Edit tour

Windows Analysis Report
http://assets.unlayer.com

Overview

General Information

Sample URL:http://assets.unlayer.com
Analysis ID:1601639
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

No high impact signatures.

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 5028 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 1036 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 --field-trial-handle=2004,i,6895744723872298390,10572785987213939283,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • chrome.exe (PID: 5076 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://assets.unlayer.com" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49769 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49888 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49994 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 217.20.57.42
Source: unknownTCP traffic detected without corresponding DNS query: 217.20.57.42
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: assets.unlayer.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: assets.unlayer.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://assets.unlayer.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: assets.unlayer.com
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: application/xmlContent-Length: 190Connection: keep-alivex-amzn-RequestId: 0888cdb3-6fc9-4235-8544-8c1a43f6c762Date: Tue, 28 Jan 2025 18:47:57 GMTX-Cache: Error from cloudfrontVia: 1.1 ee44697df8ff7fee1512bec7b4da5368.cloudfront.net (CloudFront)X-Amz-Cf-Pop: FRA60-P8X-Amz-Cf-Id: 07br7JFZDtRSto7feI2GwYgDG9HbSC7RP2tVPvy56vYVgEqFw7W42w==Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 46 6f 72 62 69 64 64 65 6e 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 30 38 38 38 63 64 62 33 2d 36 66 63 39 2d 34 32 33 35 2d 38 35 34 34 2d 38 63 31 61 34 33 66 36 63 37 36 32 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 7b 68 6f 73 74 2d 69 64 7d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e Data Ascii: <?xml version="1.0" encoding="UTF-8"?><Error><Code>Forbidden</Code><Message>Forbidden.</Message><RequestId>0888cdb3-6fc9-4235-8544-8c1a43f6c762</RequestId><HostId>{host-id}</HostId></Error>
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: application/xmlTransfer-Encoding: chunkedConnection: keep-aliveServer: AmazonS3Date: Tue, 28 Jan 2025 18:47:57 GMTX-Cache: Error from cloudfrontVia: 1.1 ee44697df8ff7fee1512bec7b4da5368.cloudfront.net (CloudFront)X-Amz-Cf-Pop: FRA60-P8X-Amz-Cf-Id: TkidFYFjEinqmE64oygteCeuBgXImwbDJyqH3HHKpvKbjP-2sUU8Rw==Data Raw: 36 66 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 2f 45 72 72 6f 72 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6f<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message></Error>0
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49769 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49888 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49994 version: TLS 1.2
Source: classification engineClassification label: clean0.win@16/4@4/4
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 --field-trial-handle=2004,i,6895744723872298390,10572785987213939283,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://assets.unlayer.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 --field-trial-handle=2004,i,6895744723872298390,10572785987213939283,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection
1
Process Injection
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1601639 URL: http://assets.unlayer.com Startdate: 28/01/2025 Architecture: WINDOWS Score: 0 5 chrome.exe 1 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.6, 443, 49695, 49704 unknown unknown 5->13 15 239.255.255.250 unknown Reserved 5->15 10 chrome.exe 5->10         started        process4 dnsIp5 17 d14hpj5n6rtu02.cloudfront.net 18.172.112.35, 49736, 49737, 80 MIT-GATEWAYSUS United States 10->17 19 www.google.com 216.58.212.132, 443, 49718, 49996 GOOGLEUS United States 10->19 21 assets.unlayer.com 10->21

