Windows
Analysis Report
PDF.shtml
Overview
General Information
Detection
Score: | 52 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 1380 cmdline:
C:\Program Files\Goo gle\Chrome \Applicati on\chrome. exe" --st art-maximi zed "about :blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408) - chrome.exe (PID: 2772 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =1944 --fi eld-trial- handle=180 0,i,613299 5491582703 289,796167 8720532763 080,131072 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionTarget Prediction /prefetch :8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
- chrome.exe (PID: 6412 cmdline:
C:\Program Files\Goo gle\Chrome \Applicati on\chrome. exe" "C:\U sers\user\ Desktop\PD F.shtml MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_HtmlPhish_45 | Yara detected HtmlPhish_45 | Joe Security |
Click to jump to signature section
Phishing |
---|
Source: | File source: |
Source: | Matcher: | ||
Source: | Matcher: |
Source: | Directory created: | Jump to behavior |
Source: | HTTPS traffic detected: |
Source: | JA3 fingerprint: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | File created: | Jump to behavior |
Source: | Window detected: |
Source: | Directory created: | Jump to behavior |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 2 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 3 Non-Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 4 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 1 Ingress Tool Transfer | SIM Card Swap | Carrier Billing Fraud |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
cryptosaursnft.com | 146.59.209.152 | true | false |
| unknown |
accounts.google.com | 172.217.168.45 | true | false | high | |
cdnjs.cloudflare.com | 104.17.25.14 | true | false | high | |
maxcdn.bootstrapcdn.com | 104.18.10.207 | true | false | high | |
part-0032.t-0009.t-msedge.net | 13.107.246.60 | true | false |
| unknown |
www.google.com | 172.217.168.36 | true | false | high | |
cs1227.wpc.alphacdn.net | 192.229.221.185 | true | false |
| unknown |
clients.l.google.com | 142.250.203.110 | true | false | high | |
part-0032.t-0009.fbs1-t-msedge.net | 13.107.219.60 | true | false |
| unknown |
c.s-microsoft.com | unknown | unknown | false | high | |
clients2.google.com | unknown | unknown | false | high | |
code.jquery.com | unknown | unknown | false | high | |
cdn.jsdelivr.net | unknown | unknown | false | high | |
assets.onestore.ms | unknown | unknown | false | unknown | |
i.s-microsoft.com | unknown | unknown | false | high | |
ajax.aspnetcdn.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true | low | ||
false | high | ||
false | high | ||
false | high | ||
false |
| unknown | |
false |
| unknown | |
false | high | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
13.107.219.60 | part-0032.t-0009.fbs1-t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
