Category | Machine | Started | Completed |
---|---|---|---|
URL | s1_win7_x6401 | May 28, 2023, 5:16 p.m. | May 28, 2023, 5:18 p.m. |
URL | https://accounts.google.com/v3/signin/rejected?continue=https://maps.google.com/maps/timeline?hl%3Den_US&dsh=S-200849221:1685261298961203&flowEntry=ServiceLogin&flowName=GlifWebSignIn&hl=en_US&ifkv=Af_xneFIIJtTRe58HPGFsWTtfrakqcje0cZ-433jdEP0BKZL7UPra1y0wP_zfCKeCiJgl8SSqbPJOQ&rhlk=js&rrk=47 |
---|
-
iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/v3/signin/rejected?continue=https://maps.google.com/maps/timeline?hl%3Den_US&dsh=S-200849221:1685261298961203&flowEntry=ServiceLogin&flowName=GlifWebSignIn&hl=en_US&ifkv=Af_xneFIIJtTRe58HPGFsWTtfrakqcje0cZ-433jdEP0BKZL7UPra1y0wP_zfCKeCiJgl8SSqbPJOQ&rhlk=js&rrk=47
2612-
iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2612 CREDAT:145409
2696
-
Name | Response | Post-Analysis Lookup |
---|---|---|
fonts.gstatic.com | 142.250.76.131 | |
www.gstatic.com | 172.217.161.195 | |
accounts.google.com | 172.217.25.173 | |
www.google.com | 142.250.207.100 |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.101:49164 142.250.204.109:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=accounts.google.com | 6c:c9:34:01:32:00:11:f3:7a:e2:aa:fc:7c:e3:13:17:3d:17:71:8a |
TLSv1 192.168.56.101:49167 142.250.66.35:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.gstatic.com | a3:09:cb:6c:64:76:4b:58:32:d1:21:3e:f4:65:1f:de:58:22:8f:d6 |
TLSv1 192.168.56.101:49165 142.250.204.109:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=accounts.google.com | 6c:c9:34:01:32:00:11:f3:7a:e2:aa:fc:7c:e3:13:17:3d:17:71:8a |
TLSv1 192.168.56.101:49172 172.217.24.67:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.gstatic.com | a3:09:cb:6c:64:76:4b:58:32:d1:21:3e:f4:65:1f:de:58:22:8f:d6 |
TLSv1 192.168.56.101:49170 172.217.24.67:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.gstatic.com | a3:09:cb:6c:64:76:4b:58:32:d1:21:3e:f4:65:1f:de:58:22:8f:d6 |
TLSv1 192.168.56.101:49168 142.250.66.35:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.gstatic.com | a3:09:cb:6c:64:76:4b:58:32:d1:21:3e:f4:65:1f:de:58:22:8f:d6 |
TLSv1 192.168.56.101:49176 172.217.24.67:443 |
None | None | None |
TLSv1 192.168.56.101:49174 172.217.24.67:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.gstatic.com | a3:09:cb:6c:64:76:4b:58:32:d1:21:3e:f4:65:1f:de:58:22:8f:d6 |
TLSv1 192.168.56.101:49181 142.251.220.100:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=www.google.com | 48:e3:15:66:fc:ea:15:bf:d2:34:c1:dd:60:d4:23:a3:63:57:89:8d |
TLSv1 192.168.56.101:49179 142.250.204.109:443 |
None | None | None |
TLSv1 192.168.56.101:49173 172.217.24.67:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.gstatic.com | a3:09:cb:6c:64:76:4b:58:32:d1:21:3e:f4:65:1f:de:58:22:8f:d6 |
TLSv1 192.168.56.101:49169 172.217.24.67:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.gstatic.com | a3:09:cb:6c:64:76:4b:58:32:d1:21:3e:f4:65:1f:de:58:22:8f:d6 |
TLSv1 192.168.56.101:49171 172.217.24.67:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.gstatic.com | a3:09:cb:6c:64:76:4b:58:32:d1:21:3e:f4:65:1f:de:58:22:8f:d6 |
TLSv1 192.168.56.101:49175 172.217.24.67:443 |
None | None | None |
TLSv1 192.168.56.101:49178 142.250.204.109:443 |
None | None | None |
TLSv1 192.168.56.101:49180 142.251.220.100:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=www.google.com | 48:e3:15:66:fc:ea:15:bf:d2:34:c1:dd:60:d4:23:a3:63:57:89:8d |
request | GET http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml |
request | GET https://accounts.google.com/v3/signin/rejected?continue=https://maps.google.com/maps/timeline?hl%3Den_US&dsh=S-200849221:1685261298961203&flowEntry=ServiceLogin&flowName=GlifWebSignIn&hl=en_US&ifkv=Af_xneFIIJtTRe58HPGFsWTtfrakqcje0cZ-433jdEP0BKZL7UPra1y0wP_zfCKeCiJgl8SSqbPJOQ&rhlk=js&rrk=47 |
