Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

SoftWare(1).exe

PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows

initial sample

Details

Filetype:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	7.889221016357341
Filename:	SoftWare(1).exe
Filesize:	359936
MD5:	3adc9c7905f10b8c2c0b0bb7826b67a2
SHA1:	e7861a02d2beac0caa3c00eb11a1b84fb54437db
SHA256:	60035aa91fc8436120e0d471f046a14fd45191f5ad56bef0bb3c7688c8f0d1ad
SHA512:	bd7045b7fcf61dc89beeee0b251554a82bfdbd70c5e535011b5b71f94bd548e17ed68af012a9f94e9a14602e83f00b8eba926af66dd5790a09dc17678e9caf70
SSDEEP:	6144:HKTh0X7iFpDBiW9+q7p8BF47jC3gOT8EY5RyN2vOYU4GtrLu61EGMIZqtIHjMbs:eh0riFHiWpC3gOwt5RrOYvGtrLu6vZC4
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g..................................... ....@.. ....................................@................................

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Found malware configuration	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Allocates memory in foreign processes	HIPS / PFW / Operating System Protection Evasion
Contains functionality to inject code into remote processes	HIPS / PFW / Operating System Protection Evasion
Contains functionality to inject threads in other processes	HIPS / PFW / Operating System Protection Evasion
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
LummaC encrypted strings found	HIPS / PFW / Operating System Protection Evasion	PowerShell Security Software Discovery
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
PE file has nameless sections	System Summary
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion
Allocates memory with a write watch (potentially for evading sandboxes)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion Security Software Discovery
Contains functionality to call native functions	System Summary
Contains functionality to check if a debugger is running (IsDebuggerPresent)	Anti Debugging	Security Software Discovery
Contains functionality to query CPU information (cpuid)	Language, Device and Operating System Detection	System Information Discovery
Contains functionality which may be used to detect a debugger (GetProcessHeap)	Anti Debugging	Security Software Discovery
Contains long sleeps (>= 3 min)	Malware Analysis System Evasion	Security Software Discovery
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion
Detected potential crypto function	System Summary	Archive Collected Data Encrypted Channel
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion	Security Software Discovery
May sleep (evasive loops) to hinder dynamic analysis	Malware Analysis System Evasion	File and Directory Discovery
PE file contains sections with non-standard names	Data Obfuscation
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection
Sample file is different than original file name gathered from version info	System Summary	Security Software Discovery
Uses 32bit PE files	Compliance, System Summary	Masquerading
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation	Security Software Discovery
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary
Contains functionality to enumerate / list files inside a directory	Spreading, Malware Analysis System Evasion	File and Directory Discovery
Contains functionality to modify the execution of threads in other processes		Security Software Discovery
Contains functionality to query local / system time	Language, Device and Operating System Detection	System Time Discovery
Contains functionality to register its own exception handler	Anti Debugging	Security Software Discovery
Contains medium sleeps (>= 30s)	Malware Analysis System Evasion
Creates files inside the user directory	System Summary	Masquerading
Creates guard pages, often used to prevent reverse engineering and debugging	Anti Debugging	Disable or Modify Tools
Creates mutexes	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Reads software policies	System Summary
Sample is known by Antivirus	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
Uses an in-process (OLE) Automation server	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary	Security Software Discovery
PE file contains a COM descriptor data directory	System Summary

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SoftWare(1).exe.log

ASCII text, with CRLF line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SoftWare(1).exe.log
Category:	dropped
Dump:	SoftWare(1).exe.log.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Users\user\Desktop\SoftWare(1).exe
Type:	ASCII text, with CRLF line terminators
Entropy:	4.0050635535766075
Encrypted:	false
Ssdeep:	3:QHXMKa/xwwUy:Q3La/xwQ
Size:	42
Whitelisted:	false
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
PE file has nameless sections	System Summary
PE file contains sections with non-standard names	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

