Edit tour

Windows Analysis Report
https://accounts.zalando.com/sso/authentications/passwordless/nk3wsbCeQIYu2yw7jVB9YabDiA0?redirect_uri=https://accounts.zalando.com/myaccount/sso-callback&client_id=account-management&response_type=code&scope=openid&request_id=9c57f577-96f4-4c36-93e2-3bdc3ca4b2a7&state=eyJvcmlnaW5hbF9yZXF1ZXN0X3VyaS

Overview

General Information

Sample URL:https://accounts.zalando.com/sso/authentications/passwordless/nk3wsbCeQIYu2yw7jVB9YabDiA0?redirect_uri=https://accounts.zalando.com/myaccount/sso-callback&client_id=account-management&response_type=co
Analysis ID:1584211
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Detected non-DNS traffic on DNS port

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 2344 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 5020 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=2252,i,10253363445252155917,1710931806797776637,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6508 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://accounts.zalando.com/sso/authentications/passwordless/nk3wsbCeQIYu2yw7jVB9YabDiA0?redirect_uri=https://accounts.zalando.com/myaccount/sso-callback&client_id=account-management&response_type=code&scope=openid&request_id=9c57f577-96f4-4c36-93e2-3bdc3ca4b2a7&state=eyJvcmlnaW5hbF9yZXF1ZXN0X3VyaSI6Imh0dHBzOi8vYWNjb3VudHMuemFsYW5kby5jb20vbXlhY2NvdW50L3JlYWN0aXZhdGVkIn0%3D&preferredLanguage=de-DE" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficTCP traffic: 192.168.2.4:49737 -> 1.1.1.1:53
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: accounts.zalando.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: classification engineClassification label: clean0.win@16/0@4/3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=2252,i,10253363445252155917,1710931806797776637,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://accounts.zalando.com/sso/authentications/passwordless/nk3wsbCeQIYu2yw7jVB9YabDiA0?redirect_uri=https://accounts.zalando.com/myaccount/sso-callback&client_id=account-management&response_type=code&scope=openid&request_id=9c57f577-96f4-4c36-93e2-3bdc3ca4b2a7&state=eyJvcmlnaW5hbF9yZXF1ZXN0X3VyaSI6Imh0dHBzOi8vYWNjb3VudHMuemFsYW5kby5jb20vbXlhY2NvdW50L3JlYWN0aXZhdGVkIn0%3D&preferredLanguage=de-DE"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=2252,i,10253363445252155917,1710931806797776637,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection
1
Process Injection
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1584211 URL: https://accounts.zalando.co... Startdate: 04/01/2025 Architecture: WINDOWS Score: 0 5 chrome.exe 1 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.4, 138, 443, 49723 unknown unknown 5->13 15 239.255.255.250 unknown Reserved 5->15 10 chrome.exe 5->10         started        process4 dnsIp5 17 www.google.com 142.251.40.228, 443, 49738, 49791 GOOGLEUS United States 10->17 19 accounts.zalando.com 10->19

