Edit tour

Windows Analysis Report
https://eu.myconnectwise.net/v4_6_release/api/inlineimages/infinitygrp/8a07a37f-0e34-48e8-8792-5f81fcbde46d

Overview

General Information

Sample URL:	https://eu.myconnectwise.net/v4_6_release/api/inlineimages/infinitygrp/8a07a37f-0e34-48e8-8792-5f81fcbde46d
Analysis ID:	1431122
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5640 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6736 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=2212,i,17304811127047344951,1977242911418865081,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6356 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://eu.myconnectwise.net/v4_6_release/api/inlineimages/infinitygrp/8a07a37f-0e34-48e8-8792-5f81fcbde46d" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://cw-eu-documents.s3.eu-west-1.amazonaws.com/infinitygrp/7df2b4da-ddd3-49bc-9d40-ba86e6ff6d6c.png?X-Amz-Expires=300&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEEUaCWV1LXdlc3QtMSJGMEQCIGhCZ04ZR7dqRuUrg2gcJEnulmoGQDZTwlL%2FyPHVfzqyAiBB3Wl8Z5Rlc4gOZIAmW4L4N3N5gatma5hsPemdQsILsyq6BQiO%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAAaDDAwOTA0MzgzMTM3OCIMarrG2VhTy3VjABzxKo4FfTUisDdctRb3p%2Bd8HMbM6IhdntM25HsBTZwWmDvJZJKM3tuY7CkSVR3b3Bz2FtVJeJ7fycf3ecFIU146BrrIjh%2BGsDbeTcxiB9rTepupv7sslvTeYFwwqvl4OA0AHri5PJou3lEAA4N%2BwwHuyTJEzs%2BzAPXEEn1WwzlwW2g2FAtfghaEKC3mw01tGhXSO0cFvu7ApgMOJGBDJAV3KffZc%2B4bK1ZMhgI0LvcIGVDkIivnWHKIUDCp4XMvzUyHR4jo%2BpWI79mconN1xSn5kMw71aDlmD1XEK8JTb0HnGTA9QQCvoF7bUR%2FwRJPzMBmjcV4WqJiJBY9DUp8YLC18hNWqqANHuRVmSD%2BX0MXbj2dW2NDH80yvhPwWFApqWvplDutkONR4oAv939zO%2FuH0uuE1mD9EA6NGbTyggCGKAqBcCTvbrRkXqDf9Ht8Gx87gLw%2BRmvIm97EH5CMwq4vMGBc5%2FiCqZn6k6hjrfFuNSdBHJXs9ZvVeMQwwLUxSkRE8FeB7EnSA9iCUVtjtqh5iujwVXZrKrg%2BmEdtIRMhBNPAR63eLGyL14GQe2WZs9Lt6%2F8BKKJBT0yfYn3IJJjlt12EJqRxEn%2FN20zKB%2BwSs%2FTJekbw5FV0HjD7t4a%2F0...

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.7:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.7:49715 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 40.119.6.228

Source: global traffic	HTTP traffic detected: GET /v4_6_release/api/inlineimages/infinitygrp/8a07a37f-0e34-48e8-8792-5f81fcbde46d HTTP/1.1Host: eu.myconnectwise.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /infinitygrp/7df2b4da-ddd3-49bc-9d40-ba86e6ff6d6c.png?X-Amz-Expires=300&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEEUaCWV1LXdlc3QtMSJGMEQCIGhCZ04ZR7dqRuUrg2gcJEnulmoGQDZTwlL%2FyPHVfzqyAiBB3Wl8Z5Rlc4gOZIAmW4L4N3N5gatma5hsPemdQsILsyq6BQiO%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAAaDDAwOTA0MzgzMTM3OCIMarrG2VhTy3VjABzxKo4FfTUisDdctRb3p%2Bd8HMbM6IhdntM25HsBTZwWmDvJZJKM3tuY7CkSVR3b3Bz2FtVJeJ7fycf3ecFIU146BrrIjh%2BGsDbeTcxiB9rTepupv7sslvTeYFwwqvl4OA0AHri5PJou3lEAA4N%2BwwHuyTJEzs%2BzAPXEEn1WwzlwW2g2FAtfghaEKC3mw01tGhXSO0cFvu7ApgMOJGBDJAV3KffZc%2B4bK1ZMhgI0LvcIGVDkIivnWHKIUDCp4XMvzUyHR4jo%2BpWI79mconN1xSn5kMw71aDlmD1XEK8JTb0HnGTA9QQCvoF7bUR%2FwRJPzMBmjcV4WqJiJBY9DUp8YLC18hNWqqANHuRVmSD%2BX0MXbj2dW2NDH80yvhPwWFApqWvplDutkONR4oAv939zO%2FuH0uuE1mD9EA6NGbTyggCGKAqBcCTvbrRkXqDf9Ht8Gx87gLw%2BRmvIm97EH5CMwq4vMGBc5%2FiCqZn6k6hjrfFuNSdBHJXs9ZvVeMQwwLUxSkRE8FeB7EnSA9iCUVtjtqh5iujwVXZrKrg%2BmEdtIRMhBNPAR63eLGyL14GQe2WZs9Lt6%2F8BKKJBT0yfYn3IJJjlt12EJqRxEn%2FN20zKB%2BwSs%2FTJekbw5FV0HjD7t4a%2F0bxXVG9x9ggMsKPkkTKBqW1%2F%2Fq0AE6ulPhZETnISCNBifCH3eTtuNyV8h4NqL2QairfHeKTvHLeZbAkm4Dsvn9tETsJfdR4Ze11ps2a9WZIwyZ8YFnMs1Na4V4raPVLIXfIEtcTGQoNJFCkD9YJAutEg%2FkyQq14KZg4iYF44BpncxulaJRfa9FwR%2F0YzEMJ9oW8HbXX%2FGaIZzlD6ecVUPMxjER3KGHu4WVekMoHaxLBJzVEzMLSCpLEGOrIBYgHU34OyNThsb0zrFpSI948XMVqGzl7FP1Xrm0QO9LF6e6ovad9DGyoi8PWC4vUjxei9mV6YMzvyxrc0qgyjeYdVn6ggphdHv6r9Mkbxq2dMyk%2BCjQL15lGsdy5AANVg6Kt7QrDi2JRLpn5DVe7oa6So9rFzBT7pDcZ7NlBDuoo45RM4d5AdoZtV89tn9YtWN%2BBi1qjyl%2FzA14FV%2BSUWpAmNYVa5E874LsuAt5oivKSwWQ%3D%3D&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQEGYN5JJNLUOHHLU%2F20240424%2Feu-west-1%2Fs3%2Faws4_request&X-Amz-Date=20240424T140218Z&X-Amz-SignedHeaders=host&X-Amz-Signature=f433cf11fba2c2737f30faae122ab28581622d995f31674453f0cfa77e57413c HTTP/1.1Host: cw-eu-documents.s3.eu-west-1.amazonaws.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cw-eu-documents.s3.eu-west-1.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cw-eu-documents.s3.eu-west-1.amazonaws.com/infinitygrp/7df2b4da-ddd3-49bc-9d40-ba86e6ff6d6c.png?X-Amz-Expires=300&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEEUaCWV1LXdlc3QtMSJGMEQCIGhCZ04ZR7dqRuUrg2gcJEnulmoGQDZTwlL%2FyPHVfzqyAiBB3Wl8Z5Rlc4gOZIAmW4L4N3N5gatma5hsPemdQsILsyq6BQiO%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAAaDDAwOTA0MzgzMTM3OCIMarrG2VhTy3VjABzxKo4FfTUisDdctRb3p%2Bd8HMbM6IhdntM25HsBTZwWmDvJZJKM3tuY7CkSVR3b3Bz2FtVJeJ7fycf3ecFIU146BrrIjh%2BGsDbeTcxiB9rTepupv7sslvTeYFwwqvl4OA0AHri5PJou3lEAA4N%2BwwHuyTJEzs%2BzAPXEEn1WwzlwW2g2FAtfghaEKC3mw01tGhXSO0cFvu7ApgMOJGBDJAV3KffZc%2B4bK1ZMhgI0LvcIGVDkIivnWHKIUDCp4XMvzUyHR4jo%2BpWI79mconN1xSn5kMw71aDlmD1XEK8JTb0HnGTA9QQCvoF7bUR%2FwRJPzMBmjcV4WqJiJBY9DUp8YLC18hNWqqANHuRVmSD%2BX0MXbj2dW2NDH80yvhPwWFApqWvplDutkONR4oAv939zO%2FuH0uuE1mD9EA6NGbTyggCGKAqBcCTvbrRkXqDf9Ht8Gx87gLw%2BRmvIm97EH5CMwq4vMGBc5%2FiCqZn6k6hjrfFuNSdBHJXs9ZvVeMQwwLUxSkRE8FeB7EnSA9iCUVtjtqh5iujwVXZrKrg%2BmEdtIRMhBNPAR63eLGyL14GQe2WZs9Lt6%2F8BKKJBT0yfYn3IJJjlt12EJqRxEn%2FN20zKB%2BwSs%2FTJekbw5FV0HjD7t4a%2F0bxXVG9x9ggMsKPkkTKBqW1%2F%2Fq0AE6ulPhZETnISCNBifCH3eTtuNyV8h4NqL2QairfHeKTvHLeZbAkm4Dsvn9tETsJfdR4Ze11ps2a9WZIwyZ8YFnMs1Na4V4raPVLIXfIEtcTGQoNJFCkD9YJAutEg%2FkyQq14KZg4iYF44BpncxulaJRfa9FwR%2F0YzEMJ9oW8HbXX%2FGaIZzlD6ecVUPMxjER3KGHu4WVekMoHaxLBJzVEzMLSCpLEGOrIBYgHU34OyNThsb0zrFpSI948XMVqGzl7FP1Xrm0QO9LF6e6ovad9DGyoi8PWC4vUjxei9mV6YMzvyxrc0qgyjeYdVn6ggphdHv6r9Mkbxq2dMyk%2BCjQL15lGsdy5AANVg6Kt7QrDi2JRLpn5DVe7oa6So9rFzBT7pDcZ7NlBDuoo45RM4d5AdoZtV89tn9YtWN%2BBi1qjyl%2FzA14FV%2BSUWpAmNYVa5E874LsuAt5oivKSwWQ%3D%3D&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQEGYN5JJNLUOHHLU%2F20240424%2Feu-west-1%2Fs3%2Faws4_request&X-Amz-Date=20240424T140218Z&X-Amz-SignedHeaders=host&X-Amz-Signature=f433cf11fba2c2737f30faae122ab28581622d995f31674453f0cfa77e57413cAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: eu.myconnectwise.net
Source: global traffic	DNS traffic detected: DNS query: cw-eu-documents.s3.eu-west-1.amazonaws.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 403 Forbiddenx-amz-request-id: GNFSBTRVD043NRBQx-amz-id-2: wYnovtjKW3N9VwKhdkojjZILJB3qtAzTMxTzddrEXlsrjPr38PEj+DgnNShz4vva79V/eZ+1v1w=Content-Type: application/xmlTransfer-Encoding: chunkedDate: Wed, 24 Apr 2024 14:02:22 GMTServer: AmazonS3Connection: close

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: unknown	HTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.7:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.7:49715 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@18/4@6/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=2212,i,17304811127047344951,1977242911418865081,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://eu.myconnectwise.net/v4_6_release/api/inlineimages/infinitygrp/8a07a37f-0e34-48e8-8792-5f81fcbde46d"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=2212,i,17304811127047344951,1977242911418865081,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Confirm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Confirm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Confirm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Confirm

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://eu.myconnectwise.net/v4_6_release/api/inlineimages/infinitygrp/8a07a37f-0e34-48e8-8792-5f81fcbde46d	0%	Avira URL Cloud	safe

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
s3-r-w.eu-west-1.amazonaws.com	52.218.116.234	true	false	high
eu.myconnectwise.net	18.164.174.26	true	false	high
www.google.com	142.250.141.99	true	false	high
cw-eu-documents.s3.eu-west-1.amazonaws.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://eu.myconnectwise.net/v4_6_release/api/inlineimages/infinitygrp/8a07a37f-0e34-48e8-8792-5f81fcbde46d	false		high
https://cw-eu-documents.s3.eu-west-1.amazonaws.com/favicon.ico	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
18.164.174.26	eu.myconnectwise.net	United States	3	MIT-GATEWAYSUS	false
52.218.116.234	s3-r-w.eu-west-1.amazonaws.com	United States	16509	AMAZON-02US	false
142.250.141.99	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.7

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431122
Start date and time:	2024-04-24 16:01:20 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 24s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://eu.myconnectwise.net/v4_6_release/api/inlineimages/infinitygrp/8a07a37f-0e34-48e8-8792-5f81fcbde46d
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@18/4@6/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 74.125.137.94, 142.251.2.102, 142.251.2.101, 142.251.2.100, 142.251.2.113, 142.251.2.138, 142.251.2.139, 142.251.2.84, 34.104.35.123, 40.68.123.157, 23.45.12.163, 23.45.12.153, 13.85.23.206, 23.45.12.170, 142.251.2.94, 23.45.12.161
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, time.windows.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://eu.myconnectwise.net/v4_6_release/api/inlineimages/infinitygrp/8a07a37f-0e34-48e8-8792-5f81fcbde46d

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 480 x 43, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2224
Entropy (8bit):	7.74256788769744
Encrypted:	false
SSDEEP:	48:esZ6ViAfEE0H9IR5PDiHmgaT1rD83NoIaaGko1FVCyVZW5rrmvYsF4Eb+N:5Z09EE8IfMmgY1rD83yHFVCyLarmvP4F
MD5:	60DD8DF5242525EBEE08E9BDDF3B6C68
SHA1:	149085CAA1261C955B65591350BEF327FC5CA0D8
SHA-256:	90DF602A99F22AD2A3E20EDFF4281BC11022E1F25607E6714A6041B7F4978AFB
SHA-512:	812F71918998420AA2EAB219D76AC969AF4E5C82090638B3B803A42CF0A97D66E8ABD53BE4BCC5E366B6911104080264C7B022E842E7AAA44AC1E3FA6A65EB5A
Malicious:	false
Reputation:	low
URL:	https://cw-eu-documents.s3.eu-west-1.amazonaws.com/infinitygrp/7df2b4da-ddd3-49bc-9d40-ba86e6ff6d6c.png?X-Amz-Expires=300&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEEUaCWV1LXdlc3QtMSJGMEQCIGhCZ04ZR7dqRuUrg2gcJEnulmoGQDZTwlL%2FyPHVfzqyAiBB3Wl8Z5Rlc4gOZIAmW4L4N3N5gatma5hsPemdQsILsyq6BQiO%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAAaDDAwOTA0MzgzMTM3OCIMarrG2VhTy3VjABzxKo4FfTUisDdctRb3p%2Bd8HMbM6IhdntM25HsBTZwWmDvJZJKM3tuY7CkSVR3b3Bz2FtVJeJ7fycf3ecFIU146BrrIjh%2BGsDbeTcxiB9rTepupv7sslvTeYFwwqvl4OA0AHri5PJou3lEAA4N%2BwwHuyTJEzs%2BzAPXEEn1WwzlwW2g2FAtfghaEKC3mw01tGhXSO0cFvu7ApgMOJGBDJAV3KffZc%2B4bK1ZMhgI0LvcIGVDkIivnWHKIUDCp4XMvzUyHR4jo%2BpWI79mconN1xSn5kMw71aDlmD1XEK8JTb0HnGTA9QQCvoF7bUR%2FwRJPzMBmjcV4WqJiJBY9DUp8YLC18hNWqqANHuRVmSD%2BX0MXbj2dW2NDH80yvhPwWFApqWvplDutkONR4oAv939zO%2FuH0uuE1mD9EA6NGbTyggCGKAqBcCTvbrRkXqDf9Ht8Gx87gLw%2BRmvIm97EH5CMwq4vMGBc5%2FiCqZn6k6hjrfFuNSdBHJXs9ZvVeMQwwLUxSkRE8FeB7EnSA9iCUVtjtqh5iujwVXZrKrg%2BmEdtIRMhBNPAR63eLGyL14GQe2WZs9Lt6%2F8BKKJBT0yfYn3IJJjlt12EJqRxEn%2FN20zKB%2BwSs%2FTJekbw5FV0HjD7t4a%2F0bxXVG9x9ggMsKPkkTKBqW1%2F%2Fq0AE6ulPhZETnISCNBifCH3eTtuNyV8h4NqL2QairfHeKTvHLeZbAkm4Dsvn9tETsJfdR4Ze11ps2a9WZIwyZ8YFnMs1Na4V4raPVLIXfIEtcTGQoNJFCkD9YJAutEg%2FkyQq14KZg4iYF44BpncxulaJRfa9FwR%2F0YzEMJ9oW8HbXX%2FGaIZzlD6ecVUPMxjER3KGHu4WVekMoHaxLBJzVEzMLSCpLEGOrIBYgHU34OyNThsb0zrFpSI948XMVqGzl7FP1Xrm0QO9LF6e6ovad9DGyoi8PWC4vUjxei9mV6YMzvyxrc0qgyjeYdVn6ggphdHv6r9Mkbxq2dMyk%2BCjQL15lGsdy5AANVg6Kt7QrDi2JRLpn5DVe7oa6So9rFzBT7pDcZ7NlBDuoo45RM4d5AdoZtV89tn9YtWN%2BBi1qjyl%2FzA14FV%2BSUWpAmNYVa5E874LsuAt5oivKSwWQ%3D%3D&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQEGYN5JJNLUOHHLU%2F20240424%2Feu-west-1%2Fs3%2Faws4_request&X-Amz-Date=20240424T140218Z&X-Amz-SignedHeaders=host&X-Amz-Signature=f433cf11fba2c2737f30faae122ab28581622d995f31674453f0cfa77e57413c
Preview:	.PNG........IHDR.......+.......[V....sRGB.........gAMA......a.....pHYs..........o.d...EIDATx^....e..p...(.....B..$....5A..o...x@...j..c.c.@......Z."]..-.-t..fII.P...PBkj.K.F.>o.Rvv......$..>..3.y.\|.yf..==C...0{6..d.C..........u"....f........`.... ....<..............`.... ....<..............`.... ....<..............`.H.zJe.0..e.hR.x...5...L(B..*M.....8JsCq..._..r...M..>(.hK?........25j..b4hc$...9[..i.....(........Y.....G...7......A.....tYNz.\|."=..3.h.N7./j...}.{..P...P...}.,....U.0....\|e.^.W.f..k...H.h.Q..b....._..^o....F.EZ.2K..&.e.v&....ES....H...~Y.R..~\....r#.A...4>...f.^K...T7........sT.%.F+%Z>.l:2D..FV?..6v?y.~BtR.#...uL.xFV6..s......ew.X...R..[..5...{.!?.?...9Z.v......b...e..DhL..v....{U.b...Tm.1..&u.q.M..M6._.qe.F..2.\:....h.....W...+....\|.....tCN-.......S.3..j3.y1.h!o.cE.,k.5..U..Z.B{u.V..&.......d..O.%..4...z..T@]..u?F3.Y.../\../....2.2c#.....:7'K.q....9...eQ'...Q.&.q...`.I......xm........Z.u.......=."...~...tR.../.W...+.U.e....p....z

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, ASCII text
Category:	downloaded
Size (bytes):	243
Entropy (8bit):	5.558587984818707
Encrypted:	false
SSDEEP:	6:TMVBd/ZbZjZvKtWRVzjiASr5NnUWUPVE08QeqYZ2ian:TMHd9BZKtWRf2UWUPvOqYZta
MD5:	9524491D53AB928F14466C1EC707B6B0
SHA1:	4E94B1528177221C5DE2C9E80DB6372B6A8258DF
SHA-256:	43922E725FE17A251EECE2FDF11BE25559E44215BDC24BC4B43AC1B0BB4CCF7F
SHA-512:	46A51A86D815928C2D727CF853A013CC53C11848809A439D9B98CEC899CC3BC3D169BA74188F14836DDC55A2BFE41C29A3CD07C51F4657C191F70AF5EE3E35F9
Malicious:	false
Reputation:	low
URL:	https://cw-eu-documents.s3.eu-west-1.amazonaws.com/favicon.ico
Preview:	<?xml version="1.0" encoding="UTF-8"?>.<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>GNFSBTRVD043NRBQ</RequestId><HostId>wYnovtjKW3N9VwKhdkojjZILJB3qtAzTMxTzddrEXlsrjPr38PEj+DgnNShz4vva79V/eZ+1v1w=</HostId></Error>

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 16:02:08.245867014 CEST	49671	443	192.168.2.7	204.79.197.203
Apr 24, 2024 16:02:08.558027029 CEST	49671	443	192.168.2.7	204.79.197.203
Apr 24, 2024 16:02:08.807987928 CEST	49674	443	192.168.2.7	104.98.116.138
Apr 24, 2024 16:02:08.823631048 CEST	49675	443	192.168.2.7	104.98.116.138
Apr 24, 2024 16:02:08.901753902 CEST	49672	443	192.168.2.7	104.98.116.138
Apr 24, 2024 16:02:09.167404890 CEST	49671	443	192.168.2.7	204.79.197.203
Apr 24, 2024 16:02:10.370487928 CEST	49671	443	192.168.2.7	204.79.197.203
Apr 24, 2024 16:02:12.776798010 CEST	49671	443	192.168.2.7	204.79.197.203
Apr 24, 2024 16:02:16.794281960 CEST	49677	443	192.168.2.7	20.50.201.200
Apr 24, 2024 16:02:17.199285984 CEST	49677	443	192.168.2.7	20.50.201.200
Apr 24, 2024 16:02:17.605381966 CEST	49671	443	192.168.2.7	204.79.197.203
Apr 24, 2024 16:02:17.989360094 CEST	49677	443	192.168.2.7	20.50.201.200
Apr 24, 2024 16:02:18.142419100 CEST	49706	443	192.168.2.7	18.164.174.26
Apr 24, 2024 16:02:18.142456055 CEST	443	49706	18.164.174.26	192.168.2.7
Apr 24, 2024 16:02:18.142532110 CEST	49706	443	192.168.2.7	18.164.174.26
Apr 24, 2024 16:02:18.142929077 CEST	49707	443	192.168.2.7	18.164.174.26
Apr 24, 2024 16:02:18.142970085 CEST	443	49707	18.164.174.26	192.168.2.7
Apr 24, 2024 16:02:18.143275023 CEST	49707	443	192.168.2.7	18.164.174.26
Apr 24, 2024 16:02:18.143326044 CEST	49706	443	192.168.2.7	18.164.174.26
Apr 24, 2024 16:02:18.143337011 CEST	443	49706	18.164.174.26	192.168.2.7
Apr 24, 2024 16:02:18.143558025 CEST	49707	443	192.168.2.7	18.164.174.26
Apr 24, 2024 16:02:18.143572092 CEST	443	49707	18.164.174.26	192.168.2.7
Apr 24, 2024 16:02:18.472688913 CEST	443	49706	18.164.174.26	192.168.2.7
Apr 24, 2024 16:02:18.473098040 CEST	49706	443	192.168.2.7	18.164.174.26
Apr 24, 2024 16:02:18.473124981 CEST	443	49706	18.164.174.26	192.168.2.7
Apr 24, 2024 16:02:18.474351883 CEST	443	49706	18.164.174.26	192.168.2.7
Apr 24, 2024 16:02:18.474422932 CEST	49706	443	192.168.2.7	18.164.174.26
Apr 24, 2024 16:02:18.475682020 CEST	49706	443	192.168.2.7	18.164.174.26
Apr 24, 2024 16:02:18.475756884 CEST	443	49706	18.164.174.26	192.168.2.7
Apr 24, 2024 16:02:18.475874901 CEST	49706	443	192.168.2.7	18.164.174.26
Apr 24, 2024 16:02:18.476336002 CEST	443	49707	18.164.174.26	192.168.2.7
Apr 24, 2024 16:02:18.476547003 CEST	49707	443	192.168.2.7	18.164.174.26
Apr 24, 2024 16:02:18.476576090 CEST	443	49707	18.164.174.26	192.168.2.7
Apr 24, 2024 16:02:18.477838039 CEST	443	49707	18.164.174.26	192.168.2.7
Apr 24, 2024 16:02:18.477921009 CEST	49707	443	192.168.2.7	18.164.174.26
Apr 24, 2024 16:02:18.478800058 CEST	49707	443	192.168.2.7	18.164.174.26
Apr 24, 2024 16:02:18.478869915 CEST	443	49707	18.164.174.26	192.168.2.7
Apr 24, 2024 16:02:18.495367050 CEST	49675	443	192.168.2.7	104.98.116.138
Apr 24, 2024 16:02:18.495460987 CEST	49674	443	192.168.2.7	104.98.116.138
Apr 24, 2024 16:02:18.511373043 CEST	49672	443	192.168.2.7	104.98.116.138
Apr 24, 2024 16:02:18.516160011 CEST	443	49706	18.164.174.26	192.168.2.7
Apr 24, 2024 16:02:18.684119940 CEST	443	49706	18.164.174.26	192.168.2.7
Apr 24, 2024 16:02:18.684156895 CEST	443	49707	18.164.174.26	192.168.2.7
Apr 24, 2024 16:02:18.684231043 CEST	49706	443	192.168.2.7	18.164.174.26
Apr 24, 2024 16:02:18.684298992 CEST	49707	443	192.168.2.7	18.164.174.26
Apr 24, 2024 16:02:19.117789984 CEST	443	49706	18.164.174.26	192.168.2.7
Apr 24, 2024 16:02:19.117820024 CEST	443	49706	18.164.174.26	192.168.2.7
Apr 24, 2024 16:02:19.117889881 CEST	49706	443	192.168.2.7	18.164.174.26
Apr 24, 2024 16:02:19.117918015 CEST	443	49706	18.164.174.26	192.168.2.7
Apr 24, 2024 16:02:19.117959976 CEST	49706	443	192.168.2.7	18.164.174.26
Apr 24, 2024 16:02:19.121068001 CEST	443	49706	18.164.174.26	192.168.2.7
Apr 24, 2024 16:02:19.121154070 CEST	443	49706	18.164.174.26	192.168.2.7
Apr 24, 2024 16:02:19.121197939 CEST	49706	443	192.168.2.7	18.164.174.26
Apr 24, 2024 16:02:19.177979946 CEST	49706	443	192.168.2.7	18.164.174.26
Apr 24, 2024 16:02:19.178004980 CEST	443	49706	18.164.174.26	192.168.2.7
Apr 24, 2024 16:02:19.395354033 CEST	49710	443	192.168.2.7	52.218.116.234
Apr 24, 2024 16:02:19.395440102 CEST	443	49710	52.218.116.234	192.168.2.7
Apr 24, 2024 16:02:19.395512104 CEST	49710	443	192.168.2.7	52.218.116.234
Apr 24, 2024 16:02:19.396601915 CEST	49710	443	192.168.2.7	52.218.116.234
Apr 24, 2024 16:02:19.396640062 CEST	443	49710	52.218.116.234	192.168.2.7
Apr 24, 2024 16:02:19.495387077 CEST	49677	443	192.168.2.7	20.50.201.200
Apr 24, 2024 16:02:19.928853989 CEST	443	49699	104.98.116.138	192.168.2.7
Apr 24, 2024 16:02:19.928956032 CEST	49699	443	192.168.2.7	104.98.116.138
Apr 24, 2024 16:02:20.319782019 CEST	443	49710	52.218.116.234	192.168.2.7
Apr 24, 2024 16:02:20.320096016 CEST	49710	443	192.168.2.7	52.218.116.234
Apr 24, 2024 16:02:20.320130110 CEST	443	49710	52.218.116.234	192.168.2.7
Apr 24, 2024 16:02:20.321258068 CEST	443	49710	52.218.116.234	192.168.2.7
Apr 24, 2024 16:02:20.321331024 CEST	49710	443	192.168.2.7	52.218.116.234
Apr 24, 2024 16:02:20.321351051 CEST	443	49710	52.218.116.234	192.168.2.7
Apr 24, 2024 16:02:20.321403980 CEST	49710	443	192.168.2.7	52.218.116.234
Apr 24, 2024 16:02:20.560390949 CEST	49710	443	192.168.2.7	52.218.116.234
Apr 24, 2024 16:02:20.560641050 CEST	443	49710	52.218.116.234	192.168.2.7
Apr 24, 2024 16:02:20.560969114 CEST	49710	443	192.168.2.7	52.218.116.234
Apr 24, 2024 16:02:20.561019897 CEST	443	49710	52.218.116.234	192.168.2.7
Apr 24, 2024 16:02:20.700211048 CEST	49710	443	192.168.2.7	52.218.116.234
Apr 24, 2024 16:02:20.735121965 CEST	49711	443	192.168.2.7	142.250.141.99
Apr 24, 2024 16:02:20.735207081 CEST	443	49711	142.250.141.99	192.168.2.7
Apr 24, 2024 16:02:20.735383034 CEST	49711	443	192.168.2.7	142.250.141.99
Apr 24, 2024 16:02:20.736072063 CEST	49711	443	192.168.2.7	142.250.141.99
Apr 24, 2024 16:02:20.736121893 CEST	443	49711	142.250.141.99	192.168.2.7
Apr 24, 2024 16:02:21.097783089 CEST	443	49711	142.250.141.99	192.168.2.7
Apr 24, 2024 16:02:21.101728916 CEST	49711	443	192.168.2.7	142.250.141.99
Apr 24, 2024 16:02:21.101793051 CEST	443	49711	142.250.141.99	192.168.2.7
Apr 24, 2024 16:02:21.102906942 CEST	443	49711	142.250.141.99	192.168.2.7
Apr 24, 2024 16:02:21.103014946 CEST	49711	443	192.168.2.7	142.250.141.99
Apr 24, 2024 16:02:21.119146109 CEST	49711	443	192.168.2.7	142.250.141.99
Apr 24, 2024 16:02:21.119378090 CEST	443	49711	142.250.141.99	192.168.2.7
Apr 24, 2024 16:02:21.170013905 CEST	49711	443	192.168.2.7	142.250.141.99
Apr 24, 2024 16:02:21.170037031 CEST	443	49711	142.250.141.99	192.168.2.7
Apr 24, 2024 16:02:21.210933924 CEST	443	49710	52.218.116.234	192.168.2.7
Apr 24, 2024 16:02:21.211009026 CEST	443	49710	52.218.116.234	192.168.2.7
Apr 24, 2024 16:02:21.211086988 CEST	443	49710	52.218.116.234	192.168.2.7
Apr 24, 2024 16:02:21.211086035 CEST	49710	443	192.168.2.7	52.218.116.234
Apr 24, 2024 16:02:21.211137056 CEST	49710	443	192.168.2.7	52.218.116.234
Apr 24, 2024 16:02:21.214148998 CEST	49711	443	192.168.2.7	142.250.141.99
Apr 24, 2024 16:02:21.305490971 CEST	49710	443	192.168.2.7	52.218.116.234
Apr 24, 2024 16:02:21.305560112 CEST	443	49710	52.218.116.234	192.168.2.7
Apr 24, 2024 16:02:21.431823015 CEST	49712	443	192.168.2.7	52.218.116.234
Apr 24, 2024 16:02:21.431875944 CEST	443	49712	52.218.116.234	192.168.2.7
Apr 24, 2024 16:02:21.431956053 CEST	49712	443	192.168.2.7	52.218.116.234
Apr 24, 2024 16:02:21.438613892 CEST	49712	443	192.168.2.7	52.218.116.234
Apr 24, 2024 16:02:21.438632965 CEST	443	49712	52.218.116.234	192.168.2.7
Apr 24, 2024 16:02:22.040694952 CEST	49713	443	192.168.2.7	23.202.57.177
Apr 24, 2024 16:02:22.040728092 CEST	443	49713	23.202.57.177	192.168.2.7
Apr 24, 2024 16:02:22.040868044 CEST	49713	443	192.168.2.7	23.202.57.177
Apr 24, 2024 16:02:22.042793036 CEST	49713	443	192.168.2.7	23.202.57.177
Apr 24, 2024 16:02:22.042809010 CEST	443	49713	23.202.57.177	192.168.2.7
Apr 24, 2024 16:02:22.341706991 CEST	443	49712	52.218.116.234	192.168.2.7
Apr 24, 2024 16:02:22.342478037 CEST	49712	443	192.168.2.7	52.218.116.234
Apr 24, 2024 16:02:22.342502117 CEST	443	49712	52.218.116.234	192.168.2.7
Apr 24, 2024 16:02:22.342865944 CEST	443	49712	52.218.116.234	192.168.2.7
Apr 24, 2024 16:02:22.355896950 CEST	49712	443	192.168.2.7	52.218.116.234
Apr 24, 2024 16:02:22.356028080 CEST	443	49712	52.218.116.234	192.168.2.7
Apr 24, 2024 16:02:22.360327959 CEST	49712	443	192.168.2.7	52.218.116.234
Apr 24, 2024 16:02:22.360375881 CEST	443	49712	52.218.116.234	192.168.2.7
Apr 24, 2024 16:02:22.389036894 CEST	443	49713	23.202.57.177	192.168.2.7
Apr 24, 2024 16:02:22.389126062 CEST	49713	443	192.168.2.7	23.202.57.177
Apr 24, 2024 16:02:22.401925087 CEST	49713	443	192.168.2.7	23.202.57.177
Apr 24, 2024 16:02:22.401952982 CEST	443	49713	23.202.57.177	192.168.2.7
Apr 24, 2024 16:02:22.402901888 CEST	443	49713	23.202.57.177	192.168.2.7
Apr 24, 2024 16:02:22.448307991 CEST	49713	443	192.168.2.7	23.202.57.177
Apr 24, 2024 16:02:22.479530096 CEST	49677	443	192.168.2.7	20.50.201.200
Apr 24, 2024 16:02:22.669594049 CEST	443	49712	52.218.116.234	192.168.2.7
Apr 24, 2024 16:02:22.669728994 CEST	443	49712	52.218.116.234	192.168.2.7
Apr 24, 2024 16:02:22.669830084 CEST	49712	443	192.168.2.7	52.218.116.234
Apr 24, 2024 16:02:22.702894926 CEST	49713	443	192.168.2.7	23.202.57.177
Apr 24, 2024 16:02:22.748114109 CEST	443	49713	23.202.57.177	192.168.2.7
Apr 24, 2024 16:02:22.763084888 CEST	49712	443	192.168.2.7	52.218.116.234
Apr 24, 2024 16:02:22.763112068 CEST	443	49712	52.218.116.234	192.168.2.7
Apr 24, 2024 16:02:22.872778893 CEST	443	49713	23.202.57.177	192.168.2.7
Apr 24, 2024 16:02:22.872975111 CEST	443	49713	23.202.57.177	192.168.2.7
Apr 24, 2024 16:02:22.873258114 CEST	49713	443	192.168.2.7	23.202.57.177
Apr 24, 2024 16:02:22.885314941 CEST	49713	443	192.168.2.7	23.202.57.177
Apr 24, 2024 16:02:22.885353088 CEST	443	49713	23.202.57.177	192.168.2.7
Apr 24, 2024 16:02:22.994117022 CEST	49715	443	192.168.2.7	23.202.57.177
Apr 24, 2024 16:02:22.994208097 CEST	443	49715	23.202.57.177	192.168.2.7
Apr 24, 2024 16:02:22.994450092 CEST	49715	443	192.168.2.7	23.202.57.177
Apr 24, 2024 16:02:22.995105982 CEST	49715	443	192.168.2.7	23.202.57.177
Apr 24, 2024 16:02:22.995138884 CEST	443	49715	23.202.57.177	192.168.2.7
Apr 24, 2024 16:02:23.337219000 CEST	443	49715	23.202.57.177	192.168.2.7
Apr 24, 2024 16:02:23.337315083 CEST	49715	443	192.168.2.7	23.202.57.177
Apr 24, 2024 16:02:23.339405060 CEST	49715	443	192.168.2.7	23.202.57.177
Apr 24, 2024 16:02:23.339416027 CEST	443	49715	23.202.57.177	192.168.2.7
Apr 24, 2024 16:02:23.339746952 CEST	443	49715	23.202.57.177	192.168.2.7
Apr 24, 2024 16:02:23.343863964 CEST	49715	443	192.168.2.7	23.202.57.177
Apr 24, 2024 16:02:23.384129047 CEST	443	49715	23.202.57.177	192.168.2.7
Apr 24, 2024 16:02:23.673748970 CEST	443	49715	23.202.57.177	192.168.2.7
Apr 24, 2024 16:02:23.674552917 CEST	443	49715	23.202.57.177	192.168.2.7
Apr 24, 2024 16:02:23.674607038 CEST	49715	443	192.168.2.7	23.202.57.177
Apr 24, 2024 16:02:23.675071955 CEST	49715	443	192.168.2.7	23.202.57.177
Apr 24, 2024 16:02:23.675087929 CEST	443	49715	23.202.57.177	192.168.2.7
Apr 24, 2024 16:02:23.675100088 CEST	49715	443	192.168.2.7	23.202.57.177
Apr 24, 2024 16:02:23.675105095 CEST	443	49715	23.202.57.177	192.168.2.7
Apr 24, 2024 16:02:27.215070009 CEST	49671	443	192.168.2.7	204.79.197.203
Apr 24, 2024 16:02:28.433312893 CEST	49677	443	192.168.2.7	20.50.201.200
Apr 24, 2024 16:02:31.125099897 CEST	443	49711	142.250.141.99	192.168.2.7
Apr 24, 2024 16:02:31.125272036 CEST	443	49711	142.250.141.99	192.168.2.7
Apr 24, 2024 16:02:31.125426054 CEST	49711	443	192.168.2.7	142.250.141.99
Apr 24, 2024 16:02:32.544831038 CEST	49711	443	192.168.2.7	142.250.141.99
Apr 24, 2024 16:02:32.544902086 CEST	443	49711	142.250.141.99	192.168.2.7
Apr 24, 2024 16:02:40.339756012 CEST	49677	443	192.168.2.7	20.50.201.200
Apr 24, 2024 16:02:48.465794086 CEST	443	49707	18.164.174.26	192.168.2.7
Apr 24, 2024 16:02:48.465959072 CEST	443	49707	18.164.174.26	192.168.2.7
Apr 24, 2024 16:02:48.466017962 CEST	49707	443	192.168.2.7	18.164.174.26
Apr 24, 2024 16:02:48.544270039 CEST	49707	443	192.168.2.7	18.164.174.26
Apr 24, 2024 16:02:48.544298887 CEST	443	49707	18.164.174.26	192.168.2.7
Apr 24, 2024 16:03:20.625296116 CEST	49722	443	192.168.2.7	142.250.141.99
Apr 24, 2024 16:03:20.625327110 CEST	443	49722	142.250.141.99	192.168.2.7
Apr 24, 2024 16:03:20.625447989 CEST	49722	443	192.168.2.7	142.250.141.99
Apr 24, 2024 16:03:20.625701904 CEST	49722	443	192.168.2.7	142.250.141.99
Apr 24, 2024 16:03:20.625719070 CEST	443	49722	142.250.141.99	192.168.2.7
Apr 24, 2024 16:03:20.988753080 CEST	443	49722	142.250.141.99	192.168.2.7
Apr 24, 2024 16:03:20.989111900 CEST	49722	443	192.168.2.7	142.250.141.99
Apr 24, 2024 16:03:20.989128113 CEST	443	49722	142.250.141.99	192.168.2.7
Apr 24, 2024 16:03:20.989417076 CEST	443	49722	142.250.141.99	192.168.2.7
Apr 24, 2024 16:03:20.989958048 CEST	49722	443	192.168.2.7	142.250.141.99
Apr 24, 2024 16:03:20.990010977 CEST	443	49722	142.250.141.99	192.168.2.7
Apr 24, 2024 16:03:21.030261040 CEST	49722	443	192.168.2.7	142.250.141.99
Apr 24, 2024 16:03:30.993710995 CEST	443	49722	142.250.141.99	192.168.2.7
Apr 24, 2024 16:03:30.993776083 CEST	443	49722	142.250.141.99	192.168.2.7
Apr 24, 2024 16:03:30.993855953 CEST	49722	443	192.168.2.7	142.250.141.99
Apr 24, 2024 16:03:31.131232977 CEST	49722	443	192.168.2.7	142.250.141.99
Apr 24, 2024 16:03:31.131259918 CEST	443	49722	142.250.141.99	192.168.2.7

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 16:02:16.352252007 CEST	53	49181	1.1.1.1	192.168.2.7
Apr 24, 2024 16:02:16.439111948 CEST	53	62397	1.1.1.1	192.168.2.7
Apr 24, 2024 16:02:17.762129068 CEST	53	60801	1.1.1.1	192.168.2.7
Apr 24, 2024 16:02:17.967082024 CEST	52065	53	192.168.2.7	1.1.1.1
Apr 24, 2024 16:02:17.967545033 CEST	63321	53	192.168.2.7	1.1.1.1
Apr 24, 2024 16:02:18.137465954 CEST	53	63321	1.1.1.1	192.168.2.7
Apr 24, 2024 16:02:18.138962030 CEST	53	52065	1.1.1.1	192.168.2.7
Apr 24, 2024 16:02:19.185726881 CEST	65126	53	192.168.2.7	1.1.1.1
Apr 24, 2024 16:02:19.186408043 CEST	55749	53	192.168.2.7	1.1.1.1
Apr 24, 2024 16:02:19.354207993 CEST	53	65126	1.1.1.1	192.168.2.7
Apr 24, 2024 16:02:19.393563986 CEST	53	55749	1.1.1.1	192.168.2.7
Apr 24, 2024 16:02:20.561752081 CEST	50234	53	192.168.2.7	1.1.1.1
Apr 24, 2024 16:02:20.561923981 CEST	54238	53	192.168.2.7	1.1.1.1
Apr 24, 2024 16:02:20.715110064 CEST	53	50234	1.1.1.1	192.168.2.7
Apr 24, 2024 16:02:20.715306997 CEST	53	54238	1.1.1.1	192.168.2.7
Apr 24, 2024 16:02:23.512018919 CEST	123	123	192.168.2.7	40.119.6.228
Apr 24, 2024 16:02:23.725660086 CEST	123	123	40.119.6.228	192.168.2.7
Apr 24, 2024 16:02:35.858931065 CEST	53	50973	1.1.1.1	192.168.2.7
Apr 24, 2024 16:02:54.629446030 CEST	53	52985	1.1.1.1	192.168.2.7
Apr 24, 2024 16:03:16.074258089 CEST	53	49308	1.1.1.1	192.168.2.7
Apr 24, 2024 16:03:17.288712025 CEST	138	138	192.168.2.7	192.168.2.255
Apr 24, 2024 16:03:17.873461962 CEST	53	59182	1.1.1.1	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 24, 2024 16:02:17.967082024 CEST	192.168.2.7	1.1.1.1	0x5ef2	Standard query (0)	eu.myconnectwise.net	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:17.967545033 CEST	192.168.2.7	1.1.1.1	0x9503	Standard query (0)	eu.myconnectwise.net	65	IN (0x0001)	false
Apr 24, 2024 16:02:19.185726881 CEST	192.168.2.7	1.1.1.1	0x8450	Standard query (0)	cw-eu-documents.s3.eu-west-1.amazonaws.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:19.186408043 CEST	192.168.2.7	1.1.1.1	0xb69	Standard query (0)	cw-eu-documents.s3.eu-west-1.amazonaws.com	65	IN (0x0001)	false
Apr 24, 2024 16:02:20.561752081 CEST	192.168.2.7	1.1.1.1	0xd2f1	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:20.561923981 CEST	192.168.2.7	1.1.1.1	0xafca	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 24, 2024 16:02:18.138962030 CEST	1.1.1.1	192.168.2.7	0x5ef2	No error (0)	eu.myconnectwise.net		18.164.174.26	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:18.138962030 CEST	1.1.1.1	192.168.2.7	0x5ef2	No error (0)	eu.myconnectwise.net		18.164.174.58	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:18.138962030 CEST	1.1.1.1	192.168.2.7	0x5ef2	No error (0)	eu.myconnectwise.net		18.164.174.31	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:18.138962030 CEST	1.1.1.1	192.168.2.7	0x5ef2	No error (0)	eu.myconnectwise.net		18.164.174.63	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:19.354207993 CEST	1.1.1.1	192.168.2.7	0x8450	No error (0)	cw-eu-documents.s3.eu-west-1.amazonaws.com	s3-r-w.eu-west-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 16:02:19.354207993 CEST	1.1.1.1	192.168.2.7	0x8450	No error (0)	s3-r-w.eu-west-1.amazonaws.com		52.218.116.234	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:19.354207993 CEST	1.1.1.1	192.168.2.7	0x8450	No error (0)	s3-r-w.eu-west-1.amazonaws.com		52.92.17.162	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:19.354207993 CEST	1.1.1.1	192.168.2.7	0x8450	No error (0)	s3-r-w.eu-west-1.amazonaws.com		3.5.65.1	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:19.354207993 CEST	1.1.1.1	192.168.2.7	0x8450	No error (0)	s3-r-w.eu-west-1.amazonaws.com		52.218.108.48	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:19.354207993 CEST	1.1.1.1	192.168.2.7	0x8450	No error (0)	s3-r-w.eu-west-1.amazonaws.com		52.218.97.131	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:19.354207993 CEST	1.1.1.1	192.168.2.7	0x8450	No error (0)	s3-r-w.eu-west-1.amazonaws.com		52.218.44.58	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:19.354207993 CEST	1.1.1.1	192.168.2.7	0x8450	No error (0)	s3-r-w.eu-west-1.amazonaws.com		3.5.69.112	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:19.354207993 CEST	1.1.1.1	192.168.2.7	0x8450	No error (0)	s3-r-w.eu-west-1.amazonaws.com		52.218.44.74	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:19.393563986 CEST	1.1.1.1	192.168.2.7	0xb69	No error (0)	cw-eu-documents.s3.eu-west-1.amazonaws.com	s3-r-w.eu-west-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 16:02:20.715110064 CEST	1.1.1.1	192.168.2.7	0xd2f1	No error (0)	www.google.com		142.250.141.99	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:20.715110064 CEST	1.1.1.1	192.168.2.7	0xd2f1	No error (0)	www.google.com		142.250.141.103	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:20.715110064 CEST	1.1.1.1	192.168.2.7	0xd2f1	No error (0)	www.google.com		142.250.141.106	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:20.715110064 CEST	1.1.1.1	192.168.2.7	0xd2f1	No error (0)	www.google.com		142.250.141.147	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:20.715110064 CEST	1.1.1.1	192.168.2.7	0xd2f1	No error (0)	www.google.com		142.250.141.104	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:20.715110064 CEST	1.1.1.1	192.168.2.7	0xd2f1	No error (0)	www.google.com		142.250.141.105	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:20.715306997 CEST	1.1.1.1	192.168.2.7	0xafca	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 24, 2024 16:02:44.199153900 CEST	1.1.1.1	192.168.2.7	0x7cb7	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:44.199153900 CEST	1.1.1.1	192.168.2.7	0x7cb7	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

eu.myconnectwise.net

cw-eu-documents.s3.eu-west-1.amazonaws.com

https:

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49706	18.164.174.26	443	6736	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 14:02:18 UTC	741	OUT	GET /v4_6_release/api/inlineimages/infinitygrp/8a07a37f-0e34-48e8-8792-5f81fcbde46d HTTP/1.1 Host: eu.myconnectwise.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 14:02:19 UTC	4551	IN	HTTP/1.1 302 Moved Temporarily Content-Length: 0 Connection: close Date: Wed, 24 Apr 2024 14:02:18 GMT Cache-Control: no-cache Pragma: no-cache Expires: -1 Location: https://cw-eu-documents.s3.eu-west-1.amazonaws.com/infinitygrp/7df2b4da-ddd3-49bc-9d40-ba86e6ff6d6c.png?X-Amz-Expires=300&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEEUaCWV1LXdlc3QtMSJGMEQCIGhCZ04ZR7dqRuUrg2gcJEnulmoGQDZTwlL%2FyPHVfzqyAiBB3Wl8Z5Rlc4gOZIAmW4L4N3N5gatma5hsPemdQsILsyq6BQiO%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAAaDDAwOTA0MzgzMTM3OCIMarrG2VhTy3VjABzxKo4FfTUisDdctRb3p%2Bd8HMbM6IhdntM25HsBTZwWmDvJZJKM3tuY7CkSVR3b3Bz2FtVJeJ7fycf3ecFIU146BrrIjh%2BGsDbeTcxiB9rTepupv7sslvTeYFwwqvl4OA0AHri5PJou3lEAA4N%2BwwHuyTJEzs%2BzAPXEEn1WwzlwW2g2FAtfghaEKC3mw01tGhXSO0cFvu7ApgMOJGBDJAV3KffZc%2B4bK1ZMhgI0LvcIGVDkIivnWHKIUDCp4XMvzUyHR4jo%2BpWI79mconN1xSn5kMw71aDlmD1XEK8JTb0HnGTA9QQCvoF7bUR%2FwRJPzMBmjcV4WqJiJBY9DUp8YLC18hNWqqANHuRVmSD%2BX0MXbj2dW2NDH80yvhPwWFApqWvplDutkONR4oAv939zO%2FuH0uuE1mD9EA6NGbTyggCGKAqBcCTvbrRkXqDf9Ht8Gx87gLw%2BRmvIm97EH5CMwq4vMGBc5%2FiCqZn6k6hjrfFuNSdBHJXs9ZvVeMQwwLUxSkRE8FeB7EnSA9iCUVtjtqh5iujwVXZrKrg%2BmEdtIRMhBNPAR63eLGyL14GQe2WZs9Lt6%2F8BKKJBT0yfYn3IJJjlt12EJqRxEn%2FN20zKB%2BwSs%2FTJekbw5FV0HjD7t4a%2F0bxXVG9x9ggMsKPkkTKBqW1%2F%2Fq0AE6ulPhZETnISCNBifCH3eTtuNyV8h4NqL2QairfHeKTvHLeZbAkm4Dsvn9tETsJfdR4Ze11ps2a9WZIwyZ8YFnMs1Na4V4raPVLIXfIEtcTGQoNJFCkD9YJAutEg%2FkyQq14KZg4iYF44BpncxulaJRfa9FwR%2F0YzEMJ9oW8HbXX%2FGaIZzlD6ecVUPMxjER3KGHu4WVekMoHaxLBJzVEzMLSCpLEGOrIBYgHU34OyNThsb0zrFpSI948XMVqGzl7FP1Xrm0QO9LF6e6ovad9DGyoi8PWC4vUjxei9mV6YMzvyxrc0qgyjeYdVn6ggphdHv6r9Mkbxq2dMyk%2BCjQL15lGsdy5AANVg6Kt7QrDi2JRLpn5DVe7oa6So9rFzBT7pDcZ7NlBDuoo45RM4d5AdoZtV89tn9YtWN%2BBi1qjyl%2FzA14FV%2BSUWpAmNYVa5E874LsuAt5oivKSwWQ%3D%3D&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQEGYN5JJNLUOHHLU%2F20240424%2Feu-west-1%2Fs3%2Faws4_request&X-Amz-Date=20240424T140218Z&X-Amz-SignedHeaders=host&X-Amz-Signature=f433cf11fba2c2737f30faae122ab28581622d995f31674453f0cfa77e57413c Server: Microsoft-IIS/10.0 Strict-Transport-Security: max-age=31536000; includeSubDomains api-current-version: 3.1.0 Content-Security-Policy: frame-ancestors 'self' blob: .myconnectwise.net .connectwisedev.com .itboost.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .walkme.com .connectwise .connectwise.com az416426.vo.msecnd.net dc.services.visualstudio.com/v2/track .connectwisedev.com .myconnectwise.net cwview.com .cwview.com .cwnet.io .wise-pay.com .wise-sync.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com files.connectwise.com .itsupport247.net .myconnectwise.net; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: .walkme.com .connectwise.com .googleapis.com; img-src data: snapshot:; frame-src * data: mailto:; connect-src 'self' .walkme.com .connectwise.com .connectwisedev.com .myconnectwise.net .itsupport247.net cwview.com .cwview.com .cwnet.io dc.services.visualstudio.com/v2/track cheetah quotewerks:// wss://.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .connectwise.com .connectwisedev.com .myconnectwise.net cwview.com .cwview.com .walkme.com .cwnet.io .itsupport247.net Referrer-Policy: strict-origin-when-cross-origin X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block Content-Security-Policy: frame-ancestors 'self' blob: .myconnectwise.net .connectwisedev.com .itboost.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .walkme.com .connectwise .connectwise.com az416426.vo.msecnd.net dc.services.visualstudio.com/v2/track .connectwisedev.com .myconnectwise.net cwview.com .cwview.com .cwnet.io .wise-pay.com .wise-sync.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com files.connectwise.com .itsupport247.net .myconnectwise.net; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: .walkme.com .connectwise.com .googleapis.com; img-src data: snapshot:; frame-src * data: mailto:; connect-src 'self' .walkme.com .connectwise.com .connectwisedev.com .myconnectwise.net .itsupport247.net cwview.com .cwview.com .cwnet.io dc.services.visualstudio.com/v2/track cheetah quotewerks:// wss://.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .connectwise.com .connectwisedev.com .myconnectwise.net cwview.com .cwview.com .walkme.com .cwnet.io .itsupport247.net Referrer-Policy: strict-origin-when-cross-origin X-Cache: Miss from cloudfront Via: 1.1 c6a4871893ac935ba2b308d02ff4cd7a.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LAX53-P4 X-Amz-Cf-Id: vo6wrJKfnzTC0w4D52G8rza5F8qv98Or4NcpDlGFjGb5OkW2aoD2Hg==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49710	52.218.116.234	443	6736	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 14:02:20 UTC	2419	OUT	GET /infinitygrp/7df2b4da-ddd3-49bc-9d40-ba86e6ff6d6c.png?X-Amz-Expires=300&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEEUaCWV1LXdlc3QtMSJGMEQCIGhCZ04ZR7dqRuUrg2gcJEnulmoGQDZTwlL%2FyPHVfzqyAiBB3Wl8Z5Rlc4gOZIAmW4L4N3N5gatma5hsPemdQsILsyq6BQiO%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAAaDDAwOTA0MzgzMTM3OCIMarrG2VhTy3VjABzxKo4FfTUisDdctRb3p%2Bd8HMbM6IhdntM25HsBTZwWmDvJZJKM3tuY7CkSVR3b3Bz2FtVJeJ7fycf3ecFIU146BrrIjh%2BGsDbeTcxiB9rTepupv7sslvTeYFwwqvl4OA0AHri5PJou3lEAA4N%2BwwHuyTJEzs%2BzAPXEEn1WwzlwW2g2FAtfghaEKC3mw01tGhXSO0cFvu7ApgMOJGBDJAV3KffZc%2B4bK1ZMhgI0LvcIGVDkIivnWHKIUDCp4XMvzUyHR4jo%2BpWI79mconN1xSn5kMw71aDlmD1XEK8JTb0HnGTA9QQCvoF7bUR%2FwRJPzMBmjcV4WqJiJBY9DUp8YLC18hNWqqANHuRVmSD%2BX0MXbj2dW2NDH80yvhPwWFApqWvplDutkONR4oAv939zO%2FuH0uuE1mD9EA6NGbTyggCGKAqBcCTvbrRkXqDf9Ht8Gx87gLw%2BRmvIm97EH5CMwq4vMGBc5%2FiCqZn6k6hjrfFuNSdBHJXs9ZvVeMQwwLUxSkRE8FeB7EnSA9iCUVtjtqh5iujwVXZrKrg%2BmEdtIRMhBNPAR63eLGyL14GQe2WZs9Lt6%2F8BKKJBT0yfYn3IJJjlt12EJqRxEn%2FN20zKB%2BwSs%2FTJekbw5FV0HjD7t4a%2F0bxXVG9x9ggMsKPkkTKBqW1%2F%2Fq0AE6ulPhZETnISCNBifCH3eTtuNyV8h4NqL2QairfHeKTvHLeZbAkm4Dsvn9tETsJfdR4Ze11ps2a9WZIwyZ8YFnMs1Na4V4raPVLIXfIEtcTGQoNJFCkD9YJAutEg%2FkyQq14KZg4iYF44BpncxulaJRfa9FwR%2F0YzEMJ9oW8HbXX%2FGaIZzlD6ecVUPMxjER3KGHu4WVekMoHaxLBJzVEzMLSCpLEGOrIBYgHU34OyNThsb0zrFpSI948XMVqGzl7FP1Xrm0QO9LF6e6ovad9DGyoi8PWC4vUjxei9mV6YMzvyxrc0qgyjeYdVn6ggphdHv6r9Mkbxq2dMyk%2BCjQL15lGsdy5AANVg6Kt7QrDi2JRLpn5DVe7oa6So9rFzBT7pDcZ7NlBDuoo45RM4d5AdoZtV89tn9YtWN%2BBi1qjyl%2FzA14FV%2BSUWpAmNYVa5E874LsuAt5oivKSwWQ%3D%3D&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQEGYN5JJNLUOHHLU%2F20240424%2Feu-west-1%2Fs3%2Faws4_request&X-Amz-Date=20240424T140218Z&X-Amz-SignedHeaders=host&X-Amz-Signature=f433cf11fba2c2737f30faae122ab28581622d995f31674453f0cfa77e57413c HTTP/1.1 Host: cw-eu-documents.s3.eu-west-1.amazonaws.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 14:02:21 UTC	466	IN	HTTP/1.1 200 OK x-amz-id-2: 8bBctFaVHW/NMIGLfW2Tcut5l46YPis0Yd5bdPuetpZjOPbqHvPVpvseQf+h8Donvgo1GthQru8= x-amz-request-id: B2ZC5CFY7ERTQ0BA Date: Wed, 24 Apr 2024 14:02:22 GMT Last-Modified: Wed, 24 Apr 2024 10:20:25 GMT ETag: "60dd8df5242525ebee08e9bddf3b6c68" x-amz-server-side-encryption: AES256 x-amz-version-id: PenX5I8azyVtPIRiK4jyZX60nNYcd9eP Accept-Ranges: bytes Content-Type: image/png Server: AmazonS3 Content-Length: 2224 Connection: close
2024-04-24 14:02:21 UTC	2224	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 e0 00 00 00 2b 08 06 00 00 00 a0 8c 5b 56 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 08 45 49 44 41 54 78 5e ed dc cd 8f 13 65 1c 07 70 12 e1 0f 28 1e b8 14 d4 cb 42 d0 03 24 ac 06 8c 12 35 41 d0 03 6f e1 04 d1 78 40 f4 c2 0a 6a b2 1a 63 04 63 d4 40 82 d1 db ae 1a 88 0c 5a dd 22 5d b6 da ae 2d d9 9a 2d 74 93 16 66 49 49 ba 50 92 2e 94 50 42 6b 6a a8 4b 13 46 7f 3e 6f f3 52 76 76 b3 05 dc 19 e1 fb 24 9f c0 3e fb cc 33 9d 79 c8 7c e7 79 66 ca 9c 05 3d 3d 43 00 00 00 30 7b 36 ed df bf 64 ce 43 07 0f 12 00 00 00 cc 9e b5 fb f6 75 22 80 01 00 00 66 19 02 18 00 00 c0 03 08 60 00 00 00 0f 20 80 Data Ascii: PNGIHDR+[VsRGBgAMAapHYsodEIDATx^ep(B$5Aox@jcc@Z"]--tfIIP.PBkjKF>oRvv$>3y\|yf==C0{6dCu"f`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49712	52.218.116.234	443	6736	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 14:02:22 UTC	2374	OUT	GET /favicon.ico HTTP/1.1 Host: cw-eu-documents.s3.eu-west-1.amazonaws.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://cw-eu-documents.s3.eu-west-1.amazonaws.com/infinitygrp/7df2b4da-ddd3-49bc-9d40-ba86e6ff6d6c.png?X-Amz-Expires=300&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEEUaCWV1LXdlc3QtMSJGMEQCIGhCZ04ZR7dqRuUrg2gcJEnulmoGQDZTwlL%2FyPHVfzqyAiBB3Wl8Z5Rlc4gOZIAmW4L4N3N5gatma5hsPemdQsILsyq6BQiO%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAAaDDAwOTA0MzgzMTM3OCIMarrG2VhTy3VjABzxKo4FfTUisDdctRb3p%2Bd8HMbM6IhdntM25HsBTZwWmDvJZJKM3tuY7CkSVR3b3Bz2FtVJeJ7fycf3ecFIU146BrrIjh%2BGsDbeTcxiB9rTepupv7sslvTeYFwwqvl4OA0AHri5PJou3lEAA4N%2BwwHuyTJEzs%2BzAPXEEn1WwzlwW2g2FAtfghaEKC3mw01tGhXSO0cFvu7ApgMOJGBDJAV3KffZc%2B4bK1ZMhgI0LvcIGVDkIivnWHKIUDCp4XMvzUyHR4jo%2BpWI79mconN1xSn5kMw71aDlmD1XEK8JTb0HnGTA9QQCvoF7bUR%2FwRJPzMBmjcV4WqJiJBY9DUp8YLC18hNWqqANHuRVmSD%2BX0MXbj2dW2NDH80yvhPwWFApqWvplDutkONR4oAv939zO%2FuH0uuE1mD9EA6NGbTyggCGKAqBcCTvbrRkXqDf9Ht8Gx87gLw%2BRmvIm97EH5CMwq4vMGBc5%2FiCqZn6k6hjrfFuNSdBHJXs9ZvVeMQwwLUxSkRE8FeB7EnSA9iCUVtjtqh5iujwVXZrKrg%2BmEdtIRMhBNPAR63eLGyL14GQe2WZs9Lt6%2F8BKKJBT0yfYn3IJJjlt12EJqRxEn%2FN20zKB%2BwSs%2FTJekbw5FV0HjD7t4a%2F0bxXVG9x9ggMsKPkkTKBqW1%2F%2Fq0AE6ulPhZETnISCNBifCH3eTtuNyV8h4NqL2QairfHeKTvHLeZbAkm4Dsvn9tETsJfdR4Ze11ps2a9WZIwyZ8YFnMs1Na4V4raPVLIXfIEtcTGQoNJFCkD9YJAutEg%2FkyQq14KZg4iYF44BpncxulaJRfa9FwR%2F0YzEMJ9oW8HbXX%2FGaIZzlD6ecVUPMxjER3KGHu4WVekMoHaxLBJzVEzMLSCpLEGOrIBYgHU34OyNThsb0zrFpSI948XMVqGzl7FP1Xrm0QO9LF6e6ovad9DGyoi8PWC4vUjxei9mV6YMzvyxrc0qgyjeYdVn6ggphdHv6r9Mkbxq2dMyk%2BCjQL15lGsdy5AANVg6Kt7QrDi2JRLpn5DVe7oa6So9rFzBT7pDcZ7NlBDuoo45RM4d5AdoZtV89tn9YtWN%2BBi1qjyl%2FzA14FV%2BSUWpAmNYVa5E874LsuAt5oivKSwWQ%3D%3D&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQEGYN5JJNLUOHHLU%2F20240424%2Feu-west-1%2Fs3%2Faws4_request&X-Amz-Date=20240424T140218Z&X-Amz-SignedHeaders=host&X-Amz-Signature=f433cf11fba2c2737f30faae122ab28581622d995f31674453f0cfa77e57413c Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 14:02:22 UTC	285	IN	HTTP/1.1 403 Forbidden x-amz-request-id: GNFSBTRVD043NRBQ x-amz-id-2: wYnovtjKW3N9VwKhdkojjZILJB3qtAzTMxTzddrEXlsrjPr38PEj+DgnNShz4vva79V/eZ+1v1w= Content-Type: application/xml Transfer-Encoding: chunked Date: Wed, 24 Apr 2024 14:02:22 GMT Server: AmazonS3 Connection: close
2024-04-24 14:02:22 UTC	254	IN	Data Raw: 66 33 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 47 4e 46 53 42 54 52 56 44 30 34 33 4e 52 42 51 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 77 59 6e 6f 76 74 6a 4b 57 33 4e 39 56 77 4b 68 64 6b 6f 6a 6a 5a 49 4c 4a 42 33 71 74 41 7a 54 4d 78 54 7a 64 64 72 45 58 6c 73 72 6a 50 72 33 38 50 45 6a 2b 44 67 6e 4e 53 68 7a 34 76 76 61 37 39 56 2f 65 5a 2b 31 76 31 77 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: f3<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>GNFSBTRVD043NRBQ</RequestId><HostId>wYnovtjKW3N9VwKhdkojjZILJB3qtAzTMxTzddrEXlsrjPr38PEj+DgnNShz4vva79V/eZ+1v1w=</HostId></Error>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49713	23.202.57.177	443

Timestamp	Bytes transferred	Direction	Data
2024-04-24 14:02:22 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-24 14:02:22 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (sac/2518) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=234057 Date: Wed, 24 Apr 2024 14:02:22 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	49715	23.202.57.177	443

Timestamp	Bytes transferred	Direction	Data
2024-04-24 14:02:23 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-24 14:02:23 UTC	521	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-MSEdge-Ref: Ref A: CC1186E36C704BA5AF8177F229D6CC87 Ref B: PAOEDGE0621 Ref C: 2023-04-04T13:32:33Z Cache-Control: public, max-age=234008 Date: Wed, 24 Apr 2024 14:02:23 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-24 14:02:23 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Target ID:	0
Start time:	16:02:09
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	16:02:15
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=2212,i,17304811127047344951,1977242911418865081,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	11
Start time:	16:02:17
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://eu.myconnectwise.net/v4_6_release/api/inlineimages/infinitygrp/8a07a37f-0e34-48e8-8792-5f81fcbde46d"
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://eu.myconnectwise.net/v4_6_release/api/inlineimages/infinitygrp/8a07a37f-0e34-48e8-8792-5f81fcbde46d

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 42

Chrome Cache Entry: 43

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5640, Parent PID: 5792

General

Chronological Activities

Analysis Process: chrome.exePID: 6736, Parent PID: 5640

General

Chronological Activities

Analysis Process: chrome.exePID: 6356, Parent PID: 5792

General

Chronological Activities

Disassembly

Windows Analysis Report
https://eu.myconnectwise.net/v4_6_release/api/inlineimages/infinitygrp/8a07a37f-0e34-48e8-8792-5f81fcbde46d