104.18.10.207 | maxcdn.bootstrapcdn.com | United States | 13335 | CLOUDFLARENETUS | false | |
142.250.203.110 | clients.l.google.com | United States | 15169 | GOOGLEUS | false | |
146.59.209.152 | cryptosaursnft.com | Norway | 16276 | OVHFR | false | |
172.217.168.45 | accounts.google.com | United States | 15169 | GOOGLEUS | false | |
172.217.168.36 | www.google.com | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
192.229.221.185 | cs1227.wpc.alphacdn.net | United States | 15133 | EDGECASTUS | false | |
104.17.25.14 | cdnjs.cloudflare.com | United States | 13335 | CLOUDFLARENETUS | false |
IP |
---|
192.168.2.1 |
127.0.0.1 |
Joe Sandbox Version: | 36.0.0 Rainbow Opal |
Analysis ID: | 756145 |
Start date and time: | 2022-11-29 17:40:53 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 7m 8s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | PDF.shtml |
Cookbook file name: | defaultwindowshtmlcookbook.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal52.phis.winSHTML@33/0@15/11 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, conhost.exe, WmiPrvSE.exe
- TCP Packets have been reduced to 100
- Excluded IPs from analysis (whitelisted): 172.217.168.67, 34.104.35.123, 104.16.89.20, 104.16.88.20, 104.16.85.20, 104.16.87.20, 104.16.86.20, 69.16.175.10, 69.16.175.42, 23.211.5.92, 152.199.19.160, 80.67.82.225, 80.67.82.226, 23.213.165.249, 23.50.109.91, 80.67.82.235, 80.67.82.211, 80.67.82.242, 23.50.97.161, 172.217.168.35
- Excluded domains from analysis (whitelisted): logincdn.msauth.net, account.microsoft.com, cdn.jsdelivr.net.cdn.cloudflare.net, cds.s5x3j6q5.hwcdn.net, mwf-service.akamaized.net, assets.onestore.ms.edgekey.net, e9412.b.akamaiedge.net, e13678.dscb.akamaiedge.net, clientservices.googleapis.com, i.s-microsoft.com.edgekey.net, a1449.dscg2.akamai.net, www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net, a1945.g2.akamai.net, www.microsoft.com-c-3.edgekey.net, mscomajax.vo.msecnd.net, update.googleapis.com, statics-marketingsites-eus-ms-com.akamaized.net, img-prod-cms-rt-microsoft-com.akamaized.net, www.gstatic.com, global-entry-afdthirdparty-fallback.trafficmanager.net, e10583.dspg.akamaiedge.net, client.wns.windows.com, aadcdnoriginwus2.azureedge.net, cs22.wpc.v0cdn.net, account.microsoft.com.edgekey.net, lgincdnvzeuno.ec.azureedge.net, ctldl.windowsupdate.com, aadcdn.msauth.net, assets.onestore.ms.akadns.net, firstparty-azurefd-prod.trafficmanager.net, lgincdnvzeuno.azureedge.net, c-s.cms.ms.akadns.net, edged
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtWriteVirtualMemory calls found.
File type: | |
Entropy (8bit): | 3.5343220138175173 |
TrID: |
|
File name: | PDF.shtml |
File size: | 10839 |
MD5: | bc087e3bee347cf72d1d098ac0217ad3 |
SHA1: | 25ca68af27719867d3ae9ec4af84a7fa481a8800 |
SHA256: | 6480bae314fd0166ea5d47f7101269ad891ff2768ab36506c1b899372a74442d |
