Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://sin1.contabostorage.com

Overview

General Information

Sample URL:http://sin1.contabostorage.com
Analysis ID:1502251
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 4248 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 4960 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2020,i,11366153718238717683,4329258589701477035,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6508 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://sin1.contabostorage.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for domain / URL
Source: http://sin1.contabostorage.com/Virustotal: Detection: 8%Perma Link
Source: sin1.contabostorage.comVirustotal: Detection: 8%Perma Link
Multi AV Scanner detection for submitted file
Source: http://sin1.contabostorage.comVirustotal: Detection: 8%Perma Link
Source: https://sin1.contabostorage.com/HTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: sin1.contabostorage.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: sin1.contabostorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sin1.contabostorage.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: sin1.contabostorage.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: sin1.contabostorage.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: classification engineClassification label: mal56.win@17/0@6/4
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2020,i,11366153718238717683,4329258589701477035,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://sin1.contabostorage.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2020,i,11366153718238717683,4329258589701477035,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://sin1.contabostorage.com0%Avira URL Cloudsafe
http://sin1.contabostorage.com8%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
fp2e7a.wpc.phicdn.net0%VirustotalBrowse
sin1.contabostorage.com8%VirustotalBrowse
bg.microsoft.map.fastly.net0%VirustotalBrowse
www.google.com0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://sin1.contabostorage.com/favicon.ico0%Avira URL Cloudsafe
http://sin1.contabostorage.com/0%Avira URL Cloudsafe
http://sin1.contabostorage.com/8%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalseunknown
sin1.contabostorage.com
103.164.55.85
truefalseunknown
www.google.com
142.250.185.68
truefalseunknown
fp2e7a.wpc.phicdn.net
192.229.221.95
truefalseunknown

Contacted URLs

NameMaliciousAntivirus DetectionReputation
https://sin1.contabostorage.com/false
    		unknown
    http://sin1.contabostorage.com/true
    • 8%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://sin1.contabostorage.com/favicon.icofalse
    • Avira URL Cloud: safe
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    142.250.185.68
    		www.google.comUnited States
    		15169GOOGLEUSfalse
    239.255.255.250
    		unknownReserved
    		unknownunknownfalse
    103.164.55.85
    		sin1.contabostorage.comunknown
    		7575AARNET-AS-APAustralianAcademicandResearchNetworkAARNefalse

    Private

    IP
    192.168.2.4

    General Information

    Joe Sandbox version:40.0.0 Tourmaline
    Analysis ID:1502251
    Start date and time:2024-08-31 19:35:55 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 2m 58s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:browseurl.jbs
    Sample URL:http://sin1.contabostorage.com
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:8
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Detection:MAL
    Classification:mal56.win@17/0@6/4
    EGA Information:Failed
    HCA Information:
    • Successful, ratio: 100%
    • Number of executed functions: 0
    • Number of non-executed functions: 0

    Warnings

    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
    • Excluded IPs from analysis (whitelisted): 142.250.185.163, 142.250.186.78, 74.125.71.84, 34.104.35.123, 13.85.23.86, 199.232.214.172, 192.229.221.95, 20.242.39.171, 20.3.187.198, 13.95.31.18, 142.250.185.99
    • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
    • Not all processes where analyzed, report is missing behavior information
    • Report size getting too big, too many NtSetInformationFile calls found.

    Simulations

    Behavior and APIs

    No simulations

    LLM Input / Output

    InputOutput
    URL: https://sin1.contabostorage.com/ Model: jbxai
    {
"brand":["Unauthorized"],
"contains_trigger_text":false,
"prominent_button_name":"unknown",
"text_input_field_labels":["unknown"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    No context

    ASNs

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    No created / dropped files found

