Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Dec. 23, 2023, 6:16 p.m. | Dec. 23, 2023, 6:25 p.m. |
-
-
-
ugttmv0bWvGn3XMEJXD45JlM.exe "C:\Users\test22\Pictures\ugttmv0bWvGn3XMEJXD45JlM.exe"
2580 -
SS6Yx9EBpDnr7H5AwiVDv6Bl.exe "C:\Users\test22\Pictures\SS6Yx9EBpDnr7H5AwiVDv6Bl.exe"
2684 -
jkBSx0PNHElKEPX505wphL5k.exe "C:\Users\test22\Pictures\jkBSx0PNHElKEPX505wphL5k.exe"
2732 -
xxVA1wFApK5K0025cO6LKkqR.exe "C:\Users\test22\Pictures\xxVA1wFApK5K0025cO6LKkqR.exe"
2756 -
-
BroomSetup.exe C:\Users\test22\AppData\Local\Temp\BroomSetup.exe
2924 -
nsx392A.tmp.exe C:\Users\test22\AppData\Local\Temp\nsx392A.tmp.exe
2100
-
-
GuMIRR01ABdwlRPjBwLToenr.exe "C:\Users\test22\Pictures\GuMIRR01ABdwlRPjBwLToenr.exe" --silent --allusers=0
3008
-
-
-
explorer.exe C:\Windows\Explorer.EXE
1236
IP Address | Status | Action |
---|---|---|
104.192.141.1 | Active | Moloch |
104.20.68.143 | Active | Moloch |
104.21.30.5 | Active | Moloch |
104.21.33.167 | Active | Moloch |
104.21.79.77 | Active | Moloch |
104.21.93.225 | Active | Moloch |
107.167.110.211 | Active | Moloch |
158.160.130.138 | Active | Moloch |
164.124.101.2 | Active | Moloch |
172.67.180.173 | Active | Moloch |
172.67.188.178 | Active | Moloch |
185.85.15.46 | Active | Moloch |
192.0.66.233 | Active | Moloch |
194.49.94.85 | Active | Moloch |
209.87.209.205 | Active | Moloch |
3.5.28.176 | Active | Moloch |
47.236.140.86 | Active | Moloch |
5.42.64.35 | Active | Moloch |
64.185.227.156 | Active | Moloch |
91.92.254.7 | Active | Moloch |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.2 192.168.56.103:49167 104.21.79.77:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=yip.su | ae:5e:4a:71:b1:d8:2b:45:95:b2:33:e9:8b:5f:fa:b4:9c:9e:fd:8f |
TLS 1.2 192.168.56.103:49171 172.67.188.178:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=iplogger.com | c1:91:92:9b:9a:80:29:75:dc:65:9b:a4:c0:11:8c:ac:72:d6:77:58 |
TLS 1.2 192.168.56.103:49172 104.21.93.225:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=flyawayaero.net | b3:ec:66:5d:75:35:6c:24:98:34:68:0d:64:f9:b5:ca:b5:31:53:be |
TLS 1.2 192.168.56.103:49173 104.21.30.5:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=randomdomainname.org | 56:29:ae:9f:45:42:bb:95:38:08:ee:05:21:e7:f9:74:b1:3a:1d:c2 |
TLS 1.2 192.168.56.103:49166 104.20.68.143:443 |
C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 | C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 55:c8:82:61:30:05:42:80:db:47:5e:d0:66:b5:df:ac:14:5b:19:6f |
TLS 1.2 192.168.56.103:49170 104.192.141.1:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA | unknown=US, unknown=Delaware, unknown=Private Organization, serialNumber=3928449, C=US, ST=California, L=San Francisco, O=Atlassian US, Inc., CN=bitbucket.org | d4:63:2a:05:af:e6:e1:c6:be:ee:c7:40:96:77:ef:14:9d:17:12:09 |
TLS 1.2 192.168.56.103:49178 172.67.180.173:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=potatogoose.com | d5:8d:43:61:32:d2:ee:de:a0:6e:9f:2e:0f:97:b0:a4:8d:ad:1d:75 |
TLS 1.2 192.168.56.103:49179 104.21.33.167:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=budgienation.net | 86:9b:24:1c:80:b6:77:be:c7:31:c7:03:d5:fe:95:15:bf:50:90:0f |
TLS 1.2 192.168.56.103:49177 107.167.110.211:443 |
C=US, O=DigiCert Inc, CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1 | C=NO, ST=Oslo, L=Oslo, O=Opera Norway AS, CN=net.geo.opera.com | 8b:1e:84:38:9c:97:8c:be:f7:e1:0e:28:14:15:bb:08:cc:fb:ad:af |
TLS 1.2 192.168.56.103:49180 3.5.28.176:443 |
C=US, O=Amazon, CN=Amazon RSA 2048 M01 | CN=*.s3.amazonaws.com | dc:41:a6:3e:ee:32:6f:36:76:5a:ef:9d:17:af:14:13:e3:05:c6:d1 |
TLSv1 192.168.56.103:49201 172.67.188.178:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=iplogger.com | c1:91:92:9b:9a:80:29:75:dc:65:9b:a4:c0:11:8c:ac:72:d6:77:58 |
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://47.236.140.86/s/twty.exe | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://5.42.64.35/InstallSetup3.exe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://galandskiyher5.com/downloads/toolspub4.exe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://91.92.254.7/scripts/plus.php?ip=175.208.134.152&substr=three&s=ab | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://5.42.64.35/syncUpd.exe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://yip.su/RNWPd.exe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://pastebin.com/raw/E0rY26ni | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://flyawayaero.net/baf14778c246e15550645e30ba78ce1c.exe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://iplogger.com/1gDcm4 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://randomdomainname.org/2cba948feb9c53fce4409f0079aec61c.exe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://bitbucket.org/micaorrsoft/update/downloads/a01.exe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://potatogoose.com/8c35a460636521ed0deef49f6749c0e3/baf14778c246e15550645e30ba78ce1c.exe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://budgienation.net/8c35a460636521ed0deef49f6749c0e3/2cba948feb9c53fce4409f0079aec61c.exe | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://bbuseruploads.s3.amazonaws.com/c653674a-68fa-46c6-b413-9e71a0a3be60/downloads/7cc5bf80-2f20-4024-8172-c47af249efe9/a01.exe?response-content-disposition=attachment%3B%20filename%3D%22a01.exe%22&AWSAccessKeyId=ASIA6KOSE3BNLFZPBG6X&Signature=k4eYmK01rl8PGp4sOTTE04lteD0%3D&x-amz-security-token=IQoJb3JpZ2luX2VjELr%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDzQD%2B3UL8xV1DvAUP2KA45yti0HItkJ7%2FZj%2BYPZQQy%2BAIgK%2BOaDvdrjmeM3oRZP0OlFI2Pl%2B7GauL9ExmwyykyfrwqpwIIQhAAGgw5ODQ1MjUxMDExNDYiDOob2cJxt3Exs6kaAiqEAh4UYnRFarCTXYvHT0WXfJIgVuJuVvzUOPIbUG1w3nq2Yphc6rTsOhGwJcQzKyRWF%2BFm10oe88IpTj4lNM0gXnjCTwZXQVKi1Uz9JNwgbaaYzUofoIP2CZjnvaRuOYs0d6gOPdtnykb2eWeS2dGifaFBhMq%2BTovxD1l5xXeH3tHvHNOaHU%2F7ARV55Dc9YfRvdX2zOOUhEp62CjCviT3FBfq3tK8eLfJ2mwSddoM%2FvxLRaudgcAE%2FiTTi0RrZN5feEmr54GKsqEohzoLCOWAVpxR0dUkQrUDuJVTdHHFSkuX%2FWnX7mWGXITM985Y282tuaPXm6LdfM5BRgxr0vV3YWCtcSJnXMLjKmqwGOp0B5x1g24OisxHRKZUaNxp9%2BSGjgOsFU3J%2Fbs39LZmb4y%2BP29AtY729%2BALyUGmbQ3ghX9X%2FHvfZiW7jkSIo533BZtqI2LeUKLMZGFRSS862V%2FwPY7aL9mQD2m03u7eiKl8%2BE2Kc5rYFMkJjjg%2BliR6dKkTaba%2FDuj%2FNE2de8W4Y9dFnibQCoicKOX5nhXD%2B3R8dFgBbmLV9RQDHhvlDPg%3D%3D&Expires=1703324736 |
request | GET http://47.236.140.86/s/twty.exe |
request | GET http://5.42.64.35/InstallSetup3.exe |
request | GET http://galandskiyher5.com/downloads/toolspub4.exe |
request | GET http://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 |
request | GET http://api.ipify.org/?format=wet |
request | GET http://91.92.254.7/scripts/plus.php?ip=175.208.134.152&substr=three&s=ab |
request | GET http://5.42.64.35/syncUpd.exe |
request | GET https://yip.su/RNWPd.exe |
request | GET https://pastebin.com/raw/E0rY26ni |
request | GET https://flyawayaero.net/baf14778c246e15550645e30ba78ce1c.exe |
request | GET https://iplogger.com/1gDcm4 |
request | GET https://randomdomainname.org/2cba948feb9c53fce4409f0079aec61c.exe |
request | GET https://bitbucket.org/micaorrsoft/update/downloads/a01.exe |
request | GET https://potatogoose.com/8c35a460636521ed0deef49f6749c0e3/baf14778c246e15550645e30ba78ce1c.exe |
request | GET https://budgienation.net/8c35a460636521ed0deef49f6749c0e3/2cba948feb9c53fce4409f0079aec61c.exe |
request | GET https://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 |
request | GET https://bbuseruploads.s3.amazonaws.com/c653674a-68fa-46c6-b413-9e71a0a3be60/downloads/7cc5bf80-2f20-4024-8172-c47af249efe9/a01.exe?response-content-disposition=attachment%3B%20filename%3D%22a01.exe%22&AWSAccessKeyId=ASIA6KOSE3BNLFZPBG6X&Signature=k4eYmK01rl8PGp4sOTTE04lteD0%3D&x-amz-security-token=IQoJb3JpZ2luX2VjELr%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDzQD%2B3UL8xV1DvAUP2KA45yti0HItkJ7%2FZj%2BYPZQQy%2BAIgK%2BOaDvdrjmeM3oRZP0OlFI2Pl%2B7GauL9ExmwyykyfrwqpwIIQhAAGgw5ODQ1MjUxMDExNDYiDOob2cJxt3Exs6kaAiqEAh4UYnRFarCTXYvHT0WXfJIgVuJuVvzUOPIbUG1w3nq2Yphc6rTsOhGwJcQzKyRWF%2BFm10oe88IpTj4lNM0gXnjCTwZXQVKi1Uz9JNwgbaaYzUofoIP2CZjnvaRuOYs0d6gOPdtnykb2eWeS2dGifaFBhMq%2BTovxD1l5xXeH3tHvHNOaHU%2F7ARV55Dc9YfRvdX2zOOUhEp62CjCviT3FBfq3tK8eLfJ2mwSddoM%2FvxLRaudgcAE%2FiTTi0RrZN5feEmr54GKsqEohzoLCOWAVpxR0dUkQrUDuJVTdHHFSkuX%2FWnX7mWGXITM985Y282tuaPXm6LdfM5BRgxr0vV3YWCtcSJnXMLjKmqwGOp0B5x1g24OisxHRKZUaNxp9%2BSGjgOsFU3J%2Fbs39LZmb4y%2BP29AtY729%2BALyUGmbQ3ghX9X%2FHvfZiW7jkSIo533BZtqI2LeUKLMZGFRSS862V%2FwPY7aL9mQD2m03u7eiKl8%2BE2Kc5rYFMkJjjg%2BliR6dKkTaba%2FDuj%2FNE2de8W4Y9dFnibQCoicKOX5nhXD%2B3R8dFgBbmLV9RQDHhvlDPg%3D%3D&Expires=1703324736 |
request | GET https://iplogger.com/19hVA4 |
domain | yip.su | description | Soviet Union domain TLD |
domain | api.ipify.org |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cb9F54Hr6tnRAYky1mxvduaW.bat |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\J2Bqka6WQUYC3C1oUt81SJN1.bat |
file | C:\Users\test22\AppData\Local\Temp\nsuCF7.tmp\Zip.dll |
file | C:\Users\test22\Pictures\xxVA1wFApK5K0025cO6LKkqR.exe |
file | C:\Users\test22\Pictures\tOtcmAUyZOxR462do2YSqCR9.exe |
file | C:\Users\test22\Pictures\ugttmv0bWvGn3XMEJXD45JlM.exe |
file | C:\Users\test22\AppData\Local\DeBd4uPAuFJQkbEv8hWmHCy8.exe |
file | C:\Users\test22\Pictures\GuMIRR01ABdwlRPjBwLToenr.exe |
file | C:\Users\test22\AppData\Local\KHsHcRv0GeWg5yK9vZcIV01Q.exe |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClocX\ClocX.lnk |