SHA512: | 73f964af24ac8f521808f2583140b1317d5edf1b765549161a56f8802241c2fd7c31d955fd483e275a34784f051f602a168dea7029ff9858f982c41ab2595737 |
SSDEEP: | 192:JgP2EXwr87lNYAWUDq2Br+HOeKpGfjk6Pke8kQxPFeGkw3yOS:JgJwr8JNqUDq2BaHOZp8k6Pke8kQxPFO |
TLSH: | B7225DB87E26FDAF14938485780649BA18EBC244E10D648C75CC1E9CE2ECEF65F9D2C5 |
File Content Preview: | <html> <script> let arrayBuffer = [0xa0,0x8e,0xd0,0x60,0xc4,0xae,0xee,0x56,0x86,0xd4,0xf0,0xde,0xb4,0xae,0x8c,0xd6,0xa0,0xce,0xde,0x70,0x98,0x64,0xd0,0xd8,0xb2,0xae,0xa2,0x56,0x86,0xd4,0xf0,0xd2,0xc4,0x64,0xa4,0x6a,0xa0,0xce,0xde,0x70,0xb4,0x8e,0xd8,0x64, |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 29, 2022 17:41:49.118489027 CET | 49707 | 443 | 192.168.2.5 | 142.250.203.110 |
Nov 29, 2022 17:41:49.118551970 CET | 443 | 49707 | 142.250.203.110 | 192.168.2.5 |
Nov 29, 2022 17:41:49.118652105 CET | 49707 | 443 | 192.168.2.5 | 142.250.203.110 |
Nov 29, 2022 17:41:49.119158983 CET | 49707 | 443 | 192.168.2.5 | 142.250.203.110 |
Nov 29, 2022 17:41:49.119190931 CET | 443 | 49707 | 142.250.203.110 | 192.168.2.5 |
Nov 29, 2022 17:41:49.119961977 CET | 49708 | 443 | 192.168.2.5 | 172.217.168.45 |
Nov 29, 2022 17:41:49.120035887 CET | 443 | 49708 | 172.217.168.45 | 192.168.2.5 |
Nov 29, 2022 17:41:49.120116949 CET | 49708 | 443 | 192.168.2.5 | 172.217.168.45 |
Nov 29, 2022 17:41:49.120397091 CET | 49708 | 443 | 192.168.2.5 | 172.217.168.45 |
Nov 29, 2022 17:41:49.120446920 CET | 443 | 49708 | 172.217.168.45 | 192.168.2.5 |
Nov 29, 2022 17:41:49.198702097 CET | 443 | 49707 | 142.250.203.110 | 192.168.2.5 |
Nov 29, 2022 17:41:49.200377941 CET | 443 | 49708 | 172.217.168.45 | 192.168.2.5 |
Nov 29, 2022 17:41:49.206417084 CET | 49708 | 443 | 192.168.2.5 | 172.217.168.45 |
Nov 29, 2022 17:41:49.206443071 CET | 443 | 49708 | 172.217.168.45 | 192.168.2.5 |
Nov 29, 2022 17:41:49.206734896 CET | 49707 | 443 | 192.168.2.5 | 142.250.203.110 |
Nov 29, 2022 17:41:49.206809044 CET | 443 | 49707 | 142.250.203.110 | 192.168.2.5 |
Nov 29, 2022 17:41:49.207519054 CET | 443 | 49707 | 142.250.203.110 | 192.168.2.5 |
Nov 29, 2022 17:41:49.207638979 CET | 49707 | 443 | 192.168.2.5 | 142.250.203.110 |
Nov 29, 2022 17:41:49.208462000 CET | 443 | 49707 | 142.250.203.110 | 192.168.2.5 |
Nov 29, 2022 17:41:49.208548069 CET | 49707 | 443 | 192.168.2.5 | 142.250.203.110 |
Nov 29, 2022 17:41:49.208878040 CET | 443 | 49708 | 172.217.168.45 | 192.168.2.5 |
Nov 29, 2022 17:41:49.208961964 CET | 49708 | 443 | 192.168.2.5 | 172.217.168.45 |
Nov 29, 2022 17:41:50.556967974 CET | 49708 | 443 | 192.168.2.5 | 172.217.168.45 |
Nov 29, 2022 17:41:50.557044983 CET | 443 | 49708 | 172.217.168.45 | 192.168.2.5 |
Nov 29, 2022 17:41:50.557391882 CET | 49708 | 443 | 192.168.2.5 | 172.217.168.45 |
Nov 29, 2022 17:41:50.557404041 CET | 443 | 49708 | 172.217.168.45 | 192.168.2.5 |
Nov 29, 2022 17:41:50.557441950 CET | 443 | 49708 | 172.217.168.45 | 192.168.2.5 |