    Static File Info

    No static file info

    Network Behavior

    Network Port Distribution

    TCP Packets

    TimestampSource PortDest PortSource IPDest IP
    Aug 31, 2024 19:36:39.191890001 CEST49675443192.168.2.4173.222.162.32
    Aug 31, 2024 19:36:48.799609900 CEST49675443192.168.2.4173.222.162.32
    Aug 31, 2024 19:36:49.722317934 CEST4973780192.168.2.4103.164.55.85
    Aug 31, 2024 19:36:49.722771883 CEST4973880192.168.2.4103.164.55.85
    Aug 31, 2024 19:36:49.727144957 CEST8049737103.164.55.85192.168.2.4
    Aug 31, 2024 19:36:49.727329969 CEST4973780192.168.2.4103.164.55.85
    Aug 31, 2024 19:36:49.727380991 CEST4973780192.168.2.4103.164.55.85
    Aug 31, 2024 19:36:49.727525949 CEST8049738103.164.55.85192.168.2.4
    Aug 31, 2024 19:36:49.727574110 CEST4973880192.168.2.4103.164.55.85
    Aug 31, 2024 19:36:49.732628107 CEST8049737103.164.55.85192.168.2.4
    Aug 31, 2024 19:36:50.622204065 CEST8049737103.164.55.85192.168.2.4
    Aug 31, 2024 19:36:50.634851933 CEST49741443192.168.2.4103.164.55.85
    Aug 31, 2024 19:36:50.634870052 CEST44349741103.164.55.85192.168.2.4
    Aug 31, 2024 19:36:50.635035992 CEST49741443192.168.2.4103.164.55.85
    Aug 31, 2024 19:36:50.635273933 CEST49741443192.168.2.4103.164.55.85
    Aug 31, 2024 19:36:50.635287046 CEST44349741103.164.55.85192.168.2.4
    Aug 31, 2024 19:36:50.664017916 CEST4973780192.168.2.4103.164.55.85
    Aug 31, 2024 19:36:51.548697948 CEST44349741103.164.55.85192.168.2.4
    Aug 31, 2024 19:36:51.550030947 CEST49741443192.168.2.4103.164.55.85
    Aug 31, 2024 19:36:51.550049067 CEST44349741103.164.55.85192.168.2.4
    Aug 31, 2024 19:36:51.551013947 CEST44349741103.164.55.85192.168.2.4
    Aug 31, 2024 19:36:51.551074028 CEST49741443192.168.2.4103.164.55.85
    Aug 31, 2024 19:36:51.555802107 CEST49741443192.168.2.4103.164.55.85
    Aug 31, 2024 19:36:51.555866957 CEST44349741103.164.55.85192.168.2.4
    Aug 31, 2024 19:36:51.556334019 CEST49741443192.168.2.4103.164.55.85
    Aug 31, 2024 19:36:51.556340933 CEST44349741103.164.55.85192.168.2.4
    Aug 31, 2024 19:36:51.596529961 CEST49741443192.168.2.4103.164.55.85
    Aug 31, 2024 19:36:52.098304033 CEST44349741103.164.55.85192.168.2.4
    Aug 31, 2024 19:36:52.098380089 CEST44349741103.164.55.85192.168.2.4
    Aug 31, 2024 19:36:52.098431110 CEST49741443192.168.2.4103.164.55.85
    Aug 31, 2024 19:36:52.135405064 CEST49741443192.168.2.4103.164.55.85
    Aug 31, 2024 19:36:52.135422945 CEST44349741103.164.55.85192.168.2.4
    Aug 31, 2024 19:36:52.229715109 CEST49742443192.168.2.4142.250.185.68
    Aug 31, 2024 19:36:52.229767084 CEST44349742142.250.185.68192.168.2.4
    Aug 31, 2024 19:36:52.229819059 CEST49742443192.168.2.4142.250.185.68
    Aug 31, 2024 19:36:52.230204105 CEST49742443192.168.2.4142.250.185.68
    Aug 31, 2024 19:36:52.230217934 CEST44349742142.250.185.68192.168.2.4
    Aug 31, 2024 19:36:52.351747990 CEST49743443192.168.2.4103.164.55.85
    Aug 31, 2024 19:36:52.351780891 CEST44349743103.164.55.85192.168.2.4
    Aug 31, 2024 19:36:52.351931095 CEST49743443192.168.2.4103.164.55.85
    Aug 31, 2024 19:36:52.352457047 CEST49743443192.168.2.4103.164.55.85
    Aug 31, 2024 19:36:52.352468014 CEST44349743103.164.55.85192.168.2.4
    Aug 31, 2024 19:36:52.764231920 CEST49744443192.168.2.4184.28.90.27
    Aug 31, 2024 19:36:52.764246941 CEST44349744184.28.90.27192.168.2.4
