Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
iata-25May2023.shtml

Overview

General Information

Sample Name:iata-25May2023.shtml
Analysis ID:876166
MD5:38f37466740c0aa09b17fd1f9c260a30
SHA1:d9dc91b0df8a03a5d14ee5de5c6d4385ad9a32cf
SHA256:48cd890109fa77fac8ee43807cd4a5e65fec600b9b7a7ea68be528ac81c4eb6a
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Detected javascript redirector / loader
IP address seen in connection with other malware

Classification

  • System is w10x64
  • chrome.exe (PID: 5688 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\iata-25May2023.shtml MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
    • chrome.exe (PID: 5148 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1888 --field-trial-handle=1812,i,18360485486545431331,5420382872932820938,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: iata-25May2023.shtmlReversingLabs: Detection: 13%

Phishing

barindex
Source: iata-25May2023.shtmlHTTP Parser: Low number of body elements: 1
Source: iata-25May2023.shtmlHTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/iata-25May2023.shtmlHTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/iata-25May2023.shtmlHTTP Parser: No favicon
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: chrome.exeMemory has grown: Private usage: 1MB later: 33MB
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: iata-25May2023.shtmlReversingLabs: Detection: 13%
Source: classification engineClassification label: mal52.phis.winSHTML@24/0@6/7
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\iata-25May2023.shtml
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1888 --field-trial-handle=1812,i,18360485486545431331,5420382872932820938,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1888 --field-trial-handle=1812,i,18360485486545431331,5420382872932820938,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: iata-25May2023.shtmlStatic file information: File size 3081826 > 1048576
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath Interception1
Process Injection
2
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel
Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Extra Window Memory Injection
1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
Non-Application Layer Protocol
Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
Extra Window Memory Injection
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration4
Application Layer Protocol
Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer1
Ingress Tool Transfer
SIM Card SwapCarrier Billing Fraud
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
iata-25May2023.shtml14%ReversingLabsDocument-HTML.Phishing.Generic
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
accounts.google.com
172.217.168.45
truefalse
    high
    www.google.com
    142.250.203.100
    truefalse
      high
      clients.l.google.com
      216.58.215.238
      truefalse
        high
        clients2.google.com
        unknown
        unknownfalse
          high
          NameMaliciousAntivirus DetectionReputation
          file:///C:/Users/user/Desktop/iata-25May2023.shtmltrue
            low
            https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
              high
              https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                high
                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs
                IPDomainCountryFlagASNASN NameMalicious
                172.217.168.45
                accounts.google.comUnited States
                15169GOOGLEUSfalse
                239.255.255.250
                unknownReserved
                unknownunknownfalse
                216.58.215.238
                clients.l.google.comUnited States
                15169GOOGLEUSfalse
                142.250.203.100
                www.google.comUnited States
                15169GOOGLEUSfalse
                IP
                192.168.2.1
                192.168.2.6
                192.168.2.5
                Joe Sandbox Version:37.1.0 Beryl
                Analysis ID:876166
                Start date and time:2023-05-26 11:50:06 +02:00
                Joe Sandbox Product:CloudBasic
                Overall analysis duration:0h 5m 54s
                Hypervisor based Inspection enabled:false
                Report type:light
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                Number of analysed new started processes analysed:2