Nov 29, 2022 17:41:50.557666063 CET | 49707 | 443 | 192.168.2.5 | 142.250.203.110 |
Nov 29, 2022 17:41:50.557712078 CET | 443 | 49707 | 142.250.203.110 | 192.168.2.5 |
Nov 29, 2022 17:41:50.557841063 CET | 49707 | 443 | 192.168.2.5 | 142.250.203.110 |
Nov 29, 2022 17:41:50.557859898 CET | 443 | 49707 | 142.250.203.110 | 192.168.2.5 |
Nov 29, 2022 17:41:50.558042049 CET | 443 | 49707 | 142.250.203.110 | 192.168.2.5 |
Nov 29, 2022 17:41:50.594125986 CET | 443 | 49707 | 142.250.203.110 | 192.168.2.5 |
Nov 29, 2022 17:41:50.594291925 CET | 49707 | 443 | 192.168.2.5 | 142.250.203.110 |
Nov 29, 2022 17:41:50.594341040 CET | 443 | 49707 | 142.250.203.110 | 192.168.2.5 |
Nov 29, 2022 17:41:50.594374895 CET | 443 | 49707 | 142.250.203.110 | 192.168.2.5 |
Nov 29, 2022 17:41:50.594475985 CET | 49707 | 443 | 192.168.2.5 | 142.250.203.110 |
Nov 29, 2022 17:41:50.596978903 CET | 49707 | 443 | 192.168.2.5 | 142.250.203.110 |
Nov 29, 2022 17:41:50.597012997 CET | 443 | 49707 | 142.250.203.110 | 192.168.2.5 |
Nov 29, 2022 17:41:50.615520954 CET | 443 | 49708 | 172.217.168.45 | 192.168.2.5 |
Nov 29, 2022 17:41:50.615751028 CET | 49708 | 443 | 192.168.2.5 | 172.217.168.45 |
Nov 29, 2022 17:41:50.615792036 CET | 443 | 49708 | 172.217.168.45 | 192.168.2.5 |
Nov 29, 2022 17:41:50.615854025 CET | 443 | 49708 | 172.217.168.45 | 192.168.2.5 |
Nov 29, 2022 17:41:50.616102934 CET | 49708 | 443 | 192.168.2.5 | 172.217.168.45 |
Nov 29, 2022 17:41:50.624654055 CET | 49708 | 443 | 192.168.2.5 | 172.217.168.45 |
Nov 29, 2022 17:41:50.624706030 CET | 443 | 49708 | 172.217.168.45 | 192.168.2.5 |
Nov 29, 2022 17:41:51.635432005 CET | 49710 | 443 | 192.168.2.5 | 146.59.209.152 |
Nov 29, 2022 17:41:51.635497093 CET | 443 | 49710 | 146.59.209.152 | 192.168.2.5 |
Nov 29, 2022 17:41:51.635587931 CET | 49710 | 443 | 192.168.2.5 | 146.59.209.152 |
Nov 29, 2022 17:41:51.635871887 CET | 49710 | 443 | 192.168.2.5 | 146.59.209.152 |
Nov 29, 2022 17:41:51.635888100 CET | 443 | 49710 | 146.59.209.152 | 192.168.2.5 |
Nov 29, 2022 17:41:51.714183092 CET | 443 | 49710 | 146.59.209.152 | 192.168.2.5 |
Nov 29, 2022 17:41:51.714591026 CET | 49710 | 443 | 192.168.2.5 | 146.59.209.152 |
Nov 29, 2022 17:41:51.714648008 CET | 443 | 49710 | 146.59.209.152 | 192.168.2.5 |
Nov 29, 2022 17:41:51.715908051 CET | 443 | 49710 | 146.59.209.152 | 192.168.2.5 |
Nov 29, 2022 17:41:51.716022968 CET | 49710 | 443 | 192.168.2.5 | 146.59.209.152 |
Nov 29, 2022 17:41:51.728634119 CET | 49710 | 443 | 192.168.2.5 | 146.59.209.152 |
Nov 29, 2022 17:41:51.728666067 CET | 443 | 49710 | 146.59.209.152 | 192.168.2.5 |
Nov 29, 2022 17:41:51.728935003 CET | 443 | 49710 | 146.59.209.152 | 192.168.2.5 |
Nov 29, 2022 17:41:51.729218006 CET | 49710 | 443 | 192.168.2.5 | 146.59.209.152 |
Nov 29, 2022 17:41:51.729250908 CET | 443 | 49710 | 146.59.209.152 | 192.168.2.5 |
Nov 29, 2022 17:41:51.832236052 CET | 49710 | 443 | 192.168.2.5 | 146.59.209.152 |
