Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://url2243.ascglobal1.com/wf/unsubscribe?upn=u001.TAfzpudJaCZjXK3j9fXGIERNnwdnPY4msovOSyNH3zirAzehZYRj0keZMPdSu7lZ7F6TiGZWHp8EEcM7-2FPm0Ke4rZuTNDpcR5jvzMJ8j-2FCsQRg4iHcg2D71t9PahSsD5G2D-2F9Us2LZ6gGIveFGOO-2B5L6O098LVbu-2FXFfz4wGJA51Yeizdm9cjBfajrF-2B2hgzDr-2FnK8Co0cqcEPJq-2FLJP9ofIr19CtU6lXVW-2F

Overview

General Information

Sample URL:http://url2243.ascglobal1.com/wf/unsubscribe?upn=u001.TAfzpudJaCZjXK3j9fXGIERNnwdnPY4msovOSyNH3zirAzehZYRj0keZMPdSu7lZ7F6TiGZWHp8EEcM7-2FPm0Ke4rZuTNDpcR5jvzMJ8j-2FCsQRg4iHcg2D71t9PahSsD5G2D-2F9Us2LZ6g
Analysis ID:1579931
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Stores files to the Windows start menu directory

Classification

  • System is w10x64_ra
  • chrome.exe (PID: 7060 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6420 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2020,i,18058770588087424931,17871744551188134426,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 3812 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://url2243.ascglobal1.com/wf/unsubscribe?upn=u001.TAfzpudJaCZjXK3j9fXGIERNnwdnPY4msovOSyNH3zirAzehZYRj0keZMPdSu7lZ7F6TiGZWHp8EEcM7-2FPm0Ke4rZuTNDpcR5jvzMJ8j-2FCsQRg4iHcg2D71t9PahSsD5G2D-2F9Us2LZ6gGIveFGOO-2B5L6O098LVbu-2FXFfz4wGJA51Yeizdm9cjBfajrF-2B2hgzDr-2FnK8Co0cqcEPJq-2FLJP9ofIr19CtU6lXVW-2FUuWEaLRFRucNBU4nlfxlJwyQG51E3zbZrMqAyUHjW-2FFOZbhjWLtJthZFXCJFgDBEaEK4c0ao1wzVr5WusISZ6QTDXOQbo0Hruce6B1MabT2Q2BNvMk6El-2F2uu-2FvIQ6MHxsBIT7rwXv25bfgEQcplqqWdpP4jitL9lxfL0-2FBlm5AWJTpPop-2FhYeFt6gJGvkBPwxFcqRbCPe28KY4vEwhVvpqHB3OrJ3U25IRI2Ztf17K8E-2BiR01X-2B46kVkRQuJXRJbwzPQ-2BqJ1Sxi6yfRGiWsL7nviyWCMhGFwveInx5CgDc-2FgoXIbNwjxgC1VoOtiKOc9pU-2BFrsLKAAntWT3vY0C3nrbPzqnImvmwcE1nqxPFxjtHaDIHte7alcKWEP9ZdtK5USDcTl24SrIUdhncPbP0ERzaBoezbOY3-2F8mHBnzupraLmgY1IwRAotoISmQSaqpO-2BSe-2BdKibbap86-2BBBuZGO0X3C29mNzVGfDx-2BtL3sxYnIwOKmIkU0-2BRP7TBOZ3PptL2eNkHC1nn4BW-2BTsRA1NcQPFi6k5MtpgDh7v89Ln5wcpK-2BEbk46MopNFLbUCbVVhI8MfmnL1Ky9KphTpTbUApHwh9G-2BBIMD-2FkInms8D5PMvhCWJIj-2BeWwWkoqXP4oODP9gT9aF-2BsfFG40kV82BhExNZoJSnfUoRm607AvRi77Yl3gPmxIPz4JPZKQE6fjXXOtezy3dbb-2BlwbCroN3YfdwU835bFJsoPdvYCJLaa1-2BZeEA4Ila7f8SjW6mmUHZTqduMR-2FPyA4i-2FaQRMqU2ielMgAslBfnZg3ABS7uenoZZSDAx5LxYc29y0WhdvpjWxKZ80DMVcg-3D" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: http://url2243.ascglobal1.com/wf/unsubscribe?upn=u001.TAfzpudJaCZjXK3j9fXGIERNnwdnPY4msovOSyNH3zirAzehZYRj0keZMPdSu7lZ7F6TiGZWHp8EEcM7-2FPm0Ke4rZuTNDpcR5jvzMJ8j-2FCsQRg4iHcg2D71t9PahSsD5G2D-2F9Us2LZ6gGIveFGOO-2B5L6O098LVbu-2FXFfz4wGJA51Yeizdm9cjBfajrF-2B2hgzDr-2FnK8Co0cqcEPJq-2FLJP9ofIr19CtU6lXVW-2FUuWEaLRFRucNBU4nlfxlJwyQG51E3zbZrMqAyUHjW-2FFOZbhjWLtJthZFXCJFgDBEaEK4c0ao1wzVr5WusISZ6QTDXOQbo0Hruce6B1MabT2Q2BNvMk6El-2F2uu-2FvIQ6MHxsBIT7rwXv25bfgEQcplqqWdpP4jitL9lxfL0-2FBlm5AWJTpPop-2FhYeFt6gJGvkBPwxFcqRbCPe28KY4vEwhVvpqHB3OrJ3U25IRI2Ztf17K8E-2BiR01X-2B46kVkRQuJXRJbwzPQ-2BqJ1Sxi6yfRGiWsL7nviyWCMhGFwveInx5CgDc-2FgoXIbNwjxgC1VoOtiKOc9pU-2BFrsLKAAntWT3vY0C3nrbPzqnImvmwcE1nqxPFxjtHaDIHte7alcKWEP9ZdtK5USDcTl24SrIUdhncPbP0ERzaBoezbOY3-2F8mHBnzupraLmgY1IwRAotoISmQSaqpO-2BSe-2BdKibbap86-2BBBuZGO0X3C29mNzVGfDx-2BtL3sxYnIwOKmIkU0-2BRP7TBOZ3PptL2eNkHC1nn4BW-2BTsRA1NcQPFi6k5MtpgDh7v89Ln5wcpK-2BEbk46MopNFLbUCbVVhI8MfmnL1Ky9KphTpTbUApHwh9G-2BBIMD-2FkInms8D5PMvhCWJIj-2BeWwWkoqXP4oODP9gT9aF-2BsfFG40kV82BhExNZoJSnfUoRm607AvRi7...HTTP Parser: No favicon
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /wf/unsubscribe?upn=u001.TAfzpudJaCZjXK3j9fXGIERNnwdnPY4msovOSyNH3zirAzehZYRj0keZMPdSu7lZ7F6TiGZWHp8EEcM7-2FPm0Ke4rZuTNDpcR5jvzMJ8j-2FCsQRg4iHcg2D71t9PahSsD5G2D-2F9Us2LZ6gGIveFGOO-2B5L6O098LVbu-2FXFfz4wGJA51Yeizdm9cjBfajrF-2B2hgzDr-2FnK8Co0cqcEPJq-2FLJP9ofIr19CtU6lXVW-2FUuWEaLRFRucNBU4nlfxlJwyQG51E3zbZrMqAyUHjW-2FFOZbhjWLtJthZFXCJFgDBEaEK4c0ao1wzVr5WusISZ6QTDXOQbo0Hruce6B1MabT2Q2BNvMk6El-2F2uu-2FvIQ6MHxsBIT7rwXv25bfgEQcplqqWdpP4jitL9lxfL0-2FBlm5AWJTpPop-2FhYeFt6gJGvkBPwxFcqRbCPe28KY4vEwhVvpqHB3OrJ3U25IRI2Ztf17K8E-2BiR01X-2B46kVkRQuJXRJbwzPQ-2BqJ1Sxi6yfRGiWsL7nviyWCMhGFwveInx5CgDc-2FgoXIbNwjxgC1VoOtiKOc9pU-2BFrsLKAAntWT3vY0C3nrbPzqnImvmwcE1nqxPFxjtHaDIHte7alcKWEP9ZdtK5USDcTl24SrIUdhncPbP0ERzaBoezbOY3-2F8mHBnzupraLmgY1IwRAotoISmQSaqpO-2BSe-2BdKibbap86-2BBBuZGO0X3C29mNzVGfDx-2BtL3sxYnIwOKmIkU0-2BRP7TBOZ3PptL2eNkHC1nn4BW-2BTsRA1NcQPFi6k5MtpgDh7v89Ln5wcpK-2BEbk46MopNFLbUCbVVhI8MfmnL1Ky9KphTpTbUApHwh9G-2BBIMD-2FkInms8D5PMvhCWJIj-2BeWwWkoqXP4oODP9gT9aF-2BsfFG40kV82BhExNZoJSnfUoRm607AvRi77Yl3gPmxIPz4JPZKQE6fjXXOtezy3dbb-2BlwbCroN3YfdwU835bFJsoPdvYCJLaa1-2BZeEA4Ila7f8SjW6mmUHZTqduMR-2FPyA4i-2FaQRMqU2ielMgAslBfnZg3ABS7uenoZZSDAx5LxYc29y0WhdvpjWxKZ80DMVcg-3D HTTP/1.1Host: url2243.ascglobal1.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: url2243.ascglobal1.