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • HDC enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Sample file name:iata-25May2023.shtml
                Detection:MAL
                Classification:mal52.phis.winSHTML@24/0@6/7
                EGA Information:Failed
                HDC Information:Failed
                HCA Information:
                • Successful, ratio: 100%
                • Number of executed functions: 0
                • Number of non-executed functions: 0
                Cookbook Comments:
                • Found application associated with file extension: .shtml
                • Excluded IPs from analysis (whitelisted): 172.217.168.3, 34.104.35.123
                • Excluded domains from analysis (whitelisted): edgedl.me.gvt1.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com
                • Not all processes where analyzed, report is missing behavior information
                No simulations
                No context
                No context
                No context
                No context
                No context
                No created / dropped files found
                File type:HTML document, ASCII text, with CRLF line terminators
                Entropy (8bit):4.492634755198107
                TrID:
                  File name:iata-25May2023.shtml
                  File size:3081826
                  MD5:38f37466740c0aa09b17fd1f9c260a30
                  SHA1:d9dc91b0df8a03a5d14ee5de5c6d4385ad9a32cf
                  SHA256:48cd890109fa77fac8ee43807cd4a5e65fec600b9b7a7ea68be528ac81c4eb6a
                  SHA512:7f3b7e69e428ecddc1f23bcf9bf18a9be95553cb1961954f160a33670a513dd1712141f28b221161e6d7ddad0919d8ef9a66927685496ceba4326b57f1fce701
                  SSDEEP:24576:Z6Mzvx9mp6DA1Q3Re6h9D1RHaQhJ7E5dLqOAMsWdllsV56oqZdd5bbFnkza:1fFAO5pGYW7hqe
                  TLSH:F5E5659C5A019AC44F01CC71B9021C09F28B7DCAAFAB0BA5DD659360B7FF671BE1D4A1
                  File Content Preview:<!Doctype html><marquee onstart='var fzknjalsdk = `%3..C%..21..DO..CT..YP..E%..20..ht..ml..%3..E%..0A..%3..Ch..ea..d%..3E..%0..A%..3C..ti..tl..e%..3E..%3..C/..ti..tl..e%..3E..%0..A%..3C..sc..ri..pt..%2..0s..rc..%3..D%..22..%2..2%..3E..%3..C/..sc..ri..pt..
                  Icon Hash:0f3149cc4c490307
                  TimestampSource PortDest PortSource IPDest IP
                  May 26, 2023 11:51:12.374830961 CEST49695443192.168.2.4172.217.168.45
                  May 26, 2023 11:51:12.374862909 CEST44349695172.217.168.45192.168.2.4
                  May 26, 2023 11:51:12.374924898 CEST49695443192.168.2.4172.217.168.45
                  May 26, 2023 11:51:12.375211000 CEST49696443192.168.2.4216.58.215.238
                  May 26, 2023 11:51:12.375274897 CEST44349696216.58.215.238192.168.2.4
                  May 26, 2023 11:51:12.375348091 CEST49696443192.168.2.4216.58.215.238
                  May 26, 2023 11:51:12.375921011 CEST49695443192.168.2.4172.217.168.45
                  May 26, 2023 11:51:12.375931978 CEST44349695172.217.168.45192.168.2.4
                  May 26, 2023 11:51:12.376101971 CEST49696443192.168.2.4216.58.215.238
                  May 26, 2023 11:51:12.376137972 CEST44349696216.58.215.238192.168.2.4
                  May 26, 2023 11:51:12.516033888 CEST44349696216.58.215.238192.168.2.4
                  May 26, 2023 11:51:12.516360044 CEST49696443192.168.2.4216.58.215.238
                  May 26, 2023 11:51:12.516415119 CEST44349696216.58.215.238192.168.2.4
                  May 26, 2023 11:51:12.516670942 CEST44349695172.217.168.45192.168.2.4
                  May 26, 2023 11:51:12.516848087 CEST44349696216.58.215.238192.168.2.4
                  May 26, 2023 11:51:12.516932011 CEST49696443192.168.2.4216.58.215.238
                  May 26, 2023 11:51:12.518029928 CEST44349696216.58.215.238192.168.2.4
                  May 26, 2023 11:51:12.518117905 CEST49696443192.168.2.4216.58.215.238
                  May 26, 2023 11:51:12.518235922 CEST49695443192.168.2.4172.217.168.45
                  May 26, 2023 11:51:12.518265963 CEST44349695172.217.168.45192.168.2.4
                  May 26, 2023 11:51:12.520411015 CEST44349695172.217.168.45192.168.2.4
                  May 26, 2023 11:51:12.520514965 CEST49695443192.168.2.4172.217.168.45
                  May 26, 2023 11:51:12.766942978 CEST49695443192.168.2.4172.217.168.45
                  May 26, 2023 11:51:12.767162085 CEST49695443192.168.2.4172.217.168.45
                  May 26, 2023 11:51:12.767194986 CEST44349695172.217.168.45192.168.2.4
                  May 26, 2023 11:51:12.767426968 CEST44349695172.217.168.45192.168.2.4