    Aug 31, 2024 19:36:52.764421940 CEST49744443192.168.2.4184.28.90.27
    Aug 31, 2024 19:36:52.767007113 CEST49744443192.168.2.4184.28.90.27
    Aug 31, 2024 19:36:52.767015934 CEST44349744184.28.90.27192.168.2.4
    Aug 31, 2024 19:36:53.171139002 CEST44349742142.250.185.68192.168.2.4
    Aug 31, 2024 19:36:53.171433926 CEST49742443192.168.2.4142.250.185.68
    Aug 31, 2024 19:36:53.171457052 CEST44349742142.250.185.68192.168.2.4
    Aug 31, 2024 19:36:53.172502995 CEST44349742142.250.185.68192.168.2.4
    Aug 31, 2024 19:36:53.172580004 CEST49742443192.168.2.4142.250.185.68
    Aug 31, 2024 19:36:53.273107052 CEST44349743103.164.55.85192.168.2.4
    Aug 31, 2024 19:36:53.273401976 CEST49743443192.168.2.4103.164.55.85
    Aug 31, 2024 19:36:53.273415089 CEST44349743103.164.55.85192.168.2.4
    Aug 31, 2024 19:36:53.274106026 CEST44349743103.164.55.85192.168.2.4
    Aug 31, 2024 19:36:53.274744034 CEST49743443192.168.2.4103.164.55.85
    Aug 31, 2024 19:36:53.274816036 CEST44349743103.164.55.85192.168.2.4
    Aug 31, 2024 19:36:53.274884939 CEST49743443192.168.2.4103.164.55.85
    Aug 31, 2024 19:36:53.316040993 CEST49743443192.168.2.4103.164.55.85
    Aug 31, 2024 19:36:53.316049099 CEST44349743103.164.55.85192.168.2.4
    Aug 31, 2024 19:36:53.432676077 CEST44349744184.28.90.27192.168.2.4
    Aug 31, 2024 19:36:53.432742119 CEST49744443192.168.2.4184.28.90.27
    Aug 31, 2024 19:36:53.434959888 CEST49744443192.168.2.4184.28.90.27
    Aug 31, 2024 19:36:53.434964895 CEST44349744184.28.90.27192.168.2.4
    Aug 31, 2024 19:36:53.435167074 CEST44349744184.28.90.27192.168.2.4
    Aug 31, 2024 19:36:53.471612930 CEST49744443192.168.2.4184.28.90.27
    Aug 31, 2024 19:36:53.516505003 CEST44349744184.28.90.27192.168.2.4
    Aug 31, 2024 19:36:53.597127914 CEST49742443192.168.2.4142.250.185.68
    Aug 31, 2024 19:36:53.597341061 CEST44349742142.250.185.68192.168.2.4
    Aug 31, 2024 19:36:53.644148111 CEST49742443192.168.2.4142.250.185.68
    Aug 31, 2024 19:36:53.644161940 CEST44349742142.250.185.68192.168.2.4
    Aug 31, 2024 19:36:53.691045046 CEST49742443192.168.2.4142.250.185.68
    Aug 31, 2024 19:36:53.709687948 CEST44349744184.28.90.27192.168.2.4
    Aug 31, 2024 19:36:53.709727049 CEST44349744184.28.90.27192.168.2.4
    Aug 31, 2024 19:36:53.709772110 CEST49744443192.168.2.4184.28.90.27
    Aug 31, 2024 19:36:53.831172943 CEST44349743103.164.55.85192.168.2.4
    Aug 31, 2024 19:36:53.831249952 CEST44349743103.164.55.85192.168.2.4
    Aug 31, 2024 19:36:53.831291914 CEST49743443192.168.2.4103.164.55.85
    Aug 31, 2024 19:36:53.858851910 CEST49743443192.168.2.4103.164.55.85
    Aug 31, 2024 19:36:53.858861923 CEST44349743103.164.55.85192.168.2.4
    Aug 31, 2024 19:36:54.053441048 CEST49744443192.168.2.4184.28.90.27
    Aug 31, 2024 19:36:54.053450108 CEST44349744184.28.90.27192.168.2.4
    Aug 31, 2024 19:36:54.053484917 CEST49744443192.168.2.4184.28.90.27
    Aug 31, 2024 19:36:54.053488970 CEST44349744184.28.90.27192.168.2.4
    Aug 31, 2024 19:36:54.213613033 CEST49745443192.168.2.4184.28.90.27
    Aug 31, 2024 19:36:54.213630915 CEST44349745184.28.90.27192.168.2.4
    Aug 31, 2024 19:36:54.213695049 CEST49745443192.168.2.4184.28.90.27
    Aug 31, 2024 19:36:54.215204000 CEST49745443192.168.2.4184.28.90.27
    Aug 31, 2024 19:36:54.215213060 CEST44349745184.28.90.27192.168.2.4
    Aug 31, 2024 19:36:54.885360956 CEST44349745184.28.90.27192.168.2.4
