Edit tour

Windows Analysis Report
https://dmnt.informz.net/z/cjuucd9tat00mtgzntu4jna9msz1ptqymjg0nzu2nszsat00njuyode1nq/index.html

Overview

General Information

Sample URL:	https://dmnt.informz.net/z/cjuucd9tat00mtgzntu4jna9msz1ptqymjg0nzu2nszsat00njuyode1nq/index.html
Analysis ID:	1448038
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5600 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1352 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=2040,i,11142821751341047707,16034589024948396542,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6408 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://dmnt.informz.net/z/cjuucd9tat00mtgzntu4jna9msz1ptqymjg0nzu2nszsat00njuyode1nq/index.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://dmnt.informz.net/z/cjuucd9tat00mtgzntu4jna9msz1ptqymjg0nzu2nszsat00njuyode1nq/index.html

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 87.248.204.0
Source: unknown	TCP traffic detected without corresponding DNS query: 87.248.204.0
Source: unknown	TCP traffic detected without corresponding DNS query: 87.248.204.0
Source: unknown	TCP traffic detected without corresponding DNS query: 87.248.204.0
Source: unknown	TCP traffic detected without corresponding DNS query: 87.248.204.0
Source: unknown	TCP traffic detected without corresponding DNS query: 87.248.204.0
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /z/cjuucd9tat00mtgzntu4jna9msz1ptqymjg0nzu2nszsat00njuyode1nq/index.html HTTP/1.1Host: dmnt.informz.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Admin31/images/HL_Logotype.png HTTP/1.1Host: cdn.informz.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://dmnt.informz.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: dmnt.informz.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://dmnt.informz.net/z/cjuucd9tat00mtgzntu4jna9msz1ptqymjg0nzu2nszsat00njuyode1nq/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALBTG=tfz0xQRFSLDhmk2QpiILqo2To6S2Pr3N9BRuig6X89HmITe2OFjKJkAh2t8BULibNUKvfCXOu70t2RoKgghxxE/cvsWaYWu7YtCuN7Hjy1u4Nkz3lY+hB1BXSm/hU7Y4AQ7geaELiagiYARDpiZsTVE/T5Q9Kryfvo/bkIiLYfYzp+ZGLig=; AWSALBTGCORS=tfz0xQRFSLDhmk2QpiILqo2To6S2Pr3N9BRuig6X89HmITe2OFjKJkAh2t8BULibNUKvfCXOu70t2RoKgghxxE/cvsWaYWu7YtCuN7Hjy1u4Nkz3lY+hB1BXSm/hU7Y4AQ7geaELiagiYARDpiZsTVE/T5Q9Kryfvo/bkIiLYfYzp+ZGLig=; AWSALB=MACs3pQYdaqCt2yr+wIowk80/41A7VB4pmUmGFXIEGu50ZnDuuDHbj226OyG3qqw4BwJYAHSn0ktSa+VcJlBNke8wYDV1ItItoyEWKhUUg7rCYZ8zcr+FDesdQE4; AWSALBCORS=MACs3pQYdaqCt2yr+wIowk80/41A7VB4pmUmGFXIEGu50ZnDuuDHbj226OyG3qqw4BwJYAHSn0ktSa+VcJlBNke8wYDV1ItItoyEWKhUUg7rCYZ8zcr+FDesdQE4; ASPSESSIONIDCAQCTDQC=CIIEKAMBBFPHEJOPEHAGMMLF
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: dmnt.informz.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDCAQCTDQC=CIIEKAMBBFPHEJOPEHAGMMLF; AWSALBTG=g4inHgVGu/33F7h7trWabuONrspmKKn/mMpKIkLnEV4dk1CpD3P/ZEOkEneKE/dXt10HpIJxXlCJHUVhKMWW2K9tGN2dCl/tZNCPlZjONL9iaxaMh5mhhWKXon4Zu1N6GXKCdqOQWNPeo0NEx4gmBG7QR53cOfP2ZJ2whU5YCPIXCouTPTk=; AWSALBTGCORS=g4inHgVGu/33F7h7trWabuONrspmKKn/mMpKIkLnEV4dk1CpD3P/ZEOkEneKE/dXt10HpIJxXlCJHUVhKMWW2K9tGN2dCl/tZNCPlZjONL9iaxaMh5mhhWKXon4Zu1N6GXKCdqOQWNPeo0NEx4gmBG7QR53cOfP2ZJ2whU5YCPIXCouTPTk=; AWSALB=4C0WYsraGTWdDU9eg4+BfdetoPN8kmLYlO2rh0/zsln3d+28cnWMe6vNLXjphZJD0PvwbgdC7c7dwP6x3WICLVTFTuQE4wwglaKkdKqLH7ypcq0uMRxfIlESOqyO; AWSALBCORS=4C0WYsraGTWdDU9eg4+BfdetoPN8kmLYlO2rh0/zsln3d+28cnWMe6vNLXjphZJD0PvwbgdC7c7dwP6x3WICLVTFTuQE4wwglaKkdKqLH7ypcq0uMRxfIlESOqyO
Source: global traffic	HTTP traffic detected: GET /Admin31/images/HL_Logotype.png HTTP/1.1Host: cdn.informz.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: dmnt.informz.net
Source: global traffic	DNS traffic detected: DNS query: cdn.informz.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: higherlogic.desk.com
Source: global traffic	DNS traffic detected: DNS query: google.com

Source: chromecache_46.2.dr

String found in binary or memory: https://higherlogic.desk.com/customer/portal/emails/new

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@21/8@30/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=2040,i,11142821751341047707,16034589024948396542,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://dmnt.informz.net/z/cjuucd9tat00mtgzntu4jna9msz1ptqymjg0nzu2nszsat00njuyode1nq/index.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=2040,i,11142821751341047707,16034589024948396542,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://dmnt.informz.net/z/cjuucd9tat00mtgzntu4jna9msz1ptqymjg0nzu2nszsat00njuyode1nq/index.html	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://higherlogic.desk.com/customer/portal/emails/new	0%	Avira URL Cloud	safe
https://cdn.informz.net/Admin31/images/HL_Logotype.png	0%	Avira URL Cloud	safe
https://dmnt.informz.net/favicon.ico	0%	Avira URL Cloud	safe
https://higherlogic.desk.com/customer/portal/emails/new	0%	Virustotal		Browse
https://cdn.informz.net/Admin31/images/HL_Logotype.png	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
google.com	142.250.147.100	true	false	unknown
www.google.com	216.58.206.68	true	false	unknown
damauigwuz6v2.cloudfront.net	13.32.27.34	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
iz-web-1095024495.us-east-1.elb.amazonaws.com	54.209.6.213	true	false	unknown
cdn.informz.net	unknown	unknown	false	unknown
dmnt.informz.net	unknown	unknown	false	unknown
higherlogic.desk.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://cdn.informz.net/Admin31/images/HL_Logotype.png	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://dmnt.informz.net/z/cjuucd9tat00mtgzntu4jna9msz1ptqymjg0nzu2nszsat00njuyode1nq/index.html	false		unknown
https://dmnt.informz.net/favicon.ico	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://higherlogic.desk.com/customer/portal/emails/new	chromecache_46.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
13.32.27.34	damauigwuz6v2.cloudfront.net	United States	7018	ATT-INTERNET4US	false
54.209.6.213	iz-web-1095024495.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
13.32.27.91	unknown	United States	7018	ATT-INTERNET4US	false
216.58.206.68	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1448038
Start date and time:	2024-05-27 15:13:55 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 11s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://dmnt.informz.net/z/cjuucd9tat00mtgzntu4jna9msz1ptqymjg0nzu2nszsat00njuyode1nq/index.html
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@21/8@30/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://higherlogic.desk.com/customer/portal/emails/new

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.163, 142.250.185.174, 108.177.15.84, 34.104.35.123, 20.114.59.183, 93.184.221.240, 20.166.126.56, 192.229.221.95, 13.85.23.206, 142.250.186.163
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, glb.cws.prod.dcat.dsp.trafficmanager.net, ocsp.edge.digicert.com, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: https://dmnt.informz.net/z/cjuucd9tat00mtgzntu4jna9msz1ptqymjg0nzu2nszsat00njuyode1nq/index.html Model: Perplexity: mixtral-8x7b-instruct	{ "loginform": false, "reasons": [ "The text does not contain any input fields for a login form such as username, password, or submit button.", "The text suggests that the page being accessed is unavailable, which implies that it is not a login form." ] }
HIGHER LOGIC The page you are trying to access is unavailable. This might be temporary, so please try your action again. If the page is still unavailable, please contact the sender of the email. If you are an Informz client and would like assistance resolving this issue, please create a case on our support portal so that we can help you.

Input

Output

URL: https://dmnt.informz.net/z/cjuucd9tat00mtgzntu4jna9msz1ptqymjg0nzu2nszsat00njuyode1nq/index.html Model: Perplexity: mixtral-8x7b-instruct

{
"loginform": false,
"reasons": [
"The text does not contain any input fields for a login form such as username, password, or submit button.",
"The text suggests that the page being accessed is unavailable, which implies that it is not a login form."
]
}

HIGHER LOGIC The page you are trying to access is unavailable. This might be temporary, so please try your action again. If the page is still unavailable, please contact the sender of the email. If you are an Informz client and would like assistance resolving this issue, please create a case on our support portal so that we can help you.

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 45

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, -123x-115, 32 bits/pixel
Category:	downloaded
Size (bytes):	77894
Entropy (8bit):	2.277329030836423
Encrypted:	false
SSDEEP:	96:qMq4AvXvXvXvXvXvXvXvXvXvXvXvXvXvXvXvXvXvXvXvXvXvXvXvXvX51kseeeez:qFCo
MD5:	FCAD139E5D7CEB923E7CBEB55E4DA7DC
SHA1:	D096AD830FD36D45206011B73178CFC30D61823B
SHA-256:	8C105B497A7731C38C12057A78EB8558784D9724676449DC138812EAE9003F72
SHA-512:	DA94C2CEDFF65FAC2333F76DEC2B101E7AED4271B463DC2B13DA1812A31B1DC5D378C07000E0C18575E9AE0AB2872388626BE3E97964760433461EC737FDFDD7
Malicious:	false
Reputation:	low
URL:	https://dmnt.informz.net/favicon.ico
Preview:	............ .00......(............. ......%......................{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.........................................................................................................................................................................................................................{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.......................................................................................