                  May 26, 2023 11:51:12.767661095 CEST49696443192.168.2.4216.58.215.238
                  May 26, 2023 11:51:12.767785072 CEST49696443192.168.2.4216.58.215.238
                  May 26, 2023 11:51:12.767805099 CEST44349696216.58.215.238192.168.2.4
                  May 26, 2023 11:51:12.767903090 CEST44349696216.58.215.238192.168.2.4
                  May 26, 2023 11:51:12.801027060 CEST44349696216.58.215.238192.168.2.4
                  May 26, 2023 11:51:12.801146030 CEST49696443192.168.2.4216.58.215.238
                  May 26, 2023 11:51:12.801187038 CEST44349696216.58.215.238192.168.2.4
                  May 26, 2023 11:51:12.801290035 CEST44349696216.58.215.238192.168.2.4
                  May 26, 2023 11:51:12.801359892 CEST49696443192.168.2.4216.58.215.238
                  May 26, 2023 11:51:12.804172039 CEST49696443192.168.2.4216.58.215.238
                  May 26, 2023 11:51:12.804205894 CEST44349696216.58.215.238192.168.2.4
                  May 26, 2023 11:51:12.808182955 CEST49695443192.168.2.4172.217.168.45
                  May 26, 2023 11:51:12.808207035 CEST44349695172.217.168.45192.168.2.4
                  May 26, 2023 11:51:12.847625971 CEST44349695172.217.168.45192.168.2.4
                  May 26, 2023 11:51:12.847805977 CEST49695443192.168.2.4172.217.168.45
                  May 26, 2023 11:51:12.847826958 CEST44349695172.217.168.45192.168.2.4
                  May 26, 2023 11:51:12.847934961 CEST44349695172.217.168.45192.168.2.4
                  May 26, 2023 11:51:12.848015070 CEST49695443192.168.2.4172.217.168.45
                  May 26, 2023 11:51:12.860277891 CEST49695443192.168.2.4172.217.168.45
                  May 26, 2023 11:51:12.860325098 CEST44349695172.217.168.45192.168.2.4
                  May 26, 2023 11:51:16.093437910 CEST49700443192.168.2.4142.250.203.100
                  May 26, 2023 11:51:16.093512058 CEST44349700142.250.203.100192.168.2.4
                  May 26, 2023 11:51:16.093750954 CEST49700443192.168.2.4142.250.203.100
                  May 26, 2023 11:51:16.094300032 CEST49700443192.168.2.4142.250.203.100
                  May 26, 2023 11:51:16.094336033 CEST44349700142.250.203.100192.168.2.4
                  May 26, 2023 11:51:16.154120922 CEST44349700142.250.203.100192.168.2.4
                  May 26, 2023 11:51:16.154529095 CEST49700443192.168.2.4142.250.203.100
                  May 26, 2023 11:51:16.154561043 CEST44349700142.250.203.100192.168.2.4
                  May 26, 2023 11:51:16.156131029 CEST44349700142.250.203.100192.168.2.4
                  May 26, 2023 11:51:16.156223059 CEST49700443192.168.2.4142.250.203.100
                  May 26, 2023 11:51:16.159624100 CEST49700443192.168.2.4142.250.203.100
                  May 26, 2023 11:51:16.159774065 CEST44349700142.250.203.100192.168.2.4
                  May 26, 2023 11:51:16.199790955 CEST49700443192.168.2.4142.250.203.100
                  May 26, 2023 11:51:16.199856997 CEST44349700142.250.203.100192.168.2.4
                  May 26, 2023 11:51:16.246659994 CEST49700443192.168.2.4142.250.203.100
                  May 26, 2023 11:51:26.209671974 CEST44349700142.250.203.100192.168.2.4
                  May 26, 2023 11:51:26.209805965 CEST44349700142.250.203.100192.168.2.4
                  May 26, 2023 11:51:26.209920883 CEST49700443192.168.2.4142.250.203.100
                  May 26, 2023 11:51:26.985879898 CEST49700443192.168.2.4142.250.203.100
                  May 26, 2023 11:51:26.985919952 CEST44349700142.250.203.100192.168.2.4
                  May 26, 2023 11:52:16.153338909 CEST49706443192.168.2.4142.250.203.100
                  May 26, 2023 11:52:16.153429985 CEST44349706142.250.203.100192.168.2.4
                  May 26, 2023 11:52:16.153543949 CEST49706443192.168.2.4142.250.203.100
                  May 26, 2023 11:52:16.154000044 CEST49706443192.168.2.4142.250.203.100
                  May 26, 2023 11:52:16.154035091 CEST44349706142.250.203.100192.168.2.4
                  May 26, 2023 11:52:16.203176975 CEST44349706142.250.203.100192.168.2.4
                  May 26, 2023 11:52:16.203567982 CEST49706443192.168.2.4142.250.203.100
                  May 26, 2023 11:52:16.203605890 CEST44349706142.250.203.100192.168.2.4
                  May 26, 2023 11:52:16.204420090 CEST44349706142.250.203.100192.168.2.4
                  May 26, 2023 11:52:16.204991102 CEST49706443192.168.2.4142.250.203.100
                  May 26, 2023 11:52:16.205843925 CEST44349706142.250.203.100192.168.2.4