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://url2243.ascglobal1.com/wf/unsubscribe?upn=u001.TAfzpudJaCZjXK3j9fXGIERNnwdnPY4msovOSyNH3zirAzehZYRj0keZMPdSu7lZ7F6TiGZWHp8EEcM7-2FPm0Ke4rZuTNDpcR5jvzMJ8j-2FCsQRg4iHcg2D71t9PahSsD5G2D-2F9Us2LZ6gGIveFGOO-2B5L6O098LVbu-2FXFfz4wGJA51Yeizdm9cjBfajrF-2B2hgzDr-2FnK8Co0cqcEPJq-2FLJP9ofIr19CtU6lXVW-2FUuWEaLRFRucNBU4nlfxlJwyQG51E3zbZrMqAyUHjW-2FFOZbhjWLtJthZFXCJFgDBEaEK4c0ao1wzVr5WusISZ6QTDXOQbo0Hruce6B1MabT2Q2BNvMk6El-2F2uu-2FvIQ6MHxsBIT7rwXv25bfgEQcplqqWdpP4jitL9lxfL0-2FBlm5AWJTpPop-2FhYeFt6gJGvkBPwxFcqRbCPe28KY4vEwhVvpqHB3OrJ3U25IRI2Ztf17K8E-2BiR01X-2B46kVkRQuJXRJbwzPQ-2BqJ1Sxi6yfRGiWsL7nviyWCMhGFwveInx5CgDc-2FgoXIbNwjxgC1VoOtiKOc9pU-2BFrsLKAAntWT3vY0C3nrbPzqnImvmwcE1nqxPFxjtHaDIHte7alcKWEP9ZdtK5USDcTl24SrIUdhncPbP0ERzaBoezbOY3-2F8mHBnzupraLmgY1IwRAotoISmQSaqpO-2BSe-2BdKibbap86-2BBBuZGO0X3C29mNzVGfDx-2BtL3sxYnIwOKmIkU0-2BRP7TBOZ3PptL2eNkHC1nn4BW-2BTsRA1NcQPFi6k5MtpgDh7v89Ln5wcpK-2BEbk46MopNFLbUCbVVhI8MfmnL1Ky9KphTpTbUApHwh9G-2BBIMD-2FkInms8D5PMvhCWJIj-2BeWwWkoqXP4oODP9gT9aF-2BsfFG40kV82BhExNZoJSnfUoRm607AvRi77Yl3gPmxIPz4JPZKQE6fjXXOtezy3dbb-2BlwbCroN3YfdwU835bFJsoPdvYCJLaa1-2BZeEA4Ila7f8SjW6mmUHZTqduMR-2FPyA4i-2FaQRMqU2ielMgAslBfnZg3ABS7uenoZZSDAx5LxYc29y0WhdvpjWxKZ80DMVcg-3DAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: url2243.ascglobal1.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 23 Dec 2024 14:46:47 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: classification engineClassification label: clean0.win@17/10@4/4
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2020,i,18058770588087424931,17871744551188134426,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://url2243.ascglobal1.com/wf/unsubscribe?upn=u001.TAfzpudJaCZjXK3j9fXGIERNnwdnPY4msovOSyNH3zirAzehZYRj0keZMPdSu7lZ7F6TiGZWHp8EEcM7-2FPm0Ke4rZuTNDpcR5jvzMJ8j-2FCsQRg4iHcg2D71t9PahSsD5G2D-2F9Us2LZ6gGIveFGOO-2B5L6O098LVbu-2FXFfz4wGJA51Yeizdm9cjBfajrF-2B2hgzDr-2FnK8Co0cqcEPJq-2FLJP9ofIr19CtU6lXVW-2FUuWEaLRFRucNBU4nlfxlJwyQG51E3zbZrMqAyUHjW-2FFOZbhjWLtJthZFXCJFgDBEaEK4c0ao1wzVr5WusISZ6QTDXOQbo0Hruce6B1MabT2Q2BNvMk6El-2F2uu-2FvIQ6MHxsBIT7rwXv25bfgEQcplqqWdpP4jitL9lxfL0-2FBlm5AWJTpPop-2FhYeFt6gJGvkBPwxFcqRbCPe28KY4vEwhVvpqHB3OrJ3U25IRI2Ztf17K8E-2BiR01X-2B46kVkRQuJXRJbwzPQ-2BqJ1Sxi6yfRGiWsL7nviyWCMhGFwveInx5CgDc-2FgoXIbNwjxgC1VoOtiKOc9pU-2BFrsLKAAntWT3vY0C3nrbPzqnImvmwcE1nqxPFxjtHaDIHte7alcKWEP9ZdtK5USDcTl24SrIUdhncPbP0ERzaBoezbOY3-2F8mHBnzupraLmgY1IwRAotoISmQSaqpO-2BSe-2BdKibbap86-2BBBuZGO0X3C29mNzVGfDx-2BtL3sxYnIwOKmIkU0-2BRP7TBOZ3PptL2eNkHC1nn4BW-2BTsRA1NcQPFi6k5MtpgDh7v89Ln5wcpK-2BEbk46MopNFLbUCbVVhI8MfmnL1Ky9KphTpTbUApHwh9G-2BBIMD-2FkInms8D5PMvhCWJIj-2BeWwWkoqXP4oODP9gT9aF-2BsfFG40kV82BhExNZoJSnfUoRm607AvRi77Yl3gPmxIPz4JPZKQE6fjXXOtezy3dbb-2BlwbCroN3YfdwU835bFJsoPdvYCJLaa1-2BZeEA4Ila7f8SjW6mmUHZTqduMR-2FPyA4i-2FaQRMqU2ielMgAslBfnZg3ABS7uenoZZSDAx5LxYc29y0WhdvpjWxKZ80DMVcg-3D"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2020,i,18058770588087424931,17871744551188134426,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder
1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder
1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
http://url2243.ascglobal1.com/wf/unsubscribe?upn=u001.TAfzpudJaCZjXK3j9fXGIERNnwdnPY4msovOSyNH3zirAzehZYRj0keZMPdSu7lZ7F6TiGZWHp8EEcM7-2FPm0Ke4rZuTNDpcR5jvzMJ8j-2FCsQRg4iHcg2D71t9PahSsD5G2D-2F9Us2LZ6gGIveFGOO-2B5L6O098LVbu-2FXFfz4wGJA51Yeizdm9cjBfajrF-2B2hgzDr-2FnK8Co0cqcEPJq-2FLJP9ofIr19CtU6lXVW-2FUuWEaLRFRucNBU4nlfxlJwyQG51E3zbZrMqAyUHjW-2FFOZbhjWLtJthZFXCJFgDBEaEK4c0ao1wzVr5WusISZ6QTDXOQbo0Hruce6B1MabT2Q2BNvMk6El-2F2uu-2FvIQ6MHxsBIT7rwXv25bfgEQcplqqWdpP4jitL9lxfL0-2FBlm5AWJTpPop-2FhYeFt6gJGvkBPwxFcqRbCPe28KY4vEwhVvpqHB3OrJ3U25IRI2Ztf17K8E-2BiR01X-2B46kVkRQuJXRJbwzPQ-2BqJ1Sxi6yfRGiWsL7nviyWCMhGFwveInx5CgDc-2FgoXIbNwjxgC1VoOtiKOc9pU-2BFrsLKAAntWT3vY0C3nrbPzqnImvmwcE1nqxPFxjtHaDIHte7alcKWEP9ZdtK5USDcTl24SrIUdhncPbP0ERzaBoezbOY3-2F8mHBnzupraLmgY1IwRAotoISmQSaqpO-2BSe-2BdKibbap86-2BBBuZGO0X3C29mNzVGfDx-2BtL3sxYnIwOKmIkU0-2BRP7TBOZ3PptL2eNkHC1nn4BW-2BTsRA1NcQPFi6k5MtpgDh7v89Ln5wcpK-2BEbk46MopNFLbUCbVVhI8MfmnL1Ky9KphTpTbUApHwh9G-2BBIMD-2FkInms8D5PMvhCWJIj-2BeWwWkoqXP4oODP9gT9aF-2BsfFG40kV82BhExNZoJSnfUoRm607AvRi77Yl3gPmxIPz4JPZKQE6fjXXOtezy3dbb-2BlwbCroN3YfdwU835bFJsoPdvYCJLaa1-2BZeEA4Ila7f8SjW6mmUHZTqduMR-2FPyA4i-2FaQRMqU2ielMgAslBfnZg3ABS7uenoZZSDAx5LxYc29y0WhdvpjWxKZ80DMVcg-3D0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://url2243.ascglobal1.com/favicon.ico0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
sendgrid.net
167.89.115.78
truefalse
    high
    www.google.com
    172.217.21.36
    truefalse
      high
      url2243.ascglobal1.com
      unknown
      unknownfalse
        unknown
        NameMaliciousAntivirus DetectionReputation
        http://url2243.ascglobal1.com/favicon.icofalse
        • Avira URL Cloud: safe
        unknown
        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs
        IPDomainCountryFlagASNASN NameMalicious
        239.255.255.250
        unknownReserved
        unknownunknownfalse
        172.217.21.36
        www.google.comUnited States
        15169GOOGLEUSfalse
        167.89.115.78
        sendgrid.netUnited States
        11377SENDGRIDUSfalse
        IP
        192.168.2.16
        Joe Sandbox version:41.0.0 Charoite
        Analysis ID:1579931
        Start date and time:2024-12-23 15:46:19 +01:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 3m 17s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:defaultwindowsinteractivecookbook.jbs
        Sample URL:http://url2243.ascglobal1.com/wf/unsubscribe?upn=u001.TAfzpudJaCZjXK3j9fXGIERNnwdnPY4msovOSyNH3zirAzehZYRj0keZMPdSu7lZ7F6TiGZWHp8EEcM7-2FPm0Ke4rZuTNDpcR5jvzMJ8j-2FCsQRg4iHcg2D71t9PahSsD5G2D-2F9Us2LZ6gGIveFGOO-2B5L6O098LVbu-2FXFfz4wGJA51Yeizdm9cjBfajrF-2B2hgzDr-2FnK8Co0cqcEPJq-2FLJP9ofIr19CtU6lXVW-2FUuWEaLRFRucNBU4nlfxlJwyQG51E3zbZrMqAyUHjW-2FFOZbhjWLtJthZFXCJFgDBEaEK4c0ao1wzVr5WusISZ6QTDXOQbo0Hruce6B1MabT2Q2BNvMk6El-2F2uu-2FvIQ6MHxsBIT7rwXv25bfgEQcplqqWdpP4jitL9lxfL0-2FBlm5AWJTpPop-2FhYeFt6gJGvkBPwxFcqRbCPe28KY4vEwhVvpqHB3OrJ3U25IRI2Ztf17K8E-2BiR01X-2B46kVkRQuJXRJbwzPQ-2BqJ1Sxi6yfRGiWsL7nviyWCMhGFwveInx5CgDc-2FgoXIbNwjxgC1VoOtiKOc9pU-2BFrsLKAAntWT3vY0C3nrbPzqnImvmwcE1nqxPFxjtHaDIHte7alcKWEP9ZdtK5USDcTl24SrIUdhncPbP0ERzaBoezbOY3-2F8mHBnzupraLmgY1IwRAotoISmQSaqpO-2BSe-2BdKibbap86-2BBBuZGO0X3C29mNzVGfDx-2BtL3sxYnIwOKmIkU0-2BRP7TBOZ3PptL2eNkHC1nn4BW-2BTsRA1NcQPFi6k5MtpgDh7v89Ln5wcpK-2BEbk46MopNFLbUCbVVhI8MfmnL1Ky9KphTpTbUApHwh9G-2BBIMD-2FkInms8D5PMvhCWJIj-2BeWwWkoqXP4oODP9gT9aF-2BsfFG40kV82BhExNZoJSnfUoRm607AvRi77Yl3gPmxIPz4JPZKQE6fjXXOtezy3dbb-2BlwbCroN3YfdwU835bFJsoPdvYCJLaa1-2BZeEA4Ila7f8SjW6mmUHZTqduMR-2FPyA4i-2FaQRMqU2ielMgAslBfnZg3ABS7uenoZZSDAx5LxYc29y0WhdvpjWxKZ80DMVcg-3D
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:14
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Detection:CLEAN
        Classification:clean0.win@17/10@4/4
        EGA Information:Failed
        HCA Information:
        • Successful, ratio: 100%
        • Number of executed functions: 0
        • Number of non-executed functions: 0
        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 172.217.19.227, 172.217.19.238, 64.233.161.84, 142.250.181.142, 199.232.210.172, 172.217.17.35, 172.217.19.206, 23.218.208.109, 4.175.87.197
        • Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
        • Not all processes where analyzed, report is missing behavior information
        • VT rate limit hit for: http://url2243.ascglobal1.com/wf/unsubscribe?upn=u001.TAfzpudJaCZjXK3j9fXGIERNnwdnPY4msovOSyNH3zirAzehZYRj0keZMPdSu7lZ7F6TiGZWHp8EEcM7-2FPm0Ke4rZuTNDpcR5jvzMJ8j-2FCsQRg4iHcg2D71t9PahSsD5G2D-2F9Us2LZ6gGIveFGOO-2B5L6O098LVbu-2FXFfz4wGJA51Yeizdm9cjBfajrF-2B2hgzDr-2FnK8Co0cqcEPJq-2FLJP9ofIr19CtU6lXVW-2FUuWEaLRFRucNBU4nlfxlJwyQG51E3zbZrMqAyUHjW-2FFOZbhjWLtJthZFXCJFgDBEaEK4c0ao1wzVr5WusISZ6QTDXOQbo0Hruce6B1MabT2Q2BNvMk6El-2F2uu-2FvIQ6MHxsBIT7rwXv25bfgEQcplqqWdpP4jitL9lxfL0-2FBlm5AWJTpPop-2FhYeFt6gJGvkBPwxFcqRbCPe28KY4vEwhVvpqHB3OrJ3U25IRI2Ztf17K8E-2BiR01X-2B46kVkRQuJXRJbwzPQ-2BqJ1Sxi6yfRGiWsL7nviyWCMhGFwveInx5CgDc-2FgoXIbNwjxgC1VoOtiKOc9pU-2BFrsLKAAntWT3vY0C3nrbPzqnImvmwcE1nqxPFxjtHaDIHte7alcKWEP9ZdtK5USDcTl24SrIUdhncPbP0ERzaBoezbOY3-2F8mHBnzupraLmgY1IwRAotoISmQSaqpO-2BSe-2BdKibbap86-2BBBuZGO0X3C29mNzVGfDx-2BtL3sxYnIwOKmIkU0-2BRP7TBOZ3PptL2eNkHC1nn4BW-2BTsRA1NcQPFi6k5MtpgDh7v89Ln5wcpK-2BEbk46MopNFLbUCbVVhI8MfmnL1Ky9KphTpTbUApHwh9G-2BBIMD-2FkInms8D5PMvhCWJIj-2BeWwWkoqXP4oODP9gT9aF-2BsfFG40kV8
        No simulations
        No context
        No context
        No context
        No context
        No context
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 23 13:46:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2673
        Entropy (8bit):3.9873352453262267
        Encrypted:false
        SSDEEP:48:8sdwT0oQH+idAKZdA1FehwiZUklqehBy+3:83PVKy
        MD5:FE56E290F8F752BE8A4CD1C8895A9216
        SHA1:DBDDF546C8E690E65625413FFF8A29D89D8AD08A
        SHA-256:FB79ED5AE261556A2B2630AF742A141E5F4CBD8AE28699F0BBC5653856F079B4
        SHA-512:BBB51DE4B98526B6BF1F89531BC77009012EA93EEAE296CA06D3C5FAD45D667A8923CB2CAC7258609DB133A32F226312EB3F4E785A8F51C503815B94301AF338
        Malicious:false
        Reputation:low
        Preview:L..................F.@.. ...$+.,......o}IU..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.u....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.u....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.u....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.u..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.u...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............\q~.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 23 13:46:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2675
        Entropy (8bit):4.003949269268406
        Encrypted:false
        SSDEEP:48:8HDdwT0oQH+idAKZdA1seh/iZUkAQkqeh6y+2:8HOPL9Qzy
        MD5:F20035A0E2CC9EEE973FA790EF93A84B
        SHA1:E87FF577D88E1C82749A79FACE308FBBAEF7D6D2
        SHA-256:8194B4A1E1D5D3838C5850AF5BF1BA0390B0AFC6A6104575168A5411C6190F9D
        SHA-512:997D32082A4F6510D5E11CF41FEE98128F083B278C6BCE6E526D737063ACE62161F428858F765A16192CF3DD09B26FA55C59C87F2AC5710F0665F10179559CE9
        Malicious:false
        Reputation:low
        Preview:L..................F.@.. ...$+.,......d}IU..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.u....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.u....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.u....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.u..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.u...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............\q~.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2689
        Entropy (8bit):4.012272037630843
        Encrypted:false
        SSDEEP:48:8VdwT0oAH+idAKZdA14meh7sFiZUkmgqeh7sEy+BX:8YPvnmy
        MD5:01CDAE3567D98D09AAB4C797B25A0BB7
        SHA1:E1F65571066EE15BEDA2109F79218F85E4D0443C
        SHA-256:2DA8179F070B2115B2760D1E31D710DB4B0761020263FA0063D13FD8CB66EEA4
        SHA-512:E5D6C85A5D787646C37555BE7A6617A7714E06C2B00A39D5A2E8C990CCD1388BA73DA01A3AD23534B8DB50BDA486E70DD8A5375CDDD24E46461C1F215635F526
        Malicious:false
        Reputation:low
        Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.u....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.u....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.u....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.u..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............\q~.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 23 13:46:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2677
        Entropy (8bit):4.003732107487902
        Encrypted:false
        SSDEEP:48:8GdwT0oQH+idAKZdA1TehDiZUkwqehOy+R:8xPYMy
        MD5:AD41CA1BF87C047066D366C22DA4C2CC
        SHA1:1D3D5105C94C863ED3EE77AD81D5941BE09B26AA
        SHA-256:750092667CAE2F0FD5EDC570E75659C9484790A828DE0C21ECED0C3FC7BD7E74
        SHA-512:E8CF51D387D8497EC8D3A659281CB5A360603D6DD500461618E34FB4158A29B7044AB1BEC2CD5B6582F6A7D84FF123F1D16FF93C37390C2D93A0DE1D2AAB36DD
        Malicious:false
        Reputation:low
        Preview:L..................F.@.. ...$+.,.....v^}IU..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.u....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.u....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.u....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.u..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.u...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............\q~.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 23 13:46:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2677
        Entropy (8bit):3.991279309942707
        Encrypted:false
        SSDEEP:48:8mAdwT0oQH+idAKZdA1dehBiZUk1W1qehQy+C:8mjPo9wy
        MD5:E281F69488A45574642DE3BE013152C2
        SHA1:4E902C11E8FB10124D4924EE5E5FB1B7F9C0BF70
        SHA-256:E693E2564B06EA0975757E7571DEDD090DFDCDDC3C4076C1BE5836963ADCD5CC
        SHA-512:AD63AE7C6485EADD16D0D7C7525B4D6BA2E89FB0E17902B34BBCE81DF7B8492151786ACEB13D46761292A99AE48D6FD0BCAD058A4FF2BF877AF4282E3C16CAF6
        Malicious:false
        Reputation:low
        Preview:L..................F.@.. ...$+.,......j}IU..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.u....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.u....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.u....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.u..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.u...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............\q~.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 23 13:46:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2679
        Entropy (8bit):3.996252778052492
        Encrypted:false
        SSDEEP:48:8odwT0oQH+idAKZdA1duTeehOuTbbiZUk5OjqehOuTbmy+yT+:8rPaTfTbxWOvTbmy7T
        MD5:46442131805E7C8A5F638F7F4FF07216
        SHA1:B1A45FFAEDC86DEA1AC418843D03F75A58CAD67E
        SHA-256:F8FEF6F6AD61236BC2577A16524A8CA9F385CE9150173E2CC039CFEA4E2043C1
        SHA-512:472182664D0489045AAEA6D1BC0A1A870B90BB3E13904AF9DCBA5829C5B926C28D95CFBCE28FB3EF62E108FC4EC81912488C612354BDD2547B2CD63BF26F4240
        Malicious:false
        Reputation:low
        Preview:L..................F.@.. ...$+.,....V9V}IU..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.u....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.u....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.u....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.u..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.u...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............\q~.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:HTML document, ASCII text, with no line terminators
        Category:downloaded
        Size (bytes):170
        Entropy (8bit):4.396812571220626
        Encrypted:false
        SSDEEP:3:qVZxgROUrBsTGAKaqR1XbZ6iMisTGAKaGbZ6LXwL2R0EAuFWQmK8+m7qb+j:qzxUBBsbKakX966sbKa1RFjXmK8AI
        MD5:5B0427F979E3FECA0239D0DF203152AE
        SHA1:CE11330B948D9E5C8B26545E206AC18857B78BF8
        SHA-256:2D5E52C5772C54287D6DFFCD28DE97FB76B7B2867FB9A3B3484970675412BFB0
        SHA-512:1BBFBA6DFA18E70D8F7ABC4D510DD778BBAA5E2369EA2F15E738C12C087670986458C08E9F7662E814A9CC0E00EE93E623F4233338E1E21BC2172B6556DBBE7D
        Malicious:false
        Reputation:low