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
http://assets.unlayer.com0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
d14hpj5n6rtu02.cloudfront.net
18.172.112.35
truefalse
    unknown
    www.google.com
    216.58.212.132
    truefalse
      high
      assets.unlayer.com
      unknown
      unknownfalse
        high
        NameMaliciousAntivirus DetectionReputation
        http://assets.unlayer.com/favicon.icofalse
          high
          http://assets.unlayer.com/false
            high
            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs
            IPDomainCountryFlagASNASN NameMalicious
            239.255.255.250
            unknownReserved
            unknownunknownfalse
            216.58.212.132
            www.google.comUnited States
            15169GOOGLEUSfalse
            18.172.112.35
            d14hpj5n6rtu02.cloudfront.netUnited States
            3MIT-GATEWAYSUSfalse
            IP
            192.168.2.6
            Joe Sandbox version:42.0.0 Malachite
            Analysis ID:1601639
            Start date and time:2025-01-28 19:46:55 +01:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 3m 0s
            Hypervisor based Inspection enabled:false
            Report type:light
            Cookbook file name:browseurl.jbs
            Sample URL:http://assets.unlayer.com
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:8
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Detection:CLEAN
            Classification:clean0.win@16/4@4/4
            EGA Information:Failed
            HCA Information:
            • Successful, ratio: 100%
            • Number of executed functions: 0
            • Number of non-executed functions: 0
            • Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
            • TCP Packets have been reduced to 100
            • Excluded IPs from analysis (whitelisted): 216.58.206.35, 142.250.185.142, 74.125.133.84, 172.217.16.206, 142.250.186.174, 142.250.186.142, 2.17.190.73, 84.201.210.22, 142.250.185.110, 142.250.181.238, 142.250.186.110, 142.250.185.238, 142.250.185.227, 142.250.185.174, 216.58.206.78, 13.107.246.45, 184.28.90.27, 23.56.254.164, 172.202.163.200
            • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
            • Not all processes where analyzed, report is missing behavior information
            • VT rate limit hit for: http://assets.unlayer.com
            No simulations
            No context
            No context
            No context
            No context
            No context
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:XML 1.0 document, ASCII text
            Category:downloaded
            Size (bytes):111
            Entropy (8bit):4.655766260772407
            Encrypted:false
            SSDEEP:3:vFWWMNHU8LdgCfZbZj+PBMkmKqWWU66bukoL9KgqLn:TMVBd/ZbZjZvKtWRV8g6n
            MD5:B6C792C0F58FA3EC92173C074885221F
            SHA1:0DDE8FD9111D807E202B2FB37F8BCC4052FD861E
            SHA-256:A824BC7739E226E1B40EA0F8C4E4F4C6F796FC3B4ABFA6E9ABE3BD119A30D938
            SHA-512:83C8B765EDCC44F6AAF19445881C315239095B4AC90E9BB85716084DB9B9EC75F74876B49340CBAF5AE8D173E517AF9EAF82E628D1D32090CD0B4AC8A5D08875
            Malicious:false
            Reputation:low
            URL:http://assets.unlayer.com/favicon.ico
            Preview:<?xml version="1.0" encoding="UTF-8"?>.<Error><Code>AccessDenied</Code><Message>Access Denied</Message></Error>
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:XML 1.0 document, ASCII text
            Category:downloaded
            Size (bytes):190
            Entropy (8bit):5.196615545092292
            Encrypted:false
            SSDEEP:3:vFWWMNHU8LdgCfZbZj+yFioWWUqXHFl6U93AUQUeLXPbETtx3xjg6NNdztNadKLn:TMVBd/ZbZjLF2WPXFl6yje7PbmtDjBN/
            MD5:01C768EF002C8300219B7C71A3B5B3F5
            SHA1:B364EA92A3CC74B6098C89ABAC41586D4CB52FFA
            SHA-256:7C498024046B9F7BC48026E5A06DC44FCEEF17CE6464DADC4FF45C65F6F885D8
            SHA-512:DA2DD11B79BCB21B1D7BAA9FD2DADECA57E7D404349E679920C9949B836232A6D60FC522945F7086CA122BF7CE500FDD6A9CCAF1706F558F66A1F2CFB635C967
            Malicious:false
            Reputation:low
            URL:http://assets.unlayer.com/
