Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://contfinco.com

Overview

General Information

Sample URL:http://contfinco.com
Analysis ID:1559590
Infos:
Errors
  • URL not reachable

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

No high impact signatures.

Classification

  • System is w10x64
  • chrome.exe (PID: 6020 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 2912 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1996,i,5792896531521666707,10530563363590270966,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6328 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://contfinco.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 2.18.84.141:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.18.84.141:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.114.26
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.114.26
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=DHntVldm1PH4mNb&MD=h1dVzND+ HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: contfinco.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: contfinco.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: contfinco.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownHTTPS traffic detected: 2.18.84.141:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.18.84.141:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: classification engineClassification label: unknown0.win@18/0@4/4
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1996,i,5792896531521666707,10530563363590270966,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://contfinco.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1996,i,5792896531521666707,10530563363590270966,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection
1
Process Injection
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
http://contfinco.com0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://contfinco.com/0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
contfinco.com
50.200.174.179
truefalse
    unknown
    www.google.com
    216.58.208.228
    truefalse
      high
      NameMaliciousAntivirus DetectionReputation
      http://contfinco.com/false
      • Avira URL Cloud: safe
      unknown
      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs
      IPDomainCountryFlagASNASN NameMalicious
      239.255.255.250
      unknownReserved
      unknownunknownfalse
      50.200.174.179
      contfinco.comUnited States
      7922COMCAST-7922USfalse
      216.58.208.228
      www.google.comUnited States
      15169GOOGLEUSfalse
      IP
      192.168.2.4
      Joe Sandbox version:41.0.0 Charoite
      Analysis ID:1559590
      Start date and time:2024-11-20 17:44:16 +01:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 2m 8s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:browseurl.jbs
      Sample URL:http://contfinco.com
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:7
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Detection:UNKNOWN
      Classification:unknown0.win@18/0@4/4
      EGA Information:Failed
      HCA Information:
      • Successful, ratio: 100%
      • Number of executed functions: 0
      • Number of non-executed functions: 0
      Cookbook Comments:
      • URL browsing timeout or error
      • URL not reachable
      • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe
      • Excluded IPs from analysis (whitelisted): 172.217.21.35, 172.217.19.238, 74.125.205.84, 34.104.35.123, 199.232.214.172, 192.229.221.95
      • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
      • Not all processes where analyzed, report is missing behavior information
      • VT rate limit hit for: http://contfinco.com
      No simulations
      No context
      No context
      No context
      No context
      No context
      No created / dropped files found
      No static file info
      TimestampSource PortDest PortSource IPDest IP
      Nov 20, 2024 17:45:12.162501097 CET49675443192.168.2.4173.222.162.32
      Nov 20, 2024 17:45:14.920097113 CET4973580192.168.2.450.200.174.179
      Nov 20, 2024 17:45:14.920592070 CET4973680192.168.2.450.200.174.179
      Nov 20, 2024 17:45:15.135618925 CET804973550.200.174.179192.168.2.4
      Nov 20, 2024 17:45:15.135636091 CET804973650.200.174.179192.168.2.4
      Nov 20, 2024 17:45:15.135694027 CET4973580192.168.2.450.200.174.179
      Nov 20, 2024 17:45:15.135725021 CET4973680192.168.2.450.200.174.179
      Nov 20, 2024 17:45:15.135951042 CET4973580192.168.2.450.200.174.179
      Nov 20, 2024 17:45:15.255880117 CET804973550.200.174.179192.168.2.4
      Nov 20, 2024 17:45:17.245981932 CET49739443192.168.2.4216.58.208.228
      Nov 20, 2024 17:45:17.246021986 CET44349739216.58.208.228192.168.2.4
      Nov 20, 2024 17:45:17.246093988 CET49739443192.168.2.4216.58.208.228
      Nov 20, 2024 17:45:17.246371984 CET49739443192.168.2.4216.58.208.228
      Nov 20, 2024 17:45:17.246390104 CET44349739216.58.208.228192.168.2.4
      Nov 20, 2024 17:45:18.710269928 CET49740443192.168.2.42.18.84.141
      Nov 20, 2024 17:45:18.710331917 CET443497402.18.84.141192.168.2.4
      Nov 20, 2024 17:45:18.710410118 CET49740443192.168.2.42.18.84.141
      Nov 20, 2024 17:45:18.712661028 CET49740443192.168.2.42.18.84.141
      Nov 20, 2024 17:45:18.712683916 CET443497402.18.84.141192.168.2.4
      Nov 20, 2024 17:45:19.064521074 CET44349739216.58.208.228192.168.2.4
      Nov 20, 2024 17:45:19.064825058 CET49739443192.168.2.4216.58.208.228
      Nov 20, 2024 17:45:19.064855099 CET44349739216.58.208.228192.168.2.4
      Nov 20, 2024 17:45:19.065934896 CET44349739216.58.208.228192.168.2.4
      Nov 20, 2024 17:45:19.066005945 CET49739443192.168.2.4216.58.208.228
      Nov 20, 2024 17:45:19.069520950 CET49739443192.168.2.4216.58.208.228
      Nov 20, 2024 17:45:19.069633961 CET44349739216.58.208.228192.168.2.4
      Nov 20, 2024 17:45:19.116049051 CET49739443192.168.2.4216.58.208.228
      Nov 20, 2024 17:45:19.116070032 CET44349739216.58.208.228192.168.2.4
      Nov 20, 2024 17:45:19.164069891 CET49739443192.168.2.4216.58.208.228
      Nov 20, 2024 17:45:20.070449114 CET443497402.18.84.141192.168.2.4
      Nov 20, 2024 17:45:20.070524931 CET49740443192.168.2.42.18.84.141
      Nov 20, 2024 17:45:20.074383974 CET49740443192.168.2.42.18.84.141
      Nov 20, 2024 17:45:20.074394941 CET443497402.18.84.141192.168.2.4
      Nov 20, 2024 17:45:20.074676991 CET443497402.18.84.141192.168.2.4
      Nov 20, 2024 17:45:20.118063927 CET49740443192.168.2.42.18.84.141
      Nov 20, 2024 17:45:20.138673067 CET49740443192.168.2.42.18.84.141
      Nov 20, 2024 17:45:20.183326960 CET443497402.18.84.141192.168.2.4
      Nov 20, 2024 17:45:20.662974119 CET443497402.18.84.141192.168.2.4
      Nov 20, 2024 17:45:20.663048983 CET443497402.18.84.141192.168.2.4
      Nov 20, 2024 17:45:20.663292885 CET49740443192.168.2.42.18.84.141
      Nov 20, 2024 17:45:20.663430929 CET49740443192.168.2.42.18.84.141
      Nov 20, 2024 17:45:20.663446903 CET443497402.18.84.141192.168.2.4
      Nov 20, 2024 17:45:20.663459063 CET49740443192.168.2.42.18.84.141
      Nov 20, 2024 17:45:20.663465023 CET443497402.18.84.141192.168.2.4
      Nov 20, 2024 17:45:20.704004049 CET49741443192.168.2.42.18.84.141
      Nov 20, 2024 17:45:20.704058886 CET443497412.18.84.141192.168.2.4
      Nov 20, 2024 17:45:20.704672098 CET49741443192.168.2.42.18.84.141
      Nov 20, 2024 17:45:20.705779076 CET49741443192.168.2.42.18.84.141
      Nov 20, 2024 17:45:20.705807924 CET443497412.18.84.141192.168.2.4
      Nov 20, 2024 17:45:22.207483053 CET443497412.18.84.141192.168.2.4
      Nov 20, 2024 17:45:22.207705021 CET49741443192.168.2.42.18.84.141
      Nov 20, 2024 17:45:22.209500074 CET49741443192.168.2.42.18.84.141
      Nov 20, 2024 17:45:22.209510088 CET443497412.18.84.141192.168.2.4
      Nov 20, 2024 17:45:22.209815025 CET443497412.18.84.141192.168.2.4
      Nov 20, 2024 17:45:22.211124897 CET49741443192.168.2.42.18.84.141
      Nov 20, 2024 17:45:22.251374006 CET443497412.18.84.141192.168.2.4
      Nov 20, 2024 17:45:22.744882107 CET443497412.18.84.141192.168.2.4
      Nov 20, 2024 17:45:22.745048046 CET443497412.18.84.141192.168.2.4
      Nov 20, 2024 17:45:22.745126963 CET49741443192.168.2.42.18.84.141
      Nov 20, 2024 17:45:22.745672941 CET49741443192.168.2.42.18.84.141
      Nov 20, 2024 17:45:22.745692968 CET443497412.18.84.141192.168.2.4
      Nov 20, 2024 17:45:22.745703936 CET49741443192.168.2.42.18.84.141
      Nov 20, 2024 17:45:22.745709896 CET443497412.18.84.141192.168.2.4
      Nov 20, 2024 17:45:24.869874954 CET49742443192.168.2.4172.202.163.200
      Nov 20, 2024 17:45:24.869950056 CET44349742172.202.163.200192.168.2.4
      Nov 20, 2024 17:45:24.870039940 CET49742443192.168.2.4172.202.163.200
      Nov 20, 2024 17:45:24.871480942 CET49742443192.168.2.4172.202.163.200
      Nov 20, 2024 17:45:24.871532917 CET44349742172.202.163.200192.168.2.4
      Nov 20, 2024 17:45:26.601947069 CET44349742172.202.163.200192.168.2.4
      Nov 20, 2024 17:45:26.602051020 CET49742443192.168.2.4172.202.163.200
      Nov 20, 2024 17:45:26.604876041 CET49742443192.168.2.4172.202.163.200
      Nov 20, 2024 17:45:26.604886055 CET44349742172.202.163.200192.168.2.4
      Nov 20, 2024 17:45:26.605274916 CET44349742172.202.163.200192.168.2.4
      Nov 20, 2024 17:45:26.650510073 CET49742443192.168.2.4172.202.163.200
      Nov 20, 2024 17:45:28.127815962 CET49742443192.168.2.4172.202.163.200
      Nov 20, 2024 17:45:28.175342083 CET44349742172.202.163.200192.168.2.4
      Nov 20, 2024 17:45:28.696082115 CET44349742172.202.163.200192.168.2.4
      Nov 20, 2024 17:45:28.696212053 CET44349742172.202.163.200192.168.2.4
      Nov 20, 2024 17:45:28.696233034 CET44349742172.202.163.200192.168.2.4
      Nov 20, 2024 17:45:28.696273088 CET44349742172.202.163.200192.168.2.4
      Nov 20, 2024 17:45:28.696291924 CET49742443192.168.2.4172.202.163.200
      Nov 20, 2024 17:45:28.696312904 CET44349742172.202.163.200192.168.2.4
      Nov 20, 2024 17:45:28.696338892 CET44349742172.202.163.200192.168.2.4
      Nov 20, 2024 17:45:28.696353912 CET49742443192.168.2.4172.202.163.200
      Nov 20, 2024 17:45:28.696381092 CET49742443192.168.2.4172.202.163.200
      Nov 20, 2024 17:45:28.716684103 CET44349742172.202.163.200192.168.2.4
      Nov 20, 2024 17:45:28.716855049 CET49742443192.168.2.4172.202.163.200
      Nov 20, 2024 17:45:28.716897964 CET44349742172.202.163.200192.168.2.4
      Nov 20, 2024 17:45:28.716948032 CET44349742172.202.163.200192.168.2.4
      Nov 20, 2024 17:45:28.717021942 CET49742443192.168.2.4172.202.163.200
      Nov 20, 2024 17:45:28.741211891 CET44349739216.58.208.228192.168.2.4
      Nov 20, 2024 17:45:28.741307020 CET44349739216.58.208.228192.168.2.4
      Nov 20, 2024 17:45:28.741487980 CET49739443192.168.2.4216.58.208.228
      Nov 20, 2024 17:45:29.697150946 CET49739443192.168.2.4216.58.208.228
      Nov 20, 2024 17:45:29.697202921 CET44349739216.58.208.228192.168.2.4
      Nov 20, 2024 17:45:29.999346018 CET49742443192.168.2.4172.202.163.200
      Nov 20, 2024 17:45:29.999346972 CET49742443192.168.2.4172.202.163.200
      Nov 20, 2024 17:45:29.999423027 CET44349742172.202.163.200192.168.2.4
      Nov 20, 2024 17:45:29.999454975 CET44349742172.202.163.200192.168.2.4
      Nov 20, 2024 17:45:32.285522938 CET4972380192.168.2.423.193.114.26
      Nov 20, 2024 17:45:32.427087069 CET804972323.193.114.26192.168.2.4
      Nov 20, 2024 17:45:32.427158117 CET4972380192.168.2.423.193.114.26
      Nov 20, 2024 17:45:37.046539068 CET804973550.200.174.179192.168.2.4
      Nov 20, 2024 17:45:37.046622038 CET4973580192.168.2.450.200.174.179
      Nov 20, 2024 17:45:37.047261000 CET4973580192.168.2.450.200.174.179
      Nov 20, 2024 17:45:37.134274960 CET804973650.200.174.179192.168.2.4
      Nov 20, 2024 17:45:37.134335041 CET4973680192.168.2.450.200.174.179
      Nov 20, 2024 17:45:37.167066097 CET804973550.200.174.179192.168.2.4
      Nov 20, 2024 17:45:37.694514036 CET4973680192.168.2.450.200.174.179
      Nov 20, 2024 17:45:37.814690113 CET804973650.200.174.179192.168.2.4
      Nov 20, 2024 17:45:38.089623928 CET4974880192.168.2.450.200.174.179
      Nov 20, 2024 17:45:38.090101004 CET4974980192.168.2.450.200.174.179
      Nov 20, 2024 17:45:38.215689898 CET804974850.200.174.179192.168.2.4
      Nov 20, 2024 17:45:38.215897083 CET804974950.200.174.179192.168.2.4
      Nov 20, 2024 17:45:38.216057062 CET4974880192.168.2.450.200.174.179
      Nov 20, 2024 17:45:38.216065884 CET4974980192.168.2.450.200.174.179
      Nov 20, 2024 17:45:38.216303110 CET4974980192.168.2.450.200.174.179
      Nov 20, 2024 17:45:38.503252983 CET804974950.200.174.179192.168.2.4
      TimestampSource PortDest PortSource IPDest IP
      Nov 20, 2024 17:45:12.817037106 CET53515851.1.1.1192.168.2.4
      Nov 20, 2024 17:45:12.937540054 CET53531811.1.1.1192.168.2.4
      Nov 20, 2024 17:45:14.392534971 CET5809153192.168.2.41.1.1.1
      Nov 20, 2024 17:45:14.392713070 CET6394353192.168.2.41.1.1.1
      Nov 20, 2024 17:45:14.918423891 CET53639431.1.1.1192.168.2.4
      Nov 20, 2024 17:45:14.919182062 CET53580911.1.1.1192.168.2.4
      Nov 20, 2024 17:45:15.673162937 CET53591671.1.1.1192.168.2.4
      Nov 20, 2024 17:45:17.068798065 CET6101353192.168.2.41.1.1.1
      Nov 20, 2024 17:45:17.068943024 CET6163253192.168.2.41.1.1.1
      Nov 20, 2024 17:45:17.208296061 CET53610131.1.1.1192.168.2.4
      Nov 20, 2024 17:45:17.243347883 CET53616321.1.1.1192.168.2.4
      Nov 20, 2024 17:45:29.799004078 CET138138192.168.2.4192.168.2.255
      Nov 20, 2024 17:45:32.615608931 CET53631761.1.1.1192.168.2.4
      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
      Nov 20, 2024 17:45:14.392534971 CET192.168.2.41.1.1.10xaa41Standard query (0)contfinco.comA (IP address)IN (0x0001)false
      Nov 20, 2024 17:45:14.392713070 CET192.168.2.41.1.1.10x53ecStandard query (0)contfinco.com65IN (0x0001)false
      Nov 20, 2024 17:45:17.068798065 CET192.168.2.41.1.1.10x230eStandard query (0)www.google.comA (IP address)IN (0x0001)false
      Nov 20, 2024 17:45:17.068943024 CET192.168.2.41.1.1.10xb62dStandard query (0)www.google.com65IN (0x0001)false
      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
      Nov 20, 2024 17:45:14.919182062 CET1.1.1.1192.168.2.40xaa41No error (0)contfinco.com50.200.174.179A (IP address)IN (0x0001)false
      Nov 20, 2024 17:45:17.208296061 CET1.1.1.1192.168.2.40x230eNo error (0)www.google.com216.58.208.228A (IP address)IN (0x0001)false
      Nov 20, 2024 17:45:17.243347883 CET1.1.1.1192.168.2.40xb62dNo error (0)www.google.com65IN (0x0001)false
      • fs.microsoft.com
      • slscr.update.microsoft.com
      • contfinco.com
      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      0192.168.2.44973550.200.174.179802912C:\Program Files\Google\Chrome\Application\chrome.exe
      TimestampBytes transferredDirectionData
      Nov 20, 2024 17:45:15.135951042 CET428OUTGET / HTTP/1.1
      Host: contfinco.com
      Connection: keep-alive
      Upgrade-Insecure-Requests: 1
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
      Accept-Encoding: gzip, deflate
      Accept-Language: en-US,en;q=0.9


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      1192.168.2.44974950.200.174.179802912C:\Program Files\Google\Chrome\Application\chrome.exe
      TimestampBytes transferredDirectionData
      Nov 20, 2024 17:45:38.216303110 CET454OUTGET / HTTP/1.1
      Host: contfinco.com
      Connection: keep-alive
      Cache-Control: max-age=0
      Upgrade-Insecure-Requests: 1
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
      Accept-Encoding: gzip, deflate
      Accept-Language: en-US,en;q=0.9


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      0192.168.2.4497402.18.84.141443
      TimestampBytes transferredDirectionData
      2024-11-20 16:45:20 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      Accept-Encoding: identity
      User-Agent: Microsoft BITS/7.8
      Host: fs.microsoft.com
      2024-11-20 16:45:20 UTC463INHTTP/1.1 200 OK
      Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
      Content-Type: application/octet-stream
      ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
      Last-Modified: Tue, 16 May 2017 22:58:00 GMT
      Server: ECAcc (lpl/EF17)
      X-CID: 11
      X-Ms-ApiVersion: Distribute 1.2
      X-Ms-Region: prod-weu-z1
      Cache-Control: public, max-age=64
      Date: Wed, 20 Nov 2024 16:45:20 GMT
      Connection: close
      X-CID: 2


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      1192.168.2.4497412.18.84.141443
      TimestampBytes transferredDirectionData
      2024-11-20 16:45:22 UTC239OUTGET /fs/windows/config.json HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      Accept-Encoding: identity
      If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
      Range: bytes=0-2147483646
      User-Agent: Microsoft BITS/7.8
      Host: fs.microsoft.com
      2024-11-20 16:45:22 UTC511INHTTP/1.1 200 OK
      ApiVersion: Distribute 1.1
      Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
      Content-Type: application/octet-stream
      ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
      Last-Modified: Tue, 16 May 2017 22:58:00 GMT
      Server: ECAcc (lpl/EF06)
      X-CID: 11
      X-Ms-ApiVersion: Distribute 1.2
      X-Ms-Region: prod-weu-z1
      Cache-Control: public, max-age=51
      Date: Wed, 20 Nov 2024 16:45:22 GMT
      Content-Length: 55
      Connection: close
      X-CID: 2
      2024-11-20 16:45:22 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
      Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
      2192.168.2.449742172.202.163.200443
      TimestampBytes transferredDirectionData
      2024-11-20 16:45:28 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=DHntVldm1PH4mNb&MD=h1dVzND+ HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
      Host: slscr.update.microsoft.com
      2024-11-20 16:45:28 UTC560INHTTP/1.1 200 OK
      Cache-Control: no-cache
      Pragma: no-cache
      Content-Type: application/octet-stream
      Expires: -1
      Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
      ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
      MS-CorrelationId: f32b76d1-c57c-4742-b8d5-14805d09ba95
      MS-RequestId: ce4ddab7-1bf0-43f7-b393-0899ca5b4c26
      MS-CV: TvVY15ftXkyASgRD.0
      X-Microsoft-SLSClientCache: 2880
      Content-Disposition: attachment; filename=environment.cab
      X-Content-Type-Options: nosniff
      Date: Wed, 20 Nov 2024 16:45:27 GMT
      Connection: close
      Content-Length: 24490
      2024-11-20 16:45:28 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
      Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
      2024-11-20 16:45:28 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
      Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


      Click to jump to process

      Click to jump to process

      Click to jump to process

      Target ID:0
      Start time:11:45:07
      Start date:20/11/2024
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
      Imagebase:0x7ff76e190000
      File size:3'242'272 bytes
      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false

      Target ID:2
      Start time:11:45:10
      Start date:20/11/2024
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1996,i,5792896531521666707,10530563363590270966,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Imagebase:0x7ff76e190000
      File size:3'242'272 bytes
      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false

      Target ID:3
      Start time:11:45:13
      Start date:20/11/2024
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://contfinco.com"
      Imagebase:0x7ff76e190000
      File size:3'242'272 bytes
      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:true

      No disassembly