Nov 29, 2022 17:41:52.749449015 CET | 49712 | 443 | 192.168.2.5 | 172.217.168.36 |
Nov 29, 2022 17:41:52.749520063 CET | 443 | 49712 | 172.217.168.36 | 192.168.2.5 |
Nov 29, 2022 17:41:52.749634027 CET | 49712 | 443 | 192.168.2.5 | 172.217.168.36 |
Nov 29, 2022 17:41:52.749897957 CET | 49712 | 443 | 192.168.2.5 | 172.217.168.36 |
Nov 29, 2022 17:41:52.749994040 CET | 443 | 49712 | 172.217.168.36 | 192.168.2.5 |
Nov 29, 2022 17:41:52.780231953 CET | 443 | 49710 | 146.59.209.152 | 192.168.2.5 |
Nov 29, 2022 17:41:52.780273914 CET | 443 | 49710 | 146.59.209.152 | 192.168.2.5 |
Nov 29, 2022 17:41:52.780405045 CET | 49710 | 443 | 192.168.2.5 | 146.59.209.152 |
Nov 29, 2022 17:41:52.780426979 CET | 443 | 49710 | 146.59.209.152 | 192.168.2.5 |
Nov 29, 2022 17:41:52.780519009 CET | 443 | 49710 | 146.59.209.152 | 192.168.2.5 |
Nov 29, 2022 17:41:52.780529976 CET | 443 | 49710 | 146.59.209.152 | 192.168.2.5 |
Nov 29, 2022 17:41:52.780610085 CET | 49710 | 443 | 192.168.2.5 | 146.59.209.152 |
Nov 29, 2022 17:41:52.780621052 CET | 443 | 49710 | 146.59.209.152 | 192.168.2.5 |
Nov 29, 2022 17:41:52.808851957 CET | 443 | 49710 | 146.59.209.152 | 192.168.2.5 |
Nov 29, 2022 17:41:52.808877945 CET | 443 | 49710 | 146.59.209.152 | 192.168.2.5 |
Nov 29, 2022 17:41:52.808969021 CET | 49710 | 443 | 192.168.2.5 | 146.59.209.152 |
Nov 29, 2022 17:41:52.809010983 CET | 443 | 49710 | 146.59.209.152 | 192.168.2.5 |
Nov 29, 2022 17:41:52.809034109 CET | 49710 | 443 | 192.168.2.5 | 146.59.209.152 |
Nov 29, 2022 17:41:52.809040070 CET | 443 | 49710 | 146.59.209.152 | 192.168.2.5 |
Nov 29, 2022 17:41:52.809057951 CET | 443 | 49710 | 146.59.209.152 | 192.168.2.5 |
Nov 29, 2022 17:41:52.809103012 CET | 49710 | 443 | 192.168.2.5 | 146.59.209.152 |
Nov 29, 2022 17:41:52.809123993 CET | 443 | 49710 | 146.59.209.152 | 192.168.2.5 |
Nov 29, 2022 17:41:52.809153080 CET | 49710 | 443 | 192.168.2.5 | 146.59.209.152 |
Nov 29, 2022 17:41:52.809159040 CET | 443 | 49710 | 146.59.209.152 | 192.168.2.5 |
Nov 29, 2022 17:41:52.809175014 CET | 49710 | 443 | 192.168.2.5 | 146.59.209.152 |
Nov 29, 2022 17:41:52.809189081 CET | 443 | 49710 | 146.59.209.152 | 192.168.2.5 |
Nov 29, 2022 17:41:52.809241056 CET | 49710 | 443 | 192.168.2.5 | 146.59.209.152 |
Nov 29, 2022 17:41:52.809256077 CET | 443 | 49710 | 146.59.209.152 | 192.168.2.5 |
Nov 29, 2022 17:41:52.809274912 CET | 443 | 49710 | 146.59.209.152 | 192.168.2.5 |
Nov 29, 2022 17:41:52.809319019 CET | 49710 | 443 | 192.168.2.5 | 146.59.209.152 |
Nov 29, 2022 17:41:52.809357882 CET | 443 | 49710 | 146.59.209.152 | 192.168.2.5 |
Nov 29, 2022 17:41:52.809417963 CET | 49710 | 443 | 192.168.2.5 | 146.59.209.152 |
Nov 29, 2022 17:41:52.809433937 CET | 443 | 49710 | 146.59.209.152 | 192.168.2.5 |
Nov 29, 2022 17:41:52.809493065 CET | 49710 | 443 | 192.168.2.5 | 146.59.209.152 |
Nov 29, 2022 17:41:52.818711042 CET | 443 | 49712 | 172.217.168.36 | 192.168.2.5 |