C:\Users\user\AppData\Roaming\msvcp110.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Roaming\msvcp110.dll
Category:	dropped
Dump:	msvcp110.dll.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\SoftWare(1).exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	7.138411655503185
Encrypted:	false
Ssdeep:	12288:3kiwcsWJ4JzA4p/cRfXdlBw9oxW7XzD/+b:3kiwcOA0AXw9oxQDD/+
Size:	553984
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Machine Learning detection for dropped file	AV Detection
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Creates files inside the user directory	System Summary	Masquerading

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_aspnet_regiis.ex_90207b4b93c0fbe6f8caeaf6efed237ac9f15ca0_d8295a56_b82e07be-d2da-420e-ab35-b2749b42adf7\Report.wer

data

dropped

Details

File:	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_aspnet_regiis.ex_90207b4b93c0fbe6f8caeaf6efed237ac9f15ca0_d8295a56_b82e07be-d2da-420e-ab35-b2749b42adf7\Report.wer
Category:	dropped
Dump:	Report.wer.5.dr
ID:	dr_2
Target ID:	5
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	data
Entropy:	1.1027660022791612
Encrypted:	false
Ssdeep:	192:PK2NTP1il0BU/4jGmDEDHxzuiFUZ24IO8C3:HJiGBU/4jxQxzuiFUY4IO8C3
Size:	65536
Whitelisted:	false
Reputation:	low

C:\ProgramData\Microsoft\Windows\WER\Temp\WER860B.tmp.dmp

Mini DuMP crash report, 15 streams, Mon Oct 14 03:01:13 2024, 0x1205a4 type

dropped

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER860B.tmp.dmp
Category:	dropped
Dump:	WER860B.tmp.dmp.5.dr
ID:	dr_4
Target ID:	5
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Mini DuMP crash report, 15 streams, Mon Oct 14 03:01:13 2024, 0x1205a4 type
Entropy:	2.1271325999158908
Encrypted:	false
Ssdeep:	384:5XPjnkQH8kB7FxHssR1pGIm3BerwCR5lBqhKWZ60KUkJB7S0:5rkq8kB7HHssR7rm3ErmZmtJ00
Size:	116178
Whitelisted:	false
Reputation:	low

C:\ProgramData\Microsoft\Windows\WER\Temp\WER88EB.tmp.WERInternalMetadata.xml

XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER88EB.tmp.WERInternalMetadata.xml
Category:	dropped
Dump:	WER88EB.tmp.WERInternalMetadata.xml.5.dr
ID:	dr_5
Target ID:	5
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	3.688748661824445
Encrypted:	false
Ssdeep:	192:R6l7wVeJia6d6YYV6tgmfvPprU89baQsfxem:R6lXJH6d6YC6tgmfvjajfx
Size:	8314
Whitelisted:	false
Reputation:	low

C:\ProgramData\Microsoft\Windows\WER\Temp\WER892A.tmp.xml

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER892A.tmp.xml
Category:	dropped
Dump:	WER892A.tmp.xml.5.dr
ID:	dr_6
Target ID:	5
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	4.459818688627694
Encrypted:	false
Ssdeep:	48:cvIwWl8zs1Jg77aI9XsWpW8VYlYm8M4Jhofo6FN+q8bsXaeSararMd:uIjfPI71F7VJJh0pgsLSararMd
Size:	4683
Whitelisted:	false
Reputation:	low

C:\Windows\appcompat\Programs\Amcache.hve

MS Windows registry file, NT/2000 or above

dropped

Details

File:	C:\Windows\appcompat\Programs\Amcache.hve
Category:	dropped
Dump:	Amcache.hve.5.dr
ID:	dr_3
Target ID:	5
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	MS Windows registry file, NT/2000 or above
Entropy:	4.466397401139494
Encrypted:	false
Ssdeep:	6144:zIXfpi67eLPU9skLmb0b4qWSPKaJG8nAgejZMMhA2gX4WABl0uNMdwBCswSb/:kXD94qWlLZMM6YFHq+/
Size:	1835008
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\SoftWare(1).exe

"C:\Users\user\Desktop\SoftWare(1).exe"