            Preview:<?xml version="1.0" encoding="UTF-8"?>.<Error><Code>Forbidden</Code><Message>Forbidden.</Message><RequestId>0888cdb3-6fc9-4235-8544-8c1a43f6c762</RequestId><HostId>{host-id}</HostId></Error>
            No static file info
            • Total Packets: 58
            • 443 (HTTPS)
            • 80 (HTTP)
            • 53 (DNS)
            TimestampSource PortDest PortSource IPDest IP
            Jan 28, 2025 19:47:44.188425064 CET49674443192.168.2.6173.222.162.64
            Jan 28, 2025 19:47:44.250781059 CET49673443192.168.2.6173.222.162.64
            Jan 28, 2025 19:47:44.469564915 CET49672443192.168.2.6173.222.162.64
            Jan 28, 2025 19:47:51.769396067 CET49712443192.168.2.640.115.3.253
            Jan 28, 2025 19:47:51.769429922 CET4434971240.115.3.253192.168.2.6
            Jan 28, 2025 19:47:51.769579887 CET49712443192.168.2.640.115.3.253
            Jan 28, 2025 19:47:51.770960093 CET49712443192.168.2.640.115.3.253
            Jan 28, 2025 19:47:51.770971060 CET4434971240.115.3.253192.168.2.6
            Jan 28, 2025 19:47:52.658495903 CET4434971240.115.3.253192.168.2.6
            Jan 28, 2025 19:47:52.658600092 CET49712443192.168.2.640.115.3.253
            Jan 28, 2025 19:47:52.664258003 CET49712443192.168.2.640.115.3.253
            Jan 28, 2025 19:47:52.664305925 CET4434971240.115.3.253192.168.2.6
            Jan 28, 2025 19:47:52.664551973 CET4434971240.115.3.253192.168.2.6
            Jan 28, 2025 19:47:52.668102026 CET49712443192.168.2.640.115.3.253
            Jan 28, 2025 19:47:52.668200016 CET49712443192.168.2.640.115.3.253
            Jan 28, 2025 19:47:52.668215036 CET4434971240.115.3.253192.168.2.6
            Jan 28, 2025 19:47:52.668430090 CET49712443192.168.2.640.115.3.253
            Jan 28, 2025 19:47:52.711322069 CET4434971240.115.3.253192.168.2.6
            Jan 28, 2025 19:47:52.843184948 CET4434971240.115.3.253192.168.2.6
            Jan 28, 2025 19:47:52.843403101 CET4434971240.115.3.253192.168.2.6
            Jan 28, 2025 19:47:52.843461037 CET49712443192.168.2.640.115.3.253
            Jan 28, 2025 19:47:52.843674898 CET49712443192.168.2.640.115.3.253
            Jan 28, 2025 19:47:52.843696117 CET4434971240.115.3.253192.168.2.6
            Jan 28, 2025 19:47:53.858254910 CET49673443192.168.2.6173.222.162.64
            Jan 28, 2025 19:47:53.889554024 CET49674443192.168.2.6173.222.162.64
            Jan 28, 2025 19:47:54.024729013 CET49718443192.168.2.6216.58.212.132
            Jan 28, 2025 19:47:54.024837971 CET44349718216.58.212.132192.168.2.6
            Jan 28, 2025 19:47:54.025204897 CET49718443192.168.2.6216.58.212.132
            Jan 28, 2025 19:47:54.025404930 CET49718443192.168.2.6216.58.212.132
            Jan 28, 2025 19:47:54.025418997 CET44349718216.58.212.132192.168.2.6
            Jan 28, 2025 19:47:54.153068066 CET49672443192.168.2.6173.222.162.64
            Jan 28, 2025 19:47:54.687067032 CET44349718216.58.212.132192.168.2.6
            Jan 28, 2025 19:47:54.688654900 CET49718443192.168.2.6216.58.212.132
            Jan 28, 2025 19:47:54.688676119 CET44349718216.58.212.132192.168.2.6
            Jan 28, 2025 19:47:54.689786911 CET44349718216.58.212.132192.168.2.6
            Jan 28, 2025 19:47:54.689862013 CET49718443192.168.2.6216.58.212.132
            Jan 28, 2025 19:47:54.696839094 CET49718443192.168.2.6216.58.212.132
            Jan 28, 2025 19:47:54.696907997 CET44349718216.58.212.132192.168.2.6
            Jan 28, 2025 19:47:54.749639988 CET49718443192.168.2.6216.58.212.132
            Jan 28, 2025 19:47:54.749659061 CET44349718216.58.212.132192.168.2.6
            Jan 28, 2025 19:47:54.796504974 CET49718443192.168.2.6216.58.212.132
            Jan 28, 2025 19:47:55.793752909 CET44349705173.222.162.64192.168.2.6
            Jan 28, 2025 19:47:55.793945074 CET49705443192.168.2.6173.222.162.64
            Jan 28, 2025 19:47:56.818165064 CET4973680192.168.2.618.172.112.35
            Jan 28, 2025 19:47:56.818356991 CET4973780192.168.2.618.172.112.35
            Jan 28, 2025 19:47:56.822972059 CET804973618.172.112.35192.168.2.6
            Jan 28, 2025 19:47:56.823050976 CET4973680192.168.2.618.172.112.35
            Jan 28, 2025 19:47:56.823086023 CET804973718.172.112.35192.168.2.6
            Jan 28, 2025 19:47:56.823159933 CET4973780192.168.2.618.172.112.35
            Jan 28, 2025 19:47:56.829087973 CET4973680192.168.2.618.172.112.35
            Jan 28, 2025 19:47:56.833914042 CET804973618.172.112.35192.168.2.6
            Jan 28, 2025 19:47:57.557012081 CET804973618.172.112.35192.168.2.6
            Jan 28, 2025 19:47:57.602082968 CET4973680192.168.2.618.172.112.35
            Jan 28, 2025 19:47:57.969566107 CET4973680192.168.2.618.172.112.35
            Jan 28, 2025 19:47:57.974436045 CET804973618.172.112.35192.168.2.6
            Jan 28, 2025 19:47:58.610773087 CET804973618.172.112.35192.168.2.6
            Jan 28, 2025 19:47:58.655447006 CET4973680192.168.2.618.172.112.35
            Jan 28, 2025 19:48:01.618073940 CET49769443192.168.2.640.115.3.253
            Jan 28, 2025 19:48:01.618135929 CET4434976940.115.3.253192.168.2.6
            Jan 28, 2025 19:48:01.618232965 CET49769443192.168.2.640.115.3.253
            Jan 28, 2025 19:48:01.618905067 CET49769443192.168.2.640.115.3.253
            Jan 28, 2025 19:48:01.618917942 CET4434976940.115.3.253192.168.2.6
            Jan 28, 2025 19:48:02.425573111 CET4434976940.115.3.253192.168.2.6
            Jan 28, 2025 19:48:02.425684929 CET49769443192.168.2.640.115.3.253
            Jan 28, 2025 19:48:02.428708076 CET49769443192.168.2.640.115.3.253
            Jan 28, 2025 19:48:02.428728104 CET4434976940.115.3.253192.168.2.6
            Jan 28, 2025 19:48:02.428994894 CET4434976940.115.3.253192.168.2.6
            Jan 28, 2025 19:48:02.431340933 CET49769443192.168.2.640.115.3.253
            Jan 28, 2025 19:48:02.431387901 CET49769443192.168.2.640.115.3.253
            Jan 28, 2025 19:48:02.431395054 CET4434976940.115.3.253192.168.2.6
            Jan 28, 2025 19:48:02.431512117 CET49769443192.168.2.640.115.3.253
            Jan 28, 2025 19:48:02.475333929 CET4434976940.115.3.253192.168.2.6
            Jan 28, 2025 19:48:02.608268023 CET4434976940.115.3.253192.168.2.6
            Jan 28, 2025 19:48:02.608344078 CET4434976940.115.3.253192.168.2.6
            Jan 28, 2025 19:48:02.608453989 CET49769443192.168.2.640.115.3.253
            Jan 28, 2025 19:48:02.608761072 CET49769443192.168.2.640.115.3.253
            Jan 28, 2025 19:48:02.608783960 CET4434976940.115.3.253192.168.2.6
            Jan 28, 2025 19:48:04.579288006 CET44349718216.58.212.132192.168.2.6
            Jan 28, 2025 19:48:04.579370022 CET44349718216.58.212.132192.168.2.6
            Jan 28, 2025 19:48:04.579416037 CET49718443192.168.2.6216.58.212.132
            Jan 28, 2025 19:48:05.965486050 CET49718443192.168.2.6216.58.212.132
            Jan 28, 2025 19:48:05.965502977 CET44349718216.58.212.132192.168.2.6
            Jan 28, 2025 19:48:19.430368900 CET49888443192.168.2.640.115.3.253
            Jan 28, 2025 19:48:19.430394888 CET4434988840.115.3.253192.168.2.6
            Jan 28, 2025 19:48:19.430479050 CET49888443192.168.2.640.115.3.253
            Jan 28, 2025 19:48:19.431279898 CET49888443192.168.2.640.115.3.253
            Jan 28, 2025 19:48:19.431294918 CET4434988840.115.3.253192.168.2.6
            Jan 28, 2025 19:48:20.241460085 CET4434988840.115.3.253192.168.2.6
            Jan 28, 2025 19:48:20.241641045 CET49888443192.168.2.640.115.3.253
            Jan 28, 2025 19:48:20.249650002 CET49888443192.168.2.640.115.3.253
            Jan 28, 2025 19:48:20.249675035 CET4434988840.115.3.253192.168.2.6
            Jan 28, 2025 19:48:20.250031948 CET4434988840.115.3.253192.168.2.6
            Jan 28, 2025 19:48:20.252609968 CET49888443192.168.2.640.115.3.253
            Jan 28, 2025 19:48:20.252722025 CET49888443192.168.2.640.115.3.253
            Jan 28, 2025 19:48:20.252734900 CET4434988840.115.3.253192.168.2.6
            Jan 28, 2025 19:48:20.252922058 CET49888443192.168.2.640.115.3.253
            Jan 28, 2025 19:48:20.299336910 CET4434988840.115.3.253192.168.2.6
            Jan 28, 2025 19:48:20.427995920 CET4434988840.115.3.253192.168.2.6
            Jan 28, 2025 19:48:20.428081989 CET4434988840.115.3.253192.168.2.6
            Jan 28, 2025 19:48:20.428150892 CET49888443192.168.2.640.115.3.253
            TimestampSource PortDest PortSource IPDest IP