Nov 29, 2022 17:41:52.819118023 CET | 49712 | 443 | 192.168.2.5 | 172.217.168.36 |
Nov 29, 2022 17:41:52.819201946 CET | 443 | 49712 | 172.217.168.36 | 192.168.2.5 |
Nov 29, 2022 17:41:52.820386887 CET | 443 | 49712 | 172.217.168.36 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 29, 2022 17:41:49.048463106 CET | 61452 | 53 | 192.168.2.5 | 8.8.8.8 |
Nov 29, 2022 17:41:49.049160004 CET | 65323 | 53 | 192.168.2.5 | 8.8.8.8 |
Nov 29, 2022 17:41:49.068820953 CET | 53 | 65323 | 8.8.8.8 | 192.168.2.5 |
Nov 29, 2022 17:41:49.076531887 CET | 53 | 61452 | 8.8.8.8 | 192.168.2.5 |
Nov 29, 2022 17:41:51.522068024 CET | 63446 | 53 | 192.168.2.5 | 8.8.8.8 |
Nov 29, 2022 17:41:51.569483042 CET | 53 | 63446 | 8.8.8.8 | 192.168.2.5 |
Nov 29, 2022 17:41:52.730123997 CET | 59220 | 53 | 192.168.2.5 | 8.8.8.8 |
Nov 29, 2022 17:41:52.747780085 CET | 53 | 59220 | 8.8.8.8 | 192.168.2.5 |
Nov 29, 2022 17:41:53.021186113 CET | 55068 | 53 | 192.168.2.5 | 8.8.8.8 |
Nov 29, 2022 17:41:53.027522087 CET | 56682 | 53 | 192.168.2.5 | 8.8.8.8 |
Nov 29, 2022 17:41:53.030486107 CET | 58532 | 53 | 192.168.2.5 | 8.8.8.8 |
Nov 29, 2022 17:41:53.042660952 CET | 53 | 55068 | 8.8.8.8 | 192.168.2.5 |
Nov 29, 2022 17:41:54.559408903 CET | 56263 | 53 | 192.168.2.5 | 8.8.8.8 |
Nov 29, 2022 17:41:54.579490900 CET | 53 | 56263 | 8.8.8.8 | 192.168.2.5 |
Nov 29, 2022 17:42:10.504389048 CET | 53823 | 53 | 192.168.2.5 | 8.8.8.8 |
Nov 29, 2022 17:42:10.535566092 CET | 49579 | 53 | 192.168.2.5 | 8.8.8.8 |
Nov 29, 2022 17:42:10.537444115 CET | 61293 | 53 | 192.168.2.5 | 8.8.8.8 |
Nov 29, 2022 17:42:22.339097977 CET | 57482 | 53 | 192.168.2.5 | 8.8.8.8 |
Nov 29, 2022 17:42:34.760057926 CET | 52892 | 53 | 192.168.2.5 | 8.8.8.8 |
Nov 29, 2022 17:42:52.786981106 CET | 63938 | 53 | 192.168.2.5 | 8.8.8.8 |
Nov 29, 2022 17:42:52.828217030 CET | 53 | 63938 | 8.8.8.8 | 192.168.2.5 |
Nov 29, 2022 17:43:52.858491898 CET | 54940 | 53 | 192.168.2.5 | 8.8.8.8 |
Nov 29, 2022 17:43:52.875502110 CET | 53 | 54940 | 8.8.8.8 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Nov 29, 2022 17:41:49.048463106 CET | 192.168.2.5 | 8.8.8.8 | 0xde24 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 29, 2022 17:41:49.049160004 CET | 192.168.2.5 | 8.8.8.8 | 0x3911 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 29, 2022 17:41:51.522068024 CET | 192.168.2.5 | 8.8.8.8 | 0x53f0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 29, 2022 17:41:52.730123997 CET | 192.168.2.5 | 8.8.8.8 | 0x9e15 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 29, 2022 17:41:53.021186113 CET | 192.168.2.5 | 8.8.8.8 | 0x11c1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 29, 2022 17:41:53.027522087 CET | 192.168.2.5 | 8.8.8.8 | 0x9a09 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 29, 2022 17:41:53.030486107 CET | 192.168.2.5 | 8.8.8.8 | 0xc43d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 