    Aug 31, 2024 19:36:54.885430098 CEST49745443192.168.2.4184.28.90.27
    Aug 31, 2024 19:36:54.886900902 CEST49745443192.168.2.4184.28.90.27
    Aug 31, 2024 19:36:54.886909008 CEST44349745184.28.90.27192.168.2.4
    Aug 31, 2024 19:36:54.887132883 CEST44349745184.28.90.27192.168.2.4
    Aug 31, 2024 19:36:54.888830900 CEST49745443192.168.2.4184.28.90.27
    Aug 31, 2024 19:36:54.936511040 CEST44349745184.28.90.27192.168.2.4
    Aug 31, 2024 19:36:55.166532993 CEST44349745184.28.90.27192.168.2.4
    Aug 31, 2024 19:36:55.166594982 CEST44349745184.28.90.27192.168.2.4
    Aug 31, 2024 19:36:55.166651964 CEST49745443192.168.2.4184.28.90.27
    Aug 31, 2024 19:36:55.167325020 CEST49745443192.168.2.4184.28.90.27
    Aug 31, 2024 19:36:55.167335033 CEST44349745184.28.90.27192.168.2.4
    Aug 31, 2024 19:36:55.167362928 CEST49745443192.168.2.4184.28.90.27
    Aug 31, 2024 19:36:55.167367935 CEST44349745184.28.90.27192.168.2.4
    Aug 31, 2024 19:37:02.772037029 CEST44349742142.250.185.68192.168.2.4
    Aug 31, 2024 19:37:02.772103071 CEST44349742142.250.185.68192.168.2.4
    Aug 31, 2024 19:37:02.772175074 CEST49742443192.168.2.4142.250.185.68
    Aug 31, 2024 19:37:04.021781921 CEST49742443192.168.2.4142.250.185.68
    Aug 31, 2024 19:37:04.021815062 CEST44349742142.250.185.68192.168.2.4
    Aug 31, 2024 19:37:10.555991888 CEST8049738103.164.55.85192.168.2.4
    Aug 31, 2024 19:37:10.556173086 CEST8049738103.164.55.85192.168.2.4
    Aug 31, 2024 19:37:10.556231022 CEST4973880192.168.2.4103.164.55.85
    Aug 31, 2024 19:37:20.624944925 CEST8049737103.164.55.85192.168.2.4
    Aug 31, 2024 19:37:20.625001907 CEST4973780192.168.2.4103.164.55.85
    Aug 31, 2024 19:37:22.021475077 CEST4973780192.168.2.4103.164.55.85
    Aug 31, 2024 19:37:22.081439972 CEST8049737103.164.55.85192.168.2.4
    Aug 31, 2024 19:37:50.025155067 CEST4973880192.168.2.4103.164.55.85
    Aug 31, 2024 19:37:50.025156021 CEST4973880192.168.2.4103.164.55.85
    Aug 31, 2024 19:37:50.030137062 CEST8049738103.164.55.85192.168.2.4
    Aug 31, 2024 19:37:50.030389071 CEST4973880192.168.2.4103.164.55.85
    Aug 31, 2024 19:37:52.465676069 CEST49754443192.168.2.4142.250.185.68
    Aug 31, 2024 19:37:52.465718985 CEST44349754142.250.185.68192.168.2.4
    Aug 31, 2024 19:37:52.469840050 CEST49754443192.168.2.4142.250.185.68
    Aug 31, 2024 19:37:52.470375061 CEST49754443192.168.2.4142.250.185.68
    Aug 31, 2024 19:37:52.470396042 CEST44349754142.250.185.68192.168.2.4
    Aug 31, 2024 19:37:53.101375103 CEST44349754142.250.185.68192.168.2.4
    Aug 31, 2024 19:37:53.120565891 CEST49754443192.168.2.4142.250.185.68
    Aug 31, 2024 19:37:53.120578051 CEST44349754142.250.185.68192.168.2.4
    Aug 31, 2024 19:37:53.120963097 CEST44349754142.250.185.68192.168.2.4
    Aug 31, 2024 19:37:53.121603966 CEST49754443192.168.2.4142.250.185.68
    Aug 31, 2024 19:37:53.121663094 CEST44349754142.250.185.68192.168.2.4
    Aug 31, 2024 19:37:53.175394058 CEST49754443192.168.2.4142.250.185.68
    Aug 31, 2024 19:38:03.012027979 CEST44349754142.250.185.68192.168.2.4
    Aug 31, 2024 19:38:03.012118101 CEST44349754142.250.185.68192.168.2.4
    Aug 31, 2024 19:38:03.012367964 CEST49754443192.168.2.4142.250.185.68
    Aug 31, 2024 19:38:04.020919085 CEST49754443192.168.2.4142.250.185.68
    Aug 31, 2024 19:38:04.020936012 CEST44349754142.250.185.68192.168.2.4