Details

Is windows:	false
Is dropped:	false
PID:	3652
Target ID:	0
Parent PID:	2580
Name:	SoftWare(1).exe
Path:	C:\Users\user\Desktop\SoftWare(1).exe
Commandline:	"C:\Users\user\Desktop\SoftWare(1).exe"
Size:	359936
MD5:	3ADC9C7905F10B8C2C0B0BB7826B67A2
Time:	23:00:59
Date:	13/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xdd0000
Modulesize:	393216
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (changes PE section rights)	Data Obfuscation	Software Packing
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
PE file has nameless sections	System Summary
PE file contains sections with non-standard names	Data Obfuscation
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Binary may include packed or encrypted code	Data Obfuscation	Obfuscated Files or Information Software Packing
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)	System Summary	Software Packing
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"

Details

Is windows:	true
Is dropped:	false
PID:	280
Target ID:	2
Parent PID:	3652
Name:	aspnet_regiis.exe
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
Size:	43016
MD5:	5D1D74198D75640E889F0A577BBF31FC
Time:	23:01:00
Date:	13/10/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0x5c0000
Modulesize:	49152
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Allocates memory in foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Injects a PE file into a foreign processes	HIPS / PFW / Operating System Protection Evasion	Process Injection
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	5316
Target ID:	1
Parent PID:	3652
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	23:00:59
Date:	13/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7699e0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 280 -s 1724

Details

Is windows:	true
Is dropped:	false
PID:	4080
Target ID:	5
Parent PID:	280
Name:	WerFault.exe
Path:	C:\Windows\SysWOW64\WerFault.exe
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 280 -s 1724
Size:	483680
MD5:	C31336C1EFC2CCB44B4326EA793040F2
Time:	23:01:12
Date:	13/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x1c0000
Modulesize:	499712
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
One or more processes crash	System Summary
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