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	1070
Entropy (8bit):	5.341947221496122
Encrypted:	false
SSDEEP:	24:WC6vyAWUZ6JwL0W/m/c77Kck6kc+p2rUuFp2lQLxKBevb1Sk:CqA1Z6JwL0Om/cpktp2JFpT9BSk
MD5:	F12939A90131074131EA582D01814BC3
SHA1:	DD2B012763A3CDED2A466C0ECD7E15DA64303FD7
SHA-256:	197D0D657F36D9E5B09B3B4699456ACF4D982315ABD34E78CF876A5C8351B230
SHA-512:	720CC9A86C91D2F14CACEA4CBEC33ECD1CB1898271B3FFF1230AE6BF177B430A519C5751C1844AF19E3B2B7DEE316435561CFDF6A596A1EB440E587A163CA910
Malicious:	false
Reputation:	low
URL:	https://dmnt.informz.net/z/cjuucd9tat00mtgzntu4jna9msz1ptqymjg0nzu2nszsat00njuyode1nq/index.html
Preview:	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">..<HTML><HEAD><TITLE>Bad request</TITLE>..<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">..<STYLE type="text/css">.. BODY { font: 1em verdana }.. H1 { font: 1.4em verdana }.. H2 { font: 1.2em verdana }.. A:link { color: red }.. A:visited { color: maroon }..</STYLE>..</HEAD>..<BODY>..<TABLE width=500 border=0 cellspacing=10 style="margin-top: 20px;">..<TR><TD>..<img src="//cdn.informz.net/Admin31/images/HL_Logotype.png" />..</td></tr>..<tr>..<td>..<p>..The page you are trying to access is unavailable...</p> ..<p>This might be temporary, so please try your action again.</p>..<p>If the page is still unavailable, please contact the sender of the email. If you are an Informz client and would like assistance resolving this issue, please ...<a href="https://higherlogic.desk.com/customer/portal/emails/new" target="_blank">create a case</a> on our support portal so that we c

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 300 x 50, 8-bit/color RGBA, interlaced
Category:	downloaded
Size (bytes):	20227
Entropy (8bit):	6.559490844420845
Encrypted:	false
SSDEEP:	384:q/nvdkQTiz0Wp6zvlwcarVB4kI45Aihba4:q/XgrVB4QAipa4
MD5:	BE38727F62EBE3092A025B09DCA1AD2C
SHA1:	3F60336269A9931FFA04A1146DFB22A0910E3FB6
SHA-256:	53C0EB180594BEAC4785981456EDB46A91BECFAD1383396C11EE7E8FE1A10788
SHA-512:	5E88F7E27D9318842560E7C096B8D49D4FB94E510E944C01593A72A2D89ACE5C595754FB236CA25C6A77A1DD5AE33D9C35F4C32043230F40D9590746676399A7
Malicious:	false
Reputation:	low
URL:	https://cdn.informz.net/Admin31/images/HL_Logotype.png
Preview:	.PNG........IHDR...,...2............pHYs...#...#.x.?v..7.iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:illustrator="http://ns.adobe.com/illustrator/1.0/" xmlns:xmpTPg="http://ns.adobe.com/xap/1.0/t/pg/" xmlns:stDim="http://ns.adobe.com/xap/1.0/sType/Dimensions#" xmlns:xmpG="http://ns.adobe.com/xap/1.0/g/" xmlns:pdf="http://ns.adobe.com/pdf/1.3/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" dc:format="image/png" xmp:MetadataDate="2018-09-27T11:44:15-04:00" xmp:ModifyDate="2018-09-27T11:

Chrome Cache Entry: 48

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 300 x 50, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	20227
Entropy (8bit):	6.559490844420845
Encrypted:	false
SSDEEP:	384:q/nvdkQTiz0Wp6zvlwcarVB4kI45Aihba4:q/XgrVB4QAipa4
MD5:	BE38727F62EBE3092A025B09DCA1AD2C
SHA1:	3F60336269A9931FFA04A1146DFB22A0910E3FB6
SHA-256:	53C0EB180594BEAC4785981456EDB46A91BECFAD1383396C11EE7E8FE1A10788
SHA-512:	5E88F7E27D9318842560E7C096B8D49D4FB94E510E944C01593A72A2D89ACE5C595754FB236CA25C6A77A1DD5AE33D9C35F4C32043230F40D9590746676399A7
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...,...2............pHYs...#...#.x.?v..7.iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:illustrator="http://ns.adobe.com/illustrator/1.0/" xmlns:xmpTPg="http://ns.adobe.com/xap/1.0/t/pg/" xmlns:stDim="http://ns.adobe.com/xap/1.0/sType/Dimensions#" xmlns:xmpG="http://ns.adobe.com/xap/1.0/g/" xmlns:pdf="http://ns.adobe.com/pdf/1.3/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" dc:format="image/png" xmp:MetadataDate="2018-09-27T11:44:15-04:00" xmp:ModifyDate="2018-09-27T11:

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, -123x-115, 32 bits/pixel
Category:	dropped
Size (bytes):	77894
Entropy (8bit):	2.277329030836423
Encrypted:	false
SSDEEP:	96:qMq4AvXvXvXvXvXvXvXvXvXvXvXvXvXvXvXvXvXvXvXvXvXvXvXvXvX51kseeeez:qFCo
MD5:	FCAD139E5D7CEB923E7CBEB55E4DA7DC
SHA1:	D096AD830FD36D45206011B73178CFC30D61823B
SHA-256:	8C105B497A7731C38C12057A78EB8558784D9724676449DC138812EAE9003F72
SHA-512:	DA94C2CEDFF65FAC2333F76DEC2B101E7AED4271B463DC2B13DA1812A31B1DC5D378C07000E0C18575E9AE0AB2872388626BE3E97964760433461EC737FDFDD7
Malicious:	false
Reputation:	low
Preview:	............ .00......(............. ......%......................{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.........................................................................................................................................................................................................................{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.{wu.......................................................................................