    UDP Packets

    TimestampSource PortDest PortSource IPDest IP
    Aug 31, 2024 19:36:47.485096931 CEST53497561.1.1.1192.168.2.4
    Aug 31, 2024 19:36:47.566432953 CEST53639521.1.1.1192.168.2.4
    Aug 31, 2024 19:36:48.803841114 CEST53581711.1.1.1192.168.2.4
    Aug 31, 2024 19:36:49.713010073 CEST5880453192.168.2.41.1.1.1
    Aug 31, 2024 19:36:49.713144064 CEST5829553192.168.2.41.1.1.1
    Aug 31, 2024 19:36:49.721151114 CEST53582951.1.1.1192.168.2.4
    Aug 31, 2024 19:36:49.721673965 CEST53588041.1.1.1192.168.2.4
    Aug 31, 2024 19:36:50.625130892 CEST6502353192.168.2.41.1.1.1
    Aug 31, 2024 19:36:50.625375032 CEST5000953192.168.2.41.1.1.1
    Aug 31, 2024 19:36:50.633627892 CEST53650231.1.1.1192.168.2.4
    Aug 31, 2024 19:36:50.634535074 CEST53500091.1.1.1192.168.2.4
    Aug 31, 2024 19:36:52.185580969 CEST5722853192.168.2.41.1.1.1
    Aug 31, 2024 19:36:52.185949087 CEST6302053192.168.2.41.1.1.1
    Aug 31, 2024 19:36:52.192454100 CEST53630201.1.1.1192.168.2.4
    Aug 31, 2024 19:36:52.192975998 CEST53572281.1.1.1192.168.2.4
    Aug 31, 2024 19:37:06.104846001 CEST53595921.1.1.1192.168.2.4
    Aug 31, 2024 19:37:08.164817095 CEST138138192.168.2.4192.168.2.255
    Aug 31, 2024 19:37:24.990784883 CEST53535491.1.1.1192.168.2.4
    Aug 31, 2024 19:37:47.413445950 CEST53496531.1.1.1192.168.2.4
    Aug 31, 2024 19:37:47.677196026 CEST53498931.1.1.1192.168.2.4

    DNS Queries

    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
    Aug 31, 2024 19:36:49.713010073 CEST192.168.2.41.1.1.10x5038Standard query (0)sin1.contabostorage.comA (IP address)IN (0x0001)false
    Aug 31, 2024 19:36:49.713144064 CEST192.168.2.41.1.1.10xf209Standard query (0)sin1.contabostorage.com65IN (0x0001)false
    Aug 31, 2024 19:36:50.625130892 CEST192.168.2.41.1.1.10xc337Standard query (0)sin1.contabostorage.comA (IP address)IN (0x0001)false
    Aug 31, 2024 19:36:50.625375032 CEST192.168.2.41.1.1.10x84dcStandard query (0)sin1.contabostorage.com65IN (0x0001)false
    Aug 31, 2024 19:36:52.185580969 CEST192.168.2.41.1.1.10x24bbStandard query (0)www.google.comA (IP address)IN (0x0001)false
    Aug 31, 2024 19:36:52.185949087 CEST192.168.2.41.1.1.10xe84bStandard query (0)www.google.com65IN (0x0001)false