29, 2022 17:41:54.559408903 CET | 192.168.2.5 | 8.8.8.8 | 0x5d07 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 29, 2022 17:42:10.504389048 CET | 192.168.2.5 | 8.8.8.8 | 0xdd5d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 29, 2022 17:42:10.535566092 CET | 192.168.2.5 | 8.8.8.8 | 0x63b0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 29, 2022 17:42:10.537444115 CET | 192.168.2.5 | 8.8.8.8 | 0x944a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 29, 2022 17:42:22.339097977 CET | 192.168.2.5 | 8.8.8.8 | 0x99b6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 29, 2022 17:42:34.760057926 CET | 192.168.2.5 | 8.8.8.8 | 0xca74 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 29, 2022 17:42:52.786981106 CET | 192.168.2.5 | 8.8.8.8 | 0x1fd4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 29, 2022 17:43:52.858491898 CET | 192.168.2.5 | 8.8.8.8 | 0xedb7 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Nov 29, 2022 17:41:49.068820953 CET | 8.8.8.8 | 192.168.2.5 | 0x3911 | No error (0) | 172.217.168.45 | A (IP address) | IN (0x0001) | false | ||
Nov 29, 2022 17:41:49.076531887 CET | 8.8.8.8 | 192.168.2.5 | 0xde24 | No error (0) | clients.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 29, 2022 17:41:49.076531887 CET | 8.8.8.8 | 192.168.2.5 | 0xde24 | No error (0) | 142.250.203.110 | A (IP address) | IN (0x0001) | false | ||
Nov 29, 2022 17:41:51.569483042 CET | 8.8.8.8 | 192.168.2.5 | 0x53f0 | No error (0) | 146.59.209.152 | A (IP address) | IN (0x0001) | false | ||
Nov 29, 2022 17:41:52.747780085 CET | 8.8.8.8 | 192.168.2.5 | 0x9e15 | No error (0) | 172.217.168.36 | A (IP address) | IN (0x0001) | false | ||
Nov 29, 2022 17:41:53.042660952 CET | 8.8.8.8 | 192.168.2.5 | 0x11c1 | No error (0) | 104.18.10.207 | A (IP address) | IN (0x0001) | false | ||
Nov 29, 2022 17:41:53.042660952 CET | 8.8.8.8 | 192.168.2.5 | 0x11c1 | No error (0) | 104.18.11.207 | A (IP address) | IN (0x0001) | false | ||
Nov 29, 2022 17:41:53.051866055 CET | 8.8.8.8 | 192.168.2.5 | 0x9a09 | No error (0) | cdn.jsdelivr.net.cdn.cloudflare.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 29, 2022 17:41:53.052119970 CET | 8.8.8.8 | 192.168.2.5 | 0xc43d | No error (0) | cds.s5x3j6q5.hwcdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 29, 2022 17:41:53.054792881 CET | 8.8.8.8 | 192.168.2.5 | 0x19c8 | No error (0) | 192.229.221.185 | A (IP address) | IN (0x0001) | false | ||
Nov 29, 2022 17:41:54.579490900 CET | 8.8.8.8 | 192.168.2.5 | 0x5d07 | No error (0) | 104.17.25.14 | A (IP address) | IN (0x0001) | false | ||
Nov 29, 2022 17:41:54.579490900 CET | 8.8.8.8 | 192.168.2.5 | 0x5d07 | No error (0) | 104.17.24.14 | A (IP address) | IN (0x0001) | false | ||