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 27, 2024 15:14:41.634980917 CEST	49675	443	192.168.2.4	173.222.162.32
May 27, 2024 15:14:51.243007898 CEST	49675	443	192.168.2.4	173.222.162.32
May 27, 2024 15:14:51.829473019 CEST	49735	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:51.829566956 CEST	443	49735	54.209.6.213	192.168.2.4
May 27, 2024 15:14:51.829651117 CEST	49735	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:51.829891920 CEST	49736	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:51.829940081 CEST	443	49736	54.209.6.213	192.168.2.4
May 27, 2024 15:14:51.830106974 CEST	49735	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:51.830122948 CEST	49736	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:51.830142975 CEST	443	49735	54.209.6.213	192.168.2.4
May 27, 2024 15:14:51.830266953 CEST	49736	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:51.830282927 CEST	443	49736	54.209.6.213	192.168.2.4
May 27, 2024 15:14:52.509165049 CEST	443	49736	54.209.6.213	192.168.2.4
May 27, 2024 15:14:52.509459019 CEST	49736	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:52.509488106 CEST	443	49736	54.209.6.213	192.168.2.4
May 27, 2024 15:14:52.510380030 CEST	443	49736	54.209.6.213	192.168.2.4
May 27, 2024 15:14:52.510452032 CEST	49736	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:52.513184071 CEST	49736	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:52.513245106 CEST	443	49736	54.209.6.213	192.168.2.4
May 27, 2024 15:14:52.513353109 CEST	49736	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:52.513361931 CEST	443	49736	54.209.6.213	192.168.2.4
May 27, 2024 15:14:52.521253109 CEST	443	49735	54.209.6.213	192.168.2.4
May 27, 2024 15:14:52.521470070 CEST	49735	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:52.521533012 CEST	443	49735	54.209.6.213	192.168.2.4
May 27, 2024 15:14:52.522458076 CEST	443	49735	54.209.6.213	192.168.2.4
May 27, 2024 15:14:52.522530079 CEST	49735	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:52.522851944 CEST	49735	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:52.522916079 CEST	443	49735	54.209.6.213	192.168.2.4
May 27, 2024 15:14:52.557889938 CEST	49736	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:52.573139906 CEST	49735	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:52.573169947 CEST	443	49735	54.209.6.213	192.168.2.4
May 27, 2024 15:14:52.618875980 CEST	49735	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:52.631103039 CEST	443	49736	54.209.6.213	192.168.2.4
May 27, 2024 15:14:52.631182909 CEST	443	49736	54.209.6.213	192.168.2.4
May 27, 2024 15:14:52.631248951 CEST	49736	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:52.647861958 CEST	49736	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:52.647886038 CEST	443	49736	54.209.6.213	192.168.2.4
May 27, 2024 15:14:52.679131985 CEST	49739	443	192.168.2.4	13.32.27.34
May 27, 2024 15:14:52.679158926 CEST	443	49739	13.32.27.34	192.168.2.4
May 27, 2024 15:14:52.679241896 CEST	49739	443	192.168.2.4	13.32.27.34
May 27, 2024 15:14:52.679472923 CEST	49739	443	192.168.2.4	13.32.27.34
May 27, 2024 15:14:52.679486990 CEST	443	49739	13.32.27.34	192.168.2.4
May 27, 2024 15:14:53.406308889 CEST	443	49739	13.32.27.34	192.168.2.4
May 27, 2024 15:14:53.406814098 CEST	49739	443	192.168.2.4	13.32.27.34
May 27, 2024 15:14:53.406826019 CEST	443	49739	13.32.27.34	192.168.2.4
May 27, 2024 15:14:53.408257008 CEST	443	49739	13.32.27.34	192.168.2.4
May 27, 2024 15:14:53.408322096 CEST	49739	443	192.168.2.4	13.32.27.34
May 27, 2024 15:14:53.410283089 CEST	49739	443	192.168.2.4	13.32.27.34
May 27, 2024 15:14:53.410372019 CEST	443	49739	13.32.27.34	192.168.2.4
May 27, 2024 15:14:53.410784006 CEST	49739	443	192.168.2.4	13.32.27.34
May 27, 2024 15:14:53.410789967 CEST	443	49739	13.32.27.34	192.168.2.4
May 27, 2024 15:14:53.462110996 CEST	49739	443	192.168.2.4	13.32.27.34
May 27, 2024 15:14:53.692481995 CEST	443	49739	13.32.27.34	192.168.2.4
May 27, 2024 15:14:53.692518950 CEST	443	49739	13.32.27.34	192.168.2.4
May 27, 2024 15:14:53.692532063 CEST	443	49739	13.32.27.34	192.168.2.4
May 27, 2024 15:14:53.692550898 CEST	443	49739	13.32.27.34	192.168.2.4
May 27, 2024 15:14:53.692560911 CEST	443	49739	13.32.27.34	192.168.2.4
May 27, 2024 15:14:53.692569017 CEST	443	49739	13.32.27.34	192.168.2.4
May 27, 2024 15:14:53.692601919 CEST	49739	443	192.168.2.4	13.32.27.34
May 27, 2024 15:14:53.692617893 CEST	443	49739	13.32.27.34	192.168.2.4
May 27, 2024 15:14:53.692653894 CEST	49739	443	192.168.2.4	13.32.27.34
May 27, 2024 15:14:53.692792892 CEST	49739	443	192.168.2.4	13.32.27.34
May 27, 2024 15:14:53.773833990 CEST	443	49739	13.32.27.34	192.168.2.4
May 27, 2024 15:14:53.773910999 CEST	49739	443	192.168.2.4	13.32.27.34
May 27, 2024 15:14:53.773922920 CEST	443	49739	13.32.27.34	192.168.2.4
May 27, 2024 15:14:53.773952961 CEST	443	49739	13.32.27.34	192.168.2.4
May 27, 2024 15:14:53.773979902 CEST	49739	443	192.168.2.4	13.32.27.34
May 27, 2024 15:14:53.774030924 CEST	49739	443	192.168.2.4	13.32.27.34
May 27, 2024 15:14:53.774276972 CEST	49739	443	192.168.2.4	13.32.27.34
May 27, 2024 15:14:53.774303913 CEST	443	49739	13.32.27.34	192.168.2.4
May 27, 2024 15:14:54.177500010 CEST	49740	443	192.168.2.4	216.58.206.68
May 27, 2024 15:14:54.177544117 CEST	443	49740	216.58.206.68	192.168.2.4
May 27, 2024 15:14:54.177618027 CEST	49740	443	192.168.2.4	216.58.206.68
May 27, 2024 15:14:54.178378105 CEST	49740	443	192.168.2.4	216.58.206.68
May 27, 2024 15:14:54.178394079 CEST	443	49740	216.58.206.68	192.168.2.4
May 27, 2024 15:14:54.178793907 CEST	49735	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:54.226499081 CEST	443	49735	54.209.6.213	192.168.2.4
May 27, 2024 15:14:54.227124929 CEST	49741	443	192.168.2.4	13.32.27.91
May 27, 2024 15:14:54.227144003 CEST	443	49741	13.32.27.91	192.168.2.4
May 27, 2024 15:14:54.227201939 CEST	49741	443	192.168.2.4	13.32.27.91
May 27, 2024 15:14:54.227708101 CEST	49741	443	192.168.2.4	13.32.27.91
May 27, 2024 15:14:54.227720976 CEST	443	49741	13.32.27.91	192.168.2.4
May 27, 2024 15:14:54.314100981 CEST	443	49735	54.209.6.213	192.168.2.4
May 27, 2024 15:14:54.314130068 CEST	443	49735	54.209.6.213	192.168.2.4
May 27, 2024 15:14:54.314137936 CEST	443	49735	54.209.6.213	192.168.2.4
May 27, 2024 15:14:54.314157009 CEST	443	49735	54.209.6.213	192.168.2.4
May 27, 2024 15:14:54.314188957 CEST	443	49735	54.209.6.213	192.168.2.4
May 27, 2024 15:14:54.314192057 CEST	49735	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:54.314207077 CEST	443	49735	54.209.6.213	192.168.2.4
May 27, 2024 15:14:54.314235926 CEST	443	49735	54.209.6.213	192.168.2.4
May 27, 2024 15:14:54.314245939 CEST	49735	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:54.314245939 CEST	49735	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:54.314277887 CEST	49735	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:54.314279079 CEST	49735	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:54.389329910 CEST	443	49735	54.209.6.213	192.168.2.4
May 27, 2024 15:14:54.389358044 CEST	443	49735	54.209.6.213	192.168.2.4
May 27, 2024 15:14:54.389389992 CEST	443	49735	54.209.6.213	192.168.2.4
May 27, 2024 15:14:54.389437914 CEST	49735	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:54.389477968 CEST	443	49735	54.209.6.213	192.168.2.4
May 27, 2024 15:14:54.389511108 CEST	49735	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:54.403537989 CEST	443	49735	54.209.6.213	192.168.2.4
May 27, 2024 15:14:54.403558969 CEST	443	49735	54.209.6.213	192.168.2.4
May 27, 2024 15:14:54.403698921 CEST	49735	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:54.403700113 CEST	49735	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:54.403765917 CEST	443	49735	54.209.6.213	192.168.2.4
May 27, 2024 15:14:54.446130037 CEST	49735	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:54.477250099 CEST	443	49735	54.209.6.213	192.168.2.4
May 27, 2024 15:14:54.477258921 CEST	443	49735	54.209.6.213	192.168.2.4
May 27, 2024 15:14:54.477291107 CEST	443	49735	54.209.6.213	192.168.2.4
May 27, 2024 15:14:54.477417946 CEST	49735	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:54.477418900 CEST	49735	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:54.477485895 CEST	443	49735	54.209.6.213	192.168.2.4
May 27, 2024 15:14:54.477560997 CEST	49735	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:54.478060007 CEST	443	49735	54.209.6.213	192.168.2.4
May 27, 2024 15:14:54.478126049 CEST	49735	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:54.478140116 CEST	443	49735	54.209.6.213	192.168.2.4
May 27, 2024 15:14:54.478193998 CEST	49735	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:54.481462002 CEST	49735	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:54.481492996 CEST	443	49735	54.209.6.213	192.168.2.4
May 27, 2024 15:14:54.530947924 CEST	49742	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:54.530985117 CEST	443	49742	54.209.6.213	192.168.2.4
May 27, 2024 15:14:54.531083107 CEST	49742	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:54.531405926 CEST	49742	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:54.531423092 CEST	443	49742	54.209.6.213	192.168.2.4
May 27, 2024 15:14:54.643205881 CEST	49743	443	192.168.2.4	184.28.90.27
May 27, 2024 15:14:54.643301010 CEST	443	49743	184.28.90.27	192.168.2.4
May 27, 2024 15:14:54.643404007 CEST	49743	443	192.168.2.4	184.28.90.27
May 27, 2024 15:14:54.645508051 CEST	49743	443	192.168.2.4	184.28.90.27
May 27, 2024 15:14:54.645545006 CEST	443	49743	184.28.90.27	192.168.2.4
May 27, 2024 15:14:55.044629097 CEST	443	49742	54.209.6.213	192.168.2.4
May 27, 2024 15:14:55.050350904 CEST	443	49741	13.32.27.91	192.168.2.4
May 27, 2024 15:14:55.052089930 CEST	49742	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:55.052118063 CEST	443	49742	54.209.6.213	192.168.2.4
May 27, 2024 15:14:55.052304029 CEST	49741	443	192.168.2.4	13.32.27.91
May 27, 2024 15:14:55.052335024 CEST	443	49741	13.32.27.91	192.168.2.4
May 27, 2024 15:14:55.053102970 CEST	443	49742	54.209.6.213	192.168.2.4
May 27, 2024 15:14:55.053167105 CEST	49742	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:55.053801060 CEST	443	49740	216.58.206.68	192.168.2.4
May 27, 2024 15:14:55.055193901 CEST	49742	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:55.055263996 CEST	443	49742	54.209.6.213	192.168.2.4
May 27, 2024 15:14:55.055398941 CEST	49740	443	192.168.2.4	216.58.206.68
May 27, 2024 15:14:55.055408955 CEST	443	49740	216.58.206.68	192.168.2.4
May 27, 2024 15:14:55.055572033 CEST	49742	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:55.055586100 CEST	443	49742	54.209.6.213	192.168.2.4
May 27, 2024 15:14:55.055900097 CEST	443	49741	13.32.27.91	192.168.2.4
May 27, 2024 15:14:55.055954933 CEST	49741	443	192.168.2.4	13.32.27.91
May 27, 2024 15:14:55.056602001 CEST	49741	443	192.168.2.4	13.32.27.91
May 27, 2024 15:14:55.056663990 CEST	443	49741	13.32.27.91	192.168.2.4
May 27, 2024 15:14:55.056948900 CEST	49741	443	192.168.2.4	13.32.27.91
May 27, 2024 15:14:55.056957960 CEST	443	49741	13.32.27.91	192.168.2.4
May 27, 2024 15:14:55.056967020 CEST	443	49740	216.58.206.68	192.168.2.4
May 27, 2024 15:14:55.057014942 CEST	49740	443	192.168.2.4	216.58.206.68
May 27, 2024 15:14:55.058167934 CEST	49740	443	192.168.2.4	216.58.206.68
May 27, 2024 15:14:55.058264017 CEST	443	49740	216.58.206.68	192.168.2.4
May 27, 2024 15:14:55.103368044 CEST	49741	443	192.168.2.4	13.32.27.91
May 27, 2024 15:14:55.103368044 CEST	49742	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:55.103368044 CEST	49740	443	192.168.2.4	216.58.206.68
May 27, 2024 15:14:55.103385925 CEST	443	49740	216.58.206.68	192.168.2.4
May 27, 2024 15:14:55.150238991 CEST	49740	443	192.168.2.4	216.58.206.68
May 27, 2024 15:14:55.257293940 CEST	443	49742	54.209.6.213	192.168.2.4
May 27, 2024 15:14:55.257317066 CEST	443	49742	54.209.6.213	192.168.2.4
May 27, 2024 15:14:55.257324934 CEST	443	49742	54.209.6.213	192.168.2.4
May 27, 2024 15:14:55.257355928 CEST	443	49742	54.209.6.213	192.168.2.4
May 27, 2024 15:14:55.257369995 CEST	443	49742	54.209.6.213	192.168.2.4