    DNS Answers

    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
    Aug 31, 2024 19:36:49.721673965 CEST1.1.1.1192.168.2.40x5038No error (0)sin1.contabostorage.com103.164.55.85A (IP address)IN (0x0001)false
    Aug 31, 2024 19:36:49.721673965 CEST1.1.1.1192.168.2.40x5038No error (0)sin1.contabostorage.com103.164.55.84A (IP address)IN (0x0001)false
    Aug 31, 2024 19:36:50.633627892 CEST1.1.1.1192.168.2.40xc337No error (0)sin1.contabostorage.com103.164.55.85A (IP address)IN (0x0001)false
    Aug 31, 2024 19:36:50.633627892 CEST1.1.1.1192.168.2.40xc337No error (0)sin1.contabostorage.com103.164.55.84A (IP address)IN (0x0001)false
    Aug 31, 2024 19:36:52.192454100 CEST1.1.1.1192.168.2.40xe84bNo error (0)www.google.com65IN (0x0001)false
    Aug 31, 2024 19:36:52.192975998 CEST1.1.1.1192.168.2.40x24bbNo error (0)www.google.com142.250.185.68A (IP address)IN (0x0001)false
    Aug 31, 2024 19:37:02.033488035 CEST1.1.1.1192.168.2.40x2915No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
    Aug 31, 2024 19:37:02.033488035 CEST1.1.1.1192.168.2.40x2915No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
    Aug 31, 2024 19:37:02.620239019 CEST1.1.1.1192.168.2.40x6731No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
    Aug 31, 2024 19:37:02.620239019 CEST1.1.1.1192.168.2.40x6731No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
    Aug 31, 2024 19:37:15.691701889 CEST1.1.1.1192.168.2.40x606fNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
    Aug 31, 2024 19:37:15.691701889 CEST1.1.1.1192.168.2.40x606fNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
    Aug 31, 2024 19:37:40.089874029 CEST1.1.1.1192.168.2.40x9935No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
    Aug 31, 2024 19:37:40.089874029 CEST1.1.1.1192.168.2.40x9935No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
    Aug 31, 2024 19:38:00.401273966 CEST1.1.1.1192.168.2.40x8b8fNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
    Aug 31, 2024 19:38:00.401273966 CEST1.1.1.1192.168.2.40x8b8fNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false

    HTTP Request Dependency Graph

    • sin1.contabostorage.com
    • https:
    • fs.microsoft.com

    HTTP Packets

    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    0192.168.2.449737103.164.55.85804960C:\Program Files\Google\Chrome\Application\chrome.exe
    TimestampBytes transferredDirectionData
    Aug 31, 2024 19:36:49.727380991 CEST438OUTGET / HTTP/1.1
    Host: sin1.contabostorage.com
    Connection: keep-alive
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US,en;q=0.9
    Aug 31, 2024 19:36:50.622204065 CEST110INHTTP/1.1 302 Found
    content-length: 0
    location: https://sin1.contabostorage.com/
    cache-control: no-cache


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    1192.168.2.449738103.164.55.85804960C:\Program Files\Google\Chrome\Application\chrome.exe
    TimestampBytes transferredDirectionData
    Aug 31, 2024 19:37:10.555991888 CEST194INHTTP/1.0 408 Request Time-out
    cache-control: no-cache
    content-type: text/html
    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 38 20 52 65 71 75 65 73 74 20 54 69 6d 65 2d 6f 75 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 64 69 64 6e 27 74 20 73 65 6e 64 20 61 20 63 6f 6d 70 6c 65 74 65 20 72 65 71 75 65 73 74 20 69 6e 20 74 69 6d 65 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0a
    Data Ascii: <html><body><h1>408 Request Time-out</h1>Your browser didn't send a complete request in time.</body></html>


    HTTPS Proxied Packets

    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    0192.168.2.449741103.164.55.854434960C:\Program Files\Google\Chrome\Application\chrome.exe
    TimestampBytes transferredDirectionData
    2024-08-31 17:36:51 UTC666OUTGET / HTTP/1.1
    Host: sin1.contabostorage.com
    Connection: keep-alive
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
    Sec-Fetch-Site: none
    Sec-Fetch-Mode: navigate
    Sec-Fetch-User: ?1
    Sec-Fetch-Dest: document
    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
    sec-ch-ua-mobile: ?0
    sec-ch-ua-platform: "Windows"
    Accept-Encoding: gzip, deflate, br
    Accept-Language: en-US,en;q=0.9
    2024-08-31 17:36:52 UTC294INHTTP/1.1 401 Unauthorized
    date: Sat, 31 Aug 2024 17:36:51 GMT
    content-type: application/json; charset=utf-8
    www-authenticate: Key realm="kong"
    content-length: 26
    access-control-allow-origin: *
    strict-transport-security: max-age=16000000; includeSubDomains; preload;
    connection: close
    2024-08-31 17:36:52 UTC26INData Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 22 55 6e 61 75 74 68 6f 72 69 7a 65 64 22 7d
    Data Ascii: {"message":"Unauthorized"}