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://accounts.zalando.com/sso/authentications/passwordless/nk3wsbCeQIYu2yw7jVB9YabDiA0?redirect_uri=https://accounts.zalando.com/myaccount/sso-callback&client_id=account-management&response_type=code&scope=openid&request_id=9c57f577-96f4-4c36-93e2-3bdc3ca4b2a7&state=eyJvcmlnaW5hbF9yZXF1ZXN0X3VyaSI6Imh0dHBzOi8vYWNjb3VudHMuemFsYW5kby5jb20vbXlhY2NvdW50L3JlYWN0aXZhdGVkIn0%3D&preferredLanguage=de-DE0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
142.251.40.228
truefalse
    high
    accounts.zalando.com
    unknown
    unknownfalse
      high
      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs
      IPDomainCountryFlagASNASN NameMalicious
      239.255.255.250
      unknownReserved
      unknownunknownfalse
      142.251.40.228
      www.google.comUnited States
      15169GOOGLEUSfalse
      IP
      192.168.2.4
      Joe Sandbox version:41.0.0 Charoite
      Analysis ID:1584211
      Start date and time:2025-01-04 20:29:29 +01:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 2m 43s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:browseurl.jbs
      Sample URL:https://accounts.zalando.com/sso/authentications/passwordless/nk3wsbCeQIYu2yw7jVB9YabDiA0?redirect_uri=https://accounts.zalando.com/myaccount/sso-callback&client_id=account-management&response_type=code&scope=openid&request_id=9c57f577-96f4-4c36-93e2-3bdc3ca4b2a7&state=eyJvcmlnaW5hbF9yZXF1ZXN0X3VyaSI6Imh0dHBzOi8vYWNjb3VudHMuemFsYW5kby5jb20vbXlhY2NvdW50L3JlYWN0aXZhdGVkIn0%3D&preferredLanguage=de-DE
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:8
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Detection:CLEAN
      Classification:clean0.win@16/0@4/3
      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
      • Excluded IPs from analysis (whitelisted): 142.250.185.131, 74.125.206.84, 142.250.184.206, 142.250.181.238, 142.250.186.174, 142.250.186.46, 2.23.227.213, 2.23.227.222, 2.22.50.131, 192.229.221.95, 172.217.18.110, 216.58.206.67, 172.217.16.206, 142.250.185.99, 142.250.185.142, 184.28.90.27, 20.109.210.53, 13.107.246.45
      • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, accounts.zalando.com.edgekey.net, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, e220310.dsce3.akamaiedge.net, update.googleapis.com, clients.l.google.com, www.gstatic.com
      • Not all processes where analyzed, report is missing behavior information
      • VT rate limit hit for: https://accounts.zalando.com/sso/authentications/passwordless/nk3wsbCeQIYu2yw7jVB9YabDiA0?redirect_uri=https://accounts.zalando.com/myaccount/sso-callback&amp;client_id=account-management&amp;response_type=code&amp;scope=openid&amp;request_id=9c57f577-96f4-4c36-93e2-3bdc3ca4b2a7&amp;state=eyJvcmlnaW5hbF9yZXF1ZXN0X3VyaSI6Imh0dHBzOi8vYWNjb3VudHMuemFsYW5kby5jb20vbXlhY2NvdW50L3JlYWN0aXZhdGVkIn0%3D&amp;preferredLanguage=de-DE
      No simulations
      No context
      No context
      No context
      No context
      No context
      No created / dropped files found
      No static file info