May 27, 2024 15:14:55.257376909 CEST	49742	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:55.257399082 CEST	443	49742	54.209.6.213	192.168.2.4
May 27, 2024 15:14:55.257410049 CEST	443	49742	54.209.6.213	192.168.2.4
May 27, 2024 15:14:55.257419109 CEST	49742	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:55.257419109 CEST	49742	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:55.257447958 CEST	49742	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:55.258291006 CEST	443	49742	54.209.6.213	192.168.2.4
May 27, 2024 15:14:55.258310080 CEST	443	49742	54.209.6.213	192.168.2.4
May 27, 2024 15:14:55.258358002 CEST	49742	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:55.258367062 CEST	443	49742	54.209.6.213	192.168.2.4
May 27, 2024 15:14:55.258470058 CEST	49742	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:55.259002924 CEST	443	49742	54.209.6.213	192.168.2.4
May 27, 2024 15:14:55.306457043 CEST	49742	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:55.309931040 CEST	443	49743	184.28.90.27	192.168.2.4
May 27, 2024 15:14:55.310094118 CEST	49743	443	192.168.2.4	184.28.90.27
May 27, 2024 15:14:55.314414978 CEST	49743	443	192.168.2.4	184.28.90.27
May 27, 2024 15:14:55.314446926 CEST	443	49743	184.28.90.27	192.168.2.4
May 27, 2024 15:14:55.314841986 CEST	443	49743	184.28.90.27	192.168.2.4
May 27, 2024 15:14:55.330101013 CEST	443	49741	13.32.27.91	192.168.2.4
May 27, 2024 15:14:55.340137005 CEST	443	49741	13.32.27.91	192.168.2.4
May 27, 2024 15:14:55.340161085 CEST	443	49741	13.32.27.91	192.168.2.4
May 27, 2024 15:14:55.340202093 CEST	443	49741	13.32.27.91	192.168.2.4
May 27, 2024 15:14:55.340205908 CEST	49741	443	192.168.2.4	13.32.27.91
May 27, 2024 15:14:55.340238094 CEST	443	49741	13.32.27.91	192.168.2.4
May 27, 2024 15:14:55.340256929 CEST	49741	443	192.168.2.4	13.32.27.91
May 27, 2024 15:14:55.340256929 CEST	49741	443	192.168.2.4	13.32.27.91
May 27, 2024 15:14:55.340291977 CEST	49741	443	192.168.2.4	13.32.27.91
May 27, 2024 15:14:55.343790054 CEST	443	49742	54.209.6.213	192.168.2.4
May 27, 2024 15:14:55.343806982 CEST	443	49742	54.209.6.213	192.168.2.4
May 27, 2024 15:14:55.343858957 CEST	49742	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:55.343878031 CEST	443	49742	54.209.6.213	192.168.2.4
May 27, 2024 15:14:55.343918085 CEST	49742	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:55.344961882 CEST	443	49742	54.209.6.213	192.168.2.4
May 27, 2024 15:14:55.344976902 CEST	443	49742	54.209.6.213	192.168.2.4
May 27, 2024 15:14:55.345016003 CEST	49742	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:55.345024109 CEST	443	49742	54.209.6.213	192.168.2.4
May 27, 2024 15:14:55.345048904 CEST	49742	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:55.345062017 CEST	49742	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:55.346590042 CEST	443	49742	54.209.6.213	192.168.2.4
May 27, 2024 15:14:55.346627951 CEST	443	49742	54.209.6.213	192.168.2.4
May 27, 2024 15:14:55.346651077 CEST	49742	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:55.346661091 CEST	443	49742	54.209.6.213	192.168.2.4
May 27, 2024 15:14:55.346703053 CEST	49742	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:55.346913099 CEST	49742	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:55.347024918 CEST	49742	443	192.168.2.4	54.209.6.213
May 27, 2024 15:14:55.347042084 CEST	443	49742	54.209.6.213	192.168.2.4
May 27, 2024 15:14:55.355022907 CEST	49743	443	192.168.2.4	184.28.90.27
May 27, 2024 15:14:55.402530909 CEST	443	49743	184.28.90.27	192.168.2.4
May 27, 2024 15:14:55.420388937 CEST	443	49741	13.32.27.91	192.168.2.4
May 27, 2024 15:14:55.420454025 CEST	49741	443	192.168.2.4	13.32.27.91
May 27, 2024 15:14:55.420469046 CEST	443	49741	13.32.27.91	192.168.2.4
May 27, 2024 15:14:55.420484066 CEST	443	49741	13.32.27.91	192.168.2.4
May 27, 2024 15:14:55.420514107 CEST	49741	443	192.168.2.4	13.32.27.91
May 27, 2024 15:14:55.420535088 CEST	49741	443	192.168.2.4	13.32.27.91
May 27, 2024 15:14:55.420629025 CEST	49741	443	192.168.2.4	13.32.27.91
May 27, 2024 15:14:55.420646906 CEST	443	49741	13.32.27.91	192.168.2.4
May 27, 2024 15:14:55.420658112 CEST	49741	443	192.168.2.4	13.32.27.91
May 27, 2024 15:14:55.420691013 CEST	49741	443	192.168.2.4	13.32.27.91
May 27, 2024 15:14:55.582500935 CEST	443	49743	184.28.90.27	192.168.2.4
May 27, 2024 15:14:55.582592964 CEST	443	49743	184.28.90.27	192.168.2.4
May 27, 2024 15:14:55.582664013 CEST	49743	443	192.168.2.4	184.28.90.27
May 27, 2024 15:14:55.582865953 CEST	49743	443	192.168.2.4	184.28.90.27
May 27, 2024 15:14:55.582866907 CEST	49743	443	192.168.2.4	184.28.90.27
May 27, 2024 15:14:55.582910061 CEST	443	49743	184.28.90.27	192.168.2.4
May 27, 2024 15:14:55.582940102 CEST	443	49743	184.28.90.27	192.168.2.4
May 27, 2024 15:14:55.665518999 CEST	49745	443	192.168.2.4	184.28.90.27
May 27, 2024 15:14:55.665572882 CEST	443	49745	184.28.90.27	192.168.2.4
May 27, 2024 15:14:55.665640116 CEST	49745	443	192.168.2.4	184.28.90.27
May 27, 2024 15:14:55.666234016 CEST	49745	443	192.168.2.4	184.28.90.27
May 27, 2024 15:14:55.666250944 CEST	443	49745	184.28.90.27	192.168.2.4
May 27, 2024 15:14:56.340603113 CEST	443	49745	184.28.90.27	192.168.2.4
May 27, 2024 15:14:56.340702057 CEST	49745	443	192.168.2.4	184.28.90.27
May 27, 2024 15:14:56.363935947 CEST	49745	443	192.168.2.4	184.28.90.27
May 27, 2024 15:14:56.363956928 CEST	443	49745	184.28.90.27	192.168.2.4
May 27, 2024 15:14:56.364204884 CEST	443	49745	184.28.90.27	192.168.2.4
May 27, 2024 15:14:56.365148067 CEST	49745	443	192.168.2.4	184.28.90.27
May 27, 2024 15:14:56.410504103 CEST	443	49745	184.28.90.27	192.168.2.4
May 27, 2024 15:14:56.626362085 CEST	443	49745	184.28.90.27	192.168.2.4
May 27, 2024 15:14:56.626425982 CEST	443	49745	184.28.90.27	192.168.2.4
May 27, 2024 15:14:56.626554012 CEST	49745	443	192.168.2.4	184.28.90.27
May 27, 2024 15:14:56.628334045 CEST	49745	443	192.168.2.4	184.28.90.27
May 27, 2024 15:14:56.628355026 CEST	443	49745	184.28.90.27	192.168.2.4
May 27, 2024 15:14:56.628365040 CEST	49745	443	192.168.2.4	184.28.90.27
May 27, 2024 15:14:56.628371000 CEST	443	49745	184.28.90.27	192.168.2.4
May 27, 2024 15:15:04.741309881 CEST	443	49740	216.58.206.68	192.168.2.4
May 27, 2024 15:15:04.741379023 CEST	443	49740	216.58.206.68	192.168.2.4
May 27, 2024 15:15:04.741431952 CEST	49740	443	192.168.2.4	216.58.206.68
May 27, 2024 15:15:04.827478886 CEST	49740	443	192.168.2.4	216.58.206.68
May 27, 2024 15:15:04.827495098 CEST	443	49740	216.58.206.68	192.168.2.4
May 27, 2024 15:15:08.066521883 CEST	80	49723	87.248.204.0	192.168.2.4
May 27, 2024 15:15:08.066679001 CEST	49723	80	192.168.2.4	87.248.204.0
May 27, 2024 15:15:08.066818953 CEST	49723	80	192.168.2.4	87.248.204.0
May 27, 2024 15:15:08.073642015 CEST	80	49723	87.248.204.0	192.168.2.4
May 27, 2024 15:15:23.334151983 CEST	80	49724	87.248.204.0	192.168.2.4
May 27, 2024 15:15:23.334194899 CEST	80	49724	87.248.204.0	192.168.2.4
May 27, 2024 15:15:23.334232092 CEST	80	49724	87.248.204.0	192.168.2.4
May 27, 2024 15:15:23.334270954 CEST	49724	80	192.168.2.4	87.248.204.0
May 27, 2024 15:15:23.334270954 CEST	49724	80	192.168.2.4	87.248.204.0
May 27, 2024 15:15:23.334332943 CEST	49724	80	192.168.2.4	87.248.204.0
May 27, 2024 15:15:23.334332943 CEST	49724	80	192.168.2.4	87.248.204.0
May 27, 2024 15:15:23.339507103 CEST	80	49724	87.248.204.0	192.168.2.4
May 27, 2024 15:15:54.378412008 CEST	49754	443	192.168.2.4	216.58.206.68
May 27, 2024 15:15:54.378443956 CEST	443	49754	216.58.206.68	192.168.2.4
May 27, 2024 15:15:54.378521919 CEST	49754	443	192.168.2.4	216.58.206.68
May 27, 2024 15:15:54.378846884 CEST	49754	443	192.168.2.4	216.58.206.68
May 27, 2024 15:15:54.378859997 CEST	443	49754	216.58.206.68	192.168.2.4
May 27, 2024 15:15:55.022867918 CEST	443	49754	216.58.206.68	192.168.2.4
May 27, 2024 15:15:55.023246050 CEST	49754	443	192.168.2.4	216.58.206.68
May 27, 2024 15:15:55.023253918 CEST	443	49754	216.58.206.68	192.168.2.4
May 27, 2024 15:15:55.023636103 CEST	443	49754	216.58.206.68	192.168.2.4
May 27, 2024 15:15:55.024075031 CEST	49754	443	192.168.2.4	216.58.206.68
May 27, 2024 15:15:55.024122953 CEST	443	49754	216.58.206.68	192.168.2.4
May 27, 2024 15:15:55.071999073 CEST	49754	443	192.168.2.4	216.58.206.68
May 27, 2024 15:16:04.929605007 CEST	443	49754	216.58.206.68	192.168.2.4
May 27, 2024 15:16:04.929712057 CEST	443	49754	216.58.206.68	192.168.2.4
May 27, 2024 15:16:04.929764986 CEST	49754	443	192.168.2.4	216.58.206.68
May 27, 2024 15:16:06.277704000 CEST	49754	443	192.168.2.4	216.58.206.68
May 27, 2024 15:16:06.277736902 CEST	443	49754	216.58.206.68	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 27, 2024 15:14:49.967709064 CEST	53	62219	1.1.1.1	192.168.2.4
May 27, 2024 15:14:50.037462950 CEST	53	57795	1.1.1.1	192.168.2.4
May 27, 2024 15:14:51.011706114 CEST	53	58560	1.1.1.1	192.168.2.4
May 27, 2024 15:14:51.806911945 CEST	64903	53	192.168.2.4	1.1.1.1
May 27, 2024 15:14:51.807094097 CEST	50693	53	192.168.2.4	1.1.1.1
May 27, 2024 15:14:51.828334093 CEST	53	64903	1.1.1.1	192.168.2.4
May 27, 2024 15:14:51.828711033 CEST	53	50693	1.1.1.1	192.168.2.4
May 27, 2024 15:14:52.654552937 CEST	64556	53	192.168.2.4	1.1.1.1
May 27, 2024 15:14:52.654679060 CEST	53586	53	192.168.2.4	1.1.1.1
May 27, 2024 15:14:52.668665886 CEST	53	64556	1.1.1.1	192.168.2.4
May 27, 2024 15:14:52.678600073 CEST	53	53586	1.1.1.1	192.168.2.4
May 27, 2024 15:14:54.166565895 CEST	58744	53	192.168.2.4	1.1.1.1
May 27, 2024 15:14:54.166686058 CEST	53888	53	192.168.2.4	1.1.1.1
May 27, 2024 15:14:54.173706055 CEST	53	58744	1.1.1.1	192.168.2.4
May 27, 2024 15:14:54.173847914 CEST	53	53888	1.1.1.1	192.168.2.4
May 27, 2024 15:14:54.187990904 CEST	54114	53	192.168.2.4	1.1.1.1
May 27, 2024 15:14:54.188307047 CEST	53875	53	192.168.2.4	1.1.1.1
May 27, 2024 15:14:54.199079990 CEST	53	53875	1.1.1.1	192.168.2.4
May 27, 2024 15:14:54.226438999 CEST	53	54114	1.1.1.1	192.168.2.4
May 27, 2024 15:14:54.497086048 CEST	65000	53	192.168.2.4	1.1.1.1
May 27, 2024 15:14:54.497446060 CEST	51338	53	192.168.2.4	1.1.1.1
May 27, 2024 15:14:54.518388033 CEST	53	51338	1.1.1.1	192.168.2.4
May 27, 2024 15:14:54.529596090 CEST	53	65000	1.1.1.1	192.168.2.4
May 27, 2024 15:15:04.756925106 CEST	58875	53	192.168.2.4	1.1.1.1
May 27, 2024 15:15:04.765899897 CEST	53312	53	192.168.2.4	1.1.1.1
May 27, 2024 15:15:04.768230915 CEST	53	58875	1.1.1.1	192.168.2.4
May 27, 2024 15:15:04.778656960 CEST	53	53312	1.1.1.1	192.168.2.4
May 27, 2024 15:15:04.804219007 CEST	57923	53	192.168.2.4	1.1.1.1
May 27, 2024 15:15:04.812923908 CEST	53	57923	1.1.1.1	192.168.2.4
May 27, 2024 15:15:04.828250885 CEST	57040	53	192.168.2.4	1.1.1.1
May 27, 2024 15:15:04.828533888 CEST	63007	53	192.168.2.4	1.1.1.1
May 27, 2024 15:15:04.836318016 CEST	53	57040	1.1.1.1	192.168.2.4
May 27, 2024 15:15:04.836770058 CEST	53	63007	1.1.1.1	192.168.2.4
May 27, 2024 15:15:05.075546980 CEST	53820	53	192.168.2.4	1.1.1.1
May 27, 2024 15:15:05.075930119 CEST	58444	53	192.168.2.4	8.8.8.8
May 27, 2024 15:15:05.082423925 CEST	53	58444	8.8.8.8	192.168.2.4
May 27, 2024 15:15:05.082720041 CEST	53	53820	1.1.1.1	192.168.2.4
May 27, 2024 15:15:06.088968039 CEST	60724	53	192.168.2.4	1.1.1.1
May 27, 2024 15:15:06.089292049 CEST	63591	53	192.168.2.4	1.1.1.1
May 27, 2024 15:15:06.108361959 CEST	53	60724	1.1.1.1	192.168.2.4
May 27, 2024 15:15:06.108377934 CEST	53	63591	1.1.1.1	192.168.2.4
May 27, 2024 15:15:06.124553919 CEST	50719	53	192.168.2.4	1.1.1.1
May 27, 2024 15:15:06.124663115 CEST	49917	53	192.168.2.4	1.1.1.1
May 27, 2024 15:15:06.132818937 CEST	53	49917	1.1.1.1	192.168.2.4
May 27, 2024 15:15:06.132833958 CEST	53	50719	1.1.1.1	192.168.2.4
May 27, 2024 15:15:08.579056978 CEST	53	60935	1.1.1.1	192.168.2.4
May 27, 2024 15:15:08.753637075 CEST	138	138	192.168.2.4	192.168.2.255
May 27, 2024 15:15:11.599199057 CEST	58470	53	192.168.2.4	1.1.1.1
May 27, 2024 15:15:11.599442959 CEST	49654	53	192.168.2.4	1.1.1.1
May 27, 2024 15:15:11.608751059 CEST	53	49654	1.1.1.1	192.168.2.4
May 27, 2024 15:15:11.762634039 CEST	53	58470	1.1.1.1	192.168.2.4
May 27, 2024 15:15:11.763509035 CEST	51592	53	192.168.2.4	1.1.1.1
May 27, 2024 15:15:11.776679039 CEST	53	51592	1.1.1.1	192.168.2.4