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    1192.168.2.449743103.164.55.854434960C:\Program Files\Google\Chrome\Application\chrome.exe
    TimestampBytes transferredDirectionData
    2024-08-31 17:36:53 UTC602OUTGET /favicon.ico HTTP/1.1
    Host: sin1.contabostorage.com
    Connection: keep-alive
    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
    sec-ch-ua-mobile: ?0
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
    sec-ch-ua-platform: "Windows"
    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
    Sec-Fetch-Site: same-origin
    Sec-Fetch-Mode: no-cors
    Sec-Fetch-Dest: image
    Referer: https://sin1.contabostorage.com/
    Accept-Encoding: gzip, deflate, br
    Accept-Language: en-US,en;q=0.9
    2024-08-31 17:36:53 UTC258INHTTP/1.1 401 Unauthorized
    date: Sat, 31 Aug 2024 17:36:53 GMT
    content-type: application/json; charset=utf-8
    content-length: 26
    access-control-allow-origin: *
    strict-transport-security: max-age=16000000; includeSubDomains; preload;
    connection: close
    2024-08-31 17:36:53 UTC26INData Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 22 55 6e 61 75 74 68 6f 72 69 7a 65 64 22 7d
    Data Ascii: {"message":"Unauthorized"}


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    2192.168.2.449744184.28.90.27443
    TimestampBytes transferredDirectionData
    2024-08-31 17:36:53 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    Accept-Encoding: identity
    User-Agent: Microsoft BITS/7.8
    Host: fs.microsoft.com
    2024-08-31 17:36:53 UTC467INHTTP/1.1 200 OK
    Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
    Content-Type: application/octet-stream
    ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
    Last-Modified: Tue, 16 May 2017 22:58:00 GMT
    Server: ECAcc (lpl/EF70)
    X-CID: 11
    X-Ms-ApiVersion: Distribute 1.2
    X-Ms-Region: prod-neu-z1
    Cache-Control: public, max-age=256127
    Date: Sat, 31 Aug 2024 17:36:53 GMT
    Connection: close
    X-CID: 2


    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    3192.168.2.449745184.28.90.27443
    TimestampBytes transferredDirectionData
    2024-08-31 17:36:54 UTC239OUTGET /fs/windows/config.json HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    Accept-Encoding: identity
    If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
    Range: bytes=0-2147483646
    User-Agent: Microsoft BITS/7.8
    Host: fs.microsoft.com
    2024-08-31 17:36:55 UTC515INHTTP/1.1 200 OK
    ApiVersion: Distribute 1.1
    Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
    Content-Type: application/octet-stream
    ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
    Last-Modified: Tue, 16 May 2017 22:58:00 GMT
    Server: ECAcc (lpl/EF06)
    X-CID: 11
    X-Ms-ApiVersion: Distribute 1.2
    X-Ms-Region: prod-weu-z1
    Cache-Control: public, max-age=256125
    Date: Sat, 31 Aug 2024 17:36:55 GMT
    Content-Length: 55
    Connection: close
    X-CID: 2
    2024-08-31 17:36:55 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
    Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


    Statistics

    CPU Usage

    Click to jump to process

    Memory Usage

    Click to jump to process

    Behavior

    Click to jump to process

    System Behavior

    General

    Target ID:0
    Start time:13:36:43
    Start date:31/08/2024
    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
    Imagebase:0x7ff76e190000
    File size:3'242'272 bytes
    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:false

    General

    Target ID:2
    Start time:13:36:46
    Start date:31/08/2024
    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2020,i,11366153718238717683,4329258589701477035,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Imagebase:0x7ff76e190000
    File size:3'242'272 bytes
    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:false

    General

    Target ID:3
    Start time:13:36:48
    Start date:31/08/2024
    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://sin1.contabostorage.com"
    Imagebase:0x7ff76e190000
    File size:3'242'272 bytes
    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:true

    Disassembly

    No disassembly