      Download Network PCAP: filteredfull

      • Total Packets: 34
      • 443 (HTTPS)
      • 80 (HTTP)
      • 53 (DNS)
      TimestampSource PortDest PortSource IPDest IP
      Jan 4, 2025 20:30:13.992090940 CET49675443192.168.2.4173.222.162.32
      Jan 4, 2025 20:30:23.600322008 CET49675443192.168.2.4173.222.162.32
      Jan 4, 2025 20:30:25.686388016 CET4973753192.168.2.41.1.1.1
      Jan 4, 2025 20:30:25.691179991 CET53497371.1.1.1192.168.2.4
      Jan 4, 2025 20:30:25.691351891 CET4973753192.168.2.41.1.1.1
      Jan 4, 2025 20:30:25.691442966 CET4973753192.168.2.41.1.1.1
      Jan 4, 2025 20:30:25.691474915 CET4973753192.168.2.41.1.1.1
      Jan 4, 2025 20:30:25.696311951 CET53497371.1.1.1192.168.2.4
      Jan 4, 2025 20:30:25.696321964 CET53497371.1.1.1192.168.2.4
      Jan 4, 2025 20:30:26.150790930 CET53497371.1.1.1192.168.2.4
      Jan 4, 2025 20:30:26.151365995 CET4973753192.168.2.41.1.1.1
      Jan 4, 2025 20:30:26.151897907 CET49738443192.168.2.4142.251.40.228
      Jan 4, 2025 20:30:26.151935101 CET44349738142.251.40.228192.168.2.4
      Jan 4, 2025 20:30:26.152000904 CET49738443192.168.2.4142.251.40.228
      Jan 4, 2025 20:30:26.152240992 CET49738443192.168.2.4142.251.40.228
      Jan 4, 2025 20:30:26.152251005 CET44349738142.251.40.228192.168.2.4
      Jan 4, 2025 20:30:26.156399012 CET53497371.1.1.1192.168.2.4
      Jan 4, 2025 20:30:26.156454086 CET4973753192.168.2.41.1.1.1
      Jan 4, 2025 20:30:26.614168882 CET44349738142.251.40.228192.168.2.4
      Jan 4, 2025 20:30:26.614470005 CET49738443192.168.2.4142.251.40.228
      Jan 4, 2025 20:30:26.614481926 CET44349738142.251.40.228192.168.2.4
      Jan 4, 2025 20:30:26.615348101 CET44349738142.251.40.228192.168.2.4
      Jan 4, 2025 20:30:26.615413904 CET49738443192.168.2.4142.251.40.228
      Jan 4, 2025 20:30:26.616566896 CET49738443192.168.2.4142.251.40.228
      Jan 4, 2025 20:30:26.616614103 CET44349738142.251.40.228192.168.2.4
      Jan 4, 2025 20:30:26.663693905 CET49738443192.168.2.4142.251.40.228
      Jan 4, 2025 20:30:26.663701057 CET44349738142.251.40.228192.168.2.4
      Jan 4, 2025 20:30:26.710669994 CET49738443192.168.2.4142.251.40.228
      Jan 4, 2025 20:30:36.527832985 CET44349738142.251.40.228192.168.2.4
      Jan 4, 2025 20:30:36.527885914 CET44349738142.251.40.228192.168.2.4
      Jan 4, 2025 20:30:36.528104067 CET49738443192.168.2.4142.251.40.228
      Jan 4, 2025 20:30:38.260297060 CET49738443192.168.2.4142.251.40.228
      Jan 4, 2025 20:30:38.260312080 CET44349738142.251.40.228192.168.2.4
      Jan 4, 2025 20:31:25.732224941 CET49791443192.168.2.4142.251.40.228
      Jan 4, 2025 20:31:25.732254028 CET44349791142.251.40.228192.168.2.4
      Jan 4, 2025 20:31:25.732328892 CET49791443192.168.2.4142.251.40.228
      Jan 4, 2025 20:31:25.732578993 CET49791443192.168.2.4142.251.40.228
      Jan 4, 2025 20:31:25.732593060 CET44349791142.251.40.228192.168.2.4
      Jan 4, 2025 20:31:26.189073086 CET44349791142.251.40.228192.168.2.4
      Jan 4, 2025 20:31:26.189368010 CET49791443192.168.2.4142.251.40.228
      Jan 4, 2025 20:31:26.189373970 CET44349791142.251.40.228192.168.2.4
      Jan 4, 2025 20:31:26.189641953 CET44349791142.251.40.228192.168.2.4
      Jan 4, 2025 20:31:26.189981937 CET49791443192.168.2.4142.251.40.228
      Jan 4, 2025 20:31:26.190032959 CET44349791142.251.40.228192.168.2.4
      Jan 4, 2025 20:31:26.230974913 CET49791443192.168.2.4142.251.40.228
      Jan 4, 2025 20:31:31.259232044 CET4972380192.168.2.4199.232.214.172
      Jan 4, 2025 20:31:31.259390116 CET4972480192.168.2.4199.232.214.172
      Jan 4, 2025 20:31:31.264215946 CET8049723199.232.214.172192.168.2.4
      Jan 4, 2025 20:31:31.264269114 CET4972380192.168.2.4199.232.214.172
      Jan 4, 2025 20:31:31.264597893 CET8049724199.232.214.172192.168.2.4
      Jan 4, 2025 20:31:31.264645100 CET4972480192.168.2.4199.232.214.172
      Jan 4, 2025 20:31:36.115005016 CET44349791142.251.40.228192.168.2.4
      Jan 4, 2025 20:31:36.115052938 CET44349791142.251.40.228192.168.2.4
      Jan 4, 2025 20:31:36.115101099 CET49791443192.168.2.4142.251.40.228
      Jan 4, 2025 20:31:36.263191938 CET49791443192.168.2.4142.251.40.228
      Jan 4, 2025 20:31:36.263206959 CET44349791142.251.40.228192.168.2.4
      TimestampSource PortDest PortSource IPDest IP
      Jan 4, 2025 20:30:21.792884111 CET53544071.1.1.1192.168.2.4
      Jan 4, 2025 20:30:21.852879047 CET53530941.1.1.1192.168.2.4
      Jan 4, 2025 20:30:22.871761084 CET53555861.1.1.1192.168.2.4
      Jan 4, 2025 20:30:25.679173946 CET6131153192.168.2.41.1.1.1
      Jan 4, 2025 20:30:25.679307938 CET5252253192.168.2.41.1.1.1
      Jan 4, 2025 20:30:25.685895920 CET53525221.1.1.1192.168.2.4
      Jan 4, 2025 20:30:25.685951948 CET53613111.1.1.1192.168.2.4
      Jan 4, 2025 20:30:26.887310028 CET5873653192.168.2.41.1.1.1
      Jan 4, 2025 20:30:26.889431000 CET6509553192.168.2.41.1.1.1
      Jan 4, 2025 20:30:39.795761108 CET53635981.1.1.1192.168.2.4
      Jan 4, 2025 20:30:42.852211952 CET138138192.168.2.4192.168.2.255
      Jan 4, 2025 20:30:56.874022961 CET53535761.1.1.1192.168.2.4
      Jan 4, 2025 20:30:58.608953953 CET53544651.1.1.1192.168.2.4
      Jan 4, 2025 20:31:21.542743921 CET53499141.1.1.1192.168.2.4
      Jan 4, 2025 20:31:21.670748949 CET53597261.1.1.1192.168.2.4
      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
      Jan 4, 2025 20:30:25.679173946 CET192.168.2.41.1.1.10xaca0Standard query (0)www.google.comA (IP address)IN (0x0001)false
      Jan 4, 2025 20:30:25.679307938 CET192.168.2.41.1.1.10xdf25Standard query (0)www.google.com65IN (0x0001)false
      Jan 4, 2025 20:30:26.887310028 CET192.168.2.41.1.1.10x9997Standard query (0)accounts.zalando.comA (IP address)IN (0x0001)false
      Jan 4, 2025 20:30:26.889431000 CET192.168.2.41.1.1.10x6447Standard query (0)accounts.zalando.com65IN (0x0001)false
      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
      Jan 4, 2025 20:30:25.685895920 CET1.1.1.1192.168.2.40xdf25No error (0)www.google.com65IN (0x0001)false
      Jan 4, 2025 20:30:26.150790930 CET1.1.1.1192.168.2.40x2dcNo error (0)www.google.com142.251.40.228A (IP address)IN (0x0001)false
      Jan 4, 2025 20:30:26.905112982 CET1.1.1.1192.168.2.40x6447No error (0)accounts.zalando.comaccounts.zalando.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
      Jan 4, 2025 20:30:26.912951946 CET1.1.1.1192.168.2.40x9997No error (0)accounts.zalando.comaccounts.zalando.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
      020406080s020406080100

