Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Aug. 1, 2024, 8:44 a.m. | Aug. 1, 2024, 8:46 a.m. |
-
-
chcp.com chcp 65001
2664 -
netsh.exe netsh wlan show profile
544 -
findstr.exe findstr All
1596
-
Name | Response | Post-Analysis Lookup |
---|---|---|
icanhazip.com | 104.16.184.241 | |
api.mylnikov.org | 104.21.44.66 | |
api.telegram.org | 149.154.167.220 |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.2 192.168.56.101:49177 104.21.44.66:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=mylnikov.org | 02:37:7c:02:dd:73:81:8e:66:ea:4a:15:58:23:d8:bd:6d:a6:d0:39 |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://icanhazip.com/ | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET https://api.mylnikov.org/geolocation/wifi?v=1.1&bssid=0a:00:27:00:00:00 |
request | GET http://icanhazip.com/ |
request | GET https://api.mylnikov.org/geolocation/wifi?v=1.1&bssid=0a:00:27:00:00:00 |
domain | icanhazip.com |
cmdline | chcp 65001 |
cmdline | netsh wlan show networks mode=bssid |
cmdline | netsh wlan show profile |