May 27, 2024 15:15:27.663758039 CEST	53	65481	1.1.1.1	192.168.2.4
May 27, 2024 15:15:41.791418076 CEST	56597	53	192.168.2.4	1.1.1.1
May 27, 2024 15:15:41.798500061 CEST	56684	53	192.168.2.4	1.1.1.1
May 27, 2024 15:15:41.801038027 CEST	53	56597	1.1.1.1	192.168.2.4
May 27, 2024 15:15:41.808494091 CEST	53	56684	1.1.1.1	192.168.2.4
May 27, 2024 15:15:41.820656061 CEST	63307	53	192.168.2.4	1.1.1.1
May 27, 2024 15:15:41.830003977 CEST	53	63307	1.1.1.1	192.168.2.4
May 27, 2024 15:15:41.868666887 CEST	60332	53	192.168.2.4	1.1.1.1
May 27, 2024 15:15:41.869688034 CEST	53604	53	192.168.2.4	1.1.1.1
May 27, 2024 15:15:41.879113913 CEST	53	53604	1.1.1.1	192.168.2.4
May 27, 2024 15:15:41.881234884 CEST	53	60332	1.1.1.1	192.168.2.4
May 27, 2024 15:15:49.803462982 CEST	53	63544	1.1.1.1	192.168.2.4
May 27, 2024 15:15:50.401072979 CEST	53	56361	1.1.1.1	192.168.2.4
May 27, 2024 15:16:02.995031118 CEST	57858	53	192.168.2.4	1.1.1.1
May 27, 2024 15:16:03.005796909 CEST	53	57858	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
May 27, 2024 15:14:51.806911945 CEST	192.168.2.4	1.1.1.1	0x35a1	Standard query (0)	dmnt.informz.net	A (IP address)	IN (0x0001)	false
May 27, 2024 15:14:51.807094097 CEST	192.168.2.4	1.1.1.1	0x92	Standard query (0)	dmnt.informz.net	65	IN (0x0001)	false
May 27, 2024 15:14:52.654552937 CEST	192.168.2.4	1.1.1.1	0xff41	Standard query (0)	cdn.informz.net	A (IP address)	IN (0x0001)	false
May 27, 2024 15:14:52.654679060 CEST	192.168.2.4	1.1.1.1	0xb60f	Standard query (0)	cdn.informz.net	65	IN (0x0001)	false
May 27, 2024 15:14:54.166565895 CEST	192.168.2.4	1.1.1.1	0x1cc6	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
May 27, 2024 15:14:54.166686058 CEST	192.168.2.4	1.1.1.1	0x855a	Standard query (0)	www.google.com	65	IN (0x0001)	false
May 27, 2024 15:14:54.187990904 CEST	192.168.2.4	1.1.1.1	0xbd3b	Standard query (0)	cdn.informz.net	A (IP address)	IN (0x0001)	false
May 27, 2024 15:14:54.188307047 CEST	192.168.2.4	1.1.1.1	0x3616	Standard query (0)	cdn.informz.net	65	IN (0x0001)	false
May 27, 2024 15:14:54.497086048 CEST	192.168.2.4	1.1.1.1	0x20d4	Standard query (0)	dmnt.informz.net	A (IP address)	IN (0x0001)	false
May 27, 2024 15:14:54.497446060 CEST	192.168.2.4	1.1.1.1	0xe233	Standard query (0)	dmnt.informz.net	65	IN (0x0001)	false
May 27, 2024 15:15:04.756925106 CEST	192.168.2.4	1.1.1.1	0xe105	Standard query (0)	higherlogic.desk.com	A (IP address)	IN (0x0001)	false
May 27, 2024 15:15:04.765899897 CEST	192.168.2.4	1.1.1.1	0xb554	Standard query (0)	higherlogic.desk.com	65	IN (0x0001)	false
May 27, 2024 15:15:04.804219007 CEST	192.168.2.4	1.1.1.1	0xee98	Standard query (0)	higherlogic.desk.com	A (IP address)	IN (0x0001)	false
May 27, 2024 15:15:04.828250885 CEST	192.168.2.4	1.1.1.1	0xb93c	Standard query (0)	higherlogic.desk.com	A (IP address)	IN (0x0001)	false
May 27, 2024 15:15:04.828533888 CEST	192.168.2.4	1.1.1.1	0x9fe7	Standard query (0)	higherlogic.desk.com	65	IN (0x0001)	false
May 27, 2024 15:15:05.075546980 CEST	192.168.2.4	1.1.1.1	0x5b2	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
May 27, 2024 15:15:05.075930119 CEST	192.168.2.4	8.8.8.8	0x505c	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
May 27, 2024 15:15:06.088968039 CEST	192.168.2.4	1.1.1.1	0xd8b8	Standard query (0)	higherlogic.desk.com	A (IP address)	IN (0x0001)	false
May 27, 2024 15:15:06.089292049 CEST	192.168.2.4	1.1.1.1	0x9a	Standard query (0)	higherlogic.desk.com	65	IN (0x0001)	false
May 27, 2024 15:15:06.124553919 CEST	192.168.2.4	1.1.1.1	0x4186	Standard query (0)	higherlogic.desk.com	A (IP address)	IN (0x0001)	false
May 27, 2024 15:15:06.124663115 CEST	192.168.2.4	1.1.1.1	0xb49f	Standard query (0)	higherlogic.desk.com	65	IN (0x0001)	false
May 27, 2024 15:15:11.599199057 CEST	192.168.2.4	1.1.1.1	0xfce5	Standard query (0)	higherlogic.desk.com	A (IP address)	IN (0x0001)	false
May 27, 2024 15:15:11.599442959 CEST	192.168.2.4	1.1.1.1	0x7fd2	Standard query (0)	higherlogic.desk.com	65	IN (0x0001)	false
May 27, 2024 15:15:11.763509035 CEST	192.168.2.4	1.1.1.1	0xdf9c	Standard query (0)	higherlogic.desk.com	A (IP address)	IN (0x0001)	false
May 27, 2024 15:15:41.791418076 CEST	192.168.2.4	1.1.1.1	0x6ba9	Standard query (0)	higherlogic.desk.com	A (IP address)	IN (0x0001)	false
May 27, 2024 15:15:41.798500061 CEST	192.168.2.4	1.1.1.1	0x638d	Standard query (0)	higherlogic.desk.com	65	IN (0x0001)	false
May 27, 2024 15:15:41.820656061 CEST	192.168.2.4	1.1.1.1	0x9c72	Standard query (0)	higherlogic.desk.com	A (IP address)	IN (0x0001)	false
May 27, 2024 15:15:41.868666887 CEST	192.168.2.4	1.1.1.1	0x87c3	Standard query (0)	higherlogic.desk.com	A (IP address)	IN (0x0001)	false
May 27, 2024 15:15:41.869688034 CEST	192.168.2.4	1.1.1.1	0xfb89	Standard query (0)	higherlogic.desk.com	65	IN (0x0001)	false
May 27, 2024 15:16:02.995031118 CEST	192.168.2.4	1.1.1.1	0x78dc	Standard query (0)	higherlogic.desk.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
May 27, 2024 15:14:51.828334093 CEST	1.1.1.1	192.168.2.4	0x35a1	No error (0)	dmnt.informz.net	iz-web-1095024495.us-east-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
May 27, 2024 15:14:51.828334093 CEST	1.1.1.1	192.168.2.4	0x35a1	No error (0)	iz-web-1095024495.us-east-1.elb.amazonaws.com		54.209.6.213	A (IP address)	IN (0x0001)	false
May 27, 2024 15:14:51.828334093 CEST	1.1.1.1	192.168.2.4	0x35a1	No error (0)	iz-web-1095024495.us-east-1.elb.amazonaws.com		34.202.171.146	A (IP address)	IN (0x0001)	false
May 27, 2024 15:14:51.828711033 CEST	1.1.1.1	192.168.2.4	0x92	No error (0)	dmnt.informz.net	iz-web-1095024495.us-east-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
May 27, 2024 15:14:52.668665886 CEST	1.1.1.1	192.168.2.4	0xff41	No error (0)	cdn.informz.net	damauigwuz6v2.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
May 27, 2024 15:14:52.668665886 CEST	1.1.1.1	192.168.2.4	0xff41	No error (0)	damauigwuz6v2.cloudfront.net		13.32.27.34	A (IP address)	IN (0x0001)	false
May 27, 2024 15:14:52.668665886 CEST	1.1.1.1	192.168.2.4	0xff41	No error (0)	damauigwuz6v2.cloudfront.net		13.32.27.77	A (IP address)	IN (0x0001)	false
May 27, 2024 15:14:52.668665886 CEST	1.1.1.1	192.168.2.4	0xff41	No error (0)	damauigwuz6v2.cloudfront.net		13.32.27.91	A (IP address)	IN (0x0001)	false
May 27, 2024 15:14:52.668665886 CEST	1.1.1.1	192.168.2.4	0xff41	No error (0)	damauigwuz6v2.cloudfront.net		13.32.27.88	A (IP address)	IN (0x0001)	false
May 27, 2024 15:14:52.678600073 CEST	1.1.1.1	192.168.2.4	0xb60f	No error (0)	cdn.informz.net	damauigwuz6v2.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
May 27, 2024 15:14:54.173706055 CEST	1.1.1.1	192.168.2.4	0x1cc6	No error (0)	www.google.com		216.58.206.68	A (IP address)	IN (0x0001)	false
May 27, 2024 15:14:54.173847914 CEST	1.1.1.1	192.168.2.4	0x855a	No error (0)	www.google.com			65	IN (0x0001)	false
May 27, 2024 15:14:54.199079990 CEST	1.1.1.1	192.168.2.4	0x3616	No error (0)	cdn.informz.net	damauigwuz6v2.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
May 27, 2024 15:14:54.226438999 CEST	1.1.1.1	192.168.2.4	0xbd3b	No error (0)	cdn.informz.net	damauigwuz6v2.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
May 27, 2024 15:14:54.226438999 CEST	1.1.1.1	192.168.2.4	0xbd3b	No error (0)	damauigwuz6v2.cloudfront.net		13.32.27.91	A (IP address)	IN (0x0001)	false
May 27, 2024 15:14:54.226438999 CEST	1.1.1.1	192.168.2.4	0xbd3b	No error (0)	damauigwuz6v2.cloudfront.net		13.32.27.77	A (IP address)	IN (0x0001)	false
May 27, 2024 15:14:54.226438999 CEST	1.1.1.1	192.168.2.4	0xbd3b	No error (0)	damauigwuz6v2.cloudfront.net		13.32.27.34	A (IP address)	IN (0x0001)	false
May 27, 2024 15:14:54.226438999 CEST	1.1.1.1	192.168.2.4	0xbd3b	No error (0)	damauigwuz6v2.cloudfront.net		13.32.27.88	A (IP address)	IN (0x0001)	false
May 27, 2024 15:14:54.518388033 CEST	1.1.1.1	192.168.2.4	0xe233	No error (0)	dmnt.informz.net	iz-web-1095024495.us-east-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
May 27, 2024 15:14:54.529596090 CEST	1.1.1.1	192.168.2.4	0x20d4	No error (0)	dmnt.informz.net	iz-web-1095024495.us-east-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
May 27, 2024 15:14:54.529596090 CEST	1.1.1.1	192.168.2.4	0x20d4	No error (0)	iz-web-1095024495.us-east-1.elb.amazonaws.com		54.209.6.213	A (IP address)	IN (0x0001)	false
May 27, 2024 15:14:54.529596090 CEST	1.1.1.1	192.168.2.4	0x20d4	No error (0)	iz-web-1095024495.us-east-1.elb.amazonaws.com		34.202.171.146	A (IP address)	IN (0x0001)	false
May 27, 2024 15:15:04.768230915 CEST	1.1.1.1	192.168.2.4	0xe105	Name error (3)	higherlogic.desk.com	none	none	A (IP address)	IN (0x0001)	false
May 27, 2024 15:15:04.778656960 CEST	1.1.1.1	192.168.2.4	0xb554	Name error (3)	higherlogic.desk.com	none	none	65	IN (0x0001)	false
May 27, 2024 15:15:04.812923908 CEST	1.1.1.1	192.168.2.4	0xee98	Name error (3)	higherlogic.desk.com	none	none	A (IP address)	IN (0x0001)	false
May 27, 2024 15:15:04.836318016 CEST	1.1.1.1	192.168.2.4	0xb93c	Name error (3)	higherlogic.desk.com	none	none	A (IP address)	IN (0x0001)	false
May 27, 2024 15:15:04.836770058 CEST	1.1.1.1	192.168.2.4	0x9fe7	Name error (3)	higherlogic.desk.com	none	none	65	IN (0x0001)	false
May 27, 2024 15:15:05.082423925 CEST	8.8.8.8	192.168.2.4	0x505c	No error (0)	google.com		142.250.147.100	A (IP address)	IN (0x0001)	false
May 27, 2024 15:15:05.082423925 CEST	8.8.8.8	192.168.2.4	0x505c	No error (0)	google.com		142.250.147.101	A (IP address)	IN (0x0001)	false
May 27, 2024 15:15:05.082423925 CEST	8.8.8.8	192.168.2.4	0x505c	No error (0)	google.com		142.250.147.139	A (IP address)	IN (0x0001)	false
May 27, 2024 15:15:05.082423925 CEST	8.8.8.8	192.168.2.4	0x505c	No error (0)	google.com		142.250.147.138	A (IP address)	IN (0x0001)	false
May 27, 2024 15:15:05.082423925 CEST	8.8.8.8	192.168.2.4	0x505c	No error (0)	google.com		142.250.147.102	A (IP address)	IN (0x0001)	false
May 27, 2024 15:15:05.082423925 CEST	8.8.8.8	192.168.2.4	0x505c	No error (0)	google.com		142.250.147.113	A (IP address)	IN (0x0001)	false
May 27, 2024 15:15:05.082720041 CEST	1.1.1.1	192.168.2.4	0x5b2	No error (0)	google.com		172.217.16.206	A (IP address)	IN (0x0001)	false
May 27, 2024 15:15:06.108361959 CEST	1.1.1.1	192.168.2.4	0xd8b8	Name error (3)	higherlogic.desk.com	none	none	A (IP address)	IN (0x0001)	false
May 27, 2024 15:15:06.108377934 CEST	1.1.1.1	192.168.2.4	0x9a	Name error (3)	higherlogic.desk.com	none	none	65	IN (0x0001)	false
May 27, 2024 15:15:06.132818937 CEST	1.1.1.1	192.168.2.4	0xb49f	Name error (3)	higherlogic.desk.com	none	none	65	IN (0x0001)	false
May 27, 2024 15:15:06.132833958 CEST	1.1.1.1	192.168.2.4	0x4186	Name error (3)	higherlogic.desk.com	none	none	A (IP address)	IN (0x0001)	false
May 27, 2024 15:15:07.639368057 CEST	1.1.1.1	192.168.2.4	0xb1a3	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
May 27, 2024 15:15:07.639368057 CEST	1.1.1.1	192.168.2.4	0xb1a3	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
May 27, 2024 15:15:11.608751059 CEST	1.1.1.1	192.168.2.4	0x7fd2	Name error (3)	higherlogic.desk.com	none	none	65	IN (0x0001)	false
May 27, 2024 15:15:11.762634039 CEST	1.1.1.1	192.168.2.4	0xfce5	Name error (3)	higherlogic.desk.com	none	none	A (IP address)	IN (0x0001)	false
May 27, 2024 15:15:11.776679039 CEST	1.1.1.1	192.168.2.4	0xdf9c	Name error (3)	higherlogic.desk.com	none	none	A (IP address)	IN (0x0001)	false
May 27, 2024 15:15:41.801038027 CEST	1.1.1.1	192.168.2.4	0x6ba9	Name error (3)	higherlogic.desk.com	none	none	A (IP address)	IN (0x0001)	false
May 27, 2024 15:15:41.808494091 CEST	1.1.1.1	192.168.2.4	0x638d	Name error (3)	higherlogic.desk.com	none	none	65	IN (0x0001)	false
May 27, 2024 15:15:41.830003977 CEST	1.1.1.1	192.168.2.4	0x9c72	Name error (3)	higherlogic.desk.com	none	none	A (IP address)	IN (0x0001)	false
May 27, 2024 15:15:41.879113913 CEST	1.1.1.1	192.168.2.4	0xfb89	Name error (3)	higherlogic.desk.com	none	none	65	IN (0x0001)	false
May 27, 2024 15:15:41.881234884 CEST	1.1.1.1	192.168.2.4	0x87c3	Name error (3)	higherlogic.desk.com	none	none	A (IP address)	IN (0x0001)	false
May 27, 2024 15:16:03.005796909 CEST	1.1.1.1	192.168.2.4	0x78dc	Name error (3)	higherlogic.desk.com	none	none	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

