Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Jan. 17, 2024, 3:13 p.m. | Jan. 17, 2024, 3:16 p.m. |
-
-
-
iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1820 CREDAT:145409
2124
-
-
chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" https://accounts.google.com
2832-
chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0xb0,0xb4,0xb8,0x84,0xbc,0x7fef2d06e00,0x7fef2d06e10,0x7fef2d06e20
2988
-
-
-
-
crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\1pfa5s83.default-release\minidumps\0bc9a49d-6448-4f0a-8606-cf988ff772b1.dmp"
2296-
minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\1pfa5s83.default-release\minidumps\0bc9a49d-6448-4f0a-8606-cf988ff772b1.dmp"
2780 -
-
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
772
-
-
-
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
3028
-
-
-
-
-
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.103:49169 157.240.215.14:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=*.facebook.com | 29:12:1f:fa:41:f6:0a:78:9c:f1:97:5a:43:e9:d8:b5:c2:d6:85:f5 |
TLSv1 192.168.56.103:49166 157.240.215.35:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=*.facebook.com | 29:12:1f:fa:41:f6:0a:78:9c:f1:97:5a:43:e9:d8:b5:c2:d6:85:f5 |
TLSv1 192.168.56.103:49165 157.240.215.35:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=*.facebook.com | 29:12:1f:fa:41:f6:0a:78:9c:f1:97:5a:43:e9:d8:b5:c2:d6:85:f5 |
TLSv1 192.168.56.103:49171 157.240.215.14:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=*.facebook.com | 29:12:1f:fa:41:f6:0a:78:9c:f1:97:5a:43:e9:d8:b5:c2:d6:85:f5 |
TLSv1 192.168.56.103:49170 157.240.215.14:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=*.facebook.com | 29:12:1f:fa:41:f6:0a:78:9c:f1:97:5a:43:e9:d8:b5:c2:d6:85:f5 |
TLSv1 192.168.56.103:49173 157.240.215.14:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=*.facebook.com | 29:12:1f:fa:41:f6:0a:78:9c:f1:97:5a:43:e9:d8:b5:c2:d6:85:f5 |
TLSv1 192.168.56.103:49175 157.240.215.14:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=*.facebook.com | 29:12:1f:fa:41:f6:0a:78:9c:f1:97:5a:43:e9:d8:b5:c2:d6:85:f5 |
TLSv1 192.168.56.103:49174 157.240.215.14:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=*.facebook.com | 29:12:1f:fa:41:f6:0a:78:9c:f1:97:5a:43:e9:d8:b5:c2:d6:85:f5 |
TLSv1 192.168.56.103:49172 157.240.215.14:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=*.facebook.com | 29:12:1f:fa:41:f6:0a:78:9c:f1:97:5a:43:e9:d8:b5:c2:d6:85:f5 |
TLSv1 192.168.56.103:49179 157.240.215.35:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=fbcdn.net | e1:b5:47:7b:aa:89:cf:ef:84:ea:87:3a:8e:d0:cd:a8:cd:5f:55:8b |
TLSv1 192.168.56.103:49177 157.240.215.35:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=*.facebook.com | 29:12:1f:fa:41:f6:0a:78:9c:f1:97:5a:43:e9:d8:b5:c2:d6:85:f5 |
TLSv1 192.168.56.103:49178 157.240.215.35:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=fbcdn.net | e1:b5:47:7b:aa:89:cf:ef:84:ea:87:3a:8e:d0:cd:a8:cd:5f:55:8b |
TLSv1 192.168.56.103:49176 157.240.215.35:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=*.facebook.com | 29:12:1f:fa:41:f6:0a:78:9c:f1:97:5a:43:e9:d8:b5:c2:d6:85:f5 |
TLSv1 192.168.56.103:49182 157.240.215.14:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=*.facebook.com | 29:12:1f:fa:41:f6:0a:78:9c:f1:97:5a:43:e9:d8:b5:c2:d6:85:f5 |
TLSv1 192.168.56.103:49181 157.240.215.35:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=fbcdn.net | e1:b5:47:7b:aa:89:cf:ef:84:ea:87:3a:8e:d0:cd:a8:cd:5f:55:8b |
TLSv1 192.168.56.103:49180 157.240.215.35:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=fbcdn.net | e1:b5:47:7b:aa:89:cf:ef:84:ea:87:3a:8e:d0:cd:a8:cd:5f:55:8b |
TLSv1 192.168.56.103:49183 157.240.215.14:443 |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=*.facebook.com | 29:12:1f:fa:41:f6:0a:78:9c:f1:97:5a:43:e9:d8:b5:c2:d6:85:f5 |
TLSv1 192.168.56.103:49203 52.13.80.180:443 |
C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1 | C=US, ST=California, L=San Francisco, O=Mozilla Corporation, CN=crash-stats.mozilla.com | 8c:af:bf:74:bc:60:0d:b5:d4:0e:6a:71:5c:1d:51:a6:56:d4:fb:d3 |
TLSv1 192.168.56.103:49206 52.13.80.180:443 |
None | None | None |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
file | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
file | C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe\PATH |
registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe |
suspicious_features | POST method with no referer header | suspicious_request | POST https://crash-reports.mozilla.com/submit?id={ec8030f7-c20a-464f-9b0e-13a3a9e97384}&version=105.0.1&buildid=20220922151854 |
request | GET http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml |
request | GET https://static.xx.fbcdn.net/rsrc.php/v3/y2/l/0,cross/7_6o7HJ05F8.css?_nc_x=Ij3Wp8lg5Kz |