            Jan 28, 2025 19:47:51.684588909 CET53594061.1.1.1192.168.2.6
            Jan 28, 2025 19:47:51.686161041 CET53646611.1.1.1192.168.2.6
            Jan 28, 2025 19:47:52.751209974 CET53615881.1.1.1192.168.2.6
            Jan 28, 2025 19:47:54.015758038 CET6076253192.168.2.61.1.1.1
            Jan 28, 2025 19:47:54.016175985 CET5668953192.168.2.61.1.1.1
            Jan 28, 2025 19:47:54.023328066 CET53607621.1.1.1192.168.2.6
            Jan 28, 2025 19:47:54.023652077 CET53566891.1.1.1192.168.2.6
            Jan 28, 2025 19:47:56.803646088 CET5056753192.168.2.61.1.1.1
            Jan 28, 2025 19:47:56.803803921 CET5720753192.168.2.61.1.1.1
            Jan 28, 2025 19:47:56.814299107 CET53505671.1.1.1192.168.2.6
            Jan 28, 2025 19:47:56.817137957 CET53572071.1.1.1192.168.2.6
            Jan 28, 2025 19:48:09.835484982 CET53496951.1.1.1192.168.2.6
            Jan 28, 2025 19:48:28.758049011 CET53627601.1.1.1192.168.2.6
            Jan 28, 2025 19:48:50.776254892 CET53605171.1.1.1192.168.2.6
            Jan 28, 2025 19:48:51.089179039 CET53509831.1.1.1192.168.2.6
            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            Jan 28, 2025 19:47:54.015758038 CET192.168.2.61.1.1.10x50a5Standard query (0)www.google.comA (IP address)IN (0x0001)false
            Jan 28, 2025 19:47:54.016175985 CET192.168.2.61.1.1.10x6305Standard query (0)www.google.com65IN (0x0001)false
            Jan 28, 2025 19:47:56.803646088 CET192.168.2.61.1.1.10x426dStandard query (0)assets.unlayer.comA (IP address)IN (0x0001)false
            Jan 28, 2025 19:47:56.803803921 CET192.168.2.61.1.1.10x4092Standard query (0)assets.unlayer.com65IN (0x0001)false
            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            Jan 28, 2025 19:47:54.023328066 CET1.1.1.1192.168.2.60x50a5No error (0)www.google.com216.58.212.132A (IP address)IN (0x0001)false
            Jan 28, 2025 19:47:54.023652077 CET1.1.1.1192.168.2.60x6305No error (0)www.google.com65IN (0x0001)false
            Jan 28, 2025 19:47:56.814299107 CET1.1.1.1192.168.2.60x426dNo error (0)assets.unlayer.comd14hpj5n6rtu02.cloudfront.netCNAME (Canonical name)IN (0x0001)false
            Jan 28, 2025 19:47:56.814299107 CET1.1.1.1192.168.2.60x426dNo error (0)d14hpj5n6rtu02.cloudfront.net18.172.112.35A (IP address)IN (0x0001)false
            Jan 28, 2025 19:47:56.814299107 CET1.1.1.1192.168.2.60x426dNo error (0)d14hpj5n6rtu02.cloudfront.net18.172.112.96A (IP address)IN (0x0001)false
            Jan 28, 2025 19:47:56.814299107 CET1.1.1.1192.168.2.60x426dNo error (0)d14hpj5n6rtu02.cloudfront.net18.172.112.112A (IP address)IN (0x0001)false
            Jan 28, 2025 19:47:56.814299107 CET1.1.1.1192.168.2.60x426dNo error (0)d14hpj5n6rtu02.cloudfront.net18.172.112.85A (IP address)IN (0x0001)false
            Jan 28, 2025 19:47:56.817137957 CET1.1.1.1192.168.2.60x4092No error (0)assets.unlayer.comd14hpj5n6rtu02.cloudfront.netCNAME (Canonical name)IN (0x0001)false
            • assets.unlayer.com
            All data are 0.

            Target ID:1
            Start time:13:47:46
            Start date:28/01/2025
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
            Imagebase:0x7ff684c40000
            File size:3'242'272 bytes
            MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false
            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

            Target ID:3
            Start time:13:47:48
            Start date:28/01/2025
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 --field-trial-handle=2004,i,6895744723872298390,10572785987213939283,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Imagebase:0x7ff684c40000
            File size:3'242'272 bytes
            MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false
            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

            Target ID:4
            Start time:13:47:55
            Start date:28/01/2025
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://assets.unlayer.com"
            Imagebase:0x7ff684c40000
            File size:3'242'272 bytes
            MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            No disassembly