request | GET https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.FB9bt3Boo_A.es5.O/am=BznH4QM_CP-pzj_jk8MAAAAAAAAAAAALw06C/d=1/excm=_b,_r,_tp,rejectedview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlF50LTc6xdo-R2TtLbFrnb79VTY7A/m=_b,_tp,_r |
request | GET https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff |
request | GET https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc-.woff |
request | GET https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmSU5fBBc-.woff |
request | GET https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmWUlfBBc-.woff |
request | GET https://fonts.gstatic.com/s/roboto/v18/KFOkCnqEu92Fr1MmgVxIIzQ.woff |
request | GET https://fonts.gstatic.com/s/googlesans/v14/4UaGrENHsxJlGDuGo1OIlL3Owpg.woff |
request | GET https://fonts.gstatic.com/s/googlesans/v14/4UabrENHsxJlGDuGo1OIlLU94YtzCwA.woff |
request | GET https://accounts.google.com/favicon.ico |
request | GET https://www.google.com/favicon.ico |
url | https://ssl.pstatic.net/tveta/libs/1287/1287046/6df1cc02334922baa2d4_20200806172035021.jpg |
url | https://ssl.pstatic.net/static/pwe/common/img_use_mobile_version.png |
url | http://uk.ask.com/favicon.ico |
url | https://fonts.gstatic.com/s/lato/v16/S6uyw4BMUTPHjx4wWA.woff |
url | http://crl.identrust.com/DSTROOTCAX3CRL.crl0 |
url | https://s.pstatic.net/static/newsstand/2020/logo/light/0604/477.png |
url | http://www.cnet.com/favicon.ico |
url | https://castbox.shopping.naver.com/js/lazyload.js |
url | https://s.pstatic.net/shopping.phinf/20200729_1/2931dd60-1842-4048-a39c-1e3389db4a0e.jpg |
url | http://search.hanafos.com/favicon.ico |
url | https://ssl.pstatic.net/tveta/libs/1298/1298853/743c01d46e807a376d99_20200730182507675.png |
url | https://s.pstatic.net/static/newsstand/2020/logo/light/0604/820.png |
url | http://search.livedoor.com/favicon.ico |
url | https://file-examples-com.github.io/uploads/2017/02/file-sample_1MB.doc |
url | https://s.pstatic.net/shopping.phinf/20211025_16/fb4391ad-80a4-4058-a54e-c294a35d0275.jpg?type=f214_292 |
url | http://blogimgs.naver.com/nblog/skins/happybean/bg-head.gif |
url | http://www.amazon.co.jp/ |
url | http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab |
url | http://yellowpages.superpages.com/ |
url | https://www.naver.com |
url | https://s.pstatic.net/shopping.phinf/20211028_9/adf7905c-28ea-4ddf-93b2-aa96dad57752.jpg |
url | https://s.pstatic.net/shopping.phinf/20200806_26/3cad46ab-3fa4-4756-9e01-d61372890bd0.jpg |
url | https://s.pstatic.net/dthumb.phinf/?src=%22http%3A%2F%2Fstatic.naver.net%2Fwww%2Fmobile%2Fedit%2F2020%2F0804%2Fmobile_212629657646c.jpg%22 |
url | https://my.sendinblue.com/public/theme/version4/assets/images/loader_sblue.gif |
url | https://s.pstatic.net/dthumb.phinf/?src=%22https%3A%2F%2Fs.pstatic.net%2Fstatic%2Fwww%2Fmobile%2Fedit%2F20211029_1095%2Fupload_163546934024588ZQX.jpg%22 |
url | https://ssl.pstatic.net/static/pwe/nm/sp_mail_setup_140716.png |
url | http://search.sify.com/ |
url | https://s.pstatic.net/static/newsstand/2020/logo/light/0604/410.png |
url | http://search.msn.com/results.aspx?q= |
url | https://s.pstatic.net/shopping.phinf/20200731_21/4628ed28-27dc-4586-871c-f7f22524da89.jpg?type=f214_292 |
url | https://s.pstatic.net/imgshopping/static/sb/js/sb/nclktagS01_v1.js?v=2020080314 |
url | https://ssl.pstatic.net/tveta/libs/1299/1299024/c033376e145702a0a471_20200806171156016.jpg |
url | https://fonts.googleapis.com/css?family=Open |
url | http://isrg.trustid.ocsp.identrust.com0 |
url | http://si.wikipedia.org/w/api.php?action=opensearch |
url | http://www.signatur.rtr.at/de/directory/cps.html0 |