      Click to jump to process

      020406080s0.0020406080100MB

      Click to jump to process

      Target ID:0
      Start time:14:30:17
      Start date:04/01/2025
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
      Imagebase:0x7ff76e190000
      File size:3'242'272 bytes
      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false

      Target ID:2
      Start time:14:30:20
      Start date:04/01/2025
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=2252,i,10253363445252155917,1710931806797776637,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Imagebase:0x7ff76e190000
      File size:3'242'272 bytes
      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false

      Target ID:3
      Start time:14:30:26
      Start date:04/01/2025
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://accounts.zalando.com/sso/authentications/passwordless/nk3wsbCeQIYu2yw7jVB9YabDiA0?redirect_uri=https://accounts.zalando.com/myaccount/sso-callback&client_id=account-management&response_type=code&scope=openid&request_id=9c57f577-96f4-4c36-93e2-3bdc3ca4b2a7&state=eyJvcmlnaW5hbF9yZXF1ZXN0X3VyaSI6Imh0dHBzOi8vYWNjb3VudHMuemFsYW5kby5jb20vbXlhY2NvdW50L3JlYWN0aXZhdGVkIn0%3D&preferredLanguage=de-DE"
      Imagebase:0x7ff76e190000
      File size:3'242'272 bytes
      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:true
      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

      No disassembly