enlargkiw.sbs

allocatinow.sbs

drawwyobstacw.sbs

mathcucom.sbs

https://steamcommunity.com/profiles/76561199724331900

104.102.49.254

https://vennurviot.sbs/api

104.21.46.170

https://steamcommunity.com/profiles/76561199724331900/inventory/

unknown

ehticsprocw.sbs

passimovrt.cfd

condifendteu.sbs

https://drawwyobstacw.sbs/api

188.114.96.3

https://resinedyw.sbs/api

172.67.205.156

https://passimovrt.cfd/api

104.21.28.222

https://mathcucom.sbs/api

188.114.96.3

resinedyw.sbs

vennurviot.sbs

https://condifendteu.sbs/api

172.67.141.136

https://enlargkiw.sbs/api

172.67.152.13

https://www.cloudflare.com/learning/access-management/phishing-attack/

unknown

https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp

unknown

https://mathcucom.sbs/g

unknown

https://steamcommunity.com/?subsection=broadcasts

unknown

https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=engliHh

unknown

https://sergei-esenin.com/

unknown

https://vennurviot.sbs/

unknown

https://store.steampowered.com/subscriber_agreement/

unknown

https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6

unknown

https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PA

unknown

https://resinedyw.sbs/apiq#V

unknown

http://www.valvesoftware.com/legal.htm

unknown

https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp

unknown

https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png

unknown

https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png

unknown

https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&

unknown

https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback

unknown

https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL

unknown

https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPi

unknown

https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english

unknown

https://www.cloudflare.com/learning/access-man2

unknown

http://store.steampowered.com/privacy_agreement/

unknown

https://mathcucom.sbs/apiq#V

unknown

https://store.steampowered.com/points/shop/

unknown

https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg

unknown

https://store.steampowered.com/privacy_agreement/

unknown

https://www.cloudflare.com/5xx-error-landing

unknown

https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en

unknown

https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0

unknown

https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a

unknown

https://mathcucom.sbs/

unknown

https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am

unknown

https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english

unknown

https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english

unknown

https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png

unknown

https://avatars.akamai.steamstatic

unknown

https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis

unknown

https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC

unknown

https://store.steampowered.com/about/

unknown

https://steamcommunity.com/my/wishlist/

unknown

https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english

unknown

https://community.a#h

unknown

https://help.steampowered.com/en/

unknown

https://steamcommunity.com/market/

unknown

https://store.steampowered.com/news/

unknown

https://community.akamehY

unknown

http://store.steampowered.com/subscriber_agreement/

unknown

https://allocatinow.sbs/api

unknown

https://community.akamai.steamstatic.com/public/shared/css/

unknown

https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org

unknown

https://vennurviot.sbs/&

unknown

https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1

unknown

https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en

unknown

https://passimovrt.cfd/

unknown

https://mathcucom.sbs/y#W

unknown

https://mathcucom.sbs/apiPy

unknown

https://steamcommunity.com/discussions/

unknown

https://store.steampowered.com/stats/

unknown

https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1

unknown

https://store.steampowered.com/steam_refunds/

unknown

https://resinedyw.sbs/

unknown

https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900

unknown

https://allocatinow.sbs/pi

unknown

https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jGtzAgjYROne&l=e

unknown

https://steamcommunity.com/workshop/

unknown

https://store.steampowered.com/legal/

unknown

https://mathcucom.sbs/api2

unknown

https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e

unknown

https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv

unknown

https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl

unknown

http://upx.sf.net

unknown

https://store.steampowered.com/

unknown

https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw

unknown

https://allocatinow.sbs/apir

unknown

https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif

unknown

https://resinedyw.sbs:443/api

unknown

https://allocatinow.sbs/

unknown

https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016

unknown

https://community.akamai.steamstatic.com/public/javascript/profile.

unknown

https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=bz0kMfQA

unknown

https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english

unknown

http://store.steampowered.com/account/cookiepreferences/

unknown

There are 90 hidden URLs, click here to show them.

Domains

Name

Malicious

condifendteu.sbs

172.67.141.136

steamcommunity.com

104.102.49.254

vennurviot.sbs

104.21.46.170

drawwyobstacw.sbs

188.114.96.3

mathcucom.sbs

188.114.96.3

sergei-esenin.com

104.21.53.8

passimovrt.cfd

104.21.28.222

ehticsprocw.sbs

104.21.30.221

resinedyw.sbs

172.67.205.156

enlargkiw.sbs

172.67.152.13

allocatinow.sbs

unknown

There are 1 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

104.21.53.8

sergei-esenin.com

United States

Details

IP:	104.21.53.8
TargetID:	2
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	sergei-esenin.com

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

188.114.96.3

drawwyobstacw.sbs

European Union

Details

IP:	188.114.96.3
TargetID:	2
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
Country:	European Union
Countrycode:	EU
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	drawwyobstacw.sbs

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

172.67.152.13

enlargkiw.sbs

United States

Details

IP:	172.67.152.13
TargetID:	2
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	enlargkiw.sbs

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

104.21.30.221

ehticsprocw.sbs

United States

Details

IP:	104.21.30.221
TargetID:	2
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	ehticsprocw.sbs

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

172.67.141.136

condifendteu.sbs

United States

Details

IP:	172.67.141.136
TargetID:	2
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	condifendteu.sbs

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

104.102.49.254

steamcommunity.com

United States

Details

IP:	104.102.49.254
TargetID:	2
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
Country:	United States
Countrycode:	USA
ASN number:	16625
ASN name:	AKAMAI-ASUS
Private:	false
Domain:	steamcommunity.com

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

104.21.28.222

passimovrt.cfd

United States

Details

IP:	104.21.28.222
TargetID:	2
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	passimovrt.cfd

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

172.67.205.156

resinedyw.sbs

United States

Details

IP:	172.67.205.156
TargetID:	2
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	resinedyw.sbs

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

104.21.46.170

vennurviot.sbs

United States

Details

IP:	104.21.46.170
TargetID:	2
Current Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
Country:	United States
Countrycode:	USA
ASN number:	13335
ASN name:	CLOUDFLARENETUS
Private:	false
Domain:	vennurviot.sbs

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking