api/tracemap.php | ||||||
suspicious_features | POST method with no referer header, Connection to IP address | suspicious_request | POST http://91.92.243.151/api/firegate.php | ||||||
suspicious_features | Connection to IP address | suspicious_request | HEAD http://5.42.64.35/timeSync.exe | ||||||
suspicious_features | Connection to IP address | suspicious_request | HEAD http://109.107.182.45/trend/home.exe | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://5.42.64.35/timeSync.exe | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://109.107.182.45/trend/home.exe | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://176.113.115.84:8080/4.php | ||||||
suspicious_features | POST method with no referer header, POST method with no useragent header, Connection to IP address | suspicious_request | POST http://5.42.64.41/40d570f44e84a454.php | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://5.42.64.41/2a7743b8bbd7e4a7/sqlite3.dll | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://5.42.64.41/2a7743b8bbd7e4a7/freebl3.dll | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://5.42.64.41/2a7743b8bbd7e4a7/mozglue.dll | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://5.42.64.41/2a7743b8bbd7e4a7/msvcp140.dll | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://5.42.64.41/2a7743b8bbd7e4a7/nss3.dll | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://5.42.64.41/2a7743b8bbd7e4a7/softokn3.dll | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://5.42.64.41/2a7743b8bbd7e4a7/vcruntime140.dll |
request | GET http://91.92.243.151/api/tracemap.php |
request | POST http://91.92.243.151/api/firegate.php |
request | HEAD http://5.42.64.35/timeSync.exe |
request | HEAD http://109.107.182.45/trend/home.exe |
request | GET http://5.42.64.35/timeSync.exe |
request | GET http://109.107.182.45/trend/home.exe |
request | GET http://176.113.115.84:8080/4.php |
request | GET http://apps.identrust.com/roots/dstrootcax3.p7c |
request | POST http://5.42.64.41/40d570f44e84a454.php |
request | GET http://5.42.64.41/2a7743b8bbd7e4a7/sqlite3.dll |
request | GET http://5.42.64.41/2a7743b8bbd7e4a7/freebl3.dll |
request | GET http://5.42.64.41/2a7743b8bbd7e4a7/mozglue.dll |
request | GET http://5.42.64.41/2a7743b8bbd7e4a7/msvcp140.dll |
request | GET http://5.42.64.41/2a7743b8bbd7e4a7/nss3.dll |
request | GET http://5.42.64.41/2a7743b8bbd7e4a7/softokn3.dll |
request | GET http://5.42.64.41/2a7743b8bbd7e4a7/vcruntime140.dll |
request | GET http://zexeq.com/test2/get.php?pid=CD20CF071BA7C05D5F5E6CAF42496E78&first=true |
request | GET https://api.myip.com/ |
request | GET https://vk.com/doc746114504_647280747?hash=cvDFKP5q0CQEjBCbeoeHvPNrWE0xbMxZEmrkIeNKcET&dl=G42DMMJRGQ2TANA:1661413520:uZNj68vRUvQaydRD8wpAK8zluN0I7otw5AHbA1ZlN9T&api=1&no_preview=1 |
request | GET https://thezccasdsadasdafdsdfdgfdfdfhdfhagdfahfsgh.sbs/setup294.exe |
request | GET https://vk.com/doc418490229_668929938?hash=ktCgmKYqoZFe4ivRZzzbNBxLkP2YROgRTvMCbGK5rtc&dl=Q00m1ouR7KqanosInfovEoKZoXQN3pn1V9bUiGxjkk0&api=1&no_preview=1 |
request | GET https://sun6-23.userapi.com/c909328/u418490229/docs/d4/513c59e462a3/2s78sh2agf.bmp?extra=wo3J3uOiHbgaAFfUUpBiWNnQ_wa3RVUVpf16WebNgU3tW18tv009ULs2b4b8x5HTDD7XJTCRwRbunl6DgE_pXd2Bpht21e04pZ2mEDxtRrUOB_l46TDy9w7D_F8mVOCDwNW_T0c_ZlIZ8-Hh2A |
request | GET https://vk.com/doc278414724_666785048?hash=BEECsUI0KihIsE0U0nCflKTI5jGLqnjbHrZ921hHoIo&dl=MlH2hFcAGSgijzPzzjYVJFJFj9WHHsyc0XO9FI0mX38&api=1&no_preview=1#ww11 |
request | GET https://vk.com/doc418490229_668767729?hash=65wAhIT5Td9Qu0SLdsQyFz8gx9sXRgxbSsg6rImiJQH&dl=ur2wv4vg3UjVwTO0wSnjKdxULtRETYEfElriZjtBG64&api=1&no_preview=1 |
request | GET https://sun6-21.userapi.com/c237331/u418490229/docs/d28/adfc4032e372/BotClients.bmp?extra=u6VcUNDBHlz4YtdAG5FSiCZtBVvB20an469YZyM8KYXq3Vh2UQ8YRDjgubImLSU5YyYT8TRfRocazjx4RVqpRtmvXLm18R9BiDOzCavVrvZPK5TXT1v1nS1lYeEizYUGJUOVTFeMRkJhvuR3lQ |
request | GET https://vk.com/doc418490229_668931401?hash=iAFqqX4VsjibbUrFFs3uLnWGAIedldaHRjTySVZmqV0&dl=hZ7Ql2epmfz2WiO8BxGI8cdwo6AK6bLFPyI65FMR3FH&api=1&no_preview=1#maff |
request | GET https://vk.com/doc418490229_668929813?hash=CcrmLI7IeiRz0lU8DnAVrRG7zp1VmDOzkljV4YdvlFg&dl=fbXhUnfoCiOFBNTYzP3G4TgseWVmer9dhybO06Dbf3X&api=1&no_preview=1#risepro |
request | GET https://sun6-23.userapi.com/c909328/u418490229/docs/d20/f3a7ad2143af/mr_Bro.bmp?extra=LeAgMHn_2s_EVvaW-K_cYV6O9innY-2Ivke0GMPWzt-Bxu8pOVe7OUztp54ANXLikgsNht2ZvFU3mutgl9UWPZP25IvV6FHhjqfrAX2L6bAqCC7SyALVe6WD2lVYAeSAh3Vn80bmEFxY13YjhQ |
request | GET https://sun6-22.userapi.com/c236331/u418490229/docs/d5/af51deff0236/Rise.bmp?extra=EXpRRrsiC1jWoHBXbvHHi-UWj6Grj_AkUV6kOcM6llnGcexjn5FNP-bw5dsGphz9RLFdXu9yhqgky3xkYW4oblIQTqffvix3MCOTMskXb-0k6HOQ4MwchfLG5QMetCJb-25Uj9rO2AF0wV3bkQ |
request | GET https://vk.com/doc791620691_663065029?hash=Efubo9FQtw3Bdj42XJVcJwymfIH3PazMKz8g5wJ0dZX&dl=G44TCNRSGA3DSMI:1682787066:QgrgzF33wDt9bwmmOgWCYTv61J7HwhLVZOXGaEdWiKP&api=1&no_preview=1#test |
request | GET https://vk.com/doc418490229_668929802?hash=JGJzKUDsQctWofQ698XiG5TtXyL4jHXW5WO9kYCx09g&dl=jnJZekjN4zWOrABguUPz6zoyi3nglzHT0X5thDnbzMX&api=1&no_preview=1#redline_rm |
request | GET https://vk.com/doc418490229_668938366?hash=5FoUaQok0B2gtiDqcFJ4bpegTD2SPzTjKqykfkwb3zc&dl=vyAqT5Xe4xXyZ38CTECObVL4GlrQZGRjeNMqsV10szg&api=1&no_preview=1#1 |
request | GET https://vk.com/doc26060933_667508201?hash=6VnuemqrvgMX7JGCKhOp7uAllSfIKzasrs7cM1fWhgL&dl=JwY775FVXYxbFspXlbElezWDzeVHhbpuZXgjGmHUTZs&api=1&no_preview=1#setup |
request | GET https://sun6-20.userapi.com/c909518/u418490229/docs/d51/4406a2506340/red_line.bmp?extra=1GONfT_9cHm8rJzJ70PLJj4VAC91m0S4Gca-QG052TIJ_-UwtxALkVaPJ0uZ1FKVXet0kJLaXAZ51JpjRgVz_JEdKGwQ8dO7nEJ5B0ilU4MZvTvhmkRuXRNbW12qcvV2G5xp2F3bcuW3WdIAhQ |
request | GET https://sun6-21.userapi.com/c909328/u418490229/docs/d52/e20150ec5011/crypted.bmp?extra=9_uUHyTbLcXEPVRQVoDX2SVXXD5LQIa5cbmPsUZ3sANv_Z7qrNnfAbxOeHfG8kJovBnfxWwX2ooHmOeZbCi822CJMQagWtI1l_OJm3U24MjBdIRMy5fjt-zQyydy6dHJmDi4Osx0CqpLJikI0A |
request | GET https://vk.com/doc418490229_668950817?hash=eI5j14qEZqSaw1aKlx69PDkbeE2RaV0OZkR8TCBVlkH&dl=Q3HIRdzNrrMLZtN2dhibLhc4W12UZleN44GQrBv9zQc&api=1&no_preview=1#xin |
request | GET https://sun6-21.userapi.com/c909418/u418490229/docs/d33/0707ec1a9cdf/cz28.bmp?extra=sGRI4H5niz7RxILWD_zUG_ctDcTaUSYqKpF1niVRahjkUS__H9KEp1ZwCxgayUfHyz5J9Nz_aiGnRQ0XXPiLbkZhLPYOYfkejwL07zdN1voMsYNb9bZ-9a11sYdof2VMN6HvEZGjbQ-CNlvy4A |
request | GET https://vk.com/doc791620691_663065029?hash=Efubo9FQtw3Bdj42XJVcJwymfIH3PazMKz8g5wJ0dZX&dl=G44TCNRSGA3DSMI:1682787066:QgrgzF33wDt9bwmmOgWCYTv61J7HwhLVZOXGaEdWiKP&api=1&no_preview=1#stats |
request | GET https://vk.com/doc418490229_668951217?hash=0wrWsiW5bDYiOaBQlj1ut0KnfM2SerHsUNtSIA8n0BX&dl=OYYh0EDgZLGz5BRVaNfHjBWXrjyY3hvz3peQaRwCvJ0&api=1&no_preview=1#test22 |
request | GET https://sun6-22.userapi.com/c909218/u418490229/docs/d39/b36e581ef415/file281123.bmp?extra=bJDa7mvscY-voQdIZZUksYr44DtBJP-kJssHt6Ahl0Q3MWE0gDizV1mxjHiRYniFlTlcLPFRW15HwvmQT66uxmB5hPFhj1YM_rOkx1nDbAHpSg6gKZ6T_jczVxXuiS1oknRU7mtsN-SX-p1ujg |
request | GET https://iplis.ru/1Gemv7.mp3 |
request | GET https://db-ip.com/demo/home.php?s=175.208.134.152 |
request | GET https://api.2ip.ua/geo.json |
request | POST http://91.92.243.151/api/firegate.php |
request | POST http://5.42.64.41/40d570f44e84a454.php |
ip | 176.113.115.84 |
ip | 194.169.175.128 |
ip | 194.33.191.60 |
ip | 194.49.94.152 |
ip | 194.49.94.80 |
ip | 77.232.39.164 |
ip | 95.214.26.17 |
domain | iplis.ru | description | Russian Federation domain TLD | ||||||
domain | gons32cl.top | description | Generic top level domain TLD |
domain | ipinfo.io |
file | C:\Users\test22\AppData\Local\Temp\7zEC9859F36\prom\conc.dll |
file | C:\Users\test22\AppData\Local\Temp\7zEC9859F36\prom\concrt140.dll |
file | C:\Users\test22\AppData\Local\Temp\7zEC9859F36\prom\dbgh.dll |
file | C:\Users\test22\AppData\Local\Temp\7zEC9859F36\setup.exe |
file | C:\Users\test22\AppData\Local\Temp\7zEC9859F36\prom\gettext.dll |
file | C:\Users\test22\AppData\Local\Temp\7zEC9859F36\prom\dbghelp.dll |
file | C:\Users\test22\AppData\Local\Temp\7zEC9859F36\prom\ieframe.dll |
file | C:\Users\test22\AppData\Local\Temp\7zEC9859F36\prom\concrt1.dll |
description | Escalate priviledges | rule | Escalate_priviledges | ||||||
description | PWS Memory | rule | Generic_PWS_Memory_Zero | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Run a KeyLogger | rule | KeyLogger |
host | 109.107.182.45 | |||
host | 176.113.115.84 | |||
host | 194.169.175.128 | |||
host | 194.33.191.60 | |||
host | 194.49.94.152 | |||
host | 194.49.94.80 | |||
host | 194.49.94.97 | |||
host | 5.42.64.35 | |||
host | 5.42.64.41 | |||
host | 77.232.39.164 | |||
host | 91.92.243.151 | |||
host | 95.214.26.17 |
dead_host | 176.113.115.84:80 |
dead_host | 194.49.94.97:80 |
dead_host | 192.168.56.102:49188 |