url | http://search.ebay.fr/ |
url | https://s.pstatic.net/static/newsstand/2020/logo/light/0604/921.png |
url | https://file-examples.com/wp-content/themes/file-examples/vendor/font-awesome/fonts/fontawesome-webfont.eot? |
url | http://www.certplus.com/CRL/class3TS.crl0 |
url | https://s.pstatic.net/shopping.phinf/20200603_16/34b72b79-bb6a-40b2-b35d-ae82e0ee5115.jpg |
url | http://it.wikipedia.org/favicon.ico |
url | http://uk.ask.com/ |
url | https://fonts.gstatic.com/s/muli/v22/7Aulp_0qiz-aVz7u3PJLcUMYOFnOkEk30e4.woff |
url | https://s.pstatic.net/dthumb.phinf/?src=%22https%3A%2F%2Fs.pstatic.net%2Fstatic%2Fwww%2Fmobile%2Fedit%2F20211027_1095%2Fupload_1635293110459bqWPi.jpg%22 |
url | https://s.pstatic.net/static/www/img/uit/2020/sp_shop.4e0461.png |
url | http://blogimgs.naver.com/blog20/blog/layout_photo/viewer2/btn_right.gif |
url | http://www.google.cz/ |
url | http://search.ebay.co.uk/ |
url | https://nid.naver.com/login/ext/deviceConfirm.nhn?svctype=1 |
description | Create a windows service | rule | Create_Service | ||||||
description | Communication using DGA | rule | Network_DGA | ||||||
description | Communications over RAW Socket | rule | Network_TCP_Socket | ||||||
description | Communications use DNS | rule | Network_DNS | ||||||
description | Hijack network configuration | rule | Hijack_Network | ||||||
description | Code injection with CreateRemoteThread in a remote process | rule | Code_injection | ||||||
description | Communications over HTTP | rule | Network_HTTP | ||||||
description | PWS Memory | rule | Generic_PWS_Memory_Zero | ||||||
description | Record Audio | rule | Sniff_Audio | ||||||
description | Steal credential | rule | local_credential_Steal | ||||||
description | Match Windows Http API call | rule | Str_Win32_Http_API | ||||||
description | Communications over P2P network | rule | Network_P2P_Win | ||||||
description | Match Windows Inet API call | rule | Str_Win32_Internet_API | ||||||
description | Escalate priviledges | rule | Escalate_priviledges | ||||||
description | File Downloader | rule | Network_Downloader | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerCheck__RemoteAPI | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | DebuggerException__ConsoleCtrl | ||||||
description | (no description) | rule | DebuggerException__SetConsoleCtrl | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | (no description) | rule | Check_Dlls | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Anti-Sandbox checks for ThreatExpert | rule | antisb_threatExpert | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Affect hook table | rule | win_hook | ||||||
description | Install itself for autorun at Windows startup | rule | Persistence | ||||||
description | Communications over FTP | rule | Network_FTP | ||||||
description | Run a KeyLogger | rule | KeyLogger | ||||||
description | Take ScreenShot | rule | ScreenShot | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Create a windows service | rule | Create_Service | ||||||
description | Communication using DGA | rule | Network_DGA | ||||||
description | Communications over RAW Socket | rule | Network_TCP_Socket | ||||||
description | Communications use DNS | rule | Network_DNS | ||||||
description | Hijack network configuration | rule | Hijack_Network | ||||||
description | Code injection with CreateRemoteThread in a remote process | rule | Code_injection | ||||||
description | Communications over HTTP | rule | Network_HTTP | ||||||
description | PWS Memory | rule | Generic_PWS_Memory_Zero | ||||||
description | Record Audio | rule | Sniff_Audio |
cmdline | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2612 CREDAT:145409 |
host | 117.18.232.200 |