dmnt.informz.net

https:

cdn.informz.net

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	54.209.6.213	443	1352	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-27 13:14:52 UTC	730	OUT	GET /z/cjuucd9tat00mtgzntu4jna9msz1ptqymjg0nzu2nszsat00njuyode1nq/index.html HTTP/1.1 Host: dmnt.informz.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-27 13:14:52 UTC	1253	IN	HTTP/1.1 200 OK Date: Mon, 27 May 2024 13:14:52 GMT Content-Type: text/html Content-Length: 1070 Connection: close Set-Cookie: AWSALBTG=tfz0xQRFSLDhmk2QpiILqo2To6S2Pr3N9BRuig6X89HmITe2OFjKJkAh2t8BULibNUKvfCXOu70t2RoKgghxxE/cvsWaYWu7YtCuN7Hjy1u4Nkz3lY+hB1BXSm/hU7Y4AQ7geaELiagiYARDpiZsTVE/T5Q9Kryfvo/bkIiLYfYzp+ZGLig=; Expires=Mon, 03 Jun 2024 13:14:52 GMT; Path=/ Set-Cookie: AWSALBTGCORS=tfz0xQRFSLDhmk2QpiILqo2To6S2Pr3N9BRuig6X89HmITe2OFjKJkAh2t8BULibNUKvfCXOu70t2RoKgghxxE/cvsWaYWu7YtCuN7Hjy1u4Nkz3lY+hB1BXSm/hU7Y4AQ7geaELiagiYARDpiZsTVE/T5Q9Kryfvo/bkIiLYfYzp+ZGLig=; Expires=Mon, 03 Jun 2024 13:14:52 GMT; Path=/; SameSite=None; Secure Set-Cookie: AWSALB=MACs3pQYdaqCt2yr+wIowk80/41A7VB4pmUmGFXIEGu50ZnDuuDHbj226OyG3qqw4BwJYAHSn0ktSa+VcJlBNke8wYDV1ItItoyEWKhUUg7rCYZ8zcr+FDesdQE4; Expires=Mon, 03 Jun 2024 13:14:52 GMT; Path=/ Set-Cookie: AWSALBCORS=MACs3pQYdaqCt2yr+wIowk80/41A7VB4pmUmGFXIEGu50ZnDuuDHbj226OyG3qqw4BwJYAHSn0ktSa+VcJlBNke8wYDV1ItItoyEWKhUUg7rCYZ8zcr+FDesdQE4; Expires=Mon, 03 Jun 2024 13:14:52 GMT; Path=/; SameSite=None; Secure Cache-Control: private Server: Microsoft-IIS/10.0 Set-Cookie: ASPSESSIONIDCAQCTDQC=CIIEKAMBBFPHEJOPEHAGMMLF; path=/ Strict-Transport-Security: max-age=86400 Access-Control-Allow-Origin: *
2024-05-27 13:14:52 UTC	1070	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 72 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 57 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0d 0a 3c 53 54 59 4c 45 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 42 4f 44 59 20 7b 20 66 6f 6e 74 3a 20 31 65 6d 20 76 65 72 Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252"><STYLE type="text/css"> BODY { font: 1em ver