Nov 29, 2022 17:41:54.625884056 CET | 8.8.8.8 | 192.168.2.5 | 0x3e0d | No error (0) | global-entry-afdthirdparty-fallback.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 29, 2022 17:41:54.625884056 CET | 8.8.8.8 | 192.168.2.5 | 0x3e0d | No error (0) | part-0032.t-0009.fbs1-t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 29, 2022 17:41:54.625884056 CET | 8.8.8.8 | 192.168.2.5 | 0x3e0d | No error (0) | 13.107.219.60 | A (IP address) | IN (0x0001) | false | ||
Nov 29, 2022 17:41:54.625884056 CET | 8.8.8.8 | 192.168.2.5 | 0x3e0d | No error (0) | 13.107.227.60 | A (IP address) | IN (0x0001) | false | ||
Nov 29, 2022 17:41:55.894411087 CET | 8.8.8.8 | 192.168.2.5 | 0xe76b | No error (0) | 192.229.221.185 | A (IP address) | IN (0x0001) | false | ||
Nov 29, 2022 17:42:05.615586996 CET | 8.8.8.8 | 192.168.2.5 | 0x63e9 | No error (0) | part-0032.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 29, 2022 17:42:05.615586996 CET | 8.8.8.8 | 192.168.2.5 | 0x63e9 | No error (0) | 13.107.246.60 | A (IP address) | IN (0x0001) | false | ||
Nov 29, 2022 17:42:05.615586996 CET | 8.8.8.8 | 192.168.2.5 | 0x63e9 | No error (0) | 13.107.213.60 | A (IP address) | IN (0x0001) | false | ||
Nov 29, 2022 17:42:10.524068117 CET | 8.8.8.8 | 192.168.2.5 | 0xdd5d | No error (0) | mscomajax.vo.msecnd.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 29, 2022 17:42:10.559360981 CET | 8.8.8.8 | 192.168.2.5 | 0x63b0 | No error (0) | c-s.cms.ms.akadns.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 29, 2022 17:42:10.569428921 CET | 8.8.8.8 | 192.168.2.5 | 0x944a | No error (0) | assets.onestore.ms.akadns.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 29, 2022 17:42:22.360572100 CET | 8.8.8.8 | 192.168.2.5 | 0x99b6 | No error (0) | i.s-microsoft.com.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 29, 2022 17:42:34.807306051 CET | 8.8.8.8 | 192.168.2.5 | 0xca74 | No error (0) | c-s.cms.ms.akadns.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 29, 2022 17:42:52.828217030 CET | 8.8.8.8 | 192.168.2.5 | 0x1fd4 | No error (0) | 172.217.168.36 | A (IP address) | IN (0x0001) | false | ||
Nov 29, 2022 17:43:52.875502110 CET | 8.8.8.8 | 192.168.2.5 | 0xedb7 | No error (0) | 172.217.168.36 | A (IP address) | IN (0x0001) | false |
|
Click to jump to process
Target ID: | 0 |
Start time: | 17:41:46 |
Start date: | 29/11/2022 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7d31b0000 |
File size: | 2851656 bytes |
MD5 hash: | 0FEC2748F363150DC54C1CAFFB1A9408 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 1 |
Start time: | 17:41:47 |
Start date: | 29/11/2022 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7d31b0000 |
File size: | 2851656 bytes |
MD5 hash: | 0FEC2748F363150DC54C1CAFFB1A9408 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 2 |
Start time: | 17:41:48 |
Start date: | 29/11/2022 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7d31b0000 |
File size: | 2851656 bytes |
MD5 hash: | 0FEC2748F363150DC54C1CAFFB1A9408 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |