Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://files.constantcontact.com/b68ec2bc601/71fae93c-8fd5-4f19-99c3-6669e1d87934.png?rdr=true

Overview

General Information

Sample URL:https://files.constantcontact.com/b68ec2bc601/71fae93c-8fd5-4f19-99c3-6669e1d87934.png?rdr=true
Analysis ID:1579951
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

No high impact signatures.

Classification

  • System is w10x64
  • chrome.exe (PID: 5012 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 5416 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=2188,i,7815101925424919649,4791692279173797684,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6508 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://files.constantcontact.com/b68ec2bc601/71fae93c-8fd5-4f19-99c3-6669e1d87934.png?rdr=true" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://files.constantcontact.com/b68ec2bc601/71fae93c-8fd5-4f19-99c3-6669e1d87934.png?rdr=trueHTTP Parser: No favicon
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.168.117
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.168.117
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.168.117
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.168.117
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /b68ec2bc601/71fae93c-8fd5-4f19-99c3-6669e1d87934.png?rdr=true HTTP/1.1Host: files.constantcontact.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: files.constantcontact.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://files.constantcontact.com/b68ec2bc601/71fae93c-8fd5-4f19-99c3-6669e1d87934.png?rdr=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: files.constantcontact.com
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: application/xmlTransfer-Encoding: chunkedConnection: closeServer: AmazonS3Date: Mon, 23 Dec 2024 15:49:58 GMTX-Cache: Error from cloudfrontVia: 1.1 914dbe74ea96bd4eab279d4e05aee014.cloudfront.net (CloudFront)X-Amz-Cf-Pop: TLV50-C2X-Amz-Cf-Id: WLYlb1OfNJ0h_lv7PpGnh8qTbJ4o0oBdNCBTDgCDyHAMlKxvX7U_Tw==X-Robots-Tag: noindex, nofollowVary: Origin
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49672
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: classification engineClassification label: clean0.win@16/4@4/4
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=2188,i,7815101925424919649,4791692279173797684,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://files.constantcontact.com/b68ec2bc601/71fae93c-8fd5-4f19-99c3-6669e1d87934.png?rdr=true"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=2188,i,7815101925424919649,4791692279173797684,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection
1
Process Injection
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://files.constantcontact.com/b68ec2bc601/71fae93c-8fd5-4f19-99c3-6669e1d87934.png?rdr=true0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
d6j37cnssol7h.cloudfront.net
65.9.112.62
truefalse
    unknown
    www.google.com
    142.250.181.68
    truefalse
      high
      files.constantcontact.com
      unknown
      unknownfalse
        high
        NameMaliciousAntivirus DetectionReputation
        https://files.constantcontact.com/favicon.icofalse
          high
          https://files.constantcontact.com/b68ec2bc601/71fae93c-8fd5-4f19-99c3-6669e1d87934.png?rdr=truefalse
            high
            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs
            IPDomainCountryFlagASNASN NameMalicious
            239.255.255.250
            unknownReserved
            unknownunknownfalse
            142.250.181.68
            www.google.comUnited States
            15169GOOGLEUSfalse
            65.9.112.62
            d6j37cnssol7h.cloudfront.netUnited States
            16509AMAZON-02USfalse
            IP
            192.168.2.4
            Joe Sandbox version:41.0.0 Charoite
            Analysis ID:1579951
            Start date and time:2024-12-23 16:48:34 +01:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 3m 32s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:browseurl.jbs
            Sample URL:https://files.constantcontact.com/b68ec2bc601/71fae93c-8fd5-4f19-99c3-6669e1d87934.png?rdr=true
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:8
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Detection:CLEAN
            Classification:clean0.win@16/4@4/4
            EGA Information:Failed
            HCA Information:
            • Successful, ratio: 100%
            • Number of executed functions: 0
            • Number of non-executed functions: 0
            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
            • Excluded IPs from analysis (whitelisted): 172.217.21.35, 172.217.19.238, 64.233.161.84, 142.250.181.142, 172.217.17.46, 217.20.58.99, 192.229.221.95, 172.217.17.35, 23.218.208.109, 4.175.87.197, 13.107.246.63
            • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
            • Not all processes where analyzed, report is missing behavior information
            • VT rate limit hit for: https://files.constantcontact.com/b68ec2bc601/71fae93c-8fd5-4f19-99c3-6669e1d87934.png?rdr=true
            No simulations
            No context
            No context
            No context
            No context
            No context
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:PNG image data, 74 x 25, 8-bit/color RGBA, non-interlaced
            Category:downloaded
            Size (bytes):1799
            Entropy (8bit):7.823634040379351
            Encrypted:false
            SSDEEP:48:MAXhS5Vuzzj0NU5wrmMPIb0OqV0B/gz8Mur7p4:MnXu3a0wrmMPIRqe2G4
            MD5:64F7DEF62BCD6A6ADE92AC33F81C79E8
            SHA1:915515DBE919E72AAA74DE7992200984AD93C0D3
            SHA-256:9B604856237EC903D5914745E51A936CF66F979A227B2F17269930B27BA7A910
            SHA-512:8D405E7696B5E34B996462E9463B278AA254A523625A0BA12C15DD5B30BFEEA3778ACA0BF5E0551E1B768AE6C3067F027F9D278508054BA42A1AFF823958247E
            Malicious:false
            Reputation:low
            URL:https://files.constantcontact.com/b68ec2bc601/71fae93c-8fd5-4f19-99c3-6669e1d87934.png?rdr=true
            Preview:.PNG........IHDR...J...........(....sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.Y{l.E._D.....H..}...F..1...z......H4.........?..B....."}..A....E....>*.....C.(........]..%./...3....o..f*$...Y..o..#.#...nHL..M..:y.7..Q....j".FJ.g.....9.Q....lj&...D..O3;.F....$.NT.g]......:7...P&a.`'...m.IW.t......(..J_..1./......1.3....WB...b|..H..:Wi.V...X.!@2<..&..b.M...L.i.5...y.9.....+.2.+.t+...Z1.... ....n...{.... b.I.p.t.h....^..&b....g....*.."..cT`Q....Ops..B..lm.....K..c..M9.!.M..-..TX....E.'.....l.....U/.<.E.<)G....K....,..ME1P(*.r...b.KE....O.=.1.....S......\...... \KfA..Y.,B!J ...8}._..u....2;.)R{..c..C\.2.I....=.iD....X+..o..,..eM.).=......;.9....\t..^.:..@..J.t..5....$Q...Y.......s.h(.tV...I..,.'..9..qIE...e.wY..D...$.F.T.P....^..Z+e`...].O~^.,{..V..B..e....B.F...r..N.....),..Y.>.Y`/..M.8=|o.>|8.........:E,.}....v3g2.*.2Us.\.$2j......&..9ri. ..J..%.5......F.X......%.\!<.x.7s.#...N....u.F....&q...A.}....@...F..q..[FD..5..}s.`..8.l.,7.j
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:XML 1.0 document, ASCII text
            Category:downloaded
            Size (bytes):275
            Entropy (8bit):5.540608807456361
            Encrypted:false
            SSDEEP:6:TMVBd/ZbZjZvKtWRVzjo3YSnwY+9ooW5AfCLGAtI/OGK2Kjan:TMHd9BZKtWR23BwB9oL5AfPF292Kja
            MD5:34FC35A6D0274782AB0C6868970AF869
            SHA1:9D17090D53CD169927AEF6E49775E56D6F980715
            SHA-256:0F706748CD2630208325169FBD6C751BB86C96BC0D3281CB2CC1482B3AA04CC4
            SHA-512:71218DF4512564B098BA6A5312E0E097AD58D17B01CEC2747EE20161DDC52AD52CD5D516932479C54AEB836BA66AB210C0F09CAD118116534E3B4005A283721E
            Malicious:false
            Reputation:low
            URL:https://files.constantcontact.com/favicon.ico
            Preview:<?xml version="1.0" encoding="UTF-8"?>.<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>MRAPYE0FC589S4SA</RequestId><HostId>JjB6avtp1XqW1gYps2ic8J9qMWiiD31noDKo/gv0EnJ6r/D80iurNtAUEjD1K1hieKjKiQmF50brCEHwRKSt0Xgi7pH6wCQa5AgHcrniqm0=</HostId></Error>
            No static file info
            TimestampSource PortDest PortSource IPDest IP
            Dec 23, 2024 16:49:47.865001917 CET49675443192.168.2.4173.222.162.32
            Dec 23, 2024 16:49:52.816510916 CET49739443192.168.2.4142.250.181.68
            Dec 23, 2024 16:49:52.816559076 CET44349739142.250.181.68192.168.2.4
            Dec 23, 2024 16:49:52.816612959 CET49739443192.168.2.4142.250.181.68
            Dec 23, 2024 16:49:52.817411900 CET49739443192.168.2.4142.250.181.68
            Dec 23, 2024 16:49:52.817426920 CET44349739142.250.181.68192.168.2.4
            Dec 23, 2024 16:49:54.515889883 CET44349739142.250.181.68192.168.2.4
            Dec 23, 2024 16:49:54.516180992 CET49739443192.168.2.4142.250.181.68
            Dec 23, 2024 16:49:54.516211987 CET44349739142.250.181.68192.168.2.4
            Dec 23, 2024 16:49:54.517273903 CET44349739142.250.181.68192.168.2.4
            Dec 23, 2024 16:49:54.517330885 CET49739443192.168.2.4142.250.181.68
            Dec 23, 2024 16:49:54.518671036 CET49739443192.168.2.4142.250.181.68
            Dec 23, 2024 16:49:54.518739939 CET44349739142.250.181.68192.168.2.4
            Dec 23, 2024 16:49:54.566915989 CET49739443192.168.2.4142.250.181.68
            Dec 23, 2024 16:49:54.566951990 CET44349739142.250.181.68192.168.2.4
            Dec 23, 2024 16:49:54.613780975 CET49739443192.168.2.4142.250.181.68
            Dec 23, 2024 16:49:55.667243004 CET49741443192.168.2.465.9.112.62
            Dec 23, 2024 16:49:55.667294979 CET4434974165.9.112.62192.168.2.4
            Dec 23, 2024 16:49:55.667355061 CET49741443192.168.2.465.9.112.62
            Dec 23, 2024 16:49:55.667999983 CET49742443192.168.2.465.9.112.62
            Dec 23, 2024 16:49:55.668049097 CET4434974265.9.112.62192.168.2.4
            Dec 23, 2024 16:49:55.668159962 CET49742443192.168.2.465.9.112.62
            Dec 23, 2024 16:49:55.689507008 CET49742443192.168.2.465.9.112.62
            Dec 23, 2024 16:49:55.689518929 CET4434974265.9.112.62192.168.2.4
            Dec 23, 2024 16:49:55.690123081 CET49741443192.168.2.465.9.112.62
            Dec 23, 2024 16:49:55.690140009 CET4434974165.9.112.62192.168.2.4
            Dec 23, 2024 16:49:57.348787069 CET4434974265.9.112.62192.168.2.4
            Dec 23, 2024 16:49:57.349098921 CET49742443192.168.2.465.9.112.62
            Dec 23, 2024 16:49:57.349124908 CET4434974265.9.112.62192.168.2.4
            Dec 23, 2024 16:49:57.350188017 CET4434974265.9.112.62192.168.2.4
            Dec 23, 2024 16:49:57.350362062 CET49742443192.168.2.465.9.112.62
            Dec 23, 2024 16:49:57.353574038 CET4434974165.9.112.62192.168.2.4
            Dec 23, 2024 16:49:57.355077028 CET49742443192.168.2.465.9.112.62
            Dec 23, 2024 16:49:57.355170012 CET4434974265.9.112.62192.168.2.4
            Dec 23, 2024 16:49:57.355293989 CET49741443192.168.2.465.9.112.62
            Dec 23, 2024 16:49:57.355331898 CET4434974165.9.112.62192.168.2.4
            Dec 23, 2024 16:49:57.355525017 CET49742443192.168.2.465.9.112.62
            Dec 23, 2024 16:49:57.355534077 CET4434974265.9.112.62192.168.2.4
            Dec 23, 2024 16:49:57.356439114 CET4434974165.9.112.62192.168.2.4
            Dec 23, 2024 16:49:57.356508970 CET49741443192.168.2.465.9.112.62
            Dec 23, 2024 16:49:57.358197927 CET49741443192.168.2.465.9.112.62
            Dec 23, 2024 16:49:57.358295918 CET4434974165.9.112.62192.168.2.4
            Dec 23, 2024 16:49:57.399326086 CET49742443192.168.2.465.9.112.62
            Dec 23, 2024 16:49:57.399470091 CET49741443192.168.2.465.9.112.62
            Dec 23, 2024 16:49:57.399501085 CET4434974165.9.112.62192.168.2.4
            Dec 23, 2024 16:49:57.445168018 CET49741443192.168.2.465.9.112.62
            Dec 23, 2024 16:49:58.296956062 CET4434974265.9.112.62192.168.2.4
            Dec 23, 2024 16:49:58.297040939 CET4434974265.9.112.62192.168.2.4
            Dec 23, 2024 16:49:58.297101021 CET49742443192.168.2.465.9.112.62
            Dec 23, 2024 16:49:58.297127962 CET4434974265.9.112.62192.168.2.4
            Dec 23, 2024 16:49:58.297211885 CET4434974265.9.112.62192.168.2.4
            Dec 23, 2024 16:49:58.297290087 CET49742443192.168.2.465.9.112.62
            Dec 23, 2024 16:49:58.551621914 CET49742443192.168.2.465.9.112.62
            Dec 23, 2024 16:49:58.551655054 CET4434974265.9.112.62192.168.2.4
            Dec 23, 2024 16:49:58.609317064 CET49741443192.168.2.465.9.112.62
            Dec 23, 2024 16:49:58.655338049 CET4434974165.9.112.62192.168.2.4
            Dec 23, 2024 16:49:59.233931065 CET49672443192.168.2.4173.222.162.32
            Dec 23, 2024 16:49:59.233984947 CET44349672173.222.162.32192.168.2.4
            Dec 23, 2024 16:49:59.405426025 CET4434974165.9.112.62192.168.2.4
            Dec 23, 2024 16:49:59.405740976 CET4434974165.9.112.62192.168.2.4
            Dec 23, 2024 16:49:59.405827045 CET49741443192.168.2.465.9.112.62
            Dec 23, 2024 16:49:59.419389963 CET49741443192.168.2.465.9.112.62
            Dec 23, 2024 16:49:59.419418097 CET4434974165.9.112.62192.168.2.4
            Dec 23, 2024 16:50:02.676990986 CET4972380192.168.2.42.16.168.117
            Dec 23, 2024 16:50:02.677090883 CET4972480192.168.2.42.16.168.117
            Dec 23, 2024 16:50:02.797257900 CET80497232.16.168.117192.168.2.4
            Dec 23, 2024 16:50:02.797389984 CET4972380192.168.2.42.16.168.117
            Dec 23, 2024 16:50:02.797808886 CET80497242.16.168.117192.168.2.4
            Dec 23, 2024 16:50:02.797873974 CET4972480192.168.2.42.16.168.117
            Dec 23, 2024 16:50:04.205976963 CET44349739142.250.181.68192.168.2.4
            Dec 23, 2024 16:50:04.206036091 CET44349739142.250.181.68192.168.2.4
            Dec 23, 2024 16:50:04.206085920 CET49739443192.168.2.4142.250.181.68
            Dec 23, 2024 16:50:05.959172964 CET49739443192.168.2.4142.250.181.68
            Dec 23, 2024 16:50:05.959188938 CET44349739142.250.181.68192.168.2.4
            Dec 23, 2024 16:50:52.741105080 CET49813443192.168.2.4142.250.181.68
            Dec 23, 2024 16:50:52.741137981 CET44349813142.250.181.68192.168.2.4
            Dec 23, 2024 16:50:52.741297007 CET49813443192.168.2.4142.250.181.68
            Dec 23, 2024 16:50:52.741520882 CET49813443192.168.2.4142.250.181.68
            Dec 23, 2024 16:50:52.741535902 CET44349813142.250.181.68192.168.2.4
            Dec 23, 2024 16:50:54.522252083 CET44349813142.250.181.68192.168.2.4
            Dec 23, 2024 16:50:54.523766041 CET49813443192.168.2.4142.250.181.68
            Dec 23, 2024 16:50:54.523775101 CET44349813142.250.181.68192.168.2.4
            Dec 23, 2024 16:50:54.524121046 CET44349813142.250.181.68192.168.2.4
            Dec 23, 2024 16:50:54.526282072 CET49813443192.168.2.4142.250.181.68
            Dec 23, 2024 16:50:54.526340961 CET44349813142.250.181.68192.168.2.4
            Dec 23, 2024 16:50:54.567173004 CET49813443192.168.2.4142.250.181.68
            Dec 23, 2024 16:51:04.145108938 CET44349813142.250.181.68192.168.2.4
            Dec 23, 2024 16:51:04.145210981 CET44349813142.250.181.68192.168.2.4
            Dec 23, 2024 16:51:04.145411015 CET49813443192.168.2.4142.250.181.68
            Dec 23, 2024 16:51:05.965686083 CET49813443192.168.2.4142.250.181.68
            Dec 23, 2024 16:51:05.965708971 CET44349813142.250.181.68192.168.2.4
            TimestampSource PortDest PortSource IPDest IP
            Dec 23, 2024 16:49:47.524838924 CET138138192.168.2.4192.168.2.255
            Dec 23, 2024 16:49:49.369175911 CET53556341.1.1.1192.168.2.4
            Dec 23, 2024 16:49:49.446348906 CET53653121.1.1.1192.168.2.4
            Dec 23, 2024 16:49:52.240561962 CET53525361.1.1.1192.168.2.4
            Dec 23, 2024 16:49:52.677690983 CET6144753192.168.2.41.1.1.1
            Dec 23, 2024 16:49:52.677855015 CET5544153192.168.2.41.1.1.1
            Dec 23, 2024 16:49:52.814609051 CET53554411.1.1.1192.168.2.4
            Dec 23, 2024 16:49:52.814677000 CET53614471.1.1.1192.168.2.4
            Dec 23, 2024 16:49:55.294707060 CET6211653192.168.2.41.1.1.1
            Dec 23, 2024 16:49:55.294895887 CET5092253192.168.2.41.1.1.1
            Dec 23, 2024 16:49:55.647258043 CET53621161.1.1.1192.168.2.4
            Dec 23, 2024 16:49:55.661556005 CET53509221.1.1.1192.168.2.4
            Dec 23, 2024 16:50:09.193923950 CET53648191.1.1.1192.168.2.4
            Dec 23, 2024 16:50:27.991291046 CET53649691.1.1.1192.168.2.4
            Dec 23, 2024 16:50:49.177583933 CET53581951.1.1.1192.168.2.4
            Dec 23, 2024 16:50:50.572102070 CET53598281.1.1.1192.168.2.4
            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            Dec 23, 2024 16:49:52.677690983 CET192.168.2.41.1.1.10xfecaStandard query (0)www.google.comA (IP address)IN (0x0001)false
            Dec 23, 2024 16:49:52.677855015 CET192.168.2.41.1.1.10x5e5fStandard query (0)www.google.com65IN (0x0001)false
            Dec 23, 2024 16:49:55.294707060 CET192.168.2.41.1.1.10x7756Standard query (0)files.constantcontact.comA (IP address)IN (0x0001)false
            Dec 23, 2024 16:49:55.294895887 CET192.168.2.41.1.1.10x71aStandard query (0)files.constantcontact.com65IN (0x0001)false
            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            Dec 23, 2024 16:49:52.814609051 CET1.1.1.1192.168.2.40x5e5fNo error (0)www.google.com65IN (0x0001)false
            Dec 23, 2024 16:49:52.814677000 CET1.1.1.1192.168.2.40xfecaNo error (0)www.google.com142.250.181.68A (IP address)IN (0x0001)false
            Dec 23, 2024 16:49:55.647258043 CET1.1.1.1192.168.2.40x7756No error (0)files.constantcontact.comd6j37cnssol7h.cloudfront.netCNAME (Canonical name)IN (0x0001)false
            Dec 23, 2024 16:49:55.647258043 CET1.1.1.1192.168.2.40x7756No error (0)d6j37cnssol7h.cloudfront.net65.9.112.62A (IP address)IN (0x0001)false
            Dec 23, 2024 16:49:55.647258043 CET1.1.1.1192.168.2.40x7756No error (0)d6j37cnssol7h.cloudfront.net65.9.112.74A (IP address)IN (0x0001)false
            Dec 23, 2024 16:49:55.647258043 CET1.1.1.1192.168.2.40x7756No error (0)d6j37cnssol7h.cloudfront.net65.9.112.12A (IP address)IN (0x0001)false
            Dec 23, 2024 16:49:55.647258043 CET1.1.1.1192.168.2.40x7756No error (0)d6j37cnssol7h.cloudfront.net65.9.112.21A (IP address)IN (0x0001)false
            Dec 23, 2024 16:49:55.661556005 CET1.1.1.1192.168.2.40x71aNo error (0)files.constantcontact.comd6j37cnssol7h.cloudfront.netCNAME (Canonical name)IN (0x0001)false
            • files.constantcontact.com
            • https:
            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.44974265.9.112.624435416C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            2024-12-23 15:49:57 UTC729OUTGET /b68ec2bc601/71fae93c-8fd5-4f19-99c3-6669e1d87934.png?rdr=true HTTP/1.1
            Host: files.constantcontact.com
            Connection: keep-alive
            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
            sec-ch-ua-mobile: ?0
            sec-ch-ua-platform: "Windows"
            Upgrade-Insecure-Requests: 1
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
            Sec-Fetch-Site: none
            Sec-Fetch-Mode: navigate
            Sec-Fetch-User: ?1
            Sec-Fetch-Dest: document
            Accept-Encoding: gzip, deflate, br
            Accept-Language: en-US,en;q=0.9
            2024-12-23 15:49:58 UTC664INHTTP/1.1 200 OK
            Content-Type: image/png
            Content-Length: 1799
            Connection: close
            Date: Mon, 23 Dec 2024 15:49:58 GMT
            x-amz-replication-status: COMPLETED
            Last-Modified: Fri, 17 Nov 2023 18:13:14 GMT
            ETag: "64f7def62bcd6a6ade92ac33f81c79e8"
            x-amz-server-side-encryption: AES256
            Content-Disposition: filename=3E Logo.png
            x-amz-version-id: QvAjNzyOe3ysNdgWI1JfE_BQ30RqZ6d9
            Accept-Ranges: bytes
            Server: AmazonS3
            X-Cache: Miss from cloudfront
            Via: 1.1 cc308cac72966d971a24d7b2a41ddf70.cloudfront.net (CloudFront)
            X-Amz-Cf-Pop: TLV50-C2
            X-Amz-Cf-Id: pnSrsIaJH48S62vKDlWCfuWNHwVgEe2vgMdG6PMrWP6-8VSDwnOimw==
            X-Robots-Tag: noindex, nofollow
            Vary: Origin
            2024-12-23 15:49:58 UTC1799INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 4a 00 00 00 19 08 06 00 00 00 96 ca b8 28 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 06 9c 49 44 41 54 58 47 d5 59 7b 6c 14 45 18 5f 44 a3 d0 de ee 1e 48 b4 0a 7d 11 83 89 46 05 89 31 91 a4 bc 7a bb db 07 05 a5 f1 95 48 34 f8 8f e1 d9 de ee de a3 e5 80 a2 84 3f 14 82 42 a8 a5 ad a8 80 22 7d 80 04 41 8c 95 98 18 45 b4 94 b6 1c 3e 2a a4 82 09 06 01 43 0c 28 c2 f8 9b e9 dc d1 eb ee 5d 8f bb 25 e0 2f f9 e5 ee ba 33 df ec f7 9b 6f be f9 66 2a 24 8b 83 b5 59 c3 0f 6f 14 eb 8e be 23 91 23 8d 12 e9 6e 48 4c da ee 87 4d f2 d9 8e 3a 79 0e 37 11 03 51 f5 fa e4 d2 6a 22 a9 46 4a 94 67 84 88 a4 18 eb
            Data Ascii: PNGIHDRJ(sRGBgAMAapHYsodIDATXGY{lE_DH}F1zH4?B"}AE>*C(]%/3of*$Yo##nHLM:y7Qj"FJg


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            1192.168.2.44974165.9.112.624435416C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            2024-12-23 15:49:58 UTC667OUTGET /favicon.ico HTTP/1.1
            Host: files.constantcontact.com
            Connection: keep-alive
            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
            sec-ch-ua-mobile: ?0
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            sec-ch-ua-platform: "Windows"
            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
            Sec-Fetch-Site: same-origin
            Sec-Fetch-Mode: no-cors
            Sec-Fetch-Dest: image
            Referer: https://files.constantcontact.com/b68ec2bc601/71fae93c-8fd5-4f19-99c3-6669e1d87934.png?rdr=true
            Accept-Encoding: gzip, deflate, br
            Accept-Language: en-US,en;q=0.9
            2024-12-23 15:49:59 UTC404INHTTP/1.1 403 Forbidden
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            Server: AmazonS3
            Date: Mon, 23 Dec 2024 15:49:58 GMT
            X-Cache: Error from cloudfront
            Via: 1.1 914dbe74ea96bd4eab279d4e05aee014.cloudfront.net (CloudFront)
            X-Amz-Cf-Pop: TLV50-C2
            X-Amz-Cf-Id: WLYlb1OfNJ0h_lv7PpGnh8qTbJ4o0oBdNCBTDgCDyHAMlKxvX7U_Tw==
            X-Robots-Tag: noindex, nofollow
            Vary: Origin
            2024-12-23 15:49:59 UTC282INData Raw: 31 31 33 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 4d 52 41 50 59 45 30 46 43 35 38 39 53 34 53 41 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 4a 6a 42 36 61 76 74 70 31 58 71 57 31 67 59 70 73 32 69 63 38 4a 39 71 4d 57 69 69 44 33 31 6e 6f 44 4b 6f 2f 67 76 30 45 6e 4a 36 72 2f 44 38 30 69 75 72 4e 74 41 55 45 6a 44 31 4b 31 68 69 65 4b 6a 4b 69 51 6d 46 35 30 62 72 43 45 48 77 52 4b 53 74 30 58 67 69 37 70 48 36 77 43 51 61 35 41 67 48
            Data Ascii: 113<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>MRAPYE0FC589S4SA</RequestId><HostId>JjB6avtp1XqW1gYps2ic8J9qMWiiD31noDKo/gv0EnJ6r/D80iurNtAUEjD1K1hieKjKiQmF50brCEHwRKSt0Xgi7pH6wCQa5AgH
            2024-12-23 15:49:59 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Click to jump to process

            Click to jump to process

            Click to jump to process

            Target ID:0
            Start time:10:49:42
            Start date:23/12/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
            Imagebase:0x7ff76e190000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            Target ID:2
            Start time:10:49:47
            Start date:23/12/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=2188,i,7815101925424919649,4791692279173797684,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Imagebase:0x7ff76e190000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            Target ID:5
            Start time:10:49:54
            Start date:23/12/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://files.constantcontact.com/b68ec2bc601/71fae93c-8fd5-4f19-99c3-6669e1d87934.png?rdr=true"
            Imagebase:0x7ff76e190000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            No disassembly