file | C:\Users\test22\AppData\Local\zU95NkXKdJdIDSwnGhuAJ8U8.exe |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0MxHFtTk4hqHtWhmgF3yO6er.bat |
file | C:\Users\test22\Pictures\SS6Yx9EBpDnr7H5AwiVDv6Bl.exe |
file | C:\Users\test22\Pictures\ioi8yd2UPb6FG1ufkh1HC1to.exe |
file | C:\Program Files (x86)\ClocX\BackupAlarms.bat |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eq7MXwvYoaVKP6PO5U4o8UMy.bat |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zrs0ntUAYLSq91SSl1lxHJbS.bat |
file | C:\Users\test22\Pictures\Opera_installer_2312231557071713008.dll |
file | C:\Users\test22\AppData\Local\Temp\BroomSetup.exe |
file | C:\Users\test22\AppData\Local\9uGBJAt4sFywx5x5cpcqt0oY.exe |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LWK3Fl3zoxwTQG3xqCVkHJDh.bat |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\R09kR5er53bKBiz8S4wdhScp.bat |
file | C:\Users\test22\AppData\Local\Temp\Opera_installer_2312231557071563008.dll |
file | C:\Users\test22\AppData\Local\Temp\nsj2581.tmp\INetC.dll |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClocX\Uninstall.lnk |
file | C:\Users\test22\AppData\Local\Temp\nsuCF7.tmp\Checker.dll |
file | C:\Program Files (x86)\ClocX\uninst.exe |
file | C:\Users\test22\AppData\Local\mEfQBOR8XUDlt33AZtNXgKrt.exe |
file | C:\Users\test22\AppData\Local\uakGeV2JFr2R8DTRJcfdguCZ.exe |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KYU3wTLqhy8tYNqsWDQ6eJoO.bat |
file | C:\Users\test22\Pictures\gqMkx4er7nBoRiuXIngJdzJX.exe |
file | C:\Users\test22\Pictures\jkBSx0PNHElKEPX505wphL5k.exe |
file | C:\Users\test22\AppData\Local\Temp\nsx392A.tmp.exe |
file | C:\Program Files (x86)\ClocX\ClocX.exe |
file | C:\Users\test22\AppData\Local\gocTeRJBTnUbC5AL5bDyKyry.exe |
file | C:\Users\test22\AppData\Local\6nkS82JQPZQDsCMh6Ej5QIOV.exe |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClocX\Uninstall.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClocX\ClocX.lnk |
file | C:\Users\test22\AppData\Local\Temp\SandboxieInstall.exe |
file | C:\Users\test22\AppData\Local\Temp\BroomSetup.exe |
file | C:\Users\test22\AppData\Local\6nkS82JQPZQDsCMh6Ej5QIOV.exe |
file | C:\Users\test22\AppData\Local\Temp\202005191702_6d173b9549ce4fe1e5ada5ab9ce0bfff5d9569f19e7fa916db5c8d4f0dace63b_setup_nwc275a_demo.exe |
file | C:\Users\test22\AppData\Local\zU95NkXKdJdIDSwnGhuAJ8U8.exe |
file | C:\Users\test22\AppData\Local\Temp\nsuCF7.tmp\Checker.dll |
file | C:\Users\test22\AppData\Local\Temp\Setup00000994\OSETUPUI.DLL |
file | C:\Users\test22\AppData\Local\uakGeV2JFr2R8DTRJcfdguCZ.exe |
file | C:\Users\test22\AppData\Local\Temp\Setup00000994\OSETUP.DLL |
file | C:\Users\test22\AppData\Local\Temp\nsx392A.tmp.exe |
file | C:\Users\test22\AppData\Local\Temp\Setup000023ac\OSETUP.DLL |
file | C:\Users\test22\AppData\Local\mEfQBOR8XUDlt33AZtNXgKrt.exe |
file | C:\Users\test22\AppData\Local\Temp\Setup000023ac\ose00000.exe |
file | C:\Users\test22\AppData\Local\Temp\Setup00000994\ose00000.exe |
file | C:\Users\test22\AppData\Local\Temp\nsj2581.tmp\INetC.dll |
file | C:\Users\test22\AppData\Local\Temp\nsuCF7.tmp\Zip.dll |
file | C:\Users\test22\AppData\Local\Temp\Setup000023ac\OSETUPUI.DLL |