request | GET https://static.xx.fbcdn.net/rsrc.php/v3/ya/l/0,cross/EQ0cyse2DGv.css?_nc_x=Ij3Wp8lg5Kz |
request | GET https://static.xx.fbcdn.net/rsrc.php/v3/yr/l/0,cross/wMc7fNlPdnA.css?_nc_x=Ij3Wp8lg5Kz |
request | GET https://static.xx.fbcdn.net/rsrc.php/v3/yb/r/S-jgxi6wsFP.js?_nc_x=Ij3Wp8lg5Kz |
request | GET https://static.xx.fbcdn.net/rsrc.php/v3/yV/l/0,cross/om552iOCRxJ.css?_nc_x=Ij3Wp8lg5Kz |
request | GET https://static.xx.fbcdn.net/rsrc.php/v3/y5/l/0,cross/QoWVNltU_ZO.css?_nc_x=Ij3Wp8lg5Kz |
request | GET https://static.xx.fbcdn.net/rsrc.php/y1/r/4lCu2zih0ca.svg |
request | GET https://facebook.com/security/hsts-pixel.gif?c=3.2.5 |
request | GET https://static.xx.fbcdn.net/rsrc.php/v3/yE/r/xGzxHIbkRpC.js?_nc_x=Ij3Wp8lg5Kz |
request | GET https://fbcdn.net/security/hsts-pixel.gif?c=2.5 |
request | GET https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/O7nelmd9XSI.png |
request | GET https://static.xx.fbcdn.net/rsrc.php/v3/yB/r/Y0L6f5sxdIV.png |
request | GET https://fbsbx.com/security/hsts-pixel.gif?c=5 |
request | GET https://static.xx.fbcdn.net/rsrc.php/v3/yK/r/Lzd-U--zeLf.js?_nc_x=Ij3Wp8lg5Kz |
request | GET https://connect.facebook.net/security/hsts-pixel.gif |
request | GET https://www.facebook.com/favicon.ico |
request | POST https://crash-reports.mozilla.com/submit?id={ec8030f7-c20a-464f-9b0e-13a3a9e97384}&version=105.0.1&buildid=20220922151854 |
request | POST https://crash-reports.mozilla.com/submit?id={ec8030f7-c20a-464f-9b0e-13a3a9e97384}&version=105.0.1&buildid=20220922151854 |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-spare.pma |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Last Version |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Policy\User Policy |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-65A78308-B10.pma |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\First Run |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\reports |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\reports\120fb2d2-4a11-4e3d-a97a-82a118d0d956.dmp |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\metadata |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0 |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1 |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_2 |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_3 |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\S-jgxi6wsFP[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\xGzxHIbkRpC[1].js |
url | https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%SYSTEM_CAPABILITIES%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml |
url | https://crash-reports.mozilla.com/submit?id= |
url | https://hg.mozilla.org/releases/mozilla-release/rev/92187d03adde4b31daef292087a266f10121379c |
description | Code injection with CreateRemoteThread in a remote process | rule | Code_injection | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Code injection with CreateRemoteThread in a remote process | rule | Code_injection | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Code injection with CreateRemoteThread in a remote process | rule | Code_injection | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Code injection with CreateRemoteThread in a remote process | rule | Code_injection | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep |
cmdline | "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1820 CREDAT:145409 |
cmdline | "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome |
host | 117.18.232.200 |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob |
process | iexplore.exe | useragent | Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) | ||||||
process | crashreporter.exe | useragent | Breakpad/1.0 (Windows) |
parent_process | firefox.exe | martian_process | "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com | ||||||
parent_process | firefox.exe | martian_process | "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com | ||||||
parent_process | firefox.exe | martian_process | "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com | ||||||
parent_process | chrome.exe | martian_process | "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0xb0,0xb4,0xb8,0x84,0xbc,0x7fef2d06e00,0x7fef2d06e10,0x7fef2d06e20 | ||||||
parent_process | chrome.exe | martian_process | "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1020,2745255426846950659,893974611208261184,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1036 /prefetch:2 | ||||||
parent_process | firefox.exe | martian_process | "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\1pfa5s83.default-release\minidumps\0bc9a49d-6448-4f0a-8606-cf988ff772b1.dmp" |
file | C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\1pfa5s83.default-release\parent.lock |
file | C:\Users\test22\AppData\Local\Temp\firefox\parent.lock |