                  May 26, 2023 11:52:16.248635054 CEST49706443192.168.2.4142.250.203.100
                  May 26, 2023 11:52:26.191317081 CEST44349706142.250.203.100192.168.2.4
                  May 26, 2023 11:52:26.191519022 CEST44349706142.250.203.100192.168.2.4
                  May 26, 2023 11:52:26.191634893 CEST49706443192.168.2.4142.250.203.100
                  May 26, 2023 11:52:26.657365084 CEST49706443192.168.2.4142.250.203.100
                  May 26, 2023 11:52:26.657411098 CEST44349706142.250.203.100192.168.2.4
                  TimestampSource PortDest PortSource IPDest IP
                  May 26, 2023 11:51:12.333345890 CEST5856553192.168.2.48.8.8.8
                  May 26, 2023 11:51:12.334191084 CEST5223953192.168.2.48.8.8.8
                  May 26, 2023 11:51:12.353100061 CEST53585658.8.8.8192.168.2.4
                  May 26, 2023 11:51:12.353858948 CEST53522398.8.8.8192.168.2.4
                  May 26, 2023 11:51:16.047595024 CEST5944453192.168.2.48.8.8.8
                  May 26, 2023 11:51:16.067703009 CEST53594448.8.8.8192.168.2.4
                  May 26, 2023 11:51:16.073899031 CEST5557053192.168.2.48.8.8.8
                  May 26, 2023 11:51:16.088655949 CEST53555708.8.8.8192.168.2.4
                  May 26, 2023 11:52:16.111325026 CEST6322953192.168.2.48.8.8.8
                  May 26, 2023 11:52:16.134435892 CEST53632298.8.8.8192.168.2.4
                  May 26, 2023 11:52:16.137195110 CEST5857653192.168.2.48.8.8.8
                  May 26, 2023 11:52:16.151894093 CEST53585768.8.8.8192.168.2.4
                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                  May 26, 2023 11:51:12.333345890 CEST192.168.2.48.8.8.80xa740Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                  May 26, 2023 11:51:12.334191084 CEST192.168.2.48.8.8.80x6830Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
                  May 26, 2023 11:51:16.047595024 CEST192.168.2.48.8.8.80xef8bStandard query (0)www.google.comA (IP address)IN (0x0001)false
                  May 26, 2023 11:51:16.073899031 CEST192.168.2.48.8.8.80xda00Standard query (0)www.google.comA (IP address)IN (0x0001)false
                  May 26, 2023 11:52:16.111325026 CEST192.168.2.48.8.8.80xd3afStandard query (0)www.google.comA (IP address)IN (0x0001)false
                  May 26, 2023 11:52:16.137195110 CEST192.168.2.48.8.8.80x8593Standard query (0)www.google.comA (IP address)IN (0x0001)false
                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                  May 26, 2023 11:51:12.353100061 CEST8.8.8.8192.168.2.40xa740No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                  May 26, 2023 11:51:12.353100061 CEST8.8.8.8192.168.2.40xa740No error (0)clients.l.google.com216.58.215.238A (IP address)IN (0x0001)false
                  May 26, 2023 11:51:12.353858948 CEST8.8.8.8192.168.2.40x6830No error (0)accounts.google.com172.217.168.45A (IP address)IN (0x0001)false
                  May 26, 2023 11:51:16.067703009 CEST8.8.8.8192.168.2.40xef8bNo error (0)www.google.com142.250.203.100A (IP address)IN (0x0001)false
                  May 26, 2023 11:51:16.088655949 CEST8.8.8.8192.168.2.40xda00No error (0)www.google.com142.250.203.100A (IP address)IN (0x0001)false
                  May 26, 2023 11:52:16.134435892 CEST8.8.8.8192.168.2.40xd3afNo error (0)www.google.com142.250.203.100A (IP address)IN (0x0001)false
                  May 26, 2023 11:52:16.151894093 CEST8.8.8.8192.168.2.40x8593No error (0)www.google.com142.250.203.100A (IP address)IN (0x0001)false
                  • accounts.google.com
                  • clients2.google.com

                  Click to jump to process

                  Target ID:0
                  Start time:11:51:09
                  Start date:26/05/2023
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\iata-25May2023.shtml
                  Imagebase:0x7ff683680000
                  File size:2851656 bytes
                  MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high

                  Target ID:1
                  Start time:11:51:10
                  Start date:26/05/2023
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1888 --field-trial-handle=1812,i,18360485486545431331,5420382872932820938,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
                  Imagebase:0x7ff683680000
                  File size:2851656 bytes
                  MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high

                  No disassembly