        URL:http://url2243.ascglobal1.com/wf/unsubscribe?upn=u001.TAfzpudJaCZjXK3j9fXGIERNnwdnPY4msovOSyNH3zirAzehZYRj0keZMPdSu7lZ7F6TiGZWHp8EEcM7-2FPm0Ke4rZuTNDpcR5jvzMJ8j-2FCsQRg4iHcg2D71t9PahSsD5G2D-2F9Us2LZ6gGIveFGOO-2B5L6O098LVbu-2FXFfz4wGJA51Yeizdm9cjBfajrF-2B2hgzDr-2FnK8Co0cqcEPJq-2FLJP9ofIr19CtU6lXVW-2FUuWEaLRFRucNBU4nlfxlJwyQG51E3zbZrMqAyUHjW-2FFOZbhjWLtJthZFXCJFgDBEaEK4c0ao1wzVr5WusISZ6QTDXOQbo0Hruce6B1MabT2Q2BNvMk6El-2F2uu-2FvIQ6MHxsBIT7rwXv25bfgEQcplqqWdpP4jitL9lxfL0-2FBlm5AWJTpPop-2FhYeFt6gJGvkBPwxFcqRbCPe28KY4vEwhVvpqHB3OrJ3U25IRI2Ztf17K8E-2BiR01X-2B46kVkRQuJXRJbwzPQ-2BqJ1Sxi6yfRGiWsL7nviyWCMhGFwveInx5CgDc-2FgoXIbNwjxgC1VoOtiKOc9pU-2BFrsLKAAntWT3vY0C3nrbPzqnImvmwcE1nqxPFxjtHaDIHte7alcKWEP9ZdtK5USDcTl24SrIUdhncPbP0ERzaBoezbOY3-2F8mHBnzupraLmgY1IwRAotoISmQSaqpO-2BSe-2BdKibbap86-2BBBuZGO0X3C29mNzVGfDx-2BtL3sxYnIwOKmIkU0-2BRP7TBOZ3PptL2eNkHC1nn4BW-2BTsRA1NcQPFi6k5MtpgDh7v89Ln5wcpK-2BEbk46MopNFLbUCbVVhI8MfmnL1Ky9KphTpTbUApHwh9G-2BBIMD-2FkInms8D5PMvhCWJIj-2BeWwWkoqXP4oODP9gT9aF-2BsfFG40kV82BhExNZoJSnfUoRm607AvRi77Yl3gPmxIPz4JPZKQE6fjXXOtezy3dbb-2BlwbCroN3YfdwU835bFJsoPdvYCJLaa1-2BZeEA4Ila7f8SjW6mmUHZTqduMR-2FPyA4i-2FaQRMqU2ielMgAslBfnZg3ABS7uenoZZSDAx5LxYc29y0WhdvpjWxKZ80DMVcg-3D
        Preview:<html><head><title>Unsubscribe successful</title></head><body><h1>Unsubscribe successful</h1><p>Your unsubscribe request has been successfully accepted!</p></body></html>
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:HTML document, ASCII text, with CRLF line terminators
        Category:downloaded
        Size (bytes):564
        Entropy (8bit):4.72971822420855
        Encrypted:false
        SSDEEP:12:TjeRHdHiHZdtklI5r8INGlTF5TF5TF5TF5TF5TFK:neRH988DTPTPTPTPTPTc
        MD5:8E325DC2FEA7C8900FC6C4B8C6C394FE
        SHA1:1B3291D4EEA179C84145B2814CB53E6A506EC201
        SHA-256:0B52C5338AF355699530A47683420E48C7344E779D3E815FF9943CBFDC153CF2
        SHA-512:084C608F1F860FB08EF03B155658EA9988B3628D3C0F0E9561FDFF930E5912004CDDBCC43B1FA90C21FE7F5A481AC47C64B8CAA066C2BDF3CF533E152BF96C14
        Malicious:false
        Reputation:low
        URL:http://url2243.ascglobal1.com/favicon.ico
        Preview:<html>..<head><title>404 Not Found</title></head>..<body bgcolor="white">..<center><h1>404 Not Found</h1></center>..<hr><center>nginx</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..
        No static file info
        TimestampSource PortDest PortSource IPDest IP
        Dec 23, 2024 15:46:46.150650024 CET4969780192.168.2.16167.89.115.78
        Dec 23, 2024 15:46:46.151098013 CET4969880192.168.2.16167.89.115.78
        Dec 23, 2024 15:46:46.270286083 CET8049697167.89.115.78192.168.2.16
        Dec 23, 2024 15:46:46.270421028 CET4969780192.168.2.16167.89.115.78
        Dec 23, 2024 15:46:46.270616055 CET8049698167.89.115.78192.168.2.16
        Dec 23, 2024 15:46:46.270687103 CET4969880192.168.2.16167.89.115.78
        Dec 23, 2024 15:46:46.270987034 CET4969780192.168.2.16167.89.115.78
        Dec 23, 2024 15:46:46.391379118 CET8049697167.89.115.78192.168.2.16
        Dec 23, 2024 15:46:46.391501904 CET8049697167.89.115.78192.168.2.16
        Dec 23, 2024 15:46:47.374762058 CET8049697167.89.115.78192.168.2.16
        Dec 23, 2024 15:46:47.419497967 CET4969780192.168.2.16167.89.115.78
        Dec 23, 2024 15:46:47.424426079 CET4969780192.168.2.16167.89.115.78
        Dec 23, 2024 15:46:47.544214964 CET8049697167.89.115.78192.168.2.16
        Dec 23, 2024 15:46:47.544292927 CET8049697167.89.115.78192.168.2.16
        Dec 23, 2024 15:46:47.783201933 CET8049697167.89.115.78192.168.2.16
        Dec 23, 2024 15:46:47.833456993 CET4969780192.168.2.16167.89.115.78
        Dec 23, 2024 15:46:48.678961992 CET49673443192.168.2.16204.79.197.203
        Dec 23, 2024 15:46:48.983704090 CET49673443192.168.2.16204.79.197.203
        Dec 23, 2024 15:46:49.590526104 CET49673443192.168.2.16204.79.197.203
        Dec 23, 2024 15:46:49.778476000 CET49699443192.168.2.16172.217.21.36
        Dec 23, 2024 15:46:49.778541088 CET44349699172.217.21.36192.168.2.16
        Dec 23, 2024 15:46:49.778626919 CET49699443192.168.2.16172.217.21.36
        Dec 23, 2024 15:46:49.778918982 CET49699443192.168.2.16172.217.21.36
        Dec 23, 2024 15:46:49.778937101 CET44349699172.217.21.36192.168.2.16
        Dec 23, 2024 15:46:50.794451952 CET49673443192.168.2.16204.79.197.203
        Dec 23, 2024 15:46:51.480933905 CET44349699172.217.21.36192.168.2.16
        Dec 23, 2024 15:46:51.481331110 CET49699443192.168.2.16172.217.21.36
        Dec 23, 2024 15:46:51.481359959 CET44349699172.217.21.36192.168.2.16
        Dec 23, 2024 15:46:51.483095884 CET44349699172.217.21.36192.168.2.16
        Dec 23, 2024 15:46:51.483187914 CET49699443192.168.2.16172.217.21.36
        Dec 23, 2024 15:46:51.484709024 CET49699443192.168.2.16172.217.21.36
        Dec 23, 2024 15:46:51.484817982 CET44349699172.217.21.36192.168.2.16
        Dec 23, 2024 15:46:51.529464960 CET49699443192.168.2.16172.217.21.36
        Dec 23, 2024 15:46:51.529478073 CET44349699172.217.21.36192.168.2.16
        Dec 23, 2024 15:46:51.576529026 CET49699443192.168.2.16172.217.21.36
        Dec 23, 2024 15:46:53.207465887 CET49673443192.168.2.16204.79.197.203
        Dec 23, 2024 15:46:53.276227951 CET4968980192.168.2.16192.229.211.108
        Dec 23, 2024 15:46:56.843811989 CET49678443192.168.2.1620.189.173.10
        Dec 23, 2024 15:46:57.146488905 CET49678443192.168.2.1620.189.173.10
        Dec 23, 2024 15:46:57.754493952 CET49678443192.168.2.1620.189.173.10
        Dec 23, 2024 15:46:58.010520935 CET49673443192.168.2.16204.79.197.203
        Dec 23, 2024 15:46:58.968597889 CET49678443192.168.2.1620.189.173.10
        Dec 23, 2024 15:47:01.181320906 CET44349699172.217.21.36192.168.2.16
        Dec 23, 2024 15:47:01.181425095 CET44349699172.217.21.36192.168.2.16
        Dec 23, 2024 15:47:01.181550026 CET49699443192.168.2.16172.217.21.36
        Dec 23, 2024 15:47:01.312843084 CET4968080192.168.2.16192.229.211.108
        Dec 23, 2024 15:47:01.376487017 CET49678443192.168.2.1620.189.173.10
        Dec 23, 2024 15:47:01.616482973 CET4968080192.168.2.16192.229.211.108
        Dec 23, 2024 15:47:02.224479914 CET4968080192.168.2.16192.229.211.108
        Dec 23, 2024 15:47:03.121377945 CET49699443192.168.2.16172.217.21.36
        Dec 23, 2024 15:47:03.121404886 CET44349699172.217.21.36192.168.2.16
        Dec 23, 2024 15:47:03.439572096 CET4968080192.168.2.16192.229.211.108
        Dec 23, 2024 15:47:05.846477032 CET4968080192.168.2.16192.229.211.108
        Dec 23, 2024 15:47:06.191483974 CET49678443192.168.2.1620.189.173.10
        Dec 23, 2024 15:47:07.613487959 CET49673443192.168.2.16204.79.197.203
        Dec 23, 2024 15:47:10.647526979 CET4968080192.168.2.16192.229.211.108
        Dec 23, 2024 15:47:15.791553020 CET49678443192.168.2.1620.189.173.10
        Dec 23, 2024 15:47:20.262573957 CET4968080192.168.2.16192.229.211.108
        Dec 23, 2024 15:47:31.283571959 CET4969880192.168.2.16167.89.115.78
        Dec 23, 2024 15:47:31.403296947 CET8049698167.89.115.78192.168.2.16
        Dec 23, 2024 15:47:32.785783052 CET4969780192.168.2.16167.89.115.78
        Dec 23, 2024 15:47:32.905666113 CET8049697167.89.115.78192.168.2.16
        Dec 23, 2024 15:47:47.123684883 CET4969880192.168.2.16167.89.115.78
        Dec 23, 2024 15:47:47.176480055 CET8049698167.89.115.78192.168.2.16
        Dec 23, 2024 15:47:47.176568985 CET4969880192.168.2.16167.89.115.78
        Dec 23, 2024 15:47:47.244836092 CET8049698167.89.115.78192.168.2.16
        Dec 23, 2024 15:47:49.697993994 CET49710443192.168.2.16172.217.21.36
        Dec 23, 2024 15:47:49.698036909 CET44349710172.217.21.36192.168.2.16
        Dec 23, 2024 15:47:49.698179960 CET49710443192.168.2.16172.217.21.36
        Dec 23, 2024 15:47:49.698543072 CET49710443192.168.2.16172.217.21.36
        Dec 23, 2024 15:47:49.698554993 CET44349710172.217.21.36192.168.2.16
        Dec 23, 2024 15:47:51.396152020 CET44349710172.217.21.36192.168.2.16
        Dec 23, 2024 15:47:51.396506071 CET49710443192.168.2.16172.217.21.36
        Dec 23, 2024 15:47:51.396517038 CET44349710172.217.21.36192.168.2.16
        Dec 23, 2024 15:47:51.397608042 CET44349710172.217.21.36192.168.2.16
        Dec 23, 2024 15:47:51.397933960 CET49710443192.168.2.16172.217.21.36
        Dec 23, 2024 15:47:51.398119926 CET44349710172.217.21.36192.168.2.16
        Dec 23, 2024 15:47:51.453648090 CET49710443192.168.2.16172.217.21.36
        Dec 23, 2024 15:47:52.783188105 CET8049697167.89.115.78192.168.2.16
        Dec 23, 2024 15:47:52.783330917 CET4969780192.168.2.16167.89.115.78
        Dec 23, 2024 15:47:53.114926100 CET4969780192.168.2.16167.89.115.78
        Dec 23, 2024 15:47:53.234539032 CET8049697167.89.115.78192.168.2.16
        Dec 23, 2024 15:48:01.102940083 CET44349710172.217.21.36192.168.2.16
        Dec 23, 2024 15:48:01.103131056 CET44349710172.217.21.36192.168.2.16
        Dec 23, 2024 15:48:01.103198051 CET49710443192.168.2.16172.217.21.36
        Dec 23, 2024 15:48:01.113436937 CET49710443192.168.2.16172.217.21.36
        Dec 23, 2024 15:48:01.113466024 CET44349710172.217.21.36192.168.2.16
        TimestampSource PortDest PortSource IPDest IP
        Dec 23, 2024 15:46:45.005372047 CET53530871.1.1.1192.168.2.16
        Dec 23, 2024 15:46:45.022439957 CET53589931.1.1.1192.168.2.16
        Dec 23, 2024 15:46:45.763295889 CET5000853192.168.2.161.1.1.1
        Dec 23, 2024 15:46:45.763439894 CET6034753192.168.2.161.1.1.1
        Dec 23, 2024 15:46:46.148056984 CET53603471.1.1.1192.168.2.16
        Dec 23, 2024 15:46:46.149847031 CET53500081.1.1.1192.168.2.16
        Dec 23, 2024 15:46:47.712626934 CET53648811.1.1.1192.168.2.16
        Dec 23, 2024 15:46:49.639818907 CET5272153192.168.2.161.1.1.1
        Dec 23, 2024 15:46:49.640089989 CET5973953192.168.2.161.1.1.1
        Dec 23, 2024 15:46:49.776814938 CET53597391.1.1.1192.168.2.16
        Dec 23, 2024 15:46:49.776887894 CET53527211.1.1.1192.168.2.16
        Dec 23, 2024 15:47:04.762670040 CET53642331.1.1.1192.168.2.16
        Dec 23, 2024 15:47:23.709669113 CET53615921.1.1.1192.168.2.16
        Dec 23, 2024 15:47:44.933480024 CET53625511.1.1.1192.168.2.16
        Dec 23, 2024 15:47:45.938728094 CET53644191.1.1.1192.168.2.16
        Dec 23, 2024 15:47:53.026905060 CET138138192.168.2.16192.168.2.255
        Dec 23, 2024 15:48:16.355400085 CET53599251.1.1.1192.168.2.16
        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
        Dec 23, 2024 15:46:45.763295889 CET192.168.2.161.1.1.10x231fStandard query (0)url2243.ascglobal1.comA (IP address)IN (0x0001)false
        Dec 23, 2024 15:46:45.763439894 CET192.168.2.161.1.1.10xa777Standard query (0)url2243.ascglobal1.com65IN (0x0001)false
        Dec 23, 2024 15:46:49.639818907 CET192.168.2.161.1.1.10x1f10Standard query (0)www.google.comA (IP address)IN (0x0001)false
        Dec 23, 2024 15:46:49.640089989 CET192.168.2.161.1.1.10xec04Standard query (0)www.google.com65IN (0x0001)false
        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        Dec 23, 2024 15:46:46.148056984 CET1.1.1.1192.168.2.160xa777No error (0)url2243.ascglobal1.comsendgrid.netCNAME (Canonical name)IN (0x0001)false
        Dec 23, 2024 15:46:46.149847031 CET1.1.1.1192.168.2.160x231fNo error (0)url2243.ascglobal1.comsendgrid.netCNAME (Canonical name)IN (0x0001)false
        Dec 23, 2024 15:46:46.149847031 CET1.1.1.1192.168.2.160x231fNo error (0)sendgrid.net167.89.115.78A (IP address)IN (0x0001)false
        Dec 23, 2024 15:46:46.149847031 CET1.1.1.1192.168.2.160x231fNo error (0)sendgrid.net167.89.118.52A (IP address)IN (0x0001)false
        Dec 23, 2024 15:46:46.149847031 CET1.1.1.1192.168.2.160x231fNo error (0)sendgrid.net167.89.118.109A (IP address)IN (0x0001)false
        Dec 23, 2024 15:46:46.149847031 CET1.1.1.1192.168.2.160x231fNo error (0)sendgrid.net167.89.115.150A (IP address)IN (0x0001)false
        Dec 23, 2024 15:46:46.149847031 CET1.1.1.1192.168.2.160x231fNo error (0)sendgrid.net167.89.115.28A (IP address)IN (0x0001)false
        Dec 23, 2024 15:46:46.149847031 CET1.1.1.1192.168.2.160x231fNo error (0)sendgrid.net167.89.118.95A (IP address)IN (0x0001)false
        Dec 23, 2024 15:46:46.149847031 CET1.1.1.1192.168.2.160x231fNo error (0)sendgrid.net167.89.115.56A (IP address)IN (0x0001)false
        Dec 23, 2024 15:46:46.149847031 CET1.1.1.1192.168.2.160x231fNo error (0)sendgrid.net167.89.118.120A (IP address)IN (0x0001)false
        Dec 23, 2024 15:46:46.149847031 CET1.1.1.1192.168.2.160x231fNo error (0)sendgrid.net167.89.115.120A (IP address)IN (0x0001)false
        Dec 23, 2024 15:46:46.149847031 CET1.1.1.1192.168.2.160x231fNo error (0)sendgrid.net167.89.115.52A (IP address)IN (0x0001)false
        Dec 23, 2024 15:46:46.149847031 CET1.1.1.1192.168.2.160x231fNo error (0)sendgrid.net167.89.118.83A (IP address)IN (0x0001)false
        Dec 23, 2024 15:46:46.149847031 CET1.1.1.1192.168.2.160x231fNo error (0)sendgrid.net167.89.118.61A (IP address)IN (0x0001)false
        Dec 23, 2024 15:46:46.149847031 CET1.1.1.1192.168.2.160x231fNo error (0)sendgrid.net167.89.118.62A (IP address)IN (0x0001)false
        Dec 23, 2024 15:46:46.149847031 CET1.1.1.1192.168.2.160x231fNo error (0)sendgrid.net167.89.115.61A (IP address)IN (0x0001)false
        Dec 23, 2024 15:46:46.149847031 CET1.1.1.1192.168.2.160x231fNo error (0)sendgrid.net167.89.118.128A (IP address)IN (0x0001)false
        Dec 23, 2024 15:46:46.149847031 CET1.1.1.1192.168.2.160x231fNo error (0)sendgrid.net167.89.115.77A (IP address)IN (0x0001)false
        Dec 23, 2024 15:46:49.776814938 CET1.1.1.1192.168.2.160xec04No error (0)www.google.com65IN (0x0001)false
        Dec 23, 2024 15:46:49.776887894 CET1.1.1.1192.168.2.160x1f10No error (0)www.google.com172.217.21.36A (IP address)IN (0x0001)false
        • url2243.ascglobal1.com
        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        0192.168.2.1649697167.89.115.78806420C:\Program Files\Google\Chrome\Application\chrome.exe
        TimestampBytes transferredDirectionData
        Dec 23, 2024 15:46:46.270987034 CET1601OUTGET /wf/unsubscribe?upn=u001.TAfzpudJaCZjXK3j9fXGIERNnwdnPY4msovOSyNH3zirAzehZYRj0keZMPdSu7lZ7F6TiGZWHp8EEcM7-2FPm0Ke4rZuTNDpcR5jvzMJ8j-2FCsQRg4iHcg2D71t9PahSsD5G2D-2F9Us2LZ6gGIveFGOO-2B5L6O098LVbu-2FXFfz4wGJA51Yeizdm9cjBfajrF-2B2hgzDr-2FnK8Co0cqcEPJq-2FLJP9ofIr19CtU6lXVW-2FUuWEaLRFRucNBU4nlfxlJwyQG51E3zbZrMqAyUHjW-2FFOZbhjWLtJthZFXCJFgDBEaEK4c0ao1wzVr5WusISZ6QTDXOQbo0Hruce6B1MabT2Q2BNvMk6El-2F2uu-2FvIQ6MHxsBIT7rwXv25bfgEQcplqqWdpP4jitL9lxfL0-2FBlm5AWJTpPop-2FhYeFt6gJGvkBPwxFcqRbCPe28KY4vEwhVvpqHB3OrJ3U25IRI2Ztf17K8E-2BiR01X-2B46kVkRQuJXRJbwzPQ-2BqJ1Sxi6yfRGiWsL7nviyWCMhGFwveInx5CgDc-2FgoXIbNwjxgC1VoOtiKOc9pU-2BFrsLKAAntWT3vY0C3nrbPzqnImvmwcE1nqxPFxjtHaDIHte7alcKWEP9ZdtK5USDcTl24SrIUdhncPbP0ERzaBoezbOY3-2F8mHBnzupraLmgY1IwRAotoISmQSaqpO-2BSe-2BdKibbap86-2BBBuZGO0X3C29mNzVGfDx-2BtL3sxYnIwOKmIkU0-2BRP7TBOZ3PptL2eNkHC1nn4BW-2BTsRA1NcQPFi6k5MtpgDh7v89Ln5wcpK-2BEbk46MopNFLbUCbVVhI8MfmnL1Ky9KphTpTbUApHwh9G-2BBIMD-2FkInms8D5PMvhCWJIj-2BeWwWkoqXP4oODP9gT9aF-2BsfFG40kV82BhExNZoJSnfUoRm607AvRi77Yl3gPmxIPz4JPZKQE6fjXXOt [TRUNCATED]
        Host: url2243.ascglobal1.com
        Connection: keep-alive
        Upgrade-Insecure-Requests: 1
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
        Accept-Encoding: gzip, deflate
        Accept-Language: en-US,en;q=0.9
        Dec 23, 2024 15:46:47.374762058 CET359INHTTP/1.1 200 OK
        Server: nginx
        Date: Mon, 23 Dec 2024 14:46:47 GMT
        Content-Type: text/html; charset=utf-8
        Content-Length: 170
        Connection: keep-alive
        X-Robots-Tag: noindex, nofollow
        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 55 6e 73 75 62 73 63 72 69 62 65 20 73 75 63 63 65 73 73 66 75 6c 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 55 6e 73 75 62 73 63 72 69 62 65 20 73 75 63 63 65 73 73 66 75 6c 3c 2f 68 31 3e 3c 70 3e 59 6f 75 72 20 75 6e 73 75 62 73 63 72 69 62 65 20 72 65 71 75 65 73 74 20 68 61 73 20 62 65 65 6e 20 73 75 63 63 65 73 73 66 75 6c 6c 79 20 61 63 63 65 70 74 65 64 21 3c 2f 70 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
        Data Ascii: <html><head><title>Unsubscribe successful</title></head><body><h1>Unsubscribe successful</h1><p>Your unsubscribe request has been successfully accepted!</p></body></html>
        Dec 23, 2024 15:46:47.424426079 CET1552OUTGET /favicon.ico HTTP/1.1
        Host: url2243.ascglobal1.com
        Connection: keep-alive
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
        Referer: http://url2243.ascglobal1.com/wf/unsubscribe?upn=u001.TAfzpudJaCZjXK3j9fXGIERNnwdnPY4msovOSyNH3zirAzehZYRj0keZMPdSu7lZ7F6TiGZWHp8EEcM7-2FPm0Ke4rZuTNDpcR5jvzMJ8j-2FCsQRg4iHcg2D71t9PahSsD5G2D-2F9Us2LZ6gGIveFGOO-2B5L6O098LVbu-2FXFfz4wGJA51Yeizdm9cjBfajrF-2B2hgzDr-2FnK8Co0cqcEPJq-2FLJP9ofIr19CtU6lXVW-2FUuWEaLRFRucNBU4nlfxlJwyQG51E3zbZrMqAyUHjW-2FFOZbhjWLtJthZFXCJFgDBEaEK4c0ao1wzVr5WusISZ6QTDXOQbo0Hruce6B1MabT2Q2BNvMk6El-2F2uu-2FvIQ6MHxsBIT7rwXv25bfgEQcplqqWdpP4jitL9lxfL0-2FBlm5AWJTpPop-2FhYeFt6gJGvkBPwxFcqRbCPe28KY4vEwhVvpqHB3OrJ3U25IRI2Ztf17K8E-2BiR01X-2B46kVkRQuJXRJbwzPQ-2BqJ1Sxi6yfRGiWsL7nviyWCMhGFwveInx5CgDc-2FgoXIbNwjxgC1VoOtiKOc9pU-2BFrsLKAAntWT3vY0C3nrbPzqnImvmwcE1nqxPFxjtHaDIHte7alcKWEP9ZdtK5USDcTl24SrIUdhncPbP0ERzaBoezbOY3-2F8mHBnzupraLmgY1IwRAotoISmQSaqpO-2BSe-2BdKibbap86-2BBBuZGO0X3C29mNzVGfDx-2BtL3sxYnIwOKmIkU0-2BRP7TBOZ3PptL2eNkHC1nn4BW-2BTsRA1NcQPFi6k5MtpgDh7v89Ln5wcpK-2BEbk46MopNFLbUCbVVhI8MfmnL1Ky9KphTpTbUApHwh9G-2BBIMD-2FkInms8D5PMvhCWJIj-2BeWwWkoqXP4oODP9gT9aF-2BsfFG40kV82BhExNZoJSnfUoR [TRUNCATED]
        Accept-Encoding: gzip, deflate
        Accept-Language: en-US,en;q=0.9
        Dec 23, 2024 15:46:47.783201933 CET712INHTTP/1.1 404 Not Found
        Server: nginx
        Date: Mon, 23 Dec 2024 14:46:47 GMT
        Content-Type: text/html
        Content-Length: 564
        Connection: keep-alive
        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
        Dec 23, 2024 15:47:32.785783052 CET6OUTData Raw: 00
        Data Ascii:


        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        1192.168.2.1649698167.89.115.78806420C:\Program Files\Google\Chrome\Application\chrome.exe
        TimestampBytes transferredDirectionData
        Dec 23, 2024 15:47:31.283571959 CET6OUTData Raw: 00
        Data Ascii:


        Click to jump to process

        Click to jump to process

        Click to jump to process

        Target ID:0
        Start time:09:46:43
        Start date:23/12/2024
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
        Imagebase:0x7ff7f9810000
        File size:3'242'272 bytes
        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:false

        Target ID:1
        Start time:09:46:43
        Start date:23/12/2024
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2020,i,18058770588087424931,17871744551188134426,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
        Imagebase:0x7ff7f9810000
        File size:3'242'272 bytes
        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:false

        Target ID:2
        Start time:09:46:44
        Start date:23/12/2024
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://url2243.ascglobal1.com/wf/unsubscribe?upn=u001.TAfzpudJaCZjXK3j9fXGIERNnwdnPY4msovOSyNH3zirAzehZYRj0keZMPdSu7lZ7F6TiGZWHp8EEcM7-2FPm0Ke4rZuTNDpcR5jvzMJ8j-2FCsQRg4iHcg2D71t9PahSsD5G2D-2F9Us2LZ6gGIveFGOO-2B5L6O098LVbu-2FXFfz4wGJA51Yeizdm9cjBfajrF-2B2hgzDr-2FnK8Co0cqcEPJq-2FLJP9ofIr19CtU6lXVW-2FUuWEaLRFRucNBU4nlfxlJwyQG51E3zbZrMqAyUHjW-2FFOZbhjWLtJthZFXCJFgDBEaEK4c0ao1wzVr5WusISZ6QTDXOQbo0Hruce6B1MabT2Q2BNvMk6El-2F2uu-2FvIQ6MHxsBIT7rwXv25bfgEQcplqqWdpP4jitL9lxfL0-2FBlm5AWJTpPop-2FhYeFt6gJGvkBPwxFcqRbCPe28KY4vEwhVvpqHB3OrJ3U25IRI2Ztf17K8E-2BiR01X-2B46kVkRQuJXRJbwzPQ-2BqJ1Sxi6yfRGiWsL7nviyWCMhGFwveInx5CgDc-2FgoXIbNwjxgC1VoOtiKOc9pU-2BFrsLKAAntWT3vY0C3nrbPzqnImvmwcE1nqxPFxjtHaDIHte7alcKWEP9ZdtK5USDcTl24SrIUdhncPbP0ERzaBoezbOY3-2F8mHBnzupraLmgY1IwRAotoISmQSaqpO-2BSe-2BdKibbap86-2BBBuZGO0X3C29mNzVGfDx-2BtL3sxYnIwOKmIkU0-2BRP7TBOZ3PptL2eNkHC1nn4BW-2BTsRA1NcQPFi6k5MtpgDh7v89Ln5wcpK-2BEbk46MopNFLbUCbVVhI8MfmnL1Ky9KphTpTbUApHwh9G-2BBIMD-2FkInms8D5PMvhCWJIj-2BeWwWkoqXP4oODP9gT9aF-2BsfFG40kV82BhExNZoJSnfUoRm607AvRi77Yl3gPmxIPz4JPZKQE6fjXXOtezy3dbb-2BlwbCroN3YfdwU835bFJsoPdvYCJLaa1-2BZeEA4Ila7f8SjW6mmUHZTqduMR-2FPyA4i-2FaQRMqU2ielMgAslBfnZg3ABS7uenoZZSDAx5LxYc29y0WhdvpjWxKZ80DMVcg-3D"
        Imagebase:0x7ff7f9810000
        File size:3'242'272 bytes
        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:true

        No disassembly