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49739	13.32.27.34	443	1352	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-27 13:14:53 UTC	604	OUT	GET /Admin31/images/HL_Logotype.png HTTP/1.1 Host: cdn.informz.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://dmnt.informz.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-27 13:14:53 UTC	526	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 20227 Connection: close Date: Sun, 26 May 2024 20:35:29 GMT Last-Modified: Thu, 09 May 2024 00:57:56 GMT Accept-Ranges: bytes ETag: "02afedaba1da1:0" Server: Microsoft-IIS/10.0 Strict-Transport-Security: max-age=86400 Access-Control-Allow-Origin: * X-Cache: Hit from cloudfront Via: 1.1 3d58896f901dbeed449603f5d2b4d9f0.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA56-C2 X-Amz-Cf-Id: IROT-50VRVXxDJSqlw54Aeg2pjTR5lR6wWDQjJSFX_T2QOdlB_SRZg== Age: 59963
2024-05-27 13:14:53 UTC	15858	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 2c 00 00 00 32 08 06 00 00 01 91 d1 d6 bc 00 00 00 09 70 48 59 73 00 00 2e 23 00 00 2e 23 01 78 a5 3f 76 00 00 37 be 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 34 32 20 37 39 2e 31 36 30 39 32 34 2c 20 32 30 31 37 2f 30 37 2f 31 33 2d 30 31 3a 30 36 3a 33 39 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 Data Ascii: PNGIHDR,2pHYs.#.#x?v7iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RD
2024-05-27 13:14:53 UTC	3330	IN	Data Raw: e7 e7 ab fe fd f1 c5 21 95 1d b2 87 b7 22 e2 75 7b 6f 85 94 fd b6 4d 5f 3d ec c6 71 36 c1 23 33 dd 73 9c 08 e5 ca b9 0d 3a 0d ca a4 30 5c 38 38 d8 87 d5 85 fd 19 35 e1 a6 b2 ae 80 c9 b1 6e e8 ff 1c ca 92 05 00 88 23 00 c0 e5 fd f1 c5 c9 e7 e7 ab 07 e4 37 a8 07 d5 8a ea 15 88 da 74 50 35 f0 7f b1 41 d3 00 e4 36 d1 21 4d e7 03 94 d9 f7 ae 7d 4e 2d 69 3e ca 03 b6 27 66 cb c4 e2 f5 91 d6 b4 af e9 98 98 69 62 b6 9c c8 d0 bb 46 be 5e b5 86 7a f6 e7 50 8b 00 63 a3 bc be b7 84 68 d4 75 24 94 d9 f3 08 4a 96 1a 34 20 69 ce ca bd d0 47 33 05 f0 1f a3 df 1e 80 c4 b9 60 48 d6 bf 8e 98 2d 0f 82 51 90 c4 51 0c 00 4f f7 c7 17 29 19 e6 3b c8 5f e8 90 ea dc 02 d8 49 86 d8 14 f4 05 1e 48 e5 eb ac 0d 71 b7 96 55 8a d3 6d a6 1f 0b 2e 1d e9 13 07 7d 07 34 18 c6 40 f6 62 2b a7 Data Ascii: !"u{oM_=q6#3s:0\885n#7tP5A6!M}N-i>'fibF^zPchu$J4 iG3`H-QQO);_IHqUm.}4@b+
2024-05-27 13:14:53 UTC	1039	IN	Data Raw: 1f 4b b6 d1 f1 bf 0c 9b aa 6f 4d 6c 26 9c 09 1e 49 f7 41 6f 7d 5a 28 b2 ba 00 6c 03 d9 ec f0 37 00 d9 0e e7 13 7a b7 ce d5 4b e4 7e 47 9b 80 af 9a 6b e6 78 04 b7 80 d0 87 7a 1e 9b f6 b3 11 c4 6c b9 92 a1 77 08 f7 8a 65 17 ca 0e de a4 b9 01 d4 b3 91 60 47 3b 6d 15 9a 23 43 cf 97 f6 03 d1 12 f6 5b 00 78 88 a3 f8 5a a8 23 04 26 62 b6 bc 21 66 f5 84 f2 cc f3 cd d2 4f 57 ee f1 70 bb 8f 0a 7a 3e 07 28 6e ef bf 0b 16 f8 49 ec 7a 24 7d ba 24 7f 01 25 c9 8c df 8c 20 93 00 35 e6 0f b0 1f 8d 61 48 8c 30 b5 f4 a3 8f a4 d8 97 bf 59 8a 2d 68 26 29 6e 5f 74 0c 85 71 5a 44 41 c2 32 fc 21 32 55 84 e5 4f c0 18 8d 0c 3d 69 34 f8 15 65 15 62 1c 47 f1 57 da cb 11 71 14 8f 61 d1 b7 f9 76 80 c4 a4 9e d8 35 60 cc 2a 86 27 6d 82 f7 b5 57 ec 05 f4 bc cf d9 aa d7 17 34 13 d5 17 a8 Data Ascii: KoMl&IAo}Z(l7zK~Gkxzlwe`G;m#C[xZ#&b!fOWpz>(nIz$}$% 5aH0Y-h&)n_tqZDA2!2UO=i4ebGWqav5`*'mW4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49735	54.209.6.213	443	1352	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-27 13:14:54 UTC	1370	OUT	GET /favicon.ico HTTP/1.1 Host: dmnt.informz.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://dmnt.informz.net/z/cjuucd9tat00mtgzntu4jna9msz1ptqymjg0nzu2nszsat00njuyode1nq/index.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AWSALBTG=tfz0xQRFSLDhmk2QpiILqo2To6S2Pr3N9BRuig6X89HmITe2OFjKJkAh2t8BULibNUKvfCXOu70t2RoKgghxxE/cvsWaYWu7YtCuN7Hjy1u4Nkz3lY+hB1BXSm/hU7Y4AQ7geaELiagiYARDpiZsTVE/T5Q9Kryfvo/bkIiLYfYzp+ZGLig=; AWSALBTGCORS=tfz0xQRFSLDhmk2QpiILqo2To6S2Pr3N9BRuig6X89HmITe2OFjKJkAh2t8BULibNUKvfCXOu70t2RoKgghxxE/cvsWaYWu7YtCuN7Hjy1u4Nkz3lY+hB1BXSm/hU7Y4AQ7geaELiagiYARDpiZsTVE/T5Q9Kryfvo/bkIiLYfYzp+ZGLig=; AWSALB=MACs3pQYdaqCt2yr+wIowk80/41A7VB4pmUmGFXIEGu50ZnDuuDHbj226OyG3qqw4BwJYAHSn0ktSa+VcJlBNke8wYDV1ItItoyEWKhUUg7rCYZ8zcr+FDesdQE4; AWSALBCORS=MACs3pQYdaqCt2yr+wIowk80/41A7VB4pmUmGFXIEGu50ZnDuuDHbj226OyG3qqw4BwJYAHSn0ktSa+VcJlBNke8wYDV1ItItoyEWKhUUg7rCYZ8zcr+FDesdQE4; ASPSESSIONIDCAQCTDQC=CIIEKAMBBFPHEJOPEHAGMMLF
2024-05-27 13:14:54 UTC	1227	IN	HTTP/1.1 200 OK Date: Mon, 27 May 2024 13:14:54 GMT Content-Type: image/x-icon Content-Length: 77894 Connection: close Set-Cookie: AWSALBTG=g4inHgVGu/33F7h7trWabuONrspmKKn/mMpKIkLnEV4dk1CpD3P/ZEOkEneKE/dXt10HpIJxXlCJHUVhKMWW2K9tGN2dCl/tZNCPlZjONL9iaxaMh5mhhWKXon4Zu1N6GXKCdqOQWNPeo0NEx4gmBG7QR53cOfP2ZJ2whU5YCPIXCouTPTk=; Expires=Mon, 03 Jun 2024 13:14:54 GMT; Path=/ Set-Cookie: AWSALBTGCORS=g4inHgVGu/33F7h7trWabuONrspmKKn/mMpKIkLnEV4dk1CpD3P/ZEOkEneKE/dXt10HpIJxXlCJHUVhKMWW2K9tGN2dCl/tZNCPlZjONL9iaxaMh5mhhWKXon4Zu1N6GXKCdqOQWNPeo0NEx4gmBG7QR53cOfP2ZJ2whU5YCPIXCouTPTk=; Expires=Mon, 03 Jun 2024 13:14:54 GMT; Path=/; SameSite=None; Secure Set-Cookie: AWSALB=4C0WYsraGTWdDU9eg4+BfdetoPN8kmLYlO2rh0/zsln3d+28cnWMe6vNLXjphZJD0PvwbgdC7c7dwP6x3WICLVTFTuQE4wwglaKkdKqLH7ypcq0uMRxfIlESOqyO; Expires=Mon, 03 Jun 2024 13:14:54 GMT; Path=/ Set-Cookie: AWSALBCORS=4C0WYsraGTWdDU9eg4+BfdetoPN8kmLYlO2rh0/zsln3d+28cnWMe6vNLXjphZJD0PvwbgdC7c7dwP6x3WICLVTFTuQE4wwglaKkdKqLH7ypcq0uMRxfIlESOqyO; Expires=Mon, 03 Jun 2024 13:14:54 GMT; Path=/; SameSite=None; Secure Last-Modified: Thu, 09 May 2024 00:57:56 GMT Accept-Ranges: bytes ETag: "02afedaba1da1:0" Server: Microsoft-IIS/10.0 Strict-Transport-Security: max-age=86400
2024-05-27 13:14:54 UTC	15157	IN	Data Raw: 00 00 01 00 01 00 85 8d 00 00 01 00 20 00 30 30 01 00 16 00 00 00 28 00 00 00 85 00 00 00 1a 01 00 00 01 00 20 00 00 00 00 00 04 25 01 00 11 17 00 00 11 17 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 7b 77 75 90 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b Data Ascii: 00( %{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{
2024-05-27 13:14:54 UTC	16384	IN	Data Raw: 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff Data Ascii:
2024-05-27 13:14:54 UTC	957	IN	Data Raw: 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 28 7b f4 80 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 40 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 28 7b f4 40 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b Data Ascii: ({({({({({({({({({({({({({({({({({({({@({@({({({({({({({
2024-05-27 13:14:54 UTC	16384	IN	Data Raw: ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 7b 77 75 c0 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 28 7b f4 80 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 d0 28 7b f4 c0 28 7b f4 c0 28 7b f4 c0 28 7b f4 c0 28 7b f4 Data Ascii: {wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu({({({({({({({({({({({({({({({({({({({({({({({({
2024-05-27 13:14:54 UTC	16384	IN	Data Raw: ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 7b 77 75 40 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 80 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff Data Ascii: {wu@{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu
2024-05-27 13:14:54 UTC	12628	IN	Data Raw: 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 d0 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 80 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff Data Ascii: {wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49742	54.209.6.213	443	1352	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-27 13:14:55 UTC	1062	OUT	GET /favicon.ico HTTP/1.1 Host: dmnt.informz.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: ASPSESSIONIDCAQCTDQC=CIIEKAMBBFPHEJOPEHAGMMLF; AWSALBTG=g4inHgVGu/33F7h7trWabuONrspmKKn/mMpKIkLnEV4dk1CpD3P/ZEOkEneKE/dXt10HpIJxXlCJHUVhKMWW2K9tGN2dCl/tZNCPlZjONL9iaxaMh5mhhWKXon4Zu1N6GXKCdqOQWNPeo0NEx4gmBG7QR53cOfP2ZJ2whU5YCPIXCouTPTk=; AWSALBTGCORS=g4inHgVGu/33F7h7trWabuONrspmKKn/mMpKIkLnEV4dk1CpD3P/ZEOkEneKE/dXt10HpIJxXlCJHUVhKMWW2K9tGN2dCl/tZNCPlZjONL9iaxaMh5mhhWKXon4Zu1N6GXKCdqOQWNPeo0NEx4gmBG7QR53cOfP2ZJ2whU5YCPIXCouTPTk=; AWSALB=4C0WYsraGTWdDU9eg4+BfdetoPN8kmLYlO2rh0/zsln3d+28cnWMe6vNLXjphZJD0PvwbgdC7c7dwP6x3WICLVTFTuQE4wwglaKkdKqLH7ypcq0uMRxfIlESOqyO; AWSALBCORS=4C0WYsraGTWdDU9eg4+BfdetoPN8kmLYlO2rh0/zsln3d+28cnWMe6vNLXjphZJD0PvwbgdC7c7dwP6x3WICLVTFTuQE4wwglaKkdKqLH7ypcq0uMRxfIlESOqyO
2024-05-27 13:14:55 UTC	1227	IN	HTTP/1.1 200 OK Date: Mon, 27 May 2024 13:14:55 GMT Content-Type: image/x-icon Content-Length: 77894 Connection: close Set-Cookie: AWSALBTG=l4Zpn2UfmxMieNnoCIjjBzUxjkM1uhvAhWOgv40hCZY/3jdLLvP+Q/Qoklyl6D6XgbKx8cVRcjn2vQVqu/fiR845FSlZwtqFga3enSWRBpKt1m4QcuAiQ0D/0g7S7FRPImwtGsj1BMacu4Q/5EK0WZTjZ87epJ4c1YwPpjwuISmm3rhAREg=; Expires=Mon, 03 Jun 2024 13:14:55 GMT; Path=/ Set-Cookie: AWSALBTGCORS=l4Zpn2UfmxMieNnoCIjjBzUxjkM1uhvAhWOgv40hCZY/3jdLLvP+Q/Qoklyl6D6XgbKx8cVRcjn2vQVqu/fiR845FSlZwtqFga3enSWRBpKt1m4QcuAiQ0D/0g7S7FRPImwtGsj1BMacu4Q/5EK0WZTjZ87epJ4c1YwPpjwuISmm3rhAREg=; Expires=Mon, 03 Jun 2024 13:14:55 GMT; Path=/; SameSite=None; Secure Set-Cookie: AWSALB=4jvF6tLHi5CFyY3XhFWk9RyJZz4aE4yzreLY+uHC9K18xNXiSrdpoewZxRw7VKd81vxFEN5zxVyWxUQRPzFqRWKSz/DgIPrJYn03sUdZ2rNydZERkmov1CXqtdlG; Expires=Mon, 03 Jun 2024 13:14:55 GMT; Path=/ Set-Cookie: AWSALBCORS=4jvF6tLHi5CFyY3XhFWk9RyJZz4aE4yzreLY+uHC9K18xNXiSrdpoewZxRw7VKd81vxFEN5zxVyWxUQRPzFqRWKSz/DgIPrJYn03sUdZ2rNydZERkmov1CXqtdlG; Expires=Mon, 03 Jun 2024 13:14:55 GMT; Path=/; SameSite=None; Secure Last-Modified: Thu, 09 May 2024 00:57:56 GMT Accept-Ranges: bytes ETag: "02afedaba1da1:0" Server: Microsoft-IIS/10.0 Strict-Transport-Security: max-age=86400
2024-05-27 13:14:55 UTC	15157	IN	Data Raw: 00 00 01 00 01 00 85 8d 00 00 01 00 20 00 30 30 01 00 16 00 00 00 28 00 00 00 85 00 00 00 1a 01 00 00 01 00 20 00 00 00 00 00 04 25 01 00 11 17 00 00 11 17 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 7b 77 75 90 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b Data Ascii: 00( %{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{
2024-05-27 13:14:55 UTC	16384	IN	Data Raw: 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff Data Ascii:
2024-05-27 13:14:55 UTC	957	IN	Data Raw: 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 28 7b f4 80 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 40 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 28 7b f4 40 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b Data Ascii: ({({({({({({({({({({({({({({({({({({({@({@({({({({({({({
2024-05-27 13:14:55 UTC	16384	IN	Data Raw: ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 7b 77 75 c0 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 28 7b f4 80 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 ff 28 7b f4 d0 28 7b f4 c0 28 7b f4 c0 28 7b f4 c0 28 7b f4 c0 28 7b f4 Data Ascii: {wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu({({({({({({({({({({({({({({({({({({({({({({({({
2024-05-27 13:14:55 UTC	16384	IN	Data Raw: ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 7b 77 75 40 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 80 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff Data Ascii: {wu@{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu
2024-05-27 13:14:55 UTC	12628	IN	Data Raw: 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 c0 7b 77 75 d0 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 ff 7b 77 75 80 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff Data Ascii: {wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu{wu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49741	13.32.27.91	443	1352	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-27 13:14:55 UTC	369	OUT	GET /Admin31/images/HL_Logotype.png HTTP/1.1 Host: cdn.informz.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-27 13:14:55 UTC	526	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 20227 Connection: close Date: Sun, 26 May 2024 20:35:29 GMT Last-Modified: Thu, 09 May 2024 00:57:56 GMT Accept-Ranges: bytes ETag: "02afedaba1da1:0" Server: Microsoft-IIS/10.0 Strict-Transport-Security: max-age=86400 Access-Control-Allow-Origin: * X-Cache: Hit from cloudfront Via: 1.1 e6959f77d21557f69683da8f0cd5578a.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA56-C2 X-Amz-Cf-Id: qPPdUFSnDG9EFuCD08Wl9w6tMaA37PJ6EAMYOlIrt_mSr78UOqc-Sw== Age: 59965
2024-05-27 13:14:55 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 2c 00 00 00 32 08 06 00 00 01 91 d1 d6 bc 00 00 00 09 70 48 59 73 00 00 2e 23 00 00 2e 23 01 78 a5 3f 76 00 00 37 be 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 34 32 20 37 39 2e 31 36 30 39 32 34 2c 20 32 30 31 37 2f 30 37 2f 31 33 2d 30 31 3a 30 36 3a 33 39 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 Data Ascii: PNGIHDR,2pHYs.#.#x?v7iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RD
2024-05-27 13:14:55 UTC	3843	IN	Data Raw: 3a 14 b5 f8 b7 a3 5d 58 6d f1 6a b0 3a 28 57 81 64 22 1f 6d cc 53 0b 0b 32 99 dd 15 34 67 82 64 a0 ef 46 f2 56 6b 84 2d 7e 5c 6c 34 b0 68 50 69 9b c5 80 65 1d 02 78 0a 46 c1 91 59 a7 c5 cf 09 3d b0 9a 44 54 00 6a 30 75 50 5e 27 fb 8e 9a a0 c8 f7 80 76 c6 dd 93 41 f4 43 63 9b 7b 25 2d be 03 b5 f4 b6 da b2 df 2e 98 cd d2 44 53 8e 65 5b 51 cf b0 6d a0 98 61 8a 70 2e da 02 48 c4 6c d9 ab 71 77 c9 ac db 16 0c 69 99 ca 6c b7 60 b8 b5 b9 8b 34 5c 56 d2 b6 b6 3a f7 1a a7 6d af ea de 2c 65 05 dc 2e 42 b6 68 1a 5d 4f 1b ac 4b 59 dc ea 5e f3 5e 5c 6d 2c c4 6c 79 aa 39 56 c1 d1 4f b2 2d 3b 76 85 dc 61 eb 90 2d fa 7a 81 7b 50 01 6a 89 a7 ff 36 d4 54 e2 45 ee 18 34 48 cf d5 35 a8 00 15 bb 52 c8 97 a1 a7 63 43 5c 7d 9b b1 23 b6 7e eb da e8 f3 7e 4d 0f d2 27 bd c6 46 c6 Data Ascii: :]Xmj:(Wd"mS24gdFVk-~\l4hPiexFY=DTj0uP^'vACc{%-.DSe[Qmap.Hlqwil`4\V:m,e.Bh]OKY^^\m,ly9VO-;va-z{Pj6TE4H5RcC\}#~~M'F

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49743	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-05-27 13:14:55 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-27 13:14:55 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=183259 Date: Mon, 27 May 2024 13:14:55 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49745	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-05-27 13:14:56 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-27 13:14:56 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=183341 Date: Mon, 27 May 2024 13:14:56 GMT Content-Length: 55 Connection: close X-CID: 2
2024-05-27 13:14:56 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5600, Parent PID: 3524

General

Target ID:	0
Start time:	09:14:45
Start date:	27/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 1352, Parent PID: 5600

General

Target ID:	2
Start time:	09:14:48
Start date:	27/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=2040,i,11142821751341047707,16034589024948396542,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6408, Parent PID: 3524

General

Target ID:	3
Start time:	09:14:50
Start date:	27/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://dmnt.informz.net/z/cjuucd9tat00mtgzntu4jna9msz1ptqymjg0nzu2nszsat00njuyode1nq/index.html"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://dmnt.informz.net/z/cjuucd9tat00mtgzntu4jna9msz1ptqymjg0nzu2nszsat00njuyode1nq/index.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 45

Chrome Cache Entry: 46

Chrome Cache Entry: 47

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5600, Parent PID: 3524

General

Chronological Activities

Analysis Process: chrome.exePID: 1352, Parent PID: 5600

General

Chronological Activities

Analysis Process: chrome.exePID: 6408, Parent PID: 3524

General

Chronological Activities

Windows Analysis Report
https://dmnt.informz.net/z/cjuucd9tat00mtgzntu4jna9msz1ptqymjg0nzu2nszsat00njuyode1nq/index.html